Re: Topic: Inter-AS BGP Local Preference Matrix

[Christopher Morrow]

On Fri, Oct 29, 2010 at 7:16 PM, Matthew Petach  wrote:
>> 5. All vendors should make an effort to standardize the values/value ranges 
>> offered with other vendors.
>> 6. All vendors should offer a local preference matrix to their customers, 
>> listing the changes made to a specific AS (e.g. another vendor) to aid the 
>> customer in making an intelligent routing decision for load balancing and 
>> traffic engineering in a multivendor BGP environment.
>>
>> It's obviously something that each of us would need to do individually, but 
>> I'm wondering if there is any way this could become a de facto standard, or 
>> could be a method that the community at large could enforce somehow.
>>
>
> I'm not sure what incentive there would be for the providers to
> coordinate like this;
> it would mean quite a bit more work for them, with no appreciable gain
> in revenue
> for it.

not to mention the sloshing of traffic to get to a standard... weee!

Re: BGP support on ASA5585-X

[Jeffrey Lyon]

Juniper Netscreen does, in case the OP is looking for alternatives.

Best regards, Jeff


On Sat, Oct 30, 2010 at 8:57 AM,   wrote:
> None of the ASA's support BGP. I didn't think so but I went ahead and did the 
> research for you:
> http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/glossary.html#wp1027964
>
> he security appliance does not support BGP.
>
> -Kevin
>
> -Original Message-
> From: "David DiGiacomo" 
> Sent: Friday, October 29, 2010 1:45pm
> To: "srg" , "nanog@nanog.org" 
> Subject: RE: BGP support on ASA5585-X
>
> I would seriously doubt it. Think of it from Cisco's point of view; If the 
> ASA ran BGP, you wouldn't need to buy a router.
>
> 
>
> Dave Joel DiGiacomo "dav...@corp.nac.net"
> Network Engineer / Peering Coordinator
> Net Access Corp
> Network Operations Center
> 973-590-5050
>
> -Original Message-
> From: srg [mailto:srgqwe...@gmail.com]
> Sent: Friday, October 29, 2010 1:43 PM
> To: nanog@nanog.org
> Subject: BGP support on ASA5585-X
>
> Hi:
>
> At this moment we know that ASA5585-X does not support BGP.
>
> Does anybody know if BGP support in the ASA5585-X is in roadmap?
> More precisely... MP-BGP support in the ASA5585-X?
> Any "oficial" link in the Cisco website about this? (I did't find it)
>
> Thanks a lot and best regards
>
>
>
>
>
>
>



-- 
Jeffrey Lyon, Leadership Team
jeffrey.l...@blacklotus.net | http://www.blacklotus.net
Black Lotus Communications - AS32421
First and Leading in DDoS Protection Solutions

Re: IPv6 rDNS

[Will Orton]

We developed a web/mysql-based front-end that our noc uses for all DNS 
ops, so the NOC never touches zone files directly. So it was easy to 
just add a feature that provides additional syntax for ipv6 PTRs...

So for example in zone 
0.0.0.0.d.c.b.a.8.B.D.0.1.0.0.2.ip6.arpa

we can enter
:::0003   PTR  foo.com.

and it will reverse the nibbles/remove the ":"s and put in the "."s
and get generated into a zone file as needed:
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.c.b.a.8.B.D.0.1.0.0.2.ip6.arpa PTR 
foo.com.
(of course you can enter x.x.x.x... syntax too)

Having a front-end also lets you do all sorts of other sanity-checking 
with instant feedback to avoid choking up BIND, depending on the skill 
level of your target "DNS admin".

-Will

On Fri, Oct 29, 2010 at 06:06:32PM -0700, Jeroen van Aart wrote:
> Date: Fri, 29 Oct 2010 18:06:32 -0700
> From: Jeroen van Aart 
> To: NANOG list 
> Subject: IPv6 rDNS
> 
> I battled for a few hours getting IPv6 rDNS to work. The following tool 
> proved to be quite helpful:
> http://www.fpsn.net/?pg=tools&tool=ipv6-inaddr
> 
> Just in case anyone else would run into similar problems. It's not as 
> straightforward as IPv4 rDNS.
> 
> Greetings,
> Jeroen
> 
> -- 
> http://goldmark.org/jeff/stupid-disclaimers/
> http://linuxmafia.com/~rick/faq/plural-of-virus.html

Re: Weird Nexus AD

[Colby Glass]

  system:version 4.2(2a)

I've read that am = adjacency module or adjacency manager. The words mean
less to me than why I seem to be learning this route from a phantom
module/manager/interface with no visible explanation.

I can try on c-nsp as well. Thought NANOG might be a better choice.

Colby

On Sat, Oct 30, 2010 at 12:04 AM, christian koch  wrote:

> in x/y, x= preference, y= metric
>
> am= adjacency module, *= best unicast route
>
> a better place to have asked this would be c-nsp
>
> hth
>
> -ck
>
>
> On Fri, Oct 29, 2010 at 7:21 PM, Colby Glass wrote:
>
>> We're seeing an AD of 2 on some routes on our Nexus 7k. I can't find
>> anything (Google) to indicate where this value is coming from. Also unable
>> to find out what "am" mean (adjacency module?). Does anyone have an
>> explanation for this one?
>>
>> *  via 192.168.21.49, Vlan13, [2/0], 00:44:52, am*
>>
>> Thanks
>>
>> --
>> Colby Glass
>> Network Engineer
>> http://blog.alwaysthenetwork.com
>>
>
>


-- 
Colby Glass
Network Engineer
http://blog.alwaysthenetwork.com

RE: BGP support on ASA5585-X

[khatfield]

None of the ASA's support BGP. I didn't think so but I went ahead and did the 
research for you:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/glossary.html#wp1027964

he security appliance does not support BGP.

-Kevin

-Original Message-
From: "David DiGiacomo" 
Sent: Friday, October 29, 2010 1:45pm
To: "srg" , "nanog@nanog.org" 
Subject: RE: BGP support on ASA5585-X

I would seriously doubt it. Think of it from Cisco's point of view; If the ASA 
ran BGP, you wouldn't need to buy a router.



Dave Joel DiGiacomo "dav...@corp.nac.net"
Network Engineer / Peering Coordinator
Net Access Corp
Network Operations Center
973-590-5050

-Original Message-
From: srg [mailto:srgqwe...@gmail.com] 
Sent: Friday, October 29, 2010 1:43 PM
To: nanog@nanog.org
Subject: BGP support on ASA5585-X

Hi:

At this moment we know that ASA5585-X does not support BGP.

Does anybody know if BGP support in the ASA5585-X is in roadmap?
More precisely... MP-BGP support in the ASA5585-X?
Any "oficial" link in the Cisco website about this? (I did't find it)

Thanks a lot and best regards

Re: Weird Nexus AD

[christian koch]

in x/y, x= preference, y= metric

am= adjacency module, *= best unicast route

a better place to have asked this would be c-nsp

hth

-ck

On Fri, Oct 29, 2010 at 7:21 PM, Colby Glass wrote:

> We're seeing an AD of 2 on some routes on our Nexus 7k. I can't find
> anything (Google) to indicate where this value is coming from. Also unable
> to find out what "am" mean (adjacency module?). Does anyone have an
> explanation for this one?
>
> *  via 192.168.21.49, Vlan13, [2/0], 00:44:52, am*
>
> Thanks
>
> --
> Colby Glass
> Network Engineer
> http://blog.alwaysthenetwork.com
>

RE: IPv6 rDNS

[George Bonser]

> 
> But Randy, everyone has a web browser installed. Not everyone has
perl,
> python,
> cc, or such installed.
> 
> :-)

apt-get install ipv6calc

ipv6calc -q --out revnibbles.arpa 2001::1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.2.ip6.arpa
.


:-)

Re: IPv6 rDNS

[Randy Bush]

> But Randy, everyone has a web browser installed. Not everyone has
> perl, python, cc, or such installed.

and i thought this was an operators' list.  silly me.

randy, who did see the smiley

Re: IPv6 rDNS

[Adrian Chadd]

On Sat, Oct 30, 2010, Randy Bush wrote:
> > http://www.fpsn.net/?pg=tools&tool=ipv6-inaddr
> 
> windows mentality, wrap it all in a complex gui that also washes your
> car.
> 
> use simple hack that just takes an ipv6 address and makes the bleeping
> reversed dotted to death lhs of the ptr record.  
> 
> rmac.psg.com:/Users/randy> host 2001:418:1::61
> Host 1.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.4.0.1.0.0.2.ip6.arpa 
> not found: 3(NXDOMAIN)
> 

But Randy, everyone has a web browser installed. Not everyone has perl, python,
cc, or such installed.

:-)


Adrian

(I wonder if FreeBSD-1.0's complete, non-X install footprint (sub-40meg) was 
smaller
than an install of Firefox. :-)

Re: IPv6 rDNS

[Randy Bush]

> http://www.fpsn.net/?pg=tools&tool=ipv6-inaddr

windows mentality, wrap it all in a complex gui that also washes your
car.

use simple hack that just takes an ipv6 address and makes the bleeping
reversed dotted to death lhs of the ptr record.  

rmac.psg.com:/Users/randy> host 2001:418:1::61
Host 1.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.4.0.1.0.0.2.ip6.arpa 
not found: 3(NXDOMAIN)

randy

Weird Nexus AD

[Colby Glass]

We're seeing an AD of 2 on some routes on our Nexus 7k. I can't find
anything (Google) to indicate where this value is coming from. Also unable
to find out what "am" mean (adjacency module?). Does anyone have an
explanation for this one?

*  via 192.168.21.49, Vlan13, [2/0], 00:44:52, am*

Thanks

-- 
Colby Glass
Network Engineer
http://blog.alwaysthenetwork.com

Re: IPv6 rDNS

[Mark Andrews]

In message <4ccb6f98.6090...@mompl.net>, Jeroen van Aart writes:
> I battled for a few hours getting IPv6 rDNS to work. The following tool 
> proved to be quite helpful:
> http://www.fpsn.net/?pg=tools&tool=ipv6-inaddr
> 
> Just in case anyone else would run into similar problems. It's not as 
> straightforward as IPv4 rDNS.

How so?  It's just longer owner names.  There are enough tools that will
covert IPv6 addresses to the corresponding reverse name.  You most probably
already have the tools on your machines.
 
dig, nslookup, arpaname

And if you are running Mac OS or Windows they will add the PTR records for
themselves.  I just wish all the other OS's did that so I don't have to do
them by hand.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: IPv6 rDNS

[Gary E. Miller]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yo Jeroen!

On Fri, 29 Oct 2010, Jeroen van Aart wrote:

> I battled for a few hours getting IPv6 rDNS to work.

See also sipcalc.

# sipcalc -r 2001:470:b:4a:230:48ff:fe35:d1bc
- -[ipv6 : 2001:470:b:4a:230:48ff:fe35:d1bc] - 0

[IPV6 DNS]
Reverse DNS (ip6.arpa)  -
c.b.1.d.5.3.e.f.f.f.8.4.0.3.2.0.a.4.0.0.b.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa.


RGDS
GARY
- ---
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
g...@rellim.com  Tel:+1(541)382-8588

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFMy3LeBmnRqz71OvMRAoaxAJ9XrEpV8+QLwJDenMwn4oCTmu6D9gCgpeEb
nszaFE+jTA1rn4ZgTDFCanQ=
=NNMg
-END PGP SIGNATURE-

Re: IPv6 rDNS

[Franck Martin]

Yes, you need to be able to spell Hex backward ;)

- Original Message -
From: "Jeroen van Aart" 
To: "NANOG list" 
Sent: Saturday, 30 October, 2010 2:06:32 PM
Subject: IPv6 rDNS

I battled for a few hours getting IPv6 rDNS to work. The following tool 
proved to be quite helpful:
http://www.fpsn.net/?pg=tools&tool=ipv6-inaddr

Just in case anyone else would run into similar problems. It's not as 
straightforward as IPv4 rDNS.

IPv6 rDNS

[Jeroen van Aart]

I battled for a few hours getting IPv6 rDNS to work. The following tool 
proved to be quite helpful:

http://www.fpsn.net/?pg=tools&tool=ipv6-inaddr

Just in case anyone else would run into similar problems. It's not as 
straightforward as IPv4 rDNS.


Greetings,
Jeroen

--
http://goldmark.org/jeff/stupid-disclaimers/
http://linuxmafia.com/~rick/faq/plural-of-virus.html

Re: Topic: Inter-AS BGP Local Preference Matrix

[Matthew Petach]

On Fri, Oct 29, 2010 at 9:55 AM, Rettke, Brian
 wrote:
> My company is building a national backbone network, leveraging leased lines 
> and dark fiber from Tier 1/2/3 providers. What we've found is that when we 
> buy IP in the major markets, our traffic does not flow deterministically with 
> AS-Path as the metric. This is because most of the major providers give their 
> customers one local preference value, and their peers another, in an effort 
> to ensure SLAs are met by keeping customer traffic on-net for as long as 
> possible. There are varying values assigned, and some vendors don't offer 
> community values to neutralize this effect.
>

I think you mean "provider" rather than "vendor"; by and large, all
hardware vendors provide
some knob to allow for changing localpreference values across the full
range of allowable values.

Providers, on the other hand, only allow customers to request a change
of local preference
values, and then only among a very small set of values, usually
ranging from "above normal
customer localpref", "default customer localpref", and "below customer
localpref".  If you're
really lucky, they might allow you to set "peer localpref" and "below
peer localpref".

> I'm wondering if anyone has dealt with this in the past, or if it would be 
> possible to have some sort of agreement on local preference manipulation. 
> Something similar to the below:
>
> 1. All vendors must offer at least 5 community values for local preference. 
> This is to allow for customer-based multivendor traffic engineering.
> 2. All vendors must offer a local preference community value greater than 
> their best default metric.
> 3. All vendors must offer a local preference community value lesser than 
> their worst default metric.
> 4. All vendors should offer a range of community values both above and below 
> local preference 100.

Not everybody uses 100 as their default value, so that requirement
could be at odds with the
rest of the requirements.  I'd recommend dropping that from your list,
to make the barrier to
adoption lower.

> 5. All vendors should make an effort to standardize the values/value ranges 
> offered with other vendors.
> 6. All vendors should offer a local preference matrix to their customers, 
> listing the changes made to a specific AS (e.g. another vendor) to aid the 
> customer in making an intelligent routing decision for load balancing and 
> traffic engineering in a multivendor BGP environment.
>
> It's obviously something that each of us would need to do individually, but 
> I'm wondering if there is any way this could become a de facto standard, or 
> could be a method that the community at large could enforce somehow.
>

I'm not sure what incentive there would be for the providers to
coordinate like this;
it would mean quite a bit more work for them, with no appreciable gain
in revenue
for it.

Matt

> Sincerely,
>
> Brian A . Rettke
> RHCT, CCDP, CCNP, CCIP
> Network Engineer, CableONE Internet Services

The Cidr Report

[cidr-report]

This report has been generated at Fri Oct 29 21:11:34 2010 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.

Check http://www.cidr-report.org for a current version of this report.

Recent Table History
Date  PrefixesCIDR Agg
22-10-10335372  199107
23-10-10335626  199437
24-10-10335464  200676
25-10-10335999  201471
26-10-10336020  202330
27-10-10336420  203303
28-10-10336698  204259
29-10-10336648  204467


AS Summary
 35744  Number of ASes in routing system
 15278  Number of ASes announcing only one prefix
  4497  Largest number of prefixes announced by an AS
AS4323 : TWTC - tw telecom holdings, inc.
  101039104  Largest address span announced by an AS (/32s)
AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street


Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as 
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').

 --- 29Oct10 ---
ASnumNetsNow NetsAggr  NetGain   % Gain   Description

Table 336912   204485   13242739.3%   All ASes

AS6389  3760  331 342991.2%   BELLSOUTH-NET-BLK -
   BellSouth.net Inc.
AS4323  4497 1591 290664.6%   TWTC - tw telecom holdings,
   inc.
AS19262 1775  293 148283.5%   VZGNI-TRANSIT - Verizon Online
   LLC
AS4766  1727  551 117668.1%   KIXS-AS-KR Korea Telecom
AS22773 1226   76 115093.8%   ASN-CXA-ALL-CCI-22773-RDC -
   Cox Communications Inc.
AS17488 1364  270 109480.2%   HATHWAY-NET-AP Hathway IP Over
   Cable Internet
AS4755  1377  402  97570.8%   TATACOMM-AS TATA
   Communications formerly VSNL
   is Leading ISP
AS24560 1053  193  86081.7%   AIRTELBROADBAND-AS-AP Bharti
   Airtel Ltd., Telemedia
   Services
AS18101  893  132  76185.2%   RELIANCE-COMMUNICATIONS-IN
   Reliance Communications
   Ltd.DAKC MUMBAI
AS10620 1330  591  73955.6%   Telmex Colombia S.A.
AS1785  1795 1060  73540.9%   AS-PAETEC-NET - PaeTec
   Communications, Inc.
AS28573 1190  460  73061.3%   NET Servicos de Comunicao S.A.
AS8452  1112  427  68561.6%   TE-AS TE-AS
AS33363 1420  745  67547.5%   BHN-TAMPA - BRIGHT HOUSE
   NETWORKS, LLC
AS6478  1398  732  66647.6%   ATT-INTERNET3 - AT&T Services,
   Inc.
AS8151  1337  690  64748.4%   Uninet S.A. de C.V.
AS4808   920  274  64670.2%   CHINA169-BJ CNCGROUP IP
   network China169 Beijing
   Province Network
AS7545  1437  818  61943.1%   TPG-INTERNET-AP TPG Internet
   Pty Ltd
AS5668   875  260  61570.3%   AS-5668 - CenturyTel Internet
   Holdings, Inc.
AS18566 1064  465  59956.3%   COVAD - Covad Communications
   Co.
AS7303   830  239  59171.2%   Telecom Argentina S.A.
AS17676  638   66  57289.7%   GIGAINFRA Softbank BB Corp.
AS3356  1175  633  54246.1%   LEVEL3 Level 3 Communications
AS22047  564   34  53094.0%   VTR BANDA ANCHA S.A.
AS7552   651  140  51178.5%   VIETEL-AS-AP Vietel
   Corporation
AS4804   580   75  50587.1%   MPX-AS Microplex PTY LTD
AS9443   574   78  49686.4%   INTERNETPRIMUS-AS-AP Primus
   Telecommunications
AS4780   712  220  49269.1%   SEEDNET Digital United Inc.
AS6503   794  306  48861.5%   Axtel, S.A.B. de C.V.
AS14420  559   98  46182.5%   CORPORACION NACIONAL DE
   TELECOMUNICACIONES - CNT EP

Total  38627122502637768.3%   Top 30 total


Possible Bogus Routes

 

BGP Update Report

[cidr-report]

BGP Update Report
Interval: 21-Oct-10 -to- 28-Oct-10 (7 days)
Observation Point: BGP Peering with AS131072

TOP 20 Unstable Origin AS
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS479540639  2.7% 145.7 -- INDOSATM2-ID INDOSATM2  ASN
 2 - AS580028981  1.9% 140.7 -- DNIC-ASBLK-05800-06055 - DoD 
Network Information Center
 3 - AS947626184  1.8%   13092.0 -- INTRAPOWER-AS-AP IntraPower 
Pty. Ltd.
 4 - AS23700   23256  1.6%  51.9 -- BM-AS-ID PT. Broadband 
Multimedia, Tbk
 5 - AS32528   19752  1.3%2469.0 -- ABBOTT Abbot Labs
 6 - AS35931   14608  1.0%2434.7 -- ARCHIPELAGO - ARCHIPELAGO 
HOLDINGS INC
 7 - AS24560   12028  0.8%  12.4 -- AIRTELBROADBAND-AS-AP Bharti 
Airtel Ltd., Telemedia Services
 8 - AS8151 9464  0.6%   7.4 -- Uninet S.A. de C.V.
 9 - AS4755 8816  0.6%   6.8 -- TATACOMM-AS TATA Communications 
formerly VSNL is Leading ISP
10 - AS144208514  0.6%  15.5 -- CORPORACION NACIONAL DE 
TELECOMUNICACIONES - CNT EP
11 - AS3816 8204  0.6%  16.7 -- COLOMBIA TELECOMUNICACIONES 
S.A. ESP
12 - AS181117442  0.5% 232.6 -- NETSPEED-AS-AP Netspeed 
Internet Communications
13 - AS9829 7328  0.5%  11.1 -- BSNL-NIB National Internet 
Backbone
14 - AS7552 7188  0.5%  10.8 -- VIETEL-AS-AP Vietel Corporation
15 - AS308906953  0.5%  18.5 -- EVOLVA Evolva Telecom s.r.l.
16 - AS237566945  0.5% 204.3 -- PADINET-AS-ID PADINET - Padi 
Internet
17 - AS3586 6704  0.5% 558.7 -- UWI ASN-UWI
18 - AS6316 6577  0.4%  49.5 -- AS-PAETEC-NET - PaeTec 
Communications, Inc.
19 - AS285716156  0.4% 143.2 -- Universidade de Sao Paulo - USP
20 - AS179745888  0.4%   4.7 -- TELKOMNET-AS2-AP PT 
Telekomunikasi Indonesia


TOP 20 Unstable Origin AS (Updates per announced prefix)
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS947626184  1.8%   13092.0 -- INTRAPOWER-AS-AP IntraPower 
Pty. Ltd.
 2 - AS32528   19752  1.3%2469.0 -- ABBOTT Abbot Labs
 3 - AS35931   14608  1.0%2434.7 -- ARCHIPELAGO - ARCHIPELAGO 
HOLDINGS INC
 4 - AS159842236  0.1%2236.0 -- The Joint-Stock Commercial Bank 
CentroCredit.
 5 - AS499751059  0.1%1059.0 -- FOTON-AS OOO FOTON
 6 - AS227534170  0.3%1042.5 -- REDHAT-STUTTGART REDHAT 
Stuttgart
 7 - AS277711883  0.1% 941.5 -- Instituto Venezolano de 
Investigaciones Cientificas
 8 - AS49600 626  0.0% 626.0 -- LASEDA La Seda de Barcelona, S.A
 9 - AS3586 6704  0.5% 558.7 -- UWI ASN-UWI
10 - AS210175486  0.4% 548.6 -- VSI-AS VSI AS
11 - AS459471094  0.1% 547.0 -- SECUREPAY-AS-AP SecurePay Pty 
Ltd. Payment Gateway
12 - AS116522646  0.2% 529.2 -- TFCL-2 - TERRA FIRMA 
COMMUNICATIONS, LLC
13 - AS281931501  0.1% 500.3 -- 
14 - AS55311 466  0.0% 466.0 -- LIENVIETBANK-AS-VN LienViet 
Joint Stock Commercial Bank
15 - AS17904 867  0.1% 433.5 -- SLTASUL-LK Sri Lankan Airlines
16 - AS38825 410  0.0% 410.0 -- BELLPOTTER-AP Bell Potter 
Securities
17 - AS181121027  0.1% 342.3 -- KSNET-ID-AS-AP PT. Sejuta 
Jaring Global
18 - AS310551361  0.1% 340.2 -- CONSULTIX-AS Consultix GmbH
19 - AS39224 340  0.0% 340.0 -- NIC-AS NEMAR INFO CONSTRUCT SRL
20 - AS46047 301  0.0% 301.0 -- POLSRI-AS-ID Politeknik Negeri 
Sriwijaya


TOP 20 Unstable Prefixes
Rank Prefix Upds % Origin AS -- AS Name
 1 - 203.1.14.0/24 14674  0.9%   AS9476  -- INTRAPOWER-AS-AP IntraPower 
Pty. Ltd.
 2 - 203.1.13.0/24 11510  0.7%   AS9476  -- INTRAPOWER-AS-AP IntraPower 
Pty. Ltd.
 3 - 130.36.35.0/24 9867  0.6%   AS32528 -- ABBOTT Abbot Labs
 4 - 130.36.34.0/24 9864  0.6%   AS32528 -- ABBOTT Abbot Labs
 5 - 63.211.68.0/22 8401  0.5%   AS35931 -- ARCHIPELAGO - ARCHIPELAGO 
HOLDINGS INC
 6 - 216.126.136.0/22   6336  0.4%   AS6316  -- AS-PAETEC-NET - PaeTec 
Communications, Inc.
 7 - 198.140.43.0/246182  0.4%   AS35931 -- ARCHIPELAGO - ARCHIPELAGO 
HOLDINGS INC
 8 - 190.65.228.0/225232  0.3%   AS3816  -- COLOMBIA TELECOMUNICACIONES 
S.A. ESP
 9 - 66.187.234.0/244161  0.3%   AS22753 -- REDHAT-STUTTGART REDHAT 
Stuttgart
10 - 95.32.128.0/18 3558  0.2%   AS21017 -- VSI-AS VSI AS
11 - 201.134.18.0/243318  0.2%   AS8151  -- Uninet S.A. de C.V.
12 - 206.184.16.0/243273  0.2%   AS174   -- COGENT Cogent/PSI
13 - 189.85.51.0/24 2339  0.1%   AS28175 -- 
14 - 129.66.128.0/172311  0.1%   AS3464  -- ASC-NET - Alabama Supercomputer 
Network
15 - 129.66.0.0/17  2305  0.1%   AS3464  -- ASC-NET - Alabama Supercomputer 
Network
16 - 202.92.235.0/242270  0.1%   AS9498  -- BBIL-AP BHARTI Airtel Lt

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG,
CaribNOG and the RIPE Routing Working Group.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 30 Oct, 2010

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  334884
Prefixes after maximum aggregation:  153059
Deaggregation factor:  2.19
Unique aggregates announced to Internet: 164990
Total ASes present in the Internet Routing Table: 35132
Prefixes per ASN:  9.53
Origin-only ASes present in the Internet Routing Table:   30301
Origin ASes announcing only one prefix:   14792
Transit ASes present in the Internet Routing Table:4831
Transit-only ASes present in the Internet Routing Table:116
Average AS path length visible in the Internet Routing Table:   4.3
Max AS path length visible:  30
Max AS path prepend of ASN (41664)   21
Prefixes from unregistered ASNs in the Routing Table:   299
Unregistered ASNs in the Routing Table: 126
Number of 32-bit ASNs allocated by the RIRs:855
Prefixes from 32-bit ASNs in the Routing Table:   4
Special use prefixes present in the Routing Table:0
Prefixes being announced from unallocated address space:190
Number of addresses announced to Internet:   2326677152
Equivalent to 138 /8s, 174 /16s and 70 /24s
Percentage of available address space announced:   62.8
Percentage of allocated address space announced:   66.4
Percentage of available address space allocated:   94.6
Percentage of address space in use by end-sites:   85.7
Total number of prefixes smaller than registry allocations:  137440

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:82239
Total APNIC prefixes after maximum aggregation:   28016
APNIC Deaggregation factor:2.94
Prefixes being announced from the APNIC address blocks:   79141
Unique aggregates announced from the APNIC address blocks:34694
APNIC Region origin ASes present in the Internet Routing Table:4221
APNIC Prefixes per ASN:   18.75
APNIC Region origin ASes announcing only one prefix:   1175
APNIC Region transit ASes present in the Internet Routing Table:674
Average APNIC Region AS path length visible:4.4
Max APNIC Region AS path length visible: 19
Number of APNIC addresses announced to Internet:  560662560
Equivalent to 33 /8s, 107 /16s and 8 /24s
Percentage of available APNIC address space announced: 76.0

APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079
   55296-56319, 131072-132095
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  42/8,  43/8,  49/8,
58/8,  59/8,  60/8,  61/8, 101/8, 110/8, 111/8,
   112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8,
   119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8,
   126/8, 133/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:137395
Total ARIN prefixes after maximum aggregation:71132
ARIN Deaggregation factor: 1.93
Prefixes being announced from the ARIN address blocks:   108801
Unique aggregates announced from the ARIN address blocks: 43651
ARIN Region origin ASes present in the Internet Routing Table:14008
ARIN Prefixes per ASN: 7.77
ARIN Region origin ASes announcing only one prefix:5372
ARIN Region transit ASes present in the Internet Routing Table:1485
Average ARIN Region AS path length visible: 4.0
Max ARIN Region AS path length visible:

Re: Bandwidth into Haiti

[Reynold Guerrier]

The fiber has been repaired by NATCOM that took over Teleco operations in
Haiti, but with very limited traffic flowing on. NATCOM is a Vietnamese
(Viettel) company that had acquired 60% of the incumbent telecommunications
company in Haiti.


Reynold



On Thu, Oct 28, 2010 at 1:16 PM, Marshall Eubanks wrote:

> Can anyone update me on the status of fiber bandwidth into Haiti ?
> Has the landing station been repaired yet after last years earthquake ?
>
> Regards
> Marshall Eubanks
>
>


-- 
===
Reynold Guerrier
Business Developer
Haiti Technology Group
 509-3446-0099
IM: rey...@hotmail.com
Skype: reygji

RE: BGP support on ASA5585-X

[Greg Whynott]

probably going out on a limb here,  but i suspect you'll never see BGP support 
in any of Cisco's firewall products.  In routers which have FW bits included,  
yes,  but not in an ASA product.

perhaps the marketing thinking is 'if you can afford an asa 558x, you can 
afford one of our fine router products too.'

-g




From: srg [srgqwe...@gmail.com]
Sent: Friday, October 29, 2010 1:42 PM
To: nanog@nanog.org
Subject: BGP support on ASA5585-X

Hi:

At this moment we know that ASA5585-X does not support BGP.

Does anybody know if BGP support in the ASA5585-X is in roadmap?
More precisely... MP-BGP support in the ASA5585-X?
Any "oficial" link in the Cisco website about this? (I did't find it)

Thanks a lot and best regards



--

This message and any attachments may contain confidential and/or privileged 
information for the sole use of the intended recipient. Any review or 
distribution by anyone other than the person for whom it was originally 
intended is strictly prohibited. If you have received this message in error, 
please contact the sender and delete all copies. Opinions, conclusions or other 
information contained in this message may not be that of the organization.

Wildblue to the WCP

[Greg Schwimer]

Would someone at Wildblue please contact me off list.

Thanks!
Greg Schwimer
GoDaddy.com

RE: BGP support on ASA5585-X

[David DiGiacomo]

I would seriously doubt it. Think of it from Cisco's point of view; If the ASA 
ran BGP, you wouldn't need to buy a router.



Dave Joel DiGiacomo "dav...@corp.nac.net"
Network Engineer / Peering Coordinator
Net Access Corp
Network Operations Center
973-590-5050

-Original Message-
From: srg [mailto:srgqwe...@gmail.com] 
Sent: Friday, October 29, 2010 1:43 PM
To: nanog@nanog.org
Subject: BGP support on ASA5585-X

Hi:

At this moment we know that ASA5585-X does not support BGP.

Does anybody know if BGP support in the ASA5585-X is in roadmap?
More precisely... MP-BGP support in the ASA5585-X?
Any "oficial" link in the Cisco website about this? (I did't find it)

Thanks a lot and best regards

BGP support on ASA5585-X

[srg]

Hi:

At this moment we know that ASA5585-X does not support BGP.

Does anybody know if BGP support in the ASA5585-X is in roadmap?
More precisely... MP-BGP support in the ASA5585-X?
Any "oficial" link in the Cisco website about this? (I did't find it)

Thanks a lot and best regards

Topic: Inter-AS BGP Local Preference Matrix

[Rettke, Brian]

My company is building a national backbone network, leveraging leased lines and 
dark fiber from Tier 1/2/3 providers. What we've found is that when we buy IP 
in the major markets, our traffic does not flow deterministically with AS-Path 
as the metric. This is because most of the major providers give their customers 
one local preference value, and their peers another, in an effort to ensure 
SLAs are met by keeping customer traffic on-net for as long as possible. There 
are varying values assigned, and some vendors don't offer community values to 
neutralize this effect.

I'm wondering if anyone has dealt with this in the past, or if it would be 
possible to have some sort of agreement on local preference manipulation. 
Something similar to the below:

1. All vendors must offer at least 5 community values for local preference. 
This is to allow for customer-based multivendor traffic engineering.
2. All vendors must offer a local preference community value greater than their 
best default metric.
3. All vendors must offer a local preference community value lesser than their 
worst default metric.
4. All vendors should offer a range of community values both above and below 
local preference 100.
5. All vendors should make an effort to standardize the values/value ranges 
offered with other vendors.
6. All vendors should offer a local preference matrix to their customers, 
listing the changes made to a specific AS (e.g. another vendor) to aid the 
customer in making an intelligent routing decision for load balancing and 
traffic engineering in a multivendor BGP environment.

It's obviously something that each of us would need to do individually, but I'm 
wondering if there is any way this could become a de facto standard, or could 
be a method that the community at large could enforce somehow.

Sincerely,

Brian A . Rettke
RHCT, CCDP, CCNP, CCIP
Network Engineer, CableONE Internet Services

Root Zone DNSSEC KSK Ceremony 3

[Joe Abley]

KSK CEREMONY 3

The third KSK ceremony for the root zone will take place in Culpeper,
VA, USA on Monday 2010-11-01. The ceremony is scheduled to begin
at 1300 local time (1700 UTC) and is expected to end by 1900 local
time (2300 UTC).

Video from Ceremony 3 will be recorded for audit purposes.  Video
and associated audit materials will be published 1 to 2 weeks after
the ceremony, and will be available as usual by following the "KSK
Ceremony Materials" link at .

ICANN will operate a separate camera whose video will not be retained
for audit purposes, but which will instead be streamed live in order
to provide remote observers an opportunity to watch the ceremony.
The live stream will be provided on a best-effort basis. The live
video stream will be available at .

Ceremony 3 will include processing of a Key Signing Request (KSR)
generated by VeriSign, and the resulting Signed Key Response (SKR)
will contain signatures for Q1 2011, for use in the root zone between
2011-01-01 and 2011-02-28.


CONTACT INFORMATION
 
We'd like to hear from you. If you have feedback for us, please
send it to roots...@icann.org.

.com/.net DNSSEC operational message

[Matt Larson]

Over the next several months, VeriSign will deploy DNSSEC in the .net
and .com zones.  This message contains operational information related
to the deployment that might be of interest to the Internet
operational community.

The .net DNSSEC deployment consists of the following major milestones:

September 25, 2010: The .net registry system was upgraded to allow
ICANN-accredited registrars to submit DS records for domains under
.net.  These DS records will not be published in the .net zone until
the .net zone is actually signed.  Each registrar will implement
support for DNSSEC on its own schedule, and some registrars might be
accepting DS records for .net domains now.

October 29, 2010: A deliberately unvalidatable .net zone will be
published.  Following the successful use of this technique with the
root DNSSEC deployment, VeriSign will publish a signed .net zone with
the key material deliberately obscured so that it cannot be used for
validation.  Any DS records for .net domains that have been submitted
by registrars will be published in the deliberately unvalidatable
zone.

December 9, 2010: The .net key material will be unobscured and the
.net zone will be usable for DNSSEC validation.  DS records for .net
will appear in the root zone shortly thereafter.


The .com DNSSEC deployment will occur in the first quarter of 2011 and
will consist of the following major milestones:

February, 2011: The .com registry system will be upgraded to allow
ICANN-accredited registrars to submit DS records for domains under
.com.  These DS records will not be published in the .com zone until
the .com zone is actually signed.

March, 2011: A deliberately unvalidatable .com zone will be published.
Any DS records for .com that have been submitted by registrars will be
published in the deliberately unvalidatable zone.

March, 2011: The .com key material will be unobscured and the .com
zone will be usable for DNSSEC validation.  DS records for .com will
appear in the root zone shortly thereafter.


If you have any questions or comments, please send email to
i...@verisign-grs.com or reply to this message.