North Korea is one of the most secluded countries in the world, but it is nonetheless connected to the Internet. We investigate North Korea's Internet connectivity in light of recent outages and discuss the fragile nature of its setup.
We investigated the role IXPs play in the Italian Internet ecosystem. Do peerings at IXPs have a positive effect on key performance indicators such as latency, hop count, packet loss and jitter? Do they reduce the number of out-of-country ISPs traversed by traffic between users located in Italy and critical Internet services like banks and public administrations?
Anycast is used by most of the DNS root-servers and other services like Cloudflare. It provides localisation and scaling benefits to clients using the anycasted service. An anycast service uses one IP for several instances of the same service. The routing system is then responsible for directing a client to the closest instance of the service. In theory, a client should always reach the closest instance, but it turns out that this is not always the case. At the DACS group of the University of Twente, we analysed the anycast infrastructure of K-root and tried to find how many clients reached the closest instance.
In an effort to increase the growth rate of connected RIPE Atlas probes and achieve better coverage across the globe, our Measurements Community Building team is experimenting with new outreach methods.
The adoption of the RPKI system is growing rapidly. To make sure the system scales, we’ve developed a new protocol that should drastically improve fetch times for RPKI repositories. This article explains how.
Despite the few RIPE Atlas probes available in Latin America, it is possible to obtain interesting measurements about changes in network architecture.
Most of the time, mostly everywhere, most of the Internet appears to work just fine. Indeed, it seems to work just fine enough to the point that that when it goes wrong in a significant way then it seems to be fodder for headlines in the industry press.
In this article we compare RIPE Atlas deployment against user population estimates provided by APNIC to see which eyeball networks are missing out on RIPE Atlas probes.
At RIPE 70, Tim Bruijnzeels presented some statistics on the type of authentication people use to update the RIPE Database. There was one data point that particularly stood out for me: 76% of all updates via email are done using an MD5 password. I was stunned, because this way you are required to send your password in clear text over the Internet...
We’d like to enable gzip compression on all of RIPE Atlas' measurement API calls — but thanks to the BREACH vulnerability, doing so could mean that some enterprising individual with an obscene amount of time on their hands might be able read the contents of the responses. This means measurement results as well as metadata for measurements — including the small number of measurements not marked as “public”. We believe the drawbacks are negligible, but we’re looking for community support.
After a discussion with the community about HTTP measurements, we'll start implementing this as a publicly available measurement type.
For EuroDIG 2015, held in Sofia, Bulgaria on 3 and 4 June 2015, the RIPE NCC was pleased to be able to support the participation of Corinne Cath, who presented her work on human rights in the development of technical protocols at the recent RIPE 70 Cooperation Working Group session. Below is her impression of the conference.
In this post (originally published on the APNIC blog), Cengiz Alaettinoglou gives a brief overview and comparison of the IRR and SIDR security models and shares his thoughts about the chances for these models to succeed.
Some time ago, many people noticed rapid IPv6 deployment growth in Estonia (from 0% to 5% in 4 weeks). Tarko Tikan, from 3249/Elion/Estonian Telecom, explains the reason behind this.
Tony Smith from the APNIC gives an update on the DNS Root Zone Key-Signing and explains how the key-signing-key roll over will be done for the first time.
The Domain Name Service Look-aside Validation Service (DLV) was an idea which was useful in the transition from a non-signed DNSSEC root to the current globally visible DNSSEC trust anchor. Now a significant number of people in the wider Internet may be running (particularly) Linux distributions that out-of-the-box expect the DLV service to be running, and provide valid answers.
Please find below a guest post by Darrin Veit and Christopher Palmer who originally posted this to the NANOG mailing list. It provides information for Xbox One, but also shares some relevant details on upcoming Windows functionality in terms of Teredo and IPv6 usage.
During the RIPE 70 Meeting in Amsterdam this week (on 13 May around 10:00 UTC), we experienced a network outage at AMS-IX. Let's see how this was monitored by various tools.
We introduce a new tool to read BGP RIB dump files, called BGPdump2. It has a unique feature, in which users can compare routes from BGP RIB files in the ”diff”-like display format. It is good for checking the correctness of BGP operation by comparing one ISP’s BGP routing table to another ISP’s.
In 2013 and 2014 we looked into measuring Interdomain Routing in Africa using the RIPE Atlas infrastructure. This resulted in a paper published at the PAM (Passive and Active Measurement) 2015 conference. Here we present some highlights of this research.