These are unedited transcripts and may contain errors.
Notice: Use of undefined constant steno - assumed 'steno' in /var/www/html/ripe-60/steno-transcripts.php on line 24
The plenary session commenced on Tuesday, 4th of May, 2010, at 11:
CHAIR: Hello everyone. Welcome back to the next plenary session of this RIPE meeting in Prague. Patrik Falstrom at Cisco, I am going to try to chair this session which I think will be very simple just because we have very experienced speakers. The first speaker Per Blixt from the European Commission, he is head of unit responsible for or working with, maybe not responsible for, it's ?? but he is working with specific leap IPv6 related issues. He will, together with Martin bought man, present the current status of what is going on regarding IPv6 and the European Commission. Specifically, per is the first time he has coming to the RIPE meeting, so we should try to...
(Applause)
First of all, thank you very much for coming and I hope everyone here will help him feel like home because that is what the rest of us do. Thank you.
Per Blixt: Many thanks, Patrik, and good morning, everybody. I saw on your website that there is a special table for newcomers so I am looking forward to that one. I hope I will be able to come back soon and then maybe join another table, also. Let's see.
My name is Per Blixt as Patrik mentioned, I am responsible for let us say, the policy making in the commission, vis?a?vis the political arena, I am in the council and parliament, etc.. and I would like to give you an update on where we are, what we are doing currently, what we have in mind. I would also mention a bit how ?? what we ?? if we practice what we preach, personally that has been maybe the most difficult part of this job, actually, to convince our own IT people to install IPv6, we are not there yet, but I will give you small hint on the problems we have there. I think it's a good lesson for us to learn, actually.
So, first of all, thanks for very good collaboration between ?? on these matters. I mean you are basically the leading community on IPv6. We are there a bit to bridge over to the political scene, and I very much appreciate also that you have launched special group for member States, I think that helps a lot. I think the awareness beyond your community is in this stage of development, extremely important, actually.
This is a well?known table for you. I will not enter into that. I guess it's building on the measurement of Geoff Houston and it's more to remind us that the time is running out, that is slide or information which is obviously very important that we get to the decision?makers. The IANA pool of addresses is coming to an end and there is also in the coming years but you know this better than I do. But I think it means that action have to take place, even faster.
This article in the economist was published quite some time ago but I think in a very nicely way illustrates the situation. The senses will appear everywhere, in cars, animals, human beings and all kinds of deliveries. Internet is here to stay which means it's even more important to get our act together as soon as possible. So why is the ?? why is it so important for us to be involved? We believe, clearly, that the lack of addresses and the lack of transmission over to IPv6 hampers the growth of Internet, which is a concern, also, for us. We think there is a risk of distortion of the market. I talked to Geoff, it's not really a failure of the market but it's distortion I think we could say and we have potential risk there if major players don't get the addresses. Negative effect on innovation for sure if we don't get this right. I think these three arguments leads us in the direction to do things and to make awareness. We are not planning to make any instructions to Member States or ?? at this stage, or make any strong interventions, but awareness and all kinds of good examples is needed. We have done quite a number of things, I will not go into all these details in this slide but just to mention that we have supported research quite heavily during the last ten years, now we have standards in place, everything is possible to use, already, so we are more looking to the policy actions. We see that the US is very much supporting public procurement, that is something we are promoting strongly and we hope and we see that things are getting better also in Europe.
What we did two years ago was to launch the communication on IPv6, we call it advancing the Internet action plan for the deployment of IPv6. You can have different views on if this ?? what the purpose of this document was. I mean, the important thing in, my view, is that we put IPv6 on the table for decision?makers, so let's say all telecom ministers, all people who are involved in the different committees in the European parliament, at least they have heard about the problem and the possibilities to avoid it. And therefore, I think it gives also us a platform to come back to this decision?makers and together with you and others, to make this train going a bit faster in the future. So just to remind you on the targets: I actually looked at your website and your resolution from 2007, I think it was, is very much going in the same direction as we are suggesting. We put a very strong target. We said that at least 25 percent of users should be able to connect 2010. Let's see. We have measurement ongoing, he will update you on that in some minutes. I don't think we will reach this target but we will certainly propagate it again in relation to decision?makers to challenge them. To cooperate with the service provider, ISPs, etc., we have had a number of workshops, the last one last week which I will come back to. Whenever possible, our research projects should use IPv6. We are trained to get our own websites, IPv6 accessible. We are not there yet. (Trying) public procurement, as I mentioned, I think that is a very strong and important tool that should be more frequently used, I think Member States are coming in that direction. Awareness campaign. I think that is what you are doing and I have seen from the different registries that you are very, I mean, active on giving awareness to this question, and that is certainly very much of use, and I think that is what we have to continue with.
We launched three studies as a result of this communication; one on education training, curriculum, I have heard a number of very positive numbers in the registers around the globe; security is another one; and the measurement. So, on the security, which has just started so we are looking forward to the result in the coming year. There, we have obviously sort of, it's the first starting point, made ?? I mean, I think security is relatively neutral for ?? when it comes to IPv6 and IPv4, but I think IPv6 might give additional possibilities. We have, here, mentioned a number of advantages, planning, availability certainly better with IPv6, simplified extensible address plan, that is clear, we don't have to go through NAT, of course, the direct availability of secure mobility, simplified deployment of IPv6 is also advantages. The maturity, the scalability, immigration is not so sure. I mean, that still have not yet been really tested and, there, we would like to study also to look into what might be the year ?? the problems in relation to this, training as well, important to keep in mind.
Curricula, training, so on this, we have already supported a number of projects in the research domain, and we want to continue that, we would like to have a more common set of ideas, who are the most important actors, how to could we process trainings, how can we get the main stakeholders move involved. We would like to have, let's say, more show cases on how these could be set up. Also in universities but also for individual companies. So hopefully, we get the cases at the end of the year which we can use in the different awareness actions.
On monitoring, I will not go into details, Martin will just after me, mention where we are. But they are certainly ?? certainly we have launched a study where we are ?? with your help, actually ?? getting very good results in the measuring ?? measurement, and I think your contribution there has been very important and I hope we can continue to work on the measurement together. I think this will be key, also, in relation to the policy makers and to show how IPv6 is taking up and how the transmission will take place.
So the that will be very important.
Back a bit to the workshop where some of you were actually, in Brussels, just last week. We have thought about how we could progress from here on, and also learning from our own difficulties in?house to convince our IT people to make way to IPv6, we felt that actually we need concrete cases, maybe between Member States, with the involvement of the key stakeholders. If we can get them together, the champions, let's say, show that it works, then we can get some show cases, we can couple that training, exchange of best practice and find out ?? I mean, we are still waiting for the big killer application, obviously, applications services will be key to get this going and in this context, in such a sort of piloting activity, we hope we can get even more, let's say, awareness and visibility, so we are looking to the possibility to get some budget for such activity. Let's see where we get. I think the meeting last week was relatively positive, some people seemed to be interested to go in that direction. So over to our trial.
I talked to our web master, who informed me that this was a very difficult exercise. Finally, we have a connection, a separate connection, to our building, but only to our director general; the responsible director general, DG digit doesn't have one and doesn't seem to be very interested in the near future to develop something in that direction. We are in continuously discussions and trying to convince them but they basically say that we have different priorities, so it's much more difficult task to get things in order internally, I must say, than getting others to move.
But at least we have the connection and I think that in itself will create visibility, so maybe we can challenge the other director generals who doesn't have any connection, and make something sort of benchmarking out of that internally, hopefully that will work. But I talked to my web master, he mentioned that the connection was difficult enough but the other problem was there was no commercial offer from the ISP, that was one problem; it is now solved, so at least we have achieved something. The firewall was very difficult to set up, obviously, so that is ?? was also a lesson that we should learn, and so there are a number of hurdles, obviously, before we are fully fledged in this context. This is our website and you could try to connect to that, as you saw in the last slide. I hope it works, let's see. I guess people will notify me otherwise.
So in conclusion: It's not happening fast enough. We believe it can affect innovation negatively, which is bad enough. Awareness and collaboration is needed in the future. Thank you very much.
(Applause)
Now over to Maarten Botterman, the floor is yours.
Maarten: Thank you for that. At one time I worked with European Commission as well and it's just good hear the openness that this expressed in per's speech, as well as the realisation that, hey, it's an organisation that needs to start moving slowly as well next to the policy issues that arise.
We are very happy to support the commission in developing some of the measurements in the studies and we are very happy to find here in RIPE a very welcome home to do that. And what we do is, a survey because one of the most things of understanding how things are moving is what people think is important and what people plan to do next. Another bun is really looking at the bottlenecks within that so what is keeping people from wanting to move ahead or what is actually driving them, and next to that, when we started also there was a very clear need for real measurement, so what is really happening in terms of traffic to websites, etc.? And in that, there is a couple of feedback that I would like to give you now.
This is about the measurements. What has been developed by T NL, my partner in this, is is a measurement too that can be placed on websites, that actually measures which traffic is IPv4, IPv6 or both supporting, and at this moment that, too, has been developed to a pretty stable state. About 20 websites have been in place now that use this tool that, have installed it on their home page and about 5 million measurements have taken place, and what you see there is that the light lines is the first measurements and the green lines is the later ones, and growth has been seen on that 0 .6 percent. Now, crucially important in this for the quality of the data is how many websites participate, and therefore, we are striving towards really upping that amount and we are talking at RIPE NCC on how to best do this and we expect to see some resolution there where we can really complement each other in the measurements.
So, you can see, if you already want to participate, just go to this presentation on?line and click on the link, I will not want to type it in now, we made it long enough to keep you from doing that. And install the script. (Link)
Now in, terms of bottlenecks, it became apparent that the main one is perception and how you deal with that, but that is not the only one, so what we did is to create a whole chain of where IPv6 starts to where it ends and all these different elements where things can go wrong. And in each of these domains we saw a couple of issues arising that can be seen as bottlenecks right now A discussion on that has started on?line and in workshops and, please, do feel free to participate in that. We hope to come with some clear views on issues to be addressed in that ?? in that matter shortly.
Now, the survey. Many of you were in Lisbon as well, many of you have participated in the survey in June last year. What you can see is that, really, large part of the community still felt IPv6 is insignificant in itself in terms of business means . Now, RIPE is on one hand, the APNIC is on the other hand. If you look to the statistic it may look like APNIC is slightly better than RIPE in its adoption of IPv6 but please note that the RIPE research was in June last year and APNIC in September, and I think that you will see that at least seeing IP version 6 as a necessity has gone up dramatically over the last year and, many more activities have taken place.
Now, showing these numbers has two reasons: One is it gives some kind of impression of where things are, but more importantly, by doing the survey again this year, we will be able to see how things move, how fast things move in that way. And last year, the last question in the survey and those of you who have done it will remember that; what you think this survey makes sense to do it again next year and more than 90 percent in both communities said "yes, please" so that is one reason of doing it as well. It is scheduled for June, and although comparability is very important, we still feel there might be slight improvements possible to the questionnaire and delaying the survey and we would invite you to look at that. Slight update has taken place in particular looking at the difference between being technically convinced and making your management aware of the need to also invest in doing something about it. Other than that, again, the intent is to keep it as much as possible the same but I do appreciate your feedback on the updated and if you can get it better we will do it better.
So, that is actually all I wanted to say. Direct questions on the measurements can be asked to the person in TNL leading that and any questions on the survey very welcome with me. One of the questions again this year will be, what do you think it still make sense to do it again next year. Next year the survey is such, if people say "yes, please" we will try to make that happen as well. So, thank you for your attention.
(Applause)
CHAIR: Thank you very much. Anyone have any questions to Per or Maarten? Daniel.
DANIEL: Internet citizen. This is more to the remarks. One is to Per and I notice that you were a little bit apprehensive about your practical experiences and your practical actions there. But I'd like to encourage to you actually continue that and continue pressuring the rest of the commission to actually make that move, because that makes it so much more credible, that makes your actions on the political level so much more credible and also, and maybe this is a question; did this experience actually give you some insights into that the experience that it's difficult to move a big organisation towards this goal, did that give you some insights for maybe change the way you attack it on a policy level? Or was that just ??
Per: It gives of course a better understanding of what is happening out there. We bureaucrats need that. That is basically why we are dealing with it. Thank you for the comment. I think what you are saying might make sense. If we are talking about practice or ?? we will certainly try to do our best to ?? the interesting thing was when I ?? when we presented to the commissioner and we mentioned that there was a connection to our building, she said why don't you install it everywhere? Thank you very much, could you just sign something here. Because I mean, the IT people is obviously bogged down with a number of other priorities. But I mean, yes, we are learning, so we will certainly use that in the coming discussions with Member States.
DANIEL: You shouldn't feel bad about it. I think it gives you lots of more credibility with this crowd. And the second remark was more to Maarten, actually, because of the scheduling this was the first presentation about IPv6 measurements; there will be one in the IPv6 Working Group about some measurements the NCC which is doing which are on the one hand similar to what Maarten is doing but also measure the infrastructure aspect of this, so before you decide on which one you want to participate you might want to wait and listen to the presentation in IPv6 Working Group.
CHAIR: Please.
AUDIENCE SPEAKER: My question to Maarten: I think it's unfair a little bit to compare v6 traffic with v4 traffic with these charts because I think it should be more monitoring the readiness for IP availability before you start monitoring or comparing traffic.
Maarten: Yes. I think you are right. And the measurement is certainly not the only focus of the research we do; I think the survey as such is much more important than that, because that people express their readiness there, and that is, frankly, the only good method I know to measure readiness. By addressing the community at RIPE, at APNIC, the intent is now to do that across the world. I think that is the best way we can go.
CHAIR: Geoff.
Geoff: My question is to you Per, this seems to be a certainly dialogue implicitly between the folk who take measurements and the regulatory folk; sometimes by just giving you a date in v4, this is the end of the world, I think I have done you a service, I have certainly I think towards that regulatory world said you can't negotiate the date, it's just going to happen this way so. My question about v6 is almost the opposite: What sort of measurements do you think would help and guide your processes in your world? I notice, for example, in Maarten's work that he displayed it by country. We can do that. Or is it by browser? Or by industry? Do you want to know to what extent the industry is a aglomorating into large players? What metrics of this industry makes sense and would be helpful to guide us in a sort of a larger sense of regulators, policy makers, as well as practitioners? Because in a world of measurement possibilities they are just computers. We can measure almost anything one way or another. So I am interested in your perspective in what makes sense to you and what would help you.
Per: I am sure that most of the measurement that you are mentioning are very useful but also as you say, maybe a bit confusing in the end. My view is very clear on this question: Naming and shaming is absolutely the most important possibility, with some years of experience in the European Commission, I mean, in the past I was assisting the minister and when you appear in the meeting and you are below average or even bottom three of the European Member States, then you get minister coming home instructing his people to change that until the next meeting, so to put it by countries helps a lot.
Geoff Houston: Thank you.
CHAIR: Any other questions? If not, I think we should thank Per and Maarten very much.
(Applause)
And the next speaker Leslie Daigle from ISOC, present even more IPv6 related issues.
LESLIE DAIGLE: Good morning. Yes, so I am here today to talk a little bit about an event that the Internet society hosted a couple of weeks ago, we called it the IPv6 do employment day. First, a couple of words about why we held this public open meeting in Seattle on IPv6, and largely that was to tap into some of the momentum that we are seeing and, again, it isn't just about numbers; it is about some of the actions and activities that we see in the world. In broad?brush strokes if you look at who is impacted by IPv4 and IPv6 and the whole translation between them, there are a number of players that are impacted and affected and generally speaking, you can see that there are signs of motion amongst them, whether it's from governments or Service Providers or users and uses of the Internet or even new markets. So these are the key areas where generally speaking, we are looking for actions, motions, momentum.
And to give some kind of a sense of the types of actions that we have been seeing, looking at Service Providers, this is just a sampling of some of the headlines that you have all seen from the last few years. Individually, they are interesting; maybe don't amount to much, but directively when you start being able to jot them down on a list you can see it is now about when IPv6 not if IPv6. So, starting with just randomly starting with 2007 when free turned on its IPv6 access available to all of its customers, through Hurricane Electrics, and now 2010 we are already seeing a lot of the behind the scenes work that has been going on with providers for some years actually being opened up to the public. In the US, Comcast has announced production trials, horizon has also announced some of their own IPv6 network trials and outside of the US Deon NTT announced worldwide roll out of IPv6 dual stack VPN service. So, apart from which slots of things are planned and expected but even in terms of the things that have been announced we are seeing a fair bit of motion.
And happily, also seeing visibility from the content providers. I think we are all in this room quite aware of Google having kicked off the visible content provider front in 2008 when they first announced accessibility over IPv6, last year Netflix and Limelight in the US both announced providing services over IPv6 and in 2010, beginning of this year, Google turned on IPv6 access to YouTube. All of this action provoked more promises from other players in the industry, ebay and Facebook have said publically that they are planning to have IPv6 accessibility by 2011.
So, looking at that and from some of the discussions and other less open meetings that we have been hosting and discussions around the globe, it's pretty clear that there really are in this case expanding layers of IPv6 adoption from the first movers who are truly the add ventures ones who are figuring out the hard ?? answering all the hard answers not only in terms of the technology but also in terms of kinds of things that Per was just mentioning, how do you get it through your own organisation, and essentially figuring out not only the answers to the questions but what are the questions themselves.
The next layer are will will be the early adopters and they need some kind of a bread crumb trail. They are not necessarily the ones that are going to figure out all these things for themselves; they want some clue about where to begin. You may be sitting here evaluating where you sit in the range, the different layers of adoption, and eventually the rest of the world will come along and hopefully, one day, be unable to spell IPv4. So, just in terms of sort of this broad brush stroke what do you see happening in the industry, where are we at with IPv6 deployment? With apologies to Winston Churchill, with any luck perhaps we are now at the point of the end of the beginning of the process. So this is where we are standing and why the Internet society elected to host this open meeting, invited a number of providers and content providers to come and be on panels and explain to the folks attending the day what it was they had gone through and what experience they had. Of course, being an open event, we had to have event logo, if we had been a little bet more prescient one of those probably would have been a volume cane know, seeing as we held it in the week that was impacted by that. I will put the URL for the meeting on this slide because all of the presentations from the ?? from the day are available on the web page there. So, if you want to go and see for yourself what exactly the different presenters were saying about their deployments, feel free to go have a look.
So, what it was: Finally, so again, as I said open event. We actually had about 50 engineers from operators, vendors and other interested parties. It was the point of the exercise was to have discussions to further the deployment of IPv6 and the Internet by developing some kind of themed topical information on the important issues. People in the room varied from being IPv6 old hands to people who were there simply because they wanted to figure out what they needed to know and pretty much everything in between. We did heavily feature service and content providers who had actual experiences to mention, we focused a lot on what do you know of your organisation's business reasons for deploying IPv6 today? Any lessons learned? And then any questions about issues facing the Internet community as a whole. The point of the exercise was to make it a working meeting, and it was quite clear by the end of the day that it was never meant to a single one off type activity bringing closure to these questions, and it's certainly a work in progress.
To give you some kind of flavour of the kinds of things that were offered in this event, (offered in) Comcast, which is a cable ISP in the US, commented that IPv6 touches nearly everything in their network in, their ?? from the delivery network to the back office systems, everything. And so, their business driver, their primary business driver was business continuity that ?? this is where, again, the threats, whether it's the hard date or even just the acknowledgment that there is a date in the not?too?distant future where their ability to build and deploy their network over IPv4 will be impacted. This becomes serious business and has focused their attention. So it caught their attention long enough ago, they actually have been at this for five years. One of the comments they made is that while they are in after five year just now starting their customer trials, it is a case that they think that any other cable ISP starting today probably doesn't have quite five years of work to do. Again it comes back to that question of there are lessons that have been learned and solutions that have been built by the folks that have been doing the adventuring in this space. One of the things that they recognise in doing their customer trials is they actually really need more content available over IPv6, otherwise there is not really a lot of point in doing these customer trials, because they are not getting realistic sense of what actually is happening when you try to use IPv6 for your Internet connectivity.
And that really is an illustration of how this is all a very interconnected puzzle. Limelight network which is content delivery network, they have the ability to delivery IPv6 traffic to I balls as of today, they have IPv6 in their core. Along with transit and peering. And they have had to develop essentially a parallel DNS architecture, they are issues, things that they are working on are focused on it would be nice if all the standard kit of CDN supporting products had IPv6 functionality baked in. It isn't always, still. They are struggling with the dual existence, the parallel DNS architecture, and they are looking for better geolocation services in IPv6. Of course, it's a a separate issue what happens with dual location services in IPv4 when that becomes heavily NATTed, but that is not this talk.
So, yes, what was that you said about a business case? So, one of the realities that we are hearing more and more and we certainly heard it at the deployment day, is that well, many C level ?? essentially executive technical folk in ISPs get that IPv6 is the way of the future, and they may even have some sense about how they might want to go about deploying it. It remains the case that it's hard to convince the money people in the organisation that they need to spend on it and they need to spend on it now, which is part of why we were focused on trying to elaborate some notion of what were the business motivators. And I mean, that remains an issue, and we have heard already what Comcast states is its business motivator but making a more crisp statement of why not and really deferring it to next year remains something of a challenge. The kinds of things we are focused on in the presentations we had at the deployment day were ongoing growth of the Internet, business continuity and I will give you a slide in a minute from Telefonica illustrating how they look at the problem. There was some discussion from the panel members about more specific motivations and I think we were successful in at least one part of our objectives in the day, in that this was an opportunity ?? I won't necessarily say a first, but certainly one of the first opportunities for these companies to stand up and talk about their actual deployments in public and commit.
So, in talking about what are the business motivators, and focusing on the growth of the Internet, so here is a graph up to the right. And this is deliberately a conceptual graph; there are no markings on the axeees because for the purposes of this discussion it really doesn't matter. The point is that we are accustomed to and continuing to want to see growth of the Internet. And here is the challenge: At some point, again it doesn't matter whether this is IPv4 addresses, size of the Internet measured by whatever metric, whether it's actual physical size of the Internet or monetary worth of the Internet, at some point if you focus on IPv4 it tapers off, because of the run I couldn't tell of IPv4 addresses and it takes us off that up into the right curve. And we know in some level that there continues to be growth opportunities with IPv6 because of the ex pans of address space, it's got that nice structure that we want to see. However, the ?? what we are grappling with is really how to express the need to transition from the IPv4 space to IPv6 in order to actually continue to see that growth, and that is the gap that everybody is more or less struggling with. I guess it helps to see that there are companies willing to step up and say that they have looked at the problem, they have considered their business realities and they are still ?? they are making the transition themselves.
This is a slide borrowed from Carlos of telephone I can't, it illustrates the kinds of things that we have done and quite honestly, while acknowledging that IPv6 is now ?? v6 deployment is knew highly possible fact, they still ? it still remains the case that their best argument from a business perspective is that IPv6 is a strategic cost and that was a phrase that did resonate with the other Service Providers in the room, still it's a matter of conveying the notion of business continuity that the v4 network is changing, there is no option to just stick with the present, if you want to have any kind of control over your future you really need to be considering where IPv6 fits in your business plans.
So, with that, the questions in the room from the people who were not in the first adventuring group of v6 deemployers, the questions really are so where do I start and what do I do next? First movers, way beyond this. Registries and regional operator groups have been training people and have lots and lots of resources. We had folks from RIPE ARIN in APNIC also in the room and on a panel, and so these are obviously resources for people (and). Still leaves the question, fine, once I get going, what do I need to know next? And that is where we need to do some level of documentation of operational practices. People are discovering operational issues and fixing them as they go but other issues are being uncovered and there is some need to document this and share it more broadly if we really want to get some kind of expanded momentum in v6 deployment. So, during the day, the deployment day, there were volunteers to help capture some of this operational experience and share it, but we did not actually get it to the point of very clear next steps of who would write what. So part of the reason why we didn't quite get to that level of clarity is because we also needed to focus on some of the hot issues, and there were some. One of the biggest ones really in terms of cross business boundary issues in v6 deployment was the question of DNS white listing, which, if you are not familiar with it, is the practice of developing a white list of v6 networks that are known to provide solid connectivity. The business motivation for that from the content providers is the desire to be able to deliver their content to their customers over v4 or v6, whichever is going to give them the best access. And simply having v6 access or, you know, providing AAAA records which is an ISP network is not actually enough of ?? as a self declaration is one thing but it's not enough of a guarantee of service for content providers who are for business reasons, very interested in ensuring that customers don't wind up having a degraded experience because their service provider has set up their IPv6 in some way or another this. Became something of a hot issue specifically because Comcast went through this process with Google and Google's white list and then they were white listed for a while and there was an issue in network that caused them to be dewhite listed from Google. And they prepared a paper which they have made publically available if you want to have a look and see what their issues are, but certainly Google and Comcast are not the only ones. That really are issues and again it's business issues, content providers are not willing to support deployment of their services over IPv6 unless and until they have some way of ensuring that they are going to be able to get over that particular hurdle. And that is going to be an ongoing issue so. Those issues are getting discussed, in meetings like this one, various other network operator groups, but one of the questions is, is there actually a need for forum for discussing and agreeing on this sort of IPv6 deployment issues in the near term? And that would be a global forum and potentially a different forum than the v6 Ops Working Group at the IETF or maybe it is the v6 at the IETF, it's left there on the table as a question.
One of our questions is whether there should be ongoing v6 deployment days. Our intention was for the first meeting to be a working meeting to help build that trail of bread crumbs for the first movers. And trying to capture some level of business rationales and operational practices. Again, people did volunteer to help but one of our questions is whether there is a need for an ongoing global operational activity on IPv6 deployment, or maybe just more IPv6 deployment days, I have already been half convinced this morning that we should do another one of these, the first one was held in Seattle in the US, maybe it would be useful and valuable to do something similar here in Europe. So, that is one of the questions on our mind and at this moment I would like not only questions but any feedback you might like to give on those questions. I will be here all week. Also Mat Ford, who is wearing a T?shirt remarkably similar to mine, is also here all week. He was one of our volume cane know victims, you can grab one of us this week or offer your comments now. Also in the long run, it's Phil Roberts who is heading up these activities at ISOC so if something occurs to you afterwards and you want to send it by mail, feel free to drop him a line at that e?mail address. And that is it.
(Applause)
CHAIR: Any questions to Leslie?
DANIEL: Daniel again. Some immediate feedback. I think doing focused deployment day in Europe would be good idea, but definitely I would encourage people, that is my question would be, I would encourage people to talk to Leslie and tell her what they think about it. There is another RIPE meeting coming up in Rome in the autumn that might be something to associate this with. We have been doing some of this kind of work in our IPv6 Working Group but maybe now is the time, at the end of the beginning, to make this a little bit bigger, build it differently and so on.
The other thing that I am interested about in hearing feedback is this white listing issue. In Berlin, I believe, so that is three meetings back, there was suggestions that the RIPE NCC should run should a registry, to run it on neutral ground and to do it sort of with self declared registration by I ball networks and this has sort of lost momentum and my personal question, as someone who works at RIPE NCC, is, is there still a need to do that and does it need to gain momentum again?
LESLIE DAIGLE: A comment on your first comment, I think I also want to add to that, I think it first of all sounds like it could be an interesting idea and we can discuss that further. The second comment is I want to make it clear ISOC doesn't have a need to create more meetings or hold meetings that are better held by another group. So and I think that we succeeded with that in this particular session, it was an interesting opportunity to get, as I said, it was one of the first opportunities to get people who have actually ?? ISPs who have deployed it to stand up and talk about what they have done publically. On the white listing issue, certainly I think there is room to discuss that further and I think this group should be discussing that this week. One of the advantages in having RIPE host something is to have, you know, a neutral party actually hosting the white list. One of the challenges is the fact that content providers are particularly interested in understanding how the connectivity is from them to the I balls.
DANIEL: I don't want to be misunderstood. I wasn't saying that ISOC should not thread on our territory here, what I was proposing was ISOC has done this valuable work and actually I wear a hat in ISOC; my comment was more, let's cooperate and maybe do it adjacent to a RIPE meeting.
LESLIE DAIGLE: I did get that and took it as an opportunity grow out that
Fergal Cunningham from RIPE NCC and have a question, he said he would appreciate seeing some activity in Europe, he says Seattle is just out of reach for some of the small European players.
LESLIE DAIGLE: Yes, thank you.
Wilifred Woeber from Vienna university, in the past wearing one of the hats of one of the IPv6 related EU projects for infrastructure. I would like to add one comment to this issue of planning for deployment. One of our major experiences is that you have to be aware that you are tracking a moving target. I think it is architecturally impossible, and that also relates a little bit to this white listing stuff, to make sure at a certain point of time you take a snapshot, you assess the quality or the functionality or the problems and then you tick it off and you forget about it. You actually have to face the fact that introducing IPv6 (forget) as a broad thing which is used everywhere, unconsciously used by the users, it's going to be a new technology, it's going to be a new network and you have to spend the resources and you have to be attentive to the fact that you will have to deal with things that pop up, like we have in our university, our colleagues have rolled out more or less everywhere wireless network which is capable of doing IPv6, and it was working very well with a particular version of a well?known operating system and then a new major version of that operating version pops up and you end up with new interesting situations. And you have to deal with that, so that is one of those issues. Whether this is stuff for an IETF mailing list or not, remains to be seen, because this might be just a matter of how to bend the configuration of those new versions of the operating system to behave properly again. And this also sort of has some impact on this white listing because this is one of the things as the IPv6 advocate back home, to try to achieve, but in many situations you don't have a one?to?one relationship or a direct peering between, for example, a national research income and something like YouTube. There is no other way to depend on the services of ISPs in between and in some situations you don't even have the capability to really nail down things like symmetric routing and if you are in that environment you really have to have reasonably reliable and reasonably comfortable tools to find out about the traffic situation, about the routing situation, about misconfigurations, which are sometimes located in between, not in your network, not in the target network, and it's one of the things why I myself started a while ago for the moment private internal discussions with people from RIPE labs, to collect ideas how we could improve things that are there, to actually help all of us in detecting bottlenecks, flaws, misconfigurations and that sort of things so if we could come up with something which helps with this debugging, white listing, certification thing, that would definitely be of very fundamental interest to me.
LESLIE DAIGLE: One of the interesting things, the DNS white listing issue is quite interesting because it is largely driven by business needs and there are obviously very strongly held business needs. We have a separate discussion about whether that means the Internet is impeded from innovation but again that is a different topic, but one of the reasons why ?? on one hand you don't want to have a discussion about DNS white listing and standardising something that should be a transition shim if it's needed at all. You need too far discussion more broadly than any given organisation's own experience for the very reasons you are citing, so the question is how do you have a public discussion about this to bring minute many expert views and I think that is going to be an ongoing challenge.
CHAIR: Thank you very much, Leslie.
(Applause)
And the last speaker of this slot is Benno Overeinder that will present a study about security in routing. Thank you.
BENNO OVEREINDER: Thank you. This work has been done together with Maarten bought man. So, we will present our preliminary, first results, from on?line survey which was conducted during February, half February until end of March. We wrote an invitation to participate to the community, to the routing Working Group e?mailing list from RIPE, the IXP communities from Linx, M6 and DE?CIX NetNod and ? (AMS?IX).
So this is the outline. The project, the survey is part of a project commissioned by ENISA but the results presented here are our own conclusions, our first preliminary ideas and interpretations and this has not been sent to any for any ?? whatever. So, as they are being preliminary conclusions and interpretations can change over time. But the purpose of this presentation is also to give ?? or ?? to give feedback to and get feedback from the community, the RIPE community. As a sanity check, did we miss; make misinterpretations. So please feel free to jump in, ask questions, or after the presentation come by and drop us a note.
I will skip this one. So what is the goal of the routing security survey? We were interested in a number of topics, subjects, which was awareness for the community in routing security; what is currently deployed, what is the experience of the community in the technology being used; and what are the expectations of future developments; and near future developments like RPKI but also academic developments like well, not academic developments but also things like S ?? secure BGP or SO BGP, and giving these new technologies, what is the idea of the community about the role of the ?? of government in policy.
So these four categories were important in our ?? sorry ?? were important in our survey.
And the second goal of this survey was also, we actually the survey is only part of the project; the other part were a number of the series of interviews with experts, and besides these interviews, it's good to have some qualitative data and with these numbers we can support the interviews, also again to see if we have ?? make the correct conclusions and we see the correct relations between the interviews.
So that is the profile of the participants.
About 135 people participate in the survey, from various countries, but there is a north/west European domination because of the IXPs we were involved in the survey, so about a quarter of us Dutch and German and followed by Swedes and other northwest countries. 64 percent about two?thirds, of the participants were from ISPs and the other one?third were from different groups like industry public body, academic regulator, etc. And another fingerprint of participants was what is their experience and responsibility, about 40 percent, 45 percent were technical/operational, the other 45 percent was strategic and architectural and then managerial level.
So the awareness: It's important to note that the project started out as being ?? actually the call for proposals from ENISA was on secure routing. We send in a different proposal because we didn't believe there was something like secure routing so we sent in in a proposal figuring out what is the current routing security technology, and that is quite different set of technologies which can be used in combination to make your networks more secure. And we categorised these different technologies in three groups; session security, the monitoring and filtering and the PKI based solutions, the secure BGP and SO BGP, and so our question was for this aggregated technologies, what is the level of awareness, not necessarily deployed but are you aware, do you know of these technology, so no excitement, so nothing unusual except for the PKI?based solutions is still a low level of awareness here, and after checking the results, this group who entered was aware of this PKI was mainly ?? well they assigned themselves to be in the strategic and architectural level or the policy and managerial level. This is only thing we have to take away.
So what is the importance of in deploying of routing security? So nothing exceptional here. About 25 percent thinks it's top of the list, it's really important. But two?thirds think, well, it's important but not a top priority and this is nice consistent with other studies from ARBOR network, the infrastructure security report of 2009 and the BGP is ?? it doesn't make sense but it's here. The BGP is the fourth ?? fifth column in this ?? in the graph on your right?hand, which is people are more concerned about BotNets and DDoS and DNS, so BGP is not necessarily the top priority here. These are the severity and impacts of the incidents seen on the networks. One?third, about 20 percent is a major disruption in a network. About one?third is minor and a large part, more than half, is actually no, any consequences, so they have seen an incident but without any consequences, this is quite with level of awareness, the level disruptions increased over level of awareness so there is nothing specific or special about this.
And what do you think which is ?? what are the critical risk of the security incidents? So I would think reduced performance would be top priority, so stability of your network is the most important. But we can explain this probably by going back to these figure, most of the incidents don't have large impact. So the reduced performance quality, not necessarily the top, is mainly the reputation damage people think is important because not all the incidents are really having a severe impact but it has kind of reputational damage, people might think you don't run your network correctly or very efficient. Right.
So this is interesting slide. So, with the current ?? what kind of technology has been currently deployed in your network, and again, the session security and monitoring is broadly installed. These are absolute numbers. Interesting to see is here that the session security is mainly well off?the?shelf and vendor supplied, nothing special here, it's easily deployed, that is not a problem. The monitoring and filtering, I think primarily the filtering is custom built. People build their own filters. They don't rely on other parties. Sometimes they use the IRRs. And but monitoring, etc., is mostly third party, so these are probably the off the she have and vendor supplied. So for the PKI?based solutions being deployed, it's interesting; there are 23 people have played with this or installed, so I can understand people have tested and not deployed it in their own network, but I am really interested in the people who have bought this product about PKI. There are not that many products available, I think, so we are very interested who this group is what products they built or bought, actually. So maybe people in the audience here have any idea.
Here, the take away is that what is most effectively of these technologies, so what do you think about effectivity of the different technologies, I want to if he can you say on the monitoring and the session security. The monitoring and filtering especially, people consider them very effective. It's actually the main protection of your network. Session security, people, although they have installed it, it's 50/50, not everybody thinks it's really effective but they have done it because their neighbours required it, their peers, their upstream, whatever. Sometimes people use it only for the iBGP sessions and not for the EBGP sessions. So what are the advantages of the different methods? This is something, OK there are two things I want to highlight here. For session security, the deployment, this appears. For monitoring and filtering, we are not completely sure about how to interpret the answer, because the largest group says, well, the advantages is the risk of ?? in this ?? misconfiguation, is this either people think filtering prevents misconfiguation ?? filter out, misconfiguation of the peers, or people think by making misconfiguation of our own filters we screw up the neighbours'. So we have to get back to our raw data and to the community to figure out what they actually meant with this answer.
Future developments: So, what are people thinking are the barriers in deploying new technology of secure routing technology? And here, the top is the bottleneck, is availability of knowledge. It's interest. That is something to consider. And there is about 50% for both expected increase in operational costs and implementation costs. And there is still quite a large group with no confidence in their effectiveness at all, still. But the bottleneck is availability of knowledge. So that is maybe a mention for RIPE. What are the drivers? On the other side, what are the drivers to invest in improved routing services? Reducing operational risk. I can understand that. Get your stability of your network, is the main thing. Expected reduction of operational costs. I mean, here and expected increase, so definitely these are two different groups. The expected increase in the operational costs of 50% is probably another group than the expected reduction of operational costs. I hope so, actually, for consistency. And probably not everybody had done the math of what is the cost of mitigating of a serious off line of your network. And some groups did and think it's serious business. And of course, improved image, to which your customers is important.
So, with all new technologies being either rolled out RPKI, or, well, yes, RPKI, what is the role of the governments or expected role of the governments by the ISPs? What role can they play? So that was our question. And of course, again, summarise this slide by saying that the ISPs or the Respondents think that the government should stimulate but not regulation. So it needs stimulate awareness, stimulate research and development investments but don't regulate by legal requirements, this is the opinion of the community.
So, bringing us to the final slide: Well, summary, actually. So the routing security, session security is topmost. Nothing monitoring of filtering. These are the current practices. But that is something to consider, level of awareness of RPKI is still relatively low and it's on?line and available next January 2011, planned. And for the government, stimulation, no regulation. A self regulation of community is preferred. And stimulation by public research and development. OK. Thank you. Thanks to all the people who participated.
(Applause)
CHAIR: Thank you very much. Any questions? Or everyone is just hungry. Daniel, no questions from you? Not this time.
DANIEL: Do you insist?
CHAIR: Of course I do. No, just joking. Yes, there is one question coming, excellent.
AUDIENCE SPEAKER: It's a comment, just to mention that we have got some time set aside in the Routing Working Group which unfortunately clashes with the Cooperation Working Group but discuss the results here, so if you are interested, come and talk to us or come and talk about it on Wednesday .
CHAIR: Thank you very much. Anything else? Well, in this case, thank you very much, Benno. And I think there is nothing else to do other than finish reading and writing our e?mail, and have lunch. Thank you.