ICANN ICANN Email List Archives

[rsst-report]


<<< Chronological Index >>>    <<< Thread Index >>>

Root scaling report

  • To: rsst-report@xxxxxxxxx
  • Subject: Root scaling report
  • From: Elaine Pruis <elaine@xxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 29 Nov 2009 22:42:06 -0800

Dear ICANN,
Minds and Machines recognizes the very potentially significant issue of root scaling. As we increase the number of IDN’s and gTLD’s beyond the current 248 ccTLDs and 20 gTLDs it is imperative that the Internet function flawlessly. We also recognize the hard work and good intentions of the Root Scaling Study Team and TNO. Despite these intentions, however, we see serious problems with the study. The conclusion of the report that "with aggressive re-planning the system is capable of managing the risks associated with adding either (a) DNNSEC or (b) new TLDs, IDNs, and IPv6 addresses over a 12-24 months - but not both." Is unsubstantiated. The study argues for an early implementation of DNSSEC. While this may be a good idea for other reasons, it is by no means required from a root stability perspective. In fact implementing DNSSEC puts root stability at risk.
Basic methodology problems
The first thing to recognize is that according to this very study, there is a wide diversity in hardware and procedures implemented by the root operators, making it very hard to predict (or model) the capacity in any way. These hardware limitations are assumed given and immutable. Clearly, if there is justified demand to increase the size of the root, the hardware footprint must be expanded. Furthermore, the study acknowledges that main bottlenecks are human and not hardware related. To quote the study: "On the provisioning side the ability to scale the root is completely dominated by the steps that involve human intervention." Despite this fact, the study does not assume any increase in staffing of the root scaling operators to handle the increased load. Finally the study is done with only the very crudest idea of how many new gTLDs to expect, or what traffic volumes these are likely to have. Oddly ICANN has already authorized the creation of over 50 new IDN ccTLDs, without determining if these additions would impact root scaling. Minds and Machines would advise the root scaling team to study the “Expressions of Interest Proposal” voted on in the ICANN Seoul Meeting. This proposal would give us a clear upper bound (and a qualitative feel) for the number and type of new gTLDs that might be added to the root. To recap: the study assumes that with no increase in hardware or staffing, adding an unknown number of new TLDs will require “aggressive re-planning”. In light of the very questionable hypotheses of this study, the conclusion is by definition flawed.
DNSSEC
The report argues "If a choice must be made, DNSSEC should come first," and "deploying DNSSEC before the other changes have increased the size of the root would significantly lower the risk it presents to DNS stability.” The argument made here is that it is best to get the big, destabilizing changes done first. It ignores several potential disadvantages of mandating DNSSEC at all. First, because DNSSEC significantly increases the zone file, remote anycast servers could fall off the list of possible sites that can be served today. If the entire root is DNSSEC signed, these regions will be broadly affected. Second, DNSSEC clearly has drawbacks even when deployed by the book. For example, the delayed outage of the Swedish TLD (.se) was in effect exacerbated by DNSSEC. Third, most registrars see no end user demand for DNSSEC, viewing it as an added cost – something their clients are not asking for and won’t pay for.
Historical experience
Since we can’t really analyze the diverse group of root server operators on a consistent basis, and we certainly cannot assume a status-quo in either human or hardware systems, we can turn to history as guide. Historically the root has been able to meet demand. 250+ new ccTLDs were added in a very short period – over 10 years ago. In addition, IPv6 addresses have been added selectively to the root, without problems.
Conclusions

Minds and Machines takes the root scaling problem very seriously. However, we also find this study – while well intentioned – severely flawed, and we direct ICANN to undertake further investigations – investigations that allow, in particular, for an increase in staffing and hardware as needed. We also highly encourage ICANN to proceed with the EOI initiative which will give us a better idea of the scope of the scaling issue.

Fred Krueger & Elane Pruis
Minds + Machines



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy