IGF 2017 WS #214 How can we limit the negative impact of Carrier Grade NAT technologies and boost IPv6 adoption?

Short Title: 
Mitigating CGNs drawbacks and boosting IPv6 adoption

Proposer's Name: Mr. Gregory Mounier
Proposer's Organization: EUROPOL - European Cybercrime Centre
Co-Proposer's Name: Mr. Richard Leaning
Co-Proposer's Organization: RIPE NCC
Co-Organizers:
Mr Gregory MOUNIER, Government, EUROPOL
Mr Richard LEANING, International Organisation, RIPE NCC

Additional Speakers: 

Alice Munyua- Kenya ICT Action Network (KICTANet) - Alice has extensive experience in multi-stakeholder ICT policy development and internet governance at national, regional and international levels. She is the founder of the Kenya ICT Action Network (KICTANet) an interdependent multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. She chaired the 2011 Internet Governance Forum (IGF) held in Nairobi and convened the East Africa Internet Governance Forum (EA-IGF) and the Kenya IGF for five years. She served on the board of the Communications Commission of Kenya for six years, chaired the board of directors of the Kenya Network Information Centre (KeNIC) and was vice chair of the Internet Corporation for Assigned Names and Numbers (ICANN) Governmental Advisory Committee (GAC) for two years. She is a member of the Internet Society Board of Trustees.

Ms Munyua is the advisor to the African Union Commission (AUC) dot Africa initiative and serves as one of the representatives of the AUC on the GAC. She Co-chairs the GAC Public Safety and Under-served regions working groups and leads the GAC capacity development initiative.

 

Zorz Jan: ISOC - Operational Engagement Programme Manager. Jan Žorž started his professional career in RS-232/VAX VMS world in 1992 and continued through Novell and Windows environments all the way to Solaris and other UNIX derivatives that today represent the native environment for the majority of his projects. Jan is the Internet Society's Operational Engagement Programme Manager. He works on operational initiatives to ease the deployment of IPv6 and other technologies. He is also working to help the industry document best-current operational practices and to improve operator feedback to the IETF.
Jan is one of the pioneers of SiOL, the Slovenian national ISP, and has been involved in the organization from the beginning. Among other activities, he began experimenting in 1997 with Internet streaming multimedia content. Based on these experiments, he successfully accomplished projects such as "Dhaulagiri '99 Live" (an Internet multimedia transmission of Tomaz Humar's solo climb of the south wall of Dhaulagiri (called Death Zone in the Himalayas), "Ski Everest Live 2000" (an Internet live-video transmission and monitoring of extreme skiing from the summit of Mt. Everest by Davo Karnicar) and other similar projects. Together with two other members of the team "Dhaulagiri '99 Live", Jan received a media award/statue "Victor" for special achievement.
For the last seven years, Jan has been working as a consultant in the IT field, specializing in IPv6. He co-founded the Go6 institute (not-for-profit), a Slovenian IPv6 initiative whose main objective is to raise IPv6 awareness in Slovenia and alert the community to the fact that we are approaching extensive changes on the Internet.
Due to the success of Go6 Institute, Slovenia is currently leading the EU as the country most prepared for IPv6 (according to the RIPE NCC's IPv6 RIPEness study). Jan has been invited to present around the world on his work, the model of the Go6 platform, IPv6 awareness raising and deployment at the national level. These speaking engagements have included conferences such as RIPE Meetings, Google IPv6 Implementors Conference 2010, Internet Governance Forum meetings, OECD meeting, World IPv6 Congresses (Paris and London), as well as national forums in Germany, Greece, Norway, Macedonia, Oman, Brazil and many others.
Jan is also primary co-author of a very successful procurement (specification) paper, published as official RIPE Best Current Practice document RIPE-501, titled "Requirements For IPv6 in ICT Equipment". This document is translated into more than 10 languages and is used around the world by enterprises and governments when requesting IPv6 features in ICT equipment purchases. RIPE-501 was recently replaced by RIPE-554, also co-authored by Merike Kaeo, Sander Steffann and Jan Žorž.
Jan is based in Škofja Loka, Slovenia (EU).

 

Andy De Petter Head of Cyber Security Intelligence & Incident Response .

Andy De Petter has been working over 18 years for the Proximus Group, primarily in the domain of Cyber Security. Initially he was part of the small engineering team for Belgacom Skynet, at the time the largest Internet Service Provider in Belgium. Back then, the team was responsible for end-to-end coverage of the services being provided – from web hosting services, dns, radius, e-mail up to the physical infrastructure in the data center. In 2003, the ISP activities were fully absorbed by the Belgacom Group, where a lot of new services had to be developed and integrated. Because of his extended knowledge on Internet protocols, Andy was designated lead architect for the creation of a cloud-based mail security solution for Enterprise customers – a service which is still running today.

In 2009, Andy became the head of Corporate Network & Security – where he was responsible for the perimeter security infrastructure of the entire Proximus Group. During the years in this position, he came in contact with various technologies in major environments – where his passion for Cyber Security only kept growing. It was also in 2009 that he created a Cyber Security Incident Response Team within Proximus, in order to structurally respond to cyber security incidents.

That initiative has kept growing over the last years – and Andy was involved intensively in forensic analysis of APT incidents, data breaches, incident response and threat intelligence. Since early 2014, these activities have been further formalized, where Andy is now leading the Cyber Defense Center, Intelligence and Incident Response teams.

Since 2008, Andy is also chairing European working groups around Cyber Security – covering both Information Security as emergency response team initiatives. As the head of the CSIRT at Proximus Group, he is also actively participating in working groups with industry, government and law enforcement agencies. Andy is certified ISO/IEC 27001 Lead Implementer, CISSP, CISM, GCFE, GCFA, C|HFI and SABSA Chartered Architect.

 

Craig Ng: Craig is the General Counsel of APNIC – the Asia Pacific Network Information Centre. As the General Counsel, Craig has overall responsibility for all legal matters at APNIC. Craig is a member of the executive leadership team at APNIC. He advises APNIC on its legal obligations, and to ensure that its corporate governance practices meet the standards expected by its members and its stakeholder community. At APNIC, Craig leads its program of collaboration and cooperation with the law enforcement community. Prior to joining APNIC, Craig was a senior partner at a national Australian law firm, a role he held for over 13 years. His legal practice at that time focused on representing various Government bodies in technology-related matters, as well as clients in the ICT sector.

Richard Leaning is an External Relations consultant for the RIPE NCC. This role involves engaging the broad range of RIPE NCC stakeholders with particular responsibility for the RIPE NCC's development to enhance its capacity to engage strategically with governments, law enforcement agencies (LEA) and inter-governmental organisations on behalf of its membership and community. He is a member of numerous working groups with an international exposure with LEA and public safety organisations, building alliances, establishing long-term relationships and better cooperation.

Richard joined the RIPE NCC in 2015 after a 30-year career in law enforcement, having worked for the National Cyber Crime Unit (NCA) in the UK and also at the European Cybercrime Centre (Europol) based in The Hague. He has extensive expertise and experience related to Internet governance, cyber security stakeholders and Internet communications relevant to cybercrime.

Gregory Mounier works for the European Cybercrime Centre (EC3) at EUROPOL, where he leads the Outreach & Support team. He is responsible for EC3's strategic engagement with the private sector with a view to support EC3's operational teams in combatting cybercrime. He also leads EUROPOL's policy engagement on Internet Governance.

 

Agenda: 

Speakers will provide different views on the impact of CGN on the IPv6 transition. They will explore different alternatives solutions, from different perspectives: from that of a Regional Internet Registry (APNIC), from a large ISP (Proximus),  from ICT representative from Kenya (KICTANet), the perspective of the technical community (Jan Zorz ISOC), the regulator (Belgian Regulator BIPT) and from the law enforcement community (Europol).

To kick start the discussion, the case example of Belgium will be presented. In this country the telecom regulator concluded a voluntary agreement with the 4 biggest ISPs in 2012 for them to limit the use of CGN. This led to the unintended positive consequence that major Belgium-based ISPs have made strategic business decision to transition quickly to IPv6. As a result, today Belgium has the highest IPv6 adoption rate in the world.


Session Format: Panel - 90 Min

Proposer:
Country: Netherlands
Stakeholder Group: Government

Co-Proposer:
Country: Netherlands
Stakeholder Group: Intergovernmental Organizations

Speaker: Craig Ng
Speaker: Andy De Petter
Speaker: Gregory Mounier
Speaker: Zorz Jan

Content of the Session:
The Internet's extraordinary growth has resulted in the exhaustion of IP addresses in their current version (IPv4). This has been anticipated by the Internet community and IETF created a new format of the Protocol which has been ready for adoption since 2011. Yet, the transition from IPv4 to IPv6 takes a long time because it requires heavy investments to upgrade applications, electronic devices and network. During the transition phase, networks are running with both with IPv4 and IPv6. This means that network operators must find a way to maximise the use of available IPv4 addresses.

Carrier Grade NAT (CGN) or Large Scale NAT are technologies adopted by the Internet Service Providers to allow them to share IPv4 addresses among a large pool of Internet users, therefore reducing the demands on scarce IPv4.

However, the widespread and growing use of CGN technologies by ISPs, seems to indicate that from an IPv4-to-IPv6 transition mechanism, CGN has become a substitute to the IPv6 transition. A recent study showed that in 2016, 90% of mobile internet network operators (GSM providers) and 38% of fixed line internet access providers (cable, fibre and ADSL) were using CGN technologies, while 12% are planning to deploy it in the coming months (http://www.icir.org/christian/publications/2016-imc-cgnat.pdf).

CGNs have many technical and policy drawbacks. It raise security and privacy issues but most importantly it degrades the quality of Internet access services, curtail innovation and alter user experience for applications such as gaming, video streaming and downloading large files.

But to what extent are CGNs also responsible for the slow transition to IPv6? What incentives can efficiently encourage ISPs to reduce the use of CGN and invest in IPv6 transition? Should the regulator propose voluntary agreements to ISPs or should it regulate the phasing out of CGN technologies?

Speakers will provide different views on the role of CGN on the IPv6 transition. They will explore different alternatives solutions, from different perspectives: from that of a Regional Internet Registry, from a large ISP, from the perspective of the technical community, the regulator and from the law enforcement community.

The emphasis will be put on the Belgium case where the telecom regulator entered in a voluntary agreement with the 4 biggest ISPs in
2012 for them to limit the number of end-users behind each IPv4 addresses for security purposes (to help to identify end-users when served with a legal order in the framework of a criminal investigation). This led to the unintended positive consequence that major Belgium-based ISPs have made strategic business decision to transition quickly to IPv6. As a result, today Belgium has the highest IPv6 adoption rate in the world.



Relevance of the Session:
One need to explore all alternative options to promote the deployment of IPv6. CGN technologies seem to hinder that deployment. There are innovative solutions that can be translated in public policies that will help citizens and States to contribute to shape their digital future towards innovation and growth.

Tag 1: #IPV6deployment
Tag 2: Critical Internet Resources
Tag 3: Cybercrime

Interventions:
Speakers will provide different views on the role of CGN on the IPv6 transition. They will explore different alternatives solutions, from different perspectives: from that of a Regional Internet Registry (APNIC), from a large ISP (Proximus), from the perspective of the technical community (Jan Zorz ISOC), the regulator (Belgian Regulator BIPT) and from the law enforcement community (Europol).

The emphasis will be put on the Belgium case where the telecom regulator entered in a voluntary agreement with the 4 biggest ISPs in
2012 for them to limit the number of end-users behind each IPv4 addresses for security purposes (to help to identify end-users when served with a legal order in the framework of a criminal investigation). This led to the unintended positive consequence that major Belgium-based ISPs have made strategic business decision to transition quickly to IPv6. As a result, today Belgium has the highest IPv6 adoption rate in the world.



Diversity:
APNIC (Australia). However, the case study is based on the Belgian model so other speakers will come from Western Europe.

Onsite Moderator: Richard Leaning RIPE NCC
Online Moderator: Marco Hogewoning RIPE NCC
Rapporteur: Richard Leaning RIPE NCC

Online Participation:
Online attendees will have a separate queue and microphone, which will rotate equally with the mics in the room; the workshop moderator will have the online participation session open, and will be in close communication with the workshop’s online moderator.

Discussion facilitation:
The workshop will be organized as a facilitated dialogue. Led by the moderator, subject experts will debate and discuss the key questions and issues. Subject experts will give opening comments, after which the moderator will turn to those attending the session and invited experts in the audience to engage in facilitated dialogue.

Conducted a Workshop in IGF before?: No
Link to Report:

Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10
Switzerland

igf [at] un [dot] org
+41 (0) 229 173 678