Re: email scannering / filtering

[Bryan Holloway]

postfix + postscreen for MTA ...

MailScanner + MailWatch for anti-.

I've heard good things about rspamd, but I haven't tried it.


On 12/14/18 5:30 AM, David Funderburk wrote:

What open source email filtering system is working well for you?


Regards,

David Funderburk
GlobalVision
864-569-0703

For Technical Support, please email gv-supp...@globalvision.net 
.



--
This message has been scanned for viruses and dangerous content by
*E.F.A. Project* , and is believed to be clean.

Re: email scannering / filtering

[Brielle Bruns]

On 12/14/2018 1:00 PM, John Von Essen wrote:
I've used Sendmail + MIMEDefang + SpamAssassin w/clamav for over 15 
years. And on the SA side I use all the bells and whistles available 
like DCC greylisting, all the public blacklists, there are some 3rd 
party rulesets you can subscribe to, etc.,. In the end its not as good 
as gmail, but pretty darn close.


I block at SA score 4 and above, 4-8 score I dump into a separate 
quarantine account that I check every now and again for possible errors, 
and over 8 I drop - no log or bounce.




I've started using rspamd in place of SpamAssassin and have been having 
good results. Built in greylisting, support for spamassassin rules, nice 
statistics web based GUI.


Only downside is that it can be quirky during the initial setup.  It 
depends on redis for its key lookup backend.  Not a big fan of redis, 
but it works, especially if you have to support multiple rspamd 
instances on different mail servers, and want to have one main backend 
to store all the spam/ham hashes in.

--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

Re: email scannering / filtering

[John Von Essen]

I've used Sendmail + MIMEDefang + SpamAssassin w/clamav for over 15 
years. And on the SA side I use all the bells and whistles available 
like DCC greylisting, all the public blacklists, there are some 3rd 
party rulesets you can subscribe to, etc.,. In the end its not as good 
as gmail, but pretty darn close.


I block at SA score 4 and above, 4-8 score I dump into a separate 
quarantine account that I check every now and again for possible errors, 
and over 8 I drop - no log or bounce.


-John

On 12/14/18 12:35 PM, Guillaume Tournat wrote:


Hello,

For MTA server, I use Postfix, with some blacklists (DNSBL).

For filtering then: SpamAssassin + Clamav works well.


Le 14/12/2018 à 12:30, David Funderburk a écrit :


What open source email filtering system is working well for you?


Regards,

David Funderburk
GlobalVision
864-569-0703

For Technical Support, please email gv-supp...@globalvision.net 
.



--
This message has been scanned for viruses and dangerous content by
*E.F.A. Project* , and is believed to be 
clean. 

Re: Auto-reply from Yahoo...

[Josh Luthman]

Yes.  Same email address.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373


On Fri, Dec 14, 2018 at 1:59 PM Dan Hollis  wrote:

> Yes, someone needs to forcefully remove this subscription:
>
> Subject: Re: Your message to lem...@yahoo-inc.com (was:  Re: Extending
> network over a dry pair)
>
>
> On Fri, 14 Dec 2018, Grant Taylor via NANOG wrote:
>
> > Is anyone else receiving the "Your message to REDACTED (was:
> $oldSubject)"
> > auto-responses to posts to NANOG?
> >
> > I've been seeing them for three or four days now.
> >
> >
> >
> > --
> > Grant. . . .
> > unix || die
> >
> >
>

Re: Auto-reply from Yahoo...

[Grant Taylor via NANOG]

On 12/14/18 11:59 AM, Dan Hollis wrote:

Yes, someone needs to forcefully remove this subscription:


Agreed.

Subject: Re: Your message to lem...@yahoo-inc.com (was:  Re: Extending 
network over a dry pair)


Yep.

I've received multiple private replies from a number of people who have 
also stated that they are receiving them and have contacted nanog-owner 
asking them to do something about it.  (Something I've also did myself 
days ago.)


I brought it up on the list to confirm my suspicious and to test the 
temperature of the water.


Here's trusting ~> hoping that the nanog-owner(s) will "do the needful" 
(with or without "reverting") as soon as time permits.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Auto-reply from Yahoo...

[Bryce Wilson]

I have also received these and I sent an email to the NANOG administrators 
about it.

Thanks ~ Bryce Wilson, AS202313, EVIX AS137933

> On Dec 14, 2018, at 10:59 AM, Dan Hollis  wrote:
> 
> Yes, someone needs to forcefully remove this subscription:
> 
> Subject: Re: Your message to lem...@yahoo-inc.com (was:  Re: Extending 
> network over a dry pair)
> 
> 
>> On Fri, 14 Dec 2018, Grant Taylor via NANOG wrote:
>> 
>> Is anyone else receiving the "Your message to REDACTED (was: $oldSubject)" 
>> auto-responses to posts to NANOG?
>> 
>> I've been seeing them for three or four days now.
>> 
>> 
>> 
>> -- 
>> Grant. . . .
>> unix || die
>> 
>> 

Re: Auto-reply from Yahoo...

[Dan Hollis]

Yes, someone needs to forcefully remove this subscription:

Subject: Re: Your message to lem...@yahoo-inc.com (was:  Re: Extending network 
over a dry pair)


On Fri, 14 Dec 2018, Grant Taylor via NANOG wrote:

Is anyone else receiving the "Your message to REDACTED (was: $oldSubject)" 
auto-responses to posts to NANOG?


I've been seeing them for three or four days now.



--
Grant. . . .
unix || die

Re: How to choose a transit provider?

[Karsten Elfenbein]

Some points I have not seen so far are:
- how do you connect? local cc in the dc or several other fiber runs
to reach a different dc/city? (affects price, setup time, maintenance
and debugging)
- where is your traffic going to/from? how many intermediate ASs or
long transfers are involved?
- bgp community support to influence routing (including the already
mentioned blackhole)
- flowspec support
- additional services like ddos mitigation
- how many ports/locations per committed bandwidth
- your own experience with the company (sales/support)
- I assume IPv6 support does not need to be mentioned anymore :)


Karsten
Am Fr., 14. Dez. 2018 um 16:24 Uhr schrieb Mehmet Akcin :
>
> Hello there,
>
> I have started writing a blog which I hope it would help buy transit services 
> from providers by doing various due diligences(technical) i wanted to reach 
> out and ask nanog community’s thoughts on this.
>
> What are some of your checklist items ? Price? Their directly peered 
> networks? If they are tier 2,3 who they use as tier 1-2? Are the onnet? I am 
> sure list goes on and on on...
>
> Thanks a lot for your help. I plan to write the blog this month and publish.
>
> Mehmet
> --
> Mehmet
> +1-424-298-1903

Re: email scannering / filtering

[Chris Adams]

Once upon a time, Grant Taylor via NANOG  said:
>  - ClamAV

In my recent experience, ClamAV is basically useless against email
viruses.  On one setup I run that handles around half a million messages
a day, ClamAV might flag 3-5 as viruses.  I'm dubious that that's all
the virus messages that came through.

I'd be interested in hearing of other Linux software (free or paid) that
can catch modern email viruses.

-- 
Chris Adams 

Auto-reply from Yahoo...

[Grant Taylor via NANOG]

Is anyone else receiving the "Your message to REDACTED (was: 
$oldSubject)" auto-responses to posts to NANOG?


I've been seeing them for three or four days now.



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: How to choose a transit provider?

[Ross Tajvar]

Agreed. My biggest frustration buying carrier services is the lack of
transparency in pricing.

On Fri, Dec 14, 2018, 12:40 PM Brian Kantor  On Fri, Dec 14, 2018 at 03:26:56PM -0200, Mehmet Akcin wrote:
> > Probably you also have never got the best possible pricing ;-)
>
> Ugh.  Requiring an NDA to get best pricing is a  business practice
> that makes me feel I need to wash my hands after dealing with them.
> - Brian
>
>

Re: email scannering / filtering

[Grant Taylor via NANOG]

On 12/14/18 4:30 AM, David Funderburk wrote:

What open source email filtering system is working well for you?


 - Sendmail
 - SpamAssassin
 - ClamAV
 - OpenDKIM
 - OpenDMARC
 - SPFmilter
 - NoListing (a variant of Grey Listing that has worked exceedingly 
well for me.)

 - Junk Email Filter MX tricks (also works very well for me)
 - Reverse Path route filters

Most of this is fairly stock configuration.  I have put some custom 
rules in SpamAssassin for various reasons.  Email me directly if you 
want particulars.




On 12/14/18 10:36 AM, Rich Kulawiec wrote:
I've been studying email abuse for a very long time, and am writing a 
book about defending against it with open-source tools.


I'll be interested to learn more about your book.

Will you share any details so that I can keep an eye out for it?

 - Title
 - Release date
 - Publisher

One of the things that I've learned over those decades is that while 
some measures make sense for everyone, one size does not fit all, 
and that it's critical to understand the mail stream that's being 
presented before trying to design and build systems to deal with it. 
Everyone's legitimate email looks different.  Everyone's abusive email 
looks different.  It's not possible to figure out how to cope with these 
things until you measure them.


Nor is it possible until you understand the operational requirements, 
which again, are different for everyone.  Joe's Donuts in Dubuque 
probably isn't going to be receiving messages at its "orders" address 
from Peru or Pakistan, for example, so any incoming traffic like that is 
almost certainly misdirected (at best) or abusive.  On the other hand, 
Michigan State University will probably receive legitimate traffic from 
all the world, including Peru and Pakistan.


I largely agree with both of those statements.

So while I could answer your question by telling you what I use, that 
doesn't mean that it would work for you.  It *might*, and after a fashion, 
it probably would -- but it's highly unlikely that it's anything close 
to optimal for your environment.  There's a fair amount of homework that 
needs to be done to figure that out.


Sure.  But sharing what you're using and your perceived Pros and Cons do 
provide data for someone to consume while pontificating what will likely 
suit them the best.


One more thing.  There are a number of things that some people do in their 
email systems which are worst practices -- things that exacerbate the 
problem.  For example, "quarantines" or "spam folders" are a profoundly 
horrible idea that should never be deployed.  (Ask RSA how that's working 
out for them.)  Avoid these.


I think that there is a time and a place for both quarantining and spam 
folders.  I use quarantining to gate email into and out of a lab / 
sandbox environment.  I know that nothing will flow without me releasing 
a quarantine.  This allows me to feel comfortable testing various MTAs 
without worrying that email will flow when I have not approved it. 
Devices on either side speak SMTP just like they want to and believe 
that the messages are the responsibility of an intermediate server. 
IMHO it works great.


I also think that spam folders do have a use.  They provide a way for 
messages that seem spammy to be isolated from the main inbox while still 
making them available to end users.  (I'm talking about mail boxes 
accessed via IMAP where it's easy to see both Inbox and Junk.)




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 15 Dec, 2018

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  729792
Prefixes after maximum aggregation (per Origin AS):  280875
Deaggregation factor:  2.60
Unique aggregates announced (without unneeded subnets):  351369
Total ASes present in the Internet Routing Table: 62704
Prefixes per ASN: 11.64
Origin-only ASes present in the Internet Routing Table:   54098
Origin ASes announcing only one prefix:   23512
Transit ASes present in the Internet Routing Table:8606
Transit-only ASes present in the Internet Routing Table:257
Average AS path length visible in the Internet Routing Table:   4.0
Max AS path length visible:  30
Max AS path prepend of ASN ( 16327)  25
Prefixes from unregistered ASNs in the Routing Table:39
Number of instances of unregistered ASNs:39
Number of 32-bit ASNs allocated by the RIRs:  25220
Number of 32-bit ASNs visible in the Routing Table:   20431
Prefixes from 32-bit ASNs in the Routing Table:   88037
Number of bogon 32-bit ASNs visible in the Routing Table:19
Special use prefixes present in the Routing Table:1
Prefixes being announced from unallocated address space:283
Number of addresses announced to Internet:   2838283681
Equivalent to 169 /8s, 44 /16s and 197 /24s
Percentage of available address space announced:   76.7
Percentage of allocated address space announced:   76.7
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   99.1
Total number of prefixes smaller than registry allocations:  243329

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   199478
Total APNIC prefixes after maximum aggregation:   56775
APNIC Deaggregation factor:3.51
Prefixes being announced from the APNIC address blocks:  196626
Unique aggregates announced from the APNIC address blocks:80923
APNIC Region origin ASes present in the Internet Routing Table:9308
APNIC Prefixes per ASN:   21.12
APNIC Region origin ASes announcing only one prefix:   2624
APNIC Region transit ASes present in the Internet Routing Table:   1396
Average APNIC Region AS path length visible:4.0
Max APNIC Region AS path length visible: 29
Number of APNIC region 32-bit ASNs visible in the Routing Table:   4301
Number of APNIC addresses announced to Internet:  768781696
Equivalent to 45 /8s, 210 /16s and 173 /24s
APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 63488-64098, 64297-64395, 131072-139577
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:216291
Total ARIN prefixes after maximum aggregation:   102837
ARIN Deaggregation factor: 2.10
Prefixes being announced from the ARIN address blocks:   215591
Unique aggregates announced from the ARIN address blocks:103289
ARIN Region origin ASes present in the Internet Routing Table:18300
ARIN Prefixes per ASN:11.78
ARIN Regi

Re: How to choose a transport(terrestrial/subsea)

[Eric Dugas]

I also look at hand-off locations (as long as it doesn't compromise the overall 
robustness of the design).

Most providers will be able to hand-off in the BMMR of a carrier hotel and some 
will have the flexibility to hand-off in particular suites within the same 
building or other locations near where the cross-connects fees are lower. I've 
seen cross-connect fees between $50 up to $750 MRC so if you need multiple 
wavelengths (for capacity), the cross-connect fees are going to make a huge 
difference on the total MRC.
Eric
On Dec 14 2018, at 12:17 pm, Mehmet Akcin  wrote:
> Thank you everyone incredible amounts of responses for my how to choose a 
> transit provider smail earlier.
>
> How do you choose transport & backbone?
>
> Looking at key aspects like route information, diversity, aerial vs under 
> ground fiber, age of fiber, outage history, length, but what else?
>
> I will get both transport and transit as two seperate blogs.
>
> I will also submit as a nanog paper for the meeting after next, or maybe 
> next? I am probably too late by now.
>
> Thank you for all your help. I will add your names to the thank you line ;-)
> --
> Mehmet
> +1-424-298-1903
>
>

Re: email scannering / filtering

[Rich Kulawiec]

On Fri, Dec 14, 2018 at 06:30:08AM -0500, David Funderburk wrote:
> What open source email filtering system is working well for you? 

I've been studying email abuse for a very long time, and am writing
a book about defending against it with open-source tools.

One of the things that I've learned over those decades is that while
some measures make sense for everyone, one size does not fit all, and
that it's critical to understand the mail stream that's being presented
before trying to design and build systems to deal with it.  Everyone's
legitimate email looks different.  Everyone's abusive email looks different.
It's not possible to figure out how to cope with these things until
you measure them.

Nor is it possible until you understand the operational requirements,
which again, are different for everyone.  Joe's Donuts in Dubuque
probably isn't going to be receiving messages at its "orders" address
from Peru or Pakistan, for example, so any incoming traffic like that
is almost certainly misdirected (at best) or abusive.  On the other
hand, Michigan State University will probably receive legitimate
traffic from all the world, including Peru and Pakistan.

Unfortunately, lots of people skip these two steps -- especially the
first one -- because they perceive them as onerous and unnecessary.
They thus hamstring their own efforts.

One of the other things I've learned is that there's a correct order
in which to apply defensive measures, so that the probability of FP
and FN (false positive and false negative) are both simultaneously
minimized, so that each successive measure has less work to do than
the one before, and so that those measures which consume the least
resources are deployed up front.  (For example: using the DROP list
in a perimeter router, firewall or even in the MTA's configuration
is a highly efficient/low-cost/low-resource measure that should be
done before doing other things.  This is, by the way, one of the
measures that make sense for everyone, see above.)

So while I could answer your question by telling you what I use,
that doesn't mean that it would work for you.  It *might*, and
after a fashion, it probably would -- but it's highly unlikely
that it's anything close to optimal for your environment.  There's
a fair amount of homework that needs to be done to figure that out.

One more thing.  There are a number of things that some people do
in their email systems which are worst practices -- things that
exacerbate the problem.  For example, "quarantines" or "spam folders"
are a profoundly horrible idea that should never be deployed.
(Ask RSA how that's working out for them.)  Avoid these.

---rsk

Re: How to choose a transit provider?

[Brian Kantor]

On Fri, Dec 14, 2018 at 03:26:56PM -0200, Mehmet Akcin wrote:
> Probably you also have never got the best possible pricing ;-)

Ugh.  Requiring an NDA to get best pricing is a  business practice 
that makes me feel I need to wash my hands after dealing with them.
- Brian

Re: email scannering / filtering

[Guillaume Tournat]

Hello,

For MTA server, I use Postfix, with some blacklists (DNSBL).

For filtering then: SpamAssassin + Clamav works well.


Le 14/12/2018 à 12:30, David Funderburk a écrit :


What open source email filtering system is working well for you?


Regards,

David Funderburk
GlobalVision
864-569-0703

For Technical Support, please email gv-supp...@globalvision.net 
.



--
This message has been scanned for viruses and dangerous content by
*E.F.A. Project* , and is believed to be 
clean. 

Re: How to choose a transit provider?

[Mehmet Akcin]

Probably you also have never got the best possible pricing ;-)

On Fri, Dec 14, 2018 at 15:21 Aaron  wrote:

> I've never signed an NDA to receive a quote.  Some of my contracts have
> NDAs in them after the fact but I've never been asked to sign one before
> I received pricing from a transit provider.
>
> Aaron
>
> On 12/14/2018 11:12 AM, Brian Kantor wrote:
> > On Fri, Dec 14, 2018 at 04:07:08PM +, David Guo via NANOG wrote:
> >> First of all, sign NDA if possible, then ask the following questions:
> > Why in heaven's name would you *want* to sign an NDA?  Aren't you better
> > off without one?
> >   - Brian
> >
> >
>
> --
> 
> Aaron Wendel
> Chief Technical Officer
> Wholesale Internet, Inc. (AS 32097)
> (816)550-9030
> http://www.wholesaleinternet.com
> 
>
> --
Mehmet
+1-424-298-1903

RE: How to choose a transit provider?

[David Guo via NANOG]

No provider wants you disclose the information. Hmm someone posted on LINX 
that he can get $500 for a 10 Gbps unmetered port from a Tier 1 ISP, do you 
believe it?

-Original Message-
From: NANOG  On Behalf Of Brian Kantor
Sent: Saturday, December 15, 2018 1:13 AM
To: NANOG 
Subject: Re: How to choose a transit provider?

On Fri, Dec 14, 2018 at 04:07:08PM +, David Guo via NANOG wrote:
> First of all, sign NDA if possible, then ask the following questions:

Why in heaven's name would you *want* to sign an NDA?  Aren't you better off 
without one?
- Brian

Re: How to choose a transit provider?

[Aaron]

I've never signed an NDA to receive a quote.  Some of my contracts have 
NDAs in them after the fact but I've never been asked to sign one before 
I received pricing from a transit provider.


Aaron

On 12/14/2018 11:12 AM, Brian Kantor wrote:

On Fri, Dec 14, 2018 at 04:07:08PM +, David Guo via NANOG wrote:

First of all, sign NDA if possible, then ask the following questions:

Why in heaven's name would you *want* to sign an NDA?  Aren't you better
off without one?
- Brian




--

Aaron Wendel
Chief Technical Officer
Wholesale Internet, Inc. (AS 32097)
(816)550-9030
http://www.wholesaleinternet.com

How to choose a transport(terrestrial/subsea)

[Mehmet Akcin]

Thank you everyone incredible amounts of responses for my how to choose a
transit provider smail earlier.

How do you choose transport & backbone?

Looking at key aspects like route information, diversity, aerial vs under
ground fiber, age of fiber, outage history, length, but what else?

I will get both transport and transit as two seperate blogs.

I will also submit as a nanog paper for the meeting after next, or maybe
next? I am probably too late by now.

Thank you for all your help. I will add your names to the thank you line ;-)
-- 
Mehmet
+1-424-298-1903

Re: How to choose a transit provider?

[Brian Kantor]

On Fri, Dec 14, 2018 at 04:07:08PM +, David Guo via NANOG wrote:
> First of all, sign NDA if possible, then ask the following questions:

Why in heaven's name would you *want* to sign an NDA?  Aren't you better
off without one?
- Brian

RE: How to choose a transit provider?

[David Guo via NANOG]

Hi Mehmet,

We usually ask the sales director from a neutral datacenter to introduce a 
sales rep from Tier 1 - 2 ISPs to bargain.

First of all, sign NDA if possible, then ask the following questions:

1. Price for 100 Mbps on 1 Gbps port to 1 Gbps unmetered or 1 Gbps on 10 Gbps 
or 10 Gbps unmetered
2. Contact term, from 12 months to 36 months, or even 60 months.
3. BGP community or RTBH for blackhole
4. AS-SET or LOA for BGP filter updating
5. SLA and network delay (latency) guarantee
6. Price for NRC and MRC and VAT or tax in some countries

For their peering networks and IX, you can do research on different network 
using looking glass, mtr, traceroute, etc. And ask your friend if they are 
already using the service.

Cheapest transit service will not always have good performance, but the most 
expensive one may not be the best choice. You should choose the suitable 
provider for your audience.

Regards,

David


From: NANOG  On Behalf Of Mehmet Akcin
Sent: Friday, December 14, 2018 11:22 PM
To: nanog 
Subject: How to choose a transit provider?

Hello there,

I have started writing a blog which I hope it would help buy transit services 
from providers by doing various due diligences(technical) i wanted to reach out 
and ask nanog community’s thoughts on this.

What are some of your checklist items ? Price? Their directly peered networks? 
If they are tier 2,3 who they use as tier 1-2? Are the onnet? I am sure list 
goes on and on on...

Thanks a lot for your help. I plan to write the blog this month and publish.

Mehmet
--
Mehmet
+1-424-298-1903

RE: IRR Cleanliness

[David Guo via NANOG]

Hi Graham,

Maybe your ASN is not a virgin ASN, someone used it.

You should notify every object's former owner or the current maintainer to 
remove it, or contact RADb or ARIN to help you remove them. But I think that 
RADb was easier to use than ARIN before, the current version of RADb is not 
user-friendly.

Regards,

David

From: NANOG  On Behalf Of Graham Johnston
Sent: Friday, December 14, 2018 10:19 PM
To: nanog@nanog.org
Subject: IRR Cleanliness

Hi,

I'm in the middle of transitioning all of my IRR data from RADb to ARIN and as 
part of this I am trying to get old stale IRR data cleaned up that other 
providers have put in place in the past.  While doing this I was using the 
nlnog IRR explorer website and found that a company that I peer with on a 
public exchange has my ASN listed in an as-macro that they control. The way the 
as-macro is named I am reasonably confident that they aren't using it for 
transit related activity, rather they are likely using it for controlling 
peering activity and filtering on the IX in question. Part of me is okay with 
this, but given that I've never seen this behavior from any other provider on 
the three reasonably large exchanges that we participate on I am curious what 
the community thinks about this. Is this uncommon but acceptable in the eyes of 
community?

Thanks,
Graham

email scannering / filtering

[David Funderburk]

 

What open source email filtering system is working well for you? 

 Regards,

 David Funderburk
 GlobalVision
 864-569-0703

 For Technical Support, please email gv-supp...@globalvision.net. 

 

--
This message has been scanned by E.F.A. Project and is believed to be clean.

Re: Auto-configuring IPv6 transition mechanisms on customer devices

[Mikael Abrahamsson]

On Fri, 14 Dec 2018, Brandon Martin wrote:

Are there any (draft, standard, or otherwise) defined mechanisms for 
indicating to customer-provided devices that they should configure IPv6 to 
IPv4 transition mechanisms such as MAP, 4rd, 464XLAT, etc. and providing the 
configuration details thereof?


I'm not aware of any.  It seems like this is something that, if defined, 
would make deployment of such mechanisms a lot easier even if SPs provide the 
customer edge router that implements said mechanisms.  I guess they'd 
probably be implemented as extensions to DHCPv6 or similar or embedded in RAs 
(the latter seems ugly).


We use this to configure LW4o6 tunnels using DHCPv6. This is already 
present in OpenWrt via the MAP package. It supports both MAP-E and LW4o6.


https://tools.ietf.org/html/rfc7598

DHCPv6 Options for Configuration of Softwire Address and Port-Mapped 
Clients


   This document specifies DHCPv6 options, termed Softwire46 options,
   for the provisioning of Softwire46 Customer Edge (CE) devices.
   Softwire46 is a collective term used to refer to architectures based
   on the notion of IPv4 Address plus Port (A+P) for providing IPv4
   connectivity across an IPv6 network.

--
Mikael Abrahamssonemail: swm...@swm.pp.se

Re: Auto-configuring IPv6 transition mechanisms on customer devices

[JORDI PALET MARTINEZ via NANOG]

Hi Brandon,

This may help:
https://datatracker.ietf.org/doc/draft-ietf-v6ops-transition-ipv4aas/

It is in last call right now, I need to send a new version today/tomorrow, as 
the IESG review had some inputs, but nothing that change the document as you 
can read it now.

Regards,
Jordi
 
 

-Mensaje original-
De: NANOG  en nombre de Brandon Martin 

Fecha: viernes, 14 de diciembre de 2018, 17:20
Para: "nanog@nanog.org" 
Asunto: Auto-configuring IPv6 transition mechanisms on customer devices

Are there any (draft, standard, or otherwise) defined mechanisms for 
indicating to customer-provided devices that they should configure IPv6 
to IPv4 transition mechanisms such as MAP, 4rd, 464XLAT, etc. and 
providing the configuration details thereof?

I'm not aware of any.  It seems like this is something that, if defined, 
would make deployment of such mechanisms a lot easier even if SPs 
provide the customer edge router that implements said mechanisms.  I 
guess they'd probably be implemented as extensions to DHCPv6 or similar 
or embedded in RAs (the latter seems ugly).
-- 
Brandon Martin




**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

Re: How to choose a transit provider?

[Matt Erculiani]

Tier 1s are just as succeptible to outages and peering issues as anyone
else. Not to say they're any less, I work for one after all, but one
shouldn't assume they're always the best for every application. As an
example, Hurricane is decidedly not a Tier 1, but have one of the best
peered networks out there.

Well peered is a huge plus but that's hard to measure. Cogent, peers with
Google in just a few spots so if you want to get to 8.8.8.8 from Dallas
you're going to go via Atlanta even though they could peer right in TX.
That's a bummer if you've hardcoded Google DNS into anything. But how would
you know that unless you do a lot of testing with looking glasses?

The choice also depends on what you're doing with the bandwidth:

If you're a content provider, for example, you may want to buy transit from
AT&T, Comcast, or Charter, not because they're the best, but because they
have better access to the eyeballs. Voice guys may want a "performance
optimized" blendwidth for lower latency. Etc.

-M

On Fri, Dec 14, 2018, 10:23 Mehmet Akcin  Hello there,
>
> I have started writing a blog which I hope it would help buy transit
> services from providers by doing various due diligences(technical) i wanted
> to reach out and ask nanog community’s thoughts on this.
>
> What are some of your checklist items ? Price? Their directly peered
> networks? If they are tier 2,3 who they use as tier 1-2? Are the onnet? I
> am sure list goes on and on on...
>
> Thanks a lot for your help. I plan to write the blog this month and
> publish.
>
> Mehmet
> --
> Mehmet
> +1-424-298-1903
>

Re: How to choose a transit provider?

[Baldur Norddahl]

Hi

This depends a lot of who you are and where you are. For example apparently
Cogent is better in the USA compared to Europe. This would make them mostly
useful in Europe only if you have the traffic to be multi homed, while
someone in USA might be able to use them as their only provider.

If you are going to have only one provider, I would recommend to stay away
from the so called Tier 1 providers. You want a smaller local provider,
which has multiple upstreams and at least some local peering. Sometimes the
tier 1 can get you the best quote and their sales people will certainly
tell you all about their superior network and how many global connected
customers. But more often than not, the interconnect between the various
tier 1 providers is not good and you end up with bad connectivity to
whoever they are at war with at the moment.

If you have enough traffic to justify multiple upstreams, you can do the
tier 1 game. But you still have to be careful to have good local peering.
At least if your customers are close to your own physical location. In my
country there are several of the big american transit providers. They only
have good connectivity to other local companies, that happens to also buy
directly from the same transit provider. The tier 1 will refuse to peer
with just about anyone and this makes their local connectivity poor.

Also consider the wildcard called HE.net. They are the opposite to the old
tier 1 in that he.net peers with everyone locally. On the other hand, their
global network might not be as good (although my experience is that they
are pretty good). I am using he.net as an alternative to joining the too
expensive local internet exchanges. It is cheaper to get he.net and he.net
will be able to get all the peerings that I can't.

Another interesting player is NL-IX. I know this is an european thing. I
believe their concept could spread. They take distributed IX to the next
level with a IX network that covers large part of Europe.

If you are an eyeball ISP you also need to consider caches and direct
peerings with the big content providers. Akamai, Google, Netflix, Apple,
Microsoft etc. If you are hosting provider, those same peerings are
completely irrelevant.

 Regards,

Baldur

Auto-configuring IPv6 transition mechanisms on customer devices

[Brandon Martin]

Are there any (draft, standard, or otherwise) defined mechanisms for 
indicating to customer-provided devices that they should configure IPv6 
to IPv4 transition mechanisms such as MAP, 4rd, 464XLAT, etc. and 
providing the configuration details thereof?


I'm not aware of any.  It seems like this is something that, if defined, 
would make deployment of such mechanisms a lot easier even if SPs 
provide the customer edge router that implements said mechanisms.  I 
guess they'd probably be implemented as extensions to DHCPv6 or similar 
or embedded in RAs (the latter seems ugly).

--
Brandon Martin

How to choose a transit provider?

[Mehmet Akcin]

Hello there,

I have started writing a blog which I hope it would help buy transit
services from providers by doing various due diligences(technical) i wanted
to reach out and ask nanog community’s thoughts on this.

What are some of your checklist items ? Price? Their directly peered
networks? If they are tier 2,3 who they use as tier 1-2? Are the onnet? I
am sure list goes on and on on...

Thanks a lot for your help. I plan to write the blog this month and publish.

Mehmet
-- 
Mehmet
+1-424-298-1903

IRR Cleanliness

[Graham Johnston]

Hi,

I'm in the middle of transitioning all of my IRR data from RADb to ARIN and as 
part of this I am trying to get old stale IRR data cleaned up that other 
providers have put in place in the past.  While doing this I was using the 
nlnog IRR explorer website and found that a company that I peer with on a 
public exchange has my ASN listed in an as-macro that they control. The way the 
as-macro is named I am reasonably confident that they aren't using it for 
transit related activity, rather they are likely using it for controlling 
peering activity and filtering on the IX in question. Part of me is okay with 
this, but given that I've never seen this behavior from any other provider on 
the three reasonably large exchanges that we participate on I am curious what 
the community thinks about this. Is this uncommon but acceptable in the eyes of 
community?

Thanks,
Graham