APOPS

DNSSEC deployment in New Zealand
Andy Linton

The NZ Domain Name Commission and the NZ Registry Service are working on the policy and technical framework we will need to deploy DNSSEC so that it can be used at the application layer to provide validated results to DNS queries. As well as discussing the work needed at the DNS server level this report will look at some of the wider policy issues.

IPv6 representation
Seiichi Kawamura

RFC4291 is a document that describes the IPv6 address architecture, but a canonical representation format has never been defined. In real operational situations, the flexibility of IPv6 address representation can cause problems. For example,

• 2001:db8:0:0:1::1 and
• 2001:db8::1:0:0:1

are the same addresses but as "text", they are two different figures and will not match on a simple search.

One example: an operator can take the result of a traceroute and try to search for the address in a configuration repository, but a simple text search may result in a 'no match'.

I would like to present cases where this causes problems and describe ideas on what we can do to avoid them.

Careful planning is needed for introducing NAT
Hiroyuki Ashida

Presented at JANOG24 in July 2009.

At Janog22 the technologies and implications of introducing NAT into an ISP/SP infrastructure was raised and discussed. Now an organized planning effort for LSN (Large Scale NAT, previously known as Carrier Grade NAT) deployment is required to cope with IPv4 address depletion. Also it should be noted that LSNs need to be deployed before IPv4 depletion occurs, because it requires global IPv4 addresses.

In this environment, I will evaluate how many resources would be required for actual LSNs and their ancillary facilities through a quantitative analysis of some of the elements such as port number restrictions and logging issues. The presentation will also include topics such as the impact for operation and usage after NAT deployment and consideration of assigning address space to subscribers.

Challenges in Large IP network deployment
Echo Liu

As carriers are expanding their IP infrastructure into hundreds or even thousands of core and provider edge routers, most will face multi-vendor challenges. For example, the network may have at least two or three router vendors among Alu, Cisco, Huawei, Juniper, Redback, Tellabs, ... Zte, etc.

In this presentation, we will discuss an approach using a mixture of CLI and SNMP to handle multi-vendor configuration managements, provisioning and network planning of MPLS TE/FRR, MPLS VPN and Metro Ethernets services.

The strategic value of introducing IPv6
Cancan Huang

In this presentation China Telecom discusses what networks need to consider when introducing IPv6, including network, service and IT support system interactions. This presentation elaborates on these issues by presenting China Telecom's own IPv6 experience. When trialing IPv6, China Telecom used an experimental network consisting of CNGI and a lab test network, and a business network that included the Shenzhen International Sports University. This presentation also exmaines China Telecom's IPv6 product research and development, including communication assistance, an ICP IPv6 upgrade helper, and a next generation content translation network based on cloud computation.

APIX Update
Katsuyasu Toyama

Asia Pacific Internet Exchange Guild is a newly formed forum for IX operators in the Asia Pacific region. The group will meet for the first time during the APNIC meeting in Beijing on 25 August 2009. We hope this group will provide a forum for IX operators to meet during APNIC meetings and APRICOT to discuss issues focused on IX operations.

The presentation will cover the summary of the meeting on 25 August 2009 as well as the focus and reasons behind its formation.

AS number report
Geoff Huston

The final date in the RIR transition to making no distinction between 16 and 32-bit AS numbers is now only months away. This presentation looks at the current status of the remaining 16-bit AS number pool and a few BGP issues that have arisen in supporting 32-bit AS numbers.

(A combination of 32 bit ASNs and BGP in 2008.

• On run-out rate of 2-byte ASNs
• Vendor support (BGP issues))

DITL
George Michaelson

An overview of the "Day in the Life of the Internet" (DITL) project, and some initial results from APNIC's participation, focusing on differences seen at our DNS services during the 2008 and 2009 collections. Emerging data from the review of APNIC's DITL contributions in 2008 and 2009 strongly suggest that "infrastructure" DNS use has more complex behaviours than previously understood, and requires further study. Initial results suggest that of a population of around 1,000,000 querying IP addresses, around 30 per cent are persisting year-on-year which is a far higher output than expected. The dynamics of how IP addresses are used to query infrastructure DNS are not what we expected.

7.7 DDoS cyber attack in Korea
Ji-Young Lee

On July, 7th, 2009, Internet in Korea was damaged by the DDoS attack and many web sites went out of service due to this one. This presentation will discuss how this attack affected Internet in Korea and how KRNIC, National Internet Registry in Korea and ISPs dealt with this accident

The Emperor's New Cloud: An Analysis of the July 2009 RoK/USA DDoS Attacks
Roland Dobbins

This talk will discuss the attack methodologies, observed impact, and lessons learned from the July 2009 RoK/USA DDoS attacks. Highlights include technical details of the attacking botnet, DDoS network traffic, including composition, rates, and scope, and why the attacks were successful and unsuccessful in certain cases.

The talk will include data on the attacks derived from a worldwide network of Internet traffic sensors, a recounting of first-hand experiences detecting/classifying/tracing back/mitigating the DDoS attacks in question, and discussion of the implications of this incident in the context of the industry-wide migration towards virtualization and cloud computing services.