Deploy360 9 May 2017

RIPE 74 – Highlights from Day 1

By Kevin MeynellFormer Senior Manager, Technical and Operational Engagement

The RIPE 74 meeting is happening this week in Budapest, Hungary. There’s well over 600 participants at this meeting who’ve assembled at the Intercontinental Hotel on the banks of the River Danube, and Kevin Meynell and Jan Žorž are here to highlight all the relevant presentations and activities.

The main event for us was the BCOP Task Force on Monday evening, chaired by Jan. There’s currently an initiative to setup a global BCOP website to collate all the different Best Current Operational Practice documents in one neutral repository, with administrative support being provided by Deploy360 and the Go6lab. We hope to get this up-and-running over the next month.

The Mutually Agreed Norms for Routing Security (MANRS) Implementation Guide was recently published, but there was some interest in publishing an abridged version as a RIPE document. The aim is to demonstrate RIPE community support for the best current operational practices described in the guide.

Jordi Palet (Consulintel) then presented the recently published draft on IPv6 prefix assignment for end-users that has been out for review for the past 6 weeks. This aims to provide guidance to ISPs as to what size IPv6 prefixes should be assigned to customers, when to choose static or dynamic assignment, and whether a /48 or /56 should be assigned to a particular customer. Some feedback had been received and will be incorporated into the final revision that will be published in the next couple of weeks.

Ondřej Surý (CZ.NIC) proposed a new BCOP on DNS Operational Considerations for Standards Compliance. The DNS Violations Project had identified a number of common violations of DNS protocols such as case-sensitive DNS servers, QNAME minimisation, ENDS breakages, and DNSSEC-related problems. They therefore felt there needed to be better guidance for DNS implementations, and this should involve DNS and CDN operators as well as the RIPE DNS Working Group.

Last up was a proposal from Sascha Pollok for a BCOP on IPv6 assignment for hosting operations, who called for co-authors to assist with this. Running IPv6 on virtual and physical servers had some interesting challenges, and a particular question to resolve was whether one /48 per customer location should apply, or whether one /128 per server was recommended.

Just in case you’re the only person that still isn’t aware of the Root Zone DNSSEC Key Signing Key rollover in October, please check out the presentation from Ed Lewis (ICANN). We’ve discussed this several times before, but this presentation provides some useful information on what DNS operators need to think about, what they need to do, and some possible problems they may encounter.

Finally, not in any way Deploy360 related, but you should be aware of the Anti-Shutdown Policy proposal that Andrew Alston (Liquid Telecom) presented at the end of the plenary session. This is a pretty controversial proposal that generated a lot of heated discussion during the meeting.

In essence, the proposal calls for implementation of measures to suspend or revoke Internet resources from countries whose governments shutdown or attempt to shutdown the Internet within their jurisdictions. The rationale is that shutdowns cost African economies an estimated USD 2.4 billion between June 2015 and June 2016, hurt investment, and allowed actions to be undertaken without international scrutiny against local populations. It’s certainly a radical proposal that’s attracted a lot attention, and the debate will no doubt continue.

For those of you who cannot attend the RIPE meeting in person, just a reminder that remote participation is available with audio and video streaming and also a jabber chat room.

The full programme can be found at https://ripe74.ripe.net/programme/meeting-plan/

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...