Re: Amazon now controls 3.0.0.0/8

[Tom Hill]

On 09/11/2018 00:46, Eric Kuhnke wrote:
> 3.4.5.6/24  could be an interesting block to put
> easily memorable IP services in...


My upbringing in the 90s makes '5.6.7.8' far more memorable. :)

-- 
Tom

Re: Well Known BGP Communities

[Jared Mauch]

On Sun, Nov 11, 2018 at 11:51:35PM -0200, João Butzke wrote:
> Hi, Bryce!
> 
> Is this what you are looking for?
> 
> https://www.iana.org/assignments/bgp-well-known-communities/bgp-well-known-communities.xhtml
> 
> https://tools.ietf.org/html/rfc1997

You may also want to look at 
https://tools.ietf.org/html/draft-ietf-grow-wkc-behavior


-- 
Jared Mauch  | pgp key available via finger from ja...@puck.nether.net
clue++;  | http://puck.nether.net/~jared/  My statements are only mine.

Re: WIndows Updates Fail Via IPv6

[Clinton Work]

I saw this issue randomly on Windows PCs due to IPV6 TCP checksum
offloading.
Try the following on the problem Windows machine:
- Open the Device Manager -> Network Adapters -> Network Interface
  (Ethernet NIC):- Under the Network Adapter -> Advanced Tab, disable these 
options
  if present:TCP Checksum Offloading (IPV6) -> Disabled
UDP Checksum Offloading (IPV6) -> Disabled
- Try Windows update again

--
Clinton Work
Airdrie, AB


On Sun, Nov 11, 2018, at 2:29 AM, Mark Tinka wrote:
> Hi all.
>
>  Anyone ever figured out why Windows updates fail when the computer
>  has an IPv6 connection?
>
>  Google has tickets and tickets of this to and outside of Microsoft
>  since 2013, with no real solution or answer as to what the problem
>  actually is. In essence, many of the solutions out there point toward
>  making sure the updates do not occur over IPv6, which, in effect, is
>  the same as disabling it.
>
>  I have a family PC at home running Windows 10 Pro, and noticed
>  updates would fail in recent months. It took me a moment to realize
>  that this started happening only after I enabled IPv6 in the TCP/IP
>  stack. Disabling it immediately solves the issue.
>
>  Quite odd that this is happening in 2018...
>
>  Mark.

Re: WIndows Updates Fail Via IPv6

[Mark Tinka]

On 11/Nov/18 18:51, Lavanauts wrote:

> I’m on native IPv6 via Spectrum and have no problems with Windows
> Updates.  Could this be a tunneling issue?

I do run 6-in-4 from my backbone to my house as my FTTH provider does
not do IPv6.

I can't imagine this to specifically be the issue, as all other IPv6
traffic is fine, but at this point, I'm open to suggestion.

Mark.

Re: WIndows Updates Fail Via IPv6

[Mark Tinka]

On 11/Nov/18 20:35, Jared Mauch wrote:

> Let me know if you see anything related to Akamai.

Will do.


>   Looking at these threads I don’t see anything really obvious and some are 
> much older posts.

Agreed - but those posts were never really solved, and the issue
description and behaviour mirrors my own.

Mark.

Re: WIndows Updates Fail Via IPv6

[Mark Tinka]

On 12/Nov/18 18:18, Clinton Work wrote:

> I saw this issue randomly on Windows PCs due to IPV6 TCP checksum
> offloading.   
>
> Try the following on the problem Windows machine:
> - Open the Device Manager -> Network Adapters -> Network Interface
> (Ethernet NIC):
> - Under the Network Adapter -> Advanced Tab, disable these options if
> present:
> TCP Checksum Offloading (IPV6) -> Disabled
> UDP Checksum Offloading (IPV6) -> Disabled
> - Try Windows update again

Thanks, Airdrie, but I don't have those options on the network adapter.

Mark.

Re: WIndows Updates Fail Via IPv6

[Mikael Abrahamsson]

On Mon, 12 Nov 2018, Mark Tinka wrote:


I do run 6-in-4 from my backbone to my house as my FTTH provider does
not do IPv6.

I can't imagine this to specifically be the issue, as all other IPv6
traffic is fine, but at this point, I'm open to suggestion.


Are you doing TCP MSS adjust/clamping? If you don't, try that and see if 
it helps. This might be a PMTUD issue.


Otherwise if possible, try lowering the MTU sent in RA to the one you have 
on your tunnel (this depends on if this is available to you in your RA 
sending device).


--
Mikael Abrahamssonemail: swm...@swm.pp.se

Spoofer Report for NANOG for Oct 2018

[CAIDA Spoofer Project]

In response to feedback from operational security communities,
CAIDA's source address validation measurement project
(https://spoofer.caida.org) is automatically generating monthly
reports of ASes originating prefixes in BGP for systems from which
we received packets with a spoofed source address.
We are publishing these reports to network and security operations
lists in order to ensure this information reaches operational
contacts in these ASes.

This report summarises tests conducted within usa, can.

Inferred improvements during Oct 2018:
   ASN Name   Fixed-By
 14361 HOPONE-GLOBAL  2018-10-03
  7233 YAHOO-US   2018-10-04
   237 MERIT-AS-142018-10-05
 4 ISI2018-10-10
 15176 AS-INOC2018-10-17
  3356 LEVEL3 2018-10-24
 10326 WORCESTER-12018-10-29

Further information for the inferred remediation is available at:
https://spoofer.caida.org/remedy.php

Source Address Validation issues inferred during Oct 2018:
   ASN Name   First-Spoofed Last-Spoofed
  5650 FRONTIER-FRTR 2016-02-22   2018-10-04
   577 BACOM 2016-03-09   2018-10-27
 18978 ENZUINC-US2016-04-15   2018-10-26
 54825 PACKET2016-04-15   2018-10-11
  7922 COMCAST-7922  2016-06-04   2018-10-09
 19230 NANOG 2016-06-13   2018-10-04
  7029 WINDSTREAM2016-06-21   2018-10-30
   209 CENTURYLINK-US-LEGACY-QWEST   2016-08-16   2018-10-28
  6128 CABLE-NET-1   2016-09-03   2018-10-31
 20412 CLARITY-TELECOM   2016-09-30   2018-10-31
  6181 FUSE-NET  2016-10-10   2018-10-30
 15305 SYRINGANETWORKS   2016-10-21   2018-10-27
 25787 ROWE-NETWORKS 2016-10-21   2018-10-26
   174 COGENT-1742016-10-21   2018-10-31
  2828 XO-AS15   2016-10-25   2018-10-06
 31857 PRIORITY-TERABIT  2016-10-25   2018-10-19
 30341 SCTA-ASN  2016-10-31   2018-10-14
 32440 LONI  2016-11-03   2018-10-29
 33182 DimeNOC   2016-11-08   2018-10-25
 12083 WOW-INTERNET  2016-11-09   2018-10-27
  3549 LVLT-3549 2016-11-16   2018-10-03
 21832 KELLINCOM-1   2017-02-03   2018-10-26
  7122 MTS-ASN   2017-05-16   2018-10-25
  6461 ZAYO-6461 2017-06-21   2018-10-31
 63296 AMARILLO-WIRELESS 2017-09-01   2018-10-30
  7233 YAHOO-US  2017-09-07   2018-10-31
 33523 ROWANUNIVERSITY   2017-10-29   2018-10-31
  2152 CSUNET-NW 2017-11-08   2018-10-10
   546 PARSONS-PGS-1 2017-11-20   2018-10-10
 1 AKAMAI2018-02-14   2018-10-27
 29384 Qatar-Foundation  2018-03-08   2018-10-25
 23148 TERRENAP  2018-03-15   2018-10-30
 20009 WADSNET   2018-04-13   2018-10-19
  4201 ORST  2018-04-19   2018-10-29
 11827 WSU   2018-04-19   2018-10-31
393564 SPOKANE   2018-06-05   2018-10-03
 35911 BNQ-1 2018-06-06   2018-10-21
   225 VIRGINIA  2018-06-18   2018-10-30
 53646 HARRIS-BROADBAND  2018-08-10   2018-10-02
 40911 L2NC  2018-08-31   2018-10-15
  2381 WISCNET1  2018-09-04   2018-10-31
 54804 CSMIII-BUNKIELA   2018-09-15   2018-10-16
 33452 RW2018-09-19   2018-10-14
 20448 VPNTRANET-LLC 2018-09-20   2018-10-12
 11996 LOBOIS2018-09-24   2018-10-16
 10326 WORCESTER-1   2018-09-30   2018-10-05
 10929 NETELLIGENT   2018-10-02   2018-10-03
 36210 SFCF  2018-10-13   2018-10-13
 36327 VINAKOM   2018-10-16   2018-10-16
 14031 SCXY  2018-10-18   2018-10-26
 19919 VSW   2018-10-23   2018-10-30
 22462 NOLA-BROADBAND-INC2018-10-30   2018-10-30

Further information for these tests where we received spoofed
packets is available at:
https://spoofer.caida.org/recent_tests.php?country_include=usa,can&no_block=1

Please send any feedback or suggestions to spoofer-i...@caida.org

Escalation point at Google

[Alex Osipov]

Hello –

Does anyone have an escalation point or a human to speak to on the Google 
escalations or  Google Safe Browsing team?  Our entire SaaS business, 15 years 
in business, in a niche software industry with a good reputation has become 
blocked in ALL browsers.  We are impacting 30k+ enterprise users in the 
financial space and have tried everything but all roads lead to automated 
systems.

Can anyone please reach out with a contact if you have one?

Sorry to spam this list if this is inappropriate content.  Very desperate here.

Thank you,
Alex Osipov / CTO

Re: Amazon now controls 3.0.0.0/8

[Dalton, Paul P [CTO]]

Remember when AS 1 was Genuity?  First BGP session I ever set-up was with AS 1.

Get Outlook for Android


From: NANOG  on behalf of Ross Tajvar 
Sent: Thursday, November 8, 2018 6:44:45 PM
To: Steve Meuse
Cc: North American Network Operators' Group
Subject: Re: Amazon now controls 3.0.0.0/8

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.

Speaking of AS1 - I've been wondering, what's it being used for? It looks like 
Level3 owns it, and it's announcing a handful of prefixes and peering with a 
bunch of random ASes from many different countries.

On Thu, Nov 8, 2018 at 9:19 PM, Steve Meuse 
mailto:sme...@mara.org>> wrote:

John Orthoefer and I (and dozens of other BBN folks on this list) both worked 
for BBNPlanet at the time that 4.2.2.1 and 4.2.2.2 were assigned. John was one 
of the folks who built and ran that system.

So when he said "I wish we could have used 4.4.4.4" and my comment of "I think 
the dial modem folks beat us to..." was referring to the fact that when 4/8 was 
first being deployed on AS1 we started assigning blocks to various groups and 
they realized that 
4.4.4.0/XX
 had already been delegated to another internal group (I think it was the dial 
group).



On Thu, Nov 8, 2018 at 8:45 PM Tom Beecher  wrote:
4.0.0.0/8
 has been GTE/Level3 forever.

4.2.2.1 - 6 have been L3 DNS as far back as I can remember.

On Thu, Nov 8, 2018 at 8:32 PM Todd Underwood 
mailto:toddun...@gmail.com>> wrote:
google used 4.4.4.4 for DNS in the past (2010, IIRC).

t

On Thu, Nov 8, 2018 at 8:21 PM Steve Meuse 
mailto:sme...@mara.org>> wrote:

I think it was the dial modem team that beat us to 
4.4.4.0/24?

-Steve

On Thu, Nov 8, 2018 at 7:44 PM John Orthoefer 
mailto:j...@direwolf.com>> wrote:
I wish we could have used 4.4.4.4. Although at the time I suspect we would have 
used 4.4.4.[123].

Johno

On Nov 8, 2018, at 18:58, Matt Erculiani 
mailto:merculi...@gmail.com>> wrote:

So it looks like GE will be solvent for a few more years and 3.3.3.3 DNS is 
incoming.

-Matt

On Thu, Nov 8, 2018, 17:54 Eric Kuhnke 
mailto:eric.kuh...@gmail.com> wrote:
https://news.ycombinator.com/item?id=18407173

Quoting from the post:

"

Apparently bought in two chunks: 
3.0.0.0/9
 and 
3.128.0.0/9.

Previous owner was GE.

Anecdotal reports across the Internet that AWS EIPs are now being assigned in 
that range.

https://whois.arin.net/rest/net/NET-3-0-0-0-1.html

https://whois.arin.net/rest/net/NET-3-128-0-0-1.html

Re: Amazon now controls 3.0.0.0/8

[Kenneth Finnegan]

On Thu, Nov 8, 2018 at 3:58 PM Job Snijders  wrote:
> Seems ALTDB should delete the old AS 80 / GE IRR proxy route registration:
> http://irrexplorer.nlnog.net/search/3.0.0.0

Done.

For anyone else who is suffering from their prefixes malingering in
ALTDB from previous users and has ultimately failed to resolve the
issue with the maintainer of the object, you can escalate the matter
to the db-ad...@altdb.net alias. We have recently started a cleanup
effort of the ALTDB database to improve the quality of the routing
information present in it.

--
Kenneth Finnegan
ALTDB Admin

IGP protocol

[im]

goodmorning nanog,

I heard that OSPF is only famous in asia region...
So that, please could you explain me

  1. what is your backbone's IGP protocol?
  2. why you choose it?


thanks,

Oracle abuse contact

[David Shaw]

Hi,

I could really use some help reaching someone at Oracle for a spam problem 
coming from 129.145.16.122.  I've sent countless emails to their abuse contact 
with no response, tried their tech support chat system and even calling several 
times without any reaction beyond confusion.  It's been almost two weeks now, 
and while I don't like asking on NANOG, I'm out of options.

Any pointers would be very welcomed.

David

Re: Zayo vs Coent

[Mehmet Akcin]

Using www.networkatlas.org and Zayo KMZs loaded, i can't see neither on
this location (maybe they forgot to update the kmzs)

[image: Screen Shot 2018-11-09 at 11.38.08 AM.png]

You can join our Slack Channel , there are many people who has regional
dark fibre knowledge (100+ people) across the world. To discuss further,
https://join.slack.com/t/networkatlas/shared_invite/enQtNDUwOTIzMDEwODM4LWE5NjNmOWRkMmQxYmYzYWU1YmI0ZmEwNWVlODllY2U1MGU5OTVhZDk4YjA1ZmFiN2VhYWI5ZWUyMGQ0YjU0OTc



On Fri, Nov 9, 2018 at 11:27 AM Matt Erculiani  wrote:

> $dayjob hat off: I'll add that they often times use the same fiber for the
> last mile (hence why they're both on-net at that building), so if you get
> both with the intention of redundancy, you could potentially be taken out
> by a single cut unless you harp on the point that they need to be fiber
> diverse and asking for proof (drawings, etc.) never hurts.
>
> On Fri, Nov 9, 2018 at 1:05 PM Kushal R.  wrote:
>
>> Comparing networks and performance I believe zayo will outperform Cogent
>> in most places but I’ve heard nightmares about dealing with Zayo’s account
>> managers and billing reps.
>>
>> Cogent is great at their price point and you will get a very sweet deal
>> for a 10G circuit and their  account managers and NOC both have been great
>> for us.
>>
>> On Fri, 9 Nov 2018 at 7:21 PM, Dovid Bender  wrote:
>>
>>> Hi,
>>>
>>> We are in a facility where my only options are Cogent or Zayo. We plan
>>> on getting a 10G connection for a web crawler using v4 only. Looking for
>>> feedback on either or (keeping the politics out of it).
>>>
>>> TIA.
>>>
>>> Dovid
>>>
>>> --
>> --
>> [image: Host4Geeks]
>>
>> Kushal R
>> Chief Executive | Host4Geeks
>> site: host4geeks.com
>> email: kusha...@h4g.co
>> skype: kush.raha
>> [image: linkedin]
>> 
>> [image: facebook] 
>> [image: twitter] 
>> [image: instagram] 
>>
>>
>>

Re: Zayo vs Coent

[joe mcguckin]

Zayo is not merely Above.net . Zayo is a massive rollup of 
many fiber providers. It has acquired over 30 other networks.


Joe McGuckin
ViaNet Communications

j...@via.net
650-207-0372 cell
650-213-1302 office
650-969-2124 fax

Windows sometimes lets temporary IPv6 addresses expire without renewing

[fireballiso via NANOG]

Hi! I'm experiencing an IPv6 issue with Windows that I wanted to ask if
others are seeing, and get an idea of how widespread it might be.

For background, I've been using a /64 tunnel from Hurricane for a few
years to test IPv6 connectivity until my ISP offers native service.

Linux works well with IPv6. However, I've isolated a problem in
Windows 10 (version 1803, build 17134.345) where the Preferred Lifetime
of *temporary* IPv6 addresses don't seem to be renewed properly
sometimes. The Valid Life will start counting down
again from 24 hours, but the Pref Life will stay at 0s; in this
condition, the temporary addresses don't work on that interface until I
disable and then re-enable it.

Output of "netsh int ipv6 show addr", formatted to fit and for privacy:

Addr Type   DAD State     Valid Life     Pref. Life   Address
-   ---   ---    --   ---
Public  Preferred     23h58m22s  3h58m22s 2001:470:X:X:X:X:X:7a20
Temporary   Deprecated    23h58m22s 0s        
2001:470:X:X:bc72:8f4:7d98:3445
Public  Preferred     23h58m22s  3h58m22s fd00:X::X:X:X:7a20
Temporary   Deprecated    23h58m22s 0s    fd00:X::bc72:8f4:7d98:3445
Other   Preferred infinite   infinite     fe80::X:X:X:7a20%13

In this state, the Public addresses usually work, but these addresses don't
change, so some privacy is lost. Occasionally, even the Public addresses
stop working, (though the Valid and Pref Life values still have time left), 
which requires me to disable/enable the interface to regain any IPv6
connectivity to the internet.

I've noticed some bug reports stating that the temporary address stops working
after a while, but none I've found show the Pref Life staying on 0.

Has anyone else seen this bug? Any idea whether there's a fix or
workaround, other than an interface disable/re-enable?

-- 

-Indy
fireball...@yahoo.com

Re: Windows sometimes lets temporary IPv6 addresses expire without renewing

[fireballiso via NANOG]

On 11/11/2018 9:54 PM, fireballiso wrote:
> Hi! I'm experiencing an IPv6 issue with Windows that I wanted to ask if
> others are seeing, and get an idea of how widespread it might be.
>
> For background, I've been using a /64 tunnel from Hurricane for a few
> years to test IPv6 connectivity until my ISP offers native service.
>
> Linux works well with IPv6. However, I've isolated a problem in
> Windows 10 (version 1803, build 17134.345) where the Preferred Lifetime
> of *temporary* IPv6 addresses don't seem to be renewed properly
> sometimes. The Valid Life will start counting down
> again from 24 hours, but the Pref Life will stay at 0s; in this
> condition, the temporary addresses don't work on that interface until I
> disable and then re-enable it.
>
> Output of "netsh int ipv6 show addr", formatted to fit and for privacy:
>
> Addr Type   DAD State     Valid Life     Pref. Life   Address
> -   ---   ---    --   ---
> Public  Preferred     23h58m22s  3h58m22s 2001:470:X:X:X:X:X:7a20
> Temporary   Deprecated    23h58m22s 0s        
> 2001:470:X:X:bc72:8f4:7d98:3445
> Public  Preferred     23h58m22s  3h58m22s fd00:X::X:X:X:7a20
> Temporary   Deprecated    23h58m22s 0s    
> fd00:X::bc72:8f4:7d98:3445
> Other   Preferred infinite   infinite     fe80::X:X:X:7a20%13
>
> In this state, the Public addresses usually work, but these addresses don't
> change, so some privacy is lost. Occasionally, even the Public addresses
> stop working, (though the Valid and Pref Life values still have time left), 
> which requires me to disable/enable the interface to regain any IPv6
> connectivity to the internet.
>
> I've noticed some bug reports stating that the temporary address stops working
> after a while, but none I've found show the Pref Life staying on 0.
>
> Has anyone else seen this bug? Any idea whether there's a fix or
> workaround, other than an interface disable/re-enable?
> -- 
> -Indy
> fireball...@yahoo.com

To clarify: when I say "renew", I really mean "countdown reset to 4
hours again, and a new temporary IPv6 address assigned to allow
continued connectivity with a temporary address". Sorry for the vague
language.

-- 

-Indy
fireball...@yahoo.com

Re: WIndows Updates Fail Via IPv6

[Morgan A. Miskell]

Not to beat a dead horse, but could the problem be so simple?  I have 
tons of dual-stacked machines that have updated forever without issue, 
so I assume they update via IPV4.


That being said, I've not packet sniffed any of the update stuff in a 
while but if the DNS is any indication then dual-stacked machines can 
update via IPV4 while IPV6 ONLY machines will likely fail since the DNS 
shows IPV4 only


host windowsupdate.microsoft.com
windowsupdate.microsoft.com is an alias for 
windowsupdate.redir.update.microsoft.com.nsatc.net.
windowsupdate.redir.update.microsoft.com.nsatc.net is an alias for 
redir.update.microsoft.com.nsatc.net.

redir.update.microsoft.com.nsatc.net has address 157.56.77.153


On 11/11/2018 01:35 PM, Jared Mauch wrote:




On Nov 11, 2018, at 8:45 AM, Mark Tinka  wrote:



On 11/Nov/18 14:02, Chris Knipe wrote:


Also no problems here with IPv6 and Windows Updates...


The issue is affecting (and has affected) quite a few folk:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/a9b1b537-ad27-4718-821b-57ef33174974/windows-update-fails-if-ipv6-is-enabled?forum=w8itpronetworking
https://social.technet.microsoft.com/Forums/office/en-US/16e7aa06-9b90-48f8-8370-76c2329b93a8/windows-update-ipv6?forum=ws2016
https://answers.microsoft.com/en-us/windows/forum/all/windows-8-pro-windows-update-fails-if-ipv6-is/7ebdac22-6675-402b-ad43-e3fa8450659d

It occurs to me that this, could, perhaps be CDN specific.

I'm currently not in Johannesburg, but last time I checked, the majority of 
Windows updates were being handled by Akamai. Perhaps this is where the issue 
could be, although we have got local IPv6 peering with Akamai and don't 
generally have issues with it.

I'll dig deeper into how Akamai may be involved when I get back home.


Let me know if you see anything related to Akamai.  Looking at these threads I 
don’t see anything really obvious and some are much older posts.

- Jared



--
Morgan A. Miskell
CaroNet Data Centers
704-643-8330 x206

The information contained in this e-mail is confidential and is intended
only for the named recipient(s). If you are not the intended recipient
you must not copy, distribute, or take any action or reliance on it. If
you have received this e-mail in error, please notify the sender. Any
unauthorized disclosure of the information contained in this e-mail is
strictly prohibited.

Re: WIndows Updates Fail Via IPv6

[John Von Essen]

I recently go a Linksys home wifi router, by default it enables ipv6 on 
the LAN. If there is no native IPv6 on the WAN side (which is my case 
since FiOS doesnt do v6 yet) the Linksys defaults to a v6 tunnel.


For the first few weeks of using the router, I had no idea alot of my 
traffic was going out via the v6 tunnel.


Then I started getting random reachability and availability issues. 
Google would not load, but Bing and Yahoo would, and so on. I thought it 
was a FiOS issue, but after digging, I discovered the v6 tunnel, 
disabled it and all my issues went away.


I dont know what Linksys uses for the v6 tunnel because its buried in 
the firmware, but any tunnel service is vulnerable to a variety of 
issues that could effect access. Its odd that it always effects Windows 
update all the time, but who knows.


-John


On 11/12/18 1:18 PM, Mark Tinka wrote:



On 11/Nov/18 18:51, Lavanauts wrote:

I’m on native IPv6 via Spectrum and have no problems with Windows 
Updates.  Could this be a tunneling issue?


I do run 6-in-4 from my backbone to my house as my FTTH provider does 
not do IPv6.


I can't imagine this to specifically be the issue, as all other IPv6 
traffic is fine, but at this point, I'm open to suggestion.


Mark.

Re: Zayo vs Coent

[John Von Essen]

Zayo is probably a tad better in the network quality, but… Zayo’s NCC is awful 
when it comes to fixing or resolving anything, even something as simply as add 
a default route to my BGP session. And its takes forever, like a whole day 
waiting in queue. Cogent, you can call, and 15 minutes your done.

-John

> On Nov 9, 2018, at 1:18 PM, Dovid Bender  wrote:
> 
> Hi,
> 
> We are in a facility where my only options are Cogent or Zayo. We plan on 
> getting a 10G connection for a web crawler using v4 only. Looking for 
> feedback on either or (keeping the politics out of it). 
> 
> TIA.
> 
> Dovid
> 

RWHOIS

[Rodenhuis, John]

Greetings list!

We are testing implementation of an RWHOIS server to eliminating having to send 
SWIP emails to ARIN. Looking to see if anyone else is (successfully) using 
RWHOIS 1.5, and can hopefully provide any lessons-learned. Any other feedback 
would be welcomed.

Thanks,
   John


 John Rodenhuis
  Sr. Broadband Operations Manager
  Atlantic Broadband
  w. 603.330.7702 |  c. 603.767.6042

Re: IGP protocol

[Mikael Abrahamsson]

On Sat, 10 Nov 2018, im wrote:


goodmorning nanog,

I heard that OSPF is only famous in asia region...
So that, please could you explain me

 1. what is your backbone's IGP protocol?
 2. why you choose it?


This is a 20+ year old discussion. There are lots of comparisons.

https://nsrc.org/workshops/2017/ubuntunet-bgp-nrens/networking/nren/en/presentations/08-ISIS-vs-OSPF.pdf
https://www.nanog.org/meetings/nanog49/presentations/Sunday/Shamim_Which_Routing_N49.pdf
https://www.nada.kth.se/kurser/kth/2D1490/03/papers/Comparitive_Study_of_OSPF_and_ISIS.txt

--
Mikael Abrahamssonemail: swm...@swm.pp.se

Re: IGP protocol

[Jared Mauch]

> On Nov 9, 2018, at 10:03 AM, im  wrote:
> 
> goodmorning nanog,
> 
> I heard that OSPF is only famous in asia region...
> So that, please could you explain me
> 
>  1. what is your backbone's IGP protocol?

IS-IS

>  2. why you choose it?

Single topology, supported by everything for IPv6 and IP(classic).

- jared

Re: IGP protocol

[Ryan Kearney via NANOG]

1. IS-IS for loopbacks and iBGP on the loopbacks for everything else.
2. It was much easier to use than OSPF and seems to scale better.
On Mon, Nov 12, 2018 at 1:46 PM im  wrote:
>
> goodmorning nanog,
>
> I heard that OSPF is only famous in asia region...
> So that, please could you explain me
>
>   1. what is your backbone's IGP protocol?
>   2. why you choose it?
>
>
> thanks,

Re: Oracle abuse contact

[Dan Hollis]

Contact some DNSBLs? Sometimes it takes 550 responses to all their smtp 
connections for them to wake up from their slumber.


-Dan

On Fri, 9 Nov 2018, David Shaw wrote:


Hi,

I could really use some help reaching someone at Oracle for a spam problem 
coming from 129.145.16.122.  I've sent countless emails to their abuse contact 
with no response, tried their tech support chat system and even calling several 
times without any reaction beyond confusion.  It's been almost two weeks now, 
and while I don't like asking on NANOG, I'm out of options.

Any pointers would be very welcomed.

David

RE: IGP protocol

[Naslund, Steve]

I don't know where you heard that but it is probably incorrect.  Here is what I 
think you will find.

1.  Most large networks (service providers) supporting MPLS will be using ISIS 
as their IGP.  Some will have islands of OSPF because not everything speaks 
ISIS.
2.  Most corporate networks will be running OSPF and/or EIGRP as an IGP.

Steven Naslund
Chicago IL

-Original Message-
From: NANOG  On Behalf Of im
Sent: Friday, November 9, 2018 9:03 AM
To: nanog@nanog.org
Subject: IGP protocol

goodmorning nanog,

I heard that OSPF is only famous in asia region...
So that, please could you explain me

  1. what is your backbone's IGP protocol?
  2. why you choose it?


thanks,

Re: Escalation point at Google

[Guillaume Tournat]

Hello

Problem with blacklisted CA of Symantec, that issued SSL certificates ?



> Le 9 nov. 2018 à 02:57, Alex Osipov  a écrit :
> 
> Hello –
>  
> Does anyone have an escalation point or a human to speak to on the Google 
> escalations or  Google Safe Browsing team?  Our entire SaaS business, 15 
> years in business, in a niche software industry with a good reputation has 
> become blocked in ALL browsers.  We are impacting 30k+ enterprise users in 
> the financial space and have tried everything but all roads lead to automated 
> systems. 
>  
> Can anyone please reach out with a contact if you have one? 
>  
> Sorry to spam this list if this is inappropriate content.  Very desperate 
> here. 
>  
> Thank you,
> Alex Osipov / CTO

Re: IGP protocol

[valdis . kletnieks]

On Mon, 12 Nov 2018 20:21:26 +, "Naslund, Steve" said:

> 2.  Most corporate networks will be running OSPF and/or EIGRP as an IGP.

And I'm sure there's still some crazies out there using RIPv2. :)


pgpPMFjssCptV.pgp
Description: PGP signature

Re: IGP protocol

[Job Snijders]

The war is over.

In IETF the OSPF and ISIS working groups merged. Now all of it is
“link-state routing”.

https://datatracker.ietf.org/group/lsr/about/

RE: IGP protocol

[Naslund, Steve]

Yeah there are those.  

Steve

-Original Message-
From: Valdis Kletnieks  On Behalf Of valdis.kletni...@vt.edu
Sent: Monday, November 12, 2018 2:29 PM
To: Naslund, Steve 
Cc: nanog@nanog.org
Subject: Re: IGP protocol

On Mon, 12 Nov 2018 20:21:26 +, "Naslund, Steve" said:

> 2.  Most corporate networks will be running OSPF and/or EIGRP as an IGP.

And I'm sure there's still some crazies out there using RIPv2. :)

Re: Escalation point at Google

[George Herbert]

If this is re os33.com where Alex emailed from, the front page is Lets
Encrypt.  Which is a strange choice for a financial SAAS?...

Alex, if your internal app site certs are Symantec that could well explain
it; check your cert locations.

On Mon, Nov 12, 2018 at 12:30 PM Guillaume Tournat 
wrote:

> Hello
>
> Problem with blacklisted CA of Symantec, that issued SSL certificates ?
>
>
>
> Le 9 nov. 2018 à 02:57, Alex Osipov  a écrit :
>
> Hello –
>
>
>
> Does anyone have an escalation point or a human to speak to on the Google
> escalations or  Google Safe Browsing team?  Our entire SaaS business, 15
> years in business, in a niche software industry with a good reputation has
> become blocked in ALL browsers.  We are impacting 30k+ enterprise users in
> the financial space and have tried everything but all roads lead to
> automated systems.
>
>
>
> Can anyone please reach out with a contact if you have one?
>
>
>
> Sorry to spam this list if this is inappropriate content.  Very desperate
> here.
>
>
>
> Thank you,
>
> Alex Osipov / CTO
>
>

-- 
-george william herbert
george.herb...@gmail.com

Re: Zayo vs Coent

[Rob Foehl]

On Fri, 9 Nov 2018, Ca By wrote:


Zayo will provide you all of the internet


Only the parts for which someone has remembered to call in updates and/or 
which Zayo has remembered to apply to every manually maintained 
per-session prefix list, or for which someone has badgered them enough to 
switch to max prefixes only.  They have an incurable allergy to IRR, and 
it's a bundle of fun to sort out when something gets missed.


-Rob

Re: Escalation point at Google

[Jared Mauch]

Are they getting an error similar to:

Websites prove their identity via certificates, which are issued by certificate 
authorities. Most browsers no longer trust certificates issued by GeoTrust, 
RapidSSL, Symantec, Thawte, and VeriSign. www.example.com uses a certificate 
from one of these authorities and so the website’s identity cannot be proven.

You may want to check your site here:


https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com

- Jared


> On Nov 12, 2018, at 3:44 PM, George Herbert  wrote:
> 
> If this is re os33.com where Alex emailed from, the front page is Lets 
> Encrypt.  Which is a strange choice for a financial SAAS?...
> 
> Alex, if your internal app site certs are Symantec that could well explain 
> it; check your cert locations.
> 
> On Mon, Nov 12, 2018 at 12:30 PM Guillaume Tournat  
> wrote:
> Hello
> 
> Problem with blacklisted CA of Symantec, that issued SSL certificates ?
> 
> 
> 
> Le 9 nov. 2018 à 02:57, Alex Osipov  a écrit :
> 
>> Hello –
>> 
>>  
>> 
>> Does anyone have an escalation point or a human to speak to on the Google 
>> escalations or  Google Safe Browsing team?  Our entire SaaS business, 15 
>> years in business, in a niche software industry with a good reputation has 
>> become blocked in ALL browsers.  We are impacting 30k+ enterprise users in 
>> the financial space and have tried everything but all roads lead to 
>> automated systems. 
>> 
>>  
>> 
>> Can anyone please reach out with a contact if you have one? 
>> 
>>  
>> 
>> Sorry to spam this list if this is inappropriate content.  Very desperate 
>> here. 
>> 
>>  
>> 
>> Thank you,
>> 
>> Alex Osipov / CTO
>> 
> 
> 
> -- 
> -george william herbert
> george.herb...@gmail.com

Re: Zayo vs Coent

[Nick W]

I actually went through this exercise recently with Cogent, Zayo, and two
other providers. The requests were all made via email at roughly the same
time. HE was by far the quickest (I think under an hour), with Cogent being
about half a day initially (but they did miss a BGP session, which was
fixed within a few hours of notifying them), and Zayo taking about 3 days,
with a follow up call around the 2 day mark.

>From an outage standpoint: I've had three outages with Zayo, the first
being the most painful (left hand doesn't talk to right hand), the second
was brief and they provided an RFO same-day, and the third being similar to
the first, but resolved quicker because I was able to reference details
from the first. I've never had total outages with Cogent on my transit, but
I have on transport, and they were relatively quick to respond, resolve, or
provide details from third-party providers each time. From a quality
standpoint, I "feel" like the Zayo transit is better, but maybe that's
because I pay more for it. I think from a peering standpoint, I tend to see
better paths through Zayo. I've seen Cogent send traffic way out of region
for several content providers - causing customers to complain about high
latency to Google.

Nick



On Mon, Nov 12, 2018 at 3:09 PM John Von Essen  wrote:

> Zayo is probably a tad better in the network quality, but… Zayo’s NCC is
> awful when it comes to fixing or resolving anything, even something as
> simply as add a default route to my BGP session. And its takes forever,
> like a whole day waiting in queue. Cogent, you can call, and 15 minutes
> your done.
>
> -John
>
> > On Nov 9, 2018, at 1:18 PM, Dovid Bender  wrote:
> >
> > Hi,
> >
> > We are in a facility where my only options are Cogent or Zayo. We plan
> on getting a 10G connection for a web crawler using v4 only. Looking for
> feedback on either or (keeping the politics out of it).
> >
> > TIA.
> >
> > Dovid
> >
>
>

Re: WIndows Updates Fail Via IPv6

[Mark Andrews]

Which just shows content providers and tunnel end point problems.

* load balancers that don’t properly handle ICMP{v6}
* stupid firewalls that block PTB
* tunnel end points that don’t generate PTB for EVERY oversize packet
  (you wouldn’t drop TCP ACKS and PTBs are just as important)

PMTD requires PTBs to be generated.

Report the problems so they can get fixed.

Mark

> On 13 Nov 2018, at 6:08 am, John Von Essen  wrote:
> 
> I recently go a Linksys home wifi router, by default it enables ipv6 on the 
> LAN. If there is no native IPv6 on the WAN side (which is my case since FiOS 
> doesnt do v6 yet) the Linksys defaults to a v6 tunnel.
> 
> For the first few weeks of using the router, I had no idea alot of my traffic 
> was going out via the v6 tunnel.
> 
> Then I started getting random reachability and availability issues. Google 
> would not load, but Bing and Yahoo would, and so on. I thought it was a FiOS 
> issue, but after digging, I discovered the v6 tunnel, disabled it and all my 
> issues went away. 
> I dont know what Linksys uses for the v6 tunnel because its buried in the 
> firmware, but any tunnel service is vulnerable to a variety of issues that 
> could effect access. Its odd that it always effects Windows update all the 
> time, but who knows.
> 
> -John
> 
> On 11/12/18 1:18 PM, Mark Tinka wrote:
>> 
>> 
>> On 11/Nov/18 18:51, Lavanauts wrote:
>> 
>>> I’m on native IPv6 via Spectrum and have no problems with Windows Updates.  
>>> Could this be a tunneling issue?
>> 
>> I do run 6-in-4 from my backbone to my house as my FTTH provider does not do 
>> IPv6.
>> 
>> I can't imagine this to specifically be the issue, as all other IPv6 traffic 
>> is fine, but at this point, I'm open to suggestion.
>> 
>> Mark.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

Re: IGP protocol

[Scott Weeks]

--- valdis.kletni...@vt.edu wrote:
On Mon, 12 Nov 2018 20:21:26 +, "Naslund, Steve" 
said:

> 2.  Most corporate networks will be running OSPF 
and/or EIGRP as an IGP.

And I'm sure there's still some crazies out there 
using RIPv2. :)
--


Yes, there are networks out there on the ragged edges 
doing that.  They've been around since forever.  I've 
worked for them.  Show up on day 1: WTF???  Oh crap, 
what'd I get myself into *this* time?!

scott

Re: IGP protocol

[Brandon Martin]

On 11/12/18 3:21 PM, Naslund, Steve wrote:

1.  Most large networks (service providers) supporting MPLS will be using ISIS 
as their IGP.  Some will have islands of OSPF because not everything speaks 
ISIS.


Notably, support for OSPF is somewhat common on "layer 3 switch" 
products while IS-IS support is significantly less common.


Most "router" products seem to support either.

I was of the impression that there was a draft or similar for 
single-topology (IPv4+IPv6) OSPF.  Did anything ever come of that?

--
Brandon Martin

Re: IGP protocol

[Garrett Skjelstad]

To be fair, Microsoft only just recently added BGP support to RRAS in
2012...



On Mon, Nov 12, 2018, 21:50 Scott Weeks 
>
> --- valdis.kletni...@vt.edu wrote:
> On Mon, 12 Nov 2018 20:21:26 +, "Naslund, Steve"
> said:
>
> > 2.  Most corporate networks will be running OSPF
> and/or EIGRP as an IGP.
>
> And I'm sure there's still some crazies out there
> using RIPv2. :)
> --
>
>
> Yes, there are networks out there on the ragged edges
> doing that.  They've been around since forever.  I've
> worked for them.  Show up on day 1: WTF???  Oh crap,
> what'd I get myself into *this* time?!
>
> scott
>
>