Corero

[JASON BOTHE via NANOG]

Folks

Anyone on using Corero?  Thoughts around it? 

Thanks

J~

Register Now for NANOG 80 Virtual!

[NANOG News]

*Join us online for NANOG 80*
Share and discover the latest networking technologies and best practices
with the greater NANOG community — without ever leaving home. Registration
for the NANOG 80 Virtual  meeting
is now open. Be sure to register in advance to join us from your desktop or
mobile device, October 19-21.

The NANOG 80 registration fee will be $250. If this presents a hurdle to
your attendance, we encourage you to apply for a NANOG 80 fellowship.

Register Now

Apply for Fellowship


*Meet the NANOG 80 keynotes*
Jezzibell Gillmore of Packet Fabric, and Avi Freedman of Kentik will
deliver live-streamed keynotes at NANOG 80 Virtual! Learn more about
Jezzibell and Avi, and stay tuned for details on each of their talk
abstracts.

Learn More 

*Bring your ideas to life*
Transform your experiences and ideas on the latest technologies into a
remote presentation for NANOG 80!

*Topics of Interest*

   - SDN
   - Traffic Analysis
   - ISP Issues - sharing lessons learned / what to watch out for
   - Cloud related topics:
  - Automation
  - Scale Concerns
   - Routing
   - Best Current Practices
   - Career Development Skills

The NANOG Program Committee is accepting proposals through August 24, and
would love to see yours.

Learn More 

*Miss out on NANOG 79 Virtual?*
Our last community-wide virtual gathering may be over, but the hours of
archived talks and tutorials, keynotes and panels featured in June are just
waiting to be explored!

View Recap 

Netflix people?

[Max Tulyev]

Hi All,

is there anyone from Netflix?

We have a strange problem: our customers also customers of Netflix when 
connecting to Netfilx sees 404 error. If they change IP to another ISP - 
everything works fine. The support can't solve it.

Re: bgp hijack

[Andrew Lagzdin]

Hi Karl, 
I’ll email you and get this sorted out ASAP.

Andrew Lagzdin
Director of Network Operations
support. 416.532.1555 x 1 
office. 416.532.1555 x 2034 
direct. 416.304.9191 
beanfield.com 
 


    
This message and the documents attached hereto are intended only for the 
addressee and may contain privileged or confidential information. Any 
unauthorized disclosure is strictly prohibited. If you have received this 
message in error, please notify us immediately so that we may correct our 
internal records. Please then delete the original message. Thank you.


> On Aug 8, 2020, at 3:58 PM, Karl Morin  wrote:
> 
> Hello NANOG,
> 
> One of our customers' upstream provider (AS21548) has been hijacking a prefix 
> for a long time now, making it impossible to use this prefix properly
> https://bgp.he.net/ip/23.154.208.0  
> We tried support tickets, contacting Aptum/Beanfield's NOC, an abuse request. 
> No reply at all, the tickets just get ignored or closed.
> 
> Any help would be appreciated
> 
> Regards,
>  
>  
> Karl Morin 
> Data Center Specialist 
> Hive Data Center 
> M:  (514) 409-6606 
> W:  hivedatacenter.com  E:  
> kmo...@hivedatacenter.com  
>      
>    
>  

bgp hijack

[Karl Morin]

Hello NANOG,

One of our customers' upstream provider (AS21548) has been hijacking a
prefix for a long time now, making it impossible to use this prefix properly
https://bgp.he.net/ip/23.154.208.0
We tried support tickets, contacting Aptum/Beanfield's NOC, an abuse
request. No reply at all, the tickets just get ignored or closed.

Any help would be appreciated

Regards,

[image: upload image]
Karl Morin
Data Center Specialist
*Hive Data Center *
M:  (514) 409-6606
W:  hivedatacenter.com  E:
kmo...@hivedatacenter.com

[image: facebook]  [image:
linkedin]  [image: instagram]

GTT contact for ipv6 issue

[Ben Cannon]

We have a service affecting issue and conventional channels are stymied..  
Could a compassionate network engineer reach out off-list re #5339907 please?

Thanks!

-Ben

Ms. Benjamin PD Cannon, ASCE
6x7 Networks & 6x7 Telecom, LLC 
CEO 
b...@6by7.net 
"The only fully end-to-end encrypted global telecommunications company in the 
world.”
FCC License KJ6FJJ

Spoofer Report for NANOG for Jul 2020

[CAIDA Spoofer Project]

In response to feedback from operational security communities,
CAIDA's source address validation measurement project
(https://spoofer.caida.org) is automatically generating monthly
reports of ASes originating prefixes in BGP for systems from which
we received packets with a spoofed source address.
We are publishing these reports to network and security operations
lists in order to ensure this information reaches operational
contacts in these ASes.

This report summarises tests conducted within usa, can.

Inferred improvements during Jul 2020:
ASNName   Fixed-By
174COGENT-174 2020-07-10
7859   PAIR-NETWORKS  2020-07-11
3549   LVLT-3549  2020-07-15

Further information for the inferred remediation is available at:
https://spoofer.caida.org/remedy.php

Source Address Validation issues inferred during Jul 2020:
ASNName   First-Spoofed Last-Spoofed
5650   FRONTIER-FRTR 2016-02-22   2020-07-19
209CENTURYLINK-US-LEGACY-QWEST   2016-08-16   2020-07-30
6128   CABLE-NET-1   2016-09-03   2020-07-23
20412  CLARITY-TELECOM   2016-09-30   2020-07-27
6181   FUSE-NET  2016-10-10   2020-07-27
11427  TWC-11427-TEXAS   2016-10-21   2020-07-14
174COGENT-1742016-10-21   2020-07-07
32440  LONI  2016-11-03   2020-07-26
12083  WOW-INTERNET  2016-11-09   2020-07-29
30036  MEDIACOM-ENTERPRISE-BUSINESS  2016-11-16   2020-07-23
9009   M247  2017-01-10   2020-07-28
63296  AWBROADBAND   2017-09-01   2020-07-28
546PARSONS-PGS-1 2017-11-20   2020-07-22
20448  VPNTRANET-LLC 2018-09-20   2020-07-28
63275  RADIOWIRE 2019-02-07   2020-07-15
8047   GCI   2019-04-11   2020-07-30
46300  HSC-WAP   2019-10-30   2020-07-24
239UTORONTO  2020-01-28   2020-07-18
13614  ALLWEST   2020-03-16   2020-07-01
26335  MTSU  2020-03-20   2020-07-20
5078   ONENET-AS-1   2020-04-06   2020-07-09
11650  PLDI  2020-05-25   2020-07-08
6391   URBAN-15  2020-05-29   2020-07-16
5690   VIANET-NO 2020-06-12   2020-07-20
11525  HRTC  2020-06-27   2020-07-05
36086  TELX-LEGACY   2020-07-11   2020-07-11
20340  CALLTOWER 2020-07-15   2020-07-15
36222  WINDWAVE-COMMUNICATIONS   2020-07-21   2020-07-21
394752 AVATIVE-FIBER 2020-07-22   2020-07-22

Further information for these tests where we received spoofed
packets is available at:
https://spoofer.caida.org/recent_tests.php?country_include=usa,can&no_block=1

Please send any feedback or suggestions to spoofer-i...@caida.org

RE: Has virtualization become obsolete in 5G?

[adamv0025]

> From: Mark Tinka 
> Cc: adamv0...@netconsultings.com; North American Network Operators'
> 
> 
> On 6/Aug/20 15:43, Shane Ronan wrote:
> 
> > Yes they are for 5G core.
> 
> Right, but for legacy operators, or new entrants?
> 
> If you know where we can find some info about deployment and
> experiences, that would be very interesting to read.
> 
> We've all been struggling to make Intel CPU's shift 10's, 40's and 100's of 
> Gbps
> of revenue traffic as a routing platform, so would like to know how the
> operators are getting on with this.
> 
Mark, 
1) first you have your edge - lots of small instances that are meant to be 
horizontally scaled (not vertically- i.e. not 40's/100's of Gbps pushed via 
single Intel CPU) 
- that's your NFVI.  
- could be compute host in a DC "cloud", or in a customer office (acting as 
CPE), or at the rooftop of the office building i.e. (fog/edge computing) -e.g. 
hosting self-driving intersection apps via 5G -to your point regarding latency 
in metro), or in the same rack as core routers (acting as vRR), or actually 
inside a router as a routing engine card (hosting some containerized app).

2) Any of the compute hosts mentioned above can host one or more of any type of 
the network function you can think of ranging from EPG, SBC,  PBX, all the way 
to PE-Router, LB, FW/WAF or IDS. 
  
3) While inside a compute host it's CPU based forwarding, but as soon as you 
leave compute host's NICs there's world of solely NPU based forwarding (that's 
where you do 40's, 100's, or even 400's Gbps). 
 
4) Now how you make changes to control-planes of these NFs (i.e. virtual 
CPU-based NFs and physical NPU-based NFs) programmatically, that's the realm of 
SDN.
- If you want to do it right you do it in an abstracted declarative way (not 
exposing the complexity to a control program/user - but rather localizing it to 
a given abstraction layer)
Performing tasks like:
- Defining service topology/access control a.k.a. micro segmentation (e.g. A 
and B can both talk to C, but not to each other).
- Traffic engineering a.k.a. service chaining, a.k.a. network slicing (e.g. 
traffic type x should pas through NF A, B and C, but traffic type Y should pass 
only through A and C)
 
5) And for completeness, in the virtual world you have the task of VNF 
lifecycle management (cause the VNFs and virtual networks connecting them can 
be instantiated on demand)
  
adam
 

RE: Has virtualization become obsolete in 5G?

[adamv0025]

And for other stuff as well.

 

adam

 

From: Shane Ronan  
Sent: Thursday, August 6, 2020 2:43 PM
To: Mark Tinka 
Cc: adamv0...@netconsultings.com; North American Network Operators' Group 

Subject: Re: Has virtualization become obsolete in 5G?

 

Yes they are for 5G core.

 

On Wed, Aug 5, 2020, 11:28 AM Mark Tinka mailto:mark.ti...@seacom.com> > wrote:



On 5/Aug/20 17:07, Shane Ronan wrote:

> I think you'd be surprised how much of the 5G Core is containerized
> for both the data and control planes in the next generations providers
> are currently deploying.

It's what I expect for new entrants that don't want to deal with
traditional vendors.

I'd be curious to see if legacy operators are shifting traffic away from
iron to servers, and at what rate.

Mark.