Deploy360 11 May 2017

RIPE 74 – Highlights from Day 2, Part 2

By Kevin MeynellFormer Senior Manager, Technical and Operational Engagement

The RIPE 74 meeting is happening this week in Budapest, Hungary, and we’re highlighting the presentations and activities related to the Deploy360 technologies throughout the week.

As we mentioned in the first part of this blog, Tuesday was a busy day for us and too much to cover in one post, so here’s the second part covering the points of interest.

First of all, take a look at the ‘IPv4 Transfers 5 years after runout‘ presentation from Elvis Daniel Velea (V4Escrow). This showed there are only around 37.4 million IPv4 addresses still available across all RIR regions, with AfriNIC having the most at 18 million, and ARIN the least at zero. At current projections, all IPv4 addresses will be exhausted by early 2021, and there has also been a significant rise in IPv4 transfers since 2014.

The interesting factor though, is these transfers are primarily into large developed economies, which suggests that smaller economies may have difficult in growing their Internet capacity in future. There are currently only a few large blocks (/16 or larger) available on the market, so most transactions are for /17s or smaller with prices being observed around USD 12-14 per IP address. Even smaller blocks are now trading around USD 15-20 per IP address, but the bottom line is that supply remains extremely limited and prices are expected to approach USD 20 by the end of 2017, with IPv4 addresses expected to become completely unavailable by 2025.

So we haven’t said it enough times, network operators need to be deploying IPv6 now or face the prospect of not being able to expand their businesses – either technically or economically – in the near future.

More practically, there was a good presentation about RKPI deployment from Yossi Gilad (Hebrew University of Jerusalem). He highlighted some of the challenges of deploying RPKI such as loose Route Origin Authorisations (ROAs) whereby the specified maximum prefix length exceeds the prefix length. This affects more than 30% of all IP prefixes in ROAs, and allows attacks to hijack all traffic to non-advertised sub-prefixes in the ROA. Other mistakes include misconfigured ROAs that invalidate genuine prefixes, and potentially cause disconnection from legitimate routes.

ROAlert is a tool that allows you to check whether a network is properly protected by ROAs, and if not, what the problems are. It also offers a proactive notification system by retrieving ROAs from the RPKI and comparing them against BGP advertisements, thus alerting network operators to wrongly configured ROAs. The results so far have been encouraging, with 168 operators having been notified of ROA errors of which 42% were fixed within a month. Network operators are encouraged to use this facility, and the hope is that it will be adopted by the RIR communities.

Keeping with the same theme, Andreas Reuter (Freie Universität Berlin) reported on the levels of RPKI adoption. Their analysis attempted to determine which ASes had adopted RPKI filtering policies, although it is not always easy to determine whether a route was being filtered based on RPKI, or whether this was due to private routing policy decisions. It was determined though, that a handful ASes are making routing decisions based on RPKI, and the next steps are to develop a live monitoring system to improve the quality of the data collection in order to get a more accurate view of RPKI adoption.

Finally, although it’s not a Deploy360 topic, there was a fascinating presentation on the Quantum Internet from Stephanie Wehner (Delft University of Technology). The aim of a quantum network is to communicate qubits (the quantum equivalent of the bit) almost instantaneously between two points on earth, which can address the delays associated with the speed of light. This has been demonstrated at 100 km distances, and there have been successful experiments at 300 km ranges, but the real challenge is over longer distances which is currently problematic to achieve in a reliable manner.

If you’re interested in learning more, QuTech will be holding an open day in Delft, The Netherlands on 22 June 2017. Would be a great opportunity to find out more about this technology that promises to radically change how we think about computing and networking.

For those of you who cannot attend the RIPE meeting in person, just a reminder that remote participation is available with audio and video streaming and also a jabber chat room.

The full programme can be found at https://ripe74.ripe.net/programme/meeting-plan/

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...