SlideShare una empresa de Scribd logo

Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011)

Internet Society
Internet Society

In a response to Bill St. Arnaud's "Dead Men Walking" presentation at the Internet Society's ION Conference in Toronto on November 14, 2011, Jacques Latour, Director of Information Technology, Canadian Internet Registration Authority (CIRA), laid out why he believes there is much promise ahead for both IPv6 and DNSSEC and explained the work they have done at CIRA, their IPv6 adoption strategy, architecture guidelines and more. A video recording of the session will be available for viewing. Details will be posted at http://www.isoc.org/do/blog/ when the video is available. More information about the global series of ION conferences can be found at http://www.isoc.org/ion/

Tecnología
1 de 11
Descargar para leer sin conexión
Good  Men  Rising:   IPv6  &  DNSSEC     Canadian  Internet  Registra:on  Authority  (CIRA)   Jacques  Latour     ION  -­‐  Toronto     November  14,  2011    
About  CIRA   1.  Operate  the  .CA  Registry   §  Registrant  ßà  Registrar  ßà  Registry  à  .CA  DNS   2.  Operate  the  .CA  Top  Level  Domain   §  Root  “.”  ßà  “.CA”  ßà  2nd  Level  .CA  domains   §  Internet  Users  ßà  ISP  ßà  “.CA”   3.  Do  good  things  for  the  Canadian  Internet   §  Promote  digital  literacy,  Canadian  Internet  Forum   §  Promote  IPv6,  DNSSEC,  NTP  and  Canadian  IXPs   2   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
IPv6  Adop8on  Strategy   •  IPv6  Discovery  &  Research   •  Perform  an  IPv6  Readiness  Assessment   •  Define  IPv6  Objec:ves  (can’t  do  everything)   •  Develop  a  Project  Plan   •  Develop  a  detailed  IPv6  Architecture  &  Design   •  Development,  tes:ng  and  pilot  mode   •  Implement  in  produc:on   •  Monitor   Not  a  migra8on,  not  a  transi8on,  coexistence!   3   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
IPv6  Objec8ve  -­‐  WEB  Content   •  Not  everything  needs  to  be  IPv6  on  day  1   –  World  IPv6  Day,  June  8,  2011   •  Internet  Perimeter  &  DMZ  (www.cira.ca)   •  IT  Organiza:on   IPv6 Glue Records CIRA Secondary Registry •  Permanent   DNS Servers Primary IPv6 •  Presence   WWW IPv4 a.ca-servers.ca •  Support   c.ca-servers.ca Internet …. (j & sns-pb) m.ca-servers.ca Registry Try www.cira.ca on IPv6 Backup Or http://[2001:500:80:2::12]/ z.ca-servers.ca IT Corporate Operations Network 4   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
IPv6  Architecture  Guidelines   “Rules  of  engagement”   •  Keep  IPv4  as-­‐is   •  Dual  Stack   –  All  systems  par:cipa:ng  in  the  IPv6  implementa:on  must  support  a   concurrent  IPv4  and  IPv6  stack   •  No  IPv6  Tunnelling   –  Usage  of  IPv6  tunnelling  mechanisms  such  as  ISATAP,  Teredo,  6to4,   6rd  are  disabled  and  not  permibed   •  Na8ve  IPv6  Transit   –  IPv6  transit  must  support  IPv6  na:vely  without  the  use  of  tunnelling   •  No  Network  Address  Transla8on  (NAT)   –  NAT66,  NAT64  &  NAT46  technologies  not  permibed   Security  Policy  Template  available  at  www.cira.ca/knowledge-­‐centre/ipv6     5   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
IPv6  Benefits   •  It  works!   •  Some  say  it’s  old   •  I  say  it’s  new   •  Let’s  make  it  work  in  Canada!   •  Enabler  for  future  growth   •  We  have  to  think  globally   6   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
DNSSEC     •  Developed  by  propeller  heads  J   7   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
DNS  à  Safe  &  Trusted   •  Security  extensions  on  top  of  DNS  to  provide   authen:ca:on  of  DNS  data   8   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
A  PlaVorm  for  Innova8on   •  DANE  (DNS-­‐based  Authen:ca:on  of  Named  En::es)   •  Applica:on  can  use  DNSSEC  for  enhanced  security   •  A  ‘new’  technology  to  be  leveraged   9   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
CIRA  –  DNSSEC  Status   •  CIRA  ac:vely  working  on  signing  the  .CA  zone   10   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
Thank  you!   hbp://ca.movember.com/mospace/2531386   11   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  

Recomendados

Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleGoogle and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
IPv6no
 
Sipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slidesSipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slides
Olle E Johansson
 
APNIC Update
APNIC Update APNIC Update
APNIC Update
APNIC
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
Swiss IPv6 Council
 
Sip & IPv6 - time for action!
Sip & IPv6 - time for action!Sip & IPv6 - time for action!
Sip & IPv6 - time for action!
Olle E Johansson
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
Christian Elsen
 
Router configuration
Router configurationRouter configuration
Router configuration
97148881557
 
Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 Migration
Swiss IPv6 Council
 

Recomendados

Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleGoogle and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
IPv6no
 
Sipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slidesSipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slides
Olle E Johansson
 
APNIC Update
APNIC Update APNIC Update
APNIC Update
APNIC
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
Swiss IPv6 Council
 
Sip & IPv6 - time for action!
Sip & IPv6 - time for action!Sip & IPv6 - time for action!
Sip & IPv6 - time for action!
Olle E Johansson
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
Christian Elsen
 
Router configuration
Router configurationRouter configuration
Router configuration
97148881557
 
Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 Migration
Swiss IPv6 Council
 
ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check ToolION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
Deploy360 Programme (Internet Society)
 
DNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy Sales Brochure
DNS Made Easy Sales Brochure
DNS Made Easy
 
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoIPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live Demo
Digicomp Academy AG
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6no
 
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid ItION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
Deploy360 Programme (Internet Society)
 
Dnssec
DnssecDnssec
Dnssec
guest3131f85
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
Skeeve Stevens
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
Zivaro Inc
 
ASHISH SENGAR.doc
ASHISH SENGAR.docASHISH SENGAR.doc
ASHISH SENGAR.doc
Ashish Sengar
 
Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer App
Oliver Müller
 
GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback AppliancesGigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
Grant Swanson
 
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for AlfrescoAlfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Toni de la Fuente
 
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
APNIC
 
Benefits of Hosting a DNS Root Server
Benefits of Hosting a DNS Root ServerBenefits of Hosting a DNS Root Server
Benefits of Hosting a DNS Root Server
RIPE NCC
 
Current Policy Topics
Current Policy TopicsCurrent Policy Topics
Current Policy Topics
RIPE Meetings
 
Day 20.i pv6 lab
Day 20.i pv6 labDay 20.i pv6 lab
Day 20.i pv6 lab
CYBERINTELLIGENTS
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)
Hari
 
Peering Day 2013
Peering Day 2013Peering Day 2013
Peering Day 2013
RIPE NCC
 
Cybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICCybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNIC
APNIC
 
A Guide to Peering on the Internet
A Guide to Peering on the InternetA Guide to Peering on the Internet
A Guide to Peering on the Internet
Richard Steenbergen
 
The RIPE Community and Ethical Considerations
The RIPE Community and Ethical ConsiderationsThe RIPE Community and Ethical Considerations
The RIPE Community and Ethical Considerations
RIPE NCC
 
Internet peering, with annotations
Internet peering, with annotationsInternet peering, with annotations
Internet peering, with annotations
Brough Turner
 

Más contenido relacionado

La actualidad más candente

GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback AppliancesGigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
Grant Swanson
 

La actualidad más candente (17)

ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check ToolION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
 
DNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy Sales Brochure
DNS Made Easy Sales Brochure
 
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoIPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live Demo
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
 
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid ItION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
 
Dnssec
DnssecDnssec
Dnssec
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
ASHISH SENGAR.doc
ASHISH SENGAR.docASHISH SENGAR.doc
ASHISH SENGAR.doc
 
Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer App
 
GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback AppliancesGigamonU - Solera Blend Riches, Packet Record and Playback Appliances
GigamonU - Solera Blend Riches, Packet Record and Playback Appliances
 
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for AlfrescoAlfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
 
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
 
Benefits of Hosting a DNS Root Server
Benefits of Hosting a DNS Root ServerBenefits of Hosting a DNS Root Server
Benefits of Hosting a DNS Root Server
 
Current Policy Topics
Current Policy TopicsCurrent Policy Topics
Current Policy Topics
 
Day 20.i pv6 lab
Day 20.i pv6 labDay 20.i pv6 lab
Day 20.i pv6 lab
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)
 

Destacado

Peering 101 and the peering simulation game
Peering 101 and the peering simulation gamePeering 101 and the peering simulation game
Peering 101 and the peering simulation game
Internet Society
 

Destacado (8)

Peering Day 2013
Peering Day 2013Peering Day 2013
Peering Day 2013
 
Cybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICCybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNIC
 
A Guide to Peering on the Internet
A Guide to Peering on the InternetA Guide to Peering on the Internet
A Guide to Peering on the Internet
 
The RIPE Community and Ethical Considerations
The RIPE Community and Ethical ConsiderationsThe RIPE Community and Ethical Considerations
The RIPE Community and Ethical Considerations
 
Internet peering, with annotations
Internet peering, with annotationsInternet peering, with annotations
Internet peering, with annotations
 
Peering 101 and the peering simulation game
Peering 101 and the peering simulation gamePeering 101 and the peering simulation game
Peering 101 and the peering simulation game
 
Peering and Transit Tutorials: PeeringDB
Peering and Transit Tutorials: PeeringDBPeering and Transit Tutorials: PeeringDB
Peering and Transit Tutorials: PeeringDB
 
Importance of ip peering
Importance of ip peeringImportance of ip peering
Importance of ip peering
 

Similar a Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011)

2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition
Johnson Liu
 
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat642009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
yacc2000
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
Rochester Security Summit
 
IPv6 対応アプリケーション開発なんて怖くない
IPv6 対応アプリケーション開発なんて怖くないIPv6 対応アプリケーション開発なんて怖くない
IPv6 対応アプリケーション開発なんて怖くない
Koichi Taniguchi
 
Embracing Open Source: Practice and Experience from Alibaba
Embracing Open Source: Practice and Experience from AlibabaEmbracing Open Source: Practice and Experience from Alibaba
Embracing Open Source: Practice and Experience from Alibaba
Wensong Zhang
 
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011
IPv6no
 

Similar a Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011) (20)

CDN and ISP Operation
CDN and ISP OperationCDN and ISP Operation
CDN and ISP Operation
 
Content over IPv6: no excuses
Content over IPv6: no excusesContent over IPv6: no excuses
Content over IPv6: no excuses
 
2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition
 
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproNorway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
 
Presd1 09
Presd1 09Presd1 09
Presd1 09
 
Micheal O'Foghlu - TSSG
Micheal O'Foghlu - TSSGMicheal O'Foghlu - TSSG
Micheal O'Foghlu - TSSG
 
John Curran - Moving to IPv6
John Curran - Moving to IPv6John Curran - Moving to IPv6
John Curran - Moving to IPv6
 
Getting The World IPv6 Enabled
Getting The World IPv6 EnabledGetting The World IPv6 Enabled
Getting The World IPv6 Enabled
 
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
 
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat642009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
IPv6 対応アプリケーション開発なんて怖くない
IPv6 対応アプリケーション開発なんて怖くないIPv6 対応アプリケーション開発なんて怖くない
IPv6 対応アプリケーション開発なんて怖くない
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities Report
 
Introduction to Kafka
Introduction to KafkaIntroduction to Kafka
Introduction to Kafka
 
Ventajas de IPv6
Ventajas de IPv6Ventajas de IPv6
Ventajas de IPv6
 
Embracing Open Source: Practice and Experience from Alibaba
Embracing Open Source: Practice and Experience from AlibabaEmbracing Open Source: Practice and Experience from Alibaba
Embracing Open Source: Practice and Experience from Alibaba
 
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011
 
IPv6 Deployment: Why and Why not?
IPv6 Deployment: Why and Why not?IPv6 Deployment: Why and Why not?
IPv6 Deployment: Why and Why not?
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNIC
 

Más de Internet Society

Más de Internet Society (20)

IXP growth challenges in West Africa: The Ghana Experience
IXP growth challenges in West Africa: The Ghana ExperienceIXP growth challenges in West Africa: The Ghana Experience
IXP growth challenges in West Africa: The Ghana Experience
 
IXP growth challenges in Central Africa
IXP growth challenges in Central AfricaIXP growth challenges in Central Africa
IXP growth challenges in Central Africa
 
Benin IX: 3 Years After!
Benin IX: 3 Years After!Benin IX: 3 Years After!
Benin IX: 3 Years After!
 
IXP growth challenges in Côte D’Ivoire
IXP growth challenges in Côte D’IvoireIXP growth challenges in Côte D’Ivoire
IXP growth challenges in Côte D’Ivoire
 
IXP Masterclass
IXP MasterclassIXP Masterclass
IXP Masterclass
 
PeeringDB Updates
PeeringDB UpdatesPeeringDB Updates
PeeringDB Updates
 
Peering Personals #2
Peering Personals #2Peering Personals #2
Peering Personals #2
 
Keynote Presentation : “80/20 by 2020”
Keynote Presentation : “80/20 by 2020”Keynote Presentation : “80/20 by 2020”
Keynote Presentation : “80/20 by 2020”
 
International Bandwidth and Pricing Trends in Sub-Sahara Africa
International Bandwidth and Pricing Trends in Sub-Sahara Africa International Bandwidth and Pricing Trends in Sub-Sahara Africa
International Bandwidth and Pricing Trends in Sub-Sahara Africa
 
In Search of Low Cost Bandwidth
In Search of Low Cost BandwidthIn Search of Low Cost Bandwidth
In Search of Low Cost Bandwidth
 
IPv6 @ Cloudflare
IPv6 @ CloudflareIPv6 @ Cloudflare
IPv6 @ Cloudflare
 
Interconnection Evolution
Interconnection EvolutionInterconnection Evolution
Interconnection Evolution
 
Peering Personals #1
Peering Personals #1Peering Personals #1
Peering Personals #1
 
“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa
“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa
“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa
 
Looking for Latency Clusters in Africa's internet
Looking for Latency Clusters in Africa's internetLooking for Latency Clusters in Africa's internet
Looking for Latency Clusters in Africa's internet
 
Fantsuam: Ideas for the sustainability of Community Networks
Fantsuam: Ideas for the sustainability of Community NetworksFantsuam: Ideas for the sustainability of Community Networks
Fantsuam: Ideas for the sustainability of Community Networks
 
Mawingu: Ideas for the sustainability of Community Networks
Mawingu: Ideas for the sustainability of Community NetworksMawingu: Ideas for the sustainability of Community Networks
Mawingu: Ideas for the sustainability of Community Networks
 
Zenzeleni Networks Update Report
Zenzeleni Networks Update ReportZenzeleni Networks Update Report
Zenzeleni Networks Update Report
 
Canadian Victory Garden: Overview of an Off Grid Solution
Canadian Victory Garden: Overview of an Off Grid SolutionCanadian Victory Garden: Overview of an Off Grid Solution
Canadian Victory Garden: Overview of an Off Grid Solution
 
TVWS use case in Kenya
TVWS use case in KenyaTVWS use case in Kenya
TVWS use case in Kenya
 

Último

TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 

Último (20)

WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 

Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011)

  • 1. Good  Men  Rising:   IPv6  &  DNSSEC     Canadian  Internet  Registra:on  Authority  (CIRA)   Jacques  Latour     ION  -­‐  Toronto     November  14,  2011    
  • 2. About  CIRA   1.  Operate  the  .CA  Registry   §  Registrant  ßà  Registrar  ßà  Registry  à  .CA  DNS   2.  Operate  the  .CA  Top  Level  Domain   §  Root  “.”  ßà  “.CA”  ßà  2nd  Level  .CA  domains   §  Internet  Users  ßà  ISP  ßà  “.CA”   3.  Do  good  things  for  the  Canadian  Internet   §  Promote  digital  literacy,  Canadian  Internet  Forum   §  Promote  IPv6,  DNSSEC,  NTP  and  Canadian  IXPs   2   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 3. IPv6  Adop8on  Strategy   •  IPv6  Discovery  &  Research   •  Perform  an  IPv6  Readiness  Assessment   •  Define  IPv6  Objec:ves  (can’t  do  everything)   •  Develop  a  Project  Plan   •  Develop  a  detailed  IPv6  Architecture  &  Design   •  Development,  tes:ng  and  pilot  mode   •  Implement  in  produc:on   •  Monitor   Not  a  migra8on,  not  a  transi8on,  coexistence!   3   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 4. IPv6  Objec8ve  -­‐  WEB  Content   •  Not  everything  needs  to  be  IPv6  on  day  1   –  World  IPv6  Day,  June  8,  2011   •  Internet  Perimeter  &  DMZ  (www.cira.ca)   •  IT  Organiza:on   IPv6 Glue Records CIRA Secondary Registry •  Permanent   DNS Servers Primary IPv6 •  Presence   WWW IPv4 a.ca-servers.ca •  Support   c.ca-servers.ca Internet …. (j & sns-pb) m.ca-servers.ca Registry Try www.cira.ca on IPv6 Backup Or http://[2001:500:80:2::12]/ z.ca-servers.ca IT Corporate Operations Network 4   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 5. IPv6  Architecture  Guidelines   “Rules  of  engagement”   •  Keep  IPv4  as-­‐is   •  Dual  Stack   –  All  systems  par:cipa:ng  in  the  IPv6  implementa:on  must  support  a   concurrent  IPv4  and  IPv6  stack   •  No  IPv6  Tunnelling   –  Usage  of  IPv6  tunnelling  mechanisms  such  as  ISATAP,  Teredo,  6to4,   6rd  are  disabled  and  not  permibed   •  Na8ve  IPv6  Transit   –  IPv6  transit  must  support  IPv6  na:vely  without  the  use  of  tunnelling   •  No  Network  Address  Transla8on  (NAT)   –  NAT66,  NAT64  &  NAT46  technologies  not  permibed   Security  Policy  Template  available  at  www.cira.ca/knowledge-­‐centre/ipv6     5   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 6. IPv6  Benefits   •  It  works!   •  Some  say  it’s  old   •  I  say  it’s  new   •  Let’s  make  it  work  in  Canada!   •  Enabler  for  future  growth   •  We  have  to  think  globally   6   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 7. DNSSEC     •  Developed  by  propeller  heads  J   7   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 8. DNS  à  Safe  &  Trusted   •  Security  extensions  on  top  of  DNS  to  provide   authen:ca:on  of  DNS  data   8   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 9. A  PlaVorm  for  Innova8on   •  DANE  (DNS-­‐based  Authen:ca:on  of  Named  En::es)   •  Applica:on  can  use  DNSSEC  for  enhanced  security   •  A  ‘new’  technology  to  be  leveraged   9   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 10. CIRA  –  DNSSEC  Status   •  CIRA  ac:vely  working  on  signing  the  .CA  zone   10   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
  • 11. Thank  you!   hbp://ca.movember.com/mospace/2531386   11   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14