Tuesday, September 20, 2011

SANOG18-Impressive towards Securing ISP Networks and Services with IPv6 Deployment for Nepalese ISPs

It’s been almost 7,8 years since I have been teaching Networking and Advance Networking subjects in universities of Nepal. However I am supposed not even perfect in my subject matters what I wanted to deliver practically. Experiences, training, workshop etc are those activities which make us up to date with wide knowledge behind theory only. I became more updated after I joined the IPv6 session of SANOG18 workshop and tutorials (http://www.sanog.org/sanog18/) which was held on 8-16 Sept. 2011 in Pokhara. i really appreciate AI3 SOI-ASIA research project under WIDE university for its intense effort to setup IPv6-Only network in Tribhuvan University, IOE Pulchowk Campus where I am supposed I am the one who setup the IPv6-only Network with v6 enabled Servers (web, mail, Unicast/Multicast routers) first time in Nepal on 2007 after when AI3 announced IPv6 only network in its research network. 

After when I got the idea of v6 Networking with its importance and urgency to migrate, it’s really a challenge for the developing country like Nepal. Keeping in mind, I decided to extend the university network with other universities, research institutions within Nepal. However for me like a normal officer, it’s a dream only. I thought I am not the social worker who volunteers in its profession.
In my previous blog, I had written about government’s passiveness regarding networking deployment (http://baburamdawadi.blogspot.com/2010/01/where-is-nepalese-ipv6-task-force.html). I think we Nepalese are really lacking behind the technologies where neither telecom operators nor ISPs, or government is serious in this matter. But I appreciate the Nepalese team of ISPs and NPIX who conducted the SANOG program successfully in Pokhara. Human resource development is the one major portion where SANOG massively supported and empowered ISP administrators toward migration to IPv6 by conducting workshop and tutorials. I appreciate the sponsorship by NTA. However NTA is lacking behind the rules/regulations/guidelines/framework development, it is an indirect support that at least NTA helps ISPs towards the technology migration by supporting the program. Definitely private and non-governmental parties are one step ahead in every aspect with the government in Nepal where I saw the seriousness in private parties rather the government should be.

The world is globalized, the world is converged and hence technology is converging towards the IP based communication. In the near future, even local voice communication will be merged into digital packet based communication (IP based network) where the world wide backbone network is already an IP based. It’s a threat to Nepalese telecom operators if they are still reluctant to the legacy voice communication which leads to so called illegal call bypass.  In this context, secure and reliable national IP backbone network is the solution which immediately Nepal government has to think. The sad thing is that still government doesn’t know what are the current IP network infrastructures and its security policy. Currently, the ISP networks are the government asset as national IP network. It is necessary to evaluate the ISP network infrastructure which helps government to design the national backbone network. Government talks about lawful interception, monitoring and controlling of VoIP traffic as well as other relevant security issues. It is possible only if the network infrastructure is well designed and documented. 

Since last 1,2 years, illegal VoIP is a threat to government and NTA has processed several steps toward the control over. NTA collected ISP details, ISP client’s details, ISP IP address (IPv4 address only) distribution and also moving towards the database software development to properly maintain the IP and ISP information. This is appreciable. However it’s hard to control the illegal VoIP due to mutation in technology. IPv6 addressing infrastructure is almost deployed world-wide however it is not shown in frontline.  There are so many techniques enabling IPv6 network over network (tunneling, dual stack, transition). Now it seems that it is out of control if call bypass uses IPv6 network so called VoIPv6.

What is VoIPv6?
It is voice over internet protocol version 6. The technology enables us to exchange audio/video/text/image (telephony signals) traffic within the IPv6 network environment. 

Whatever applications developed in IPv4 for VoIP operations are also developing in IPv6 infrastructure too. For example Asterisk is an open source/free software implementation of a telephone private branch exchange (PBX) originally created in 1999 by Mark Spencer of Digium. Like any PBX, it allows a number of attached telephones to make calls to one another, and to connect to other telephone services including the public switched telephone network (PSTN). Its name comes from the asterisk symbol, *, which in Unix (and Unix-like operating systems such as Linux) and DOS environments is a wildcard character, matching any sequence of characters in a filename. Asterisk was ported to IPv6 by Viagénie in  2007 (Asteriskv6).. http://www.afnog.org/afnog2008/conference/talks/VoIPv6.pdf.

VoIP over V6 is more reliable and secure as it ensures QoS. As we know that IPv6 implements QoS with the help classification and marking (of IP packets) to ensure a reliable VOIP infrastructure. With the help of classification and marking technique, the network can identify packets or traffic flows and then can assign certain parameters within the packet headers in order to group them. In order to implement QOS marking, IPv6 provides a traffic-class field (8 bits) in the IPv6 header. It also has a 20-bit flow label.

VoIPv6 is more reliable and efficient
Exhaustion of address space is another issue as the momentum of VOIP grows significantly. The 32-bit address space in IPv4 precludes its scalability to a large user base. IPv6 addresses this problem of IPv4 with a very large address space that consists of 128 bits. Therefore, it is now possible to support 2^128 unique IP addresses, a substantial increase in number of computers that can be addressed with the help of IPv6 addressing scheme. 

Also, in order for VOIP to be widely deployed, security concerns such as eavesdropping and hacking must be addressed as well. The other issues that impact VOIP: 1) End-to-end Integrity of signaling and bearer paths details 2) IP (voice) packet delivery across firewall and 3) NAT (network address translation) addressing issues that cause several networking problems (such as hiding multiple hosts behind pool of IP addresses) in end-to-end nature of the Internet and 4) Preventing denial or disruption of service.

Now, it is also notified that it is time towards v6 network measurement and evaluation with extending knowledge towards data network and services, current ISP network deployment issues and many more. It’s a challenge for the government especially to memo (TIPPANI) oriented professionals who definitely lacks behind fresh technologies leading to adaption problem if government still don’t think about human resource development.

1 comment: