In The Netherlands, it is a cliché to make fun of them. And they probably do the same thing with us. But while on a short holiday in Belgium, it dawned on me that when it comes to being ready for the future of the Internet, we can learn a lot from the Belgians.
Let’s start with the fact that IPv6 isn’t just a vague term to them ‘that we will think about when we need to’ – instead they are ready for it. We were asked to set up a connection from our client’s office in Ghent to their office in Amsterdam. The problem however was that there wasn’t a public IPv4 address available. A challenge for setting up an IPSEC VPN – one that we worked around on – but for everything else they had a simple, and better solution. They had working IPv6 addresses.
It turns out that there are far fewer IPv4 addresses in use in Belgium, and almost 50 percent of the connections have working IPv6 addresses on access circuits. In the Netherlands, just 7 percent of the connections is IPv6 ready. The Dutch IPv4 abundance makes us fall way short on IPv6 implementation.
Not only are the Belgians way ahead of us with IPv6, they are also a lot further with the implementation of RPKI, Resource Public Key Infrastructure. We found that out, when a client called and said that an IP-range of his wasn’t reachable from Belgium.
IP address blocks that are in use are announced through BGP, so that routers can direct traffic to the right routers and addresses. This system started based on trust: when you announce an IP range, that range must be yours for sure. Lately however there has been misuse of this trust. It is a good way for hackers and spammers to stay anonymous, by announcing your range as their own for a short time and then hop to another.
To combat that misuse, RPKI was introduced. It checks certificates that ‘prove’ the IP-range is yours. When you update that range, you have to update the certificates also, otherwise the routers will not talk with each other. The certificates of our client were not updated yet when they changed their announcement to a different AS number, so traffic could not reach them. Once they were, everything was working perfectly. Again – we had to be pointed to this by a Belgian network. Production use of RPKI is something that in The Netherlands we can only dream about.
These cases somewhat stunned me, because it showed me how far the Belgians are. Or how we have fallen behind. It is the dialectics of lead: we were very quick to jump on board of the Internet and felt cocky enough to not adapt. Belgium did adapt, and did so in a great way. I have learned from my Belgium trip more than just the taste of their beers!