Sunday
Plenary - Sunday 26 October 2008
The first Plenary session will commence at at 10 hours GM T (UTC): IPv4 is IP v4 The session commenced as follows:
CHAIR: Is chair
AUDIENCE SPEAKER:
SPEAKER: Will you type something and I will see if I can see it coming up here. Thanks.
Can you see it? I am not seeing anything so obviously not. Thanks.
The session commenced as follows: MENOG is MENOG
CHAIR: Good afternoon. This time we do start.
I am Rob, I am the Chairman of RIPE and I will be chairing this first session of the afternoon.
Welcome to this RIPE meeting, the 57th already. Welcome to Dubai. It is in a way, a special meeting and it's a normal meeting. It's a normal meeting because it's the usual RIPE meeting with its regular programme of working groups, Plenary sessions, policy making. It's a bit special because I think we have not been this far away from Amsterdam. Amsterdam is my old home town, so that's where I measure things from. It's our first RIPE meeting in the Middle East, and we are very glad with all the facilities we have here in Dubai. It's the great help of Etisalat.
I hope you all enjoy this RIPE meeting. I hope you will have sometime to enjoy Dubai as well. It's my second time I am in Dubai and I found it a great pleasure to be back here. There are lots and lots of interesting things in and around Dubai to explore.
Right. Before we start the regular programme, I have a couple of announcements. Lunch, you will had lunch I suppose so you know where it is, no need to explain any more. Coffee breaks you have found out, it's in the area just outside the main meeting hall and the area around the corner. So don't all crowd here, around the corner there is ample space as well.
Daily updates to the agenda and anything else of importance to running this meeting is on the special web site, rosie.ripe.net. I think in your meeting pack, it will be explained what you can find there. As with meetings of this kind, there are always last minute changes to agendas, so do take your time from time to time to check on changes.
Tonight, we have a welcome reception after the last sessions of the afternoon. A welcome reception kindly sponsors by Etisalat, taking place in the town square, which is the place you had lunch. But it will be in Arabic style, so the setting will be different from the lunch time.
On Wednesday, we have a short lunch break because (E T IS AL A T) because we finish earlier that day. It's the fourth day of the RIPE meeting and on the fourth day of the RIPE meeting, which so far has always been Thursday, but this time it's on Wednesday, there is the RIPE dinner, this time the RIPE dinner doesn't take place in the vicinity of the hotel but takes place somewhere in the desert and in your meeting pack you will have all the details of how to get there. Or where to assemble and we'll get you there.
This safari is kindly sponsored by MENOG.
We have, this time, coming back to the actual programme, we have four slots for the Address Policy Working Group. Now, in the past we usually had two slots. Since sometimes twoandahalf, this time we have four and I want to draw your special attention to that because there are a lot of address policy proposals under discussion and most of them have to do with the running out, the depletion of the IPv4 address space. So if you are interested in running IPv4 in an orderly fashion for the next couple of years before you all switch on your beautiful IPv6 networks, do take part in this working group sessions, because this is the place where you will have this week ample opportunity to give your input to the proposed policies.
Also, this week we see the first meeting of a new working group, the working group on cooperation which focuses on aspects of public policy. We tend to focus on technical policy items ourselves, but some of the decisions we take have implications in public policy. Public policy, if you are not familiar with that word, is kind of jargon for governments. Governments get more and more involved as the Internet gains importance for national economies, governments cannot ignore the existence of the Internet any more. So, governments in various guises, either as a minute it statutory or a national regulatory body or whatever, are getting more and more involved in a national environment and sometimes in international environments with regulations that might touch the Internet.
So, we have at the last RIPE meetings, we have discussed this all among ourselves environments) you, that means, there is enough interest and importance people felt to start this new working group which will focus on cooperating with other organisations that are involved in various aspects of the Internet. Meaning, specifically governments, governmental bodies, international bodies.
Right. This work group meets for the first time this week on Thursday morning.
Some more technical stuff. If you need any sort of technical support, see the RIPE NCC technical group. That is the people running around in blue badges, and they have Headquarters in salon No. 5 which is I think around the corner.
For those of you who have come for the first time to a RIPE meeting, you may have noticed there is a meet and greet team which is especially there to help you to get to know what a RIPE meeting is about, get to know people. If you want to meet people whom you don't know by face, please contact the meet and greet team, they will help you to find people.
So, they have a little booth just next to the registration desk.
And then there is the RIPE NCC services centre. If you are a member of the RIPE NCC and you have any questions about your contracts, your member sip fees, your the billings, you can talk to the people who are behind all of this. There is I think next door, they have an office, the RIPE NCC services centre there, they are there to help you as well. So, any questions of a more administrative nature you have with the RIPE NCC, you are go there.
Now, last but not least, we have the usual host for a RIPE meeting and for this RIPE meeting it is Etisalat who have been (Etisalat) already excellent coordination and support in setting up this meeting, preparing for this meeting and we are very honoured that they are hosting this first RIPE meeting in this region. They have been active in RIPE and the RIPE NCC activities for many years. I think they are and NCC member for more than eight years or so. And we always have enjoyed very positive relationships with Etisalat. They were also the host and the sponsor of the first regional meeting we had since a couple of years, regional RIPE NCC meetings, one, oneandahalf day meeting where basically we tell about the state of affairs in RIPE and the RIPE NCC and the first one was held a couple of years ago here in Dubai, and where it was also organised and sponsored and hosted by Etisalat.
So, it is with great pleasure that I'd like to introduce to you (Etisalat) [] Abdullah Asheem, who is price president of Etisalat and who would like to say a few words to us all.
(Applause)
SPEAKER: Good afternoon ladies and gentlemen. My name is Abdullah and I am the vicepresident of Etisalat. Really, it gives me great pleasure and honour to welcome you here in this RIPE meeting on behalf of Etisalat manage: Etisalat, as you know, for some of you it's really the contact operator. We are full service provider. Also we are a global player, so we are operating in 17 countries, so we are ready to sponsor you anywhere. We already serving one third of the world. /OUFR mass market is 1.6 billion population, so this is an invitation for you if you think to host, to have any RIPE event outside in India, Africa, we are ready to sponsor you.
Also, let me really thank RIPE for this to have this meeting here in the region. This is, it gives an evidence that you are paying attention to this region. /Z as you know this region is really the fastest growing region especially in the Internet and the ICT. The tremendous growth in this region, particularly, is really tremendous. It's high growth. And definitely it's, we have not seen the growth in every sectors and definitely in the Internet and the ICT. This is very important event and I thank you for choosing Dubai fob the place for your main event.
Also I would like to maybe advise our colleague from the regions. Really, I urge you to take the benefits of this meeting and utilise every second of it. As Rob said, we have been associate with RIPE for almost eight or nine years. Personally I used to attend RIPE meeting, believe me I found it very useful. A lot of things, when we are heard, just by even networking, talking to the people, we learned a lot of things from their experience. When we come back home, we like to implement the things. And some of the development happening in this country in particular, you know, it's because of this meeting. So, this is really a point I would like to pass to the, to my colleagues here from the regions, you know, to maximise their presence in this five days. You'll have a lot of information. And I have seen the agenda, you have a lot of also some fun activities. I hope to enjoy staying in Dubai. The weather it nice I think comparing to Europe. It depends where you are coming from. I wish you all the best and please, you know, we are here, we are glad to be your host and our people, my team is committed and determined to make this a successful event and we are looking forward again to see RIPE in this region more and more. Thank you very much.
(Applause)
CHAIR: It's time to start our regular programme. And the first presentation this afternoon is by Jim Reid, a technical overview of [.tel].
Good afternoon everybody. My name is Jim Reid and I think most of you already know me. And this talk is going to give you a technical overview and give you a live demonstration of .tel, the new top level domain. So, I think a inter short title for this talk is this is what I have been doing in my day job for the last couple of years, and now you know what it's been all about, hopefully by the tend of this.
What I want to do is explain why the .tel is different or special. The architectural overview and /SPOEPBTS it have and some technical and business considerations behind that and some of the specific DNS challenges and characteristics that we expect to find in .tel that you don't see anywhere in the DNS today.
So, why is it different?
Well, .tel is not yet another one of these boring registry /registrar type TLDs, although we are use that go model in the conventional way with a delegation, only zone file. .tel is sponsored top level domain. It's a supporting soaring organisation. It can pit side etc. Own rule and policies about how the D L T is operated and governed.
One of the major distinctions that defer answer it's a .tel from anything that's been done so far is that they are no use I remember defined address records in .tel. There are no erecords or no quantity records defined by the end users. The registrar to register domain names. This means there are no websites in .tel. And you obviously think that seems very strange and very odd, but actually this requirement was imposed by ICANN, or perhaps term knee is if we died not to have user defined address records, will you give us .tel? And ICANN then said yes.
Now, that may sound a little bit odd for you. What this means is .tel will contain primarily NAPTR records. End people Joan records. They are not need to look up address records and some of the tools we are going to get for populating the .tel delegations will not even allow your address records to be added. So, the whole thing about this it's about contact data not content. (NAPTR) so what you will do when you buy a name is you populate with your contact data. Phone numbers, emails addresses, whatever, and use that so that other people can look it up and then activate contact with you.
So, we have a sponsoring organisation system which essentially started out to be just the member database. So whenever you registered by a .tel domain name you you are automatically a member for free of the sponsoring organisation and obviously we have to keep a database of who has joined up. We have also a developer website and the idea about that is to encourage other people to develop applications and deploy them that use .tel. And we have also built a system called the main service provider system, which is then used to deal with the issue of DNS�provisions which is essentially is two components. One is the creation of delegated zones and then the other is the population of those dedicated delegated zones with suitable content such as for example NAPTR records and then of course we have applications, the things that people then use to look up and do things in .tel itself.
So, for those of who you don't know. I expect most of you are familiar with what NAPTR records are.
NAPTR records have been around for quite sometime and they can be used to recognise communication end points. Anything can be identify by you or I. We could have web addresses, Dublin dot something slash and all the gook that comes after the slash sign. We have SMS and mmm S phone numbers. Mobile phone numbers, regular telephone numbers, instant messaging handling, anything you name, it can be recognised through a NAPTR record. NAPTR records have also got order inpreferenceses. And the preferences themselves.
So this gives you the ability to express in the DNS through NAPTR records full' based concepts. You can say things like don't /SKWRAUL Jim on his mobile phone because he is overseas and doesn't want to pay the international roaming charges. Apologies to the colleagues from Etisalat who might want to collect toes termination fees. You can also do things lick ledge expression matching and substitution. You can build object tree data structures inside the DNS. NAPTR records are essentially many programmes and they are incredibly powerful and flexible.
The down side about that is they are horribly ugly. I suppose the only thing you could say about NAPTR records is they make DNS records look pretty. Here is an example of a NAPTR record here. We have a lot of field to sector 10 and then a priority or a preference field of 54 because we could have different of ordering of 10.
Soen provider you or I could give a voice cope SIP. Then the regular expression group. And the final point there is the SIP address itself. My SIP address is that.
Now, these things are horrible, they are ugly and even experts get them wrong. So, for a business consideration point of view, you can't ever put this kind thing in front of the public. In fact, I would probably guess that most of the people in this room would not feel very comfortable about manipulating and managing NAPTR records with a favourite screen editor or [] scripts, or a pearl code. And the sort of trying to explain this to your mother. In fact I think some of things I have tried to do is it's probably easier for to you explain to my mother, I am involved with something sleazy, like let's say drug dealing or something like that because I think she would understand that. I don't think she would understand is this. (NAPTR) the reality of this is the techniques we use to just simply won't use for this.
We need to do something about this.
From a DNS perspective, we have got very, very different characteristics, what we find it a convention zone file. If you take for example RIPE dot it probably contains a handful of zone records, MS address records and so /OFPBLT they have very rarely changed. Ment things about .tel is they are going to be relatively different from that. Because first of all, anyone that's using this will have probably have of the order of ten contacts. You have an email address, a SIP address, a couple of phone numbers, an SMS address, a couple of instant messaging handlings. You will something in the order of 10 NAPTRs. And of course you can be updating them very many times a day, for instance you switch off your phones because you are going into a meeting or on a plane or whatever. You want to have that reflected in what's in Jim .tel.
This also then means that changes have to propagate fast. We can't have changesing taking a long time to propagate in the DNS network and also we must have the time to live out on knows NAPTR records as being relatively low. Of the order of perhaps a couple of minutes rather than the order of a few hours or a few days, which is the usual for the MS records and address records that people have in what they class as convention zone files today.
So this means that the typical service zone provisioning model won't do either. Because they tend to do is push the contents of the zone out to a cloud of DNS servers once or twice a day or maybe three or four times. This simply isn't enough for .tel. We want to have the situation where you update your .tel zone and bang, it's live in the DNS exactly at that point. So we essentially have to have the zone files being updated in real time, they are going to get lots more DNS look ups because the data is being cashed for a short space of time too and if you are in the registrar world, you are probably going to have to manage many thousands of zones, perhaps tens of thousands or hundreds of thousands of zones. So this means you have to go to a database back end. This kind of approach probably is not going to work all that end using text base zone files and scripts that you use to pull data out of a database, put them in a dotcom file that you generate and then give the server a kick.
A further consideration is that the lookups in .tel have to be fast and reliable. Because if someone does a lookup on a device to get the contents of [] Jim .tel, we can't have them waiting for the delay in delegation or a broken name server or something that's misbehaving because the perception then is .tel is bad. Even if it's not bad it's just that someone has got a broken name server out there. Because it is a top server domain, policy rule: All name servers in .tel will be accredited. They have to meet our requirements and characteristics. And this should meet that we won't get any lame delegations or misconfigured servers.
Also we are going to make it's part of a accreditation process that any name process serving on .tel domain name will live /HRUPBD /AO*ET the apex [] DNS dot nick .tel and that apex will not be delegated. It will live inside the .tel zone. So as a result of that should mean that for any look up for anything in .tel, it won't take two DNS queries. The first look up is going to get a referral from one of the .tel TLD servers to say here are the name servers for Jim .tel and by the way here are their address us because they live under DNs.nic.tel which lives inside the .tel zone file. So one response back from the TLD servers get you to the name servers for Jim.tel. One look up to them /RORPBS the NAPTR records. So that should mean that the DNS will run very, very quickly and of course those name servers should break, at least that's the theory.
Next problem we have to tackle is what do we do about privacy. Nobody here is going to publish their email address in a DNS zone file because it could be harvested and used by spamers. Likewise you are not going to publish your home phone number in case people start calling it or your favourite stalkers starts calling at all times of the day and night. How do we solve that?
We also have got the concept of profiles so if you manage a set of contact base abased on things thinks the data published at DNS weakend. This is the date I I publish at night etc. And have them switch as and when you are change your profiles and there is new DNS resource records we have got trying to get through the ITS standards process so you can have this indication in the .tel zone itself to say I am asleep or I am on a plane or whatever. And there is also got the ability to use key words which I have inserted as plane text records which will help for things like directory type services.
So the provision is through this NSP system which is the telehosting platform. This is the specs and the SOAP API for that. It's about a hundred pages much we have pro views add free open source software implementation of that which anybody can take away and do whatever. And [] telnic is also going to be offering and initially free hosting service because some of the registrars feel they want to get some experience with this and see how it works out from a sales point of view before they start committing their own resource to say actually build the systems themselves.
We expect eventually this telehosting platform that's been provided, eventually will may great across to the registrars in the fullness of time.
And those TELNIC, telehosting providers will be accredited to support the SOAP APIs, do all the privacy and profile features, import and export, undos and all the user kind of stuff you'd expect to find.
The main service system is written in Java, J2EE and it runs on top of [] Tomcat and Apache adds it's using /PO*TS /TKPWRES as its default back end database.
We just choose [] postgres because it was cheap and therefore it would hopefully be less of a barrier for other people that wanted to run their own name service providers.
The software has got the partitions so we could have a single NSP instance can multi up instandations in that. Think of of a virtual machine which would be one per registrar. A registrar could run with multiple personalities. And it will support mitt he any any using text base zone files or bind with DLZ, Power DNS, NSD, anything like that at all will work.
So what do we do about the privacy thing? Well, this is where I then have to say I am a protocol pornographer as Peter Cooke would call T. I am last ITF meeting nice to see you Jim. And the reason for that is because we have got this idea of doing encryption of DNS data. So what we can do is you can take NAPTR records and encrypt them so that when someone has got access to the relevant key can actually decode that data. This will give you a fair degree of confidence that if you put your email address or your phone number into your .tel domain name you can make it available so only friends and family do it decode it and the general public can't. So hopefully we can keep the scumbag spamers and telemarketers at bay.
I have written up an Internet draft of that. Now the mechanism to handle that is essentially a friendly system which works as the same way any any social networking website. Can I be your friend and handshake takes place a key issen /KUPT the and passed back to the person who initiated the request. I'm talk a lot /PWF that more in a sec.
So let's say Bob wants to contact Alice who owns Alice .tel. So the special organisation system will generate ab RSA key for Bob. The public key component that have is key record in the DNS. Now that should be an N key record which trier to get an Internet draft to get a resource key /O set aside for this N key proposal. The private key is soared in PKCS8 and only Bob knows the appropriate pass phrase to decode it to get access to that private key so. Even the sponsoring organisation system doesn't know the private key for Bob. /TKOB sends can I be your friend message to Alice telling where this public key lives.
At some point later on Alice will log in the sponsoring organisation system. They'll be told there is a friending message for her. She can have her NSP system retrieve that system from the DNS. Alice can decide what contact data she wants make available to Bob and has it encrypted with this public key and that contact data is then stored at ex CRYPT or service type NAPTR records under some unique string dot Alice .tel and then the friending goes back from Alice to Bob saying this is the unique string for youen CRYPTed with the public key. You have got the private key, you can now remember that fact and then use that to decode the data that's been made available by Alice purely for Bob.
Now, Alice could have many tens of contacts. Colleagues, friends, family and /AUPL the rest of it and she could be making tens of contact data available to each of those friends. So that becomes an end by end problem. If you have got ten contacts. A hundred friends. You are make /AGT same contact data available to them. The grand /HRARDZ of individual friend. That means you'll probably have the order of a NAPTR records stored under Alice .tel. There might be one or two public under Alice .tel and then there is ten under a unique string and so on.
And those encrypted NAPTR records will also stored in the database, so whenever Alice switches her profile from weekend mode to office mode or whatever NAT NAPTR records will also be switched to do the same. Including the encrypted ones that Alice makes available to her friends and her colleagues and family.
So, we have got that handled with the concept of a group. So you can publish the same data to a group of individuals but the granulative one is one to one. So a group can have at least one member and as many members as you want. But if you populate the dame data for everybody in the group you serve separaten stanceationings for members of that group inside that from a DNS perspective each with their own unique string.
So, we then need some applications as well, just encouraging people to populate this data. You can't have people playing around with NAPTR records. Likewise, they need some nice ways to publish the lookup stuff in .tel itself.
And the first problem I am sure some of you already have picked up on is what do you do about web access? There are no user defined address records in a .tel domain name. So, if Friday want to go to web rest now and type in Jim .tel you will have a bad experience because there is nothing there. And it gets worse if you have the misfortune to use Internet Explorer. Internet ex nor decide at page 404 error. What do I do in that case /STPH*EUL do a Google search nor Jim and tell and display the results of the Google search. This is absolutely not what we want to happen.
So we have a proxy which is operated by telnic or address that is [] tell I can controls and decides. So, for people who want they can use the proxy service and in that case then, a userdefined address that is not present but a telnic defined address record is nor the proxy server. So the proxy server gets the address record look up let's say for Jim .tel. Converts that into a NAPTR look up in the DNS for Jim .tel retrieves the result and gives you a formatted page with icons and publicable Linx. You click on the link and activate the communication with whoever you want.
We have also got some open source software available. There is also proof of concept I phone client that CTO flung together in a couple of days. It's actually the first attempt to us autoing objective C programming as well. It might be a little shaky at the edges but it works.
A couple of applications didn't get the point for launch. Kind of been parked. The first of those was an address book plug in or an address book plug in B write. It's relatively easy to extent the apple address book to include this because it's all written in XML. The problem is making that clickable and live whenever you put your mouse button over that part of the address book bar. And dealing with that is very, very hard. It essentially means having to do a reskin of the whole application and that's difficult to do even with someone tried to reverse the address book application.
We also have a Java client for mobile phones. That's kind of died a death too but for different reasons. The first reason for that is practical. The problem is that a lot of mobile phone company's have got very badly broken DNS set up. So whenever you do a DNS look up, it either doesn't allow you to get a large amount of data bark, which is what with need for NAPTR record look ups. That's about a kilobyte of data. So the convention response is if you got truncation, then you find that TCP connections don't washing because most mobile phone companies don't think DNS works over TCP. It filed tore that reason. Although it will still work and it you'lley works here and I can give you a demo if anyone wants to see it.
The final reason that we actually had to abandon this was to do with the encryption stuff because to do the decryption in real time on a mobile phone takes of the order of 20 seconds. A mobile phone processor is not fast enough to do this in Java and the really a/SKWROEUG this is most of the intelligent mobile phones have got two prosers in T a low processor that does all the day acome and does the indescription anyway but unfortunately you can't get access to that processor which could do the RSA decryption fairly quickly. That will do it in Java which is fairly slow. We also have a John term /AL NAPTR wizard.
That stuff is going to be thrown over the wall on to delve .tel dot organise.
We are going to do a test of this. We are going to announce VIP .tel at the ICANN meeting next week and I have got a live demo set up and we are going to do a little demo it have right here and now, pray God it does work and doesn't fall over. The intention to give some real world experience of what this user behaviour is like, what functionality is liked and hated and give an introduction, and if you are interested in using this thing, send an email to that address and you can play with this at the beginning of next week.
Launch 20 was at the ICANN meeting next week and VIP .tel was shut down at the start of land rush next year. We expect it to come back. Sunrise which is for the IPR holders is going to start on December 3rd. Two months later we are Land Rush. And then towards the end of March is when the names are going to be up for general availability. Or you also hopefully run out and buy your .tel domain names.
At that point I have done my presentation. I am now going to quit and do a little demo.
( .tel is. Tell)
This is what you get for looking up Jim .tel. (Demonstration is then done)
Here we have got the voice number and I if I can /KHR in in one it will fire up Skype and then it will call that phone number, which is not all that particular phone number because Skype won't work on my laptop. To prove that I am not cheating here, I will do a quick look up.
As you can see there is no address record for jim.tel in the DNS, but there are NAPTRs: You just can't see them in a nice pretty way. On the other hand, what I'll now do is go to to management. This is following a nonterminal NAPTR chain and the web proxy here has been to fix this and I /KHREUPL on jim.tel and that gives me the results that are published here with my office number. Mobile number, VoIP, Skype, SMS and here is a link to my enondelegation mobile phone number if I want to use ENUM as well because that's just using NAPTRs as well.
What about encryption stuff? Well, quick and dirty hack encryption). There we have the encrypted NAPTR records that are stored under launch .tel, one of my colleagues, which is for me. Used the name jim.tel because it's easier. Which is what would be actually use forward real. You get ex CRYPT owe and if anyone can make sense of that, you are better man than me, or woman. However, if I go back here, this web proxy knows about the secret key that's been used to encode that information. There we have four NAPTR records there were there before. The ones that were encrypted with [] excrypto with a service field and again I can click on this number and call Lawrence and get him out of bed. Doing that one, this will �.O5 you be ex light. Some parts of the demo don't work after all.
Right. What I am now going to do is show a demonstration of provisioning in the DNS for real. So this is where I am using the NSP provisioning system that's written in Java . What I want to now do is add a contact. We will pick a phone number and at this point, I would like a a phone number for a member of the studio audience, can I have a volunteer to give a phone number please? That's done. It's now provisionally the DNS and if you now look at the domain, we'll see the NAPTR record there. Okay. Now, then well, here we have a apologies for the people who are doing the web cast. The screen doing the stenographer re was showing this thing.
So we'll do a lookup .tel. I am going to put in that name. At this point this BlackBerry is having a chat with the mobile phone system to see if I can get a data access. It's now doing a DNS look up. There is the data there, it's stored in the DNS. If we just wait a sec. Randy is your phone on silent?
(Applause)
Now, then one last thing. You have now added another phone number. This one is mine. What we are going to do is make that the most important NAPTR record by just shifting it up like that. So, if we now do a lookup notice here on the screen, you see there on the NAPTR records you see you have got an auto value of 1 for the email TR L and 2. As a second preference being for the voice number for Randy Bush. The way in which the NAPTR records are stored in random order inside the DNS but the priority field determines the order in which to process. Notice with a 60 second NAPTR look up on that. If I now do a lookup again, that's expired from the cash. We should now see we have got 3 URLs. We have got a second phone number in there and my phone number is now the highest priority. If I now go back to this BlackBerry client. I go back here again. Do it one more time.
So those are the results there. With that, I am happy to take questions.
Question and answer session:
CHAIR: Any questions? A small technical one. Seeing the amount of records explored and so on, I mean, how soon do you think that EDS won't be enough, you really have to go to TCP for the lookup, for the answer?
SPEAKER: The problem with EDS lookups primarily for the mobile phone companies, this is a difficult one to solve and it's one that is going to take a concerted effort by more than just telnic to try and just deal with because it's primarily to do with the Internet access points we have. ED N shouldn't be a practical problem for doing .tel look ups, because you can set /EP, as I am sure you can realise up to 64 K, which give you of the order of 5,600 contacts for an individual .tel lookup. Remember, if you are talking about private content. Take an example of Bob looking up at private /AL /SEUSs pro /SREUFPLGTS Bob is not going to look up alice.tel. He is going to look up /PHRA /PHRA alice.tel which contains 10 or 20 NAPTRs just for Bob. Does that answer the question.
AUDIENCE SPEAKER: I was user interface, I see you struggling with all those characters, numbers, so it's easier to type in into keyboard of
SPEAKER: That's true. But I was doing it sort of limited functionality, the acts that this client has which you can't realistically demonstrate here but you are welcome to have a play with so you actually have the ability to actually do more smarter input the content on to your handheld device rather than type in by hand. Functionality, the demo was a little bit clumsy at the edges. There are better and smoother methods of dealing with it but it's not practical to demonstrate these when you are trying to do a live demo with limited capability and display capabilities like I showed here.
AUDIENCE SPEAKER: The last thing, I was wondering about if this is really going to fly, I mean, do you really think flat name space .tel will be enough? I mean, it seems to be an awful lot, millions and millions and millions of entries, I mean
SPEAKER: If you were to fly technically, yes, I don't see there is any kind of constraints. Because what we are doing is sticking data into the DNS and DNS is infinite flexible. So I don't think there is a problem from a DNS perspective. We might have some engineering and operational issues, let's say we get to a point where an individual name service provider is dealing with let's say hundreds of thousands or perhaps even half a million or a million .tel registrations and they all flip profiles at eight o'clock in the morning. That might be an interesting little problem to solve but I don't think we have an issue with the DNS. There might be issues about whether people actually use the thing itself. Threats a separate problem.
AUDIENCE SPEAKER:
CHAIR: Last question.
AUDIENCE SPEAKER: The point of using the I think there is a very Coombe use of NAPTR. But I am usually
What is the chances of owe laugh, owe laugh .tel is registering? How many John Does can you register in flat name space in
How does this carry over to other parts of DNS?
SPEAKER: S that is the problem with you we have problems with gmail accounts and hotmail accounts. Only one person can be [email protected]. Now, we could try and introduce scaling or introducing more structure into the name space, but we are looking at that in the corporate market so let's say a large company, like Phillips, could have phillips.tel and structure an internal phone book for the company underneath that. For individuals it's a bit trickier but we have got the possibility to do things there if the need arises. At the moment the main names, certain names are going to be reserve today two letter country codes aside. But telnic would have the opportunity to open them up if they get the consent of the country. So if SIDL was willing to open up, allow nl.tel to be used then he could use that as another way of extending the name space, fattening as well deepening it.
CHAIR: Okay. Thank you.
(Applause)
CHAIR: The next presentation is by Arnold [Nipper] who will give experiences with the new DECIX infrastructure, the Internet exchange in Frankfurt.
SPEAKER: I am Arnold [Nipper] from DECIX in Frankfurt. That you know for the introduction and I am happy to be here. So what I will do is to give you a short overview on the design and common experience of the new DECIX infrastructure.
Actually, DECIX isn't exchange point. Those of you who don't know what an Internet exchange point is.
You know, RIPE, the two letters in the middle, stand for IP, and Internet exchange point do not even know what IP is so we are not on lay street, we do not lay statutory or IP at all, but we are, you could say in the machine room of the IP world. So we are only able to know about their tools.
What we talk about it, what we did do this year was we changed our policy and infrastructure to be able to go better with the traffic you gave us this was the motivation of the design of the new infrastructure with what actually part and then I tell something about the implementation, finally I will sum up. So, this is a picture from a Google and it shows where DECIX are. So we are distributed in an exchange, that means in an exchange operated switches and all the ISPs connect to this infrastructure.
This is Frankfurt, this is a river, we are familiar with Frankfurt. We have two big sites in the east of Frankfurt. You see this is a railway station and we have sites in the west and the middle of Frankfurt. And also the numbering of 1, 2, 3, 4 also shows the history of how DECIX evolved. Actually to be honest, what I left out originally this was over here but we soon moved in the east of Frankfurt.
.
Which topology we had? In case I need the picture somewhat shifted this is much better. So, again, we have the infrastructure over here. DECIX 1 and DECIX 2 were the original sites where we had our switches. Most of the customers and traffic still is at DECIX 1 and DECIX 2. So we had more or less all the switches were connected to this one, which was the main distribution switch. And we had op particular switches in between DECIX 3 and DECIX 4 which was brought them more Tara part. The switches to be able to switch over traffic from 1 to 3 if 1 should fail or if we had problems.
So, at the old Internet exchange point and we grew over time from a single switch over here. The next one was we have more resilience or to be able to cope with more customers we introduced a second one. It's really simple if you have only have two switches, us just interconnect. Put in some resilience and then you are done.
The next actually was because there was not only one two location sites in Frankfurt that we tried to cover all the other side as well. Which led to DECIX 3 as well as DECIX 4. And the problem here is to how we interconnect all the switches that you are able to give that performance to your customers: What you see is the real problem we face with we had one or two switches which actually has two functions. The first had two connect customers, but the second function is also to distribute all the traffic which was the backbone to the other switches. So this leads more less into a race condition between ports for band width as well as ports for customers. With we have to look do we have enough port width to connect new customers? Do we have enough port to cope with initial band width that come with all the other customers? Also, from an operational appointment of view F this combined switch actually distribution fails, not only the distribution is involved, but we also have customer impact.
So, this switch at end of last year that we sat down and said we have to do something and to develop a new infrastructure, a new topology.
So this was the question being put on us, how, what should be about the new infrastructure? First of all was, which topology to choose. Typically, if you have switches, you might have a start topology that means you have a switch in the middle which will be to distribute switch. Other POP /POG sees would be to put all the customer switches into a ring. That means you have wind up up in a ring and all the traffic is flowing from one switch to the other before it reaches the final destination.
Please keep in mind, if you remember, switching is not like IP. IP you might have topology as one. For switches in the switching world to work, you always have to use suspend tree or to build a tree, a loop free topology, that means even if you have a ring I go on with my /TPREPBGS because what's missing at the left is not that important.
So even if you have physically a ring, spending three on other mechanism you always make sure that you do not have a logical route on that. So additional links in your topology are only able for back up work but never for taking more traffic as long as you follow classical switching rules.
I will continue, not no lose time.
So, first what I said is you have to decide which tollology to use and the next is which technology to use to interconnect your switches. And you might mention the single fibre is not enough to cope with all the traffic. So what do you typically, can you, if you need more band widths between two switches, you build an easy channel. You can slow it up to 16 or 32 and links into is an easy channel.
Having to install a /TKAPT 5 you have in time if you have to increase band width, it's not really the way to do it. Let's talk about the technology to use, because every time you have to pay installation costs as well as much reoccurring costs, it depends on where you have. For example, if you are in Amsterdam, you can get .5 for 300 euros /AP month but also we are in Frankfurt you can get .5 which is ten kilometres long for let's say a thousand euros but these are high in current costs. Perhaps you can get better off with DWDM. DWDM technology or prices dropped a lot in the last years and using DWDM equipment it's only a onetime cost, that means you only have to rent one fibre and then you put the DWDM system on it and every time you have to increase the band width, you simply install additional trend receivers on both sides and you are happy.
The next question we had to answer was which resilience? I said before that the typical way a lay to installs resilience is to use spanning tree. Other would be MRP, which is some sort of layer to technology also to use resilient infrastructure.
The last one is just to drop all of these layer 2 technologies and to go down to the layer 0, that means to use the fibre interaction to put in some devices to get these resilients and I will show you later how this will look like.
So, these are the answers to the question. We decided to more or less use the start topology we already had but just to separate the two functions we had put into one switch. That means to put out the distribution functionality and install new switches for that.
Second is, because costwise and technologywise, it is more or less a nobrainer not to use .5 /TP* when we have to install the band widths but to use DWDM equipment.
Last one is we also decided not to use STP or something like that, specially if something like that wasn't available for the platform you use, but to install some optical switches to give resilience to the end infrastructure.
Next is under the consigned contribution, it's the new infrastructure so that we'll be stable for let's say two years. It should be simple and robust. It should be cost efficient and we want it to be, it should be easy to migrate from the current infrastructure topology to the new one.
So whatever the building blocks of thee new infrastructures? The call switches for the star, then the DWDM de/PHUBGSs and /PHUBGSs for the interconnect and the optical switches.
Next is, let's talk about how to call. First or the next question is we have to put the cost. (Course) so I told you before the four main sites over Frankfurt, and where we could have put the core sites. And also what we considered for a short moment, all of our current core sites are within a location which we do not own. So, we are renting recognise space of colocation site from colocation providers provides this stuff to us. So, one idea was just get ride of all the colocation facilities, put in the core switch over there and then you will independent of that.
And finally, which POP to use from? For example, as I told you, most of our customers are at DECIX 1 and DECIX 2, having the cost which is over here might also save some money because you don't have to lay as many fibres in between.
So, we finally decided to have our core switches put in as much separated location as possible. That means not too close to each other. And to not build our own POP for that. The main reason is that we thought by having located the cores in two different colocation which are not owned by the same colocation company is already much resilience.
So you see this box over here, this is one of the course, the existing E 1200 was just able to take up to 56 technical points.
Next is the DWDM equipment. We have here the access switch we put in the DWDM equipment over here, then you have dark fibre and the same on the other side. And going into the core switch.
Our passive was not to go for any activity DWDM equipment. The main reason for it is because we did not really there wasn't really a need for active DWDM equipment. The other is also was passive passively the DWDM equipment actually does not need any power. It's simply, or technology installed and it's completely passive. There is nothing that can break.
Though the system we are using is able to use up to 16 channels, that would be enough because our core switches do not support more than /# 0 links in a channel anyway. And to connect (60) the DWDM system, you will see how we did it and we had one pair of diverse fibre routes for each DWDM equipment. This is a picture how it looks like. This is a picture of the core switch where all the DWDM equipment comes together. So you see DWDM chassises coming from each end switch.
And we choose optics as a system for designing all the optical stuff as well as providing the DWDM chassises and receivers.
So, again, this is Frankfurt and we ran rented from two different carriers, diverse routes between the core box. One of the course is over here and the other core is over year, so that means one fibre route is going there and the other fibre route is going there. And it's set for each switch there is a pair of fibres, one pair going into the north of the river and one going in the south of the river.
So the more interesting part is really how are we install resilience. So, resilience is simply installed which having optical switches. These optical switches have one primary path and one pickup path. Though the primi and backup paths are going via diverse fibre routes, you see this here, this is one for one edge and the other edge and we also have on the other side, we also need that. It shows it in that picture. I have got it working in a master slave configuration.
So, this is how it works. We have the access over here where the customers are connected to and then comes to the DWDM equipment. Then comes to optical master switch, connected with the primary path to the optical slave on the other side on the working side and the DWDM system and the core switch. The same with the backup switch to the backup switch.
So, if this system or that system should detect loss of signal on any time, it will signal so the master slave and the master slave then will switch within 10 milliseconds to the backup path.
So this is now the whole picture of the building block you have more or less left out all the details. So these are the two core switches, the active core and the backup protection core. This is the path and so what happens, if something goes wrong? For example, if one of the fibres and the score switch is broken? Then the optical device, the optical switches, this is also a feature we developed as a band width. All the optical switches talk to each other. So if one is detecting a failure, this optical switch is signalling this to all the other switches and all the other switches, tell the other switch please switch over to the backup path and all the other switches are recording yes, okay I am able to do it. And as soon as the primary then gets information, it will. , it will switch back to the that switch.
The next is the problem is fixed. We either leave it the way it was or switch back to the primary path.
So, so far to the design.
Next, what we really had to do is the implementation of the new infrastructure.
This, more or less, was daytoday work because order lines we already did before, the trance /SAOERS, we already worked using DWDM equipment at that time, but more or less also daytoday work, we have to take into mind that for DWDM transceivers, we belong in time. Or in the chassises, the switches. So install everything and test everything. Testing everything was also a hard part because we were not able of course to build a test the infrastructure for all across our time. So what we did was we simulated by, we have a test in 600, we tested by putting different VLANs across the switching brigand then connected all the fibres switches between different VLANs and simulated how it works if you, for example, block the fibre, how long does it take that the whole network converts over to the new infrastructures.
And then of course, a soon after you have installed, you have to migrate your old topology to the new one. So, I showed you this is what this scenario is. This one was a standby switch, this means that this stand by switches had a lot of interfaces that were not in production. We were able to connect one of the course to the existing infrastructure. The thing is we replaced everything in between with the DWDM equipment and optical switches. That means that was what we did. All the inter connection between the existing infrastructures were moved slowly to DWDM equipment. We could do this while customers still exchange traffic because all the links are grouped together and the we only pulled out one of the links at a time, moved it to DWDM equipment and then put it back down into the easy channel.
The hardest part you'lley was to move (ether channel) all these switches to the core. So we took one of peak hour to replace to replace all the existing interconnects from DECIX 1 was the core to that core.
And in a later service what we did was we tested the fade over offices. This was really an exciting moment because from the we knew that it should work but of course we did not really know if it works. So what we did in this test, we simulated fibre cut by just plugging and replugging the cable and the second step was that with did control fade over, that means we locked into one of the optical switches and then that just the web fade over.
While doing the fade over test, we detected that one of the switches did not come up properly and this was due to a wrong calculation of the optical batch. You see, the distance between the edge switch and the core switches are different. At that time the edge switch was located only 10 metres apart from one core switch to the backup, 10 kilometres apart, that means you have to calculate with optical batch. But removing the incinerator solves the problem and so we were active again.
We also decided that we will use both core switches, or fade over on irregular basis, that means every three months, we fade over from one core to the other core just to see that everything is working.
So the whole project from planning to fail over test took almost nine months and the hardest part for us was really to design the new infrastructure. And experience showed that beside of this outage of the fail over test, everything worked as we expected and we have had no problems so far.
So the main engineer who did all this work is Daniel, who is unfortunately not able to be here. The next will be that we will have to replace the course by bigger ones, but as soon as they will be needed or become available, that should be quite easy because now we have a stand by and an active core. We simply remove or install a bigger box as a standby core fail over to the then now active core and then replace the second core.
So that's it.
(Applause)
CHAIR: Are there any questions for Arnold?
AUDIENCE SPEAKER: I have one quick question. How are you synchronising the optical switches switch over? What's the back channel for that?
SPEAKER: For the purpose from developed by these networks, so this is a service of information they are changing this. If one of the optical switches detect that there is a problem with the primary path, it is signalling this by the UDP to the remote site. All the optical switches are connected to the different optical network. And that the other switches are signalling it back, yes, I am ready to do the switch over and then de
CHAIR: Up more question.
AUDIENCE SPEAKER: I had the same question. I had the same question but I have to just think about a followup one.
How is that different network, that actually these optical switches use made high availability? Is that running on the same fibres?
SPEAKER: No, it's not running on the same fibre. The whole management network we have this separate fibre network which is completely independent of the production network. Resilient, to be honest, resilient for the management network is done by a spanning tree. Awed ought the other question is when you did the sort of botched fail over attempt, how did you diagnose actually that it was the optical budge the? How does one find these things out? I am just curious. When you just
SPEAKER: What we saw is that all of the ports did not come up. So, and this was a strong indication that something is wrong with the optical network. And then we already knew that we had to play around with the optical batches and we removed the attenuator and then the switch came back. So to be honest, the first step that something that something went wrong by switching over, we switched back and forth and we still had the same error and then we removed the attenuator and then the switch came up properly.
CHAIR: Okay. Thank you again Arnold.
The next speaker and after that we will have the delayed coffee break. The next speaker is Randy Bush from IIJ who will talk about ANP, the revenge of the stupid core.
While we are setting that up, one thing I think we should do this week is start a betting pool with how soon Geoff Huston shows a decline in IPv4 address allocation due to the economic crash?
I am going to sneak in a quick talk just before the announced one. There was a meeting four weeks ago in Montreal, and IETF interim meeting about coexistence mechanisms for IPv4 and IPv6. I just want to spend three minutes on it because I think it's important for you to check this stuff out and make sure it meets your needs in operating the Internet. This little thing we are trying to keep working.
It divided the space of coexistence, in other words, how v4 things could get to v6 things and vice versa into translator, for example, the NatPT replacement and tunnels. The solution for the large consumer problem which is what I am actually going to talk about.
The translators, there are three pieces of it. One is SIIT, the IPv6 host is trying to reach an IPv4 service. For instance, send mail to somebody Yours sincerely IPv4 only and this is like my customer. I serve enterprise customers, IIJ, I am the oldest ISP? Japan. In fact the first commercial deployment of IPv6 in the world so we have v6 customers who want to reach v4 hosts. There is the hack for DNS synthesis to allow people on a v6 only network to get a fake v6 address for the v4 post. It's known as the to the D hack and what should be running here on the v6 network, and then there is stuff like NAT 6 and IVI, to deal with the fact of large v6 networks trying to interface with large v4 networks, IVI was developed in China where sure net 2 is a v6 only network that's you know, humongous and yet those people want to deal with v4.
The tunneling approaches are for very large broadband consumer providers. There is dual stack life. Carrier grade NATs and something I am going to talk about now, port bore port borrowing.
I think specially you should look at SIIT, the DNS hack and that stuff makes sure that these things provide you the tool kit you need for v6 transition if you are going that way. And if you are not. Where are you going?
Okay. So, this is the real talk. The problem is that a large broadband provider, and I am talking about very large, does not have enough IPv4 space to be able to give even a /32 to each end point so they can run that. They need more than network 10. Some of them need three or four network tens. I know friends in this room who need two network 10s and they can only get one.
So, they can't give everyone of their CPE, Consumer Premises Equipment, a /32. What do they do? One solution that's been proposed is carrier grade NAT. This puts a big NATs in the core of the network to allow 4 /6 /4 or similar translations. So, the customer has a 4 to 6 NAT and the core reNATs it 6 to 4 to go out the exit for v4 destinations. So they partition their networks and they push big NATs into core of their network. Now of course, you can't do a big NAT in the core of a big network because NATs don't scale well. So, what they are doing is placing mediumsized NATs around the edge near their customer aggregation, at what cable providers call dead ends, etc.. but there is this problem. They break the network. It causes problems for the carrier in scaling etc. But it causes problems for the entire Internet as the captive customers behind these cannot try or use disruptive technology. This is the classic NATs are evil problem. If somebody wanted to deploy, if I, sitting in IIJ, wanted to talk to you behind one of these consumer NATs, we could not try a radically new protocol because we couldn't get their core NAT to deal with it. The NAT in the centre of the net has all the problems of a smart core. If you remember the Telco network is a smart core with dumb edges, the Internet smart edges, dumb core. They are putting smarts in the core and what's you get is walled gardens. Now, I went on Google to look for a nice picture of a garden which had a wall around it and was suffering and this is what I found instead.
So, it's not really correct and we look at this, we decided this isn't really right because these people A are not making money. It's the people building the wall that are making money. So, this is the true one. These people are within the wall and are restricted and exploited. These people own and make the well and they make money and everybody else is in trouble and these people out here who want to communicate with these people here are my customers. And you are in a walled garden right now. Do you notice that AM doesn't work? Do you notice that VoIP doesn't work? It's not that you just can't get the sites, it's that you don't really have Internet here. Okay.
This doesn't have to be inevitable for the big broadband provider. Move the NAT to the CPE. The NAT is at the customer premises now and the point is, then the customer can control it. So if I want to try a new protocol with Susanne, she can just replace her device and I am out somewhere else on the Internet and we can actually try it. So, as Alain says he probably works for the largest broad bad provider in the western world, it's expected that they can replace the home gate ways with a new product, but first you can have incremental deployment products. If we can replace the CPE, then we have a hack free. If cannot run it, then role a IPv4. Adds you incrementally deploy, if you canal role the CPE immediately then one a dual stack core and you already have the address space for that legacy node. So, the excuse of I have to do something funny to keep that one up doesn't hold. So, there really is no need to break the Internet. I am going to give you the hack in one slide and take you through it in a little more detail.
It is, do the work at the CPE so that the customer controls their fate and that's the key thing. Steal bits from the port number to extend the IPv4 address. That's A plus B, address plus bits from the core.
Then in the broadband network, encapsulate the v6 in the ISP core and use normal routing. Boarder routers have to decapsulate and encapsulate inbound.
But this scheme is like four other schemes except it's not exactly like T I get lots of this is like X. Well everything is like X. Indicating new has been invented since 4948. Late in the ARP net ran out in the address space with NCP circa so they didn't want a lot of work into rebuilding, we /SAOER /KWRUG restructuring. So they just wanted to add some more institutions so they did a long leader address extension. But nobody wanted to rewrite the kernels. So Greg Noel stole unused bits from the short leadernd translated. Same hack.
So the CPE is modified. It's configured to use a restricted range of ports. So, for instance, the port in the TCP header is 16 bits, so we are going to steal 4 of those to extend the address. That leaves you 12 bits or 4 K real port numbers, but will 4 K real port numbers be enough for a large household? Just, it's a paper that's in review because there is a website I can show you, but the /PAEUB will probably be approved for 20009 that you will tee mess Your Lordship broadband customer usage and the peak use for an end customer in home was 700 ports. So, probably you know 2 K is enough: You can, we had a discussion in Montreal, you know you could provision more with some bits and others with less bits. There is the point of making port use efficient but you can pay for that is flexity. The HCP could start handing out where the division is. You could dynamically change T how much complexity do you want in exchange for efficiency? I am a simplicity freak. So configuration can be as simple or as complex as you want it to be. /THAET smiley is because I don't think you want it to be complex.
Some port bits are dedicated to the address extension. NATs internal v4 to external A plus P it encapsulates in v6. So the CPE, it takes the internal address, NATs it, puts the prefix that it's been assigned to the ports so that it has it and 15 of its neighbours have the same 32 bit IPv4 address, but each of them has a different /# bits of port. That 32 bits plus 4 gets encapsulated in IPv6 with a well known prefix, v6 buffs will foe that that's going to be on the Internet but it should work in the hardware, any prefix, it makes no difference. So the source of the v6 packet is this well known prefix plus the 32 bits plus the bits we stole from the port. Okay.
The v4 packet is stuffed inside the v6 packet and normal routing out works. Okay. It gets so the edge and the boarder router, the router where this broadband provider meets its peers and maybe its up streams or down streams, makes a global /AOPS, that's okay, strips off the header, the v6 header and what's left is a global v6 pack where the source was A plus P and the destination is v4 dest.. it just sticks it on the Internet. Notice there was no configured tunnel. This was just relying on v6 simple routing. No magic, no fixed tunnel. It went to the proper boarder router for its destination.
Normal backbone routing is used. Only the CPE and the boarder router is modified. All four routers of the provider were untouched. Notice that nothing else /TAEUBGD. The boarder routers did not need stake. The CPE needed no more state than net. No new equipment is introduced. You don't have to pay the vendor. And as I said the boarder routers don't have data scaling issues.
As you are coming inbound heading towards the customer /TKFPS the encapsulates it in a well known plus the source and the destination is well known packet but /TPHO*ET that the destination is A plus P because it will have that port number in it and normal v6 routing will take it all away. Okay. You can aggregate. What's even cooler is if you know I have got a head in and I have got aggregation and I have this, I want to move one of them, I have to renumber it out, I want to take it to a different head end, a different router, whatever. Longest prefix match will work, will take it a way and let you move it, no funny stuff.
So, what has to change the CPE, NATs that handle IPv4 P plus P, decapsulation /APBD /EPB /EPB collapse. Boarder router. If you want to get into variable or dynamic, you are going to get complex life and do V HCP and all sorts of crazy stuff. There is no extra hardware required.
If the backbone is v6 capable and you have a v6 packet, it's just transparent. If it's going from v6 to v6. If the backbone is not v6 compatible, you are going to get into ugly things. We can tell you how to go through but just deploy v6 on the backbone. And all these super large providers are doing so or have done so.
In an IPv4 only core let's not go there.
Thanks to Dave ward for review, endless criticism, endless questions, etc., etc. And Colin also, for working on some of the side issues with us.
That's it.
Questions?
(Applause)
AUDIENCE SPEAKER: I have a nontechnical question. I was in Montreal but you said that this is viable technology for this is a viable technology for the providers who owns the CPEs, who have control over the CPEs, but do you have any idea how common that actually is? Does anyone have any numbers. I know some big providers do, but it's far from already.
SPEAKER: No, most people at least in my culture don't own the CPE, either in Japan or in the States, boast of which are my cultures, but in both of them, they can own the CPE. The point is, 99.9 percent of the users don't want to expert with new technology. But when they do, they should be able to, and if that technology is successful, then it's going to be at the local food store and people can go buy it for 50 bucks. The point is the Internet has succeeded by being a highly disruptive technology, don't break it.
AUDIENCE SPEAKER: I am you should expand on that one what you are saying, if I hear it correctly
AUDIENCE SPEAKER: I have a user hat on. A /AOEURS who doesn't have a public IPv4 address at home by the way. But you can do DMZ because I can tell my router to forward all packets to my box. With this I can't do it, but my question is, I have two questions: One I assume you figured out a way for a CP to talk to another CP that has the same v4 address?
SPEAKER: They are both encapsulated in the v6 header. The v6 routes gets the other.
AUDIENCE SPEAKER: And the V, know how to send packets from themselves to themselves?
SPEAKER: That's transparent. The sort CPE has
AUDIENCE SPEAKER: That's fine. It's more of an implementation issue. I am sure you have addressed it.
Number 2, why do I want this if I can use v6 to deploy the disruptive technology that you are talking about? That's more the question.
SPEAKER: Because the broadband providers are not telling those sites to go to v6.
AUDIENCE SPEAKER: Which sites?
SPEAKER: Their 20 million consumer customers across the United States.
AUDIENCE SPEAKER: So you are saying that the problem here is that people aren't deploying their IPv6, not that
SPEAKER: We can go through this one again. But you know, the end user wants their MTV. They /TOEPBT care if it's delivered over IPv4, IPv6 or whatever, they want their MTV. Telling them /TOEF to convert their windows 95 system to generate an IPv6 packet is just not on.
AUDIENCE SPEAKER: Okay. Well we can keep this up forever, but...
CHAIR: Okay. Next question:
AUDIENCE SPEAKER: Curtis's question again, can you expand on that a little what you meant by they can go out and by that for 50 bucks? Because the thing is like, the way you presented it, it looked like that you really, in order to deploy this, you really have to own a CPE as
SPEAKER: No, you don't have to own a CPE.
AUDIENCE SPEAKER: Explain why.
SPEAKER: The provider will slowly roll out new CPE. As they do so that part of their network is enable for this hack and they get to compress address space, okay. When one site in that compressed space wants to try something new and wonderful, they have the CPE and can put it in an application layer gateway or some form of translation or some special protocol thing to try the disruptive technology. Okay. At their will, okay. The problem is that if it's in the core of the network, the translation is in the core of the network, when I want to try Skype 3, I have to go to Comcast's lawyers to get their to let me do something that when we already know, comcast has been in the newspapers and times for blocking users.
AUDIENCE SPEAKER: Or you up great IPv6. If you are installing
SPEAKER: Can we get from relegitimate on to engineering please.
AUDIENCE SPEAKER: I just came here to say that there is going to be a presentation on some further discussion on the ITF F around this place on Thursday in the IPv6 working group.
SPEAKER: Yes, there is an Internet draft being done on this and there are other competing Internet drafts.
CHAIR: Okay. That's it. Thank you again Randy.
(Applause) now, we are way over time and the next item on the agenda is a coffee break. I think we should try to break our record for coffee breaks and have a very short one, like ten minutes.
(Coffee break)
The plenary session resumed as�follows: Only /AR is OM A R. Etisalat is E T IS A L A T
CHAIR: So, I guess people outside in the corridor cannot here me but I would like to have people seated because we need to start the second part of the afternoon session.
This session will be about local events and deployment of the Internet in this part of the world. Now, we have the opportunity of having the RIPE meeting down here. I think it's important that we get to know a little bit about what is happening here.
The first presentation and this is me trying to pronounce their names, I tried to train in the previous coffee break and they told me no "you can call me this and that" I will try to say the full name anyway. So the first presenter will be only /AR only /AR� Omar. He is coming from etislat and he will talk about the local change, the current status and the strategy looking towards the nature. Thank you very much.
SPEAKER: Thank you. Good afternoon everybody. As he said my name is Omar. I will be presenting etislat and I will talk about . My agenda for today is E mix overview and status and future plans, localisation of traffic, addressing failures and challenges ahead and then I will conclude my presentation.
E mix em rats internet exchange, it was launched in 1998 network access point. We have seven POPs around the world, two in /TPAOUPBLG /AR /RA, one of them in New York, London and Amsterdam Singapore and Frankfurt. We are planninging to get more around the world as demand increases,.
This shows clearly how we are connected to the E mix, how it is.connected. Three types of connection. We have provider connections and we have peerings and we have regional customers, we talk about regional ISPs /TPRERBGS, Kuwait Barain, customers regionally.
Those are some facts about E mix. E mission is giving transit service for etislat so it's a customer for E mix as I talked earlier there is IPS regional customers to I mix. 20 percent of our band width traffic is utilised by E mix customers so the rest is by etislat.
We have been growing very fast in the recent years and we are currently having 187 STM 1 connections, thus divided into 6 STM 16 and 18 STM 14 /#4* and 19 STM 1, so you can do the calculation almost 30 gig of international capacity.
Our policy is normally to upgrade when we reached to 70 percent just to avoid troubles in the future or during cable cut or any issues with the cables and the good part about E mix we currently peer with all G cc countries, all countries in the Gulf so we try to localise traffic as much as possible.
. I don't know, this is not moving.
OK. This shows you how we were connected to our peerings. /WEFP connection as I said earlier to New York and to links to Amsterdam and to Frankfurt and plus to� our future plan by end of this year to connect to west coast and again we have plan to extend our reachability around the world.
This shows you exactly how we are connected around the world. This is all of the connections we have S T 1 and STM 4 and 16. We are targeting to replace all our STM 4 /#1* and 4 to 16 but due to cable provider issues and limitation we are stuck with few STM 16 so far.
This shows you how we are connected to the gulf. We are connected directly and we have private peering with Kuwait Quatar Saudi Arabia and Amann and this shows you how we are having private connection with other ISPs around the world.
The graph shows you we have been talking about the traffic is doubling every year and since 2004 and until now we are seeing double band width is being again raid by our users and we are forecasting for 2009 to have almost 50 gig so it might decrease or get little bit lower. The band width has been increasing for the past few years and this is the current utilisation in E mix, currently reaching to 20 gig of traffic and this will increase in a year time, this will be double.
I talked about cable providers. We are limited with number, we have SP 34 and flag and /TPO*G, /TPO*G we connect the local ISPs in the Gulf but hopefully by end of year 20009 we will get more cable providers.
This shows you how we are a good connected by the peerings, we are receiving almost 50 percent of our Internet routes using our peerings.
And this big graph shows you how we are connected using our direct providers and peerings. We have mover than 500 AS we are connected to to and this will be increasing as soon as we get more connection.
Now I will move to the second point which is E mix strategy. We realise that when we connect to providers we are� we should pay for this type of service, so we would like and we also push to go participate more in internet exchanges and we are targeting to have more capacity on that area where we have peerings and public peering.
E mix currently it is used for IPv4 connectivity but in the near future and also currently in last phases to deploy IPv6 Internet 2 and VoiP and multicast services and this will have a lot of benefits that [EMIX] will be used as a plot form for all those services.
One of the strategy I already talked about is to replace not only STM 1s but to replace 4 with STM 16, the problem that in this region we have limited number of cable providers, and to move to STM 16 it's either costly and the cable provider does not have� they don't have enough capacity to accommodate this type of requirement.
As I talked earlier, we will be providing actually in the last phases of enabling L 2 VPN so will be able to have connected to different branches around the world.
One of the strategy is to improve redundancy it's very important topic that needs to be covered by ISPs. What we do normally, we connect to different cable providers and we choose to connect to east and west just to make sure that any area that has cut in cables so we are not affected by this cut.
Not only by connecting east and west also, we norm leap connect to different IP providers so if we have an issue with one of the providers, so we avoid this by connecting to different providers.
This is the latest update, what we had been doing before we normally connect to different tier one, two /O three and but our forecast is to connect only to tier one providers and maybe you could have peering with tier two and three and other ISPs around the world.
Second point is to localise traffic because the nature of this region that we have multi nagsalities in this country so we will get our contents from normally from outside, not from the locally generated traffic so our target having partnership with content providers and colocate their infrastructure in UAE. We did this with one and we have seen a good success in this area.
The third point is to activate more capacity to our peering this. /T* doesn't make sense to pay a lot of money to providers since we can get the connectivity usinging peerings. So this is why we are moving toward connect to go exchanges, public exchanges. Also, to have open policy peering for private and public peering.
And the last thing is that we are willing to open POPs arched the world. We have an open policy as I said earlier, we study the pattern of the traffic and based of the� of the demand. For example if we have a lot of traffic being generated from India or China, we are willing to get our presence in that region.
Now I will talk about localisation traffic. The problem that we are having here in the ISP most of our traffic is being taken from outside, for example Europe, USA, so this generates a high delay plus the costs will be high, if you want to connect from UAE to US so in this case we have to address this type of issue, so delays will be generated. What do we need to do and what we had decided to do is bring the data closer to the end user so the user will get better performance at the end of the day. Thousand do this: We have introduced a few points, so one of them is to have private and public peering to the regional customers and in this case it doesn't make sense to have traffic flowing all the way to US and come back to Kuwait so we have connection to that region.
Second point, maybe that is suggestion to cache P2P content, most of the� generates almost 40 or 50 percent of total traffic so that is suggestion, maybe some of the ISPs I heard they are doing it but I don't have much information about it.
And introduce web caching, most of the gulf countries they have already this type of setups where the caches are caching the content of the most files and pages. It savings band width and tin creases performance to the users, but for some dynamic sites this will not be beneficial.
Building infrastructure for Arabic content and maybe other languages. We have multinational country here, we have people from more than 200 countries around the world, so sites, the content is being taken from outside rather than it is being taken locally. So one proposal is to have Arabic content created in this region and then the infrastructure is being built. For example right now, not at etisalat they don't have proper infrastructure but for etislat we have we are planning to upgrade this to 40 gig.
And the last point is introduce content delivery network. I am sure many of you have heard about this CDN where those companies they have presence everywhere and servers and the content is getting closer to the user so at the end of the dayate result will be lower late ensee, less hops and increase delivery speed and performance and most important thing is reducing the cost.
How CDN works, normally when customers requests for page, let's say RIPE, it will go to ripe.net, either it will serve the customer by presenting the index page or it will redirect it to CDN, then it will run algorithm and it will choose the best site which is the closest to the client. Normally, the CDN used to host videos, audio images files, thus they have a lot of band width. And then what happens, the server the object from the original serve and then every time a request comes to those object it will be served locally.
How does it work. This is an example, for example that is request from a client to upserve for to the original server and then the data is being pushed to serve, customer get it from a locally replicate server.
Hour experience with the CDN, what we achieved by hosting one CDN we manage today get 5 percent of total traffic by hosting one CDN so imagine what would you do if you had a lot of them.
As traffic increasing, the saving increase so that is rational increase, so every time you increase traffic the saving will be more.
For troubleshooting normally we trace route, we used to have the main server getting the reply but the performance of the connection it will be much, much better because the replica server will be those requests.
I will move to the third /HR* third topic which is addressing failures. In the past maybe one or two years we have seen a lot of failures around the region, almost brought many ISPs down. So one important thing is to have a plan where you prevent from happening, or at least you plan it will so what do you do? You plan capacity properly so at least you are on the safe side even if you have some shortage in the cables or cut in the cables. You have physical redundancy I already mentioned this, so we talk about getting connection east and west for example towards Europe and China or Singapore or other locations and we talk having connection to other cable providers.
Third point is to have traffic management tool, it will assist you in knowing what you have in your network, for example P2P how much it's consuming, social networks how much is getting out and those type of things it will help you decide what you need to do in the future. And I already discussed about our plan, normally we do upgrade our capacity when we reach 70 percent so it depends on the ISP, what they do. 10678 of them they do it 80 percent, some of them do it 90 percent because the band width it's very expensive from this region.
And then we move, I talked about traffic management so it will help you to analyse traffic and it's very important to know what you have in the network, it's very important to know that because based on that you will set targets and put priorities for the importance of the traffic, plus maybe for some SLA users.
And traffic management, so based on your categorisation of the traffic, so you choose what you need to do. One is to protect your infrastructure, for example what we have here in etislat, we have proxy which is responsible for all would be traffic so it's very important to protect this type of infrastructure. Again, when we talk about infrastructure we talk about mails, we talk about the all type of services.
Second thing is avoid effecting web traffic. As I said earlier, traffic generating by web users are very noticeable. Most of the users, they used the Internetor browsers so whenever you effect them you get complaints immediately. One is to avoid this effecting web traffic.
Third option maybe I don't know if this is been doable everywhere or not but I believe many ISPs they are doing it where you peer to peer traffic. Is taken almost 40 to 50 percent in ISPs, and it makes sense to throttle those type of traffic because it will affect the� your traffic when there is cut in cables and so on.
The fourth point here, media rich and social network sites are a considerable percentage of your network. When we talk about one social network site is almost generating 1.5 gig of traffic in our network so if we sum up all of the social network and those media rich content we reach up to maybe 3 or 4 gig of traffic.
So, what etislat is seeing as challenges ahead, one of the challenges ahead will the regional providers will be able to support the current demand for band width or even not only the regional plus the Internet demand. I know there is a lot of traffic being generated by social network and so on. There might be some other application which needs more of band width.
And the� as I said earlier, we have problem with the local providers systems. Some of them they are not capable of handling more band width. STM 64 will it be able and if it was able it will be very costly for the ISP.
This topic being brought again and again to have peering with the gulf countries and the Arab world. Normally those type of connection is very limited so when we talk about, for example, we don't have a peering toward you know, Morrocco or those countries and we always push to have such a connectivity, it will improve localisation of traffic and it will improve also the performance.
Again, we have local content and I already explained what is the benefit of getting local content here. How to address the hunger bandwidth application like P2P and social network. We will have is a lot of application that will consume bandwidth and I have been hearing a lot of sites are generating a lot of traffic based on, you know, demand from user or maybe what we have seen, YouTube for example last two years, did not have is a lot of bandwidth but right now it's consuming a lot of bandwidth in the ISPs network.
My last point is migrating to IPv6, repeatedly asked the question: When the ISPs will migrate. So I have reached my end of my presentation. If you have any questions, please feel free to ask.
(Applause.)
CHAIR: Thank you. Any questions? Is there a question in the back?
AUDIENCE: Yes. I was looking at your presentation earlier and you were mentioning peering with all the GCC countries, so I thought I would ask: How much peering do you have with each of the GCC countries, capacitywise since you are talking about STM 1, 4 /RA* 16 with the rest of the world?
SPEAKER: Yes, it depends, normally what we do�
AUDIENCE: From both two connect and RIPE NCC.
SPEAKER: We study the traffic pattern, for example we talk about case A, we see how much of bandwidth it requires and based on that we decide what type of connectivity do we need to that region and so on.
AUDIENCE: Physically, how much with each country? So how much do you have with KSA right now?
SPEAKER: I don't have a clear answer to this.
AUDIENCE: Approximately.
SPEAKER: We have I think E1 I think
AUDIENCE: So it's in the range of E1? Speak now why is that.
SPEAKER: It's based /ORPB demands. Normally we study how much traffic goes to there and we have� we evaluate the bandwidth requirement and we establish the connection.
AUDIENCE: Thank you.
CHAIR: Do you want to comment.
AUDIENCE: I want to� this is the correct answer.
CHAIR: In the back.
AUDIENCE: Nigel Easynet and RIPE NCC. As a peering coordinator I am quite interested in your presentation.
CHAIR: It's im/PO*B possible to hear what you are saying.
AUDIENCE: Nigel Titley, EasyNet. As a peering coordinator I was interested in your presentation. I wonder what is your overall peering ratio, that is the ratio of peering to transit? I would be interested in hearing that.
SPEAKER: The ratio of peering?
AUDIENCE: Peering to transit, your� traffic ratio between your peerings and your upstream transits.
SPEAKER: Actually what we used to have because we have forecast and Internet transit service but right now we are moving toward getting connection toward peerings so our target is to have like 70 or 80 percent getting from our peering services. So it is like a ratio, 80 percent might be the answer for this.
AUDIENCE: Sour saying you have 80 percent at the moment.
SPEAKER: No not at the moment right now it's less but our target is 80 percent.
CHAIR: Any more questions? In that case, thank you very much for the presentation.
(Applause.)
The next presentation also from a person that is from etislat, it is about the IPv6 deployment and experience of trying to deploy IPv6. The presentation is going to be made by, I will try the name again Abed.
SPEAKER: It's not right.
CHAIR: You see, this is regard. But still, I appreciate myself trying at least because like, because these kind of problems of pronounce something just part of the cultural differences here and saying each other's names and I am not going to ask anyone in this room to pronounce my last name. So while talking about, I found out and remember when sitting down I didn't present myself. Patrick Falstrom is sort of the /RO /PRO* nounsiation in Swedish and I work for CISCO.
SPEAKER: Thank you very much. Even the translator is not working now. Good afternoon, thanks to RIPE forgiving us this opportunity to talk about etislat IPv6 experience.
In fact, my presentation for today is going to touch on three sub categories or subjects one is the introduction to IPv6, and I will go shortly on that because most of you I think here already attended the presentations on the same. The other part will be the experience in the UAE and last details about etisalat specifically.
So I work for etisalat as my previous colleague, he works in EMIX work in Internet development. And both of us are in the IPv6 task force. So let's go from here, the introduction to IPv6, we all know about the NATTing, the private IVs the pros and cons and differences that IPv6 brings to the network in terms of larger address space and easy categorisation, network efficiency,, mobility and the easy way to handle the traffic.
We all know that Internet is booming, is growing. Those are some statistics and forecasts about the growth on the Internet, which is a demand for more IPs and I think the whole world decided that let's go with IPv6. Still, yes, there are some debates but, most of us believe that IPv6 is the solution.
This is the� who is responsible for IPs around the world here. We know that the history of ICANN and IANA and the regional registers, with RIPE NCC or RIPE presence, lap particular, APNIC, AfriNIC all those. Also the IPv4 address exhaustion we all know that IPv4 is going to be exhausted maybe 2011 maybe 12 /WHORBGS knows.
And we know IPv6 is taking place, IPv6 has been allocate today many ISPs around the world by all the regional Internet registers. If we seat allocation per countries, this is the top ten worldwide and in Europe. Most of them are ISPs or telcos.
This is the IPv6 Internet topology map. Yes, it's not similar to what IPv4 got today, but it's growing. This is general tips about IPv6 deployment, where the I� where it stance and deployment around the world. Basics about RFCs availability and IPv6. And what the development people in each company should do in terms of planning, developing get started to deploy the IPv6.
That is summary of techniques of how to get IPv6 deployed in your network, yes there could be more than this number, but this is what I would say it's most general known by many developers. IPv6 and IPv4 coexist in the same network, tunneling techniques translation techniques, 6 to 4 or 4 to 6. Dedicated link which is IPv6, pure IPv6.
Dual stack techniques both as I said IPv4 and IPv6 coexist in the same network. Yes, all routers has to be capable to cope with both protocols and the pros of that is no additional overhead to manage tunnels. IPv6 is handled as normal IP traffic. Recommended for Greenfield deployment, small networks.
Cons of that: Two different configuration in your network, you have to maintain security, access list for both IPv4 and similarly security for IPv6.
And that would apply a major network upgrades.
IPv6 tunnels over IPv4, at the not� the edges of non� config or dynamic. The IPv6 here packets are carried within IPv4 packets. Pros of that: /TPHA*EUBLGS enabling IPv6 implement takeses to take advantage of the existing IPv4 infrastructure without need to change any of the IPv4 backbone components, low cost, low risk approach. Only dedicated network elements need to support IPv6. This is useful in the first step towards IPv6 in the networks which don't have MPLS.
The cons of that, it's high configuration cost and doesn't scale. In case of configed tunnels, yes it's complicated and you have to maintain all manually. In case of automatic, it doesn't scale.
This is the best approach: When you have MPLS core network it's the 6 approach, where you have the IPv6 at the� carried in the MPLS network. This is ideal for MPLS core.
That was my previous short introduction about the protocol and the deployment of it. Let's talk about the UAE. In the UAE, the initiative started in the year 2000 when we held the first IPv6 summit in the Gulf, in Dubai in the year 20001. The initial started by the IPv6 forum and a local company here sponsored by Etisalat. At that time we have a governmental degree issued to deploy the IPv6 by his highness .
Since that time, Etisalat took the subject seriously and started to plan for the deployment. In 2001, we in Etisalat formed the Etisalat IPv6 task force and we had our logo, and the website available.
In 2005 we have the second IPv6 summit held in Abu Dhabi, the capital of. In 2005 we formed the UAE IPv6 task force to represent the country as a whole.
In 2008 we had the third IPv6 summit held in Abu Dhabi and was hosted by the Chamber of Commerce.
This is the IPv6 forum list of all the existing or the task forces around the world. I highlighted the Arab and regional task forces in black, as you can see there are few of them available so far and members of the IPv6 forum. Egypt, Morrocco Tunisia and United Arab Emirates.
In 2005 summit, we had the 320 attendies from representing IT decisionmakers. Targets we formed the task force and this is the logo of the UAE task force. And of course, it's covered by the press. It's sponsored by some other local also companies.
So the UAE IPv6 task force objectives is to discuss the deployment of IPv6 within UAE networks, to raise awareness among UAE community; to discuss IPv6 regulations, requirement, applications, business opportunities, developments and issues relevant to the UAE market of course; creating forums and communicate with others; owl goal is smoothly implement IPv6 in the UAE.
So, the UAE task force consist of different sectors, around nine so far. And in the year 20008, OK, we had the third Gulf summit. As I said, hosted by the Abu Dhabi Chamber of Commerce. That was the introduction about the UAE IPv6 experience as a whole. I will talk about now the Etisalat specifically.
Etisalat, the United Arab Emirates Telecom provider since the 1976. Etisalat is on track to be one of the top ten operators by 2010, Etisalat ranked as one of the 20 largest operators in the world and the largest in the Arab world by Financial Times. Etisalat ranked as the fastest growing mobile operator in the world, a study done by the information group recently.
Etisalat services are all mainly IP based, Internet access, voice over IP, treble play, data centre hosting, mobile broadband, 3G, 3.5 G and 4 G services.
Etisalat is growing internationally also, Etisalat exists in 17 countries, and with a customer base of 74 million subscribers now. Etisalat toward or toward vat gee and direction to be a bigger one, a huge big one network. Demand for IPv6 as we believe.
Etisalat and UAENIC is division in Etisalat. Etisalat is a local register for since 1995 and the presented by the UAENIC.
Etisalat has tight relationship with RIPE. Etisalat was selected by RIPE to be the first Telecom in the Middle East to host RIPE regional meeting in 2003 and nows happening again with the 57th meeting.
The.A EC CT L D DNS is IPv6 already.
This is the table showing the allocation of the IPv4 addresses and the consumption of those IPv4 addresses.
We know the Etisalat broadband has been� operated brand baud is growing, in the year 20008 it's doubling. That is demand for more IPs, demand for deploying IPv6. Etisalat is going mass civil with the GPO N deployment for services. Triple play services requires four IPv4 addresses, one for ONT, for IP TV, one for VoIP, one for Internet access. This is a huge demand on IPv4 addresses, so to go with IPv6, another demand treble play is is a demand for IPv6.
Growth and demand for IPv6:
So the number of broadband users is increasing based on all access technologies. Mobile or fixed access technology. Customers are always� are always on of time rather than . Similarly, to be to be peer to peer applications. Type of terminals are also increasing in the mobile and fixed access as the demand for IPs. NATTing is another solution. NATTing cannot be alone� alone can no longer be be seen as a solution.
Objectives of Etisalat IPv6:
Yes, IPv6 will run out by year 2011/12, we shall be ready.
We shall be continually leading the region by having early deployment of IPv6 and represent Etisalat in all events.
We have to get experience with IPv6 by knowing the advantages and limitations of it and assist in troubleshooting to gain the technical knowledge.
We need to build scapable IPv6 test network to ensure IPv6 standards compliance for Etisalat current and future systems and to establish a test environment to evaluate the compliance of hardware and software with IPv6.
Work towards exposure of IPv6 standards within the universities, colleges and research centres in UAE. This is the IPv6 organisation: We have two main branches, one is the IPv6 work scheme, that is fiveyear supported programme under the PMO/PIU, stream towards the Etisalat target network. Etisalat in transition programme for the future target networks, fiveyear plan, and the IPv6 work scheme is working under this PMO to get the IPv6 implemented in this target network and the other side of, we have Etisalat IPv6 task force, working on the existing systems, any tests required, communicating with the UAE, task forces and do the necessary testing for the new or existing systems or elements to make sure they are compliant with the IPv6 protocol. Those are the IP addresses, these are the email address so is you can contact us on those and we have a website for www. IPv6.AE and another website for the lab, where we publish the tests that we do internally.
Contractually, we worked internally and we had a clause added to all our RFPs and RFQs, requests for proposals or that all the supply systems, hardware and software, wherever IP connectivity is required should support IPv6 and IPv4 w latest standards of IETF ITU and other governing communication standards. If the system is not compliant to the above, the supplier should indicate the road map to implement IPv6 and clearly state when the system would be compliant to IPv6. The up grade of course, should be free of cost.
Further, the vendor should confirm that the product would be kept abreast with the IPv6 development. And we circulated as a task force, through the management to all the engineering section that they have to work on the existing systems, vendors to get the statement of direction towards IPv6 and to do the necessary IPv6 compliance test needed.
Etisalat IPv6 history. .
Since 2001, up to now, 2008, in 2001 we formed the Etisalat task force, in 2001 again we started the test with the 6 bone via sprint v6.
In 2001 we obtain the global unicast address space, it belongs to us. In 2002 we built Etisalat basic IPv6 test network. 2003 building Etisalat IPv6 systems infrastructure, DNS, Webb, basic ones, we established the websites for us. We start working in verifying the networks and services elements to IPv6 standard. We start tested with regional ISPs and big enterprise customers and we had the implementation five� five years implementation plan also developed. And we had started also with the first production network in the� in network development network.
In 2008, we will connect with research centres, we will have connectivity with research centres also, focus on IPv6 applications, establish native IPv6 connectivity with GCC / EMIX customers. We will work also in introducing IPv6 in some other introductional network. Increase the peering with other telcos and ISPs around the world.
We will continually� the initiative on a national wide by promoting and creating awareness on the next generation protocol in the community.
This is the set road map for us, more tests in the application level, and more slowly introducing IPv6 and some production networks. This is the Etisalat high level topology or network. (Networks is networks). My colleague covered the EMIX part of it which is the top one, and we have the core network and some other supporting networks.
This is the IPv6 task network. We tried, somehow, to simulate the production and target network where we had a core MPLS core and a gateway which is representing EMIX and international connectivity. Today we have international connectivities done through the tunneling IPv4 tunneling. And some other production. This is the first production network in the Knock as I said. Yes, we need our people, our staff to start feeling and working on IPv6 in their daily work.
Peering we� we establish peering was sprint, above net, hurricane electric, Deutsche Telecom, ISC and F root DNS, Cable & Wireless, KDDI and RIPE, K route server.
Test beds, we established a few with the 6 bone Q tel in Qatar, universities and academy.
ANKABUT is is an initial tip of by Etisalat and the university. This is similar to the Internet 2 network and it's built on using IPv6 network so dual stack.
So yes, it is similar in in an in nature to the Internet 2, this is the high speed dedicated network for research and education, creates opportunity for the UAE to lead in research and education fields. Provides connectivity with peers at the international level to effectively participate and collaborate in research activities.
Provides IP connectivity for universities to connect their branches in secure method.
I believe we will be starting with 120 different universities and research centres in UAE. This is the network which is at the last phases of it, IPs are configed and up. With international connectivity London� in New York internet exchange with Internet 2.
With the future plan to expand this network as needed.
So Internet 2 is a not for profit advanced network consortium comprising more than 200 universities in cooperation with 70 leading corporations, 45 government agencies, laboratories and other institutions and 50 international partner organisations.
ANKABUT applications, they are quite a lot, videoconferencing, file transfer, VPN, VoIP, security, and IPv6 of course is the basic.
So Etisalat contribution in IPv6: Etisalat is member of the IPv6 forum since the year 2000.
Etisalat is cofounder basically.
First in the region to test the IPv6 with 6 bone, that is in 2001.
First in the region to obtain IPv6 global address space. First to present/show case IPv6 in RIPE NCC regional meetings in 2003.
And first to� Etisalat order� initiative on IPv6 in the Middle East by network Middle East organisation in June 2005.
This is what EMIX and what was presented by my colleague Omar in the previous presentation, and yes, we are planning in EMIX to have native peering over� today we have a peering using IPv4 tunnels but hopefully we will have a native peering using dedicated IPv6 links and by this I will conclude my presentation. Thank you very much for your time and listening. Thank you very much.
(Applause)
CHAIR: Thank you, thank you very much, do we have any questions? Randy.
Ran bush: IIJ. There are� the IPv6 forum is of course notorious for the people who monitor all the websites and mail servers of the members of the IPv6 forum and they don't have any IPv6 services. And when will you actually have your mail server your web server, your DNS servers, IPv6 enabled? None of them, /TORBGSD /A*EU just checked, have IPv6 addresses. And this is an operators' meeting, not an IPv6 forum meeting. So, we just� we actually run IPv6 and we are kind of wondering, what is the actual deployment, you know, I can ping it.
SPEAKER: I can't answer this of course, yes, on behalf of others but we at Etisalat and IPv6 an opportunity for us in terms of business and technical. And yes, it's demanding from some customers, also.
AUDIENCE: Let me echo Randy again.
Chair who are you?
AUDIENCE: If I look at Lap.IPv6.A E I notice it's not reachable over IPv6 any way.
SPEAKER: That is an IPv6 ready but it's published internally. We don't publish it to the public, you know, over the Internet. It's used for internal use only.
AUDIENCE: It's not reachable nor the� nothing.
SPEAKER: Sure. Thank you.
Nigel: Again, wearing my peering coordinator hat; when do you propose� do you have any definitive dates yet for when you propose to bring up IPv6 native peerings at public peering points?
SPEAKER: No we don't set the definitive date for that but what� we are similar to all other big operators around the world: Yes, we don't have a clear or set time frame in when we are going to provide IPv6 for consumers, but as I said, we are, today, working closely with the universities, the research centres, with all the big customers who is demanding, who needs the IPv6 for testing, for maybe, you know, we are an operator, we are a service provider so in case our customers ask for IPv6 we have to give them IPv6, so? And we have to closely, OK, and we have to, you know, gradually work on� assisting where we have to deploy IPv6, which is for the benefit of our services and what the customers are basically demanding.
/TPHAEUPBLG he will: Thank you.
CHAIR: Any more questions? One more question coming.
AUDIENCE: You mention that had we have IPv6 and I was checking� have some communication because I couldn't get can you perhaps get that up because would he love to have these IPv6�
SPEAKER: Sure yes we will be talking about that off line.
CHAIR: Anything else? Any more questions? In that case, I think we should thank you very much for the presentation.
(Applause)
CHAIR: Now we are going to stay in the region but we are leaving the UAE and going to get a presentation on the development of Internet in Saudi Arabia and the presentation is going to be held by Ibraheem.
SPEAKER: : Thank you for staying late for this presentation. My name is , I am from CITC which is Telecom and IT regulator in Saudi Arabia.
And this presentation will go quickly over some of the recent developments in Saudi Arabia.
We will have an overview of the �CT market and then some of the usage in Saudi Arabia, the Internet development strategy that was developed by CITC, we will talk quickly about the national internet exchange, spam and then IPv6.
What will not /PB covered in this presentation, we will not talk about the DNS part (DNS) and also we will not talk about the regional and international internet exchange, we will talk about the national part of the Internet traffic.
So quickly about Saudi market. Saudi Arabia is one of the GCC countries, largest population is about 25 million. Most of them are Saudis.
Annual growth is 2.3, �CT sector is fastest growing. Has young population, about 50 percent than 20.
One factor of Saudi Arabia the average family size is large 5.7 which is good for broadband penetration.
The GDP per capita is about 1,500� 15,000 dollars, and there is heavy investments in the ICT technology. Saudi Arabia is someone of the ICT markets in the region.
Some quick facts:
Fixed line penetration is about 17 percent per capita which is not bad considering the average family size.
Mobile presentation, over 100 percent, broadband penetration per household is about eleven percent, that was end of 2007; now, we are talking about 17 percent household penetration.
Fixed lines Internet penetration, I will come back to that.
Coming from� I want to give quick overview about ICT sector reform in Saudi Arabia. The Internet started in Saudi Arabia about '97. There were a number of licensed ICT, initially about 30 to 40 ISPs. In '98 that dominant operator was incorporated in and the STC was formed, is Saudi telecommunication company and it is main operator in Saudi Arabia.
Quickly over some of the things, more licence were issued for new operators. ICT was established in 2002. Initially it was communication commission only. That was in 21 or end of 2001. In 2003, the IT part was added to it and became communication and IT commission.
Some of the recent developments, programme was initiated second and third mobile licence were launched. Internet restructuring project was done and we will go quickly over that.
And more licences have been issued all the time. This would be available for different presentation. I don't want to go into the details of it.
Internet penetration in Saudi Arabia, in end of 2007 there was about� was 31 percent and we expect that to grow quickly so we expect to follow an. One of the reasons for the quick development was we have young population and then there are more and more penetration for broadband and with the banks and the stock market has big part to play� played a big part in the Internet penetration, especially the stock market, when people were able to trade online we saw huge jump in traffic and number of users.
Internet usage in Saudi Arabia:
In end of 2007 we did a big survey to collect a lot of statistics about the Internet in Saudi Arabia. We tried to cover five categories: The general consumers, the business, the health sector, educational sector and government. All the results are published in C IT website and I will give you the link at the end of the presentation.
Was a very good mar minute and high confidence level.
Penetration in Saudi Arabia as I said it's 31 percent, that was end of 2007 and end of October� actually about this week or next week we will start the second phase of the project. That is three year project, so we will start the second phase of collecting the statistics.
PC penetration is about 43 percent of population.
One of the statistics that we collected from the survey was why people own /KPAO*U computers and we found that 60 percent of the reasons are related to the Internet. The other reasons for owning a computer that are not related are playing games, which also could be online, sometimes, store documents, audio/movies do work but mainly it's Internetrelated reasons.
Individuals who use the Internet, when we ask them what they are doing online, most of them are doing browsing, 41 percent, this is� I have to stay next to the mike. Most of them are using it for browsing, communication, getting information, education, so the /TPHART we believe needs development is educational part and doing business. If you look at only 5 percent use it for education and 4 percent for doing business, and this part needs major development in Saudi Arabia and this also could be reflected, it's a reflection that it is is a young population so most of the Internet users are trying to go to social network websites and play games and stuff like that.
About 45 percent of the users use dial up. I mean, we are still in 2008 and more than 40 percent using dial up, which is not a good number. The other 50 percent or more are using broadband.
We did the same� collect the same statistics for educational sector, business and health. We are trying to find the laser pointer but we could not. Anyway the numbers in general are not /HAO high. There is still a lot of work to be done to get more penetration for PCs and PCs are not that bad but PC penetration and application.
So one of the things that we did in the survey, we asked the people who are not using the Internet, why not, and 6 percent of the people saying it's bad for children, some of them it's not a very good cost for� value for money, my family does not allow it, and the majority, a lot of them them say "I don't know thousand use it." So we believe that by� big awareness programme, an awareness programme will have a big impact on Internet penetration. For the other part which will cover about 60 to 70 for the people that are not using the Internet we can cover them by a big awareness programme and we already have is a budget for it next year which will start in January so hopefully we will start this Internet awareness campaign. The other part, some of them say it's not available in my area and some of them they cannot afford it and hopefully we can cover this part by the universal service fund. This will start in 2009, they will be operational plan and hope that it will help in addressing the needs for those users or any users.
The Internet development strategy, that is strategy that we worked in 2006 to achieve more penetration for the Internet and improve infrastructure, but what we did was we did a current state review, we addressed what is Internet Saudi Arabia, what are the problems and issues, we analysed services that are done by CITC, are doing Internet administration so we did deep analysis for those two services and whether they are affecting Internet development in Saudi Arabia. We did technical review, international organisation review and then benchmark and from that we developed a strategy.
I can't go into details of strategy but the strategy that we developed is based on seven streams: Infrastructure, DNS addressing filtering and security, IPbased services, international organisations awareness and regulations. All these have to be addressed in order to improve the Internet in Saudi Arabia.
And we already executing a lot of projects in this strategy.
Quick about national internet exchange:
In Saudi Arabia with the reform that was happening and the licences that were issued, there are /TPHRAOEUPB /SRAOEUDers that could have international Internet gateways. In Saudi Arabia there are two different licences, an ISP licence which anyone can get and a facility based operator which is very limited in numbers. We have nine facility based operators who can have Internet gateways. The problem is that there is no� currently, there is no exchange of traffic between them. There is very limited exchange of traffic.
We did a detailed assessment and then we� and workshop and consultation with the providers and we started National Internet Exchange Project.
Before the Internet restructuring there was only one gateway to the Internet which was KACST is research and� research centre in Saudi Arabia and that was only Internet gateway. It stayed like /TPA thank for about seven or eight years until CITC was established and licences for commercial operators were issued.
So when everything had to go through KACST there was no issue of national traffic going outside. Anything that goes there by mistake it will just route it back to Saudi Arabia.
However, when we had multiple gateways then the issue became more clear. Currently some of the traffic between operators is routed through international links so it goes outside Saudi Arabia and then comes back.
By the way, just one quick point here: We are moving from one gateway which was run [by] KACST to multiple gateways run by commercial operators. One of the things that helped a lot all the ISPs in Saudi Arabia, the awful them were local Internet registries and by having� by them being local Internet registry this prevented a countrywide renumbering, what has to be done to restructure was the ISP has to choose his upstream provider and just exchange routes with them without having to renumber or� renumber his customer.
We started the National Internet Exchange Project in 2007. We did an assessmentate view workshop with service providers benchmark and then� in end of last year, we initiated three things: The national exchange project, the was launched. We started working the national peering policy and we decided also to take a phased approach and we will come to this.
Part of the� this is part of the benchmark that was done. We did a lot of countries and neutrality of the exchange was a very key issue, even we are talking about the national exchange but it has to be very neutral, especially we have one big operator incumbent and the others are newcomers. After benchmark we decided to go with government model in the beginning, so CITC regulator will launch� exchange in the beginning.
OK. This is a first approach that I was talking about. We are working on the peering policy right now, the National Internet eXchange Project was launched and award today a company and exchange is now ready for operation. Some of the service providers already have their fibre available to the exchange and hopefully this week or coming week, they will start� they should be able to exchanging BGP� exchange is only a temporary solution. I hope we will not handle it for more than one or two years. After that, we will go to phase two, and we have two options, either CITC will issue licences for the national exchange so anyone who wants to run a national exchange can get a licence from CITC or the other approach is that the service providers will agree among themselves to create a service provider forum and then the market will autoregulate itself so we are now evaluating these two options.
Our aim is at the end, in phase 3, the market will autoregulate itself, we are not planning to run the exchange for a long time but that was a reaction to solving a very clear and /R* and immediate problem.
The project was launched and awarded to a company and we are starting into building the peering and the� peering infrastructure.
Our plan is to build a minimum of two peering infrastructure, one of them the main site is already, as I said, ready and developed; the other side for peering will be a smaller scale site so not as big as the first one. And we plan to have it in another city.
Since we are regulator, we are not planning to carry traffic for from one exchange to the other, so members' traffic, we will peer traffic within the site. So if two members are connected to the same site we will carry their traffic but we will not carry it through different sites.
One of the big discussion points designing that exchange, is how to� interconnection between members and who is going to pay to whom. If there are two operators with asymmetrical traffic, they are don't have the same amount of traffic who is going to pay for the other? Issued a mandate to all service providers, eight of them, telling them it will not be allowed for them to exchange national traffic through international links and gave three options:
The options you can choose to peer directly with all other operators and then carry the national traffic through these links or connect to the exchange or the third option is you can use both, so for redundancy could you peer with all other operators and connect to the exchange. It's up to you, you choose whatever you want but the mandate is you will not be allowed to send national traffic through international links.
When the exchange is established, we had two models for pricing, big and keep so there will be no monetary settlement between operators and model 2 was traffic volume based and for interim solution decided to go with the first module which is bill and keep. T IT C will not charge the operators any fees for connecting them to the exchange, and exchanging the traffic is free.
Quickly about SPAM. Ten days ago, we had the first antiSPAM work ship for Saudi Arabia, that was a oneday forum where we discussed SPAM, other countries experienced some of the technical solutions and it's all available online, I will give you the link at the end.
In Saudi Arabia SPAM was a major annoyance for the users and it, of course, like any other place, it's used for phishing and fraud and other kinds of misbehaviours. High volume SPAM over limited bandwidth and we have� we have started receiving a lot of complaints about SPAM.
We started an antiSPAM project where we conducted, of course, benchmark measurement for our assessment for the current Saudi Arabia, available technical solutions and what other countries are doing and we developed awareness guidelines and action plan which will come quickly.
We did a very view for the legislations in Saudi Arabia so we reviewed the Telecom act, the E crime act and all the related acts in Saudi Arabia and what we found is that SPAM is already covered by them, there is no need for new legislation, it's already covered there, we have to put a framework for handling SPAM.
SPAM, we did a measurement for how much SPAM we have in Saudi Arabia and SPAM here we talk about email and SMS, fax, so it's not only email SPAM. These numbers we get from the operators so the operators reported that 54 percent of the email that they received is SPAM or classified as SPAM by their tools. Most of it is commercial, fax commercial is 6 percent and SMS SPAM rate is about 2 percent which is not far from other countries.
This is what is reported by the operators as SPAM, but some of� when you look at the user experience, you find it's more than that, because there are some things that the user considers SPAM the operator doesn't so it depends how you look at it.
OK, to handle SPAM, we looked at what other countries and organisations are doing and we adapted the model similar to the model adapted by OECD which is seven approach, awareness, enforcement, technical solution, SPAM measurement and global corporation is very porch for SPAM, most of it is coming from outside of the country anyway. (And then we did the benchmark, we compared other countries.
After we did the initial study we launched public consultation for the public and we ask them specific questions about SPAM and how they feel the best approach to handle them, should it be an opt in or out approach, how to define SPAM, what is actually SPAM, requirement for legitimate messaging, so all about 20 questions were asked in a public consultation and we collected the results and then started developing the framework based on the feedback we get from the industry and the public.
The model adopted is based on OECD approach which is a sevenpronged approach. The most important is awareness, awareness is very important.
The definition that we came out for SPAM is unsolicited electronic message transmitted without consent. Consent is very important here which is basically an optin approach.
One of the things in the framework, some of the main points in the framework that address harvesting software are band. You cannot use them, you cannot collect information without a consent.
That was quick look at exchange and IPv6 and SPAM.
We will look into the last section which is IPv6.
I think this graph, you have seen it probably many times, so number of Internet users are growing worldwide, available address space is shrinking and the projected date by is October 2010or IANA and regional registries by one year later so there is a major issue here for IPv6.
This is� IPv4 and IPv6 current status in Saudi Arabia. This is number of IPs available or allocated to Saudi Arabia. In July, there are about 2.7 million IP numbers allocated to Saudi Arabia, 73 percent of them are advertised so if you do the maths it's about 0.08 IP per capita. I don't know if anyone is using this measurement, IP per capita, but anyway it, comes to about 0.08.
There have been some big allocations recently in June this year there is a/14 by STC, the next big one was in 2005, 2006, so another in 2008 there was another/15 also by STC and this is� this could be probably due to the increased� the quick increase in number of broadband connections.
As for IPv6, not too good; they have been only two assignments, one and both are in 2001, very odd. So, KACST which is the only gateway to the Internet, got a/32 in 2001 and same for STC,. We will come back to these two numbers and what they are doing with them.
This is how we project the effect of the depletion date on Saudi Arabia, so operators in Saudi Arabia need to worry a lot now, otherwise it will be too late for them, they will not be able to expand their network.
I mean, this is a very urgent issue. We did a survey for the providers in Saudi Arabia, we tried to measure are they aware of the problem, what they are doing about it, are they taking this problem seriously or not? So we asked them a few questions related to IPv6, we will come back to some of them now. We did a few workshops with them and then we will show now the results or the findings.
We were talking to only to the facilitybased operators so those are the big operators. Level of IPv6 knowledge: 40 percent of them they say they have indepth knowledge and 40 percent say medium, 20 percent basic knowledge of IPv6. IPv6 addressing, K AC S T locations, only KACST is advertised, STC is not advertised which is not too good. I am not tried if tried to bring forecast, whether you will get a reply or not.
So the message from here is that something has to be done and something has to be done quickly for IPv6. Operators are not moving quickly to address the problem.
One of the questions that we asked the operators: Most important obstacle towards IPv6 deployment? And the answer we get was strange, I couldn't understand, 100 percent, they say no market demand. I mean it's like they are looking for something to sell. And another issue here is that none of them attends the working groups or IPv6 meetings or attend forums, none of them is following up. Even we are talking about major operators, multi billion operators.
We start to ask the ISPs, ISPs are nonfacility based operators, they have to get their connection from the facility based operators so they are the smaller providers and they have no interest, basically. They are not ready and don't have interest. And actually, they are not� technically, it will be very difficult for them to be ready before the facility based operators are ready, it will be very difficult unless they will go with some tunneling techniques. Domain registration, technical infrastructure is ready but there is no transport yet. Most of the hardware vendors that should be coming to Saudi Arabia, they claim it is IPv6 ready.
What we did in midof this year, CITC established IPv6 task force for Saudi Arabia, it's a bit late compared to other countries but better late than never.
Our goal is to encourage the deployment of IPv6 before the deadline. The task force will work on three approaches: To raise awareness, we have to raise it now for the service providers and later we will worry about the end users; we have to gather the stakeholders together and tell them this is a major issue, they have to do something about it; and then we will have to encourage the deployment, and for encouraging the deployment, so far what we are seeing from the meetings that they are interested now, they are starting to take it seriously and have development plans for it but if this doesn't happen quickly then there are some regulatory tools which CITC have which could enforce the deployment of IPv6 but so far we didn't have to use them but if nothing developed quickly we might have to use some of the regulatory tools that we have. What are the coming actions? We have started building the IPv6 test lab, we have� one of the issues we are discussing now is how we can get IPv6 addresses, we are not a local Internet registry and we cannot� until now, it's very difficult to get a provider independent IPv6 addresses for our test lab, but in a way, hopefully with discussion in this meeting with some of our colleagues in RIPE we can find way to get IPv6 addresses for the lab.
We already had two meetings for the task force, the third one will be in midNovember. We try to finalisation the strategy and action plan. In the first quarter of next year we try to have the fairest IPv6 forum.
In summary, Internet is growing quickly in Saudi Arabia. We are working now on the Internet development strategy, we started implementing a lot of that strategy. The national internet exchange will go live hopefully this quarter and this will help to keep the national traffic within the boarders of Saudi Arabia.
SPAM, the framework has been agreed on, it's now implementation time for it, and IPv6 task task force was set up and hopefully we will reach a point where provider cannot find addressing in Saudi Arabia. These are links to some of the related websites. CITC� at any time. /TKPWO*F. /TKWORB sites coming soon the exchange website and IPv6. I was hoping we could have them up before the RIPE meeting but we couldn't, but anyway, they are coming any week now. Thank you very much.
(Applause)
CHAIR: Thank you very much. Do you have any questions?
Chris Buckridge: From RIPE NCC and there is a question on the Java channel from Andy Davison: Prior to the formation of the national internet exchange, has there been private peering between local operators or is that peering new to the region as well as public peering? I ask because I wonder if mature peering policies have already been formed and whether there is a good guess how much traffic there may be. ?
SPEAKER: So the question is about the peering policy and
Chris: Sorry, whether prior to the formation of the National Internet Exchange there was private peering between local operators or is that new as well as public peering and the question is because he wonders if mature peering policies have already been formed and whether you can guess how much traffic there may be.
SPEAKER: OK. Private peering was not done in a good way. I mean, there was some private peering and it was done in not so straightforward ways. What will happen is, a new DSP facilitier will have to get an ISP licence in order for him to route the traffic nationally. There is no peering between the gate ways in Saudi Arabia so that is for the national peering. There was some peering but it was not done in a clean way. And if you do test route you should be easily find some of them goes outside the country and come back so there was not adequate peering. As for the peering policy, the first draft was issued in this year. It should go for public consultation by January or February, it should go for public consultation but the early draft, we took part of it which I described quickly, we took the part that is related to the pricing and we decided to go with a bill and keep model, that is all part of the peering policy but because this part is important for the exchange we moved ahead with it but the other part related to quality of service, how much capacity they should connect, when to drop traffic, and other issues around quality of service will be for public consultation early next year. So in January or February hopefully we will have the public consultation for it. As for the question about statistics, how much traffic is national or local, I don't have this number. I don't have exact number and I don't want to make guesses.
CHAIR: Any more questions? In that case, I think we have had a successful first day. Very good lunch. (Applause).
And we have� as being guest in this country, that had presentation in the first session were 30 minutes too long, but then just because of the very good presentations here, we actually ending two minutes before we supposed to at 6�p.m..
So with that, don't forget the social event tonight and for those interested, and then see you all tomorrow.
The plenary session then concluded.