Technologies to improve resilience

STASince 2008 ENISA's Security Tools and Architectures Section is evaluating the impact that three technologies (namely IPv6, DNSSEC and MPLS) would have on the resilience of public communications networks. These three technologies have been identified as promising to ensure the stability and integrity of public communications networks during a workshop entitled  “Resilience of Public Communication Networks and Services”, organised by the Agency on March, 2008 and the advice of the ENISA Permanent Stakeholders' Group (PSG).

The technologies under investigation are:

  • DNSSEC
  • DNSSEC are Security Extenstions to DNS, a very important system for internet communications that its resilience heavily depends upon DNS. Today DNS is mainly used to translate names to IP addresses (e.g. 172.16.1.3), locate application servers (gmail-smtp-in.l.google.com), host blacklist tables however in the near future it is expected to be used in a number of services such as storage and lookup of phone numbers and RFID applications.

  • IPv6
  • IPv6 is an OSI Layer 3 technology replacing IPv4, the internet protocol. In May 2008, the European Commission has released a Communication with an "Action Plan for the deployment of Internet Protocol version 6 (IPv6) in Europe". The objective of the Action Plan is the support of the widespread introduction of the next version of the Internet Protocol (IPv6).

  • MPLS
  • Multiprotocol Label Switching is an OSI Layer 2.5 technology used by network operators in IP backbones, replacing Frame Relay and ATM.

Approach

In order to assess the effectiveness of the selected technologies as well as problems and gaps that could potentially compromise the availability of networks and services, ENISA work was carried out from two perspectives. The first consisted of analysing the characteristics of the selected technologies and their public
communication network's resilience enhancing features. In parallel, the effectiveness of these technologies as well as problems and gaps that could potentially compromise the availability of networks and services was assessed through a number of interviews of network operators in EU Member State.

The analysis of the received inputs is expected to become input to the preparation of guidelines on the effectiveness of these three technologies especially in terms of their potential to improve the resilience of public networks but also highlighting their shortcomings. The guidelines produced in the course of 2009 will
be primarily addressed towards National regulators, policy makers and network operators.

This procedure was supported by a group of leading experts that has been assembled by the Agency. Experts from the industry, network operators and academia have worked together in this group to achieve the goals of the agency. This working group has advised the Agency about the questionnaire that is used for the interviews, identified interviewees and assisted the analysis of the collected input and the evaluation of the report.

Advisory workshops

Improving Resilience of Public Communication Networks and Services, Brussels, 8th March 2008

Improving Resilience in European e-Communication Networks, Brussels, 11-12th November 2008

Current work

In 2009 the work on technologies improving the resilience of public communication networks is continued and complimented by focusing in three areas of work, namely:

  1. Improving the resilience of DNS as described in the Work Program for 2009. In particular the need to increase security and availability of DNS was highlighted during the first year of work among the priorities for Europe and ENISA.
  2. Assessing the impact of the evolution and the latest trends of networking technologies (such mesh architectures, p2p networking, etc.) in terms of resilience, both security and availability, of the networks.
  3. Assessing current developments in the area of standardization that relate to the subject of resilience of communication networks.

Deliverables

In this study an overview of the characteristics of the selected technologies is given, their public eCommunication network’s resilience enhancing features are analysed and other properties that one has to be aware of in order to make a decision about their deployment are outlined. Furthermore, a number of deployment scenarios for the technologies are presented.

This report presents the results of a survey conducted to a number of service providers in the EU on the state-of-the-art of deployment of three technologies, MPLS, IPv6 and DNSSEC and their impact on improved network resilience. The report also addresses open issues identified by the representatives of the service providers interviewed.