Re: Found: Who is responsible for no more IP addresses

[Ben McGinnes]

On 28/01/11 7:03 AM, Jay Ashworth wrote:
> Let me clarify:
> 
> The original question was (so far as I could see): "Was Fox making up the
> quote where Vint took the blame for IPv4 exhaustion?"
> 
> The answer, of course, was "no, they didn't; lots of people have the quote".

If you want to see and hear footage of him repeating this and
explaining, his keynote address to Linux Conf Australia is here:

http://linuxconfau.blip.tv/file/4683393/


Regards,
Ben



signature.asc
Description: OpenPGP digital signature

Re: Need provider suggestions - BGP transit over GRE tunnel

[Robert Johnson]

My network spans a multicity geographic area using microwave radio
links. The point of the GRE tunnel is to allow me to establish a BGP
session to another AS using a consumer grade Internet connection
(cheap) over the public Internet. I don't want to build out additional
microwave paths to a new datacenter to become multihomed.

On Fri, Jan 28, 2011 at 5:36 PM, C. Jon Larsen  wrote:
>
> I have read your email a few times and i dont see how this makes sense.
>
> Why do you need a public AS and PI space? Your gre tunnel wont need it or be
> able to use it. A gre tunnel is just a replacement for a physical pipe.
>
> If your datacenter based presence goes down, you will need a pipe at your
> office, or some other location speaking bgp that can annouce your block
> anyway.
>
>
>
>
> On Fri, 28 Jan 2011, Robert Johnson wrote:
>
>> My organization is planning to become multihomed in the near future.
>> Currently we have redundant (router and physical path) links to a
>> single AS where we get our transit, and speak BGP to them using a
>> private ASN. This configuration has not been meeting our reliability
>> requirements, so we will be getting our own ASN from ARIN, and moving
>> from PA to PI IP space.
>>
>> Our new provider will be used for backup purposes only. We would like
>> to minimize the monthly cost of this connection; to do this, we are
>> planning to use a VZ business FIOS connection with symmetrical
>> bandwidth to establish a GRE tunnel to a datacenter somewhere, and
>> bring up a BGP session over that tunnel. I'd like to know if there are
>> providers that offer such a service on a regular basis, and if so, if
>> anyone is doing this and has words of wisdom.
>>
>> Thanks in advance.
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by the Richweb.com MailScanner, and is
>> believed to be clean.
>>
>>
>>
>

Re: Bogons

[Jacob Broussard]

You win.  They had that address filtered way before I ever used it, silly me
for not checking first :P

What I really wanted to say on the list, though, was everyone that waits 1+
years between bogon updates can go to hell.  They wait some poor flunky (me)
has a customer yelling in my ear because "I could access that website fine
before I switched to you" *sigh*
On Jan 28, 2011 5:44 PM, "Matthew Palmer"  wrote:
> On Fri, Jan 28, 2011 at 12:35:43PM -0800, Jacob Broussard wrote:
>> Static bogons are the bane of my existence... The pain of trying to
explain
>> to someone for MONTHS that they haven't updated their reference, with
>> traceroutes to back it up, and they continue to say that it has something
to
>> do with my network.
>
> THey're right -- your network is using an address range they've chosen to
> configure their equipment not to accept... 
>
> - Matt
>

Re: Ipv6 for the content provider

[Owen DeLong]

The IPv6 geo databases actually tend to be about on par with the IPv4
ones from what I have seen so far (which is admittedly limited as I don't
really use geolocation services). However, I still think it is important for
people considering deploying something as you described to be aware
of the additional things that may break and factor that into their
decision about how and what to deploy.

Owen

On Jan 28, 2011, at 4:02 PM, Bill Stewart wrote:

> On 1/26/11, Owen DeLong  wrote:
>> And if your servers behind the LB aren't prepared for it,
>> you lose a LOT of logging data, geolocation capabilities,
>> and some other things if you go that route.
> 
> Of course, anybody expecting a current IPv4 geolocation service to
> provide accurate information over IPv6 over the next couple of years
> is wildly optimistic (with all due respect to people in that business,
> but just sayin' good luck with that...)
> 
> Maybe you'll get some consistency about which continent they're on
> based on the RIR the addresses came from, but even that's probably
> dodgy if the address belongs to Hurricane Electric or Sixxs or some
> other popular tunnel broker, and maybe you'll get some consistency on
> "is it the same /56 as last time?", and maybe some of them will start
> doing tricks like putting web bugs for
> "ipv4tracker.geolocator-example.com" and
> "ipv6tracker.geolocator-example.com" on the same web pages to try to
> start building correlation information, and if course you need your
> application that uses the information to speak IPv6 and handle 128-bit
> records and not just 32-bit.
> 
> -- 
> 
> Thanks; Bill
> 
> Note that this isn't my regular email account - It's still experimental so 
> far.
> And Google probably logs and indexes everything you send it.

Re: Connectivity status for Egypt

[Benson Schliesser]

On Jan 28, 2011, at 1:44 PM, andrew.wallace wrote:

> We should be asking the Egyptians to stagger the return of services so that 
> infrastructure isn't affected, when connectivity is deemed to be allowed to 
> come back online.
> 
> Andrew Wallace
> 
> ---
> 
> British IT Security Consultant


You should send them an email about that.

RE: Upload config to juniper

[Mark Bassett]

I use the Netconf API  and send xml config snippets like so:


 
  
   
Untrust
 
  
   auto_ip-7
   67.23.7.115/32
  
  
   demo_inbound_permit
   
   auto_ip-7
   
  
 
   
  
 


-Original Message-
From: Mark Bassett [mailto:mbass...@intelius.com] 
Sent: Friday, January 28, 2011 5:39 PM
To: Jimmy Hess; Florin Veres
Cc: nanog@nanog.org
Subject: RE: Upload config to juniper

Actually if you use the JUNOS api and the reference scripts there are
examples to do just this.



-Original Message-
From: Jimmy Hess [mailto:mysi...@gmail.com] 
Sent: Wednesday, January 26, 2011 6:31 PM
To: Florin Veres
Cc: nanog@nanog.org
Subject: Re: Upload config to juniper

On Mon, Jan 24, 2011 at 7:39 AM, Florin Veres 
wrote:
> Hey guys,
> Do any of you have any idea if it's possible to upload configuration
from a
> script (prefix-list updates in this case) to a JunOS device (MX)?
> For Cisco devices I'm doing it using rcp.

>From config mode use  a  "load merge"  command that specifies a SCP or
FTP  URL.
You'll need to setup SSH keys in advance to do so  without an
additional password for the device to download the script.

Alternatively...  SCP the file to a temporary file on the device then
"load merge" the uploaded file,  to merge config from the script.

Net::SSH::Expect from CPAN  to connect  via  ssh  from perl.

Something like
use Net::SSH::Perl;
use Net::SSH::Expect;

my $ssh = Net::SSH::Expect->new(  host =>
'myfavoritehostname.example.com',  user => 'blahblahblah', password =>
'1234',   raw_pty => 1);
$ssh->login(q[blahb...@myfavoritehostname.example.com's password]);
$output1 = $ssh->exec("configure private");
# $blah = $ssh->exec("load merge
usern...@scriptserver.example.com:/path/to/scriptfile_to_load.txt");
print scalar $ssh->exec("show | compare");
# commit

--
-JH

Re: Bogons

[Matthew Palmer]

On Fri, Jan 28, 2011 at 12:35:43PM -0800, Jacob Broussard wrote:
> Static bogons are the bane of my existence...  The pain of trying to explain
> to someone for MONTHS that they haven't updated their reference, with
> traceroutes to back it up, and they continue to say that it has something to
> do with my network.

THey're right -- your network is using an address range they've chosen to
configure their equipment not to accept... 

- Matt

RE: Upload config to juniper

[Mark Bassett]

Actually if you use the JUNOS api and the reference scripts there are
examples to do just this.



-Original Message-
From: Jimmy Hess [mailto:mysi...@gmail.com] 
Sent: Wednesday, January 26, 2011 6:31 PM
To: Florin Veres
Cc: nanog@nanog.org
Subject: Re: Upload config to juniper

On Mon, Jan 24, 2011 at 7:39 AM, Florin Veres 
wrote:
> Hey guys,
> Do any of you have any idea if it's possible to upload configuration
from a
> script (prefix-list updates in this case) to a JunOS device (MX)?
> For Cisco devices I'm doing it using rcp.

>From config mode use  a  "load merge"  command that specifies a SCP or
FTP  URL.
You'll need to setup SSH keys in advance to do so  without an
additional password for the device to download the script.

Alternatively...  SCP the file to a temporary file on the device then
"load merge" the uploaded file,  to merge config from the script.

Net::SSH::Expect from CPAN  to connect  via  ssh  from perl.

Something like
use Net::SSH::Perl;
use Net::SSH::Expect;

my $ssh = Net::SSH::Expect->new(  host =>
'myfavoritehostname.example.com',  user => 'blahblahblah', password =>
'1234',   raw_pty => 1);
$ssh->login(q[blahb...@myfavoritehostname.example.com's password]);
$output1 = $ssh->exec("configure private");
# $blah = $ssh->exec("load merge
usern...@scriptserver.example.com:/path/to/scriptfile_to_load.txt");
print scalar $ssh->exec("show | compare");
# commit

--
-JH

Re: Bogons

[Jacob Broussard]

Static bogons are the bane of my existence...  The pain of trying to explain
to someone for MONTHS that they haven't updated their reference, with
traceroutes to back it up, and they continue to say that it has something to
do with my network.
On Jan 28, 2011 12:24 PM, "John Payne"  wrote:
>
> On Jan 28, 2011, at 3:14 PM, George Bonser wrote:
>
>>
>>
>>> Now that the holidays are over and IANA v4 depletion is likely days
>>> away, perhaps its time to consider stripping your bogon lists down to
>>> the bare minimum, and as someone else said, declare bogons dead and
>>> move to martians?
>>>
>>>
>>> Just sayin'
>>>
>>
>> There are still some 7,000 prefixes in the v4 "full bogons" list. These
>> are such things as allocations to RIR's but have not yet been allocated.
>> It's updated every four hours:
>>
>>
>>
>> http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
>>
>> " The traditional bogon prefixes, plus prefixes that have been
>> allocated to RIRs but not yet assigned by those RIRs to ISPs, end-users,
>> etc. Updated every four hours."
>>
>> That is one probably best taken by BGP feed and not done manually.
>
> Yes, I was referring to static/manual bogon list. The Cymru BGP feed
rocks.
>
>

Re: DSL options in NYC for OOB access

[Bill Stewart]

On 1/24/11, Andy Ashley  wrote:
> Im looking for a little advice about DSL circuits in New York,
> specifically at 111 8th Ave.
> Going to locate a console server there for out-of-band serial management.
> The router will need connectivity for remote telnet/ssh access from the NOC.

How much bandwidth do you need?  Is a dialup modem fast enough?
Traditional phone lines often give you a much different set of
reliability issues and common-mode failures than Internet
connectivity, which is good.
I've been very happy with Pushkablue's dialup out-of-band boxes, which
give you a serial console and power supply relays.
Similarly, if wireless works in the part of the building you're in,
and if the building allows you to have equipment that transmits radio
signals (some colos don't), that's another option, again, because it's
going to have different failures than the equipment you're
controlling.

> I searched some obvious providers but dont really want to deal with a
> huge company (Verizon, Qwest, ?) if it can be avoided.

> Are there smaller/independent companies out there offering
> this sort of  thing?
> I dont know much about the US DSL market, so any hints are welcome.

If you don't know the market, then there's a whole lot of value
in dealing with the two or three dominant players for that city,
or the two dozen huge companies for the country,
as opposed to the hundreds or thousands of small players.
(Admittedly, having dealt with ZA's dominant player in a previous job,
I'd rather use anybody else also...)




-- 

 Thanks; Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.

in case of prefix withdrawal, dial-out

[Eric Brunner-Williams]

It is my son's turn to have the laptop so I won't bother to translate. 
The non-francophones can use Google's auto-xlate bot.


http://www.lemonde.fr/technologies/article/2011/01/28/pour-contourner-le-blocage-du-web-les-modems-56k_1471819_651865.html

Re: What's the current state of major access networks in North America ipv6 delivery status?

[John Payne]

On Jan 26, 2011, at 4:52 PM, Charles N Wyble  wrote:

> Comcast is currently conducting trials:
> http://comcast6.net/ (anyone participated in this?)

Yes, and other than the fact that their 6rd implementation only gives me a /64, 
I've been really happy with it. My wife doesn't even know that her iOS devices 
and win7 box are dual stacked :)

Re: Ipv6 for the content provider

[Bill Stewart]

On 1/26/11, Owen DeLong  wrote:
> And if your servers behind the LB aren't prepared for it,
> you lose a LOT of logging data, geolocation capabilities,
> and some other things if you go that route.

Of course, anybody expecting a current IPv4 geolocation service to
provide accurate information over IPv6 over the next couple of years
is wildly optimistic (with all due respect to people in that business,
but just sayin' good luck with that...)

Maybe you'll get some consistency about which continent they're on
based on the RIR the addresses came from, but even that's probably
dodgy if the address belongs to Hurricane Electric or Sixxs or some
other popular tunnel broker, and maybe you'll get some consistency on
"is it the same /56 as last time?", and maybe some of them will start
doing tricks like putting web bugs for
"ipv4tracker.geolocator-example.com" and
"ipv6tracker.geolocator-example.com" on the same web pages to try to
start building correlation information, and if course you need your
application that uses the information to speak IPv6 and handle 128-bit
records and not just 32-bit.

-- 

 Thanks; Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.

Re: test-ipv6.com

[Kevin Stange]

On 01/28/2011 05:29 PM, Blake Hudson wrote:
> Does this site have an  record? If so, my DNS does not pick it up.

It does not and explains why on its FAQ:

http://test-ipv6.com/faq.html

-- 
Kevin Stange
Chief Technology Officer
Steadfast Networks
http://steadfast.net
Phone: 312-602-2689 ext. 203 | Fax: 312-602-2688 | Cell: 312-320-5867



signature.asc
Description: OpenPGP digital signature

Re: test-ipv6.com

[Blake Hudson]

Does this site have an  record? If so, my DNS does not pick it up.

> [root@ns1 ~]# dig  test-ipv6.com
>
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>>  test-ipv6.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12875
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;test-ipv6.com. IN  
>
> ;; AUTHORITY SECTION:
> test-ipv6.com.  360 IN  SOA ns1.gigo.com.
> root.ns1.gigo.com. 2011010101 86400 7200 360 172800
>
> ;; Query time: 216 msec
> ;; SERVER: 64.35.208.1#53(64.35.208.1)
> ;; WHEN: Fri Jan 28 17:27:20 2011
> ;; MSG SIZE  rcvd: 81
>
> [root@ns1 ~]# dig  www.test-ipv6.com
>
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>>  www.test-ipv6.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12788
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.test-ipv6.com. IN  
>
> ;; ANSWER SECTION:
> www.test-ipv6.com.  360 IN  CNAME   test-ipv6.com.
>
> ;; AUTHORITY SECTION:
> test-ipv6.com.  355 IN  SOA ns1.gigo.com.
> root.ns1.gigo.com. 2011010101 86400 7200 360 172800
>
> ;; Query time: 59 msec
> ;; SERVER: 64.35.208.1#53(64.35.208.1)
> ;; WHEN: Fri Jan 28 17:27:25 2011
> ;; MSG SIZE  rcvd: 99


 Original Message  
Subject: test-ipv6.com
From: Jason Fesler 
To: nanog@nanog.org
Date: Thursday, January 27, 2011 5:08:43 PM
> Several people have suggested I (re)post information about
> test-ipv6.com here.
>
> http://test-ipv6.com  ..
>   tests ipv4 and ipv6 by dns name
>   tests dual stack (will the client break on World IPv6 Day?)
>   tests ipv6 by IP literal (teredo can pass this)
>   gives advice to end user about current status and (depending on
> circumstances) more information
>   "broken" users (can't connect to dual stack) are solicited for info
>   Caution: does depend on javascript.
>
> http://test-ipv6.com/simple_test.html
>   Eyeball test only for user, with instructions; no javascript required.
>
> Please direct any comments, flames, etc directly to me instead of the
> list.  I've added enough noise already  :-)
>
>

Re: Connectivity status for Egypt

[Christopher Morrow]

On Fri, Jan 28, 2011 at 5:32 PM, jim deleskie  wrote:
> iMCI or WCOM? :)

w (technically the folks that engineered it were mci folk... from texas.

> On Fri, Jan 28, 2011 at 5:18 PM, Christopher Morrow
>  wrote:
>>
>> On Fri, Jan 28, 2011 at 3:51 PM, Alastair Johnson  wrote:
>>
>> > For instance, our corporate WAN links into Cairo are still up (UUNET
>> > PIP).
>>
>>  that's the MCI PIP...
>>
>
>

Re: Connectivity status for Egypt

[jim deleskie]

iMCI or WCOM? :)

On Fri, Jan 28, 2011 at 5:18 PM, Christopher Morrow  wrote:

> On Fri, Jan 28, 2011 at 3:51 PM, Alastair Johnson  wrote:
>
> > For instance, our corporate WAN links into Cairo are still up (UUNET
> PIP).
>
>  that's the MCI PIP...
>
>

Re: Connectivity status for Egypt

[Wayne E. Bouchard]

On Fri, Jan 28, 2011 at 02:07:51PM -0800, Bill Stewart wrote:
> On 1/28/11, andrew.wallace  wrote:
> > We should be asking the Egyptians to stagger the return of services so that
> > infrastructure isn't affected, when connectivity is deemed to be allowed to
> > come back online.
> 
> Well, yeah, it has to be done carefully, otherwise the first guy to
> turn on an E1 line that announces routes for the entire country is
> going to have his router overheat and the blue smoke get out  If
> we're lucky, the Army won't damage too much as they either win or
> lose.

It depends on what remains functional after the fact. If there is no
demand for traffic, then routes will be stable and the session will
stay active. If the link fills, the session bounces as packets get
dropped. It also depends on whether the person turning up that first
E1 actually has much behind them and whether those people have much
connectivity that doesn't require shrapnel removal.

---
Wayne Bouchard
w...@typo.org
Network Dude
http://www.typo.org/~web/

Re: Best current looking glass software builds

[Michiel Klaver]

At 22-07-2011 20:59, Peter Kranz wrote:

Anyone done a recent scan of newer looking glass software implementations
for apache? We've used cougar's for several years, but have been problems
with its SSH implementation lately.



Development of the Version6 LookingGlass can be found here, the latest 
version also supports proper SSH-v2:


https://github.com/Cougar/lg

Re: Connectivity status for Egypt

[Bill Stewart]

On 1/28/11, andrew.wallace  wrote:
> We should be asking the Egyptians to stagger the return of services so that
> infrastructure isn't affected, when connectivity is deemed to be allowed to
> come back online.

Well, yeah, it has to be done carefully, otherwise the first guy to
turn on an E1 line that announces routes for the entire country is
going to have his router overheat and the blue smoke get out  If
we're lucky, the Army won't damage too much as they either win or
lose.
-- 

 Thanks; Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.

Re: Connectivity status for Egypt

[Stefan]

On Fri, Jan 28, 2011 at 3:44 PM, andrew.wallace
 wrote:
> We should be asking the Egyptians to stagger the return of services so that 
> infrastructure isn't affected, when connectivity is deemed to be allowed to 
> come back online.
>
> Andrew Wallace
>
> ---
>
> British IT Security Consultant

http://lifehacker.com/5746046/how-to-foil-a-nationwide-internet-shutdown

***Stefan Mititelu
http://twitter.com/netfortius
http://www.linkedin.com/in/netfortius

The Cidr Report

[cidr-report]

This report has been generated at Fri Jan 28 21:11:57 2011 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.

Check http://www.cidr-report.org for a current version of this report.

Recent Table History
Date  PrefixesCIDR Agg
21-01-11344825  201651
22-01-11344975  201806
23-01-11344876  201935
24-01-11345075  201872
25-01-11345142  201967
26-01-11345293  201663
27-01-11344858  200621
28-01-11342381  201194


AS Summary
 36544  Number of ASes in routing system
 15508  Number of ASes announcing only one prefix
  3710  Largest number of prefixes announced by an AS
AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc.
  106681344  Largest address span announced by an AS (/32s)
AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street


Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as 
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').

 --- 28Jan11 ---
ASnumNetsNow NetsAggr  NetGain   % Gain   Description

Table 342245   201128   14111741.2%   All ASes

AS6389  3710  270 344092.7%   BELLSOUTH-NET-BLK -
   BellSouth.net Inc.
AS4323  2625  409 221684.4%   TWTC - tw telecom holdings,
   inc.
AS19262 1841  285 155684.5%   VZGNI-TRANSIT - Verizon Online
   LLC
AS4766  1915  544 137171.6%   KIXS-AS-KR Korea Telecom
AS6478  1476  245 123183.4%   ATT-INTERNET3 - AT&T Services,
   Inc.
AS22773 1274   86 118893.2%   ASN-CXA-ALL-CCI-22773-RDC -
   Cox Communications Inc.
AS4755  1402  341 106175.7%   TATACOMM-AS TATA
   Communications formerly VSNL
   is Leading ISP
AS1785  1790  768 102257.1%   AS-PAETEC-NET - PaeTec
   Communications, Inc.
AS28573 1246  304  94275.6%   NET Servicos de Comunicao S.A.
AS10620 1357  443  91467.4%   Telmex Colombia S.A.
AS7545  1596  727  86954.4%   TPG-INTERNET-AP TPG Internet
   Pty Ltd
AS6503  1150  376  77467.3%   Axtel, S.A.B. de C.V.
AS18101  922  152  77083.5%   RELIANCE-COMMUNICATIONS-IN
   Reliance Communications
   Ltd.DAKC MUMBAI
AS24560 1094  333  76169.6%   AIRTELBROADBAND-AS-AP Bharti
   Airtel Ltd., Telemedia
   Services
AS7303   886  126  76085.8%   Telecom Argentina S.A.
AS4808  1032  316  71669.4%   CHINA169-BJ CNCGROUP IP
   network China169 Beijing
   Province Network
AS3356  1186  489  69758.8%   LEVEL3 Level 3 Communications
AS17488  950  281  66970.4%   HATHWAY-NET-AP Hathway IP Over
   Cable Internet
AS18566 1125  482  64357.2%   COVAD - Covad Communications
   Co.
AS9498   745  110  63585.2%   BBIL-AP BHARTI Airtel Ltd.
AS11492 1269  648  62148.9%   CABLEONE - CABLE ONE, INC.
AS17676  647   69  57889.3%   GIGAINFRA Softbank BB Corp.
AS855633   57  57691.0%   CANET-ASN-4 - Bell Aliant
   Regional Communications, Inc.
AS8151  1185  616  56948.0%   Uninet S.A. de C.V.
AS7552   649  102  54784.3%   VIETEL-AS-AP Vietel
   Corporation
AS22047  566   31  53594.5%   VTR BANDA ANCHA S.A.
AS14420  614   97  51784.2%   CORPORACION NACIONAL DE
   TELECOMUNICACIONES - CNT EP
AS3549   860  352  50859.1%   GBLX Global Crossing Ltd.
AS9443   570   75  49586.8%   INTERNETPRIMUS-AS-AP Primus
   Telecommunications
AS4804   571   77  49486.5%   MPX-AS Microplex PTY LTD

Total  36886 92112767575.0%   Top 30 total


Possible Bogus Routes

5.0.0.0/16   A

BGP Update Report

[cidr-report]

BGP Update Report
Interval: 20-Jan-11 -to- 27-Jan-11 (7 days)
Observation Point: BGP Peering with AS131072

TOP 20 Unstable Origin AS
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS32528   18632  1.3%6210.7 -- ABBOTT Abbot Labs
 2 - AS178518374  1.3%  10.4 -- AS-PAETEC-NET - PaeTec 
Communications, Inc.
 3 - AS18025   16571  1.2% 460.3 -- ACE-1-WIFI-AS-AP Ace-1 Wifi 
Network
 4 - AS35931   15587  1.1%5195.7 -- ARCHIPELAGO - ARCHIPELAGO 
HOLDINGS INC
 5 - AS845215525  1.1%   9.4 -- TE-AS TE-AS
 6 - AS33475   12203  0.9%  56.8 -- RSN-1 - RockSolid Network, Inc.
 7 - AS23700   12199  0.9%  27.4 -- BM-AS-ID PT. Broadband 
Multimedia, Tbk
 8 - AS949812187  0.9%  17.8 -- BBIL-AP BHARTI Airtel Ltd.
 9 - AS24923   11360  0.8%2840.0 -- SETTC South-East Transtelecom 
Joint Stock Co.
10 - AS24863   11133  0.8%  11.6 -- LINKdotNET-AS
11 - AS982910876  0.8%  28.2 -- BSNL-NIB National Internet 
Backbone
12 - AS15105   10194  0.7%  37.9 -- NETWORKTELEPHONE - Network 
Telephone Corporation
13 - AS250199838  0.7%  44.1 -- SAUDINETSTC-AS Autonomus System 
Number for SaudiNet
14 - AS179748548  0.6%  11.5 -- TELKOMNET-AS2-AP PT 
Telekomunikasi Indonesia
15 - AS6316 8282  0.6%  77.4 -- AS-PAETEC-NET - PaeTec 
Communications, Inc.
16 - AS369927722  0.5%  11.5 -- ETISALAT-MISR
17 - AS285737694  0.5%  12.1 -- NET Servicos de Comunicao S.A.
18 - AS309697082  0.5% 120.0 -- 
19 - AS144206938  0.5%  11.3 -- CORPORACION NACIONAL DE 
TELECOMUNICACIONES - CNT EP
20 - AS9198 6384  0.5%  14.0 -- KAZTELECOM-AS JSC Kazakhtelecom


TOP 20 Unstable Origin AS (Updates per announced prefix)
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS32528   18632  1.3%6210.7 -- ABBOTT Abbot Labs
 2 - AS6401 5855  0.4%5855.0 -- ALLST-6401 - Allstream Corp.
 3 - AS35931   15587  1.1%5195.7 -- ARCHIPELAGO - ARCHIPELAGO 
HOLDINGS INC
 4 - AS24923   11360  0.8%2840.0 -- SETTC South-East Transtelecom 
Joint Stock Co.
 5 - AS497762103  0.1%2103.0 -- GORSET-AS Gorodskaya Set Ltd.
 6 - AS496001504  0.1%1504.0 -- LASEDA La Seda de Barcelona, S.A
 7 - AS281751494  0.1%1494.0 -- 
 8 - AS342391422  0.1%1422.0 -- INTERAMERICAN General Insurance 
Company
 9 - AS277712682  0.2%1341.0 -- Instituto Venezolano de 
Investigaciones Cientificas
10 - AS407722648  0.2%1324.0 -- VELOCITER-WIRELESS-INC - 
Velociter Wireless, Inc.
11 - AS363831764  0.1% 882.0 -- TRABERTECHNOLOGIES-NETWORK - 
Traber Technologies Inc.
12 - AS359141763  0.1% 881.5 -- FIREHOST-INC - FireHost, Inc.
13 - AS43605 659  0.1% 659.0 -- STRK-NET JSC STRK
14 - AS174083268  0.2% 653.6 -- ABOVE-AS-AP AboveNet 
Communications Taiwan
15 - AS9929 4377  0.3% 625.3 -- CNCNET-CN China Netcom Corp.
16 - AS4454  582  0.0% 582.0 -- TNET-AS - State of Tennessee
17 - AS45550 516  0.0% 516.0 -- NGT-AS-VN New Generations 
Telecommunications Corporation
18 - AS40168 488  0.0% 488.0 -- TOYOTA-PR - Toyota de Puerto 
Rico Corp.
19 - AS3 957  0.1% 333.0 -- VP-NET-SE Videoplaza AB
20 - AS18025   16571  1.2% 460.3 -- ACE-1-WIFI-AS-AP Ace-1 Wifi 
Network


TOP 20 Unstable Prefixes
Rank Prefix Upds % Origin AS -- AS Name
 1 - 213.129.96.0/19   11343  0.8%   AS24923 -- SETTC South-East Transtelecom 
Joint Stock Co.
 2 - 63.211.68.0/2210105  0.7%   AS35931 -- ARCHIPELAGO - ARCHIPELAGO 
HOLDINGS INC
 3 - 130.36.34.0/24 9317  0.6%   AS32528 -- ABBOTT Abbot Labs
 4 - 130.36.35.0/24 9314  0.6%   AS32528 -- ABBOTT Abbot Labs
 5 - 216.126.136.0/22   7442  0.5%   AS6316  -- AS-PAETEC-NET - PaeTec 
Communications, Inc.
 6 - 159.18.255.0/245855  0.4%   AS6401  -- ALLST-6401 - Allstream Corp.
 7 - 198.140.43.0/245436  0.4%   AS35931 -- ARCHIPELAGO - ARCHIPELAGO 
HOLDINGS INC
 8 - 68.65.152.0/22 3700  0.2%   AS11915 -- TELWEST-NETWORK-SVCS-STATIC - 
TEL WEST COMMUNICATIONS LLC
 9 - 67.210.226.0/243495  0.2%   AS35914 -- FIREHOST-INC - FireHost, Inc.
 AS7819  -- GLOBAL-IP-NETWORKS - Global IP 
Networks INC
10 - 202.153.174.0/24   3254  0.2%   AS17408 -- ABOVE-AS-AP AboveNet 
Communications Taiwan
11 - 27.123.248.0/223215  0.2%   AS18025 -- ACE-1-WIFI-AS-AP Ace-1 Wifi 
Network
12 - 182.54.140.0/223210  0.2%   AS18025 -- ACE-1-WIFI-AS-AP Ace-1 Wifi 
Network
13 - 182.54.148.0/223210  0.2%   AS18025 -- ACE-1-WIFI-AS-AP Ace-1 Wifi 
Network
14 - 101.78.20.0/22 3199  0.2%   AS18025 -- ACE-1-WIFI-AS-AP Ace-1 Wifi 
Network
15 - 101.78.24.0/22 31

Re: Connectivity status for Egypt

[andrew.wallace]

We should be asking the Egyptians to stagger the return of services so that 
infrastructure isn't affected, when connectivity is deemed to be allowed to 
come back online.

Andrew Wallace

---

British IT Security Consultant

Re: Connectivity status for Egypt

[Alexander Harrowell]

On Friday 28 January 2011 21:22:55 Christopher Morrow wrote:
> On Fri, Jan 28, 2011 at 4:18 PM, Christopher Morrow
> 
>  wrote:
> > On Fri, Jan 28, 2011 at 3:51 PM, Alastair Johnson  wrote:
> >> For instance, our corporate WAN links into Cairo are still up (UUNET
> >> PIP).
> > 
> >  that's the MCI PIP...
> 
> probably the .EG parts of that PIP are provided on a partner network
> still ... I don't think they have build of their own gear into the
> country, and there's a high likelihood that if state-security sees
> 'forbidden' traffic on those links they'll request traffic shutdown on
> that network as well.
> 
> If you operate a network in the affected country I'm sure you'll have
> to comply with LEA demands...
> 
> -chris

It's ironic that in 1991, the Soviet coup leaders had the international voice 
gateway shut down but left the Internet link up (who cares about some weird 
thing eggheads chat over?), but now, dictators in trouble pull all the BGP 
announcements but leave the PSTN up. Who cares about some old thing your mother 
uses?


Not impressed by US journalists asking why the WH press secretary can't order 
Vodafone to turn their GSM net back on, though. 1) it's not them who would have 
to say no to the nice man from Central State Security with his electric shock 
baton, 2) VF.eg is half-owned by the Egyptian government...

-- 
The only thing worse than e-mail disclaimers...is people who send e-mail to 
lists complaining about them


signature.asc
Description: This is a digitally signed message part.

Re: Connectivity status for Egypt

[Franck Martin]

If I'm correct, in 2000 in Fiji, the main fiber optic cable from the national 
provider to the international provider was sabotaged, cutting all 
communications. Fortunately an Alcatel team was on the island (SCC 
commissioning) with the right tools and could splice it back in a few hours, 
otherwise Fiji would have gone dark for days...

- Original Message -
From: "Joe Abley" 
To: "Marshall Eubanks" 
Cc: nanog@nanog.org
Sent: Saturday, 29 January, 2011 7:32:07 AM
Subject: Re: Connectivity status for Egypt


On 2011-01-28, at 11:33, Marshall Eubanks wrote:

> On Jan 28, 2011, at 11:24 AM, Jared Mauch wrote:
> 
>> I have seen nation state disconnects where light is lost.
> 
> I believe that was the case for Burma, for example.

It was not the case in Nepal in 2005 though, if I remember correctly. In that 
case connectivity to the outside was maintained, but access to that 
connectivity by people inside the country was curtailed.


Joe

Re: Connectivity status for Egypt

[Larry Stites]

Thank you Charles


on 1/28/11 12:52 PM, Charles N Wyble wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On 01/28/2011 12:36 PM, George Bonser wrote:
>> 
>> 
>>> -Original Message-
>>> From: Jake Khuon [mailto:kh...@neebu.net]
>>> Sent: Friday, January 28, 2011 12:07 PM
>>> To: Patrick W. Gilmore
>>> Cc: NANOG list
>>> Subject: Re: Connectivity status for Egypt
>>> 
>>> On Fri, 2011-01-28 at 11:27 -0500, Patrick W. Gilmore wrote:
>>> 
 I think it does not matter.  Censorship is censorship.  (So much for
>>> "routing around it".)
>>> 
>> 
>> 
>> I think it would be pretty hard to actually cut off communications when the
>> telephone system is still working.  You can move a lot of email by dialup
>> UUCP if you wanted to.
> 
> Right. In a government regulated monopoly telcom carrier.
> 
>> 
>> I am guessing that satellite internet still works
> 
> If people can't afford to eat, I doubt they can afford satellite internet.
> 
>  and landline dialup to a modem outside the country still works.
> 
> This presumes people have long distance plans.
> 
>   And there's always static routes :)
> 
> To what? If everyone has dropped BGP sessions how are you as an end user
> going to setup static routes? Unless there are no firewalls and
> everything is wide open how would you reach gateways?
> 
> 
> 
> 
> - -- 
> Charles N Wyble (char...@knownelement.com)
> Systems craftsman for the stars
> http://www.knownelement.com
> Mobile: 626 539 4344
> Office: 310 929 8793
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iQIcBAEBAgAGBQJNQyyUAAoJEMvvG/TyLEAt2ZoQALt3Arteje09ssqAkrbsretj
> BuH1UyzK6VNpyk9q72p9C10XowqNE9BGTni+B1lZxh4VNY/cSdRaQFQO9DsMt+ww
> dWl4HAu/PswRkWGrdQ2DIncRuXd8D6IOQ+ggv2I3cA6Pxi9Ep3rg5GF63+x1fTff
> 6SCU+FWjTe4ghkeDkR7d2L/6DESJiZCR1DojBMIPf1/W8TTllqmCXflPW6cLgIlC
> gBqiCVM24FhMBmNzGGjfcnfoQnCcwFD5qAVPBcMh0Y9Hz5olEN2F0tsgYSbG2szH
> 3UD4ocZ07xLMAG1LdkjoEJmORdAQOv5GL2nkFFCi+/K6sMTyhRhBkO03DA0tOkRN
> M/wJIrRMeSS5ur6NBy0PDgHcHYo138w5wUAoZi3B8JrfiP+cxJ+oEMm6LDDLTNV7
> NbKgpkUOeAvi+qhXo2BUbXpZv8Oh/OAedwIu7/5xHx8YPm2Bq9OTkZrPECslig/G
> p2NCWpohbKfUn0EeN/NdutxWX/O6YY3y5mB/wfFasnr0kvi413QOMnRViOSgfNY/
> DTtpzTc7aahY0L2uAU21qTZIMDRuB/aYaHfbfsKpL2LGdxq/JFm6sQQ/IeN5Q7ii
> 0QvMDM04Eqi4cCgut7p3DKTjkxFnU9Wilo/A8jeY4CRVH1I/Afft6aDh7GZNPKgr
> QaEcUTQLrfCF284d1XSl
> =QICt
> -END PGP SIGNATURE-
> 

~.~

Re: Connectivity status for Egypt

[Christopher Morrow]

On Fri, Jan 28, 2011 at 4:18 PM, Christopher Morrow
 wrote:
> On Fri, Jan 28, 2011 at 3:51 PM, Alastair Johnson  wrote:
>
>> For instance, our corporate WAN links into Cairo are still up (UUNET PIP).
>
>  that's the MCI PIP...

probably the .EG parts of that PIP are provided on a partner network
still ... I don't think they have build of their own gear into the
country, and there's a high likelihood that if state-security sees
'forbidden' traffic on those links they'll request traffic shutdown on
that network as well.

If you operate a network in the affected country I'm sure you'll have
to comply with LEA demands...

-chris

RE: Connectivity status for Egypt

[George Bonser]

I have also seen reports that Syria has severed their Internet access, as well:

http://af.reuters.com/article/tunisiaNews/idAFLDE70P18Y20110126


http://twitter.com/AlArabiya_Eng/status/31002490816167936

Can anyone confirm that?

Re: Connectivity status for Egypt

[Valdis . Kletnieks]

On Fri, 28 Jan 2011 12:36:30 PST, George Bonser said:

> I think it would be pretty hard to actually cut off communications when the
> telephone system is still working.  You can move a lot of email by dialup UUCP
> if you wanted to.

Sure, just pop onto amazon.com and order a modem... oh, wait.

(It's certainly doable, but decidedly nontrivial, and will require much
sneakernet to bootstrap)



pgpd21T7CgXel.pgp
Description: PGP signature

Re: Connectivity status for Egypt

[Christopher Morrow]

On Fri, Jan 28, 2011 at 3:51 PM, Alastair Johnson  wrote:

> For instance, our corporate WAN links into Cairo are still up (UUNET PIP).

 that's the MCI PIP...

Re: Connectivity status for Egypt

[Charles N Wyble]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/28/2011 01:02 PM, Alexander Harrowell wrote:
> On Friday 28 January 2011 20:36:30 George Bonser wrote:
>>> -Original Message-
>>> From: Jake Khuon [mailto:kh...@neebu.net]
>>> Sent: Friday, January 28, 2011 12:07 PM
>>> To: Patrick W. Gilmore
>>> Cc: NANOG list
>>> Subject: Re: Connectivity status for Egypt
>>>
>>> On Fri, 2011-01-28 at 11:27 -0500, Patrick W. Gilmore wrote:
 I think it does not matter.  Censorship is censorship.  (So much for
>>>
>>> "routing around it".)
>>
>> I think it would be pretty hard to actually cut off communications when the
>> telephone system is still working.  You can move a lot of email by dialup
>> UUCP if you wanted to.
>>
>>
> 
> I wonder if anyone's working on a mesh or p-t-p radio app that runs on a 
> smartphone?
> 
> 

Yes.

http://www.servalproject.org/


- -- 
Charles N Wyble (char...@knownelement.com)
Systems craftsman for the stars
http://www.knownelement.com
Mobile: 626 539 4344
Office: 310 929 8793
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNQzHxAAoJEMvvG/TyLEAtV60P+wUsrIDsZJrS7L2reSL0GhF7
LOZlTAWG4LeuJQnt6GfpKVJlZgoR1/ucm1NLZDnJeJ6+14sB0CqMipd2XDse5shB
zWzvdHn0yGF/RQEnEpZPhQv83crbLVBN2k56KoPkgxbuBwLRdmIZkvSSTXbeAqXy
ovQWTGMQWxjT0IUYFylljFo1Djsx/aFeMm+MW5R+9bSL4DASg802ozi2oxVeSpzP
lbYsp2ZOtPq3XkWRE3g2JeA/BEJiVJ0BRGUSuoSKUVRsvW4qwlGK1ZUFmNeQ+7xn
0tCucyAhpe/ir3eLm0fMpXk0haXzbpns6oxfudUdMXPLO6PwtYNC/DgBIxlnxDxQ
7G9YD6O63xsRLf3VclDVYgvgwpm6YEIVcjZ4pg/fk1IpKazEB1UlQl10UaFItRvC
V7Vo6sK9wzs4GddNwXVJFa919IP3bRsFY7wnWDNES/Nb71vmzvZlk1eEMITn/F1S
zxDr1MQdAnsiWYqG7CFjrWjVNCOK/1x7msmIdRpUB31TyMRnzFWxb4JxXEweVbRo
VulT+c1fNVyag+YnIkI1nj/8U5zfPygZXMx4FQhMCtA4dqcBeN2W01P0vDJnUuVH
zGASBV18/4F1MGduC9zKU1yW4pTxTt0/t/o/o4/SkAMz8BCDvo7vct+3+3Y9+v4p
aovANFV1Q3cNt+0GMqQS
=UYCf
-END PGP SIGNATURE-

Re: Connectivity status for Egypt

[Alastair Johnson]

On 1/28/2011 1:02 PM, Alexander Harrowell wrote:

I wonder if anyone's working on a mesh or p-t-p radio app that runs on a
smartphone?


Yes - came across http://www.servalproject.org/ from the linux.conf.au 
program.

Re: Connectivity status for Egypt

[Alexander Harrowell]

On Friday 28 January 2011 20:36:30 George Bonser wrote:
> > -Original Message-
> > From: Jake Khuon [mailto:kh...@neebu.net]
> > Sent: Friday, January 28, 2011 12:07 PM
> > To: Patrick W. Gilmore
> > Cc: NANOG list
> > Subject: Re: Connectivity status for Egypt
> > 
> > On Fri, 2011-01-28 at 11:27 -0500, Patrick W. Gilmore wrote:
> > > I think it does not matter.  Censorship is censorship.  (So much for
> > 
> > "routing around it".)
> 
> I think it would be pretty hard to actually cut off communications when the
> telephone system is still working.  You can move a lot of email by dialup
> UUCP if you wanted to.
> 
> I am guessing that satellite internet still works and landline dialup to a
> modem outside the country still works.  And there's always static routes
> :)


International dial-out is a good point, especially these days when 
international 
voice isn't wildly expensive any more. Does anyone have a source for dialup 
pools like that?


Personally, I suspect that it's probably more important to cut off internal 
comms. Especially as the TV and media people are pretty good at bringing their 
own satellite connectivity. Which is more worrying, someone updating their 
wordpress.com blog, or the same person texting everyone they know to show up 
outside State TV at 1700 hours and bring a bag of bricks? A lot of the 
fbk/twt/whatever activity, and all the really politically important fraction of 
it, is just that - but going through either externally located servers or 
externally-owned ones.


I wonder if anyone's working on a mesh or p-t-p radio app that runs on a 
smartphone?


-- 
The only thing worse than e-mail disclaimers...is people who send e-mail to 
lists complaining about them


signature.asc
Description: This is a digitally signed message part.

Re: Connectivity status for Egypt

[Joseph Prasad]

Here is a blog by Al Jazeera on what is happening in Egypt.
Look at the time stamp of 7:46.
Kill-Switch is alive and well.
Coming to America soon?

http://blogs.aljazeera.net/middle-east/2011/01/28/liveblog-egypts-protests-erupt

.
**
*The only power people exert over us, is the power we allow them to exert.*
*
*
*http://www.projectcensored.org/*
*
*
*http://www.thenewamerican.com/*

**

On Thu, Jan 27, 2011 at 3:47 PM, Danny O'Brien  wrote:

> Around 2236 UCT, we lost all Internet connectivity with our contacts in
> Egypt, and I'm hearing reports of (in declining order of confirmability):
>
> 1) Internet connectivity loss on major (broadband) ISPs
> 2) No SMS
> 4) Intermittent connectivity with smaller (dialup?) ISPs
> 5) No mobile service in major cities -- Cairo, Alexandria
>
> The working assumption here is that the Egyptian government has made the
> decision to shut down all external, and perhaps internal electronic
> communication as a reaction to the ongoing protests in that country.
>
> If anyone can provide more details as to what they're seeing, the extent,
> plus times and dates, it would be very useful. In moments like this there
> are often many unconfirmed rumors: I'm seeking concrete reliable
> confirmation which I can pass onto the press and those working to bring
> some
> communications back up (if you have a ham radio license, there is some very
> early work to provide emergency connectivity. Info at:
> http://pastebin.com/fHHBqZ7Q )
>
> Thank you,
>
> --
> dobr...@cpj.org
> Danny O'Brien, Committee to Protect Journalists
> gpg key: http://www.spesh.com/danny/crypto/dannyobrien-key20091106.txt
>



-- 

*
*

Re: Connectivity status for Egypt

[Charles N Wyble]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/28/2011 12:36 PM, George Bonser wrote:
> 
> 
>> -Original Message-
>> From: Jake Khuon [mailto:kh...@neebu.net]
>> Sent: Friday, January 28, 2011 12:07 PM
>> To: Patrick W. Gilmore
>> Cc: NANOG list
>> Subject: Re: Connectivity status for Egypt
>>
>> On Fri, 2011-01-28 at 11:27 -0500, Patrick W. Gilmore wrote:
>>
>>> I think it does not matter.  Censorship is censorship.  (So much for
>> "routing around it".)
>>
> 
> 
> I think it would be pretty hard to actually cut off communications when the 
> telephone system is still working.  You can move a lot of email by dialup 
> UUCP if you wanted to.

Right. In a government regulated monopoly telcom carrier.

> 
> I am guessing that satellite internet still works

If people can't afford to eat, I doubt they can afford satellite internet.

 and landline dialup to a modem outside the country still works.

This presumes people have long distance plans.

  And there's always static routes :)

To what? If everyone has dropped BGP sessions how are you as an end user
going to setup static routes? Unless there are no firewalls and
everything is wide open how would you reach gateways?




- -- 
Charles N Wyble (char...@knownelement.com)
Systems craftsman for the stars
http://www.knownelement.com
Mobile: 626 539 4344
Office: 310 929 8793
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNQyyUAAoJEMvvG/TyLEAt2ZoQALt3Arteje09ssqAkrbsretj
BuH1UyzK6VNpyk9q72p9C10XowqNE9BGTni+B1lZxh4VNY/cSdRaQFQO9DsMt+ww
dWl4HAu/PswRkWGrdQ2DIncRuXd8D6IOQ+ggv2I3cA6Pxi9Ep3rg5GF63+x1fTff
6SCU+FWjTe4ghkeDkR7d2L/6DESJiZCR1DojBMIPf1/W8TTllqmCXflPW6cLgIlC
gBqiCVM24FhMBmNzGGjfcnfoQnCcwFD5qAVPBcMh0Y9Hz5olEN2F0tsgYSbG2szH
3UD4ocZ07xLMAG1LdkjoEJmORdAQOv5GL2nkFFCi+/K6sMTyhRhBkO03DA0tOkRN
M/wJIrRMeSS5ur6NBy0PDgHcHYo138w5wUAoZi3B8JrfiP+cxJ+oEMm6LDDLTNV7
NbKgpkUOeAvi+qhXo2BUbXpZv8Oh/OAedwIu7/5xHx8YPm2Bq9OTkZrPECslig/G
p2NCWpohbKfUn0EeN/NdutxWX/O6YY3y5mB/wfFasnr0kvi413QOMnRViOSgfNY/
DTtpzTc7aahY0L2uAU21qTZIMDRuB/aYaHfbfsKpL2LGdxq/JFm6sQQ/IeN5Q7ii
0QvMDM04Eqi4cCgut7p3DKTjkxFnU9Wilo/A8jeY4CRVH1I/Afft6aDh7GZNPKgr
QaEcUTQLrfCF284d1XSl
=QICt
-END PGP SIGNATURE-

Re: Connectivity status for Egypt

[Alastair Johnson]

On 1/28/2011 8:17 AM, Christopher Morrow wrote:

out of curiousity, what's the difference though between loss of light
and peer shutdown? If the local gov't comes in and says: "Make the
internets go down", you as the op choose how to do that... NOT getting
calls from your peer for interface alarms is probably sane. You can
simply drop your routes, leave BGP running even and roll ...

If it's clear (and it seems to be) that the issue is a
nation-state-decision... implementation (how it's done, no IF it's
done) isn't really important, is it?


I guess it depends on what goes down as an effect of the mandate.  If 
it's full Layer 1 severing, then leased line and other circuits will go 
down too.  If it's just "shut down your Internet peering sessions", then 
there's alternative opportunities for connectivity.


For instance, our corporate WAN links into Cairo are still up (UUNET PIP).

aj

RE: Connectivity status for Egypt

[George Bonser]

> -Original Message-
> From: Jake Khuon [mailto:kh...@neebu.net]
> Sent: Friday, January 28, 2011 12:07 PM
> To: Patrick W. Gilmore
> Cc: NANOG list
> Subject: Re: Connectivity status for Egypt
> 
> On Fri, 2011-01-28 at 11:27 -0500, Patrick W. Gilmore wrote:
> 
> > I think it does not matter.  Censorship is censorship.  (So much for
> "routing around it".)
> 


I think it would be pretty hard to actually cut off communications when the 
telephone system is still working.  You can move a lot of email by dialup UUCP 
if you wanted to.

I am guessing that satellite internet still works and landline dialup to a 
modem outside the country still works.  And there's always static routes :)

Re: Bogons

[John Payne]

On Jan 28, 2011, at 3:14 PM, George Bonser wrote:

> 
> 
>> Now that the holidays are over and IANA v4 depletion is likely days
>> away, perhaps its time to consider stripping your bogon lists down to
>> the bare minimum, and as someone else said, declare bogons dead and
>> move to martians?
>> 
>> 
>> Just sayin'
>> 
> 
> There are still some 7,000 prefixes in the v4 "full bogons" list.  These
> are such things as allocations to RIR's but have not yet been allocated.
> It's updated every four hours:
> 
> 
> 
> http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
> 
> "The traditional bogon prefixes, plus prefixes that have been
> allocated to RIRs but not yet assigned by those RIRs to ISPs, end-users,
> etc. Updated every four hours."
> 
> That is one probably best taken by BGP feed and not done manually.

Yes, I was referring to static/manual bogon list.  The Cymru BGP feed rocks.

RE: Bogons

[George Bonser]

> Now that the holidays are over and IANA v4 depletion is likely days
> away, perhaps its time to consider stripping your bogon lists down to
> the bare minimum, and as someone else said, declare bogons dead and
> move to martians?
> 
> 
> Just sayin'
> 

There are still some 7,000 prefixes in the v4 "full bogons" list.  These
are such things as allocations to RIR's but have not yet been allocated.
It's updated every four hours:



http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt

"The traditional bogon prefixes, plus prefixes that have been
allocated to RIRs but not yet assigned by those RIRs to ISPs, end-users,
etc. Updated every four hours."

That is one probably best taken by BGP feed and not done manually.

Re: Connectivity status for Egypt

[Jake Khuon]

On Fri, 2011-01-28 at 11:27 -0500, Patrick W. Gilmore wrote:

> I think it does not matter.  Censorship is censorship.  (So much for "routing 
> around it".)

Obviously for the effected, the effects are the same. |8^)

However, I'm interested in knowing about the level of fine control that
the Egyptian government may have exercised.  I think the subtle
implications on the relationships between operators and governments bear
some fine distinction in such a case.

Also I think there will eventually be different consequences between an
indiscriminate mass disconnect of all telecom and network services and a
selective one where some of the infrastructure is left intact but under
tighter control... especially if internal reach is still selectively
available while external reach has been disabled.


-- 
/*=[ Jake Khuon  ]=+
 | Packet Plumber, Network Engineers /| / [~ [~ |) | |  |
 | for Effective Bandwidth Utilisation  / |/  [_ [_ |) |_| NETWORKS |   
 +==*/

Re: Bogons

[John Payne]

On Dec 17, 2010, at 4:06 PM, John Payne wrote:

> With the holiday freezes approaching, it might be worth making sure that the 
> recently allocated /8s are not in your bogon list
> 
> 23/8 
> 100/8 
> 5/8
> 37/8 
> 
> Just sayin'


105/8, 2/8, etc etc

Now that the holidays are over and IANA v4 depletion is likely days away, 
perhaps its time to consider stripping your bogon lists down to the bare 
minimum, and as someone else said, declare bogons dead and move to martians?


Just sayin'

Re: 3500 Egyptian prefixes?

[Ren Provo]

~25 million people live in Cairo alone, many under the age of 30 given
another 'arrival' is said to occur every 10 minutes.  When we were there
earlier this month most had cell phones and wi-fi spots were available all
around the area that is being streamed on CNN right now.  As a society they
are very social and a fair amount of their marketing materials have shifted
to email addresses vs. phone/fax contacts.  Internet access is a big part of
their society.

On Fri, Jan 28, 2011 at 2:01 PM, Iljitsch van Beijnum wrote:

> On the Renesys blog
> http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml
> it says that 3500 prefixes disappeared. 1% of the global table seems a lot,
> especially considering that according to AfriNIC Egypt only has 122 IPv4 and
> 7 IPv6 prefixes.
>
> What gives?
>

Re: 3500 Egyptian prefixes?

[Christopher Morrow]

On Fri, Jan 28, 2011 at 2:01 PM, Iljitsch van Beijnum
 wrote:
> On the Renesys blog 
> http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml
> it says that 3500 prefixes disappeared. 1% of the global table seems a lot, 
> especially considering that according to AfriNIC Egypt only has 122 IPv4 and 
> 7 IPv6 prefixes.
>
> What gives?

de-aggregates
not-afrinic-region blocks
geo-located blocks (potentially mis-located?)
customer blocks of the 7 isp's in region

lots of slosh there...

3500 Egyptian prefixes?

[Iljitsch van Beijnum]

On the Renesys blog 
http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml
it says that 3500 prefixes disappeared. 1% of the global table seems a lot, 
especially considering that according to AfriNIC Egypt only has 122 IPv4 and 7 
IPv6 prefixes.

What gives?

Re: Connectivity status for Egypt

[Joe Abley]

On 2011-01-28, at 11:33, Marshall Eubanks wrote:

> On Jan 28, 2011, at 11:24 AM, Jared Mauch wrote:
> 
>> I have seen nation state disconnects where light is lost.
> 
> I believe that was the case for Burma, for example.

It was not the case in Nepal in 2005 though, if I remember correctly. In that 
case connectivity to the outside was maintained, but access to that 
connectivity by people inside the country was curtailed.


Joe

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG,
CaribNOG and the RIPE Routing Working Group.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 29 Jan, 2011

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  340429
Prefixes after maximum aggregation:  154694
Deaggregation factor:  2.20
Unique aggregates announced to Internet: 169224
Total ASes present in the Internet Routing Table: 35707
Prefixes per ASN:  9.53
Origin-only ASes present in the Internet Routing Table:   30778
Origin ASes announcing only one prefix:   14951
Transit ASes present in the Internet Routing Table:4929
Transit-only ASes present in the Internet Routing Table:118
Average AS path length visible in the Internet Routing Table:   4.3
Max AS path length visible:  31
Max AS path prepend of ASN (36992)   29
Prefixes from unregistered ASNs in the Routing Table:   321
Unregistered ASNs in the Routing Table: 126
Number of 32-bit ASNs allocated by the RIRs:   1051
Prefixes from 32-bit ASNs in the Routing Table:   6
Special use prefixes present in the Routing Table:0
Prefixes being announced from unallocated address space:215
Number of addresses announced to Internet:   2348554048
Equivalent to 139 /8s, 252 /16s and 23 /24s
Percentage of available address space announced:   63.4
Percentage of allocated address space announced:   65.4
Percentage of available address space allocated:   96.8
Percentage of address space in use by end-sites:   88.0
Total number of prefixes smaller than registry allocations:  139482

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:84978
Total APNIC prefixes after maximum aggregation:   28832
APNIC Deaggregation factor:2.95
Prefixes being announced from the APNIC address blocks:   81750
Unique aggregates announced from the APNIC address blocks:35514
APNIC Region origin ASes present in the Internet Routing Table:4313
APNIC Prefixes per ASN:   18.95
APNIC Region origin ASes announcing only one prefix:   1219
APNIC Region transit ASes present in the Internet Routing Table:690
Average APNIC Region AS path length visible:4.5
Max APNIC Region AS path length visible: 20
Number of APNIC addresses announced to Internet:  586409504
Equivalent to 34 /8s, 243 /16s and 230 /24s
Percentage of available APNIC address space announced: 79.4

APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079
   55296-56319, 131072-132095
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  42/8,  43/8,  49/8,
58/8,  59/8,  60/8,  61/8, 101/8, 110/8, 111/8,
   112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8,
   119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8,
   126/8, 133/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:138008
Total ARIN prefixes after maximum aggregation:70693
ARIN Deaggregation factor: 1.95
Prefixes being announced from the ARIN address blocks:   108934
Unique aggregates announced from the ARIN address blocks: 44467
ARIN Region origin ASes present in the Internet Routing Table:14154
ARIN Prefixes per ASN: 7.70
ARIN Region origin ASes announcing only one prefix:5405
ARIN Region transit ASes present in the Internet Routing Table:1470
Average ARIN Region AS path length visible: 4.0
Max ARIN Region AS path length visible:  

Re: Connectivity status for Egypt

[Jared Mauch]

Jim,

On Jan 28, 2011, at 12:43 PM,  wrote:
>  And would you comply with it if it indeed became law?

For better or worse, companies will comply with lawful requests.  In the event 
of US Civil Unrest, I think it would be much harder than in other regimes to 
exert this type of control, and would cause a much broader global impact to 
economic activity.  The same would happen with any pan-european "blackout".

For the economic reasons alone, I rate the chances of "kill-switch" a zero.  It 
makes for great reporting about power, but the practicality is zero.

(this does not preclude the US Government from disconnecting *its* enterprise 
networks, as has happened with Bureau of Indian Affairs in the past, etc...)

- Jared Mauch

Re: Connectivity status for Egypt

[JDuffy]

I'm a reporter for Network World, and we're working on a series of stories re 
the Egyptian Internet blackout. I hope I can glean some information from the 
operators on this list for my story. It would be much appreciated.

My question for NANOG operators is... Is the blackout disrupting your 
operations in Egypt, Northern Africa and/or the Middle East? Have you noticed 
any resumption of service since the outage went into effect on Thursday, Jan. 
27?

Also, a bill was introduced recently in Congress proposing an Internet "kill 
switch" to be used, apparently, in response to cyberattacks on the U.S.:

http://edge.networkworld.com/news/2009/040209-obama-cybersecurity-bill.html?page=1

Do you have any opinions on whether this "kill switch" could indeed be employed 
here to thwart attacks... or to suppress communications during time of 
political unrest? As a network operator, would you support such a bill? And 
would you comply with it if it indeed became law?

Thank you, and best regards,


Jim Duffy
Managing Editor
Network World

Re: What's the current state of major access networks in North America ipv6 delivery status?

[Antonio Querubin]

On Fri, 28 Jan 2011, Jack Bates wrote:

IPv4, standard termination routers (7206VXR), DHCP, no router CPE required, 
no request limitations. We'll have equivalent in IPv6 with DHCPv6, except we 
route prefixes for routers, but that won't effect the mac tables.


Router 1: 1233
Router 2: 1012
Router 3: 2198

and so on (just random routers). I don't see these numbers as being an issue.


It simply isn't an issue for us here either.  It's not like we're 
immediately trading an ARP table for a ND table that's hundreds of times 
larger than the ARP table.  Customers just don't change things that 
quickly.  And I would think aggregation equipment vendors who have been 
eating their own dog food understand that too.


Antonio Querubin
e-mail/xmpp:  t...@lava.net

RE: What's the current state of major access networks in North America ipv6 delivery status?

[Antonio Querubin]

On Fri, 28 Jan 2011, Lee Howard wrote:


Time Warner Cable turned up its first commercial customer using native IPv6
over our
fiber access product last year, and we expect to begin residential IPv6
trials this spring.
We, along with other MSOs, have been working with CableLabs, NCTA and the
SCTE
in a multi-industry effort to adopt IPv6, and are hopeful that companies in
the CE and
vendor communities begin to offer new equipment and provide firmware
upgrades that
ensure the devices in our customers' homes support IPv6.


When I queried the local TWC reps on behalf of a business client who has 
TWC Business Class service about 2 weeks ago, the response I received was 
"it's not available yet... you need to convert to IPv4..."


Are Business Class customers considered residential or commercial?


Antonio Querubin
e-mail/xmpp:  t...@lava.net

Re: Need provider suggestions - BGP transit over GRE tunnel

[William Herrin]

On Fri, Jan 28, 2011 at 11:10 AM, Robert Johnson
 wrote:
> My organization is planning to become multihomed in the near future.
> Currently we have redundant (router and physical path) links to a
> single AS where we get our transit, and speak BGP to them using a
> private ASN. This configuration has not been meeting our reliability
> requirements, so we will be getting our own ASN from ARIN, and moving
> from PA to PI IP space.
>
> Our new provider will be used for backup purposes only. We would like
> to minimize the monthly cost of this connection; to do this, we are
> planning to use a VZ business FIOS connection with symmetrical
> bandwidth to establish a GRE tunnel to a datacenter somewhere, and
> bring up a BGP session over that tunnel. I'd like to know if there are
> providers that offer such a service on a regular basis, and if so, if
> anyone is doing this and has words of wisdom.

Hi Robert,

I use a similar technique myself and it works reasonably well.
Servint.net was willing to do it for me and he.net gave me a quote as
well. Three pitfalls to watch out for:

1. A small portion of your traffic is going to wander in via the data
center link and down the GRE tunnel during normal operations. You can
tweak the announcement so that it isn't much, but it won't be zero
either.

2. Make sure you originate the network announcement from your physical
location, not from the data center. In other words, no "network
10.2.3.0 mask 255.255.255.0" in the "router bgp" section at the data
center. If the data center becomes disconnected from you, it should
drop the announcement.

3. You'll need a small block (/29) of PA addresses at the data center
to anchor the tunnel.

Regards,
Bill Herrin



-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

Re: Connectivity status for Egypt

[Jeff Johnstone]

On Fri, Jan 28, 2011 at 8:49 AM, Jorge Amodio  wrote:

> Does anybody knows what is the situation with local traffic, are
> people able to communicate within the country, are there any local
> servers/services that are being blocked/etc. ?
>
> -J
>
> According to CBC in Canada this morning...

http://www.cbc.ca/world/story/2011/01/28/egypt-protests.html

Internet, data services cut

Internet and cellphone data service was unavailable throughout the country,
making it impossible for news of the protests to be broadcast via social
networking sites like Facebook and Twitter.

The lack of service made it virtually impossible for Egyptians, who use
mobile phones almost exclusively, to communicate with one another.

Protest organizers had also been using social networking sites like Facebook
and Twitter to spread information about the protests.

In the United States, Mubarak's closest Western ally, the State Department,
said the "events unfolding in Egypt are of deep concern."

"Fundamental rights must be respected, violence avoided and open
communications allowed," State Department spokesman P.J. Crowley said on
Twitter.

According to reports, the government ordered internet service providers to
cut service early Friday morning.

Egypt's four primary internet providers — Link Egypt, Vodafone/Raya, Telecom
Egypt, Etisalat Misr — all stopped moving data in and out of the country at
12:34 a.m., according to a network security firm monitoring the traffic.
(The service provider Noor, which is used by the Egyptian stock exchange,
remained active.)

An estimated one million people were expected to take part in the
demonstrations Friday afternoon, which began following prayers at mosques in
Cairo and elsewhere.


Read more:
http://www.cbc.ca/world/story/2011/01/28/egypt-protests.html#ixzz1CLlbJhdl

cheers
Jeff

Re: Connectivity status for Egypt

[Valdis . Kletnieks]

On Fri, 28 Jan 2011 11:17:58 EST, Christopher Morrow said:
> On Fri, Jan 28, 2011 at 2:44 AM, Jake Khuon  wrote:
> 
> > I guess this begs the question of whether or not we're seeing actual
> > layer1 going down or just the effects of mass BGP withdrawals. Are we
> > seeing lights out on fibre links or just peering sessions going down?

> out of curiousity, what's the difference though between loss of light
> and peer shutdown?

When Jake wrote that at 2:44AM, it was still unclear if it was government
mandate or accidental.  The difference is that if it was government action,
bringing up a peer may get you a bullet, while relighting a cable that suffered
a shark attack is probably safe unless it was a shark with frickin' lasers
mounted on its head - which is plausible, as covert-action sharks have
been alleged in that region before:

http://www.bbc.co.uk/news/world-middle-east-11937285



pgprReB7O0pbr.pgp
Description: PGP signature

Re: Best current looking glass software builds

[Nick Hilliard]

On 28/01/2011 16:49, Mehmet Akcin wrote:

Anyone done a recent scan of newer looking glass software implementations
for apache? We've used cougar's for several years, but have been problems
with its SSH implementation lately.


It works fine with SSHv1, if you have that enabled.  Not so good with sshv2.

Nick

Re: Best current looking glass software builds

[Jack Carrozzo]

If you don't mind mod_perl, the looking glass included with Rancid works OK
with SSH. Don't know what you mean by "newer looking", since there's not
much to the interface - you can just drop your logos and such in there.

-Jack Carrozzo

On Fri, Jan 28, 2011 at 10:36 AM, Peter Kranz  wrote:

> Anyone done a recent scan of newer looking glass software implementations
> for apache? We've used cougar's for several years, but have been problems
> with its SSH implementation lately.
>
>
>
> Peter Kranz
> www.UnwiredLtd.com 
> Desk: 510-868-1614 x100
> Mobile: 510-207-
> pkr...@unwiredltd.com
>
>
>
>

Re: Connectivity status for Egypt

[Jorge Amodio]

Does anybody knows what is the situation with local traffic, are
people able to communicate within the country, are there any local
servers/services that are being blocked/etc. ?

-J

Re: Best current looking glass software builds

[Mehmet Akcin]

rancid's looking glass seems to be working just fine.

mehmet

On Jan 28, 2011, at 11:36 AM, Peter Kranz wrote:

> Anyone done a recent scan of newer looking glass software implementations
> for apache? We've used cougar's for several years, but have been problems
> with its SSH implementation lately.
> 
> 
> 
> Peter Kranz
> www.UnwiredLtd.com  
> Desk: 510-868-1614 x100
> Mobile: 510-207-
> pkr...@unwiredltd.com
> 
> 
> 

Re: Need provider suggestions - BGP transit over GRE tunnel

[Jack Carrozzo]

The general way this works for a small shop is two transits - one cheap
provider who you move most of your bits over, and one more expensive but
reliable link. Prepend / localpref / whathaveyou to your hearts content
until pleased with your bandwidth bill, and when your cheap link toasts
you're all set.

What you're suggesting with the GRE over commodity links would *work*, but:

(a) By the time you convince a network that they should do this for you,
you're likely going to be out as much money as just brining up directly
connected transit and not pushing much traffic at them.

(b) You're using the GRE setup as your backup... over a setup thats about
100x less reliable than your primary link.

-Jack Carrozzo

Re: Connectivity status for Egypt

[Marshall Eubanks]

On Jan 28, 2011, at 11:24 AM, Jared Mauch wrote:

> I have seen nation state disconnects where light is lost.

I believe that was the case for Burma, for example.

Marshall


>  
> 
> Jared Mauch
> 
> On Jan 28, 2011, at 11:17 AM, Christopher Morrow  
> wrote:
> 
>> On Fri, Jan 28, 2011 at 2:44 AM, Jake Khuon  wrote:
>> 
>>> I guess this begs the question of whether or not we're seeing actual
>>> layer1 going down or just the effects of mass BGP withdrawals.  Are we
>>> seeing lights out on fibre links or just peering sessions going down?
>>> Both could still point to a coordinated intentional blackout by the
>>> Egyptian gov't though.
>> 
>> out of curiousity, what's the difference though between loss of light
>> and peer shutdown? If the local gov't comes in and says: "Make the
>> internets go down", you as the op choose how to do that... NOT getting
>> calls from your peer for interface alarms is probably sane. You can
>> simply drop your routes, leave BGP running even and roll ...
>> 
>> If it's clear (and it seems to be) that the issue is a
>> nation-state-decision... implementation (how it's done, no IF it's
>> done) isn't really important, is it?
>> 
>> -chris
>> 
> 
> 

RE: What's the current state of major access networks in North America ipv6 delivery status?

[Lee Howard]

> -Original Message-
> From: Antonio Querubin [mailto:t...@lava.net]
> Sent: Wednesday, January 26, 2011 6:09 PM
> To: Charles N Wyble
> Cc: nanog@nanog.org
> Subject: Re: What's the current state of major access networks in North
America ipv6
> delivery status?
> 
> On Wed, 26 Jan 2011, Charles N Wyble wrote:
> 
> > How about TimeWarnerCable? They don't seem to have any sort of v6
> > offering, on wholesale or retail services.
> 
> TW Cable has no IPv6 offering.

Time Warner Cable turned up its first commercial customer using native IPv6
over our 
fiber access product last year, and we expect to begin residential IPv6
trials this spring.
We, along with other MSOs, have been working with CableLabs, NCTA and the
SCTE 
in a multi-industry effort to adopt IPv6, and are hopeful that companies in
the CE and 
vendor communities begin to offer new equipment and provide firmware
upgrades that 
ensure the devices in our customers' homes support IPv6.

Lee Howard

Re: Connectivity status for Egypt

[Patrick W. Gilmore]

On Jan 28, 2011, at 11:24 AM, Jared Mauch wrote:

> I have seen nation state disconnects where light is lost. 

The question is not whether that would it (it obviously would).  The question 
is whether it is important if the laser stops blinking or just blinks in ways 
that end users can't see all the YouTube, web pages, twitter posts, etc. that 
the gov't doesn't want them to see.

I think it does not matter.  Censorship is censorship.  (So much for "routing 
around it".)

-- 
TTFN,
patrick


> On Jan 28, 2011, at 11:17 AM, Christopher Morrow  
> wrote:
> 
>> On Fri, Jan 28, 2011 at 2:44 AM, Jake Khuon  wrote:
>> 
>>> I guess this begs the question of whether or not we're seeing actual
>>> layer1 going down or just the effects of mass BGP withdrawals.  Are we
>>> seeing lights out on fibre links or just peering sessions going down?
>>> Both could still point to a coordinated intentional blackout by the
>>> Egyptian gov't though.
>> 
>> out of curiousity, what's the difference though between loss of light
>> and peer shutdown? If the local gov't comes in and says: "Make the
>> internets go down", you as the op choose how to do that... NOT getting
>> calls from your peer for interface alarms is probably sane. You can
>> simply drop your routes, leave BGP running even and roll ...
>> 
>> If it's clear (and it seems to be) that the issue is a
>> nation-state-decision... implementation (how it's done, no IF it's
>> done) isn't really important, is it?
>> 
>> -chris
>> 
> 

Re: Connectivity status for Egypt

[Jared Mauch]

I have seen nation state disconnects where light is lost. 

Jared Mauch

On Jan 28, 2011, at 11:17 AM, Christopher Morrow  
wrote:

> On Fri, Jan 28, 2011 at 2:44 AM, Jake Khuon  wrote:
> 
>> I guess this begs the question of whether or not we're seeing actual
>> layer1 going down or just the effects of mass BGP withdrawals.  Are we
>> seeing lights out on fibre links or just peering sessions going down?
>> Both could still point to a coordinated intentional blackout by the
>> Egyptian gov't though.
> 
> out of curiousity, what's the difference though between loss of light
> and peer shutdown? If the local gov't comes in and says: "Make the
> internets go down", you as the op choose how to do that... NOT getting
> calls from your peer for interface alarms is probably sane. You can
> simply drop your routes, leave BGP running even and roll ...
> 
> If it's clear (and it seems to be) that the issue is a
> nation-state-decision... implementation (how it's done, no IF it's
> done) isn't really important, is it?
> 
> -chris
> 

Re: Connectivity status for Egypt

[Christopher Morrow]

On Fri, Jan 28, 2011 at 2:44 AM, Jake Khuon  wrote:

> I guess this begs the question of whether or not we're seeing actual
> layer1 going down or just the effects of mass BGP withdrawals.  Are we
> seeing lights out on fibre links or just peering sessions going down?
> Both could still point to a coordinated intentional blackout by the
> Egyptian gov't though.

out of curiousity, what's the difference though between loss of light
and peer shutdown? If the local gov't comes in and says: "Make the
internets go down", you as the op choose how to do that... NOT getting
calls from your peer for interface alarms is probably sane. You can
simply drop your routes, leave BGP running even and roll ...

If it's clear (and it seems to be) that the issue is a
nation-state-decision... implementation (how it's done, no IF it's
done) isn't really important, is it?

-chris

Need provider suggestions - BGP transit over GRE tunnel

[Robert Johnson]

My organization is planning to become multihomed in the near future.
Currently we have redundant (router and physical path) links to a
single AS where we get our transit, and speak BGP to them using a
private ASN. This configuration has not been meeting our reliability
requirements, so we will be getting our own ASN from ARIN, and moving
from PA to PI IP space.

Our new provider will be used for backup purposes only. We would like
to minimize the monthly cost of this connection; to do this, we are
planning to use a VZ business FIOS connection with symmetrical
bandwidth to establish a GRE tunnel to a datacenter somewhere, and
bring up a BGP session over that tunnel. I'd like to know if there are
providers that offer such a service on a regular basis, and if so, if
anyone is doing this and has words of wisdom.

Thanks in advance.

Re: What's the current state of major access networks in North America ipv6 delivery status?

[Jack Bates]

On 1/28/2011 5:34 AM, Mikael Abrahamsson wrote:


If you want to buy some equipment that can handle hundreds of thousands
of ND:s instead of one that might handle thousands, you're free to do
so. Also your L2 transport need to scale as well, including needing to
handle tens of MAC addresses per customer (I live in a household of 2
adults, we have approximately 10-15 devices that talk IP, and this is
not becoming fewer over time).

It's your money (or your employers).



IPv4, standard termination routers (7206VXR), DHCP, no router CPE 
required, no request limitations. We'll have equivalent in IPv6 with 
DHCPv6, except we route prefixes for routers, but that won't effect the 
mac tables.


Router 1: 1233
Router 2: 1012
Router 3: 2198

and so on (just random routers). I don't see these numbers as being an 
issue. The router choice of the ISP is often a factor of number of 
customers, throughput, and desired feature sets/flexibility; which is 
why we run multiple processor based routers. I can handle more customers 
on a hardware based platform, but I also get much better support for the 
100s of thousands of ND/ARP tables and run the risk of hardware not 
supporting a feature I need.


Customers are often likely to get a router for their location, 
especially if you aren't providing wireless in the stock CPE; though I 
do have a few regions which issue stock CPE with wireless, fully bridged 
(no routing). Customer's choice.



Jack

Re: Connectivity status for Egypt

[Marshall Eubanks]

On Jan 28, 2011, at 10:25 AM, Patrick W. Gilmore wrote:

> On Jan 28, 2011, at 10:23 AM, Patrik Wallström wrote:
>> On Jan 28, 2011, at 4:15 PM, Marshall Eubanks wrote:
>> 
>>> Al Arabiya is reporting (via twitter) that the Internet has been shut of in 
>>> Syria (where I have not heard of reports of protests).
>>> 
>>> I have no confirmation of this as yet.
>> 
>> I have seen no evidence if this. Can still reach services within the country.
> 
> Definitely not shut down.

Thanks

Marshall

> 
> -- 
> TTFN,
> patrick
> 
> 
> 

Re: Connectivity status for Egypt

[Patrick W. Gilmore]

On Jan 28, 2011, at 10:23 AM, Patrik Wallström wrote:
> On Jan 28, 2011, at 4:15 PM, Marshall Eubanks wrote:
> 
>> Al Arabiya is reporting (via twitter) that the Internet has been shut of in 
>> Syria (where I have not heard of reports of protests).
>> 
>> I have no confirmation of this as yet.
> 
> I have seen no evidence if this. Can still reach services within the country.

Definitely not shut down.

-- 
TTFN,
patrick

Re: Connectivity status for Egypt

[Nick Hilliard]

On 28/01/2011 15:15, Marshall Eubanks wrote:

Al Arabiya is reporting (via twitter) that the Internet has been shut of
in Syria (where I have not heard of reports of protests).

I have no confirmation of this as yet.


AS29386 (Syrian Telecommunication Establishment) appears to be up at this 
time, as are all nameservers for the .sy TLD.


Nick

Re: Connectivity status for Egypt

[Patrik Wallström]

On Jan 28, 2011, at 4:15 PM, Marshall Eubanks wrote:

> Al Arabiya is reporting (via twitter) that the Internet has been shut of in 
> Syria (where I have not heard of reports of protests).
> 
> I have no confirmation of this as yet.

I have seen no evidence if this. Can still reach services within the country.

Re: Connectivity status for Egypt

[Marshall Eubanks]

Al Arabiya is reporting (via twitter) that the Internet has been shut of in 
Syria (where I have not heard of reports of protests).

I have no confirmation of this as yet.

Regards
Marshall


On Jan 27, 2011, at 9:47 PM, Danny O'Brien wrote:

> On Thu, Jan 27, 2011 at 6:07 PM, Roy  wrote:
> 
>> On 1/27/2011 3:47 PM, Danny O'Brien wrote:
>> 
>>> Around 2236 UCT, we lost all Internet connectivity with our contacts in
>>> Egypt, and I'm hearing reports of (in declining order of confirmability):
>>> 
>>> 1) Internet connectivity loss on major (broadband) ISPs
>>> 2) No SMS
>>> 4) Intermittent connectivity with smaller (dialup?) ISPs
>>> 5) No mobile service in major cities -- Cairo, Alexandria
>>> 
>>> The working assumption here is that the Egyptian government has made the
>>> decision to shut down all external, and perhaps internal electronic
>>> communication as a reaction to the ongoing protests in that country.
>>> 
>>> If anyone can provide more details as to what they're seeing, the extent,
>>> plus times and dates, it would be very useful. In moments like this there
>>> are often many unconfirmed rumors: I'm seeking concrete reliable
>>> confirmation which I can pass onto the press and those working to bring
>>> some
>>> communications back up (if you have a ham radio license, there is some
>>> very
>>> early work to provide emergency connectivity. Info at:
>>> http://pastebin.com/fHHBqZ7Q )
>>> 
>>> Thank you,
>>> 
>>> I suggest that you confine your information to the press on what you know
>> rather than speculation on the cause.
>> 
>> "Never attribute to malice that which can be adequately explained by
>> stupidity, but don't rule out malice"
>> 
>> https://secure.wikimedia.org/wikipedia/en/wiki/Hanlon%27s_razor
>> 
>> 
> That is indeed one of the reasons why I'm seeking corroboration of the
> pattern of behaviour; at least to isolate and eliminate any alternative
> explanations. It would certainly be of operational interest (and certainly
> not unknown in the annals of historical "stupidity") if, say, a single
> fiber-cut or network upgrade was disrupting all of these different forms of
> communication simultaneously.  On the other hand, there's only a finite
> number of imaginary backhoes you can conjure up before other explanations
> begin to trump Hanlon's razor.
> 
> Right now, I think that http://bgpmon.net/blog/?p=450 explains (or at least
> illustrates) why we were getting reports of widespread but not universal
> Internet interruption. See also
> http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml .
> 
> I don't have a good explanation for the SMS problems, but lots of
> independent reports; I've yet to have any real confirmation of no mobile
> service, and lots of denials, so right now I'm going to assume that's
> untrue.
> 
> If anyone can get explanations from their peers in the region, please pass
> them on (however incomplete or informal -- mail me directly if you'd rather
> not contribute to rumors or non-operational NANOG discussions).
> 
> It's late at night in Egypt, and the biggest protests are planned for
> tomorrow. A great deal of life-critical systems will be under a great deal
> of stress during that time, and the interruptions in network connectivity
> would be extremely worrying.
> 
> Thanks for checking this out,
> 
> d.
> 

Re: What's the current state of major access networks in North America ipv6 delivery status?

[Jack Bates]

On 1/28/2011 12:41 AM, Mikael Abrahamsson wrote:

It's much cleaner to require a CPE at he customer prem, run LL only
between CPE and PE, DHCPv6-PD a /56 or larger, and now you're done with
it. No need to keep state for customer home devices, you just have to
handle the CPE.


Except now you require a user to have a routed CPE. I'm up for classic 
stateful DHCPv6 IA_TA addressing + DHCPv6-PD. Best of both worlds, and 
in a proper setup, any address not assigned is null routed.



Jack

Re: [arin-announce] ARIN Resource Certification Update

[Samuel Weiler]

[moderation seems slow; resending from subscribed address instead]

On Mon, 24 Jan 2011, Danny McPherson wrote:


I suspect I've sufficiently chummed the waters, I'll kick back and absorb
all the reasons this is a whack idea :)


Short summary: it's not entirely whack, but no one has yet put forward a 
working data model.  The scheme in Bill Manning's INET'98 paper might have 
worked for classFUL addresses, but not CIDR.  I think there may have been 
similar problems with Lutz Donnerhacke and Wouter Wijngaards' scheme(s) from 
2008.


Joe Abley's problem statement on this list gets to one of the issues. Your 
answer to him of "New prefix-based RRs?  And perhaps even a new .arpa or 
in-addr.arpa subdomain" is a bit short on details.  I challenge you to work out 
the details.  Once we have something concrete, then we can pick apart why it 
won't work, tweak, and repeat.


-- Sam

Egypt Telecom AS isolation

[exploit dev]

Hi to all,

I try with BGPlay to show something related to BGP Traffic for some prefix
of as8452. If you are interested check:
http://extraexploit.blogspot.com/2011/01/egypt-telecom-as-isolation-bgplay-show.html



-- 
http://extraexploit.blogspot.com

.com DNSSEC operational message

[Matt Larson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Over the next several weeks, Verisign will deploy DNSSEC in the .com
zone.  This message contains operational information related to the
deployment that might be of interest to the Internet operational
community.

The .com DNSSEC deployment consists of the following major milestones:

February 26, 2011: The .com registry system will allow
ICANN-accredited registrars to submit DS records for domains under
.com.  These DS records will not be published in the .com zone until
the .com zone is actually signed.

February 28, 2011: A deliberately unvalidatable .com zone will be
published.  Any DS records for .com that have been submitted by
registrars will be published in the deliberately unvalidatable zone.

March 31, 2011: The .com key material will have been unobscured over
the course of the preceding several days and the .com zone will now be
usable for DNSSEC validation.  DS records for .com should appear in
the root zone on this day.


If you have any questions or comments, please send email to
i...@verisign-grs.com or reply to this message.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (Darwin)

iQEVAwUBTULLoNdGiUJktOYBAQLgewgAkGWNabyhkidMp5Y/58yDl90td1PFd7X7
Q3rQNAeWOrbJFrMuLoBbmKpfk68c4MjIYzCTKwdER84Jj4MRxbNiDgsMpk3+Br5R
qM3NdskB9AwZ90foPU4MPDw8IvBK7SsOHltsf5eyLGbKkoNPBzcDiK3woSTX2XbR
xTwOlAHTMdF1IP5o3ytca3a4BwqeRmrErAJGDVlWvbK3KPeV9iDWa+jCkoFTcDD8
6p3syOjimnaJnagRPnm5HodeNb9gH2SVZqKHczKBsapxL5wga2MIAowdmBwzL1Wi
DuUzTg5eWx7tG0F112lAyHDCFhil7KLHllree/dqXyyic7paV0e1uA==
=bGtT
-END PGP SIGNATURE-

Re: Connectivity status for Egypt

[Marshall Eubanks]

On Jan 28, 2011, at 3:29 AM, Carlos Alcantar wrote:

> Looks like you can still make phone calls into Egypt.  So it's not totally 
> lights out...
> 

Mobile is apparently being shut down now :

http://www.vodafone.com/content/index/press.html

Statement - Vodafone Egypt
All mobile operators in Egypt have been instructed to suspend services in 
selected areas. Under Egyptian legislation the authorities have the right to 
issue such an order and we are obliged to comply with it. The Egyptian 
authorities will be clarifying the situation in due course . 

-

I think that clarifications are unnecessary in this case. 

Regards
Marshall


> 
> Carlos Alcantar
> Race Communications / Race Team Member 
> 101 Haskins Way, So. San Francisco, CA. 94080
> Phone: +1 415 376 3314  Fax:  +1 650 246 8901 / carlos *at* race.com / 
> www.race.com
> 
> 
> 
> -Original Message-
> From: Paul Ferguson [mailto:fergdawgs...@gmail.com] 
> Sent: Thursday, January 27, 2011 11:46 PM
> To: Joel Jaeggli
> Cc: nanog@nanog.org
> Subject: Re: Connectivity status for Egypt
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Thu, Jan 27, 2011 at 11:39 PM, Joel Jaeggli  wrote:
> 
>> On 1/27/11 10:49 PM, Roy wrote:
>>> Moral of the story: Separate facts from assumptions and guesses.  I 
>>> did some Google searches and that region has had large scale 
>>> disruptions in the past.  Several cables follow the same path to the 
>>> Suez canal and were hit.
>> 
>> my links through the region are all fine, but they don't jump off the 
>> cable in egypt just pass through.
>> 
>>> https://secure.wikimedia.org/wikipedia/en/wiki/2008_submarine_cable_d
>>> isr
>>> uption
>>> 
> 
> To my knowledge, no one has reported any cable problems in Norther Africa
> - -- and news of those problems generally travels very fast.  :-)
> 
> Also, if there *was* a cable problem on one of the paths through the 
> vicinity, it affect more than just Egypt:
> 
> https://secure.wikimedia.org/wikipedia/en/wiki/File:Cable_map18.svg
> 
> I don't think it takes a leap of imagination to understand what has happened 
> here.
> 
> - - ferg
> 
> -BEGIN PGP SIGNATURE-
> Version: PGP Desktop 9.5.3 (Build 5003)
> 
> wj8DBQFNQnQ0q1pz9mNUZTMRAoFQAKCE8P0wINouFWUvW9GFn7FR6XVmOwCdGV/i
> VzTaxnJQOPVqyY2bP8ZraDA=
> =daOC
> -END PGP SIGNATURE-
> 
> 
> 
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawgster(at)gmail.com
>  ferg's tech blog: http://fergdawg.blogspot.com/
> 
> 
> 
> 

Re: Connectivity status for Egypt

[Mirjam Kuehne]

Hi,

We did some analysis of the situation in Egypt using the RIPEstat 
toolbox (please note, this is a prototype and we're not sure how it will 
handle a big load):


http://labs.ripe.net/Members/akvadrako/live_eqyptian_internet_incident_analysis

Mirjam Kuehne
RIPE NCC


Carlos Alcantar wrote:

Looks like you can still make phone calls into Egypt.  So it's not totally 
lights out...


Carlos Alcantar
Race Communications / Race Team Member 
101 Haskins Way, So. San Francisco, CA. 94080

Phone: +1 415 376 3314  Fax:  +1 650 246 8901 / carlos *at* race.com / 
www.race.com



-Original Message-
From: Paul Ferguson [mailto:fergdawgs...@gmail.com] 
Sent: Thursday, January 27, 2011 11:46 PM

To: Joel Jaeggli
Cc: nanog@nanog.org
Subject: Re: Connectivity status for Egypt

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Jan 27, 2011 at 11:39 PM, Joel Jaeggli  wrote:


On 1/27/11 10:49 PM, Roy wrote:
Moral of the story: Separate facts from assumptions and guesses.  I 
did some Google searches and that region has had large scale 
disruptions in the past.  Several cables follow the same path to the 
Suez canal and were hit.
my links through the region are all fine, but they don't jump off the 
cable in egypt just pass through.



https://secure.wikimedia.org/wikipedia/en/wiki/2008_submarine_cable_d
isr
uption



To my knowledge, no one has reported any cable problems in Norther Africa
- -- and news of those problems generally travels very fast.  :-)

Also, if there *was* a cable problem on one of the paths through the vicinity, 
it affect more than just Egypt:

https://secure.wikimedia.org/wikipedia/en/wiki/File:Cable_map18.svg

I don't think it takes a leap of imagination to understand what has happened 
here.

- - ferg

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFNQnQ0q1pz9mNUZTMRAoFQAKCE8P0wINouFWUvW9GFn7FR6XVmOwCdGV/i
VzTaxnJQOPVqyY2bP8ZraDA=
=daOC
-END PGP SIGNATURE-



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/

Re: What's the current state of major access networks in North America ipv6 delivery status?

[Mikael Abrahamsson]

On Thu, 27 Jan 2011, Antonio Querubin wrote:

I wonder how many ISPs actually have so many IPv6 customers that they 
actually have these problems.  Or is this mainly a limitation with a 
particular vendor's equipment?


If you want to buy some equipment that can handle hundreds of thousands of 
ND:s instead of one that might handle thousands, you're free to do so. 
Also your L2 transport need to scale as well, including needing to handle 
tens of MAC addresses per customer (I live in a household of 2 adults, we 
have approximately 10-15 devices that talk IP, and this is not becoming 
fewer over time).


It's your money (or your employers).

--
Mikael Abrahamssonemail: swm...@swm.pp.se

Re: PPPOE vs DHCP - RIPE Database

[Marco Hogewoning]

On Jan 27, 2011, at 8:03 PM, Peter Dambier wrote:

> Hi,
> 
> I have not seen this in the discussion yet.
> 
> http://labs.ripe.net/Members/mirjam/ipv6-cpe-survey-updated-january-2011
> 
> CPE support does not seem to be very broad yet.
> As far as I can see there is almost PPPoE only for IPv6 in Europe.

As long as there is an ADSL interface they usually support both, goes for major 
vendors as well as some smaller ones.

> In Germany cable is a mess by regulation. So no cable/dhcp.
> 
> There used to be a DTAG monopoly with aDSL only and PPPoE only.
> Most ISPs still rely on the DTAG infrastructure. That is why
> very PPPoE biased.
> 
> There is a high concentration of AVM in the CPE with Infineon
> chipsets in both DSLAM and DSL-Modem / Router

Part of the DTAG modems seem to be 7570 based and for what I have been told by 
German friends these can be flashed to the standard production releases. Not of 
much use for native, but you will get tunnel support in the box.

Marco

Re: Another v6 question

[Mark Andrews]

In message , Per 
Carlson writes:
> Hi Owen.
> 
> > The downside is that it doesn't provide enough bits for certain kinds of =
> auto-topology
> > management that are being considered by CE vendors. I highly recommend /4=
> 8 instead.
> 
> I've seen this claim (you need a /48) from your side several times,
> but never seen any explanation why a /56 won't work.
> 
> Is there any requirement that sub-delegations must happen on 8-bit
> boundaries? AFAICS there is at least nothing in the RFC. Wouldn't for
> example a nibble boundary work equally well (splitting a /56 into 16
> /60s, each containing 16 /64s)?
> 
> I don't challenge the claim, I'm just trying to understand the
> rationale behind it.

There is a model where the down stream CPE devices always request
powers of two prefixes.  It doesn't take many CPE devices daisy
chained to exhaust 8 bits.

The other model is to just request as many /64 as needed using
multiple requests with different identifiers.  You can daisy chain
out past the limits of IPv6 to route packets with that model.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: ARIN IRR Authentication (was: Re: AltDB?)

[John Curran]

On Jan 28, 2011, at 4:09 AM, Randy Bush wrote:

>> Based on the ARIN's IRR authentication thread a couple of weeks ago, there
>> were suggestions placed into ARIN's ACSP process for changes to ARIN's IRR 
>> system. ARIN has looked at the integration issues involved and has scheduled 
>> an upgrade to the IRR system that will accept PGP and CRYPT-PW 
>> authentication 
>> as well as implementing notification support for both the mnt-nfy and notify 
>> fields by the end of August 2011.
> 
> way cool!  thank you.

No problem at all (and my apologies for 
not noticing this state of affairs sooner)

/John

Re: Another v6 question

[Per Carlson]

Hi Owen.

> The downside is that it doesn't provide enough bits for certain kinds of 
> auto-topology
> management that are being considered by CE vendors. I highly recommend /48 
> instead.

I've seen this claim (you need a /48) from your side several times,
but never seen any explanation why a /56 won't work.

Is there any requirement that sub-delegations must happen on 8-bit
boundaries? AFAICS there is at least nothing in the RFC. Wouldn't for
example a nibble boundary work equally well (splitting a /56 into 16
/60s, each containing 16 /64s)?

I don't challenge the claim, I'm just trying to understand the
rationale behind it.

-- 
Pelle

RFC1925, truth 11:
 Every old idea will be proposed again with a different name and
 a different presentation, regardless of whether it works.

Re: ARIN IRR Authentication (was: Re: AltDB?)

[Randy Bush]

> Based on the ARIN's IRR authentication thread a couple of weeks ago, there
> were suggestions placed into ARIN's ACSP process for changes to ARIN's IRR 
> system. ARIN has looked at the integration issues involved and has scheduled 
> an upgrade to the IRR system that will accept PGP and CRYPT-PW authentication 
> as well as implementing notification support for both the mnt-nfy and notify 
> fields by the end of August 2011.

way cool!  thank you.

randy

Re: What's the current state of major access networks in North America ipv6 delivery status?

[Antonio Querubin]

On Fri, 28 Jan 2011, Mikael Abrahamsson wrote:

You do NOT want to keep state for all the devices in the customer residence. 
Your ND table will be enormous.


We already have problems with ARP on our larger residential aggregation 
routers, I don't even want to think about what it'd look like with 10+ 
devices in peoples homes in those /64:s, each perhaps using multiple IPs. 
Your ND traffic will be enormous.


I wonder how many ISPs actually have so many IPv6 customers that they 
actually have these problems.  Or is this mainly a limitation with a 
particular vendor's equipment?


Antonio Querubin
e-mail/xmpp:  t...@lava.net

Re: test-ipv6.com

[Mark Andrews]

In message <4d4280da.8090...@steadfast.net>, Kevin Stange writes:
> On 01/27/2011 06:16 PM, Mark Andrews wrote:
> > In message , Jason F=
> esler wr
> > ites:
> >> Several people have suggested I (re)post information about test-ipv6.c=
> om=20
> >> here.
> >>
> >> http://test-ipv6.com  ..
> >>tests ipv4 and ipv6 by dns name
> >>tests dual stack (will the client break on World IPv6 Day?)
> >>tests ipv6 by IP literal (teredo can pass this)
> >>gives advice to end user about current status and (depending on
> >>  circumstances) more information
> >>"broken" users (can't connect to dual stack) are solicited for info=
> 
> >>Caution: does depend on javascript.
> >>
> >> http://test-ipv6.com/simple_test.html
> >>Eyeball test only for user, with instructions; no javascript requir=
> ed.
> >>
> >> Please direct any comments, flames, etc directly to me instead of the =
> 
> >> list.  I've added enough noise already  :-)
> >=20
> > Note you can have totally broken IPv6 connectivity and still be
> > fine on World IPv6 day.  You just need applications with good
> > multi-homing support.  No web site can check this for you.
> 
> However, by coincidence, this week I happened to be playing with the
> site and it revealed to me a particular use case of my DNS resolvers
> that was broken and gave me a chance to fix it.
> 
> I don't think there's any harm in some baseline sanity checking.

No harm at all.
 
> --=20
> Kevin Stange
> Chief Technology Officer
> Steadfast Networks
> http://steadfast.net
> 
> Phone: 312-602-2689 x203
> Fax:   312-602-2688
> Cell:  312-320-5867
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: test-ipv6.com

[Kevin Stange]

On 01/27/2011 06:16 PM, Mark Andrews wrote:
> In message , Jason Fesler 
> wr
> ites:
>> Several people have suggested I (re)post information about test-ipv6.com 
>> here.
>>
>> http://test-ipv6.com  ..
>>tests ipv4 and ipv6 by dns name
>>tests dual stack (will the client break on World IPv6 Day?)
>>tests ipv6 by IP literal (teredo can pass this)
>>gives advice to end user about current status and (depending on
>>  circumstances) more information
>>"broken" users (can't connect to dual stack) are solicited for info
>>Caution: does depend on javascript.
>>
>> http://test-ipv6.com/simple_test.html
>>Eyeball test only for user, with instructions; no javascript required.
>>
>> Please direct any comments, flames, etc directly to me instead of the 
>> list.  I've added enough noise already  :-)
> 
> Note you can have totally broken IPv6 connectivity and still be
> fine on World IPv6 day.  You just need applications with good
> multi-homing support.  No web site can check this for you.

However, by coincidence, this week I happened to be playing with the
site and it revealed to me a particular use case of my DNS resolvers
that was broken and gave me a chance to fix it.

I don't think there's any harm in some baseline sanity checking.

-- 
Kevin Stange
Chief Technology Officer
Steadfast Networks
http://steadfast.net

Phone: 312-602-2689 x203
Fax:   312-602-2688
Cell:  312-320-5867



signature.asc
Description: OpenPGP digital signature

RE: Connectivity status for Egypt

[Carlos Alcantar]

Looks like you can still make phone calls into Egypt.  So it's not totally 
lights out...


Carlos Alcantar
Race Communications / Race Team Member 
101 Haskins Way, So. San Francisco, CA. 94080
Phone: +1 415 376 3314  Fax:  +1 650 246 8901 / carlos *at* race.com / 
www.race.com



-Original Message-
From: Paul Ferguson [mailto:fergdawgs...@gmail.com] 
Sent: Thursday, January 27, 2011 11:46 PM
To: Joel Jaeggli
Cc: nanog@nanog.org
Subject: Re: Connectivity status for Egypt

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Jan 27, 2011 at 11:39 PM, Joel Jaeggli  wrote:

> On 1/27/11 10:49 PM, Roy wrote:
>> Moral of the story: Separate facts from assumptions and guesses.  I 
>> did some Google searches and that region has had large scale 
>> disruptions in the past.  Several cables follow the same path to the 
>> Suez canal and were hit.
>
> my links through the region are all fine, but they don't jump off the 
> cable in egypt just pass through.
>
>> https://secure.wikimedia.org/wikipedia/en/wiki/2008_submarine_cable_d
>> isr
>> uption
>>

To my knowledge, no one has reported any cable problems in Norther Africa
- -- and news of those problems generally travels very fast.  :-)

Also, if there *was* a cable problem on one of the paths through the vicinity, 
it affect more than just Egypt:

https://secure.wikimedia.org/wikipedia/en/wiki/File:Cable_map18.svg

I don't think it takes a leap of imagination to understand what has happened 
here.

- - ferg

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFNQnQ0q1pz9mNUZTMRAoFQAKCE8P0wINouFWUvW9GFn7FR6XVmOwCdGV/i
VzTaxnJQOPVqyY2bP8ZraDA=
=daOC
-END PGP SIGNATURE-



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/