1 APTLD Meeting - Manila – IPv6 ccTLDs Experiences – 24 Feb 2009 AFNIC’s IPv6 Experience For the French Registries APTLD Meeting Manila, 24 February 2009

1 APTLD Meeting - Manila – IPv6 ccTLDs Experiences – 24 Feb 2009

AFNIC’s IPv6 ExperienceFor the French Registries

APTLD MeetingManila, 24 February 2009

Mohsen SouissiAFNIC

<[email protected]>


Introduction

AFNIC: A DNS (multi-)Registry for:

• .fr (Mainland France), .re (Réunion island), .tf (Territory of the French Southern and

Antarctic Lands), .pm (Territorial Collectivity of Saint Pierre and Miquelon), .wf (Territory of

Wallis and Futuna Islands) and .yt (Departmental Collectivity of Mayotte)

• Focus: .wf is a small ccTLD in the APTLD region (here’s our/your connection :-))

IPv6 is deployed at AFNIC:• In the Enterprise managed network (routing equipment, firewall, servers,

workstations…)

• In the AFNIC’s Registration System- The Database, as the unique source of DNS and Whois Data- Network tools and scripts used at AFNIC support IPv6


IPv6 at AFNIC: Why bother?

Technical and political reasons for the “French Internet”• The DNS is among the most critical IP applications

Support of IPv6 in the DNS is a pre-requisite for the Internet-v6 deployment

• AFNIC assumed its part of responsibility very early in fostering IPv6 deployment in France:

- By supporting it in French ccTLD zones Don’t be an obstacle to IPv6 deployment in France (ie, get out of the critical path!)

Technical reasons for AFNIC’s Network Infrastructure & Services• As an IT actor, AFNIC must have a complete mastery of IPv6 technology so as to

progressively integrate it in its network infrastructure and services


Phase 1 (1998-2001):

• Test, Implementation & Early Deployment

Phase 2 (2002-2004):

• Evaluation, Validation & Full Deployment

Phase 3 (2004 - Today):

• Dissemination & Promotion

A Three-Phase Approach


1998-2000: Test and DNS expertise for/within G6 activities• The “French NIC” became AFNIC, a French association founded in 1998. Support for IPv6

and its related activities have been increasing since then within the G6 group (French Expert Group for IPv6 experimentation and dissemination: http://www.g6.asso.fr/ )

• A test platform made and interconnected with the G6bone (French part of the 6bone)

• Experimentation of IPv6-enabled network services: DNS (BIND 9.0), Web, …

2001: Started basic IPv6 deployment for DNS service• Interconnected with the Renater2 pre-production network (“IPv6 pilot”)

• Native IPv6 support made for a .fr official secondary DNS server (ns3.nic.fr)

Phase 1: Test, Implementation & Early Deployment


• For AFNIC’s network infrastructure and services- Native interconnection with Renater3 (French NREN) production network- Progressive support of IPv6 in production (dual-stack) for basic network services:

DNS, FTP, SSH, …- Active participation in the IETF interoperability activities standardization of

DNS extensions to support IPv6 (RFC 3596: AAAA, ip6.arpa)

• For AFNIC’s Registration System- First stage: IPv6 adresses (AAAA glue records) registered manually in French

ccTLD zones- IPv6 support in the new version (2002) of ZoneCheck, the AFNIC’s zone checker:

http://www.zonecheck.fr/- October 2003: IPv6 full automation in the daily French Registries operations

http://www.afnic.fr/data/actu/public/2003/CP20030915-english.pdf

• IPv6 glue in the root zone file- Jul 2004: France was among the first 3 DNS Registries (with .jp and .kr) whose

DNS IPv6 addresses were registered in the root zone: http://www.afnic.fr/actu/nouvelles/international/CP20040722

Phase 2: Evaluation, Validation & Full Deployment


• Active participation in IPv6 and DNS related topics within IETF, RIPE and G6 communities

• IPv6 expertise & knowledge transfer- Documentation and training support for the French and other ccTLD communities

(e.g. AFNIC’s “Collège international”)- Regular participation in IPv6 events at the National and the International levels

• Active participation within the Steering Committee of the French IPv6 Task Force

• A versatile platform for DNS metrics with its application to IPv6: https://www.centr.org/main/4660-CTR/version/default/part/AttachmentData/data/Tech19%20-%20Bortzmeyer%20-%20dnswitness-PRINT.pdf

Phase 3: Dissemination & Promotion


• If you are an IPv6 early adopter- Accept being an IPv6 guinea pig (you can’t win all the time, can you?) !

• IPv6-ready Hardware and software availability: A big challenge!- Functional completeness (IPv6/IPv4 parity)- Robustness and efficiency

– Examples: bugs discovered in some combinations of IPv6-related factors with Linux kernels

- Note that today, it is much easier to get IPv6 running in production– Just take advantage of natural refreshment cycles of Hw/Sw Save your money & your

time!

• Persevere in getting people as reactive at IPv6 incidents as they are at IPv4 ones

- Once IPv6 is running in production, don’t consider it as a second-zone citizen- Don’t let your ISP consider it as second-zone citizen: Ask for your rights ;-)

• Even 2.5 years after the 6 bone phase-out- There are still tunnels with MTU issues (difficult to debug): Time consuming &

Global Service degradation :-(

But the world is not perfect :-(


Conclusion

Your community needs your support for IPv6• DO NOT stay in the « critical path » of IPv6 deployment by other actors

(e.g. domain name holders willing to support IPv6)

• IPv4-IPv6 co-existence period will be much longer than expected if Network actors keep postponing IPv6 adoption

IPv6 deployment is much easier today• Natural refresh Hw/Sw cycles bring IPv6 much easier

- Almost everything is there now

• But: Staff training is (still) a key factor of IPv6 adoption and deployment

• Integration of IPv6 in a production environment is quite feasible. Yet,- You need to be prepared for it: set your priorities and your migration plan

Documents

1 APTLD Meeting - Manila – IPv6 ccTLDs Experiences – 24 Feb 2009 AFNIC’s IPv6 Experience For the French Registries APTLD Meeting Manila, 24 February 2009