[AusNOG] Everything Open 2024, Gladstone AU

[Rob Thomas]

(You may have seen this on linux-aus, but as I'm a network nerd AND
APNIC ARE COMING HERE, I really thought it was important to mention
it here, too. Apologies to those that have seen it twice!)

Hi! I'm Troy McClure... Uh, I mean xrobau (or Rob), and you may
remember me from such things as 'Honest' Rob's Used Car
(and VoIP) Emporium at EO2023, or 'Why am I being
given a phone number just because I'm at LCA?'

Well, for those that don't know, my bluff was called, and I'm running
Everything Open up here in Gladstone in about ... 10 days from now.

https://2024.everythingopen.au/

For those that are thinking of physically attending, NOW IS THE TIME
TO GET YOUR TICKETS! For those that are paying for their own
flights, we have a subsidised shuttle to get you up here to Gladstone,
all you need to do is get to Brisbane, and we'll get you up here and
back (make sure you select that when purchasing a ticket!)

APNIC have also spotted the fantastic opportunity to help out regional
QLD, and are running RPKI and IPv6 courses on the Monday and
Friday before and after EO2024. These courses are *free* for EO
Delegates (but you don't need to be an EO delegate to attend, you
can just do the courses on Monday and Friday if you're nearby!)

However, if you can't make it in person, we understand, which is why
we're offering an Online-only ticket, which will be ALMOST as good
as being here, without having to actually travel. These are pretty much
at-cost, and are quite limited, so if you're interested, PLEASE register
now. We only have a limited number of remote slots, and it's going to
be first in, best dressed. (I'm not sure if APNIC are planning on
offering remote/online tickets to their courses - I suspect they are,
but please ask them, that's nothing to do with us!)

We have an amazing list of talks and keynotes from some amazing people such as
Geoff Houston (AM), Jana Dekanovska, and Professor Aaron Quigley. Please see
their, and everyone else's, talks on https://2024.everythingopen.au

Moving on, now all the serious stuff is over, I'm sure no one AT ALL
is surprised that I have a bunch of NON serious stuff planned, that
I hope everyone will have fun with.

Most of it is only going to be relevant to people who managed to make
it here, but one thing that we had a great time with previously was 'LCA
Plays Pokemon'.

Last time, that was done through our internal LCA phone system, but
THIS time I'm hoping we can do it through the web, but *only* EO
Delegates will be able to send commands.

Everyone else will only be able to watch via Twitch/YouTube/something.
I should warn you that I haven't even STARTED to set this up, because it's a bit
more important that I do actual critical stuff to run the conference,
but I feel pretty
confident that I'll have some time to get that up and running (I suspect it may
be done through a bot account on Mastodon.au, so make sure you have
a fediverse account somewhere!)

Finally, we also have a Matrix Room - feel free to join it at
  https://app.element.io/#/room/#everythingopen:matrix.org

For REAL and SERIOUS announcements, we're putting them up on a couple of places:
  https://fosstodon.org/@everythingopen
  https://www.facebook.com/EverythingOpenConference
as well as LinkedIn at
  https://www.linkedin.com/showcase/everythingopen/

I strongly suggest you follow all of them!

For extremely unreliable, non-serious announcements and quite probably
a large amount of whinging and complaining, you will find me at
https://facebook.com/xrobau and https://mastodon.au/@xrobau (I am
also the sucker that RUNS mastodon.au, so if you're not on the Fediverse
already, feel free to sign up there) where everyone will  be able to watch
me have a quiet (or possibly not so quiet?) meltdown over the next week
as the conference gets closer and closer!

I hope to see you all here, either physically or not!

--Rob Thomas
Conference Lead, Everything Open 2024, Gladstone, Australia
___
AusNOG mailing list
AusNOG@lists.ausnog.net
https://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Earlybird Rego for Everything Open ALSO finishes soon!

[Rob Thomas]

Everything Open has an unusually large amount of networking specific stuff
happening, more than the usual LCA level of nerdery.  We even have GIH as a
Keynote speaker! With Mark's email about IETF, I thought I better mention
it here, too:

Earlybird tickets are closing on WEDNESDAY. If you're thinking of paying
for it out of your own pocket, now would be a good time to get your ticket
and save some money. On the other hand, feel free to pay full price next
week which Linux Australia won't object to at all 8)

https://2024.everythingopen.au/news/earlybird-extended/

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
https://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Gladstone Remote Hands

[Rob Thomas]

That'd be me!

0402-077-155.

--Rob


On Tue, 25 Jul 2023 at 13:43, Bradley Amm  wrote:

> Hey People
>
> Is anyone free in Gladstone to do a job for me sometime in the next few
> weeks?
>
> Need someone to go to our office near the harbour, swap out the Microtik
> that uses PPPoE from Dreamtilt (can provide login detials) copy the
> settings to a Fortigate 40F Wi-Fi (to be sent to you before) and check that
> I can get into it from Perth.
>
> Need an ABN and invoice us for your time.
>
> Thanks
>
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
https://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Telstra. *tableflip*

[Rob Thomas]

Trying to log into our Telstra account and we are greeted with this lovely
message:

---
Two-step verification
To protect the security of your account, we need to complete an additional
authentication step. We refer to this as a two-step verification.

As we don’t have any contact details listed on your account, we’re unable
to complete the two-step verification. This means you’ll need to visit a
Telstra store with a valid ID. You can find our nearest store here.

Please remember to bring in a valid form of ID. If you’re a small business
customer, please bring in a letter/document with your business’ letterhead
on it.
---

I've given Telstra my ID more times than I can possibly count, and this is
it. I'm done. I can't even download my latest bill to pay them.

So, I guess I'm going to be porting 200 odd mobiles away from them. They
have succeeded in beating entropy, where it was easier to NOT change than
it was to change.  Well done Telstra, I guess. Thank you for finally
convincing me that your incompetence was no longer worth tolerating.

Yes, I do have my cranky pants on, how did you tell?

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
https://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Critical 3CX Windows/Mac hack.

[Rob Thomas]

As no-one's mentioned it here yet, I just thought I'd bring up the
zero-day, in the wild, active RIGHT NOW, trojan 3CX Windows and Mac apps.

If you, or you have clients, running 3CX, make sure they ARE NOT using the
app. If they are, their machines are probably already owned, and all their
stored credentials and session cookies have been leaked.

https://www.bleepingcomputer.com/news/security/hackers-compromise-3cx-desktop-app-in-a-supply-chain-attack/amp/

This is really bad. Sorry 8-(

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
https://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Everything Open Conf AusNog hallway track?

[Rob Thomas]

I'm going to be in Melbourne for Everything Open next week, and if anyone
else is planning to come please email me, and we'll do an unofficial ausnog
hallway track!

I'm also staying at the Casino next door, and you will know if you're near
me by all the 'xrobau' SSIDs you'll see 8)

--Rob

(For those that missed it, EverythingOpen is replacing LCA for this year,
and is in Melbourne - https://2023.everythingopen.au/ - but is basically
the same group of people)
___
AusNOG mailing list
AusNOG@lists.ausnog.net
https://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Reminder to vote in the APNIC Elections!

[Rob Thomas]

As the time is getting close to the end of the voting period, I thought it
would be worthwhile to remind everyone to go and submit their votes!

I've done my best to keep quiet on the potential issues in this election,
apart from my official statement  (See my nomination page
https://2023.apricot.net/elections/nominations/robthomas/ for information -
Note that closed captions are available on the video for those with hearing
impairments), but I think the other posts have explained it well enough.

So please, take the time to log into your my.apnic account, cast your
votes, and work towards making APNIC work for us!

For those who don't have a spare Round Tuit, and don't want to be bothered
doing it yourself, feel free to add 'r...@qldvoip.com.au' as a contact and
ONLY assign me 'Voting' rights. However, I really REALLY encourage you to
look into the candidates yourself.

--Rob
+61-402-077-155
___
AusNOG mailing list
AusNOG@lists.ausnog.net
https://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Anyone have a HGST 4U60 G1 SAS Cable I can beg/borrow/buy?

[Rob Thomas]

I've just spent all weekend building a new DC, and when I plugged in
the 4U60 it looks like the SAS cables that were supplied to me aren't
wired correctly, as they're reported as 'Invalid'.

https://i.imgur.com/rK6QfXS.png

The part number is 1EX0233 and I've ordered one from the US, but that
could be weeks until it arrives, and it looks like the random ones you
can buy on eBay aren't wired the way this thing expects. 8-(

If anyone has one lying around and could stick it in a box and ship it
to me, I would be eternally grateful.

--Rob (0402-077-155)
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] RPKI is the New Hotness. RADB is old and busted.

[Rob Thomas]

For those that haven't noticed, I have a bit of a bee in my bonnet about
RPKI.

We now have all of our major carriers here in Australia (and massive thanks
to Phil!) doing proper RPKI validation, and APNIC have (tentatively) agreed
that getting RPKI+ROAs for legacy allocations should hopefully be a lot
easier, and nowhere near as financially challenging, in the near future.

So I'm going to be setting up some super-easy documentation on rpki.com.au
over the next couple of weeks, INCLUDING some labs and free (don't ddos me,
bro) bgp feeds for those that want to experiment with this in preparation
for deploying it in prod, AND (if I can get enough people to donate some
spare compute and network infra) a bunch of public do-not-use-in-prod RPKI
RTR Servers scattered all over the world.

To pre-empt some questions:

Q: Why the public servers?
A: Because people COPY AND PASTE STUFF. If we (in my case, VyOS, but 'we'
as people who write documentation) provide example or template BGP
configurations which have ROV built in from the very start, then that's
what people will use.

Q: I don't have a full BGP feed, do I care?
A: No. ROA/ROV is only relevant to those networks that don't have a default
route out to the internet

Q: I only have one uplink, do I care?
A: See above. You'll be sending traffic out that one link anyway. But hey,
deploy ROV anyway, it's SUPER easy!

Q: I've been using altdb and radb for 20 years. I don't want to change.
A: OK. I'll get off your lawn.

For any OTHER questions, I urge you to check out the RPKI labs video from
APRICOT which.. I can't seem to find. Hopefully someone else can reply to
this message with some entry level documentation, and maybe - if we're
lucky - a link to a recording of the tutorial.

If you want to chat or have other suggestions that you want to keep
out-of-band (apart from 'shut up Rob, stop crapping on about RPKI') hit me
up on B4P, or BGPeople (xrobau both, of course), or the IM or social media
platform of your choice, as I'm probably xrobau there, too.

--Rob 'Buzzing Bonnet' T
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Gratuitous self-promotion for APNIC Exec Committee Voting

[Rob Thomas]

As you may (or may not?) know, I'm running for the Exec Committee for APNIC
in this election.

As it's a purely virtual conference this year, all the nominees have been
asked to record a short video introducing themselves, which I have done!

https://youtu.be/-SbMtphI3kw

If you think that I might be suitable to serve on the board of APNIC, I'd
love it if you could vote for me before voting closes on the 4th of March
via https://my.apnic.net/voting

If you're not sure about who ELSE to vote for, you're more than welcome to
appoint me as your proxy via
https://my.apnic.net/voting/EC2021/appoint-proxy and I'll work with the
other nominees to finalise our selections (and I'll post it on the
xrobau.com.au website).

Thanks!

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] BGP database update for our WISP

[Rob Thomas]

Ulick, you're going to have to speak to your upstream carrier, and get THEM
to speak to their upstream carriers.

Checking a feed from Telstra, they are not advertising your routes, or,
both of their upstreams are filtering it.

This is not something we can help with.

show ip bgp regexp _9519_

BGP table version is 28882287, local router ID is 203.14.128.10, vrf id 0
Default local pref 100, local AS 37990
Status codes:  s suppressed, d damped, h history, * valid, > best, =
multipath,
   i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network  Next HopMetric LocPrf Weight Path
*> 58.84.131.0/24   110.145.148.2450 1221 64098
9519 9519 9519 9519 45763 ?
*> 58.84.171.0/24   110.145.148.2450 1221 64098
9519 9519 9519 9519 45763 ?
*> 58.84.203.0/24   110.145.148.2450 1221 64098
9519 9519 9519 9519 45763 ?
*> 58.84.205.0/24   110.145.148.2450 1221 64098
9519 45763 ?
*> 103.3.144.0/22   110.145.148.2450 1221 64098
9519 9519 9519 9519 i
*> 103.3.146.0/23   110.145.148.2450 1221 64098
9519 9519 9519 9519 i
*> 103.39.136.0/23  110.145.148.2450 1221 64098
9519 133737 i
*> 103.39.136.0/24  110.145.148.2450 1221 64098
9519 133737 ?
*> 103.39.137.0/24  110.145.148.2450 1221 64098
9519 133737 133737 133737 133737 ?
*> 103.79.180.0/24  110.145.148.2450 1221 64098
9519 i
*> 103.141.233.0/24 110.145.148.2450 1221 64098
9519 9519 9519 9519 138455 ?
*> 103.198.54.0/24  110.145.148.2450 1221 64098
9519 38541 38541 38541 38541 ?
*> 103.198.55.0/24  110.145.148.2450 1221 64098
9519 38541 38541 38541 38541 ?
*> 180.189.144.0/24 110.145.148.2450 1221 64098
9519 i
*> 202.0.64.0/24110.145.148.2450 1221 4826 9519
9519 9519 i
*> 203.82.96.0/20   110.145.148.2450 1221 64098
9519 i
*> 203.82.96.0/23   110.145.148.2450 1221 64098
9519 i
*> 203.82.96.0/24   110.145.148.2450 1221 4826 9519
i
*> 203.82.98.0/23   110.145.148.2450 1221 64098
9519 i
*> 203.82.100.0/23  110.145.148.2450 1221 64098
9519 i
*> 203.82.102.0/23  110.145.148.2450 1221 64098
9519 i
*> 203.82.106.0/23  110.145.148.2450 1221 4826 9519
i
*> 203.82.108.0/23  110.145.148.2450 1221 4826 9519
i
*> 203.82.110.0/23  110.145.148.2450 1221 4826 9519
i
*> 203.92.7.0/24110.145.148.2450 1221 64098
9519 38541 38541 38541 38541 i
*> 203.121.193.0/24 110.145.148.2450 1221 64098
9519 45763 ?
*> 203.121.207.0/24 110.145.148.2450 1221 64098
9519 45763 ?
*> 203.121.214.0/24 110.145.148.2450 1221 64098
9519 45763 ?
*> 203.175.178.0/24 110.145.148.2450 1221 4826 9519
45627 i
*> 203.188.216.0/21 110.145.148.2450 1221 64098
9519 i
*> 203.188.216.0/23 110.145.148.2450 1221 64098
9519 i
*> 203.188.218.0/23 110.145.148.2450 1221 64098
9519 i
*> 203.188.220.0/23 110.145.148.2450 1221 4826 9519
i
*> 203.188.222.0/23 110.145.148.2450 1221 64098
9519 i



On Thu, 14 Jan 2021 at 10:35,  wrote:

> Hello,
>
>
>
> I am seeking any assistance to update the BGP records on various up
> streams in particular Telstra.
>
>
>
> At 4pm yesterday 13th January we ceased using AS 133494 Air Networks
> started peering with our new AS 134507 to our upstream provider AS 9519
> (Vertical Telecoms P/L)
>
>
>
> Since this time externally we are unable to ping into our subnet
> 103.231.204.0/22 and on our network unable to open Telstra.com and
> various other services such as Netflix.com
>
>
>
> It has been confirmed with both Vertel we are advertising correctly with
> new AS 134507 and APNIC helpdesk confirm all database is correct.
>
>
>
> Seeking assistance please for a refresh of other BGP databases to reflect
> the new details please from the whois registry?
>
>
>
> Below is current reporting correctly from APNIC looking glass (Brisbane)
>
>
>
> BGP routing table entry for 103.231.204.0/23, version 157624362
>
> Paths: (2 available, best #2, table default)
>
>   Advertised to update-groups:
>
>  1  3  6
>
>   Refresh Epoch 354
>
>   24115 64098 9519 9519 9519 9519 134507
>
> 45.127.172.21 from 45.127.172.123 (45.127.172.123)
>
>   Origin IGP, metric 30, localpref 150, valid, external
>
>   Community: 24115:64098 24115:65012
>
>   

[AusNOG] [Massively OT] Motorbike with the plates G33K?

[Rob Thomas]

If you own, or know anyone who has a bike with those plates (and I'm
guessing NSW plates), you may be getting a nasty surprise from Linkt
yelling about non-payment of tolls.

I have those plates on my QLD Van, but Linkt have been sending me
increasingly strident demands saying that my Motorbike with those plates
travelled in Brissy in November of last year (which I obviously didn't).

If they send you anything more than the $2-odd charge for the tolls please
feel free to hit me up and I will more than happily provide you with the
complete log of me going 'My white van is not a motorbike' over and over
again, so their incompetence is not an excuse for charging you extra fees.

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] auDA help

[Rob Thomas]

I suggest you just transfer your domain away from GoDaddy, to a
different registrar, as they are notoriously useless.

If you do a bunch of domains, it might be best to go with a wholesaler and
whilst I personally recommend Synergy Wholesale, there are others you can
pick from - look at the accredited registrars here:

https://www.auda.org.au/industry-information/registrars/



On Thu, 30 Jul 2020 at 19:26, Greg M  wrote:

> Hi Noggers,
>
>
>
> Wondering if anyone a contact at AUDA or Godaddy who can assist with a
> domain issue.
>
>
>
> History:
>
>- Jun 30, Godaddy advises the domain has a de-registered ABN/ACN
>associated to it.
>- Jul 6 – Stat dec, Updated ABN/ASIC details sent to Godaddy
>- Jul 8 – Godaddy update the domain details (change visible via whois)
>even requiring a 2 year upfront “payment”  to renew it as part of the
>“update”
>- Jul 30 – The .com.au/.net.au domains suddenly cease working with an
>email from Goddady advising we did not respond in 30 days since the
>original email and that the domain is now cancelled.
>
>
>
> We have contacted them today, twice and of course we are unable to speak
> to anyone there who “handles these specific requests” – and have been
> advised by Customer Service it will take “auDA weeks to months” to process
> our support request.
>
>
>
> Seriously?
>
>
>
> Any help is appreciated as the business has been crippled by this, as
> their CRM/practise software is all linked to their website/domain with
> complex Azure/O365 integrations that no longer function.
>
>
>
> Cheers,
>
>
>
> Greg
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] NANOG79, IPv6 and Megaport

[Rob Thomas]

I've been catching up on the talks at NANOG79, and, being the massive
IPv6 proponent that I am, I was interested to read the IPv6 adoption
paper by Susan Forney, from HE.

https://storage.googleapis.com/site-media-prod/meetings/NANOG79/2194/20200530_Forney_Ipv6_Adoption_Over_v1.pdf

I was happy to see, and would like to just publicly give some Kudos to
Megaport who have made it painless, trivial, and *most importantly a
default!* to set up ipv6 peering, and it shows (page 15)

MegaSyd and MegaBne are among the top IPv6 IX's in the AP region, even
though they are 10% of the size of JPNAP, they have almost the same
IPv6 coverage (page 16).

Good work guys. Thanks!

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] RFC - Mobile carriers/resellers/MVNO's/whatever

[Rob Thomas]

I have about 160 odd mobile phones that are currently through Telstra.
It's getting to the point where trying to get them to do anything is
like shouting into the void.

Is there anyone here who is a MVNO (doesn't need to be Telstra, but
our location doesn't have good Voda coverage) that can do things like
'port in', 'release number to end user, because they want to own their
number', 'port out', 'create new mobile number', 'delete mobile
number' without needing a physical body to stand in a queue at some
third-party reseller pretending to be a carrier's random shop for
three hours?

It would be GREAT if it was all web/API based, but even firing off an
email to a human is OK.

I'd LIKE shared data, but it's not a dealbreaker if it's
$stupid_amount per phone that's not shared. I'd also like IPv6 on the
data network, too, but I'm not sure who (if anyone) is doing that.

Replies offlist please, and if you're also interested in this, hit me
up and I'll send you a summary too!

--Rob
(0402-077-155)
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] (no subject)

[Rob Thomas]

If you wanted to do this simply, just grab a linux machine with three
network interfaces, and do this (assuming eth0 is 'real' and eth1 and
eth2 are where you want to insert the tap)

brctl addbr sniff
brctl addif sniff eth1
brctl addif sniff eth2
brctl stp sniff off

You can then do a tcpdump on the 'sniff' interface and you'll see
everything at a packet layer (not a frame layer). If you really REALLY
want frames, it's harder, but mostly doable. It looks like that USB
thing is only at the packet layer anyway, so you should be fine.

--Rob


On Thu, 21 May 2020 at 12:09, Richard Biggs
 wrote:
>
> Hi All,
>
>
>
> Looking for a standalone network tap, I can’t seem to find anything local in 
> Aus.
>
>
>
> Only needing something real basic like 
> https://www.dualcomm.com/products/usb-powered-10-100-1000base-t-network-tap 
> does anyone know who would be holding some stock?
>
>
>
> Cheers,
>
>
>
> RB
>
>
>
>
>
> **
>
> Disclaimer: This email and any attachments may contain legally privileged or 
> confidential information and may be protected by copyright. You must not use 
> or disclose them other than for the purposes for which they were supplied. 
> The privilege or confidentiality attached to this message and attachments is 
> not waived by reason of mistaken delivery to you. If you are not the intended 
> recipient, you must not use, disclose, retain, forward or reproduce this 
> message or any attachments. If you receive this message in error, please 
> notify the sender by return email or telephone and destroy and delete all 
> copies. Unless stated otherwise, this email represents only the views of the 
> sender and not the views of the Queensland Government.
>
> Queensland Health carries out monitoring, scanning and blocking of emails and 
> attachments sent from or to addresses within Queensland Health for the 
> purposes of operating, protecting, maintaining and ensuring appropriate use 
> of its computer network.
>
> **
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] The IPND Manager probably just leaked your email address

[Rob Thomas]

I received that email, but it didn't have a CC list attached. I would
have noticed!

Original message

Message 
ID
Created on:15 May 2020 at 14:14 (Delivered after 21 seconds)
From:! IPND Manager 
To:
Subject:Critical Emergency Maintenance to IPND IIS Platform - Extended
Downtime Sunday 17th May 2020 from 12pm to 4pm
SPF:PASS with IP 203.35.82.212 Learn more
DKIM:'PASS' with domain team.telstra.com Learn more
DMARC:'PASS' Learn more


On Fri, 15 May 2020 at 14:30, Andrew White  wrote:
>
> FYI, the IPND Manager just sent out an email entitled “Critical Emergency 
> Maintenance to IPND IIS Platform - Extended Downtime Sunday 17th May 2020 
> from 12pm to 4pm”.
>
> The CC field appears to contain the internal email addresses of every IPND 
> registered telco in the country.
>
> Now is probably a good time to switch on your spam filters or change internal 
> addresses.
>
> Cheers,
>
> Andrew
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] My condolences to the people trying to sort out remote learning

[Rob Thomas]

I'm watching my wife and her friends on derpbook try to consolidate
their tech support hints and tips to get the rugrats onto and into Day
1 of their remote learning, and the last thing she sent to me was
'High school has fully crashed'.

I understand that all your stuff is on fire, and everything that was
on fire yesterday is now a towering inferno, and you probably feel
like everyone is blaming you.

Please don't stress. If you have someone breathing down your neck,
here's a bunch of technically correct, but also useless excuses you
can give people to get them off your back for a while, while you
actually fix the problems that have cropped up without having to
explain them to a non-technical audience.

1. There are IPv6 problems (you can grow this one out as much as you
want. Blame NAT64)
2. We aren't receiving all of AARNET's BGP announcements (bonus points
are awarded if you're not MEANT to be receiving AARNET's BGP
announcements, but still manage to use this as an excuse)
3. Some of our peering links are down (Well, you can't use that if you
REALLY have all your peering links up, but who is in that state right
now??)
4. Office365 is playing up _or_ Office365 has just started working
(You can alternate this one, to match reality)
5. There's congestion on the Telstra network (Don't be specific as to
WHERE the congestion is)
6. Have you checked YOUR firewall? No, really. Check it again. (Repeat
several times)
7. Wildcard! Blame VoIP.  SIP is so complex, most people will glaze
over when you start explaining that the SDP is being mangled
incorrectly so RTP is leaving bogus port forwarding in place in your
border NAT device which ... blah blah.

But here's the important thing.  This is not the end of the world. If
stuff is down because of something out of your control, or because
you're busy putting out other fires, IT DOESN'T MATTER. Here's a photo
of my pair not CARING that everything is broken.

https://i.imgur.com/jBXrE9M.png

They're the end users, they don't care. No matter who is saying it's a
life and death thing, it's not. There ARE things that are life and
death (eg, 000/VoIP!). Care about those.

And geez, if you REALLY get stuck with something that you think that
you should be able to figure out and can't, post it here. We don't
mind. Got a VOIP problem? Ask me here, or off list. BGP Filters not
working? Routing loops? Whatever. Post it here. (Except, possibly
enough of the 'Office 365 CDN is corrupt' stuff, because this is
something that Microsoft REALLY SHOULD have solved by now)

I always find that even just talking about, or writing down, a problem
that has stumped me always helps (see 'Rubber Duck Debugging'). Half
of us are sitting around twiddling our thumbs because we've got 50% of
our normal traffic, and I'm sure we'll all be willing to help.

--Rob

PS: I honestly, truly, care. I've been RIGHT at the end of my tether
for stupid reasons and because I was under insane pressure. You,
personally, are more important than your job. Don't kill yourself
(metaphorically OR literally).  Wanna chat about shit? Call me.
0402-077-155. Anytime.
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] FYI: Telstra carrier interconnects are full

[Rob Thomas]

>
> I don't doubt that you're right Rob, but help me out here. Surely
> voice traffic is such a tiny drop in the networking-traffic bucket
> that any sort of increase is still largely insignificant.
>
> Are you saying that voice interconnects are big, fat, pipes and that
> ramping them up is a big deal?

Yes. With Telstra, it's an EXTRAORDINARLY big deal. You still have to
use specific hardware, and SS7 signaling over ISDN

Note: This may be out of date, but I was previously told I *had* to
use a Dialogic gateway, and buy a craptonne of ISDN from them.before
the'd even think about it. I may be slandering them, and if I am
incorrect, please accept my apologies, and BTW Hey, Telstra, I want
500 channels of interconnect over SIP please 8)

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] FYI: Telstra carrier interconnects are full

[Rob Thomas]

If you've got customers complaining about not being able to make calls
from Telstra (landlines or mobiles) there's a good chance it's because
Telstra don't have enough interconnect channels to other carriers.

It's a known issue, and people above my pay grade are caring about it.

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Who owns these PPP Access Concentrators?

[Rob Thomas]

Google says TPG.

https://community.tpg.com.au/t5/Broadband-Internet/FTTP-IP-changing-multiple-times-a-day/td-p/19560


On Sat, 21 Mar 2020 at 08:22, Chris Barnes  wrote:

> Hi peeps,
>
> Does anyone recognise these access concentrator names?
>
> syd-gls-har-bras22
> syd-gls-har-bras23
> syd-gls-har-bras26
> syd-apt-ros-bras22
> syd-apt-ros-bras23
> syd-apt-ros-bras24
> syd-apt-ros-bras26
>
>
> Troubleshooting a new HFC installation. Internode says the provision is
> complete but they aren't seeing any authentication attempts at all. On the
> router I'm seeing a response to the authentication attempts from those
> access concentrators with the PPP code "Request Denied".
>
> So, If Internode aren't seeing the auth attempts, who is?
>
> --
> Kind Regards,
>
> Christopher Barnes
>
> e. chris.p.bar...@gmail.com
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] FYI: Pro Bono remote hands in Central QLD

[Rob Thomas]

With Jared's message about NZ, I realised that there's going to be other
places that need remote hands that could be difficult to get smart bodies
to.

If you urgently need remote hands in the CQ region (Bundaberg, Gladstone,
Rocky, Mackay, out to Emerald), there's a reasonable chance I can get
someone knowledgeable there to help you out, at no charge.

This is not a service we normally provide, and won't be available AFTER
this, and I am only offering it in the hope that it might save you some
heartache over the next month or so.

If you need this, you can contact me on 0402-077-155, or twitter @xrobau or
facebook.com/xrobau - last priority would be email.

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Anyone from AS38333 (Symbio) around?

[Rob Thomas]

We're having dramas talking to router as38333.sydney.megaport.com. -
you don't appear to be responding to ARPs from
as7546.sydney.megaport.com.

Unfortunately, as there's three different transit providers in the
mix, it's pretty hard to figure out where the problem is.  If anyone
can reach out to me off-list, or call me on 0402-077-155, that would
be awesome.  At the moment we've stopped advertising to Mega Sydney,
which is sub-optimal 8-\

Thanks

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] 4G Redundancy Device

[Rob Thomas]

You seem to be duplicating points-of-failure there, Nathan. You
probably want this:

https://shop.duxtel.com.au/product_info.php?products_id=535

Mikrotik _and_ LTE modem, all in one, weatherproof, unit. So you can
basically do BGP/OSPF/VPN/Whatever directly from the LTE endpoint,
without adding an extra bit of hardware to the mix.

--Rob

On Thu, 6 Feb 2020 at 12:51, Nathan Brookfield
 wrote:
>
> Love them, use them connected to Microtik’s for OPVPN clients, great devices 
> and they don’t’ get hot and overheat like the Sierra dongles haha.
>
>
>
> Kindest Regards,
>
>
>
> Nathan Brookfield (VK2NAB)
>
> Simtronic Technologies Pty Ltd
>
>
>
> Local: (02) 4749 4949 | Fax: (02) 4749 4950 | Direct: (02) 4749 4951
>
> Web: http://www.simtronic.com.au | E-mail: nathan.brookfi...@simtronic.com.au
>
>
> CONFIDENTIALITY & PRIVILEGE NOTICE
>
> The information contained in this email and any attached files is strictly 
> private and confidential. The intended recipient of this email may only use, 
> reproduce, disclose or distribute the information contained in this email and 
> any attached files with Simtronic Technologies Pty Ltd’s permission. If you 
> are not the intended recipient, you are strictly prohibited from using, 
> reproducing, adapting, disclosing or distributing the information contained 
> in this email and any attached files or taking any action in reliance on it. 
> If you have received this email in error, please email the sender by replying 
> to this message, promptly delete and destroy any copies of this email and any 
> attachments.
>
> It is your responsibility to scan this communication and any files attached 
> for computer viruses and other defects and recommend that you subject these 
> to your virus checking procedures prior to use. Simtronic Technologies Pty 
> Ltd does NOT accept liability for any loss or damage (whether direct, 
> indirect, consequential, economic or other) however caused, whether by 
> negligence or otherwise, which may result directly or indirectly from this 
> communication or any files attached.
>
>
>
> From: AusNOG  On Behalf Of Graham Maltby
> Sent: Thursday, February 6, 2020 1:44 PM
> To: ausnog@lists.ausnog.net
> Subject: [AusNOG] 4G Redundancy Device
>
>
>
> Hi Everyone,
>
>
>
> Does anyone have any experience or comment they would like to share on these 
> - positive or negative.
>
>
>
> https://www.netgear.com.au/home/products/mobile-broadband/lte-modems/LB2120.aspx
>
>
>
> Looking that their use in an SOHO and SME role mainly and as a self contained 
> solution, not integrated into another router.
>
>
>
> Thanks,
>
> Graham
>
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] The aussie-isp archives seem to have vanished?

[Rob Thomas]

I was just trying to find some old post of mine from years ago, and
realised that I couldn't find the original aussie-isp (aussie.net)
archives. The taz.net ones are SORTA there, but 403'ing (but are
visible on the wayback machine)

Does anyone know where they've gone? Or, even better, if you happen to
HAVE them, if you could send them to me, I'll get them on archive.org
for posterity.

Yes, I'm sure everyone wants to see me totally misunderstand
bang-paths in UUCP based email 20 years ago 8)

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] the state of bufferbloat awareness and remediation in australia?

[Rob Thomas]

Unsurprisingly to most, I'm the guy who played one of the VoIP packets
(I'm in the blue Clearly IP shirt).

After his talk at LCA, I was discussing the way to handle VoIP, and I
mentioned that the way I do most VoIP client connections is via a
tunnel. This allows me to put a proper queue on the tunnel ITSELF, and
just hope that the actual outgoing link of the customer isn't
congested.

This seems to work reasonably well, and customers usually end up with
good audio (as well as bypassing all the NAT nightmares).

I'm hoping that Dave comes back next year to LCA (and for those that
missed the announcement, it's in Canberra), and can do some more talks
next year 8)

--Rob

On Sun, 26 Jan 2020 at 12:29, Dave Taht  wrote:
>
> Ladies and gentlemen! Ryan Mounce has entered the room! Ryan
> contributed the ack-filtering code in sch_cake several years ago. All
> Hail Ryan! Cake ( https://lwn.net/Articles/758353/ )has been available
> out of tree for linux for 5 years (with maintained backports all the
> way back to linux 3.10) and it finally went upstream in linux 4.19.
> Please note that as much as I like cake, the sqm scripts go back even
> further (and also allow for configuring not just fq_codel but pie)
>
> On Sat, Jan 25, 2020 at 5:52 PM Ryan Mounce  wrote:
> >
> > NBN Co do inject options into DHCP and PPPoE requests with the down/up sync 
> > rate for their wholesale xDSL services so that ISPs (RSPs in NBN lingo) can 
> > shape individual services correctly. I have no sense how widely ISPs are 
> > actually taking advantage of this.
>
> Well, I try to keep kicking em along. As noted in my previous message
> we're seeing a couple ISPs in germany move on this (free.fr in france
> adopted this stuff in 2012, everybody else is lagging somewhat :/)
> It's only a few line of shell script hook into the negotiation phases
> at this point. A days worth of work. Or less. And as for "correctly",
> well, I keep hoping folk will leverage the sqm-scripts and/or cake -
> when available. Aside from the fritzbox (which I know has fq_codel in
> it), are there any other common home routers with a reasonably modern
> linux or freebsd os in 'em?
>
> Do you have any insight into the DHCP message?
>
> who "owns" the end-user router in australia now?
>
> anyway, my talk at linux.conf.au (and blatant plug #2) is reviewed now
> at: 
> https://blog.apnic.net/2020/01/22/bufferbloat-may-be-solved-but-its-not-over-yet/
>
> great to see you here, ryan,
>
> > -Ryan
> >
> > On Fri, 17 Jan 2020 at 11:24, Dave Taht  wrote:
> >>
> >> Hi, all. I'm here at linux.conf.au having just given a talk about how
> >> tcp works in the bufferbloated age[1].
> >>
> >> On my way here I stopped in for a few days with geoff huston and
> >> george michaelson who filled my ears with the chaos of the NBN rollout
> >> and other issues in the australian network infrastructure... and gave
> >> me a shot at some data they had on bloat, and ecn usage in the wild
> >> which I hope to write up over the next month or so.
> >>
> >> I was wondering about a few things:
> >>
> >> How y'all doing on eliminating bufferbloat from your networks? Using
> >> things like fq_codel, sch_fq + bbr, etc?
> >>
> >> Do you have any awareness from your regulatorium?
> >>
> >> I see, from sites like whirlpool, that some consumer hardware here,
> >> like the fritzbox, have fq_codel now, but it's not clear if ISPs are
> >> actively configuring it (or what we call "sqm") yet. (theres a PPPoe
> >> message now in use in parts of germany for up/down and frame rate
> >> seeing increasing deployment).
> >>
> >> Lastly:
> >>
> >> Anyone need a wayward network researcher/theorist for a few weeks or
> >> months to help address their bufferbloat issues in their stacks and
> >> hw? - maybe not this trip but on some other occasion?
> >> (I rather like hanging in australia)
> >>
> >> [1] blatant plug  http://youtu.be/ZeCIbCzGY6k
> >>
> >> --
> >> Make Music, Not War
> >>
> >> Dave Täht
> >> CTO, TekLibre, LLC
> >> http://www.teklibre.com
> >> Tel: 1-831-435-0729
> >> ___
> >> AusNOG mailing list
> >> AusNOG@lists.ausnog.net
> >> http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> > --
> > Regards,
> > Ryan Mounce
> >
> > r...@mounce.com.au
> > 0415 799 929
> >
> > Sent from mobile
>
>
>
> --
> Make Music, Not War
>
> Dave Täht
> CTO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-831-435-0729
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Heads up: Super awful FreePBX RCE

[Rob Thomas]

If you have any FreePBX machines floating around, now is the time to make
sure they're up to date, ESPECIALLY if they're visible from the interwebs.

https://www.reddit.com/r/VOIP/comments/dypp36/20191119_critical_freepbx_security_vulnerability/


I backdated it for those yanks who are living in the past, but it was
discovered this morning.

The quick summary is it's a trivial exploit, with the ability to escalate
to a root shell - which means a pwned machine, all the attacker needs is
unauthenticated visibility to any of the admin pages.

Feel free to hit me up offlist if you need any more info.  And yes, it was
my code that was vulnerable, but in my defence it was 12 year old code, and
the vulnerability was only just discovered now 8)

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] .au whois server is missing, assumed Borg'ed.

[Rob Thomas]

You'd think they would have done something like 'Hey. This has
changed. Use this server instead' rather than just deleting the DNS
record.

Now I have to go open bug tickets with a bunch of distros to get their
whois updated. 8-\

--Rob

On Fri, 11 Oct 2019 at 15:40, David Keegel  wrote:
>
> Yes, like James said, whois.auda.org.au is the right answer.
>
> Although I would use
> $ whois -h whois.auda.org.au news.com.au
> or
> $ jwhois news.com.au
> rather than
> $ telnet whois.auda.org.au 43
>
> Whois.audns.net.au was grandfathered for over 12 months, but
> auDA decided enough time has passed now since they changed
> to using whois.auda.org.au when Afilias took over in 2018.
>
> On Fri, Oct 11, 2019 at 04:15:33AM +, James Deck wrote:
> >Hi all,
> >
> >
> >https://www.iana.org/domains/root/db/au.html
> >
> >
> >You can (should) use whois.auda.org.au:
> >
> >
> >$ telnet whois.auda.org.au 43
> >
> >Trying 199.15.83.22...
> >
> >Connected to whois.auda.ltd.
> >
> >Escape character is '^]'.
> >
> >news.com.au
> >
> >Domain Name: NEWS.COM.AU
> >
> >Registry Domain ID: D40740001615931-AU
> >
> >Registrar WHOIS Server: whois.auda.org.au
> >
> >Registrar URL: https://www.cscdigitalbrand.services
> >
> >Last Modified: 2019-02-26T01:12:18Z
> >
> >Registrar Name: Corporation Service Company (Aust) Pty Ltd
> >
> >Registrar Abuse Contact Email: domainab...@cscglobal.com
> >
> >Registrar Abuse Contact Phone: +1.8887802723
> >
> >Reseller Name:
> >
> >Status: clientDeleteProhibited
> >https://afilias.com.au/get-au/whois-status-codes#clientDeleteProhibited
> >
> >Status: serverDeleteProhibited
> >https://afilias.com.au/get-au/whois-status-codes#serverDeleteProhibited
> >
> >Status: serverRenewProhibited
> >https://afilias.com.au/get-au/whois-status-codes#serverRenewProhibited
> >
> >Status: serverUpdateProhibited
> >https://afilias.com.au/get-au/whois-status-codes#serverUpdateProhibited
> >
> >Registrant Contact ID: AT2688983299772
> >
> >Registrant Contact Name: Domain Admin
> >
> >Tech Contact ID: AT1811166138471
> >
> >Tech Contact Name: News Limited  Domain Manager
> >
> >Name Server: USC1.AKAM.NET
> >
> >Name Server: USC4.AKAM.NET
> >
> >Name Server: NS1-24.AKAM.NET
> >
> >Name Server: NS1-50.AKAM.NET
> >
> >Name Server: USW1.AKAM.NET
> >
> >Name Server: ASIA1.AKAM.NET
> >
> >DNSSEC: unsigned
> >
> >Registrant: News Life Media Pty Ltd
> >
> >Registrant ID: ABN 57088923906
> >
> >Eligibility Type: Company
> >
> >
> >Also available on https://whois.auda.org.au
> >
> >
> >
> >Kind Regards,
> >James Deck
> >Director
> >Clevvi ‑ Formerly 1300 Web Pro
> >p
> >1300 932 776
> >e
> >jd...@clevvi.com.au
> >w
> >clevvi.com.au
> >a
> >Unit 22, 489 South Street, Toowoomba 4350
> >
> >Unit 14, 17 Karp Court, Bundall 4217
> >
> >Need help?
> >LOG A JOB ONLINE
> >Feed your brain
> >WATCH OUR WEBCHATS
> >Click here to leave a review on Google
> >Google My Business
> >Website Facebook Twitter Instagram Google Partners
> >
> >From:
> >AusNOG  On Behalf Of Lachlan Gilmour
> >Sent: Friday, 11 October 2019 2:06 PM
> >To: Rob Thomas 
> >Cc:  
> >Subject: Re: [AusNOG] .au whois server is missing, assumed Borg'ed.
> >
> >
> >Hey Rob,
> >
> >
> >Yeah it looks pretty borg'ed , haven't seen results like this before!
> >
> >
> >P.s; You should still be able to use the whois provided
> >here https://whois.auda.ltd/
> >
> >
> >image.png
> >
> >
> >
> >Kind regards,
> >
> >
> >Lachlan
> >
> >
> >On Fri, Oct 11, 2019 at 2:01 PM Rob Thomas 
> >wrote:
> >
> >  It looks like someone's broken audns.net.au DNS records, as
> >  everything's missing APART from MX going to outlook.com... I hate to
> >  point the finger at microsoft, but it's oh so easy...
> >  getaddrinfo(whois.audns.net.au):

[AusNOG] .au whois server is missing, assumed Borg'ed.

[Rob Thomas]

It looks like someone's broken audns.net.au DNS records, as
everything's missing APART from MX going to outlook.com... I hate to
point the finger at microsoft, but it's oh so easy...


getaddrinfo(whois.audns.net.au): Name or service not known


This site can’t be reached

whois.audns.net.au’s server IP address could not be found.

Try:

Checking the connection
Checking the proxy, firewall and DNS configuration
Running Windows Network Diagnostics

ERR_NAME_NOT_RESOLVED
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Software Defined Routers

[Rob Thomas]

Well, that's kinda the point of actually doing performance tests! 8)

If you didn't read the article, using 4 cores of a 7 year old CPU can
route 12gbit of traffic at 13% cpu (or 17gbit on a 4 year old CPU), I
think the actual data speaks for itself.

Unfortunately, after 20gbit, it gets hard to GENERATE that amount of
traffic. When 100gbit connections are more common, it'll probably be
easier.

--Rob

--Rob


On Sat, 5 Oct 2019 at 09:52, Robert Hudson  wrote:
>
> Because the amount of CPU available on virtualised platforms is more than 
> sufficient for most people's needs? Because the numerous advantages of 
> virtualisation far outweigh the (perceived) performance penalties? Because 
> sometimes you don't actually have a choice?
>
> Like any good tool, virtualisation isn't for every workload in every 
> environment - but where it does make sense, why not take advantage of the 
> benefits?
>
> On Fri, 4 Oct. 2019, 7:20 pm Noel Butler,  wrote:
>>
>> if performance matters (and it does very much so), why would you be using 
>> _anything_ virtualised at all...
>>
>>
>> On 03/10/2019 23:19, Guy Ellis wrote:
>>
>> Has anyone bothered to evaluate TNSR which I will think replace pfsense 
>> where performance really matters?
>>
>> --
>>
>> Kind Regards,
>>
>> Noel Butler
>>
>> This Email, including any attachments, may contain legally privileged 
>> information, therefore remains confidential and subject to copyright 
>> protected under international law. You may not disseminate, discuss, or 
>> reveal, any part, to anyone, without the authors express written authority 
>> to do so. If you are not the intended recipient, please notify the sender 
>> then delete all copies of this message including attachments, immediately. 
>> Confidentiality, copyright, and legal privilege are not waived or lost by 
>> reason of the mistaken delivery of this message. Only PDF and ODF documents 
>> accepted, please do not send proprietary formatted documents
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Software Defined Routers

[Rob Thomas]

I just spammed this all over Twatter and Derpbook, but I just noticed
a report on some Virtual Routers, and the speeds are... EXTREMELY
unexpected.

https://blog.kroy.io/2019/08/23/battle-of-the-virtual-routers

Summary:

* VyOS can route at 12Gbps at 14% CPU Load
* pfSense can route at 2Gbps

Please stop using pfSense, it is a dumpster fire, and it PERSONALLY
and ACTIVELY hates VoIP, which MAY have a slight relation with my
ongoing loathing of it 8-)

If a customer of yours is using it, please strongly encourage them to
throw it away.

Also, VyOS can be managed by Ansible, which is surprisingly cool.
https://docs.ansible.com/ansible/latest/modules/vyos_config_module.html

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Did everyone know that Atlassian are doubling their prices?

[Rob Thomas]

Sigh. I can't read column headings. They're not doubling. They're gone
up about 20%.  Please feel free to point and laugh at the idiot.

--Rob

On Mon, 30 Sep 2019 at 12:47, Rob Thomas  wrote:
>
> Slightly OT, and apologies, but I think it's relevant - TL;DR: They're
> pretty much doubling the price, or more, of almost everything.
>
> https://www.atlassian.com/licensing/future-pricing/server-pricing/faqs
>
> If your company is getting close to renewal, then RIGHT NOW would be a
> good time to run around and get approval, before you go (as an
> example) from $2,600 to $6,800 for Jira 50 users, before they switch
> over on Wednesday.
>
> --Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Did everyone know that Atlassian are doubling their prices?

[Rob Thomas]

Slightly OT, and apologies, but I think it's relevant - TL;DR: They're
pretty much doubling the price, or more, of almost everything.

https://www.atlassian.com/licensing/future-pricing/server-pricing/faqs

If your company is getting close to renewal, then RIGHT NOW would be a
good time to run around and get approval, before you go (as an
example) from $2,600 to $6,800 for Jira 50 users, before they switch
over on Wednesday.

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] WFH users on Aussie Broadband 1 way audio over VPN.

[Rob Thomas]

If someone has an out-of-band way of contacting Simon, please tell him
that his domain has expired and he should renew it 8-\

(Personally, I love Cloudflare's for this sorta stuff, as this can't
happen, but each to their own!)

--Rob

On Mon, 30 Sep 2019 at 07:38, simon thomason  wrote:
>
> Hi All,
>
> Just an update on this one, John was able to resolve these issues for us.
>
> Thanks John.
>
>
>
> On Tue, Sep 17, 2019 at 1:57 PM simon thomason  wrote:
>>
>> Hi All,
>>
>> Thanks, Aussie Broadband have been in contact along with a lot of others 
>> with helpful information.
>>
>> Cheers,
>>
>> Simon T.
>>
>> On Tue, Sep 17, 2019 at 1:04 PM simon thomason  wrote:
>>>
>>> Hi All,
>>>
>>> I was wondering if i could get in touch with someone technical from Aussie 
>>> Broadband to talk about issues we are current having with users that are 
>>> working at home?
>>>
>>> It just seems to be impacting users on Aussie broadband nbn connections at 
>>> this stage.
>>>
>>> Cheers,
>>>
>>> Simon T.
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Anyone have any ancient Bay 5000/5399's lying around?

[Rob Thomas]

I probably should take this off list, BUT, some people may not be
aware of how much better Asterisk is these days!

Asterisk USED to rely on interrupt-driven timing, which was - when you
had a real timing source - super reliable. However, when you DIDN'T
have timing, you had to fudge it, and there were a bunch of extremely
fudge-y methods used, and it was awful, and people hated it.

However, Linux now has timerfd, which is an EXTREMELY accurate timing
source, and you can tell it to wake up a select(2) call every period -
20msec in VoIPs case. This actually ends up being MORE accurate than
interrupt driven hardware (well, sort of) because you'll never (except
you can) miss a tick, and you'll never slip on audio - which breaks
fax.

With all those caveats and sort-ofs aside, I feel confident that I'll
be able to push a 56k connection from a random ATA through Kamailio,
then Freeswitch/Asterisk into a PRI and then into something that talks
56k, to then establish a PPP or SLIP connection over it and connect to
the internet!

The only potential thing is that I doubt VERY much that it'll work
over G722 - G722 is a really REALLY good codec for voice, but I'm
almost certain i'll be useless for data.

> PS. you have to much time on your hands.

Shh. People will give me more stuff to do! 8)

--Rob





On Fri, 20 Sep 2019 at 10:01, Matt Perkins  wrote:
>
> Ours all went to scrap years ago.  I wonder if I have a copy of the old
> tftp image that it loads off. Not sure I even remember the name for it.
> PS. you have to much time on your hands.
> PSS what are you going to use for an E1 as Asterisk and a zap card ?  I
> very much doubt v34 will make it through Asterisk intact  Fax barely
> does. Almost all trellis QAM modulated signals I think would fall on
> their ass your going to need something with a master clock like a real
> pabx.
>
> Matt
>
>
> On 20/9/19 9:00 am, Rob Thomas wrote:
> > I was reminiscing on derpbook, and realised that it would be a
> > RIDICULOUSLY insane idea to try to recreate a 56k dialup ISP in 2020.
> > So I'm going to do it.
> >
> > To further this plan, I'm hoping that someone has some old Bay
> > 5000/5399's lying around that they paid megabucks for and are now
> > worth less than nothing, that they want to donate to a good home.
> >
> > If one happens to be in Brisbane, that would be even better, because
> > I'm heading down there for Comicon this weekend, and I could pick it
> > up then!
> >
> > If not, maybe some old Cisco devices? Or whatever those TNT devices
> > were? Something that takes a PRI in one end and makes modem sounds at
> > it, basically.
> >
> > --Rob
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> --
> /* Matt Perkins
>  Direct 02 8916 8101Spectrum Networks Ptd. Ltd.
>  Office 1300 133 299m...@spectrum.com.au
> Level 6, 350 George Street Sydney 2000
>  Spectrum Networks is a member of the Communications Alliance & TIO
> */
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Anyone have any ancient Bay 5000/5399's lying around?

[Rob Thomas]

I was reminiscing on derpbook, and realised that it would be a
RIDICULOUSLY insane idea to try to recreate a 56k dialup ISP in 2020.
So I'm going to do it.

To further this plan, I'm hoping that someone has some old Bay
5000/5399's lying around that they paid megabucks for and are now
worth less than nothing, that they want to donate to a good home.

If one happens to be in Brisbane, that would be even better, because
I'm heading down there for Comicon this weekend, and I could pick it
up then!

If not, maybe some old Cisco devices? Or whatever those TNT devices
were? Something that takes a PRI in one end and makes modem sounds at
it, basically.

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] WFH users on Aussie Broadband 1 way audio over VPN.

[Rob Thomas]

As the resident VoIP guy, let me just say - this is not an Aussie
issue. One way Audio is *always* NAT (and the 0.01% time it's not, is
not statistically significant).

If you're running a VPN, and traffic is flowing over that VPN, then
whatever is on the other end of that VPN is getting confused with NAT.

Feel free to hit me up offlist and I'll help you debug your issues.

--Rob

On Tue, 17 Sep 2019 at 13:05, simon thomason  wrote:
>
> Hi All,
>
> I was wondering if i could get in touch with someone technical from Aussie 
> Broadband to talk about issues we are current having with users that are 
> working at home?
>
> It just seems to be impacting users on Aussie broadband nbn connections at 
> this stage.
>
> Cheers,
>
> Simon T.
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] A lot of AU NTP Servers appear to be misconfigured, and it's mildly annoying me.

[Rob Thomas]

I would like to point out that Glen Turner discovered my ... uh,
deliberate mistake.  I meant, of course, that you use the PPS driver
(22) for PPS, and the SHM driver (28) for GPS, and you don't use the
NMEA driver (20) at all, unless reasons.

I have mentioned that I owe Glen a beverage of their choice next time
we are in beverage-providing proximity.

--Rob

On Sun, 25 Aug 2019 at 18:54, Rob Thomas  wrote:
>
> I was rebuilding my local network over the weekend, and as part of
> that I had to relocate and reconfigure my Stratum 1 NTP server. As I
> was fine turning it, I discovered a significant number of Au NTP
> servers are misconfigured, and I thought I'd post a few quick tips
> here, for anyone providing a timing source, and using a GPS signal as
> Stratum 0.
>
> 1. If you're not using PPS triggers, PLEASE DON'T MARK YOURSELF AS A
> STRATUM 1 SERVER! Put this in your /etc/ntpd.conf:
>
> server 127.127.28.0 minpoll 4 maxpoll 4 stratum 2
> fudge 127.127.28.0 time1 0.135 refid GPS
>
> (Obviously adjusting your time1 amount to match whatever the delay of
> your GPS chip is)
>
> 2. If you ARE using PPS triggers, make sure that is flagged 'prefer'.
> This means that when you run `ntpq -n -p` you will have a * by 28.2
> .PPS.
>
> 3. You MUST be using the SHM driver (127.127._28_.x), not the NMEA
> driver (127.127._22_.x) for anything even slightly accurate.
>
> 4. If you're doing this on a Pi, please feel free to message me
> offlist and I will happily spend some time with you setting up a
> complete working config to make your own Stratum 1 server.   To get
> your started, here's what I'm uising as my /etc/ntp.conf on my stratum
> 1 server:  https://pastebin.com/7c6P0aYv
>
> I'll also be doing some BoF's on Timekeeping at Linux.conf.au next
> year, if anyone wants to nerd away about excessively accurate time
> keeping for ensuring your logs are correct, and displayed in the
> correct order.
>
> --Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] A lot of AU NTP Servers appear to be misconfigured, and it's mildly annoying me.

[Rob Thomas]

I was rebuilding my local network over the weekend, and as part of
that I had to relocate and reconfigure my Stratum 1 NTP server. As I
was fine turning it, I discovered a significant number of Au NTP
servers are misconfigured, and I thought I'd post a few quick tips
here, for anyone providing a timing source, and using a GPS signal as
Stratum 0.

1. If you're not using PPS triggers, PLEASE DON'T MARK YOURSELF AS A
STRATUM 1 SERVER! Put this in your /etc/ntpd.conf:

server 127.127.28.0 minpoll 4 maxpoll 4 stratum 2
fudge 127.127.28.0 time1 0.135 refid GPS

(Obviously adjusting your time1 amount to match whatever the delay of
your GPS chip is)

2. If you ARE using PPS triggers, make sure that is flagged 'prefer'.
This means that when you run `ntpq -n -p` you will have a * by 28.2
.PPS.

3. You MUST be using the SHM driver (127.127._28_.x), not the NMEA
driver (127.127._22_.x) for anything even slightly accurate.

4. If you're doing this on a Pi, please feel free to message me
offlist and I will happily spend some time with you setting up a
complete working config to make your own Stratum 1 server.   To get
your started, here's what I'm uising as my /etc/ntp.conf on my stratum
1 server:  https://pastebin.com/7c6P0aYv

I'll also be doing some BoF's on Timekeeping at Linux.conf.au next
year, if anyone wants to nerd away about excessively accurate time
keeping for ensuring your logs are correct, and displayed in the
correct order.

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Odd dramas with NeuStar (AS19907) traffic via Mega

[Rob Thomas]

I haven't gone as far as actually opening a TICKET yet (let's not do
things officially, what a crazy idea), but I'm wondering if anyone
else has had reports of traffic loss to NeuStar hosted networks.

This started happening about the middle of last week, apparently, and
it was only escalated to me yesterday. The appearance is that traffic
that is routed to them via Mega vanishes into a black hole - I don't
even get a response from their router.

This causes the symptoms of the school service 'Blackboard' not
working, and the online game 'Albion Online' reporting 'unable to
connect to server' - I was able to do some debugging on the game, and
Albion is trying to connect to 185.218.131.120 (it has an open TCP
listener on port 135), which, yes, is advertised by 19907.

To work around the problem, we're filtering anything announced from
19907 via Mega, and sending traffic out a different link. We're still
RECEIVING traffic from them via Mega, so they know we exist.

Is this just me, or has anyone else seen this and we need to be
digging up the NeuStar people?

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] IPND scripts

[Rob Thomas]

Oh, I forgot to say there's a doctrine library for storing the data,
too, at https://github.com/xrobau/ipnd-db - but that's not documented
AT ALL. Feel free to pay me loads of money for consulting if you want
8)


On Thu, 2 May 2019 at 21:02, Rob Thomas  wrote:
>
> https://github.com/xrobau/ipnd
>
>
>
> On Thu., 2 May 2019, 8:47 pm Narelle Clark,  wrote:
>>
>> Hi all
>> I'm reviewing the approach to IPND for someone - does anyone have any
>> good scripts or approaches they would like to share?
>>
>> I'm a bit hesitant to reinvent the wheel, but I'm starting to dust off
>> the scripting skills...
>>
>> TIA
>>
>>
>> --
>>
>>
>> Narelle
>> narel...@gmail.com
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] IPND scripts

[Rob Thomas]

https://github.com/xrobau/ipnd



On Thu., 2 May 2019, 8:47 pm Narelle Clark,  wrote:

> Hi all
> I'm reviewing the approach to IPND for someone - does anyone have any
> good scripts or approaches they would like to share?
>
> I'm a bit hesitant to reinvent the wheel, but I'm starting to dust off
> the scripting skills...
>
> TIA
>
>
> --
>
>
> Narelle
> narel...@gmail.com
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Looking for recommended cheap australian sip trunk providers

[Rob Thomas]

Not wanting to blow my own trumpet here, but I did create FreePBX
(open source Asterisk PBX), and I do happen to do hosted PBX's on
https://freepbxhosting.com.au which includes calls.

If you want to help out an Open Source developer and let me buy REAL
Pepsi instead of this LA Ice stuff, you can click that button! 8-)

--Rob

On Fri, 26 Apr 2019 at 12:00, Chris Wallis  wrote:
>
> Hi there I am looking for a cheap australian sip trunk provider for a
> small voip pbax in my home? Are there any providers that do home/small
> business sip trunks?
>
> Any leads would be gratefully received.
>
> Chris Wallis
> E: chris.wal...@c-tek.org
> Melbourne - Australia
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

[Rob Thomas]

For those with popcorn, here's the running update (and, after typing
all this, I realise it may not be of interest to everyone on the list
- but it's a REALLY GOOD EXAMPLE of what not to do, so if you're
involved in security at YOUR org, please take notes.  Specifically -
ALWAYS HAVE A 'security@' email address that gets read by AT LEAST
THREE PEOPLE who can go 'wait, hang on, that's ACTUALLY a really big
issue). If you're not interested, please feel free to skip over it.
But it's entertaining from a nerd perspective  -
https://twitter.com/xrobau/status/780395954003969


* It seems like my original summary was pretty much spot on.
* The original thread has exploded - Linky:
https://forum.mikrotik.com/viewtopic.php?f=2=147048
* 'Normis' appears to be being the public face for MikroTik in this,
and has been chatting with Maznu (OP) and I on twitter.
* ANNOUNCEMENT BY MIKROTIK: This is fixed in 6.45b22!
   Maznu: No it's not. https://twitter.com/maznu/status/910399182626816
* Mikrotik: We only heard about this last week!
   Maznu: No. Here's screenshots of my emails to you, a year ago,
where you say it's not to be kept secret.
https://twitter.com/maznu/status/1112442619244802048
* MikroTik: IRRESPONSIBLE DISCLOSURE! You should have given us more warning!
   Me: WTF, is 360 days NOT ENOUGH?
* Also Me: Guys, c'mon. You messed up. Everyone does it. Use it as a
learning experience on how to NOT handle security issues!

Since the titles of the CVEs have been mentioned a few time (Yes, the
title alone is enough to figure out the problems), the vulnerabilities
have been confirmed or re-implemented by other third parties.

CVE-2018-19298 = NDP exhaustion
CVE-2018-19299 = IPv6 routing exhaustion

https://forum.mikrotik.com/viewtopic.php?f=2=147048=100#p724283

* MikroTik: OK, we can fix 19298 by limiting new IPv6 connection to
2.5 per second -
https://forum.mikrotik.com/viewtopic.php?f=2=147048=50#p724018
   The world: Um. This is not 1995. We have web browsers that
establish 6 concurrent connections

(To quote Michael Wheeler, our resident Ham and entertaining presenter
at LCA2019 - "ipv6 / ndp exhaustion still happening in 2019. ffs." -
https://twitter.com/theskorm/status/791284585324544)

On the UPSIDE, There has been some interest directed at my favourite
open source router, VyOS (based on Vyatta, which was purchased and
borg'ed by Brocade), and some discussions have been had about getting
XDP and/or DPDK into it.  People seem to be leaning towards XDP,
because it allows things to be scripted by BPF, and is almost as fast
as DPDK anyway, without all the downsides of having to faff around
with moving things in and out of userspace.

(For those that haven't heard of them, they're super-optimized ways of
moving network traffic around inside/outside of the Linux/BSD Kernel -
letting standard machines run 20+ Million PPS routing/switching, with
all the advantages of commodity hardware - feel free to chat to me off
list, or on twitter where I can tag people who know more about it and
pretend I'm an expert!)

I won't do any more summaries, unless something amazing happens (eg,
MikroTik tableflip and open sources everything like they should have
10 years ago). Thanks to Cameron for the original heads up. This has
been great fun.

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

[Rob Thomas]

Quick summary of the problem:

* From the description it appears to be a kernel-level issue - when a
MikroTik device receives a magic IPv6 packet, it will panic.
* MikroTik have known about it for almost a year, and have not fixed it.
* It is not fixed in the latest 6.44.1 image
* The discoverer has been trying to practice responsible disclosure, but
has given up

Further things:
* MikroTik HAVE acknowledged it in a new thread a couple of hours ago
  https://forum.mikrotik.com/viewtopic.php?f=2=147048#p723696
* Twitter thread from the guy who discovered it:
  https://twitter.com/maznu/status/1110910688623513601
* There's a comment 'The fix is in v7' - theres a long running joke that v7
will never emerge (it probably never will, they've lost most of their
senior engineers, and refuse to open source their code to leverage their
developers in the community)

I guess the good thing for me is that Nexium still can't provide us IPv6 so
we're kinda safe up here 8)

--Rob


On Fri, 29 Mar 2019 at 09:25, Cameron Murray 
wrote:

> Guys,
>
> This has just popped up on the Mikrotik forums that I am sure many on the
> list need to be aware of.
>
> If you run Mikrotik in your network and have IPv6 on a Public facing
> interface please check the following link:
> https://forum.mikrotik.com/viewtopic.php?t=147076
>
> Cheers
>
> Cameron
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] NBN Service and Phone system required

[Rob Thomas]

I've recently got FreePBX Hosting up and running -
https://freepbxhosting.com.au. But getting a NBN connection turned on
within 4 days is going to be an epic challenge, and I wish you the best 8)



On Tue, 26 Mar 2019 at 09:26, noc  wrote:

> Hi All
>
>
>
> Seeking a provider who can offer an NBN FTTP service and a hosted PBX for
> 4x phones at a reasonable cost
>
>
>
> Feel free to reach out to me off list to keep the noise down, reason I ask
> here is I need it running by the weekend
>
>
>
> Thank you
>
>
>
> Mick
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Gladstone

[Rob Thomas]

I'm actually IN Gladstone, so things are fine 8)

On Thu., 7 Mar. 2019, 7:38 pm ,  wrote:

> Bradley,
>
> If you get stuck, let me know. I have guys in Gladstone who might be able
> to assist.
>
> - Simon
>
> > On 7 Mar 2019, at 17:49, Bradley Amm  wrote:
> >
> > Hey Guys
> >
> > Does anyone have remote hands in Gladstone
> >
> > Need someone who can connect to a router (think cheap home router) and
> setup a NAT rule so I can remotely connect to a printer via Web or SNMP
> > We have no staff their so they cant do it.
> >
> > --
> > Bradley Amm
> > 0420 501 801
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Fixed wireless fun and games with SIP

[Rob Thomas]

> wrong handset rings and can't take inbound calls.

Welcome to SIP Natpocolypse.

This - specifically the wrong handset ringing - is caused because the
router you are using is forgetting which phone is mapped to which
port.

The super simple easy way to fix this is to give every phone a unique
SIP port - for example, if you have extensions 300, 301 and 302, go
into the phone configuration interface and set their LOCAL SIP PORT to
be '5300' or 5301, or 5302, etc.

That is normally enough to make your router NOT fiddle with SIP
traffic and try to remap it.

If you have any further dramas, feel free to contact me off list (I'm
the guy that wrote FreePBX 8-))

--Rob

On Fri, 1 Mar 2019 at 12:15, Narelle Clark  wrote:
>
>
> Hi all
> Wondering if anyone has seen this before: customer has home office, SIP phone 
> on dsl and all works fine.
>
> Relocates to another home connected via NBN fixed wireless and shares with 
> another user but wrong handset rings and can't take inbound calls. No 
> apparent issues with video downloads. Makes outbound calls fine.
>
> Looks like NAT getting its ports crossed?
>
> Ideas anyone?
>
>
> Cheers
>
>
> Narelle
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] NTP Best Current Practices Internet Draft

[Rob Thomas]

I am perfectly happy to sell anyone who wants one a Rasperry Pi in a
big heavy metal box.  I'll stick 'SUPER ACCURATE NTP SERVER' on the
front, and you just need to plug it in. I think AUD$1000 ex GST sounds
acceptable.  Please form an orderly queue to the left.  For an EXTRA
$800, I'll stick a GPS Time source in there, and it can be a Stratum 1
time server, rather than Stratum 2.

(Yes, this is humour. If someone REALLY wants to do this, please
contact me off-list, and I'll happily step you through it - you're
looking at less than AUD$100 in hardware to create a Stratum 2 NTP
server)


On Sat, 2 Feb 2019 at 11:54, Mark Smith  wrote:
>
> On Sat, 2 Feb 2019 at 12:35, Michael Junek  wrote:
> >
> > Thats correct. Windows only has a SNTP client implemented, and not an NTP 
> > client. As such, it can only query a single NTP server, and does not have 
> > the algorithms to determine the accuracy of the time sources.
> >
> >
>
> If that's the case, I'd buy/find a 3rd party NTP client for my Windows
> boxes. (Don't have any so don't have this problem.)
>
>
>
> >
> >
> > 
> > From: AusNOG  on behalf of O'Connor, 
> > Daniel 
> > Sent: Saturday, 2 February 2019 12:31
> > To: Mark Smith
> > Cc: 
> > Subject: Re: [AusNOG] NTP Best Current Practices Internet Draft
> >
> > > On 2 Feb 2019, at 11:48, Mark Smith  wrote:
> > > The problem that occurred with 0.au.pool.ntp.org proving bad time
> > > wouldn't have had an effect if the Windows domain controller had at
> > > least 2 other NTP time sources.
> >
> > The behaviour of OPs system implies that a PDC does not use more than one 
> > clock source.
> >
> > If that is true (I have no idea, but googling suggests it may be so) then 
> > you are going to end up relying on a single time server. In that case you 
> > are probably better firing up a tiny Linux VM running only ntpd (or chrony 
> > etc etc) which is configured for multiple pool servers and then point your 
> > DCs at that.
> >
> > It does seem pretty ridiculous than Windows server can't behave more 
> > sensibly though..
> >
> > --
> > Daniel O'Connor
> > "The nice thing about standards is that there
> > are so many of them to choose from."
> >  -- Andrew Tanenbaum
> >
> >
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] [patchmanagement] ntp server issues today... strange one... clutching at straws but just in case

[Rob Thomas]

As someone who runs a few Stratum 1 and 2 servers, pool.ntp.org checks my
servers every 15 minutes or so, and if they're more than 50ms out, they're
de-prioritized, until they're removed. It's all completely automatic.

Example: https://www.ntppool.org/scores/203.4.240.10

I think this is more an issue on your end, honestly.

--Rob


On Fri, 1 Feb 2019 at 12:17, Roy Adams  wrote:

> Single PDC site... Hit the PDC every 30 mins or so - forward, back,
> forward, back etc
> then of course started changing time on all domain members shortly after -
> each time.
> Problem is it was not instant for all members and the AD-integrated
> Synology NAS
> Backups broke, complaints from 20 users randomly every 30 mins until
> isolated.
>
> Cluster 3.au.pool.ntp.org has been fine since 3.39pm Brisbane time
> yesterday.
> I'll just ignore the 0. for now and wait for someone @ ntp.org to spot it
> I think
>
> Could just be specific to win2008r2Sp1 - who knows.
> AU Admins, you have been warned :)
> Enuf of my time wasted on it
>
> Thanks for all the comments and PM's
> I have actually picked up a lot of tips from you all - many thanks
>
>
> Kindly,
>
> ROY ADAMS* | *P 07 3040 5010  | Web: http://www.racs.com.au/ | Wiki:
> https://ex.racs.com.au:444/ | eMail: mailto:r...@racs.com.au
> 
> Please never upgrade to the latest Windows 10 - You don’t need the hassle,
> and I don’t need the work.
> If you think it's expensive to hire a professional to do the job, wait
> until you hire an amateur - Red Adair.
> Life is a journey through a series of adventures.. Live them, love them,
> hate them, but never give up on your dreams, desires, and goals.
>
>
>
> On Fri, 1 Feb 2019 at 00:54, Joseph Daly 
> wrote:
>
>> One small thing and this is probably just the wording of the email.
>>
>>
>>
>>
>>
>> *I always use the below config for domain controllers:*
>>
>> *sc config W32Time start= auto & net start W32Time*
>>
>> *w32tm /config /manualpeerlist:"0.au.pool.ntp.org
>> 
>> 2.au.pool.ntp.org
>> 
>> 3.au.pool.ntp.org
>> "
>> /syncfromflags:manual /reliable:yes /update & w32tm /resync /nowait*
>>
>>
>>
>> All DCs or just your PDC emulator? Usually the other DCs sync from the
>> PDC emulator.
>>
>>
>>
>>
>>
>> *From:* Roy Adams 
>> *Sent:* Thursday, January 31, 2019 1:33 AM
>> *To:* Patch Management Mailing List <
>> patchmanagem...@listserv.patchmanagement.org>
>> *Subject:* Re:[patchmanagement] [AusNOG] ntp server issues today...
>> strange one... clutching at straws but just in case
>>
>>
>>
>> Thanks for the PM's offering ideas
>>
>> I am tempted to set it back to 0. to debug the offending ntp pool IP, but
>> it was breaking all the backups among other things due to AD sync being
>> more than 5 mins out.
>>
>>
>>
>> I always use the below config for domain controllers:
>>
>> sc config W32Time start= auto & net start W32Time
>>
>> w32tm /config /manualpeerlist:"0.au.pool.ntp.org
>> 
>> 2.au.pool.ntp.org
>> 
>> 3.au.pool.ntp.org
>> "
>> /syncfromflags:manual /reliable:yes /update & w32tm /resync /nowait
>>
>>
>>
>> One of the replies noted that linux sanity checks by getting ntp time
>> from 4 servers - I wish MS were that smart.
>>
>> Clearly MS are not using all the configured servers, I suspect they are
>> purely for failover like a DNS client.
>>
>>
>>
>> I have just changed this site to:
>>
>> w32tm /config /manualpeerlist:"3.au.pool.ntp.org
>> 

Re: [AusNOG] Telstra outage this morning

[Rob Thomas]

After discussing this internally, I went to check if my (Telstra NBN)
SIP DOT trunk survived - that was down too, between 6:02am and 6:22am
(there's a bit of latency on checks, so it may have been spot-on 6am).

Russell, if you were unaware, you may want to poke someone about that,
too, as (as far as I know) the DOT stuff is meant to be the premium
super-resilient service.

However - honestly - thank you (eg, Telstra) for doing this at pretty
much the best time.  Not a weekend, not at 3am, early enough that it's
not going to affect TOO many people if it goes sideways, but still at
a good time that the early risers will be up and notice it straight
away 8)

This is a pleasant change from 3am things not being noticed for 4
hours and on-call people having to be woken up!

--Rob

On Thu, 15 Nov 2018 at 07:58, Russell Langton  wrote:
>
> Hi All,
> The incorrect routes have been corrected a couple of moment ago.
> Please make contact if not restored.
> We are investigating the root cause.
>
> On Thu, Nov 15, 2018 at 8:56 AM Mark Duffell  wrote:
>>
>> Hi Ben,
>>
>> Will contact you/others off-list but this is being investigated Telstra side 
>> currently.
>>
>> Regards,
>>
>> Mark
>>
>> Sent from my iPhone
>>
>> > On 15 Nov 2018, at 08:19, Ben Cooper  wrote:
>> >
>> > Morning Folks,
>> >
>> > Anyone else seeing issues with Telstra grabbing prefixes and miss routing 
>> > them this morning?
>> >
>> > Cheers
>> >
>> > Ben
>> > ___
>> > AusNOG mailing list
>> > AusNOG@lists.ausnog.net
>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Telstra outage this morning

[Rob Thomas]

> BGPmon says ours was hijacked at 20:19 UTC or 7:19am AEDT.

There appears to have been TWO events this morning.  One at around
6am-ish (non-DST, so 7:19am DST looks correct), and another brief one
at about 7:10am (+1 DST) for 4 minute - the second MAY be unrelated,
but SOME peers in Mega BNE were routing back to me incorrectly (but
not all of them - 1.1.1.1 was responding correctly, but other peers
weren't).

Purely anecdotal, but if someone else saw it, you have confirmation
that it wasn't just you.

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Any one with excellent experience in 3CJ Phone System?

[Rob Thomas]

I'm assuming you mean 3CX. It has generally good reviews, but I would
recommend FreePBX, but that is because I wrote it 8)

There's a pile of people who offer commercial support for it.

--Rob

On Fri., 9 Nov. 2018, 3:34 pm Rahul Chawla  Hello Lovely people,
>
> Happy Friday !
>
> - Is there any one on the list who has excellent tech experience in 3CJ
> Phone system?
> - If so, can you kindly contact me off list ! and
> - Hope someone on this list got lucky with the races yesterday :-)
>
>
>
> *Kind Regards,*
>
>
> Rahul Chawla
>
> Tele: 02 6100 2135,
>
> Email: ra...@technowand.com.au
> 
> www.technowand.com.au 
> *490 NorthBourne Ave, Dickson , ACT-2
> 602*
>
>
>
>- au.linkedin.com/pub/rahul-chawla/3b/802/786/
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] BGP VM - SA, QLD & WA

[Rob Thomas]

This was asked just a month ago -
http://lists.ausnog.net/pipermail/ausnog/2018-September/041627.html

--Rob


On Sun, 14 Oct 2018 at 23:05, Daniel Watson  wrote:

> Hi Guys,
>
> Apologies about the noise at this hour.
>
> I am seeking your assistance in finding a company in which I can host a
> reasonably priced VM in SA, WA and QLD, with BGP  Preferably VYOS,
>
> Ive already tried the likes of Vultr ect
>
> Any assistance would be greatly appreciated.
>
> Cheers
>
> D
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] supermicro stocks dive

[Rob Thomas]

As it appears that my rebuttal is not going to be deleted in /r/security,
can I suggest we take this discussion there, rather than yet more noise
here?

https://www.reddit.com/r/security/comments/9ljcny/the_bloomberg_article_about_supermicro_is_bogus/

I will address your points there!


On Fri, 5 Oct 2018 at 15:22, Paul Wilkins  wrote:

> 1 - Denials by Apple & Amazon are qualified
> 2 - Bloomberg are a reputable news agency
> 3 - They quote multiple sources
> 4 - They quote 30 approx companies affected
> 5 - This is a feasible vector, which means it's a risk
>
> Kind regards
>
> Paul Wilkins
>
>
> On Fri, 5 Oct 2018 at 15:05, Matthew Moyle-Croft  wrote:
>
>> Fairly robust rebuttal from the usually very silent Amazon.
>>
>>
>> https://aws.amazon.com/blogs/security/setting-the-record-straight-on-bloomberg-businessweeks-erroneous-article/
>>
>> MMC
>>
>> On Fri, Oct 5, 2018 at 2:18 PM Rob Thomas  wrote:
>>
>>> Odd. I've messaged the mods, I had a bit.ly link in it, which may have
>>> triggered the spamfilter.
>>>
>>> I've pastebin'ed the text here -- https://pastebin.com/mVpqNa38
>>>
>>> --Rob
>>>
>>>
>>> On Fri, 5 Oct 2018 at 14:43, Bill Woodcock  wrote:
>>>
>>>>
>>>>
>>>> > On Oct 4, 2018, at 9:39 PM, Rob Thomas  wrote:
>>>> >
>>>> > I posed to /r/netsec if anyone cares to take the discussion there
>>>>
>>>> Posted seven minutes ago, and already removed?
>>>>
>>>> -Bill
>>>>
>>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] supermicro stocks dive

[Rob Thomas]

Odd. I've messaged the mods, I had a bit.ly link in it, which may have
triggered the spamfilter.

I've pastebin'ed the text here -- https://pastebin.com/mVpqNa38

--Rob


On Fri, 5 Oct 2018 at 14:43, Bill Woodcock  wrote:

>
>
> > On Oct 4, 2018, at 9:39 PM, Rob Thomas  wrote:
> >
> > I posed to /r/netsec if anyone cares to take the discussion there
>
> Posted seven minutes ago, and already removed?
>
> -Bill
>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] supermicro stocks dive

[Rob Thomas]

I posed to /r/netsec if anyone cares to take the discussion there, and
expanded on my original post a bit. I'm even more certain that this is
fabricated, the more I think about it.

https://www.reddit.com/r/netsec/comments/9lj7mx/the_bloomberg_article_about_supermicro_is_bogus/
?

--Rob


On Fri, 5 Oct 2018 at 10:00, Noel Butler  wrote:

> given when this broke a couple days ago
>
>
> https://www.securityweek.com/china-used-tiny-chips-us-computers-steal-secrets-report
>
> overnight nasdaq supermicro stocks  down 41%
> seems cant trust much coming out of China these days. though, you cant
> trust anything coming out of the USA either.
>
>
> --
>
> Kind Regards,
>
> Noel Butler
> This Email, including any attachments, may contain legally privileged
> information, therefore remains confidential and subject to copyright
> protected under international law. You may not disseminate, discuss, or
> reveal, any part, to anyone, without the authors express written authority
> to do so. If you are not the intended recipient, please notify the sender
> then delete all copies of this message including attachments, immediately.
> Confidentiality, copyright, and legal privilege are not waived or lost by
> reason of the mistaken delivery of this message. Only PDF
>  and ODF
>  documents accepted, please do
> not send proprietary formatted documents
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] supermicro stocks dive

[Rob Thomas]

I've been doing some research on my own, to see if ANYTHING corroborates
this, and I'm coming up empty handed. (This is the bonus of being
unemployed!)

Let's go through a few assertions in the original article.

1. It was an extremely small chip ('grain of rice'), disguised as a signal
coupler (which has, at most, 4 pins)
2. It was able to alter the OS running on the machine
3. It was tied into the BMC
4. It was able to connect to things, AND receive connections from things.

Unfortunately, those things just don't add up. The smallest standalone
computer that I can find is from IBM - https://bit.ly/2GLm0K6 - which is
1mm^2.

That does not include any external communications pins (apparently), as
it's all self contained.

You can't just wave a magic wand and say 'It was connected to the BMC, so
it could do all these things'. Especially if it only had 4 pins - 2 of
which would be power, and the other two would be 'rxd' and 'txd' - But what
does it connect to? How does it recieve connections? Does it tap into the
BMC and make it do stuff? This just doesn't add up.

So I don't know WHY Bloomberg is pushing this, especially with extremely
vocal and explicit denials from all the parties involved.  I'm calling this
'fake news' and my first hypothesis was that it's something do with with
the US Government being annoyed at China, but I try to avoid conspiracy
theories, and I think we'll probably find out it was 4chan trolling some
bloomberg reporter, for the lulz.

--Rob


On Fri, 5 Oct 2018 at 10:00, Noel Butler  wrote:

> given when this broke a couple days ago
>
>
> https://www.securityweek.com/china-used-tiny-chips-us-computers-steal-secrets-report
>
> overnight nasdaq supermicro stocks  down 41%
> seems cant trust much coming out of China these days. though, you cant
> trust anything coming out of the USA either.
>
>
> --
>
> Kind Regards,
>
> Noel Butler
> This Email, including any attachments, may contain legally privileged
> information, therefore remains confidential and subject to copyright
> protected under international law. You may not disseminate, discuss, or
> reveal, any part, to anyone, without the authors express written authority
> to do so. If you are not the intended recipient, please notify the sender
> then delete all copies of this message including attachments, immediately.
> Confidentiality, copyright, and legal privilege are not waived or lost by
> reason of the mistaken delivery of this message. Only PDF
>  and ODF
>  documents accepted, please do
> not send proprietary formatted documents
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] (Slightly OT) NBN FTTN - is this a record?

[Rob Thomas]

I did a stupidly basic amount of Googling and it turns out I was
running some odd firmware (I literally hadn't even CHECKED, thanks to
Michael C who encouraged me to engage my brain briefly) that was out
of date. With the 'NBN Recommended' firmware of VA_A_39t_B_35j_24m.bin
I get a bit higher:

Attainable Rate:147209 kbits/s   52133 kbits/s

https://pastebin.freepbx.org/view/a16d0374  for the complete stats.

Interestingly enough, I also discovered that the VDSL Controller on
these Ciscos is actually an embedded linux box!


* VDSL Chipset Console Log (size - 24808 bytes)*

Linux version 2.6.21.5 (chagopal@xdsl-lnx-003) (gcc version 4.2.3) #5
Thu Mar 31 03:53:14 PDT 2016

Full log at https://pastebin.freepbx.org/view/72fad64e for anyone
who's interested.

--Rob

On Thu, 16 Aug 2018 at 15:22, Justin Twiss  wrote:
>
> These guys must be 19 meters then :)
>
> Attainable Rate:138907 kbits/s   49867 kbits/s
>
> Slightly faster on the downstream but you've got 4Mbps on the upstream.
>
>
>
>
> On Thu, Aug 16, 2018 at 12:11 PM Michael J. Carmody  
> wrote:
>>
>> For Comparison ~200m of copper gets you:
>>
>> https://pastebin.freepbx.org/view/01d00095
>>
>> -M
>>
>> -Original Message-----
>> From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Rob Thomas
>> Sent: Thursday, 16 August 2018 12:52 PM
>> To: ausnog@lists.ausnog.net
>> Subject: [AusNOG] (Slightly OT) NBN FTTN - is this a record?
>>
>> https://pastebin.freepbx.org/view/c383aa55
>>
>> Attainable Rate:138550 kbits/s   54190 kbits/s
>>
>> I am probably 20 meters of cable, if that, from the node 8)
>>
>> --Rob
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> --
>
> -JT
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] (Slightly OT) NBN FTTN - is this a record?

[Rob Thomas]

https://pastebin.freepbx.org/view/c383aa55

Attainable Rate:138550 kbits/s   54190 kbits/s

I am probably 20 meters of cable, if that, from the node 8)

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Dutton decryption bill

[Rob Thomas]

I hate to be the ones COMPLIMENTING the Gumbyment, but it's nowhere
near as bad as I thought they were going to make it. It looks like
they've actually spoken to some people who udnerstand crypto.

The important bits seem to be on Pages 8 and 9 here -
https://www.homeaffairs.gov.au/consultations/Documents/explanatory-document.pdf
- where they explain what they can do.

The only SLIGHTLY worrying bit is the second last part on Page 9 -
They can compel people into "Modifying or substituting a target
service", which seems worryingly vague.

I haven't read through all of it, and - of course - the devil will be
in the details.  But, it's not bad, all things considered.

--Rob

On Tue, 14 Aug 2018 at 12:40, I  wrote:
>
> https://www.homeaffairs.gov.au/about/consultations/assistance-and-access-bill-2018
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Old DSLAMs for sale?

[Rob Thomas]

Anyone happen to have any old DSLAM's lying around?  ADSL1 is fine, I just
need something that I can plug Ethernet (or fibre or whatever) into one
end, and wave some magic wand to get data to an ADSL device on the other
end.

This will not be connected to the PSTN, and is purely for a testing
environment.

24 port ones are ~$200 on ebay, but they're going to be a month away 8-\

--Rob (QLD)
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik routers in HA environments

[Rob Thomas]

>
>
> Can a pair of Mikrotik routers be configured for a **reliable** HA
> scenario ?
>
>
>

Yep, using VRRP, they work really well. You don't even need any 'tricky'
bits - for example, if you bind your BGP to the floating IP address, it
won't start the BGP session until the IP address is present.

One small warning: If you use VRRP (which puts the interface into
promiscuous mode), *and* you're using VMware to run them on, *AND* you're
using VDS for your switch configuration, you will get duplicate ICMP
responses when you ping the routers.

This is vaguely handwaved away by vmware in
https://kb.vmware.com/s/article/2144849 as 'expected', and it IS only ICMP,
normal TCP and UDP packets seem fine, and it's only to IP addresses that
terminate AT the router, not for traffic through it.

So, the quick runthrough is create a VRRP interface, bind it to a physical
(or vlan), assign a bogus IP address to each physical interface - I
habitually use rfc6598 address space of 100.64.0.0/10 - and then assign
(the same!) floating IP Address to the VRRP interface on both nodes.

There are VRRP triggers you can run (there's a 'scripts' value) so you can
do a webhook or something if the link changes.

I also recommend the CCR's - theyre' a great piece of hardware.

--Rob
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog