Re: Telstra Hijack
Hi Ross, Just to confirm the AS1221 incident (INC94009293) was resolved approx. 20:32 29/09/20 (UTC). If anyone has further issues feel free to email me off-thread. Regards, -Mark Senior Network Engineer AS1221 Sent from my iPhone > On 30 Sep 2020, at 07:30, Ross Tajvar wrote: > > Bad prefixes are all gone. This looks resolved from my point of view. > > On Tue, Sep 29, 2020 at 5:18 PM Ross Tajvar wrote: >> I'm still seeing bad prefixes from Cogent, but our other upstreams (NTT, >> GTT, Telia) blocked them. >> >> On Tue, Sep 29, 2020 at 5:09 PM Sadiq Saif wrote: >>> On Tue, 29 Sep 2020, at 16:36, Ross Tajvar wrote: >>> > I'm surprised no one else has mentioned this yet, but Telstra is >>> > hijacking a lot of prefixes: >>> > >>> > https://rpki.cloudflare.com/?view=bgp&prefix=&asn=1221&validState=Invalid >>> > >>> > Since we don't have RPKI filtering in our network (yet), we are >>> > currently filtering everything with the path ".* 4637 1221$". >>> > >>> > This is of course taking a while... >>> >>> My employer's prefixes were affected, I posted about it on the AusNOG list >>> so I could get some assistance. It has cleared up now but it took about two >>> hours or so. >>> >>> I saw AS paths like this from HE's looking glass: >>> 6461x4, 4637x11, 1221 >>> >>> I would love to know what the root cause of the leak was. >>> >>> -- >>> Sadiq Saif
STIR/SHAKEN: New Rules Promote Caller ID Authentication Across America's Phone Networks
https://www.fcc.gov/document/fcc-adopts-new-rules-combat-spoofed-robocalls The Federal Communications Commission today adopted new rules to further promote implementation of the STIR/SHAKEN caller ID authentication framework to protect consumers against malicious caller ID spoofing. The new rules make clear the obligations and deadlines for voice service providers regarding caller ID authentication, advance the use of caller ID authentication across the nation’s phone networks, and prohibit voice service providers from adding any line item charges to the bills of consumer or small business customer subscribers for caller ID authentication technology.
Re: Telstra Hijack
Bad prefixes are all gone. This looks resolved from my point of view. On Tue, Sep 29, 2020 at 5:18 PM Ross Tajvar wrote: > I'm still seeing bad prefixes from Cogent, but our other upstreams (NTT, > GTT, Telia) blocked them. > > On Tue, Sep 29, 2020 at 5:09 PM Sadiq Saif wrote: > >> On Tue, 29 Sep 2020, at 16:36, Ross Tajvar wrote: >> > I'm surprised no one else has mentioned this yet, but Telstra is >> > hijacking a lot of prefixes: >> > >> > >> https://rpki.cloudflare.com/?view=bgp&prefix=&asn=1221&validState=Invalid >> > >> > Since we don't have RPKI filtering in our network (yet), we are >> > currently filtering everything with the path ".* 4637 1221$". >> > >> > This is of course taking a while... >> >> My employer's prefixes were affected, I posted about it on the AusNOG >> list so I could get some assistance. It has cleared up now but it took >> about two hours or so. >> >> I saw AS paths like this from HE's looking glass: >> 6461x4, 4637x11, 1221 >> >> I would love to know what the root cause of the leak was. >> >> -- >> Sadiq Saif >> >
Re: Telstra Hijack
I'm still seeing bad prefixes from Cogent, but our other upstreams (NTT, GTT, Telia) blocked them. On Tue, Sep 29, 2020 at 5:09 PM Sadiq Saif wrote: > On Tue, 29 Sep 2020, at 16:36, Ross Tajvar wrote: > > I'm surprised no one else has mentioned this yet, but Telstra is > > hijacking a lot of prefixes: > > > > > https://rpki.cloudflare.com/?view=bgp&prefix=&asn=1221&validState=Invalid > > > > Since we don't have RPKI filtering in our network (yet), we are > > currently filtering everything with the path ".* 4637 1221$". > > > > This is of course taking a while... > > My employer's prefixes were affected, I posted about it on the AusNOG list > so I could get some assistance. It has cleared up now but it took about two > hours or so. > > I saw AS paths like this from HE's looking glass: > 6461x4, 4637x11, 1221 > > I would love to know what the root cause of the leak was. > > -- > Sadiq Saif >
Verizon issue in BOS today @ ~13:40 EST?
Comrades, We saw an issue with our Verizon peer at our One Summer location around approximately 13:40 EST today, 9.29.2020. We shifted traffic to another provider and stepped around the problem. I know that’s vague, we’re still doing investigation. BGP peers didn’t go down and we continued to receive full tables from them, but routing seemed to die within their network for us. Just wondering if anyone else saw anything as well? . | R. Leigh Hennig, Principal Network Architect ..| Markley Group https://markleygroup.com
Re: Telstra Hijack
On Tue, 29 Sep 2020, at 16:36, Ross Tajvar wrote: > I'm surprised no one else has mentioned this yet, but Telstra is > hijacking a lot of prefixes: > > https://rpki.cloudflare.com/?view=bgp&prefix=&asn=1221&validState=Invalid > > Since we don't have RPKI filtering in our network (yet), we are > currently filtering everything with the path ".* 4637 1221$". > > This is of course taking a while... My employer's prefixes were affected, I posted about it on the AusNOG list so I could get some assistance. It has cleared up now but it took about two hours or so. I saw AS paths like this from HE's looking glass: 6461x4, 4637x11, 1221 I would love to know what the root cause of the leak was. -- Sadiq Saif
Hulu Contact
Can someone from Hulu reach out to me? We are getting several customers complaining about receiving proxy/vpn errors from one of our subnets. Thanks! Robert Haas BPS Networks 573-293-2638
Re: cloud automation BGP
Hi Shared appreciation!! (and observation). Cheers, mh 29 septembre 2020 17:16 "Simon Leinen" a écrit: > Randy Bush writes: > >> have folk looked at https://github.com/nttgin/BGPalerter > > We use it, and have it configured to send alerts to the NOC team's chat > tool (Mattermost). Seems pretty nice and stable. Kudos to Massimo and > NTT for making it available and for maintaining it! > > The one issue we see is that the server often logs disconnections from > the RIS service (to its logfile, fortunately not generating alerts). > -- > Simon.
Telstra Hijack
I'm surprised no one else has mentioned this yet, but Telstra is hijacking a lot of prefixes: https://rpki.cloudflare.com/?view=bgp&prefix=&asn=1221&validState=Invalid Since we don't have RPKI filtering in our network (yet), we are currently filtering everything with the path ".* 4637 1221$". This is of course taking a while...
Re: cloud automation BGP
Randy Bush writes: > have folk looked at https://github.com/nttgin/BGPalerter We use it, and have it configured to send alerts to the NOC team's chat tool (Mattermost). Seems pretty nice and stable. Kudos to Massimo and NTT for making it available and for maintaining it! The one issue we see is that the server often logs disconnections from the RIS service (to its logfile, fortunately not generating alerts). -- Simon.
cloud automation BGP
On 29/09/2020 15:36, Graham Johnston wrote: > Does anyone have a quick answer as to what public data sources are used? I > tried looking at the main github page for the project but I either missed it > or it isn't there. https://blog.apnic.net/2020/07/27/easy-bgp-monitoring-with-bgpalerter/ > Where is the data coming from? > BGPalerter connects to public data sources (not managed by NTT) and the > entire monitoring is done directly in the application (there are no NTT > servers involved). > > A data source can be integrated with a connector component. In this way, you > can also use your data if you would like. > > Currently, BGPalerter connects automatically to RIS live, an amazing project > by the RIPE NCC. RIS live collects BGP updates coming from more than 600 > peers. The updates are streamed to BGPalerter in real time for an > unprecedented detailed and responsive monitoring. > https://raw.githubusercontent.com/nttgin/BGPalerter/v1.26.0/config.yml.example --> connectors smime.p7s Description: S/MIME Cryptographic Signature
Re: cloud automation BGP
Hi, It uses RIS Live (https://ris-live.ripe.net) under the hood. Robert On 2020-09-29 15:36, Graham Johnston wrote: Does anyone have a quick answer as to what public data sources are used? I tried looking at the main github page for the project but I either missed it or it isn't there. Graham -Original Message- From: Randy Bush have folk looked at https://github.com/nttgin/BGPalerter randy
Re: cloud automation BGP
> Does anyone have a quick answer as to what public data sources are > used? I tried looking at the main github page for the project but I > either missed it or it isn't there. > >> have folk looked at https://github.com/nttgin/BGPalerter ripe/ncc bgp stream
RE: cloud automation BGP
Does anyone have a quick answer as to what public data sources are used? I tried looking at the main github page for the project but I either missed it or it isn't there. Graham -Original Message- From: Randy Bush have folk looked at https://github.com/nttgin/BGPalerter randy
