IEPG was held on the Sunday, which normally is the ‘first day’ of IETF before the meeting proper kicks off. But, all is new, and we’re now embarking on an experiment to try shifting the IETF start a day forward. So Saturday is the new Sunday, and IEPG actually kicked off a day into the IETF meeting, albeit still during the informal part: it’s not a Working Group, but more a conversation involving the operations and engineering community.
(The shift to a Saturday start is a work in progress, and I think it won’t be real until the schedule actually includes Working Group time at the weekend. That’s still to come).
I kicked the meeting off with a bit of a rant. A polemic, if you like, discussing the need for a better approach to statistics in public policy decision-making for the network. This is the subject of a paper I have co-authored with colleagues in the maths and statistics departments of the University of Adelaide and UTS, and Randy Bush from PSG/IIJ.
I had a lot of fun talking with the community here, but it’s really not a core part of IETF or even APNIC work, although it does relate, since many emerging problems in public policy governance of the Internet could benefit from better rigour in the analysis of measurements and experiments about the network.
Ondrej Sury from CZNIC talked about support for DNSSEC in the Knot DNS product that CZNIC has designed. This is quite an interesting bit of work, and makes it much easier for anyone who has secure DNS delegations (including Reverse DNS, so of interest to the Internet Number Resource community, under in-addr.arpa and ip6.arpa) to manage key rollover and changes in DNSSEC.
Tom Harrison from APNIC has worked on a part of this problem for one of the emerging RFC’s co-authors, and we’ve put code into public review to support this change that Ondrej was promoting.
10am Sunday morning in Prague – the #IEPG meeting at #IETF99 – pic.twitter.com/7KIIRgOWVk
— Dan York (@danyork) July 16, 2017
Giovane C. M. Moura spoke on Recursives in the Wild: Engineering Authoritative DNS Servers. This is a research program that has been exploring the time differences in DNS visible from the global Internet, and how this influences the selection of the “best” place to fetch DNS information from an authority.
Giovane recommended that people consider deploying only anycast NS for their domains, which is a quite strong message. It does then demand that you police which networks see which anycast nodes, and consider the consequences hard. It’s not necessarily a widely accepted model, but it was interesting to have somebody make a concrete recommendation based on measurements in the public network. This work used RIPE Atlas, and other sources of distributed views of the DNS resolvers worldwide.
Willem Toorop spoke on the Root Canary project. This is an initiative to deploy systems that work like the “canary in the coal-mine” — the signal of an emerging problem that can help intercept something big emerging out of the blue.
Rootcanary.org shows a number of measures being made all the time, of the state of public DNS. It’s an interesting and useful contribution to the view of the dependencies we all have, and is being done in the context of the coming DNSSEC KSK rollover as a substantive contribution to minimizing risk. If something is going wrong in public DNS, a system like this is going to be vital in recognizing and detecting it as early as possible.
Finally, Geoff Huston presented on BGP More Specifics. A well-done review of the state of routing, focussing on the mechanics of how people sometimes say in more detail the same things they say overall about their network. These ‘more specific’ routing statements come in several forms, and may have several underlying motivations.
A lot of the time we consider these to be ‘noise’ and a cost on global routing, but Geoff had a very good basis for suggesting these engineering decisions are much less capricious and wilfully damaging than people think, and the cost of mitigation is very high, set against the actual benefit on routing table size.
IEPG works well, as a discussion forum. It’s well attended and has a broad appeal in engineering and operational contexts. I had a lot of fun presenting there, and good conversations stem from this kind of engagement.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.