SlideShare una empresa de Scribd logo

IPv6 @ Cloudflare

Descargar como PPTX, PDF
Internet Society
Internet Society

The Africa Peering and Interconnection Forum (AfPIF) 2017 22-24 August 2017 Abidjan, Côte D’Ivoire By Martin J. Levy (Cloudflare)

Internet
1 de 51
IPv6 @ Cloudflare (and v6 related items) AfPIF Abidjan – August/2017 Martin J. Levy @ Cloudflare
// Personal Introduction
Martin J. Levy @ Cloudflare // Personal Introduction MY HISTORY A dedicated IPv6 evangelist. Long time TCP/IP developer/programmer, network operator, peering expert, IETF member, NANOG member, and IP networking development/strategy expert. MY TERSE RESUME Bell Labs (New Jersey) – Unix for Unix’s sake, TCP/IP (1982/1983) Random startups and ISPs (Bay Area) Concentric/XO (Bay Area) – IP backbone and hosting Telecom Italia (Rome & Miami) – Global IP backbone Hurricane Electric (Bay Area) – Global IPv4/IPv6 backbone Cloudflare (Bay Area) – Global CDN, DDoS, DNS, Security
// The Punchline!
At Cloudflare, IPv6 is always on! // The Punchline!
// Introduction to Cloudflare Cloudflare provides performance, security, reliability, and insights to anything connected to the Internet.
AS13335 / Cloudflare’s Global Anycast Network 115 Data centers globally 2x Speeds up each request by 10%Internet requests everyday 5M HTTP requests/second 1.2M DNS requests/second EVERYTHING IPv4/IPv6
Cloudflare’s benefits // Cloudflare Introduction
Performance // Cloudflare Introduction CDN Moving content physically closer to visitors with our CDN. Website Optimization Cloudflare lets you automatically enable the latest in web technologies. DNS Cloudflare is one of the fastest managed DNS providers in the world. SSL Modern SSL isn’t just for security—it can actually improve the performance of your website. Dedicated SSL Certificates With a few clicks within the Cloudflare dashboard, you can easily and quickly issue new certificates, securely generate private keys and more. Load Balancing Cloudflare Load Balancing provides load balancing, geo- steering, monitoring and failover for your Internet facing infrastructure enhancing service availability.
Security // Cloudflare Introduction DDoS Protection Our enterprise-class DDoS protection network has 20 times more capacity than the largest DDoS attack ever recorded. WAF Our web application firewall benefits from the collective intelligence of our entire network. SSL HTTPS is a must-have for modern websites, and Cloudflare makes it easy to configure SSL. Secure Registrar Registering your domain through Cloudflare is the most secure way to protect your trademark from domain hijacking. Dedicated SSL Certificates With a few clicks within the CloudFlare dashboard, you can easily and quickly issue new certificates, securely generate private keys and more. Rate Limiting Rate Limiting gives you granular controls to detect bad traffic, customized rulesets to ensure that your legitimate visitors are not impacted, and insights to improve your security posture as attacks evolve.
Reliability // Cloudflare Introduction DNS Cloudflare’s DNS service is powered by the same 102 data center network that powers our DDoS and CDN services. This not only improves DNS resolution times, but also makes DNS-related attacks and outages a thing of the past. China Network Cloudflare’s China service optimizes Internet connections in mainland China, dramatically improving the viewing experience for visitors in China. Predictable Bandwidth Costs We believe that you should never be surprised by your monthly bill. Our flat-rate pricing structure makes your CDN and DDoS bandwidth expenses predictable.
Insight // Cloudflare Introduction Enterprise Logs For enterprise customers, we can provide consolidated logs from around the world. These are very rich, containing detailed information about every request and response. Threat Analytics When we identify requests that are threats, we log them and block them. That means we not only protect your site, but also provide insight into the malicious activity we’re seeing. Rate Limiting Rate Limiting gives you granular controls to detect bad traffic, customized rulesets to ensure that your legitimate visitors are not impacted, and insights to improve your security posture as attacks evolve.
A few of our Technology customers
// Now Down to the Technical Parts … Cloudflare has a solid history of giving back to the community, both in open-source software, IETF protocol development, network services, etc.
The Technical Part // Technical Part 1. Backstory behind the IPv6 switch at Cloudflare 2. Some useful IPv6 data 3. A serious discussion about DNS in a v6 world 4. Why we removed the switch!
IPv6 @ Cloudflare is so 2606:4700::5ca1:ab1e:6810:4737
Cloudflare can be a “bridge” to IPv6
Cloudflare can be a “bridge” to IPv6
Cloudflare can be a “bridge” to IPv6
Cloudflare can be a “bridge” to IPv6
// Flipping the Switch! Five plus years of having the IPv6 switch in our system. The default was “off”.
• Nearly five million zones on Cloudflare (at this point) • If the user had never touched the IPv6 switch; then flip it on! • Slow start; then running faster (around ~100,000 zones per day) Flipping the Switch on Every Domain/Zone for zone in all_zones: if zone.ipv6.value == False: if zone.ipv6.date == None: zone.ipv6.value = True zone.ipv6.date = Now() sleep()
People (Some You May Know) Noticed!
https://www.vyncke.org/ipv6status/ https://blog.cloudflare.com/98-percent-ipv6/ Cloudflare hits 98.01% Cloudflare starts process Eric Vyncke’s graph is it’s full glory!
// Removing the Switch
The Disable IPv6 Switch Goes Away! Before: After: … IPv6 is on by default (and unchangeable) for the vast majority** of accounts! ** high paying accounts still get the switch
// Who and What is Driving IPv6?
Top IPv6 Countries – Belgium Country Percent Bytes IPv6 Ireland 46.40% Belgium 46.08% Greece 24.20% Mauritius 20.80% India 19.16% Luxembourg 17.46% Estonia 16.22% Japan 14.71% Switzerland 13.90% Ecuador 12.38%
Top IPv6 Countries – Ireland (kinda) Country Percent Bytes IPv6 Ireland 46.40% Belgium 46.08% Greece 24.20% Mauritius 20.80% India 19.16% Luxembourg 17.46% Estonia 16.22% Japan 14.71% Switzerland 13.90% Ecuador 12.38% 81% of Facebook (crawl) traffic from Cloudflare is IPv6-based
Top IPv6 Countries – Japan Country Percent Bytes IPv6 Ireland 46.40% Belgium 46.08% Greece 24.20% Mauritius 20.80% India 19.16% Luxembourg 17.46% Estonia 16.22% Japan 14.71% Switzerland 13.90% Ecuador 12.38%
Percentage of IPv6 vs. Bandwidth per Network
Top 10 IPv6 (~55% of Cloudlfare IPv6 Traffic)
1 100.0% Orange Polska 2 100.0% China Next Generation Internet CERNET2 3 100.0% HiNet IPv6 (Taiwan) 4 96.8% Telenet (Belgium) 5 91.5% Time Warner Cable 6 88.9% Sprint 7 81.0% Facebook 8 74.0% EGIHosting 9 65.9% Areti Internet 10 63.9% Microsoft 11 61.8% Alentus 12 60.3% T-Mobile USA 13 58.8% Verizon Wireless 14 57.6% Chubu Telecommunications Company 15 48.5% Sky (UK) 16 47.8% Google Fiber 17 44.6% AIS Fibre (Thailand) 18 43.6% AT&T 19 43.3% Hughes Network Systems 20 43.2% wilhelm.tel GmbH Norderstedt
IPv6 by Device Type
iOS vs Android
Windows and IPv6
DNS traffic and floods (IPv4 vs IPv6)
IPv6 and DNS
More v6 addresses != more v6 uniques in DNS
IPv6 Global Map (AAAA queries)
IPv6 Global Map (% Traffic IPv6)
// Deprecated IPv6 DNS – Remember A6?
IPv6 Global Map (A6 Queries – Not a Typo)
Who’s Sending A6? 1 AS3462 Data Communication Business Group 2 AS6181 CAR-PART.COM 3 AS24683 Orenburg State University 4 AS1221 Telstra Internet 5 AS2510 FUJITSU LIMITED 6 AS24945 Telecommunication Company Vinteleport Ltd. 7 AS7127 Southern California Edison 8 AS701 MCI Communications Services, Inc. d/b/a Verizon Business 9 AS12962 First Investment Bank AD 10 AS1659 Ministry of Education Computer Center
// What’s next for IPv6? Fix DNS!
A & AAAA Records - How Silly is this in 2017? ● Separate A & AAAA records ● In a happy-eyeball environment we still need two DNS queries (before any TCP connection can be instigated) Query for A record Query for AAAA record
AAAA For Free (When Doing an A Query)! Cloudflare proposed solution: 1. A + AAAA in new meta-query 2. Resolver asks for A or AAAA 3. If positive answer, the resolver then checks AAAA + A meta-query 4. Resolver remembers whether authoritative server supports meta- query for future queries 5. Resolver adds both A and AAAA to cache
Working code (an IETF must!) This is live - try it with any domain on Cloudflare. $ dig cloudflare.com @ns1.cloudflare.com -t TYPE65535 +short 198.41.215.162 198.41.214.162 2400:cb00:2048:1::c629:d6a2 2400:cb00:2048:1::c629:d7a2 $ $ dig taylorswift.com @ashley.ns.cloudflare.com -t TYPE65535 +short 104.16.193.61 104.16.194.61 104.16.191.61 104.16.192.61 104.16.195.61 2400:cb00:2048:1::6810:c33d 2400:cb00:2048:1::6810:c13d 2400:cb00:2048:1::6810:bf3d 2400:cb00:2048:1::6810:c23d 2400:cb00:2048:1::6810:c03d $
https://tools.ietf.org/html/draft-vavrusa-dnsop-aaaa-for-free-00 IETF draft – pick one, any one (maybe ours?) https://tools.ietf.org/html/draft-vavrusa-dnsop-aaaa-for-free-00 https://tools.ietf.org/html/draft-yao-dnsop-accompanying-questions-02 https://tools.ietf.org/html/draft-bellis-dnsext-multi-qtypes-03
Thank you! martin@cloudflare.com @mahtin / @cloudflare

Recomendados

In Search of Low Cost Bandwidth
In Search of Low Cost BandwidthIn Search of Low Cost Bandwidth
In Search of Low Cost Bandwidth
Internet Society
 
Evolution of Mobile Networks and IPv6 - APEC TEL49
Evolution of Mobile Networks and IPv6 - APEC TEL49Evolution of Mobile Networks and IPv6 - APEC TEL49
Evolution of Mobile Networks and IPv6 - APEC TEL49
APNIC
 
Interconnection Evolution
Interconnection EvolutionInterconnection Evolution
Interconnection Evolution
Internet Society
 
Who needs IPv6...in the Pacific?
Who needs IPv6...in the Pacific?Who needs IPv6...in the Pacific?
Who needs IPv6...in the Pacific?
APNIC
 
WINS: Peering and IXPs
WINS: Peering and IXPsWINS: Peering and IXPs
WINS: Peering and IXPs
APNIC
 
Scaling Beyond 100G With 400G and 800G
Scaling Beyond 100G With 400G and 800GScaling Beyond 100G With 400G and 800G
Scaling Beyond 100G With 400G and 800G
APNIC
 
Protecting your Peering Edge
Protecting your Peering EdgeProtecting your Peering Edge
Protecting your Peering Edge
Internet Society
 
IPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access NetworksIPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access Networks
APNIC
 

Recomendados

In Search of Low Cost Bandwidth
In Search of Low Cost BandwidthIn Search of Low Cost Bandwidth
In Search of Low Cost Bandwidth
Internet Society
 
Evolution of Mobile Networks and IPv6 - APEC TEL49
Evolution of Mobile Networks and IPv6 - APEC TEL49Evolution of Mobile Networks and IPv6 - APEC TEL49
Evolution of Mobile Networks and IPv6 - APEC TEL49
APNIC
 
Interconnection Evolution
Interconnection EvolutionInterconnection Evolution
Interconnection Evolution
Internet Society
 
Who needs IPv6...in the Pacific?
Who needs IPv6...in the Pacific?Who needs IPv6...in the Pacific?
Who needs IPv6...in the Pacific?
APNIC
 
WINS: Peering and IXPs
WINS: Peering and IXPsWINS: Peering and IXPs
WINS: Peering and IXPs
APNIC
 
Scaling Beyond 100G With 400G and 800G
Scaling Beyond 100G With 400G and 800GScaling Beyond 100G With 400G and 800G
Scaling Beyond 100G With 400G and 800G
APNIC
 
Protecting your Peering Edge
Protecting your Peering EdgeProtecting your Peering Edge
Protecting your Peering Edge
Internet Society
 
IPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access NetworksIPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access Networks
APNIC
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
ADVA
 
Peering Personals #2
Peering Personals #2Peering Personals #2
Peering Personals #2
Internet Society
 
BSN 2019 November Webinar - Need for Speed
BSN 2019 November Webinar - Need for SpeedBSN 2019 November Webinar - Need for Speed
BSN 2019 November Webinar - Need for Speed
Maureen Donovan
 
Sckipio and Actiontec Present at Broadband Multimedia Marketers Association o...
Sckipio and Actiontec Present at Broadband Multimedia Marketers Association o...Sckipio and Actiontec Present at Broadband Multimedia Marketers Association o...
Sckipio and Actiontec Present at Broadband Multimedia Marketers Association o...
Sckipio
 
White Box Optics: Will It Kill or Encourage Innovation?
White Box Optics: Will It Kill or Encourage Innovation?White Box Optics: Will It Kill or Encourage Innovation?
White Box Optics: Will It Kill or Encourage Innovation?
ADVA
 
Drawing Customers North - Highlighting the Benefits of Nordic Data Centers
Drawing Customers North - Highlighting the Benefits of Nordic Data CentersDrawing Customers North - Highlighting the Benefits of Nordic Data Centers
Drawing Customers North - Highlighting the Benefits of Nordic Data Centers
ADVA
 
ADVA Optical Networking Enters Into Agreement to Acquire MRV Communications, ...
ADVA Optical Networking Enters Into Agreement to Acquire MRV Communications, ...ADVA Optical Networking Enters Into Agreement to Acquire MRV Communications, ...
ADVA Optical Networking Enters Into Agreement to Acquire MRV Communications, ...
ADVA
 
Making NFV Easy
Making NFV EasyMaking NFV Easy
Making NFV Easy
ADVA
 
From Waterfall to Agile - Managing Disruptive Change Without Disrupting the B...
From Waterfall to Agile - Managing Disruptive Change Without Disrupting the B...From Waterfall to Agile - Managing Disruptive Change Without Disrupting the B...
From Waterfall to Agile - Managing Disruptive Change Without Disrupting the B...
ADVA
 
FSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDNFSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDN
ADVA
 
Transforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical TransportTransforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical Transport
ADVA
 
Building a Sustainable Future
Building a Sustainable FutureBuilding a Sustainable Future
Building a Sustainable Future
ADVA
 
IPv6 Single Stack Now or Later? - The Ultimate Carrier Conundrum
IPv6 Single Stack Now or Later? - The Ultimate Carrier ConundrumIPv6 Single Stack Now or Later? - The Ultimate Carrier Conundrum
IPv6 Single Stack Now or Later? - The Ultimate Carrier Conundrum
APNIC
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
ADVA
 
Secure Connectivity on Every Network Layer
Secure Connectivity on Every Network LayerSecure Connectivity on Every Network Layer
Secure Connectivity on Every Network Layer
ADVA
 
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
ADVA
 
Verizon Selects Ensemble Connector to Deliver VNS uCPE
Verizon Selects Ensemble Connector to Deliver VNS uCPEVerizon Selects Ensemble Connector to Deliver VNS uCPE
Verizon Selects Ensemble Connector to Deliver VNS uCPE
ADVA
 
Direct Detect Optical Layer for Ultimate DCI Flexibility
Direct Detect Optical Layer for Ultimate DCI FlexibilityDirect Detect Optical Layer for Ultimate DCI Flexibility
Direct Detect Optical Layer for Ultimate DCI Flexibility
ADVA
 
Maximising ROI and User Experience with Outdoor Small Cells: Airspan
Maximising ROI and User Experience with Outdoor Small Cells: AirspanMaximising ROI and User Experience with Outdoor Small Cells: Airspan
Maximising ROI and User Experience with Outdoor Small Cells: Airspan
Small Cell Forum
 
Outdoor Municipal WiFi Case Study
Outdoor Municipal WiFi Case StudyOutdoor Municipal WiFi Case Study
Outdoor Municipal WiFi Case Study
Network Utility Force
 
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
Indonesia Network Operators Group
 
IPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for MobilesIPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for Mobiles
APNIC
 

Más contenido relacionado

La actualidad más candente

Direct Detect Optical Layer for Ultimate DCI Flexibility
Direct Detect Optical Layer for Ultimate DCI FlexibilityDirect Detect Optical Layer for Ultimate DCI Flexibility
Direct Detect Optical Layer for Ultimate DCI Flexibility
ADVA
 

La actualidad más candente (20)

Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
 
Peering Personals #2
Peering Personals #2Peering Personals #2
Peering Personals #2
 
BSN 2019 November Webinar - Need for Speed
BSN 2019 November Webinar - Need for SpeedBSN 2019 November Webinar - Need for Speed
BSN 2019 November Webinar - Need for Speed
 
Sckipio and Actiontec Present at Broadband Multimedia Marketers Association o...
Sckipio and Actiontec Present at Broadband Multimedia Marketers Association o...Sckipio and Actiontec Present at Broadband Multimedia Marketers Association o...
Sckipio and Actiontec Present at Broadband Multimedia Marketers Association o...
 
White Box Optics: Will It Kill or Encourage Innovation?
White Box Optics: Will It Kill or Encourage Innovation?White Box Optics: Will It Kill or Encourage Innovation?
White Box Optics: Will It Kill or Encourage Innovation?
 
Drawing Customers North - Highlighting the Benefits of Nordic Data Centers
Drawing Customers North - Highlighting the Benefits of Nordic Data CentersDrawing Customers North - Highlighting the Benefits of Nordic Data Centers
Drawing Customers North - Highlighting the Benefits of Nordic Data Centers
 
ADVA Optical Networking Enters Into Agreement to Acquire MRV Communications, ...
ADVA Optical Networking Enters Into Agreement to Acquire MRV Communications, ...ADVA Optical Networking Enters Into Agreement to Acquire MRV Communications, ...
ADVA Optical Networking Enters Into Agreement to Acquire MRV Communications, ...
 
Making NFV Easy
Making NFV EasyMaking NFV Easy
Making NFV Easy
 
From Waterfall to Agile - Managing Disruptive Change Without Disrupting the B...
From Waterfall to Agile - Managing Disruptive Change Without Disrupting the B...From Waterfall to Agile - Managing Disruptive Change Without Disrupting the B...
From Waterfall to Agile - Managing Disruptive Change Without Disrupting the B...
 
FSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDNFSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDN
 
Transforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical TransportTransforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical Transport
 
Building a Sustainable Future
Building a Sustainable FutureBuilding a Sustainable Future
Building a Sustainable Future
 
IPv6 Single Stack Now or Later? - The Ultimate Carrier Conundrum
IPv6 Single Stack Now or Later? - The Ultimate Carrier ConundrumIPv6 Single Stack Now or Later? - The Ultimate Carrier Conundrum
IPv6 Single Stack Now or Later? - The Ultimate Carrier Conundrum
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
 
Secure Connectivity on Every Network Layer
Secure Connectivity on Every Network LayerSecure Connectivity on Every Network Layer
Secure Connectivity on Every Network Layer
 
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
 
Verizon Selects Ensemble Connector to Deliver VNS uCPE
Verizon Selects Ensemble Connector to Deliver VNS uCPEVerizon Selects Ensemble Connector to Deliver VNS uCPE
Verizon Selects Ensemble Connector to Deliver VNS uCPE
 
Direct Detect Optical Layer for Ultimate DCI Flexibility
Direct Detect Optical Layer for Ultimate DCI FlexibilityDirect Detect Optical Layer for Ultimate DCI Flexibility
Direct Detect Optical Layer for Ultimate DCI Flexibility
 
Maximising ROI and User Experience with Outdoor Small Cells: Airspan
Maximising ROI and User Experience with Outdoor Small Cells: AirspanMaximising ROI and User Experience with Outdoor Small Cells: Airspan
Maximising ROI and User Experience with Outdoor Small Cells: Airspan
 
Outdoor Municipal WiFi Case Study
Outdoor Municipal WiFi Case StudyOutdoor Municipal WiFi Case Study
Outdoor Municipal WiFi Case Study
 

Similar a IPv6 @ Cloudflare

04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
Indonesia Network Operators Group
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Canada
 

Similar a IPv6 @ Cloudflare (20)

04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
 
IPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for MobilesIPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for Mobiles
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
 
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0
 
World of many (OpenStack) clouds - the Making of the Intercloud
World of many (OpenStack) clouds - the Making of the IntercloudWorld of many (OpenStack) clouds - the Making of the Intercloud
World of many (OpenStack) clouds - the Making of the Intercloud
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- Acceleration
 
IPv6 Transition
IPv6 TransitionIPv6 Transition
IPv6 Transition
 
Internet of Everything - Edson Celestino.
Internet of Everything - Edson Celestino. Internet of Everything - Edson Celestino.
Internet of Everything - Edson Celestino.
 
The Path to SDN - How to Ensure a Successful SDN Evolution
The Path to SDN - How to Ensure a Successful SDN EvolutionThe Path to SDN - How to Ensure a Successful SDN Evolution
The Path to SDN - How to Ensure a Successful SDN Evolution
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation Branch
 
IPv6: Early Mover Advantage?
IPv6: Early Mover Advantage?IPv6: Early Mover Advantage?
IPv6: Early Mover Advantage?
 
ASCC Network Experience in IPv6
ASCC Network Experience in IPv6ASCC Network Experience in IPv6
ASCC Network Experience in IPv6
 
NOTES
NOTESNOTES
NOTES
 
ION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 TransitionION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 Transition
 
What SD-WAN Means for Enterprise
What SD-WAN Means for EnterpriseWhat SD-WAN Means for Enterprise
What SD-WAN Means for Enterprise
 
KHNOG 2 Online Webinar: IPv6 Deployment Update
KHNOG 2 Online Webinar: IPv6 Deployment UpdateKHNOG 2 Online Webinar: IPv6 Deployment Update
KHNOG 2 Online Webinar: IPv6 Deployment Update
 
Layer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsLayer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport Systems
 
Why SD-WAN as it Moves to Mainstream Adoption?
Why SD-WAN as it Moves to Mainstream Adoption?Why SD-WAN as it Moves to Mainstream Adoption?
Why SD-WAN as it Moves to Mainstream Adoption?
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
 
Internet6: A Digital Game Changer
Internet6: A Digital Game ChangerInternet6: A Digital Game Changer
Internet6: A Digital Game Changer
 

Más de Internet Society

Más de Internet Society (20)

IXP growth challenges in West Africa: The Ghana Experience
IXP growth challenges in West Africa: The Ghana ExperienceIXP growth challenges in West Africa: The Ghana Experience
IXP growth challenges in West Africa: The Ghana Experience
 
IXP growth challenges in Central Africa
IXP growth challenges in Central AfricaIXP growth challenges in Central Africa
IXP growth challenges in Central Africa
 
Benin IX: 3 Years After!
Benin IX: 3 Years After!Benin IX: 3 Years After!
Benin IX: 3 Years After!
 
IXP growth challenges in Côte D’Ivoire
IXP growth challenges in Côte D’IvoireIXP growth challenges in Côte D’Ivoire
IXP growth challenges in Côte D’Ivoire
 
IXP Masterclass
IXP MasterclassIXP Masterclass
IXP Masterclass
 
PeeringDB Updates
PeeringDB UpdatesPeeringDB Updates
PeeringDB Updates
 
Keynote Presentation : “80/20 by 2020”
Keynote Presentation : “80/20 by 2020”Keynote Presentation : “80/20 by 2020”
Keynote Presentation : “80/20 by 2020”
 
International Bandwidth and Pricing Trends in Sub-Sahara Africa
International Bandwidth and Pricing Trends in Sub-Sahara Africa International Bandwidth and Pricing Trends in Sub-Sahara Africa
International Bandwidth and Pricing Trends in Sub-Sahara Africa
 
Peering Personals #1
Peering Personals #1Peering Personals #1
Peering Personals #1
 
“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa
“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa
“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa
 
Looking for Latency Clusters in Africa's internet
Looking for Latency Clusters in Africa's internetLooking for Latency Clusters in Africa's internet
Looking for Latency Clusters in Africa's internet
 
Fantsuam: Ideas for the sustainability of Community Networks
Fantsuam: Ideas for the sustainability of Community NetworksFantsuam: Ideas for the sustainability of Community Networks
Fantsuam: Ideas for the sustainability of Community Networks
 
Mawingu: Ideas for the sustainability of Community Networks
Mawingu: Ideas for the sustainability of Community NetworksMawingu: Ideas for the sustainability of Community Networks
Mawingu: Ideas for the sustainability of Community Networks
 
Zenzeleni Networks Update Report
Zenzeleni Networks Update ReportZenzeleni Networks Update Report
Zenzeleni Networks Update Report
 
Canadian Victory Garden: Overview of an Off Grid Solution
Canadian Victory Garden: Overview of an Off Grid SolutionCanadian Victory Garden: Overview of an Off Grid Solution
Canadian Victory Garden: Overview of an Off Grid Solution
 
TVWS use case in Kenya
TVWS use case in KenyaTVWS use case in Kenya
TVWS use case in Kenya
 
TVWS use case in Malawi
TVWS use case in MalawiTVWS use case in Malawi
TVWS use case in Malawi
 
C3: Ideas for the sustainability of Community Networks
C3: Ideas for the sustainability of Community NetworksC3: Ideas for the sustainability of Community Networks
C3: Ideas for the sustainability of Community Networks
 
BOSCO Uganda: Alternative Power Sources for Community Networks
BOSCO Uganda: Alternative Power Sources for Community NetworksBOSCO Uganda: Alternative Power Sources for Community Networks
BOSCO Uganda: Alternative Power Sources for Community Networks
 
TunapandaNET Progress Report
TunapandaNET Progress ReportTunapandaNET Progress Report
TunapandaNET Progress Report
 

Último

一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书
F
 
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
kumargunjan9515
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
AS
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
gragchanchal546
 
一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理
F
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
Leading-edge AI Image Generators of 2024
Leading-edge AI Image Generators of 2024Leading-edge AI Image Generators of 2024
Leading-edge AI Image Generators of 2024
SOFTTECHHUB
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 

Último (20)

20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...
Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...
Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...
 
Leading-edge AI Image Generators of 2024
Leading-edge AI Image Generators of 2024Leading-edge AI Image Generators of 2024
Leading-edge AI Image Generators of 2024
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 

IPv6 @ Cloudflare

  • 1. IPv6 @ Cloudflare (and v6 related items) AfPIF Abidjan – August/2017 Martin J. Levy @ Cloudflare
  • 3. Martin J. Levy @ Cloudflare // Personal Introduction MY HISTORY A dedicated IPv6 evangelist. Long time TCP/IP developer/programmer, network operator, peering expert, IETF member, NANOG member, and IP networking development/strategy expert. MY TERSE RESUME Bell Labs (New Jersey) – Unix for Unix’s sake, TCP/IP (1982/1983) Random startups and ISPs (Bay Area) Concentric/XO (Bay Area) – IP backbone and hosting Telecom Italia (Rome & Miami) – Global IP backbone Hurricane Electric (Bay Area) – Global IPv4/IPv6 backbone Cloudflare (Bay Area) – Global CDN, DDoS, DNS, Security
  • 5. At Cloudflare, IPv6 is always on! // The Punchline!
  • 6. // Introduction to Cloudflare Cloudflare provides performance, security, reliability, and insights to anything connected to the Internet.
  • 7. AS13335 / Cloudflare’s Global Anycast Network 115 Data centers globally 2x Speeds up each request by 10%Internet requests everyday 5M HTTP requests/second 1.2M DNS requests/second EVERYTHING IPv4/IPv6
  • 9. Performance // Cloudflare Introduction CDN Moving content physically closer to visitors with our CDN. Website Optimization Cloudflare lets you automatically enable the latest in web technologies. DNS Cloudflare is one of the fastest managed DNS providers in the world. SSL Modern SSL isn’t just for security—it can actually improve the performance of your website. Dedicated SSL Certificates With a few clicks within the Cloudflare dashboard, you can easily and quickly issue new certificates, securely generate private keys and more. Load Balancing Cloudflare Load Balancing provides load balancing, geo- steering, monitoring and failover for your Internet facing infrastructure enhancing service availability.
  • 10. Security // Cloudflare Introduction DDoS Protection Our enterprise-class DDoS protection network has 20 times more capacity than the largest DDoS attack ever recorded. WAF Our web application firewall benefits from the collective intelligence of our entire network. SSL HTTPS is a must-have for modern websites, and Cloudflare makes it easy to configure SSL. Secure Registrar Registering your domain through Cloudflare is the most secure way to protect your trademark from domain hijacking. Dedicated SSL Certificates With a few clicks within the CloudFlare dashboard, you can easily and quickly issue new certificates, securely generate private keys and more. Rate Limiting Rate Limiting gives you granular controls to detect bad traffic, customized rulesets to ensure that your legitimate visitors are not impacted, and insights to improve your security posture as attacks evolve.
  • 11. Reliability // Cloudflare Introduction DNS Cloudflare’s DNS service is powered by the same 102 data center network that powers our DDoS and CDN services. This not only improves DNS resolution times, but also makes DNS-related attacks and outages a thing of the past. China Network Cloudflare’s China service optimizes Internet connections in mainland China, dramatically improving the viewing experience for visitors in China. Predictable Bandwidth Costs We believe that you should never be surprised by your monthly bill. Our flat-rate pricing structure makes your CDN and DDoS bandwidth expenses predictable.
  • 12. Insight // Cloudflare Introduction Enterprise Logs For enterprise customers, we can provide consolidated logs from around the world. These are very rich, containing detailed information about every request and response. Threat Analytics When we identify requests that are threats, we log them and block them. That means we not only protect your site, but also provide insight into the malicious activity we’re seeing. Rate Limiting Rate Limiting gives you granular controls to detect bad traffic, customized rulesets to ensure that your legitimate visitors are not impacted, and insights to improve your security posture as attacks evolve.
  • 13. A few of our Technology customers
  • 14. // Now Down to the Technical Parts … Cloudflare has a solid history of giving back to the community, both in open-source software, IETF protocol development, network services, etc.
  • 15. The Technical Part // Technical Part 1. Backstory behind the IPv6 switch at Cloudflare 2. Some useful IPv6 data 3. A serious discussion about DNS in a v6 world 4. Why we removed the switch!
  • 16. IPv6 @ Cloudflare is so 2606:4700::5ca1:ab1e:6810:4737
  • 17. Cloudflare can be a “bridge” to IPv6
  • 18. Cloudflare can be a “bridge” to IPv6
  • 19. Cloudflare can be a “bridge” to IPv6
  • 20. Cloudflare can be a “bridge” to IPv6
  • 21. // Flipping the Switch! Five plus years of having the IPv6 switch in our system. The default was “off”.
  • 22. • Nearly five million zones on Cloudflare (at this point) • If the user had never touched the IPv6 switch; then flip it on! • Slow start; then running faster (around ~100,000 zones per day) Flipping the Switch on Every Domain/Zone for zone in all_zones: if zone.ipv6.value == False: if zone.ipv6.date == None: zone.ipv6.value = True zone.ipv6.date = Now() sleep()
  • 23. People (Some You May Know) Noticed!
  • 25.
  • 26. // Removing the Switch
  • 27. The Disable IPv6 Switch Goes Away! Before: After: … IPv6 is on by default (and unchangeable) for the vast majority** of accounts! ** high paying accounts still get the switch
  • 28. // Who and What is Driving IPv6?
  • 29. Top IPv6 Countries – Belgium Country Percent Bytes IPv6 Ireland 46.40% Belgium 46.08% Greece 24.20% Mauritius 20.80% India 19.16% Luxembourg 17.46% Estonia 16.22% Japan 14.71% Switzerland 13.90% Ecuador 12.38%
  • 30. Top IPv6 Countries – Ireland (kinda) Country Percent Bytes IPv6 Ireland 46.40% Belgium 46.08% Greece 24.20% Mauritius 20.80% India 19.16% Luxembourg 17.46% Estonia 16.22% Japan 14.71% Switzerland 13.90% Ecuador 12.38% 81% of Facebook (crawl) traffic from Cloudflare is IPv6-based
  • 31. Top IPv6 Countries – Japan Country Percent Bytes IPv6 Ireland 46.40% Belgium 46.08% Greece 24.20% Mauritius 20.80% India 19.16% Luxembourg 17.46% Estonia 16.22% Japan 14.71% Switzerland 13.90% Ecuador 12.38%
  • 32. Percentage of IPv6 vs. Bandwidth per Network
  • 33. Top 10 IPv6 (~55% of Cloudlfare IPv6 Traffic)
  • 34. 1 100.0% Orange Polska 2 100.0% China Next Generation Internet CERNET2 3 100.0% HiNet IPv6 (Taiwan) 4 96.8% Telenet (Belgium) 5 91.5% Time Warner Cable 6 88.9% Sprint 7 81.0% Facebook 8 74.0% EGIHosting 9 65.9% Areti Internet 10 63.9% Microsoft 11 61.8% Alentus 12 60.3% T-Mobile USA 13 58.8% Verizon Wireless 14 57.6% Chubu Telecommunications Company 15 48.5% Sky (UK) 16 47.8% Google Fiber 17 44.6% AIS Fibre (Thailand) 18 43.6% AT&T 19 43.3% Hughes Network Systems 20 43.2% wilhelm.tel GmbH Norderstedt
  • 38. DNS traffic and floods (IPv4 vs IPv6)
  • 40. More v6 addresses != more v6 uniques in DNS
  • 41. IPv6 Global Map (AAAA queries)
  • 42. IPv6 Global Map (% Traffic IPv6)
  • 43. // Deprecated IPv6 DNS – Remember A6?
  • 44. IPv6 Global Map (A6 Queries – Not a Typo)
  • 45. Who’s Sending A6? 1 AS3462 Data Communication Business Group 2 AS6181 CAR-PART.COM 3 AS24683 Orenburg State University 4 AS1221 Telstra Internet 5 AS2510 FUJITSU LIMITED 6 AS24945 Telecommunication Company Vinteleport Ltd. 7 AS7127 Southern California Edison 8 AS701 MCI Communications Services, Inc. d/b/a Verizon Business 9 AS12962 First Investment Bank AD 10 AS1659 Ministry of Education Computer Center
  • 46. // What’s next for IPv6? Fix DNS!
  • 47. A & AAAA Records - How Silly is this in 2017? ● Separate A & AAAA records ● In a happy-eyeball environment we still need two DNS queries (before any TCP connection can be instigated) Query for A record Query for AAAA record
  • 48. AAAA For Free (When Doing an A Query)! Cloudflare proposed solution: 1. A + AAAA in new meta-query 2. Resolver asks for A or AAAA 3. If positive answer, the resolver then checks AAAA + A meta-query 4. Resolver remembers whether authoritative server supports meta- query for future queries 5. Resolver adds both A and AAAA to cache
  • 49. Working code (an IETF must!) This is live - try it with any domain on Cloudflare. $ dig cloudflare.com @ns1.cloudflare.com -t TYPE65535 +short 198.41.215.162 198.41.214.162 2400:cb00:2048:1::c629:d6a2 2400:cb00:2048:1::c629:d7a2 $ $ dig taylorswift.com @ashley.ns.cloudflare.com -t TYPE65535 +short 104.16.193.61 104.16.194.61 104.16.191.61 104.16.192.61 104.16.195.61 2400:cb00:2048:1::6810:c33d 2400:cb00:2048:1::6810:c13d 2400:cb00:2048:1::6810:bf3d 2400:cb00:2048:1::6810:c23d 2400:cb00:2048:1::6810:c03d $
  • 50. https://tools.ietf.org/html/draft-vavrusa-dnsop-aaaa-for-free-00 IETF draft – pick one, any one (maybe ours?) https://tools.ietf.org/html/draft-vavrusa-dnsop-aaaa-for-free-00 https://tools.ietf.org/html/draft-yao-dnsop-accompanying-questions-02 https://tools.ietf.org/html/draft-bellis-dnsext-multi-qtypes-03