SlideShare una empresa de Scribd logo

Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011)

Internet Society
Internet Society

In a response to Bill St. Arnaud's "Dead Men Walking" presentation at the Internet Society's ION Conference in Toronto on November 14, 2011, Jacques Latour, Director of Information Technology, Canadian Internet Registration Authority (CIRA), laid out why he believes there is much promise ahead for both IPv6 and DNSSEC and explained the work they have done at CIRA, their IPv6 adoption strategy, architecture guidelines and more. A video recording of the session will be available for viewing. Details will be posted at http://www.isoc.org/do/blog/ when the video is available. More information about the global series of ION conferences can be found at http://www.isoc.org/ion/

Tecnología
1 de 11
Descargar para leer sin conexión
Good  Men  Rising:   IPv6  &  DNSSEC     Canadian  Internet  Registra:on  Authority  (CIRA)   Jacques  Latour     ION  -­‐  Toronto     November  14,  2011    
About  CIRA   1.  Operate  the  .CA  Registry   §  Registrant  ßà  Registrar  ßà  Registry  à  .CA  DNS   2.  Operate  the  .CA  Top  Level  Domain   §  Root  “.”  ßà  “.CA”  ßà  2nd  Level  .CA  domains   §  Internet  Users  ßà  ISP  ßà  “.CA”   3.  Do  good  things  for  the  Canadian  Internet   §  Promote  digital  literacy,  Canadian  Internet  Forum   §  Promote  IPv6,  DNSSEC,  NTP  and  Canadian  IXPs   2   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
IPv6  Adop8on  Strategy   •  IPv6  Discovery  &  Research   •  Perform  an  IPv6  Readiness  Assessment   •  Define  IPv6  Objec:ves  (can’t  do  everything)   •  Develop  a  Project  Plan   •  Develop  a  detailed  IPv6  Architecture  &  Design   •  Development,  tes:ng  and  pilot  mode   •  Implement  in  produc:on   •  Monitor   Not  a  migra8on,  not  a  transi8on,  coexistence!   3   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
IPv6  Objec8ve  -­‐  WEB  Content   •  Not  everything  needs  to  be  IPv6  on  day  1   –  World  IPv6  Day,  June  8,  2011   •  Internet  Perimeter  &  DMZ  (www.cira.ca)   •  IT  Organiza:on   IPv6 Glue Records CIRA Secondary Registry •  Permanent   DNS Servers Primary IPv6 •  Presence   WWW IPv4 a.ca-servers.ca •  Support   c.ca-servers.ca Internet …. (j & sns-pb) m.ca-servers.ca Registry Try www.cira.ca on IPv6 Backup Or http://[2001:500:80:2::12]/ z.ca-servers.ca IT Corporate Operations Network 4   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
IPv6  Architecture  Guidelines   “Rules  of  engagement”   •  Keep  IPv4  as-­‐is   •  Dual  Stack   –  All  systems  par:cipa:ng  in  the  IPv6  implementa:on  must  support  a   concurrent  IPv4  and  IPv6  stack   •  No  IPv6  Tunnelling   –  Usage  of  IPv6  tunnelling  mechanisms  such  as  ISATAP,  Teredo,  6to4,   6rd  are  disabled  and  not  permibed   •  Na8ve  IPv6  Transit   –  IPv6  transit  must  support  IPv6  na:vely  without  the  use  of  tunnelling   •  No  Network  Address  Transla8on  (NAT)   –  NAT66,  NAT64  &  NAT46  technologies  not  permibed   Security  Policy  Template  available  at  www.cira.ca/knowledge-­‐centre/ipv6     5   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
IPv6  Benefits   •  It  works!   •  Some  say  it’s  old   •  I  say  it’s  new   •  Let’s  make  it  work  in  Canada!   •  Enabler  for  future  growth   •  We  have  to  think  globally   6   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
DNSSEC     •  Developed  by  propeller  heads  J   7   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
DNS  à  Safe  &  Trusted   •  Security  extensions  on  top  of  DNS  to  provide   authen:ca:on  of  DNS  data   8   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
A  PlaVorm  for  Innova8on   •  DANE  (DNS-­‐based  Authen:ca:on  of  Named  En::es)   •  Applica:on  can  use  DNSSEC  for  enhanced  security   •  A  ‘new’  technology  to  be  leveraged   9   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
CIRA  –  DNSSEC  Status   •  CIRA  ac:vely  working  on  signing  the  .CA  zone   10   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
Thank  you!   hbp://ca.movember.com/mospace/2531386   11   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  

Recomendados

Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleGoogle and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
IPv6no
 
Sipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slidesSipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slides
Olle E Johansson
 
APNIC Update
APNIC Update APNIC Update
APNIC Update
APNIC
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
Swiss IPv6 Council
 
Sip & IPv6 - time for action!
Sip & IPv6 - time for action!Sip & IPv6 - time for action!
Sip & IPv6 - time for action!
Olle E Johansson
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
Christian Elsen
 
Router configuration
Router configurationRouter configuration
Router configuration
97148881557
 
Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 Migration
Swiss IPv6 Council
 

Recomendados

Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleGoogle and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
IPv6no
 
Sipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slidesSipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slides
Olle E Johansson
 
APNIC Update
APNIC Update APNIC Update
APNIC Update
APNIC
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
Swiss IPv6 Council
 
Sip & IPv6 - time for action!
Sip & IPv6 - time for action!Sip & IPv6 - time for action!
Sip & IPv6 - time for action!
Olle E Johansson
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
Christian Elsen
 
Router configuration
Router configurationRouter configuration
Router configuration
97148881557
 
Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 Migration
Swiss IPv6 Council
 
ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check ToolION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
Deploy360 Programme (Internet Society)
 
DNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy Sales Brochure
DNS Made Easy Sales Brochure
DNS Made Easy
 
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoIPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live Demo
Digicomp Academy AG
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6no
 
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid ItION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
Deploy360 Programme (Internet Society)
 
Dnssec
DnssecDnssec
Dnssec
guest3131f85
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
Skeeve Stevens
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
Zivaro Inc
 
ASHISH SENGAR.doc
ASHISH SENGAR.docASHISH SENGAR.doc
ASHISH SENGAR.doc
Ashish Sengar
 
Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer App
Oliver Müller
 
GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback AppliancesGigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
Grant Swanson
 
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for AlfrescoAlfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Toni de la Fuente
 
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
APNIC
 
Benefits of Hosting a DNS Root Server
Benefits of Hosting a DNS Root ServerBenefits of Hosting a DNS Root Server
Benefits of Hosting a DNS Root Server
RIPE NCC
 
Current Policy Topics
Current Policy TopicsCurrent Policy Topics
Current Policy Topics
RIPE Meetings
 
Day 20.i pv6 lab
Day 20.i pv6 labDay 20.i pv6 lab
Day 20.i pv6 lab
CYBERINTELLIGENTS
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)
Hari
 
Peering Day 2013
Peering Day 2013Peering Day 2013
Peering Day 2013
RIPE NCC
 
Cybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICCybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNIC
APNIC
 
A Guide to Peering on the Internet
A Guide to Peering on the InternetA Guide to Peering on the Internet
A Guide to Peering on the Internet
Richard Steenbergen
 
The RIPE Community and Ethical Considerations
The RIPE Community and Ethical ConsiderationsThe RIPE Community and Ethical Considerations
The RIPE Community and Ethical Considerations
RIPE NCC
 
Internet peering, with annotations
Internet peering, with annotationsInternet peering, with annotations
Internet peering, with annotations
Brough Turner
 

Más contenido relacionado

La actualidad más candente

GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback AppliancesGigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
Grant Swanson
 

La actualidad más candente (17)

ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check ToolION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
 
DNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy Sales Brochure
DNS Made Easy Sales Brochure
 
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoIPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live Demo
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
 
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid ItION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
 
Dnssec
DnssecDnssec
Dnssec
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
ASHISH SENGAR.doc
ASHISH SENGAR.docASHISH SENGAR.doc
ASHISH SENGAR.doc
 
Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer App
 
GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback AppliancesGigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
 
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for AlfrescoAlfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
 
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
 
Benefits of Hosting a DNS Root Server
Benefits of Hosting a DNS Root ServerBenefits of Hosting a DNS Root Server
Benefits of Hosting a DNS Root Server
 
Current Policy Topics
Current Policy TopicsCurrent Policy Topics
Current Policy Topics
 
Day 20.i pv6 lab
Day 20.i pv6 labDay 20.i pv6 lab
Day 20.i pv6 lab
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)
 

Destacado

Peering 101 and the peering simulation game
Peering 101 and the peering simulation gamePeering 101 and the peering simulation game
Peering 101 and the peering simulation game
Internet Society
 

Destacado (8)

Peering Day 2013
Peering Day 2013Peering Day 2013
Peering Day 2013
 
Cybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICCybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNIC
 
A Guide to Peering on the Internet
A Guide to Peering on the InternetA Guide to Peering on the Internet
A Guide to Peering on the Internet
 
The RIPE Community and Ethical Considerations
The RIPE Community and Ethical ConsiderationsThe RIPE Community and Ethical Considerations
The RIPE Community and Ethical Considerations
 
Internet peering, with annotations
Internet peering, with annotationsInternet peering, with annotations
Internet peering, with annotations
 
Peering 101 and the peering simulation game
Peering 101 and the peering simulation gamePeering 101 and the peering simulation game
Peering 101 and the peering simulation game
 
Peering and Transit Tutorials: PeeringDB
Peering and Transit Tutorials: PeeringDBPeering and Transit Tutorials: PeeringDB
Peering and Transit Tutorials: PeeringDB
 
Importance of ip peering
Importance of ip peeringImportance of ip peering
Importance of ip peering
 

Similar a Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011)

2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition
Johnson Liu
 
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat642009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
yacc2000
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
Rochester Security Summit
 
IPv6 対応アプリケーション開発なんて怖くない
IPv6 対応アプリケーション開発なんて怖くないIPv6 対応アプリケーション開発なんて怖くない
IPv6 対応アプリケーション開発なんて怖くない
Koichi Taniguchi
 
Embracing Open Source: Practice and Experience from Alibaba
Embracing Open Source: Practice and Experience from AlibabaEmbracing Open Source: Practice and Experience from Alibaba
Embracing Open Source: Practice and Experience from Alibaba
Wensong Zhang
 
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011
IPv6no
 

Similar a Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011) (20)

CDN and ISP Operation
CDN and ISP OperationCDN and ISP Operation
CDN and ISP Operation
 
Content over IPv6: no excuses
Content over IPv6: no excusesContent over IPv6: no excuses
Content over IPv6: no excuses
 
2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition
 
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproNorway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
 
Presd1 09
Presd1 09Presd1 09
Presd1 09
 
Micheal O'Foghlu - TSSG
Micheal O'Foghlu - TSSGMicheal O'Foghlu - TSSG
Micheal O'Foghlu - TSSG
 
John Curran - Moving to IPv6
John Curran - Moving to IPv6John Curran - Moving to IPv6
John Curran - Moving to IPv6
 
Getting The World IPv6 Enabled
Getting The World IPv6 EnabledGetting The World IPv6 Enabled
Getting The World IPv6 Enabled
 
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
 
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat642009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
IPv6 対応アプリケーション開発なんて怖くない
IPv6 対応アプリケーション開発なんて怖くないIPv6 対応アプリケーション開発なんて怖くない
IPv6 対応アプリケーション開発なんて怖くない
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities Report
 
Introduction to Kafka
Introduction to KafkaIntroduction to Kafka
Introduction to Kafka
 
Ventajas de IPv6
Ventajas de IPv6Ventajas de IPv6
Ventajas de IPv6
 
Embracing Open Source: Practice and Experience from Alibaba
Embracing Open Source: Practice and Experience from AlibabaEmbracing Open Source: Practice and Experience from Alibaba
Embracing Open Source: Practice and Experience from Alibaba
 
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011
 
IPv6 Deployment: Why and Why not?
IPv6 Deployment: Why and Why not?IPv6 Deployment: Why and Why not?
IPv6 Deployment: Why and Why not?
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNIC
 

Más de Internet Society

Más de Internet Society (20)

IXP growth challenges in West Africa: The Ghana Experience
IXP growth challenges in West Africa: The Ghana ExperienceIXP growth challenges in West Africa: The Ghana Experience
IXP growth challenges in West Africa: The Ghana Experience
 
IXP growth challenges in Central Africa
IXP growth challenges in Central AfricaIXP growth challenges in Central Africa
IXP growth challenges in Central Africa
 
Benin IX: 3 Years After!
Benin IX: 3 Years After!Benin IX: 3 Years After!
Benin IX: 3 Years After!
 
IXP growth challenges in Côte D’Ivoire
IXP growth challenges in Côte D’IvoireIXP growth challenges in Côte D’Ivoire
IXP growth challenges in Côte D’Ivoire
 
IXP Masterclass
IXP MasterclassIXP Masterclass
IXP Masterclass
 
PeeringDB Updates
PeeringDB UpdatesPeeringDB Updates
PeeringDB Updates
 
Peering Personals #2
Peering Personals #2Peering Personals #2
Peering Personals #2
 
Keynote Presentation : “80/20 by 2020”
Keynote Presentation : “80/20 by 2020”Keynote Presentation : “80/20 by 2020”
Keynote Presentation : “80/20 by 2020”
 
International Bandwidth and Pricing Trends in Sub-Sahara Africa
International Bandwidth and Pricing Trends in Sub-Sahara Africa International Bandwidth and Pricing Trends in Sub-Sahara Africa
International Bandwidth and Pricing Trends in Sub-Sahara Africa
 
In Search of Low Cost Bandwidth
In Search of Low Cost BandwidthIn Search of Low Cost Bandwidth
In Search of Low Cost Bandwidth
 
IPv6 @ Cloudflare
IPv6 @ CloudflareIPv6 @ Cloudflare
IPv6 @ Cloudflare
 
Interconnection Evolution
Interconnection EvolutionInterconnection Evolution
Interconnection Evolution
 
Peering Personals #1
Peering Personals #1Peering Personals #1
Peering Personals #1
 
“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa
“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa
“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa
 
Looking for Latency Clusters in Africa's internet
Looking for Latency Clusters in Africa's internetLooking for Latency Clusters in Africa's internet
Looking for Latency Clusters in Africa's internet
 
Fantsuam: Ideas for the sustainability of Community Networks
Fantsuam: Ideas for the sustainability of Community NetworksFantsuam: Ideas for the sustainability of Community Networks
Fantsuam: Ideas for the sustainability of Community Networks
 
Mawingu: Ideas for the sustainability of Community Networks
Mawingu: Ideas for the sustainability of Community NetworksMawingu: Ideas for the sustainability of Community Networks
Mawingu: Ideas for the sustainability of Community Networks
 
Zenzeleni Networks Update Report
Zenzeleni Networks Update ReportZenzeleni Networks Update Report
Zenzeleni Networks Update Report
 
Canadian Victory Garden: Overview of an Off Grid Solution
Canadian Victory Garden: Overview of an Off Grid SolutionCanadian Victory Garden: Overview of an Off Grid Solution
Canadian Victory Garden: Overview of an Off Grid Solution
 
TVWS use case in Kenya
TVWS use case in KenyaTVWS use case in Kenya
TVWS use case in Kenya
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011)

  • 1. Good  Men  Rising:   IPv6  &  DNSSEC     Canadian  Internet  Registra:on  Authority  (CIRA)   Jacques  Latour     ION  -­‐  Toronto     November  14,  2011    
  • 2. About  CIRA   1.  Operate  the  .CA  Registry   §  Registrant  ßà  Registrar  ßà  Registry  à  .CA  DNS   2.  Operate  the  .CA  Top  Level  Domain   §  Root  “.”  ßà  “.CA”  ßà  2nd  Level  .CA  domains   §  Internet  Users  ßà  ISP  ßà  “.CA”   3.  Do  good  things  for  the  Canadian  Internet   §  Promote  digital  literacy,  Canadian  Internet  Forum   §  Promote  IPv6,  DNSSEC,  NTP  and  Canadian  IXPs   2   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 3. IPv6  Adop8on  Strategy   •  IPv6  Discovery  &  Research   •  Perform  an  IPv6  Readiness  Assessment   •  Define  IPv6  Objec:ves  (can’t  do  everything)   •  Develop  a  Project  Plan   •  Develop  a  detailed  IPv6  Architecture  &  Design   •  Development,  tes:ng  and  pilot  mode   •  Implement  in  produc:on   •  Monitor   Not  a  migra8on,  not  a  transi8on,  coexistence!   3   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 4. IPv6  Objec8ve  -­‐  WEB  Content   •  Not  everything  needs  to  be  IPv6  on  day  1   –  World  IPv6  Day,  June  8,  2011   •  Internet  Perimeter  &  DMZ  (www.cira.ca)   •  IT  Organiza:on   IPv6 Glue Records CIRA Secondary Registry •  Permanent   DNS Servers Primary IPv6 •  Presence   WWW IPv4 a.ca-servers.ca •  Support   c.ca-servers.ca Internet …. (j & sns-pb) m.ca-servers.ca Registry Try www.cira.ca on IPv6 Backup Or http://[2001:500:80:2::12]/ z.ca-servers.ca IT Corporate Operations Network 4   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 5. IPv6  Architecture  Guidelines   “Rules  of  engagement”   •  Keep  IPv4  as-­‐is   •  Dual  Stack   –  All  systems  par:cipa:ng  in  the  IPv6  implementa:on  must  support  a   concurrent  IPv4  and  IPv6  stack   •  No  IPv6  Tunnelling   –  Usage  of  IPv6  tunnelling  mechanisms  such  as  ISATAP,  Teredo,  6to4,   6rd  are  disabled  and  not  permibed   •  Na8ve  IPv6  Transit   –  IPv6  transit  must  support  IPv6  na:vely  without  the  use  of  tunnelling   •  No  Network  Address  Transla8on  (NAT)   –  NAT66,  NAT64  &  NAT46  technologies  not  permibed   Security  Policy  Template  available  at  www.cira.ca/knowledge-­‐centre/ipv6     5   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 6. IPv6  Benefits   •  It  works!   •  Some  say  it’s  old   •  I  say  it’s  new   •  Let’s  make  it  work  in  Canada!   •  Enabler  for  future  growth   •  We  have  to  think  globally   6   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 7. DNSSEC     •  Developed  by  propeller  heads  J   7   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 8. DNS  à  Safe  &  Trusted   •  Security  extensions  on  top  of  DNS  to  provide   authen:ca:on  of  DNS  data   8   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 9. A  PlaVorm  for  Innova8on   •  DANE  (DNS-­‐based  Authen:ca:on  of  Named  En::es)   •  Applica:on  can  use  DNSSEC  for  enhanced  security   •  A  ‘new’  technology  to  be  leveraged   9   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 10. CIRA  –  DNSSEC  Status   •  CIRA  ac:vely  working  on  signing  the  .CA  zone   10   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 11. Thank  you!   hbp://ca.movember.com/mospace/2531386   11   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14