Publication en anglais du rapport 2013 « Résilience de l’Internet français »


[English below]
Mis en place sous l’égide de l’ANSSI en 2011, l’observatoire de la résilience de l’internet français vise à améliorer la connaissance de l’Internet français en étudiant les technologies critiques à son bon fonctionnement. Il publie chaque année un rapport « Résilience de l’internet français ». Pour la première fois, ce rapport est également disponible en anglais. Cette démarche illustre le rayonnement international des travaux scientifiques de l’ANSSI.

 

(English version)

Introduced under the auspices of the ANSSI (Agence nationale de la sécurité des systèmes d’information) in 2011, the Internet resilience observatory strives to improve knowledge of the Internet by studying the technologies that are essential for it to operate correctly. This means that one of its objectives is to increase collective understanding of the Internet.

By its very nature, the Internet has no borders. However, the Internet in France may be defined as a set of Internet players who carry out actions within the national territory. The observatory focuses on the French Internet, a subset of the Internet in France which excludes foreign actors, in order to understand the dependencies between French economic and social activities in relation to foreign ones. Resilience is defined as the ability to operate during an incident and to return to nominal state. A natural extension of this is robustness, i.e. the ability to limit as much as possible the impacts of an incident. The Internet’s resilience and robustness may be characterised by measurable technical indicators.

Drafted by the ANSSI, with the participation of Afnic, this report provides a resilience analysis by studying two protocols that are essential for the Internet to function correctly. The first one, BGP3, enables Internet actors to transport data using routing statements. The second one, DNS4, provides the mapping between a domain name and an IP address.

In relation to its analyses, the observatory considers that the situation with respect to the French Internet is satisfactory. However, the engineering best practices are not fully adopted by the actors in the French Internet. Consequently, the observatory encourages them to embrace those best practices and issues the following recommendations:

  • Deploy IPv6 to develop skills and anticipate future operational problems;
  • Disperse DNS authoritative servers to improve the infrastructure’s robustness;
  • Test DNSSEC and deploy it to mitigate cache poisoning attacks;
  • Declare the route objects systematically and keep them up-to-date to facilitate the detection and filtering of illegitimate BGP advertisements;
  • Use RPKI and declare ROAs;
  • Apply BGP best practices for operator interconnections.

 

Full report:
Internet Resilience in France – 2013 Report