‹ Back
Deploy360 27 October 2016

RIPE 73 – Highlights from Day 3

Kevin Meynell
By Kevin MeynellSenior Manager, Technical and Operational Engagement

RIPE 73 DNS Working GroupThe RIPE 73 meeting is happening this week in Madrid, Spain, and we’re highlighting the presentations and activities related to the Deploy360 technologies throughout the week.

Wednesday was mostly devoted to Working Groups, and there were several interesting presentations to highlight during the IPv6 Working Group.

First up was Geoff Huston (APNIC) with the latest facts and figures from the APNIC Labs studies on IPv6 – this time it was the turn of IPv6 and the DNS. When levels of IPv6 adoption are discussed, it invariably refers to what percentage of users are able to access web services via IPv6, but the Internet is more than just the web and a critical component is the DNS. One important question therefore, is how much of the DNS resolution infrastructure is IPv6 capable.

Using the tried-and-tested Google ad technique running between July and August 2016, it was possible to collect around 400 million measurements spanning most of the Internet. This revealed that of 345,394 unique resolvers, around 22% appeared to be capable of using IPv6 to make DNS queries, with around 35% of users directing queries to these IPv6 resolvers. However, 11% of queries appear to be passed to resolvers that are dual stack capable, whereas if the choice of protocol were random this should be closer to 17%. This suggests there’s an inherent bias to use IPv4 when a server is reachable via both protocols.

The reliability of DNS responses via IPv6 was also examined, which revealed a 96% response rate. Whilst within acceptable parameters, it could be further improved with careful configuration of resolvers, in particular by using a local UDP Maximum Transmission Unit (MTU) of 1,500 octets to avoid IPv6 fragmentation and by ensuring there are no ICMPv6 filters.

So the conclusion is that the DNS infrastructure appears to be further ahead than the web in terms of IPv6 usage, and could be substantially higher if query mechanisms were configured to prefer IPv6.

Vaibhav Bajpai (Jacobs University, Bremen) then presented measurements of the effects of Happy Eyeballs. Happy Eyeballs is an algorithm published by the IETF (see RFC 6555) that attempts to determine whether it’s better to use IPv6 or IPv4 for a particular connection by trying them both in parallel, but allowing a response period (typically 300 ms) to order to favour IPv6.

Measurement data was collected between 2013 and 2016 on connections to the top 10,000 Alexa websites. This reveals that TCP connect times to IPv6 websites have considerably improved over this period, that 18% of connections to websites are actually faster over IPv6, with 91% of the slower connections still being within 1 ms of the IPv4 connect time. The Happy Eyeballs timeout period also means that IPv6-capable websites favour IPv6 around 99% of the time.

The timeout intervals were chosen IPv6 connectivity was much more unreliable, particularly when more transition mechanisms had to be used. With more native IPv6 available now, lowering the timeout to 150 ms does not seem to significantly alter these preferences and would improve responsiveness.

The caveats are that only connections to TCP port 80 on the Alexa Top 10,000 websites have been measured, and results may be biased by the vantage points in Europe, the United States and Japan. However, it does again highlight that IPv6 performance is generally comparable with IPv4 performance where IPv6 connectivity is available.

Alain Durand (ICANN) rounded off the session with an analysis of IPv6 as related to GDP per capita. This correlates IPv6 deployment data from APNIC Labs and the Akamai State-of-the-Internet report with GDP per capita data from the World Bank, to see whether more affluent economies are more likely to deploy IPv6 than developing economies.

As might be expected, the top 50 countries by GDP capita (i.e. >USD 23K) tend to have significantly higher levels of IPv6 deployment, although there are substantial variations within this group. For example, Belgium, the United States, Germany, Switzerland, Greece and Portugal stand out from the others with 30-50% rates of deployment compared to an average of around 14%, which suggests specific deployment initiatives rather than funding can reap rewards.

The remaining countries in the world typically show very low levels of IPv6 deployment although there are some very notable exceptions in Brazil, Ecuador, Haiti and Peru. Rather interestingly, Kiribati showed high IPv6 deployment despite being one of the poorer countries in the world, although of course is a small country in terms of population and with a limited number of network operators.

Another interesting comparison was those countries that could use IPv6, but made relatively little usage of it, whilst other countries with apparently little penetration made heavy use of it. It might therefore be concluded that IPv6 could be more widely used than it is, which is another lesson that it’s increasingly practical to favour IPv6 over IPv4.

One last thing to mention was the proposed clarification from Maximilian Wilhelm (Freifunk Hochstift) on IPv6 Provider Independent Sub-Assignment during the Address Policy Working Group. Current RIPE policy as defined by ripe-637 states that provider independent resources may not be sub-assigned to a third party. The proposal is to change this in ripe-655 to define a sub-assignment as a /64 or shorter in order to provide better guidance to the RIPE NCC and resolve current policy violations.

For those of you who cannot attend the RIPE meeting in person, just a reminder that remote participation is available with audio and video streaming and also a jabber chat room.

The full programme can be found at https://ripe73.ripe.net/programme/meeting-plan/

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...

Join the conversation with Internet Society members around the world