The agenda topics include:
- Review the important prefixes needed for an IPv6 address plan,
- Discuss how a good address plan makes security and routing policy easier,
- Consider numbering your LAN segment, SSID, or VLAN,
- Consider numbering for sites, backbone, links,
- Consider how to remember your addresses for diagnostics and troubleshooting, and
- Look at plans that other enterprises have done.
Nalini Elkins & Michael Ackermann
The agenda topics include:
- Stateless Autoconfiguration
- ICMPv6
- Neighbor Discovery
- Neighbor Solicitation / Advertisement
- Router Solicitation / Advertisement
- Multicast Listener Discovery
Nalini Elkins & Michael Ackermann
The agenda topics include:
- Stateless Autoconfiguration
- ICMPv6
- Neighbor Discovery
- Neighbor Solicitation / Advertisement
- Router Solicitation / Advertisement
- Multicast Listener Discovery
Nalini Elkins & Michael Ackermann
To be successful in implementing and understanding IPv6 networks, you need to first understand the IPv6 address methodology which is, in many ways, a fundamental change from the IPv4 paradigm. In this introduction, you will become familiar with what is different as well as what is the same with IPv6.
- Public and private addresses
- IPv6 Prefixes
- IPv6 Address Structure
- IPv6 Interface ID
- IPv6 Addressing and Address Allocation Methods (stateless, statefull)
- Address types, unicast, multicast, anycast
- Address categories: global, site local, link local
- Unique Local Unicast addresses
- Zero compression
- Special addresses (loopback, unspecified, IPv4 mapped IPv6)
- Broadcast address elimination
This webinar will be followed by a hands-on lab to illustrate the concepts shown. You do not need any equipment to participate. We will send full instructions so that if you wish, you may do the same commands / exercises but this is entirely optional.
Presented by Nalini Elkins.
To be successful in implementing and understanding IPv6 networks, you need to first understand the IPv6 address methodology which is, in many ways, a fundamental change from the IPv4 paradigm. In this introduction, you will become familiar with what is different as well as what is the same with IPv6.
- Public and private addresses
- IPv6 Prefixes
- IPv6 Address Structure
- IPv6 Interface ID
- IPv6 Addressing and Address Allocation Methods (stateless, statefull)
- Address types, unicast, multicast, anycast
- Address categories: global, site local, link local
- Unique Local Unicast addresses
- Zero compression
- Special addresses (loopback, unspecified, IPv4 mapped IPv6)
- Broadcast address elimination
This webinar will be followed by a hands-on lab to illustrate the concepts shown. You do not need any equipment to participate. We will send full instructions so that if you wish, you may do the same commands / exercises but this is entirely optional.
Presented by Nalini Elkins.
Unwanted and illegal robocalls continue to be both one of the largest communications-related nuisances (particularly since many of us are home to get them all day…) and are commonly used to defraud victims using social security, warranty and other scams. Fighting these unwanted calls has proven to be hard and is likely to require a combination of approaches that may also hasten the end of the traditional circuit-switched public switched telephone network. I’ll describe why unwanted robocalls are probably harder to curtail than spam emails and what techniques may help. I’ll focus particularly on calling number authentication, standardized by the IETF and ATIS in the STIR and SHAKEN working groups. STIR/SHAKEN offer a good case study that protocol standards are necessary, but need to be augmented by additional organizational infrastructure and operational practices to be successful. However, calling number authentication combined with simple call filters may only offer a temporary respite from unwanted calls unless other holes in the call delivery chain are plugged that allow shady operators to place millions of calls.
Prof. Henning Schulzrinne, Levi Professor of Computer Science at Columbia University, received his Ph.D. from the University of Massachusetts in Amherst, Massachusetts. MTS at AT&T Bell Laboratories; associate department head at GMD-Fokus (Berlin), before joining the Computer Science and EE departments at Columbia University. He served as chair of Computer Science from 2004 to 2009 and as Engineering Fellow, Technical Advisor and Chief Technology Officer of the Federal Communications Commission (FCC) from 2010 until 2017.
Protocol standards co-developed by him, including RTP, RTSP and SIP, are now used by almost all Internet telephony and multimedia applications. Fellow of the ACM and IEEE.
How security will be handled in IPv6 is a question asked by many. Myths abound. In this session, we will start to look at:
• NAT is not a firewall (security by obscurity)
• Complexities introduced by multiple stacks
• Risks introduced by not considering IPv6
• Reconn attacks and defense
• Local network attacks and defense
• Unauthenticated NDP (similar to ARP)
• Cache table exhaustion and ping-pong attacks
• Rogue device attachments
• Mitigations
• Extension Headers
• ICMPv6
This is only a start. In the following year, we plan to do a more detailed investigation of this critical area. There will be follow-on webcasts. In the survey to enterprises, many people said that this was a topic they considered very important.
Nalini Elkins is the President of the Industry Network Technology Council. She is also the CEO and Founder of Inside Products, Inc. Nalini is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she is a formidable businesswoman. She has been the founder or co-founder of three start-ups in the high-tech arena.
Encrypted DNS has been a hot topic for discussion in the world of Internet standards this past year. Its potential impact on enterprise networks has been a prominent part of that discussion. This webinar will explain the two methods for encrypting DNS (DNS over HTTPS and DNS over TLS, known as DoH and DoT), the perceived advantages of each over the other and of encrypting DNS in general, and the potential threats and dangers encrypted DNS presents to enterprise networks. We will then examine the publicly-stated implementation strategies of Google, Apple, Microsoft, and Mozilla as it relates to operating system and browser support for encrypted DNS. The presentation will end with recommendations and advice for how enterprise networks may adjust to the presence of applications and operating systems with support for encrypted DNS inside their networks.
Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman, Chief Executive Officer and Cofounder of award-winning Farsight Security, Inc. He was inducted into the Internet Hall of Fame in 2014 for work related to DNS. Dr. Vixie is a prolific author of open source Internet software including BIND, and of many Internet standards documents concerning DNS and DNSSEC. In addition, he founded the first anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991).
Dr. Vixie served on the ARIN Board of Trustees from 2005 to 2013, as ARIN Chairman in 2008 and 2009, and was a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). He operated the ISC’s F-Root name server for many years, and is a member of Cogent’s C-Root team. Dr. Vixie is a sysadmin for Op-Sec-Trust. He earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010. Dr. Vixie is a highly sought-after keynote speaker and has spoken at conferences around the world.
This webinar will be taught by Michael Richardson and Dr. Anna Maria Mandalari.
Between the number and type of IoT devices that may be used by enterprises, in short order, there will not be enough people on the earth to administer them. New means of scale are required. Do old assumptions hold? Standards such as Manufacturer Usage Descriptions and CoAP are emerging.
Anna Maria’s talk:
The emerging complicated Internet of Things (IoT) ecosystem will not only rely on collection and processing of personal data, but also performs actuations in the real world and thus, have physical consequences. The potential harms to individuals and society are significantly more serious than privacy alone. This greatly increases the challenge in delivering public safety, acceptability and trust as identified in the large number of government and independent reviews and research findings.
We have been developing the opensource Databox Platform. Beyond its research impact, Databox is currently turning into a popular opensource platform for privacy-preserving data analysis. In this talk, I will explore what we are invisible trading in exchange for these devices, and discuss potential future mitigation through Databox.
Biography:
Dr. Anna Maria Mandalari works as research associate in the Dyson School of Design Engineering at the Faculty of Engineering at Imperial College London. She was a Marie Curie Early Stage Researcher affiliated with the University Carlos III of Madrid, within the European project ITN METRICS. During her PhD she was research visitor at Telefonica I+D (Spain) and Simula Research Laboratory (Norway). Her research interests are related to IoT, privacy, large-scale Internet measurements, Internet measurement platforms, middleboxes and new Internet protocols.
Michael Richardson’s talk:
A critical part of managing privacy and authorization in enterprise networks involves managing identity. There is a rich field of identity management offerings from big and small. There are multiple identity management conferences one can attend (now going virtual). There are no dominant identity management mechanisms, and no dominant onboarding systems for IoT devices.
What kinds of devices should enterprises expect to deal with?
What should enterprises look for in feature sets of devices that they expect to acquire?
This is a interactive discussion dealing with the question of how enterprises can navigate managing identities for IoT, BYOD, and remote workers.
Biography:
Michael Richardson is an open source and open standards consultant. An autodidact, he wrote mail transfer agents as a teenager, and in the 1990s, found his calling designing and building embedded networking products, in the security sector. Michael has built multiple IPsec systems, joining the FreeS/WAN team in 2001, and founding Xelerance in 2003. Since 2008 Michael has worked in and chaired the IETF ROLL working group, doing routing protocols for IoT mesh systems. Michael has authored a number of IoT related RFCs including RFC8366 and RFC7416. Michael currently works on IoT security systems in the 6tisch, ANIMA and ACE WG, specializing in the problem of initial bootstrap trust.
This webinar will be taught by Jon Worley (ARIN) and Nalini Elkins (INTC). This is a part of the Community Grant to INTC from ARIN.
Jon will start by helping you better understand IPv6 address planning, how to determine the right block size for your organization, and how to plan for growth. We will include some real-life examples and even an opportunity to try your hand at planning for your own organization! Nalini will go into even more detail and provide some rules for IPv6 address planning.In this session, we will:
- Review the important prefixes needed for an IPv6 address plan,
- Do a sample address plan together,
- Discuss how a good address plan makes security and routing policy easier,
- Consider numbering your LAN segment, SSID, or VLAN,
- Consider numbering for sites, backbone, links, Consider how to remember your addresses for diagnostics and troubleshooting, and
- Look at plans that other enterprises have done.
Jon Worley is the Senior Technology Architect with ARIN and has been a member of the Registration Services team since 2004. He has experience with all ARIN policies and procedures for requesting, managing, and transferring IP addresses and AS numbers, including technical services such as ARIN’s RESTful API. Jon has spoken about these topics as well as IPv4 depletion and IPv6 adoption at many ARIN events.
Nalini Elkins is the President of the Industry Network Technology Council. She is also the CEO and Founder of Inside Products, Inc. Nalini is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she is a formidable businesswoman. She has been the founder or co-founder of three start-ups in the high-tech arena.
Peer-to-peer group communication has long been a necessity for usability in team coordination. However, the security of such systems has not been well understood or investigated in comparison to one-to-one secure messaging options (such as Signal or even TLS). Based on an ongoing IETF standardization initiative, this presentation will introduce participants to the basic concepts of group messaging security, end-goals, and threat models – including “self-healing” security – and will prepare them to ask critical questions regarding group communication security and implementations.
Britta Hale is an Assistant Professor of Computer Science at the Naval Postgraduate School working in cryptography and cybersecurity. Her specialization areas include analysis and design of cryptographic key exchange and authentication protocols. Hale is currently active in the design and IETF standardization of the MLS group messaging protocol, user-mediated protocol analysis, and hybrid post-quantum cryptography.
Recent papers include the first public research on detection of man-in-the-middle attackers in messaging protocols. Hale holds a PhD from the Norwegian University of Science and Technology and a Master’s in Mathematics of Cryptography and Communications from Royal Holloway, Univ. of London.
ICANN is engaged in an effort for the Internationalization of Domain Names — that is, making them available in languages other than English. Thıs ınvolves fıgurıng out what new symbols must be used, of course. But also figuring out which of the new symbols are easily confused with each other, or with existing symbols. Just by way of example, the Latin alphabet contains 26 basic letters, but those can be combined with some 20 diacritic marks (little dots and lines above or below the letter), giving a total of some 220 symbols. Some are only distinguishable if you know the language they happen in. For example, in a domain name suppose you encounter a Dotless I ( ı in lower case, this occurs in Turkish) when you are expecting a regular I, will you notice. In my observation, no — especially if you have never even heard of a Dotless I. (Did you notice when they got used in one sentence above?)
The domain name which is malformed in this way will most likely take you somewhere other than where you expected. This is called a “homographic attack”. Homographic attacks can be used for phishing and pharming with the end goal of introducing viruses or for defrauding the consumer. You may wish to understand these risks. You may also want to have some input into what limits get put on new names. We will tell you how you may get involved at ICANN.
Bill Jouris has been working in the computer industry since his college days, before the Internet was even thought of. His early career in industry was dealing with performance analysis and tuning of mainframe systems for financial and healthcare firms. He is Chief Operating Officer at Inside Products.
In addition, Bill has been active in the Computer Measurement Group, which is the professional organization for the computer performance field for decades, and served two terms on its Board of Directors. He is on the ICANN Latin Generation Panel which is a part of ICANN’s effort to expand the range of possible domain names.
This talk will focus on the Path Computation Element (PCE) work in the Routing Area of the IETF. Dhruv will give a quick introduction to the technology and how it is being used to enable efficient path computation and traffic engineering of the network. It will also cover how the PCE work relates to the Software defined Networking (SDN) and some of the future work taken up the working group (WG).
Dhruv has been working in the networking domain for last 16 years with Huawei Technologies. His current designation is the Lead Architect for the Data Communications Business in India. Over the years, he has worked hands on the Huawei’s Routing Platform and controller. He is currently working with the research & standards team for various emerging technologies such as PCE, Segment Routing (SR) and Network Slicing.
He is an active IETF contributor in the area of Path Computation and Traffic Engineering with 26 RFCs as co-author and contributor. He is also serving as the PCE WG co-chair at IETF. He is also part of Routing Directorate and sergeant-at-arms for the IETF mailing list. He is a founding member and secretary for India Internet Engineering Society (IIESoc) & Industry Network Technology Council (INTC).
The vision of a quantum internet is to fundamentally enhance Internet technology by enabling quantum communication between any two points on Earth. While the first realizations of small scale quantum networks are expected in the near future, scaling such networks presents immense challenges to physics, computer science and engineering. In this session, Wojciech provides a gentle introduction to quantum networking and surveys the state of the art. He proceeds to discuss key challenges for computer science in order to make such networks a reality.
Wojciech Kozlowski received his MSci degree in theoretical quantum physics from the University of Cambridge in 2012 and a DPhil degree in theoretical quantum optics and many-body systems from the University of Oxford in 2017. He is currently a postdoctoral researcher at QuTech, an advanced research institute for quantum computing and networking in the Netherlands.
After his doctoral thesis on the competition between weak quantum measurement and many-body dynamics, Wojciech left academia to work as a software engineer in the network protocols unit at Metaswitch Networks in London, UK. As of 2019, he is combining his new expertise in networking technologies with his prior research experience developing a network architecture for the quantum internet.
This session is funded with a grant from ARIN. It is a two-hour webinar.
Dual Stack and Transition Mechanisms
Enterprises rarely switch over from IPv4 to IPv6 in one step. Generally, companies will run dual-stack for a time, where both IPv4 and IPv6 are available on devices. This doesn’t solve most of the problems IPv6 was designed to solve, so we will discuss the benefits and drawbacks of:
- Dual-stack
- NAT44
- Dual-stack Lite
- NAT64/DNS64
- 464xlat
- MAP-T
- MAP-E
- IPv6-Only
DHCPv6Although IPv6 provides new addressing possibilities (SLAAC), most enterprises will want to continue using DHCP — which is now DHCPv6. We will describe how a client finds a DHCPv6 server, what information it can request and expect back. We will compare DHCPv6 to SLAAC. We will discuss:
- DHCPv6 Solicit Advertise, Request, Reply
- DHCPv6 multicast addresses
- IA_NA, IA_PD
- Prefix “hints” to request the same prefix, or any prefix of a certain size
- Additional information (DNS, transition mechanism, etc.)
Nalini Elkins is the President of the Industry Network Technology Council.
She is also the CEO and Founder of Inside Products, Inc. Nalini is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she is a formidable businesswoman. She has been the founder or co-founder of three start-ups in the high-tech arena.
Bob Hinden will talk about how and why IPv6 was developed in the IETF, the state of the deployment of iPv6 on the Internet, and what he thinks the future looks like.
Bob Hinden is a Check Point Fellow at Check Point Software, and co-chairs the IPv6 working group in the IETF. He is the co-inventor of the Internet Protocol Version 6 Protocol (IPv6).
Bob Hinden was the Chair of the Internet Society Board of Trustees from 2013 to 2016, and a member of the Board of Trustees from 2010-2016. Previously at Nokia, he was a Nokia Fellow, Chief Internet Technologist at Nokia Networks, and Chief Technical Officer (CTO) at the Nokia IP Routing Group.Bob Hinden was one of the early employees (i.e., employee number 4) of Ipsilon Networks, Inc. Ipsilon was acquired by Nokia on December 31, 1997. He was previously employed at Sun Microsystems where he was responsible for the Internet Engineering group that implements internet protocols for Sun’s operating systems. Prior to this he worked at Bolt, Beranek, and Newman, Inc. on a variety of internetwork related projects including the first operational internet router and one of the first TCP/IP implementations.Bob Hinden was co-recipient of the 2008 IEEE Internet Award for pioneering work in the development of the first Internet routers.
Bob Hinden has been active in the IETF since 1985 and is the author of forty two RFCs, including three April 1 RFCs. He served as the chair of the IETF Administrative Oversight Committee (IAOC) from 2009 through 2013. Prior to this he served on the Internet Architecture Board (IAB), was Area Director for Routing in the Internet Engineering Steering group from 1987 to 1994, and chaired the IPv6, Virtual Router Redundancy Protocol, Simple Internet Protocol Plus, IPAE, the IP over ATM, and the Open Routing working groups. He is also a member of the RFC Editorial Board and the RFC Series Oversight Committee.Bob Hinden holds an B.S.E.E., and a M.S. in Computer Science from Union College, Schenectady, New York.
This session is funded with a grant from ARIN. It is a two-hour webinar consisting of IPv6 Fundamentals and Neighbor Discovery.
IPv6 Fundamentals: To be successful in implementing and understanding IPv6 networks, you need to first understand the IPv6 address methodology which is, in many ways, a fundamental change from the IPv4 paradigm. In this introduction, you will become familiar with what is different as well as what is the same with IPv6.
- Public and private addresses
- IPv6 Prefixes
- IPv6 Address Structure
- IPv6 Interface ID
- IPv6 Addressing and Address Allocation Methods (stateless, statefull)
- Address types, unicast, multicast, anycast
- Address categories: global, site local, link local
- Unique Local Unicast addresses
- Zero compression
- Special addresses (loopback, unspecified, IPv4 mapped IPv6)
- Broadcast address elimination
.Neighbor Discovery (SLAAC)Description: The Neighbor Discovery Protocol (NDP) is one of key building blocks of IPv6, though it creates an alphabet soup of acronyms (NDP, RA, RS, NS, NA, DAD, MLD, SLAAC, RDNSS). We will describe how NDP works and its basic functions, including addressing and routing. Network engineers and systems engineers who are familiar with IPv6 addresses are welcome.
- Neighbor Discovery Protocol (NDP)
- Router Advertisements (RA)
- Router Solicitation (RS)
- Neighbor Solicitation (NS)
- Neighbor Advertisement (NA)
- Duplicate Address Detection (DAD)
- Multicast Listener Discovery (MLD)
- Stateless Address Autoconfiguration (SLAAC)
- Router Advertisements for DNS (RDNSS)
Nalini Elkins is the President of the Industry Network Technology Council.
Drones and other Unmanned Aircraft Systems (UAS) are proliferating rapidly. What are the needs for regulation?
Civil Aviation Authorities (CAAs) worldwide have initiated rule making for Unmanned Aircraft Systems (UAS) Remote Identification (RID). There is a Working Group proposed for this activity at the IETF. Bob Moskowitz and Stu Card will discuss the history and rationale for this proposed standards activity.
Robert Moskowitz has been working with computers since 1966 when, in 11th grade, his high school became perhaps the first in the nation to have in-classroom computer access (a teletype in the back of the room). He entered the programming profession in 1974 shortly after receiving a Bachelor of Science in Computer Science from Michigan State University (1972) along with a Bachelor of Science in Botany. Robert worked 19 years Automotive, in IT technical support, and for 17 years at ICSAlabs (now a division of Verizon Business) in network security research and is now an independent security consultant. He informed the FCC on Internet technology 2013-2016. Additionally, he has written or edited 61 RFCs since 1989. He has been active in the IETF since 1993 and IEEE 802 since 2001. His contributions there include the private IPv4 address space, IPsec, PKIX, HIP, DOTS, 802.11i, 802.1(X, AE, and AR), and 802.15.9. He is currently investigating better ways to address IoT devices and networks. This included designing the network security for ZWAVE 2.0. He is currently working on communications security for Unmanned Aircraft Systems (UAS). In his spare time he works with armv7 boards, assisting development of Fedora and CentOS for these platforms.
Stu Card’s Navy training included brief experiences operating aircraft, ships and submarines. His SU PhD research applied information theory to evolutionary algorithm based machine learning. He has over 30 years experience, designing airborne radar and neural network hardware, a broadband cable modem, fault-tolerant storage, airborne network protocols, cryptocurrency/blockchain applications, etc., and cofounding Central NY’s first consumer ISP. He now focuses on existential threats involving complex interdependent networks and autonomous cyber-physical systems, and supports the NYUASTS.
The IETF has documented most of the protocols used in the Internet below the application layer. This brief overview in intended to inform the audience about the IETF – what it is, what it does, who it is composed of, and how it works. It will also point out the IETF’s deficiencies; specifically, that constituencies that don’t participate often don’t find their issues resolved in those specifications, which often works against them in one way or another. Ideally, those constituencies will be motivated and guided in making an impact on the technologies that their businesses depend on.
Fred Baker has worked in the software engineering of computer networks since 1978, including Internet technology starting in 1986. He has chaired several IETF working groups on various topics; since 2005, he has chaired or co-chaired the IPv6 Operations working group. In addition, he chaired the IETF 1996-2001, and served on the Internet Architecture Board 1996-2002. He has also been a member of the board of the Internet Software Consortium, which runs one of the DNS root services, since 2008, and represents them in ICANN’s Root Server System Advisory Committee – which he has also chaired 2018-present. He is currently also the chair and primary editor in ITU Focus Group on Quantum Technology in Networking, in the sub-group related to the Implications of Quantum IT on Networks. He represented Cisco in BITAG, writing or contributing to many documents intended to inform the FCC on Internet technology 2013-2016. Additionally, he has written or edited 61 RFCs since 1989.