Re: ARIN down?

[Mel Beckman]

Since they’re hosted at NTT, that you can reach it from their seems reasonable. 
But I’ve just tried again from my Level 3 rack in the Santa Barbara hub, and no 
access. So it’s intermittent at best. 

Hopefully they’ll get clear soon. We had a turn-up today that got waylaid by 
the outage.

 -mel

> On Mar 25, 2016, at 10:30 PM, Bill Woodcock  wrote:
> 
> 
>> On Mar 25, 2016, at 10:26 PM, Mel Beckman  wrote:
>> I’ve tried accessing the web site from nine different networks: Cox, 
>> Comcast, Level3, Verizon, AT, CenturyLink, Frontier, Sprint and Cogent. 
>> None of them can reach it.
> 
> I can reach it just fine via Level3 and NTT right now.
> 
>-Bill
> 
> 
> 
> 

Re: ARIN down?

[Bill Woodcock]

> On Mar 25, 2016, at 10:26 PM, Mel Beckman  wrote:
> I’ve tried accessing the web site from nine different networks: Cox, Comcast, 
> Level3, Verizon, AT, CenturyLink, Frontier, Sprint and Cogent. None of them 
> can reach it.

I can reach it just fine via Level3 and NTT right now.

-Bill






signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: ARIN down?

[Mel Beckman]

William,

How did you determine that ARIN is accessible for “most of the rest of the 
Internet”?

I’ve tried accessing the web site from nine different networks: Cox, Comcast, 
Level3, Verizon, AT, CenturyLink, Frontier, Sprint and Cogent. None of them 
can reach it. I’ve used non-firewalled network monitors, as well as NAT’d 
devices. The DDoS attack seems to be blocking access from a large subset of 
U.S. ISPs. I am an ISP and we follow standard anti-IP spoofing practices, so at 
least my networks aren’t DDOS spoof sources.

 -mel

> On Mar 25, 2016, at 10:09 PM, William Herrin  wrote:
> 
> On Sat, Mar 26, 2016 at 12:51 AM, Mel Beckman  wrote:
>> You’d think with all the money they collect, they’d have permanent DDOS 
>> mitigation in place. Time for them to call BlackLotus :)
> 
> Hi Mel,
> 
> They do. www.arin.net is accessible for me and most of the rest of the
> Internet. Your traceroute didn't work because the UDP to random ports
> that traceroute generates is likely among the packets the DDOS
> mitigator filters out.
> 
> If you can't get to the web page with a browser, some things to consider:
> 
> 1. Are you behind a NAT with anybody else? Anybody who might, say, be
> unknowingly participating in a botnet?
> 
> 2. How good a job does your ISP do scrubbing spoofed source addresses
> originated by its clients?
> 
> Regards,
> Bill Herrin
> 
> -- 
> William Herrin  her...@dirtside.com  b...@herrin.us
> Owner, Dirtside Systems . Web: 




> On Mar 25, 2016, at 10:08 PM, Mel Beckman  wrote:
> 
> I’m sure we all sympathize with the workload a DDOS attack imposes, as most 
> of us have been there. But I can’t understand why there is so little 
> broadcast communication of the attack through multiple channels. 
> lists.arin.net is rather esoteric. Facebook and 
> Twitter are obvious alternative channels that are hard to attack, yet both 
> are silent on the subject:
> 
> https://www.facebook.com/TeamARIN/
> https://twitter.com/teamarin
> 
> Google shows only four hits for “arin dos attack march 25 2016”, and those 
> are only fragments of the lists.arin.net announcement, 
> all of which dead end at arin.net right now.
> 
> It’s creepy that a major chunk of Internet infrastructure can be down for so 
> long with so little public notice.
> 
> -mel
> 
> On Mar 25, 2016, at 9:57 PM, Bill Woodcock 
> > wrote:
> 
> 
> On Mar 25, 2016, at 9:43 PM, Mel Beckman 
> > wrote:
> 
> I haven’t been able to connect to http://arin.net for several hours
> I recall ARIN had a DDoS attack a week or so ago. Does anybody know if this 
> is a recurrence?
> 
> Yes, it is.  I attach Mark’s notice about it from this afternoon.
> 
>   -Bill
> 
> 
> 
> Begin forwarded message:
> 
> From: ARIN >
> Subject: [arin-announce] ARIN DDoS Attack
> Date: March 25, 2016 at 1:31:34 PM PDT
> To: arin-annou...@arin.net
> 
> Starting at 3:55 PM EDT on Friday, 25 March, a DDoS attack began against 
> ARIN. This was and continues to be a sustained attack against our 
> provisioning services, email, and website. We initiated our DDoS mitigation 
> plan and are in the process of mitigating various types of attack traffic 
> patterns. All our other public-facing services (Whois, Whois-RWS, RDAP, DNS, 
> IRR, and RPKI repository services) are not affected by this attack and are 
> operating normally.
> 
> We will announce an all clear 24 hours after the attacks have stopped.
> 
> Regards,
> 
> Mark Kosters
> Chief Technology Officer
> American Registry for Internet Numbers (ARIN)
> 

Re: ARIN down?

[William Herrin]

On Sat, Mar 26, 2016 at 1:08 AM, Mel Beckman  wrote:
> I’m sure we all sympathize with the workload a DDOS attack imposes,
> as most of us have been there. But I can’t understand why there is so
> little broadcast communication of the attack through multiple channels.

http://www.downforeveryoneorjustme.com/www.arin.net



-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Owner, Dirtside Systems . Web: 

Re: ARIN down?

[Bill Woodcock]

> On Mar 25, 2016, at 9:51 PM, Mel Beckman  wrote:
> 
> You’d think with all the money they collect, they’d have permanent DDOS 
> mitigation in place.

They do, and they’re using it.

-Bill






signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: ARIN down?

[William Herrin]

On Sat, Mar 26, 2016 at 12:51 AM, Mel Beckman  wrote:
> You’d think with all the money they collect, they’d have permanent DDOS 
> mitigation in place. Time for them to call BlackLotus :)

Hi Mel,

They do. www.arin.net is accessible for me and most of the rest of the
Internet. Your traceroute didn't work because the UDP to random ports
that traceroute generates is likely among the packets the DDOS
mitigator filters out.

If you can't get to the web page with a browser, some things to consider:

1. Are you behind a NAT with anybody else? Anybody who might, say, be
unknowingly participating in a botnet?

2. How good a job does your ISP do scrubbing spoofed source addresses
originated by its clients?

Regards,
Bill Herrin

-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Owner, Dirtside Systems . Web: 

Re: ARIN down?

[Mel Beckman]

I’m sure we all sympathize with the workload a DDOS attack imposes, as most of 
us have been there. But I can’t understand why there is so little broadcast 
communication of the attack through multiple channels. 
lists.arin.net is rather esoteric. Facebook and Twitter 
are obvious alternative channels that are hard to attack, yet both are silent 
on the subject:

https://www.facebook.com/TeamARIN/
https://twitter.com/teamarin

Google shows only four hits for “arin dos attack march 25 2016”, and those are 
only fragments of the lists.arin.net announcement, all 
of which dead end at arin.net right now.

It’s creepy that a major chunk of Internet infrastructure can be down for so 
long with so little public notice.

 -mel

On Mar 25, 2016, at 9:57 PM, Bill Woodcock 
> wrote:


On Mar 25, 2016, at 9:43 PM, Mel Beckman 
> wrote:

I haven’t been able to connect to http://arin.net for several hours
I recall ARIN had a DDoS attack a week or so ago. Does anybody know if this is 
a recurrence?

Yes, it is.  I attach Mark’s notice about it from this afternoon.

   -Bill



Begin forwarded message:

From: ARIN >
Subject: [arin-announce] ARIN DDoS Attack
Date: March 25, 2016 at 1:31:34 PM PDT
To: arin-annou...@arin.net

Starting at 3:55 PM EDT on Friday, 25 March, a DDoS attack began against ARIN. 
This was and continues to be a sustained attack against our provisioning 
services, email, and website. We initiated our DDoS mitigation plan and are in 
the process of mitigating various types of attack traffic patterns. All our 
other public-facing services (Whois, Whois-RWS, RDAP, DNS, IRR, and RPKI 
repository services) are not affected by this attack and are operating normally.

We will announce an all clear 24 hours after the attacks have stopped.

Regards,

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)

Re: ARIN down?

[Mel Beckman]

Yeah, lists.arin.net is down too, despite being hosted 
elsewhere. The netvermin apparently are being thorough. Still, there are many 
ways to broadly distribute static content like mailing lists.

 -mel

On Mar 25, 2016, at 9:51 PM, Daniel Corbe 
> wrote:


On Mar 26, 2016, at 12:43 AM, Mel Beckman 
> wrote:

I haven’t been able to connect to http://arin.net for several hours, but was 
able to open a ticket this morning. I’ve tried from several different networks, 
all roads seem to lead to the same place, with packets dropping at the NTT 
interface 129.250.196.154. e.g.:

...

I recall ARIN had a DDoS attack a week or so ago. Does anybody know if this is 
a recurrence?

-mel

An announcement went out on arin-announce yesterday (but you might not be able 
to follow the link if you can’t reach list.arin.net):

http://lists.arin.net/pipermail/arin-announce/2016-March/001963.html

tl;dr: Massive DDoS.  Usual affair.  Welcome to the Internet.

Re: ARIN down?

[Bill Woodcock]

> On Mar 25, 2016, at 9:43 PM, Mel Beckman  wrote:
> 
> I haven’t been able to connect to http://arin.net for several hours
> I recall ARIN had a DDoS attack a week or so ago. Does anybody know if this 
> is a recurrence?

Yes, it is.  I attach Mark’s notice about it from this afternoon.

-Bill



> Begin forwarded message:
> 
> From: ARIN 
> Subject: [arin-announce] ARIN DDoS Attack
> Date: March 25, 2016 at 1:31:34 PM PDT
> To: arin-annou...@arin.net
> 
> Starting at 3:55 PM EDT on Friday, 25 March, a DDoS attack began against 
> ARIN. This was and continues to be a sustained attack against our 
> provisioning services, email, and website. We initiated our DDoS mitigation 
> plan and are in the process of mitigating various types of attack traffic 
> patterns. All our other public-facing services (Whois, Whois-RWS, RDAP, DNS, 
> IRR, and RPKI repository services) are not affected by this attack and are 
> operating normally.
> 
> We will announce an all clear 24 hours after the attacks have stopped.
> 
> Regards,
> 
> Mark Kosters
> Chief Technology Officer
> American Registry for Internet Numbers (ARIN)


signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: mrtg alternative

[Mel Beckman]

"AKIPS continues to lead the market as the only network monitoring system to 
monitor SNMP, Ping, Syslog, Traps and Netflow, all at one low subscription 
price, independent of the size of your network “

At $5K/year subscription starting price, I think my definition of “low” differs 
from AKiPS :)

 -mel

On Mar 23, 2016, at 3:28 PM, Luca Salvatore via NANOG 
> wrote:

Look into AKiPS.. Some of the guys from Statseeker made it better :-)

On Wed, Mar 23, 2016 at 5:22 PM, Anurag Bhatia 
> wrote:

+1 for Cacti.


I tried zenoss & observium but still Cacti is more cool in terms of
tweaking templates as well as the tree mode for easy quick representation.



Thanks for starting this cool thread. Will help in getting links to some of
other cool projects which we don't hear around.

On Wed, Mar 23, 2016 at 10:36 PM, Alan Buxey 
>
wrote:

+1 for Statseeker. Ease of use etc (price depends on eg site size etc).
Can do lots on just one mid server unlike some other bloaty solutions out
there.  But we also still use MRTG for some local bespoke measurements

PS you can get a free Eval of statseeker. Obnote, don't work for them
just
a fairly happy customer

alan




--


Anurag Bhatia
anuragbhatia.com




--
Luca Salvatore
Manager, Network Team | DigitalOcean
Phone: +1 (929) 214-7242

Re: ARIN down?

[Daniel Corbe]

> On Mar 26, 2016, at 12:43 AM, Mel Beckman  wrote:
> 
> I haven’t been able to connect to http://arin.net for several hours, but was 
> able to open a ticket this morning. I’ve tried from several different 
> networks, all roads seem to lead to the same place, with packets dropping at 
> the NTT interface 129.250.196.154. e.g.:
> 
> ...
> 
> I recall ARIN had a DDoS attack a week or so ago. Does anybody know if this 
> is a recurrence?
> 
> -mel

An announcement went out on arin-announce yesterday (but you might not be able 
to follow the link if you can’t reach list.arin.net):

http://lists.arin.net/pipermail/arin-announce/2016-March/001963.html

tl;dr: Massive DDoS.  Usual affair.  Welcome to the Internet.

Re: Cogent Communications

[Jason Canady]

As a Cogent customer, I'm sure I can get you in touch with someone. Have 
you tried emailing supp...@cogentco.com ?  If not, email me off list and 
I'll find someone you can speak to.


- Jason

On 3/24/16 4:20 AM, Brandon Vincent wrote:

Does anyone have a NOC/SOC contact for Cogent? I found a improperly
secured router on the Internet and I'd like to report it.

Thank you,
Brandon Vincent

Re: ARIN down?

[Mel Beckman]

You’d think with all the money they collect, they’d have permanent DDOS 
mitigation in place. Time for them to call BlackLotus :)

 -mel

> On Mar 25, 2016, at 9:46 PM, David Conrad  wrote:
> 
> Yep, they're under another DDoS attack:
> 
>> Begin forwarded message:
>> 
>> From: ARIN 
>> Subject: [arin-announce] ARIN DDoS Attack
>> Date: March 25, 2016 at 1:31:34 PM PDT
>> To: arin-annou...@arin.net
>> 
>> Starting at 3:55 PM EDT on Friday, 25 March, a DDoS attack began against 
>> ARIN. This was and continues to be a sustained attack against our 
>> provisioning services, email, and website. We initiated our DDoS mitigation 
>> plan and are in the process of mitigating various types of attack traffic 
>> patterns. All our other public-facing services (Whois, Whois-RWS, RDAP, DNS, 
>> IRR, and RPKI repository services) are not affected by this attack and are 
>> operating normally.
>> 
>> We will announce an all clear 24 hours after the attacks have stopped.
>> 
>> Regards,
>> 
>> Mark Kosters
>> Chief Technology Officer
>> American Registry for Internet Numbers (ARIN)
>> ___
> 
> 
> Regards,
> -drc
> 
>> On Mar 25, 2016, at 9:43 PM, Mel Beckman  wrote:
>> 
>> I haven’t been able to connect to http://arin.net for several hours, but was 
>> able to open a ticket this morning. I’ve tried from several different 
>> networks, all roads seem to lead to the same place, with packets dropping at 
>> the NTT interface 129.250.196.154. e.g.:
>> 
>> $ traceroute arin.net
>> traceroute: Warning: arin.net has multiple addresses; using 
>> 199.43.0.44
>> traceroute to arin.net (199.43.0.44), 64 hops max, 52 byte 
>> packets
>> 1  
>> l100.lsanca-vfttp-106.verizon-gni.net
>>  (98.112.74.1)  5.992 ms  4.865 ms  4.943 ms
>> 2  172.102.106.24 (172.102.106.24)  9.962 ms  9.723 ms  12.242 ms
>> 3  
>> ae2-0.lax01-bb-rtr2.verizon-gni.net
>>  (130.81.22.238)  29.982 ms *
>>   
>> so-4-1-0-0.lax01-bb-rtr2.verizon-gni.net
>>  (130.81.151.248)  9.428 ms
>> 4  0.ae6.br1.lax15.alter.net 
>> (140.222.225.137)  9.806 ms * *
>> 5  ae-7.r01.lsanca20.us.bb.gin.ntt.net 
>> (129.250.8.85)  10.409 ms
>>   0.ae6.br1.lax15.alter.net 
>> (140.222.225.137)  19.783 ms  9.757 ms
>> 6  ae-7.r01.lsanca20.us.bb.gin.ntt.net 
>> (129.250.8.85)  10.292 ms  9.357 ms  12.291 ms
>> 7  ae-17.r01.lsanca07.us.bb.gin.ntt.net 
>> (129.250.4.207)  22.541 ms
>>   ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net 
>> (129.250.196.153)  72.412 ms
>>   ae-17.r01.lsanca07.us.bb.gin.ntt.net 
>> (129.250.4.207)  22.167 ms
>> 8  ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net 
>> (129.250.196.153)  72.510 ms  74.590 ms  72.258 ms
>> 9  ge-101-0-0-3.r06.asbnva02.us.ce.gin.ntt.net 
>> (129.250.196.154)  69.960 ms *  70.930 ms
>> 10  * * *
>> 11  * * *
>> 
>> $ traceroute www.arin.net
>> traceroute: Warning: www.arin.net has multiple 
>> addresses; using 199.43.0.43
>> traceroute to www.arin.net (199.43.0.43), 64 hops max, 
>> 40 byte packets
>> 1  router1.sb.becknet.com (206.83.0.1)  1.010 
>> ms  0.420 ms  0.536 ms
>> 2  
>> 206-190-77-9.static.twtelecom.net 
>> (206.190.77.9)  3.983 ms  0.732 ms  0.686 ms
>> 3  
>> 64-129-238-182.static.twtelecom.net
>>  (64.129.238.182)  2.760 ms 
>> lax2-pr2-xe-1-3-0-0.us.twtelecom.net
>>  (66.192.241.218)  2.816 ms 
>> 64-129-238-186.static.twtelecom.net
>>  (64.129.238.186)  18.203 ms
>> 4  4.68.71.137 (4.68.71.137)  3.245 ms  2.877 ms  2.889 ms
>> 5  * * *
>> 6  ae-28.r00.lsanca07.us.bb.gin.ntt.net 
>> (129.250.9.93)  3.731 ms  3.483 ms  3.850 ms
>> 7  ae-3.r01.lsanca07.us.bb.gin.ntt.net 
>> (129.250.5.29)  3.517 ms  3.433 ms  3.458 ms
>> 8  ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net 
>> (129.250.196.153)  69.503 ms  68.021 ms  68.072 ms
>> 9  ge-101-0-0-3.r06.asbnva02.us.ce.gin.ntt.net 
>> (129.250.196.154)  67.075 ms  67.102 ms  67.122 ms
>> 10  * * *
>> 11  * * *
>> 
>> I recall ARIN had a DDoS attack a week or so ago. Does anybody know if this 
>> is a recurrence?
>> 
>> -mel
> 

Re: ARIN down?

[David Conrad]

Yep, they're under another DDoS attack:

> Begin forwarded message:
> 
> From: ARIN 
> Subject: [arin-announce] ARIN DDoS Attack
> Date: March 25, 2016 at 1:31:34 PM PDT
> To: arin-annou...@arin.net
> 
> Starting at 3:55 PM EDT on Friday, 25 March, a DDoS attack began against 
> ARIN. This was and continues to be a sustained attack against our 
> provisioning services, email, and website. We initiated our DDoS mitigation 
> plan and are in the process of mitigating various types of attack traffic 
> patterns. All our other public-facing services (Whois, Whois-RWS, RDAP, DNS, 
> IRR, and RPKI repository services) are not affected by this attack and are 
> operating normally.
> 
> We will announce an all clear 24 hours after the attacks have stopped.
> 
> Regards,
> 
> Mark Kosters
> Chief Technology Officer
> American Registry for Internet Numbers (ARIN)
> ___


Regards,
-drc

> On Mar 25, 2016, at 9:43 PM, Mel Beckman  wrote:
> 
> I haven’t been able to connect to http://arin.net for several hours, but was 
> able to open a ticket this morning. I’ve tried from several different 
> networks, all roads seem to lead to the same place, with packets dropping at 
> the NTT interface 129.250.196.154. e.g.:
> 
> $ traceroute arin.net
> traceroute: Warning: arin.net has multiple addresses; using 
> 199.43.0.44
> traceroute to arin.net (199.43.0.44), 64 hops max, 52 byte 
> packets
> 1  
> l100.lsanca-vfttp-106.verizon-gni.net
>  (98.112.74.1)  5.992 ms  4.865 ms  4.943 ms
> 2  172.102.106.24 (172.102.106.24)  9.962 ms  9.723 ms  12.242 ms
> 3  
> ae2-0.lax01-bb-rtr2.verizon-gni.net
>  (130.81.22.238)  29.982 ms *
>
> so-4-1-0-0.lax01-bb-rtr2.verizon-gni.net
>  (130.81.151.248)  9.428 ms
> 4  0.ae6.br1.lax15.alter.net 
> (140.222.225.137)  9.806 ms * *
> 5  ae-7.r01.lsanca20.us.bb.gin.ntt.net 
> (129.250.8.85)  10.409 ms
>0.ae6.br1.lax15.alter.net 
> (140.222.225.137)  19.783 ms  9.757 ms
> 6  ae-7.r01.lsanca20.us.bb.gin.ntt.net 
> (129.250.8.85)  10.292 ms  9.357 ms  12.291 ms
> 7  ae-17.r01.lsanca07.us.bb.gin.ntt.net 
> (129.250.4.207)  22.541 ms
>ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net 
> (129.250.196.153)  72.412 ms
>ae-17.r01.lsanca07.us.bb.gin.ntt.net 
> (129.250.4.207)  22.167 ms
> 8  ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net 
> (129.250.196.153)  72.510 ms  74.590 ms  72.258 ms
> 9  ge-101-0-0-3.r06.asbnva02.us.ce.gin.ntt.net 
> (129.250.196.154)  69.960 ms *  70.930 ms
> 10  * * *
> 11  * * *
> 
> $ traceroute www.arin.net
> traceroute: Warning: www.arin.net has multiple 
> addresses; using 199.43.0.43
> traceroute to www.arin.net (199.43.0.43), 64 hops max, 
> 40 byte packets
> 1  router1.sb.becknet.com (206.83.0.1)  1.010 
> ms  0.420 ms  0.536 ms
> 2  
> 206-190-77-9.static.twtelecom.net 
> (206.190.77.9)  3.983 ms  0.732 ms  0.686 ms
> 3  
> 64-129-238-182.static.twtelecom.net
>  (64.129.238.182)  2.760 ms 
> lax2-pr2-xe-1-3-0-0.us.twtelecom.net
>  (66.192.241.218)  2.816 ms 
> 64-129-238-186.static.twtelecom.net
>  (64.129.238.186)  18.203 ms
> 4  4.68.71.137 (4.68.71.137)  3.245 ms  2.877 ms  2.889 ms
> 5  * * *
> 6  ae-28.r00.lsanca07.us.bb.gin.ntt.net 
> (129.250.9.93)  3.731 ms  3.483 ms  3.850 ms
> 7  ae-3.r01.lsanca07.us.bb.gin.ntt.net 
> (129.250.5.29)  3.517 ms  3.433 ms  3.458 ms
> 8  ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net 
> (129.250.196.153)  69.503 ms  68.021 ms  68.072 ms
> 9  ge-101-0-0-3.r06.asbnva02.us.ce.gin.ntt.net 
> (129.250.196.154)  67.075 ms  67.102 ms  67.122 ms
> 10  * * *
> 11  * * *
> 
> I recall ARIN had a DDoS attack a week or so ago. Does anybody know if this 
> is a recurrence?
> 
> -mel



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Oh dear, we've all been made redundant...

[Bryan Bradsby]

> Uggghhh.  I've always hated this 'reboot, see if it fixes it' 
> methodology.  If the CPEs can't recover from error conditions 
> correctly, they shouldn't be used.  I blame Microsoft for making this 
> concept acceptable.  
> 
> Chuck

I was getting 20% TCP packet loss between two of my unix boxes on the
TWC route from my house to work, so I called support. 

I used lft - like tcptraceroute - both directions, to identify a TWC
backbone router in Dallas as the problem. I then used the TWC looking
glass to show the same result. 

I was told i needed to reboot my router to troubleshoot. I offered to
reboot my router, after he rebooted his router in Dallas  ;)

-bryan

Cogent Communications

[Brandon Vincent]

Does anyone have a NOC/SOC contact for Cogent? I found a improperly
secured router on the Internet and I'd like to report it.

Thank you,
Brandon Vincent

Re: mrtg alternative

[Luca Salvatore via NANOG]

Look into AKiPS.. Some of the guys from Statseeker made it better :-)

On Wed, Mar 23, 2016 at 5:22 PM, Anurag Bhatia  wrote:

> +1 for Cacti.
>
>
> I tried zenoss & observium but still Cacti is more cool in terms of
> tweaking templates as well as the tree mode for easy quick representation.
>
>
>
> Thanks for starting this cool thread. Will help in getting links to some of
> other cool projects which we don't hear around.
>
> On Wed, Mar 23, 2016 at 10:36 PM, Alan Buxey 
> wrote:
>
> > +1 for Statseeker. Ease of use etc (price depends on eg site size etc).
> > Can do lots on just one mid server unlike some other bloaty solutions out
> > there.  But we also still use MRTG for some local bespoke measurements
> >
> > PS you can get a free Eval of statseeker. Obnote, don't work for them
> just
> > a fairly happy customer
> >
> > alan
> >
>
>
>
> --
>
>
> Anurag Bhatia
> anuragbhatia.com
>



-- 
Luca Salvatore
Manager, Network Team | DigitalOcean
Phone: +1 (929) 214-7242

ARIN down?

[Mel Beckman]

I haven’t been able to connect to http://arin.net for several hours, but was 
able to open a ticket this morning. I’ve tried from several different networks, 
all roads seem to lead to the same place, with packets dropping at the NTT 
interface 129.250.196.154. e.g.:

$ traceroute arin.net
traceroute: Warning: arin.net has multiple addresses; using 
199.43.0.44
traceroute to arin.net (199.43.0.44), 64 hops max, 52 byte 
packets
 1  
l100.lsanca-vfttp-106.verizon-gni.net
 (98.112.74.1)  5.992 ms  4.865 ms  4.943 ms
 2  172.102.106.24 (172.102.106.24)  9.962 ms  9.723 ms  12.242 ms
 3  
ae2-0.lax01-bb-rtr2.verizon-gni.net 
(130.81.22.238)  29.982 ms *

so-4-1-0-0.lax01-bb-rtr2.verizon-gni.net
 (130.81.151.248)  9.428 ms
 4  0.ae6.br1.lax15.alter.net (140.222.225.137) 
 9.806 ms * *
 5  ae-7.r01.lsanca20.us.bb.gin.ntt.net 
(129.250.8.85)  10.409 ms
0.ae6.br1.lax15.alter.net (140.222.225.137) 
 19.783 ms  9.757 ms
 6  ae-7.r01.lsanca20.us.bb.gin.ntt.net 
(129.250.8.85)  10.292 ms  9.357 ms  12.291 ms
 7  ae-17.r01.lsanca07.us.bb.gin.ntt.net 
(129.250.4.207)  22.541 ms
ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net 
(129.250.196.153)  72.412 ms
ae-17.r01.lsanca07.us.bb.gin.ntt.net 
(129.250.4.207)  22.167 ms
 8  ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net 
(129.250.196.153)  72.510 ms  74.590 ms  72.258 ms
 9  ge-101-0-0-3.r06.asbnva02.us.ce.gin.ntt.net 
(129.250.196.154)  69.960 ms *  70.930 ms
10  * * *
11  * * *

$ traceroute www.arin.net
traceroute: Warning: www.arin.net has multiple addresses; 
using 199.43.0.43
traceroute to www.arin.net (199.43.0.43), 64 hops max, 40 
byte packets
 1  router1.sb.becknet.com (206.83.0.1)  1.010 
ms  0.420 ms  0.536 ms
 2  206-190-77-9.static.twtelecom.net 
(206.190.77.9)  3.983 ms  0.732 ms  0.686 ms
 3  
64-129-238-182.static.twtelecom.net 
(64.129.238.182)  2.760 ms 
lax2-pr2-xe-1-3-0-0.us.twtelecom.net
 (66.192.241.218)  2.816 ms 
64-129-238-186.static.twtelecom.net 
(64.129.238.186)  18.203 ms
 4  4.68.71.137 (4.68.71.137)  3.245 ms  2.877 ms  2.889 ms
 5  * * *
 6  ae-28.r00.lsanca07.us.bb.gin.ntt.net 
(129.250.9.93)  3.731 ms  3.483 ms  3.850 ms
 7  ae-3.r01.lsanca07.us.bb.gin.ntt.net 
(129.250.5.29)  3.517 ms  3.433 ms  3.458 ms
 8  ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net 
(129.250.196.153)  69.503 ms  68.021 ms  68.072 ms
 9  ge-101-0-0-3.r06.asbnva02.us.ce.gin.ntt.net 
(129.250.196.154)  67.075 ms  67.102 ms  67.122 ms
10  * * *
11  * * *

I recall ARIN had a DDoS attack a week or so ago. Does anybody know if this is 
a recurrence?

 -mel

Re: Top-shelf resilience (Re: Why the US Government has so many data centers)

[Måns Nilsson]

Subject: Top-shelf resilience (Re: Why the US Government has so many data 
centers) Date: Tue, Mar 22, 2016 at 07:59:24PM + Quoting Jay R. Ashworth 
(j...@baylink.com):
> 
> This seems like a good time to mention my favorite example of such a thing.
> 
> In the Navy, originally, and it ended up in a few other places, there was
> invented the concept of a 'battleshort', or 'battleshunt', depending on whom 
> you're talking to.

I've built one, sort of. In an outdoor broadcasting vehicle. See, in
order to get a working grounding scheme, the PDU in the bus gets to serve
as power source for a lot of things that might find themselves outside,
in climate. 200VDC feeds in triaxial cables to cameras, for instance.
(this was before cameras were connected with singlemode fiber, but
after the era of the multicore "shower handle" connectors) All this
was of course built for some exposure to the elements but not for
drenching. During setup, it was decided to protect people with a GFCI
breaker on the main three-phase bus in the bus[0][1], but once setup,
people were not really supposed to gefingerpoken the thingamaboobs, so
in the interest of reliability a bypass was created for the GFCI breaker.
This had to be built in-house, since no electrical contractor even wanted
to contemplate it. So we did.

/Måns, ex-builder of analog broadcast facilities. 
-- 
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
First, I'm going to give you all the ANSWERS to today's test ...  So
just plug in your SONY WALKMANS and relax!!

[0] Pun not intended but carefully kept once discovered. 

[1] This is (continental) Europe, where we are not afraid of 405VAC
three-phase mains. Tesla was European. Edison was born to American 
parents. 


signature.asc
Description: Digital signature

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG,
SAFNOG, PaNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 26 Mar, 2016

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  587515
Prefixes after maximum aggregation (per Origin AS):  216203
Deaggregation factor:  2.72
Unique aggregates announced (without unneeded subnets):  287784
Total ASes present in the Internet Routing Table: 53221
Prefixes per ASN: 11.04
Origin-only ASes present in the Internet Routing Table:   36607
Origin ASes announcing only one prefix:   15753
Transit ASes present in the Internet Routing Table:6412
Transit-only ASes present in the Internet Routing Table:170
Average AS path length visible in the Internet Routing Table:   4.3
Max AS path length visible:  37
Max AS path prepend of ASN ( 40285)  34
Prefixes from unregistered ASNs in the Routing Table:   958
Unregistered ASNs in the Routing Table: 354
Number of 32-bit ASNs allocated by the RIRs:  13208
Number of 32-bit ASNs visible in the Routing Table:   10202
Prefixes from 32-bit ASNs in the Routing Table:   39714
Number of bogon 32-bit ASNs visible in the Routing Table:14
Special use prefixes present in the Routing Table:0
Prefixes being announced from unallocated address space:363
Number of addresses announced to Internet:   2807921668
Equivalent to 167 /8s, 93 /16s and 124 /24s
Percentage of available address space announced:   75.8
Percentage of allocated address space announced:   75.8
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   98.1
Total number of prefixes smaller than registry allocations:  191954

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   150519
Total APNIC prefixes after maximum aggregation:   41895
APNIC Deaggregation factor:3.59
Prefixes being announced from the APNIC address blocks:  160568
Unique aggregates announced from the APNIC address blocks:65534
APNIC Region origin ASes present in the Internet Routing Table:5145
APNIC Prefixes per ASN:   31.21
APNIC Region origin ASes announcing only one prefix:   1180
APNIC Region transit ASes present in the Internet Routing Table:909
Average APNIC Region AS path length visible:4.5
Max APNIC Region AS path length visible: 35
Number of APNIC region 32-bit ASNs visible in the Routing Table:   1945
Number of APNIC addresses announced to Internet:  752726596
Equivalent to 44 /8s, 221 /16s and 178 /24s
Percentage of available APNIC address space announced: 88.0

APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 63488-64098, 131072-135580
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:179920
Total ARIN prefixes after maximum aggregation:88981
ARIN Deaggregation factor: 2.02
Prefixes being announced from the ARIN address blocks:   184947
Unique aggregates announced from the ARIN address blocks: 87842
ARIN Region origin ASes present in the Internet Routing Table:16404