iot, it's the internet...only bigger

IoT

Paul Wilson

8 December

IPv6 Summit - Taiwan

…it’s the Internet…only bigger

2

The Internet, only bigger…

• Why the Internet works

• IoT on the Internet

• What does that mean– IPv6– Security

• How to succeed

About APNIC

What is APNIC?• The Regional Internet address

Registry (RIR) for the Asia Pacific region

• Delegates and manages Internet number resources– Including IPv4 and IPv6 addresses

• Supports training, education and internet development

• A neutral, independent, not-for-profit, open membership-based organisation, since 1993

4

Regional Internet Registries

APNIC’s Vision

A global, open, stable, and secure Internet that serves the entire

Asia Pacific community

6

It’s all about the Internetand the Internet’s success

8

Global broadband subscriptions

2008 2009 2010 2011 2012 2013 2014 2015 2016 20170

1000

2000

3000

4000

5000

6000

7000

8000

Population Fixed subs Mobile subs Total subs

Sources: http://www.geohive.com http://www.statista.com

Why the success?• Global network

– uniform– “End-to-End”

• “Dumb” network– lightweight and efficient– intelligence at the edges, in applications and devices

• Neutral network– by default

• Open network– distributed governance– no/low barrier to entry– free standards

The Open Systems Interconnection (OSI) model

Layered communication standards

IP TCP/

HTTP

Layers – in practice

Phone/Fax/SMSTV/VOD/conf“The Internet”

Applications

Fixed, Dialup/ISDNMobile/2G

Cable/ADSLInfrastructure

Voic

eVi

deo

Dat

aNetwork

Layers – in the Internet

12

Voice, email, IMVideo, TV, conf

WWW, DNSApplications

802.11x/WiMaxMobile/4G/LTE

Cable/xDSLx/FTTxInfrastructureIP

v6Internet(TCP/IP)

IoT apps

LoRa,6loWPAN

13

“Internet of Things”

Source: Cisco, 2015

Things

Subscribers

The Internet of Everything

It’s always been the InternetHistory of IoT

16

Internet goes mobile (1976)

The Packet Radio Van

Contained an ARPANet terminal

17

TCP/IP - history

18

CMU Coke Machine (1980s – 1990s)

19

The Internet Toaster 1990

20

The Internet Toaster v2 1991

21

IoT firsts…• 1982: Coke machine

• 1990: toaster

• 1993: webcam

• 1994: Internet radio/player

• 1994: smartphone

• 1995 VOIP software

• 1999: “Internet of Things”

• 2001: 3G

• 2010: 4G/LTE

22

Two Mobile Revolutions…• 1990s: mobile voice explosion

– Few wires available (copper)– New wireless technology (analogue mobile)– New consumer technology (cellphones)– Pent up demand (telephony)

• 2010s: mobile broadband explosion– Few wires available (copper/fibre)– New wireless technology (3G/4G)– New consumer technology (smart phones)– Pent up demand (Internet)

• But note: IoT is not ALL “mobile”– 802.11, wired (eg power line), LoRa, etc

23

Global broadband subscriptions

2008 2009 2010 2011 2012 2013 2014 2015 2016 20170

1000

2000

3000

4000

5000

6000

7000

8000

Population Fixed subs Mobile subs Total subs

Sources: http://www.geohive.com http://www.statista.com

24

IoT nexts…• Electronics of all kinds: personal, home, office, industry

• Devices: Appliances, lighting, sensors, security

• Vehicles, domestic and industrial, and components

• Civil infrastructures: water, power, fuel, transportation

• Manufacturing and industrial

• Environmental monitoring

• Health and related services

• Robotics

• Smart Homes, Smart Cities

25

“Internet of Things”

Source: Cisco, 2015

Things

Subscribers

So what does it mean?IPv4 exhaustion and IPv6 transition

IoT needs IP addresses• IPv4 (since 1983)

– Example: 202.12.29.142– 32-bit* number: 232 = ~4 billion addresses– Existing supply is very nearly exhausted

• IPv6 (since 1999)– Example: FE38:DCE3:124C:C1A2:BA03:6735:EF1C:683D– 128-bit* number: 2128 = 340 billion billion billion billion – Existing supply should/must last for many decades

• The Transition to IPv6– Underway since 2000, but slowly– Not a priority while IPv4 addresses available– Accelerating rapidly today

* bit = binary digit

http://www.potaroo.net/tools/ipv4

50 million IPv4 addresses left…

IPv4 exhaustion…• IANA pool fully distributed in 2011

• RIR regional supplies followed– APNIC: 2011– RIPE NCC: 2012– LACNIC: 2014– ARIN: 2015– AFRINIC: 2017

• “Stop-gap Measures”– These can continue but are damaging– Address sharing, Network Address Translation (NAT)

NAT aka Address Sharing

ISP202.12.29.0/24

The Internet

202.12.29.1 … .2 … .3 … .410.0.0.1 ..2 ..3 ..4

*AKA home router, hotspot, etc

… .32 NAT*

Carrier Grade NAT (CGN)IPv4

CGN

10.255.255.255 10.0.0.1

CGN Challenges

32

1GB per subscriber per month!

Cable Television Laboratories, Inc. 2012

!!! “Things”“Things”

Double NAT everywhere?

IPv4

CGN

NAT

The need for IPv6…• One reason: more addresses

– Other benefits are minor

• The Internet is growing fast– Broadband: mobile and wifi– Internet of Things

• Without IPv6…– Ever increasing complexity and cost, indefinitely– All elements affected: client, server, devices, software

• IPv6 is the only viable option– Enable sustainable growth of the Internet, indefinitely– To ensure the success of IoT

Good news…

Good news…

https://www.google.com/intl/en/ipv6/statistics.html

So what does it mean?Security and Stability

38

An Internet of Stupid Things?• IoT means big numbers

– Huge increase in number and variety of devices– Huge increase in platforms and applications– Companies may be ill-equipped to anticipate problems

• IoT means bigger impacts– Many devices will be released without sufficient testing– Lab testing may not reveal problems in deployment– May affect many millions of devices

• Other implications– Problems may appear many years after release– May be hard or impossible to rectify– Huge liability for companies and reputations

39

2003: University of Wisconsin• Problem: Rapidly escalating DoS attack

– Hundreds of Mbps from many sources– SNTP protocol querying time server at UoW

• Cause: new CPE modem– Incorrect use of SNTP protocol– Queries sent to Stratum 1 server instead of others

• Solution: difficult!– Relies on replacing or upgrading CPE– Most users do not do firmware upgrade– Most unaware of any problem– Impossible to reach

40

2010: APNIC• Testing of received IPv4 address block 1.0.0.0/8

– Traffic received from 1.1.1.1 and 1.2.3.4– Addresses hardcoded into Point of Sales systems (as if private)

860 Mbps

120 Mbps

>1 TB received per day !

41

2015: APNIC• Problem: Excessive queries to whois server

– 5000 queries per second sustained load

• Cause: Firewall product– Hardcoded IP address– Instead of domain name which allows redirection, load balancing

• Solution: see UoW

How to succeedThe IoT vision

43

EcosystemsElectronics manufacturing

• R&D

• Specification and design

• Prototyping and manufacture

• Assembly and test

• Training

• Policy and regulation

• Users

Internet

• Standardisation

• Content and Applications

• ISPs, hosting and data centres

• Telecommunications infrastructure

• Security

• Training

• Policy and regulation

• Users

44

Ecosystem cross-connect • Ecosystems are very different, but:

– Manufacturers must become Internet companies– Internet companies must service the needs of IoT

• Many interconnections– Training and human capacity building– Standardisation and application of standards– BCPs: Best Current Practices (always evolving)– Governmental policy and regulation, and education

• Critical collaboration– Manufacturers can and should join unique Internet ecosystem– Open and bottom-up multistakeholder processes, etc– All are welcome, always!

You’re invited…

APNIC 44 in Taichung, Sep 2017 !

47

Join the Conversation

blog.apnic.net

apnic.net/social

Thank you