Should Teredo be terminated?
Teredo is a tunneling mechanism that was designed to help transition the Internet from IPv4, the current version of the Internet Protocol, to the long-anticipated upgrade known as IPv6. Teredo encapsulates IPv6 packets inside IPv4 packets for transit over network address translation devices and IPv4 backbone networks.
The latest Internet statistics show only a trickle of Teredo traffic. This is despite the backing of Microsoft, which built Teredo capabilities into Windows XP, Vista and Windows 7, and Hurricane Electric, which operates a Teredo relay service. Geoff Huston, chief scientist at APNIC, estimates that Teredo represents only 5% of IPv6 tunneling traffic, down from as much as 20 per cent in 2008. An alternative tunneling mechanism known as 6to4 is gaining in popularity, with Comcast seeing a 500 per cent increase in 6to4 traffic in the last 30 days.
How much remaining IPv4 address space is ‘dirty?’
One topic that’s coming up in the IPv6 community is the prevalence of “dirty” IPv4 address space, which refers to unallocated prefixes that are used by various organizations to number their internal networks. Marc Blanchet, an IPv6 expert with Quebec City-based consultancy Viagenie, says that of 24 unallocated prefixes he reviewed, 22 were “dirty” and only two were “clean.” The worry is that if a network operator starts broadcasting one of these “dirty” IPv4 prefixes, users will be shut off from sites and networks that use that prefix internally. The issue is important given that the Internet is expected to run out of IPv4 address space by 2012. The regional Internet registries said in January that less than 10 per cent of IPv4 addresses remain unallocated.
Sweden: Not as secure as you think
Sweden has been considered a leader in DNS security since 2006, when it became the first country to support DNS Security Extensions (DNSSEC) on .se, its country code top-level domain. DNSSEC prevents hackers from redirecting Web traffic from a legitimate Web site to a fake one by adding a layer of encryption to the DNS.
However, the largest domain name registrars in Sweden are not supporting DNSSEC, admits Patrik Faltstrom, a DNSSEC expert and long-time IETF participant.
“The banks in Sweden are not signing their names,” Faltstrom says, adding that only two per cent of .se domain names are signed. “The pick-up rate in Sweden has been very, very slow….Only governments and regulators are jumping in.”
The Czech Republic has the highest number of signed domains with its .cz domain, Faltstrom says. The Czech Republic began supporting DNSSEC in 2009.
Will May bring embarrassment to the EU?
In 2008, the European Union made a splash with its prediction that it would widely deploy IPv6 by 2010. The EU set a goal of having 25 per cent of its Internet users being able to connect to the Internet and access their favorite Web sites via IPv6 by May 2010.
The EU is going to miss that milestone, admits Yanick Pouffary, an IPv6 Forum Fellow and a Hewlett-Packard Distinguished Technologist. The best guess of the IETF community — compiled by Huston — is that one per cent of Internet traffic uses IPv6. On the plus side, Pouffary is seeing more European carriers, particularly those offering mobile services, running trials of IPv6.
(From Network World U.S.)