<<<
Chronological Index
>>> <<<
Thread Index
>>>
Root scaling report
- To: rsst-report@xxxxxxxxx
- Subject: Root scaling report
- From: Elaine Pruis <elaine@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 29 Nov 2009 22:42:06 -0800
Dear ICANN,
Minds and Machines recognizes the very potentially significant issue
of root scaling. As we increase the number of IDN’s and gTLD’s beyond
the current 248 ccTLDs and 20 gTLDs it is imperative that the Internet
function flawlessly.
We also recognize the hard work and good intentions of the Root
Scaling Study Team and TNO. Despite these intentions, however, we see
serious problems with the study.
The conclusion of the report that "with aggressive re-planning the
system is capable of managing the risks associated with adding either
(a) DNNSEC or (b) new TLDs, IDNs, and IPv6 addresses over a 12-24
months - but not both." Is unsubstantiated.
The study argues for an early implementation of DNSSEC. While this may
be a good idea for other reasons, it is by no means required from a
root stability perspective. In fact implementing DNSSEC puts root
stability at risk.
Basic methodology problems
The first thing to recognize is that according to this very study,
there is a wide diversity in hardware and procedures implemented by
the root operators, making it very hard to predict (or model) the
capacity in any way. These hardware limitations are assumed given and
immutable. Clearly, if there is justified demand to increase the size
of the root, the hardware footprint must be expanded.
Furthermore, the study acknowledges that main bottlenecks are human
and not hardware related. To quote the study: "On the provisioning
side the ability to scale the root is completely dominated by the
steps that involve human intervention." Despite this fact, the study
does not assume any increase in staffing of the root scaling operators
to handle the increased load.
Finally the study is done with only the very crudest idea of how many
new gTLDs to expect, or what traffic volumes these are likely to have.
Oddly ICANN has already authorized the creation of over 50 new IDN
ccTLDs, without determining if these additions would impact root
scaling. Minds and Machines would advise the root scaling team to
study the “Expressions of Interest Proposal” voted on in the ICANN
Seoul Meeting. This proposal would give us a clear upper bound (and a
qualitative feel) for the number and type of new gTLDs that might be
added to the root.
To recap: the study assumes that with no increase in hardware or
staffing, adding an unknown number of new TLDs will require
“aggressive re-planning”. In light of the very questionable hypotheses
of this study, the conclusion is by definition flawed.
DNSSEC
The report argues "If a choice must be made, DNSSEC should come
first," and "deploying DNSSEC before the other changes have increased
the size of the root would significantly lower the risk it presents to
DNS stability.”
The argument made here is that it is best to get the big,
destabilizing changes done first. It ignores several potential
disadvantages of mandating DNSSEC at all.
First, because DNSSEC significantly increases the zone file, remote
anycast servers could fall off the list of possible sites that can be
served today. If the entire root is DNSSEC signed, these regions will
be broadly affected.
Second, DNSSEC clearly has drawbacks even when deployed by the book.
For example, the delayed outage of the Swedish TLD (.se) was in effect
exacerbated by DNSSEC.
Third, most registrars see no end user demand for DNSSEC, viewing it
as an added cost – something their clients are not asking for and
won’t pay for.
Historical experience
Since we can’t really analyze the diverse group of root server
operators on a consistent basis, and we certainly cannot assume a
status-quo in either human or hardware systems, we can turn to history
as guide.
Historically the root has been able to meet demand. 250+ new ccTLDs
were added in a very short period – over 10 years ago. In addition,
IPv6 addresses have been added selectively to the root, without
problems.
Conclusions
Minds and Machines takes the root scaling problem very seriously.
However, we also find this study – while well intentioned – severely
flawed, and we direct ICANN to undertake further investigations –
investigations that allow, in particular, for an increase in staffing
and hardware as needed. We also highly encourage ICANN to proceed with
the EOI initiative which will give us a better idea of the scope of
the scaling issue.
Fred Krueger & Elane Pruis
Minds + Machines
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|