Deploy360 9 December 2016

NAT64check debuts at AFRINIC-25

By Kevin MeynellFormer Senior Manager, Technical and Operational Engagement

AFRINIC-25 was held on 25-30 November 2016 in Flic-en-Flac, Mauritius and involved 240 participants from 48 countries. AFRINIC meetings are held twice per year and provide an opportunity for the African Internet community to come together to discuss governance, operational and infrastructure development issues, as well as attend training sessions that included IPv6, CERT management and network forensics on this occasion. The event was sponsored by Oracle, Mauritius Telecom, ICANN, SEACOM, ZA Central Registry, Rogers Capital, Emtel, Harel Mallac Technologies, along with the Internet Society.

Whilst much of the event was focused on policy and governance issues that are summarised on the AFRINIC-25 website, the Monday was set aside for technical presentations.

Our Deploy360 colleague Jan Žorž debuted a new presentation on NAT64/DNS64 experiments undertaken by Go6lab and IPv6-lab. As many mobile operators were moving to IPv6 only which is incompatible with IPv4 on the wire, it’s necessary to employ transition mechanisms such as 464XLAT or NAT64. The Go6lab NAT64/DNS64 testbed was therefore established so that operators, service providers, and hardware and software vendors can see how their solutions work in these environments. This has already generated significant interest, and instructions on how to participate are available on the Go6lab website.

When using NAT64 there are many things that need to be checked to ensure they work correctly. NAT64check has therefore been developed to allow websites to be checked for consistency over IPv4, IPv6-only and NAT64, as well to compare responsiveness using the different protocols. This allows network and system administrators to easily identify anything is ‘broken’ and to pinpoint where the problems are occurring, thus allowing any non-IPv6 compatible elements on the website to be fixed. For example, even if a web server is not running IPv6 (why not?), hardcoded IPv4 addresses can cause NAT64 to fail.

There was also an interesting network measurement related presentation from Amreesh Phokeer (AfriNIC) and Agustín Formoso (LACNIC). The aim was to gain a good overview of the state of network connectivity in Africa and how it compared between the different sub-regions of the continent. 850 Speedchecker probes in different vantage points were used to collect data on 308 unique Autonomous Systems, that revealed there were four distinct clusters of connectivity within Africa. East and Southern Africa appeared well connected, with Northern Africa forming another reasonably well connected cluster. The situation was more variable in Western Africa, with poor connectivity in the centre of the continent. Within countries themselves, latency varied quite widely – for example in Zimbabwe, Gabon and Mauritius latency was in the 15-20ms range, whereas in Cameroon, Sierra Leone and DR Congo it was significantly worse at between 287 and 363ms.

On a related note, Gareth Tyson (Queen Mary University of London) discussed plans for an African Internet Measurement Observatory. The Internet in Africa is evolving fast and it is difficult to get a good picture of the status quo, as well as predict growth for planning and business case purposes. For example, where are the best locations to place web servers, cloud servers and other services, where should ISPs peer and with whom, and what sort of access do users have? The AIMO project was therefore looking to build a configurable measurement platform based on the BISmarck platform which would allow participants to share and analyse data based on user-definable metrics. A prototype was currently being built, and they were currently applying for funding to deploy this more widely.

In case you still haven’t heard it yet, ICANN will be rolling the Root Zone DNSSEC Key Signing Key in 2017. This time the honours fell to Subramanian Moonesamy to present the plans that we previously discussed in our reports from RIPE 73 and ENOG 12.

Finally on the IPv6 front, Alain Durand (ICANN) reprised his analysis of IPv6 as related to GDP per capita which we also covered in a previous blog. This correlates IPv6 deployment data from APNIC Labs and the Akamai State-of-the-Internet report with GDP per capita data from the World Bank, to see whether more affluent economies are more likely to deploy IPv6 than developing economies.

Recordings of the presentations are also available on the AFRINIC-25 website.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...