Re: Ingress filtering on transits, peers, and IX ports

2020-10-19 Thread Randy Bush 
term blocked-ports {
from {
protocol [ tcp udp ];
first-fragment;
destination-port
[ 0 sunrpc 135 netbios-ns netbios-dgm netbios-ssn 111 445 syslog 
11211];
}
then {
sample;
discard;
}
}

and i block all external access to weak devices such as switches, pdus,
ipmi, ...

randy

Re: Ingress filtering on transits, peers, and IX ports

2020-10-19 Thread Brian Knight via NANOG 
Thanks to the folks who responded to my messages on and off-list.  A 
couple of folks have asked me to summarize the responses that I 
received.


* Static ACL is currently the best way to protect a multi-homed network. 
 Loose RPF may be used if bogon filtering is more important, but it does 
not provide anti-spoofing security.


* Protect your infrastructure subnets with the ingress ACL [BCP 84 sec 
3.2].  Loopbacks and point-to-point circuits can benefit from this.  In 
the draft ACL, for example, I permit ICMP and traceroute over UDP, and 
block all else.


* Do an egress ACL also, to prevent clutter from reaching the rest of 
the 'Net.  Permit only your aggregate and customer prefixes going 
outbound.


* As I worked through putting the ACLs together, I found that if one 
implements an egress ACL, then customer prefixes must be enumerated 
anyway.  Once those are in an object group, it's easy to add an entry to 
the ingress ACL permitting traffic destined to customer PI space and 
aggregate space.  Seems better than just permitting all traffic in.


Our ACLs, both v4 and v6, now look like the following:

Ingress

* Deny to and from bogon networks, where bogon is either source or dest
* Permit to and from WAN PtP subnets
* For IPv6, also permit link-local IPs (fe80::/10)
* Deny to and from multicast ranges 224.0.0.0/4 and ff00::/8
* Permit ICMP / traceroute over UDP to infrastructure
* Deny all other traffic to infrastructure
* Permit from customer PI / PA space
* Deny from originated aggregate space
* Permit all traffic to customer PI / PA space
* Permit all traffic to aggregate space
* Deny any any

Egress

* Deny to and from bogon networks
* Permit to and from WAN PtP subnets
* For IPv6, also permit link-local IPs
* Deny to and from multicast range
* Permit all traffic from customer PI / PA space
* Permit all traffic from aggregate space
* Deny any any

We have started implementing the ACLs by blocking the bogon traffic 
only.  The other deny rules are set up as permit rules for now with 
logging turned on.  I'll review matching traffic before I switch the 
rules to deny.


Future work also includes automating the updates to the object groups 
via IRR.


BTW, Team Cymru didn't have any guidance around IPv6 bogons, so I put 
together the below object group based on the IANA IPv6 allocation list: 
https://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xhtml. 
 Obviously this is only for space not yet allocated to RIRs.


object-group network ipv6 IPV6-BOGON
  description Invalid IPV6 networks
  ::/3
  4000::/3
  6000::/3
  8000::/3
  a000::/3
  c000::/3
  e000::/4
  f000::/5
  f800::/6
  fc00::/7
  fe00::/9
  fec0::/10
exit

Thanks,

-Brian



On 2020-10-14 17:43, Brian Knight wrote:

So I have put together what I think is a reasonable and complete ACL.
From my time in the enterprise world, I know that a good ingress ACL
filters out traffic sourcing from:

* Bogon blocks, like 0.0.0.0/8, 127.0.0.0/8, RFC1918 space, etc
(well-documented in
https://team-cymru.com/community-services/bogon-reference/bogon-reference-http/)
* RIR-assigned blocks I am announcing to the rest of the world

However, I recognized a SP-specific case where we could receive
legitimate traffic sourcing from our own IP blocks: customers running
multi-homed BGP where we have assigned PA space to them.  So I added
"permit" statements for traffic sourcing from these blocks.

Also, we have direct peering links that are numbered within our
assigned prefixes.  So we can use the same ACL with these peer
interfaces and continue to have BGP work, I added "permit" statements
for these point-to-point subnets.

So the order of the statements is:

* Permit where source is direct peer PtP networks
* Permit where source is BGP customer PA prefix
* Deny where source is bogon
* Deny where source is our advertised prefixes
* Permit all other traffic

I considered BGP customer PI prefixes to be out of scope for ingress
filtering, since the customer is likely to be multi-homing.  Should we
consider filtering them?

The Team Cymru Secure IOS Template
[https://www.cymru.com/Documents/secure-ios-template.html] also
references an ICMP fragment drop entry on the ingress ACL.  I think
that's good for an enterprise network, but as an SP, I'm very hesitant
to include this.  Is this included in anyone else's transit / peer /
IX ACL?

Is there anything else that I'm not thinking of?

Thanks,

-Brian


On 2020-10-14 09:25, Brian Knight via NANOG wrote:

Hi Marcos,

Thanks for your reply.  But I am looking for guidance on traffic
filtering, not BGP prefix filtering.

I have looked at BCP 84, and it's a good overview of the methods
available to an ISP.  My questions are more operational in nature and
are not covered by the document.  Of the choices presented in BCP 84,
what do folks really use?  If it's an ACL, what challenges have there
been with updates?  etc.

-Brian


On 2020-10-13 18:52, Marcos Manoni wrote:

Hi,

Re: Ingress filtering on transits, peers, and IX ports

2020-10-19 Thread Casey Deccio 

> On Oct 14, 2020, at 3:34 PM, Eric Kuhnke  wrote:
> 
> I think he means packet captures from an example, voluntarily-tested 
> recursive nameserver subject to this attack.


Thanks.  We have updated all the report pages with a self-test tool specific to 
the network associated with the report.  This should allow a network admin that 
received our report to check whether or not the condition still exists and to 
perform a packet capture from whatever vantage point they want in their network.

A more general tool (i.e., for anyone to use) will be made available in the 
future.

Cheers,
Casey

> 
> 
> On Wed, Oct 14, 2020 at 11:53 AM Casey Deccio  > wrote:
> Hi Bryan,
> 
> > On Oct 14, 2020, at 12:43 PM, Bryan Holloway  > > wrote:
> > 
> > I too would like to know more about their methodology
> 
> We've written up our methodology and results in a paper that will be 
> available in a few weeks.  Happy to post it here if folks are interested.  
> Obviously, no networks are individually identified; it's all aggregate.
> 
> Also, we're working on a self-test tool, but it's not quite ready yet.  Sorry.
> 
> > and actual tangibles ideally in the form of PCAPs.
> 
> What do you mean by "tangibles in the form of PCAPs"?
> 
> Casey

Re: cheap MPLS router recommendations [ID #5475871x3]

2020-10-19 Thread Brielle 
 DO NOT EDIT BELOW THIS LINE 

Assigned to: BuyGoods Support


 
Anyone know what the hell this 
"BuyGoods" crap is on some of the NANOG 
messages?


On 10/19/2020 9:55 AM, Colton Conor wrote:
> BuyGoods
> BuyGoods Logo 
> 
> 
>   BuyGoods Support
> 
>   
> 
> 
>   *Colton Conor* started this conversation
>   Monday, October 19th, 2020, 11:55am EDT 




-- 
Brielle Bruns
The Summit Open Source Development Group
https://u51012.ct.sendgrid.net/ls/click?upn=kruC0fnA4Hpw17IEn3t97jERGp4RfeNG0-2Fk8Q9pvRCI-3DCwbb_FXQS9GGQnf2NUciIM2Uj1P5Rmzx6-2Fb1NEqYJ37Xi2EYt2clxIm1VxzOOleHBbxauezNpMyGPpwaeZYBsK1lQtQmIuoE4U6y4X2WV7cIGvARKuv3TEYr5iqXFym3RrwUA7ToIVtuvS4QpHxIQX-2B2QUQeuHiKLnrnwwTFIr7krKKoyZUyf86IPNSns1NkWDaqj68FqA0YkxMykX9TQAhkmWUTCtsWxGovfF1-2F91OPdZYKSDznIdBKJLX9FgUmlk3KF7eNzfIHPomxJCjgc4ZpedQ-3D-3D
/ 
https://u51012.ct.sendgrid.net/ls/click?upn=kruC0fnA4Hpw17IEn3t97o-2By2W-2BpdNZdu4dbQAopyag-3D1D_l_FXQS9GGQnf2NUciIM2Uj1P5Rmzx6-2Fb1NEqYJ37Xi2EYt2clxIm1VxzOOleHBbxauuNQZLpYttUivMj7baYxDxkemSCtDTA2qbYKSRiNM5wvOqt5nicSxzc74Zl5QLQ9cRlQiu0NCfJCMj-2B10OEwzOiI5ye95N1-2FDC8AU6S3DQY0YHxR-2BNuOTGryaVxRIMQxhimKU0sFkVM6xRC0YqQY-2B-2Bs09-2BqJISu3Luw8H3tzkxt11ur3NAJK8-2FO-2Byqd0IJ1wifrtkL7XokeOy9n1Vjoutkg-3D-3D
 
 
 
I haven't tried one myself, but 
Dasan Zhone has the M2400 and M3000. Basically, a whitebox with IP Infusion 
code on it. New, I think the price point is sub $2000 to $4000 new. That's a 
ton of ports for that price point. Anyone tried these 
yet?https://u51012.ct.sendgrid.net/ls/click?upn=EhPlf17glKOZNVwhASoWuDgg-2FgvW5A5MFuGE0qlkslKLqOw6shUYbqzlwICX1qvhfkzHQ5j5B6ePPWlfJr8YyA-3D-3DlPhK_FXQS9GGQnf2NUciIM2Uj1P5Rmzx6-2Fb1NEqYJ37Xi2EYt2clxIm1VxzOOleHBbxaudIgQrL-2FKYhYz8Y0aROjDj-2FUt0CTpTdzmFGjIu1ENj0k6r6jBQEXI1dyQPiabpXKanK91v28EfJ-2FDkpGqkQjcqAJkp0wSGO5CaFjXIL-2FeFgI-2B5fE3RAuN1gghnwMmAV2RRNAsc5exVZ28ai-2FgdLzyrxdy2L3BBkM2cPG3SxWJ78wbgIYuX3J193cF1Vq-2FIuZi50GvrsEOBoj-2FDLokm0MNrw-3D-3D

On Mon, Oct 19, 2020 at 3:38 AM t...@pelican.org  wrote:
On Saturday, 17 October, 2020 00:41, "Tony Wicks"  said:

> Well, there is always the MX104 (if you want redundancy) or MX80 if you
> dont. That will give you 80gig wire speed just dont load it up with
> more than one full table.

Bear in mind that the MX80 is now in the EoL process, you have  
 



Team BuyGoods
===

cheap MPLS router recommendations [ID #5475871x3]

2020-10-19 Thread Colton Conor 
 DO NOT EDIT BELOW THIS LINE 

Assigned to: BuyGoods Support


 
I haven't tried one myself, but 
Dasan Zhone has the M2400 and M3000. Basically, a whitebox with IP Infusion 
code on it. New, I think the price point is sub $2000 to $4000 new. That's a 
ton of ports for that price point. Anyone tried these 
yet?https://u51012.ct.sendgrid.net/ls/click?upn=EhPlf17glKOZNVwhASoWuDgg-2FgvW5A5MFuGE0qlkslKLqOw6shUYbqzlwICX1qvhfkzHQ5j5B6ePPWlfJr8YyA-3D-3DqeY6_FXQS9GGQnf2NUciIM2Uj1P5Rmzx6-2Fb1NEqYJ37Xi2EZMpF2sV5IjocGMHgSEBTdycGY8eBXFQRB-2F1-2FWbBF9yGIo44gB2w-2FofOmx02OZ4Bphq-2FH8SoN4IRlaxDduP44LEuqNk4097Rvlq3lsdsdJMAX7xM6fql6XAHEBWTpN41yhRPaSG8-2BwlsJX7OOCiAsDhn4-2FiAD-2FsmB1C3YgGS1WU1H2Ohp0bpDzg9gVYt7TtiYI6XBk6AQI22Exp2rTDpazIuj7n3y-2Byrk-2Bk19GOgKYXQA-3D-3D

On Mon, Oct 19, 2020 at 3:38 AM t...@pelican.org  wrote:
On Saturday, 17 October, 2020 00:41, "Tony Wicks"  said:

> Well, there is always the MX104 (if you want redundancy) or MX80 if you
> dont. That will give you 80gig wire speed just dont load it up with
> more than one full table.

Bear in mind that the MX80 is now in the EoL process, you have  
 



Team BuyGoods
===

Ohio - Telecom Construction [ID #5475851x3]

2020-10-19 Thread Josh Luthman 
 DO NOT EDIT BELOW THIS LINE 

Assigned to: BuyGoods Support


 
Can you be a bit more specific?
Josh Luthman
24/7 Help Desk: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Sat, Oct 17, 2020 at 5:34 AM Rod Beck  wrote:






Please contact me off-list if you have knowledge regarding this subject. 





Thanks and Be Well, 





Roderick. 










Roderick Beck
VP of Business Development
United Cable Company

www.unitedcablecompany.com

New York City & Budapest

rod.b...@unitedcablecompany.com
Budapest: 36-70-605-5144
NJ: 908-452-8183 











 
 



Team BuyGoods
===

Re: Virginia voter registration down due to cable cut

2020-10-19 Thread Rich Kulawiec 
On Sat, Oct 17, 2020 at 07:44:01PM -0400, Sean Donelan wrote:
> In the USA, absent clear and convincing evidence otherwise, I expect any
> outages will be due to the normal things that cause outages on election day.

One of those things is the chronic underfunding of the systems/personnel
involved.  (This isn't the case everywhere of course but it's the case in
a lot of places.)  This leads to operations that are working -- barely --
and thus not resistant to stress, outages, and mistakes.

We could argue that given the criticality of this particular function
that resources should be more generously allocated, but unfortunately
that's often an unsuccessful argument.

---rsk

Recent List Spam

2020-10-19 Thread Bryan Fields 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Looks like this recent spammer has been removed from the list.  They were
moderated, and using the email address From: or known users.

Thanks,
- -- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEaESdNosUjpjcN/JhYTmgYVLGkUAFAl+NvKMACgkQYTmgYVLG
kUAcGRAAlQ/VmB99Y+by+BPQpNVFnlAHC2vtBz4fqXINHg0rONhsyc6I8RVfvSnN
bxrWh5ewduqnQPQzIB14FFMCiNqSQUqro8iYh3bZ/BknQ3nPn82zUjyGD1BQBMUv
Iv43O57OGc7rK/z1SS2xzMedmsSdUsRbwEHP2lSWqXvNBWnuG17lC2ITvGf796UR
I1BYj/eh5bp262KBDQfTxGuX+4FECVd8aho8wWQxVwJil5R7sMuDpHFn/Ikm1Bde
SevZ5JaW4NyX0RxOjGlNWFM7ic76GVxdAj4I3sCkokVkuSf9kh4rNrbU+VFwMJ/h
iqR/qCKPEGeDotFj8GpCBogb8ywAzn6wUwKVB5Ax9hWyrolIsxODS939HF1ayVah
9PL6bcVo1yKu458VmV7kdsy16zHGQnMoE0giZfbqQvxyKyE6CzqJnDN7UFfNH+Nv
lKxHJwpx7YC2Wr4co7tZrXUSOq2RbyV39BkPetFo8zGy5lqs6vfzDsHwIdAGYkgU
14N45NW/g9sLDxUOso7pT1EsLGpF/Cl86MVp9A8wP4A0U1kqZJbHnWXYloSS0qq5
ideKbex+keLOBuTqbZ2/+NOpi+8C+t8kGdAu+H5Hr/a/wvlD8zMpE9OP1fKbycAk
e4HadiStrFj9/PH4CecT4jNc535KcOGePmA6EFOlPMEV//K8L7I=
=PfBg
-END PGP SIGNATURE-

Re: cheap MPLS router recommendations [ID #5475871x3]

2020-10-19 Thread Brielle 

Headers, from my end with the nanog receives removed.

Something going through sendgrid.net, and passes through a mail server 
under the control of cl112rm.com.


cl112rm.com reeks of spam.


ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@sendgrid.net header.s=smtpapi header.b=q318kQB7;
 spf=pass (google.com: domain of
 bounces+51012-8522-nanog=nanog@sendgrid.net designates 
149.72.45.128 as

 permitted sender)
 smtp.mailfrom="bounces+51012-8522-nanog=nanog@sendgrid.net";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=2mbit.com
Received: from o16.message.cl112rm.com (o16.message.cl112rm.com.
 [149.72.45.128])
 by mx.google.com with ESMTPS id lh27si269894ejb.698.2020.10.19.09.11.00
 for 
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Mon, 19 Oct 2020 09:11:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 bounces+51012-8522-nanog=nanog@sendgrid.net designates 
149.72.45.128 as

 permitted sender) client-ip=149.72.45.128;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@sendgrid.net header.s=smtpapi header.b=q318kQB7;
 spf=pass (google.com: domain of
 bounces+51012-8522-nanog=nanog@sendgrid.net designates 
149.72.45.128 as

 permitted sender)
 smtp.mailfrom="bounces+51012-8522-nanog=nanog@sendgrid.net";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=2mbit.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net;
 h=content-type:from:mime-version:subject:to;
 s=smtpapi; bh=bPV33jyqmJOuU37gOMJ3R7sJ6qAWhBhtpDBuq+2e6C4=;
 b=q318kQB73XoAcEBa3oHI/GEPYFPXLFbi3ILhI9OdBm5usF4w/t4ZDKera+uGLoQjq06D
 1LW4CXoj2XLuiDKl/ItW2V4ejcYxufXlZiCD2+rucur7ONAKKuHTIbyMu2mUraj590Kht4
 gFdRkozDThXAJbW/C+HRj30QJOboD5+Rg=
Received: by filterdrecv-p3iad2-fb4b446ff-kbjqc with SMTP id
 filterdrecv-p3iad2-fb4b446ff-kbjqc-18-5F8DBA93-20
 2020-10-19 16:10:59.328555336 + UTC m=+577714.615887568
Received: from NTEwMTI (unknown) by ismtpd0002p1sjc2.sendgrid.net (SG)
 with HTTP id IoABsQrnQvuz_TSO_PCw6Q
 Mon, 19 Oct 2020 16:10:59.191 + (UTC)
Content-Type: multipart/alternative;
 boundary=2991e1a3618a6aebecb08629cf3d6dad39a77000acb468a173519b31600c
Date: Mon, 19 Oct 2020 16:10:59 + (UTC)
From: Brielle 
Mime-Version: 1.0
Message-ID: 
Subject: Re: cheap MPLS router recommendations [ID #5475871x3]
X-SG-EID: 
=?us-ascii?Q?O1XouBPEC9l7AS2MyTPb+8ds0gLJjnsCs0SUvuXeG20RHXRToNCui+m=2Fd13ZUt?=

 =?us-ascii?Q?xP6bL5G8fwyugilChlRKSuX1Hniszzm2uILP++T?=
 =?us-ascii?Q?gN+pQXFlhmd=2FIIpTzyBVhcD2s9ShP16XeJ8dylb?=
 =?us-ascii?Q?bNC1bwmwXToXSPc4iMdgwYRv=2Fkr68yfuz0r6WTF?=
 =?us-ascii?Q?B1mU0KYKx0aLSGPBY5BXNa1nLE9NMHyZv71LD5r?=
 =?us-ascii?Q?8XjMk03vTZ04P65Lc=3D?=
X-SG-ID: 
=?us-ascii?Q?N2C25iY2uzGMFz6rgvQsb9ItyPnz4VvYLPt87=2F39PsdLR2epbx=2FzBLDxc0VJCm?=

 =?us-ascii?Q?Xd8m2H34fN2uxE=2FrEcH4BLeHFTfVcEIBrAyveJI?=
 =?us-ascii?Q?DCQeWU=3D?=

On 10/19/2020 10:10 AM, Brielle wrote:

BuyGoods
BuyGoods Logo   


  BuyGoods Support




  *Brielle* replied
  Monday, October 19th, 2020, 12:10pm EDT   

Anyone know what the hell this "BuyGoods" crap is on some of the NANOG
messages?


On 10/19/2020 9:55 AM, Colton Conor wrote:
 > BuyGoods
 > BuyGoods Logo
 >
 >
 > BuyGoods Support
 >
 >
 >
 >
 > *Colton Conor* started this conversation
 > Monday, October 19th, 2020, 11:55am EDT




--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org 
 / 
http://www.ahbl.org 






  *Colton Conor* started this conversation
  Monday, October 19th, 2020, 11:55am EDT   


I haven't tried one myself, but Dasan Zhone has the M2400 and M3000. 
Basically, a whitebox with IP Infusion code on it. New, I think the 
price point is sub $2000 to $4000 new. That's a ton of ports for that 
price point. Anyone tried these

Re: cheap MPLS router recommendations [ID #5475871x3]

2020-10-19 Thread Brielle 
Anyone know what the hell this "BuyGoods" crap is on some of the NANOG 
messages?



On 10/19/2020 9:55 AM, Colton Conor wrote:

BuyGoods
BuyGoods Logo   


  BuyGoods Support




  *Colton Conor* started this conversation
  Monday, October 19th, 2020, 11:55am EDT   





--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

Re: cheap MPLS router recommendations

2020-10-19 Thread Colton Conor 
I haven't tried one myself, but Dasan Zhone has the M2400 and M3000.
Basically, a whitebox with IP Infusion code on it. New, I think the price
point is sub $2000 to $4000 new. That's a ton of ports for that price
point. Anyone tried these yet?
https://dzsi.com/product-category/mobile-xhaul/


On Mon, Oct 19, 2020 at 3:38 AM t...@pelican.org  wrote:

> On Saturday, 17 October, 2020 00:41, "Tony Wicks"  said:
>
> > Well, there is always the MX104 (if you want redundancy) or MX80 if you
> > don’t. That will give you 80gig wire speed just don’t load it up with
> > more than one full table.
>
> Bear in mind that the MX80 is now in the EoL process, you have <4 years of
> support left.  Depending on your expected life-time / depreciation rules,
> buying one new right now might be unwise.
>
> Do *not* throw a full table at it (or any of the PowerPC Junipers) unless
> you have a lot of patience for reconvergence, and black-holes while you
> wait.
>
> MX104 is a nice box for getting dual-RE in something relatively compact
> and cheap, and has environmental hardening if that matters to you, but is
> still not best pleased with full tables.
>
> OP could do with clarifying "cheap" :)
>
> Regards,
> Tim.
>
>
>

Re: Ohio - Telecom Construction

2020-10-19 Thread Josh Luthman 
Can you be a bit more specific?

Josh Luthman
24/7 Help Desk: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373


On Sat, Oct 17, 2020 at 5:34 AM Rod Beck 
wrote:

> Please contact me off-list if you have knowledge regarding this subject.
>
> Thanks and Be Well,
>
> Roderick.
>
> Roderick Beck
> VP of Business Development
>
> United Cable Company
>
> www.unitedcablecompany.com
>
> New York City & Budapest
>
> rod.b...@unitedcablecompany.com
>
> Budapest: 36-70-605-5144
>
> NJ: 908-452-8183
>
>
> [image: 1467221477350_image005.png]
>

Virginia voter registration down due to cable cut [ID #5475615x3]

2020-10-19 Thread Tom Beecher 
 DO NOT EDIT BELOW THIS LINE 

Assigned to: BuyGoods Support


 
Again, hopefully Twitter won't
fall down again during the evening of November 3rd. The digeratti will
lose thier minds.

No offense towards our many friends at Twitter, but I think the best thing that 
could happen would be for Twitter to shut 'er down from November 1 through 
November 6. Remove one of the primary avenues for rapid disinformation and 
confusion, and allow tabulations to proceed without extra nonsense.
This of course won't happen, but one can dream.
On Fri, Oct 16, 2020 at 2:37 AM Sean Donelan  wrote:
On Tue, 13 Oct 2020, Valdis Kltnieks wrote:
> my reaction was more like
> 
> Surprise, surprise, surprise...
> 

S.N.A.F.U.

Other SNAFUs, Georgia had technical problems with its voter database 
systems during the first couple of days of early voting. Expect all sorts 
of minor problems throughout the election and afterwards. Nonetheless they 
are unlikely to significantly impact the results (hopefully), but will 
generate lots of noise.

Its not just underfunded state I.T. systems. Even very large social media 
companies can have technical Oopsies. Again, hopefully Twitter won't 
fall down again during the evening of November 3rd. The digeratti will 
lose thier minds.

Even if Twitter or another major social media platform does go belly-up, 
most likely it will be a normal technical problem. Wishing the FBI & CISA 
& OGAs watch officers a very boring night on November 3rd.



In other news, New Zealand is having national elections this weekend. New 
Zealand is usually ranked in the top 10 best election administrations 
worldwide. NZ expects to have the majority of ballots counted within 2 
hours of their polls closing on Saturday evening.

Jealous of the Kiwis and their competently run elections. :-)
 
 



Team BuyGoods
===

Re: Virginia voter registration down due to cable cut

2020-10-19 Thread Tom Beecher 
>
> Again, hopefully Twitter won't
> fall down again during the evening of November 3rd.  The digeratti will
> lose thier minds.
>

No offense towards our many friends at Twitter, but I think the best thing
that could happen would be for Twitter to shut 'er down from November 1
through November 6. Remove one of the primary avenues for rapid
disinformation and confusion, and allow tabulations to proceed without
extra nonsense.

This of course won't happen, but one can dream.

On Fri, Oct 16, 2020 at 2:37 AM Sean Donelan  wrote:

> On Tue, 13 Oct 2020, Valdis Klētnieks wrote:
> > my reaction was more like
> > 
> > Surprise, surprise, surprise...
> > 
>
> S.N.A.F.U.
>
> Other SNAFUs, Georgia had technical problems with its voter database
> systems during the first couple of days of early voting. Expect all sorts
> of minor problems throughout the election and afterwards. Nonetheless they
> are unlikely to significantly impact the results (hopefully), but will
> generate lots of noise.
>
> Its not just underfunded state I.T. systems.  Even very large social media
> companies can have technical Oopsies.  Again, hopefully Twitter won't
> fall down again during the evening of November 3rd.  The digeratti will
> lose thier minds.
>
> Even if Twitter or another major social media platform does go belly-up,
> most likely it will be a normal technical problem.  Wishing the FBI & CISA
> & OGAs watch officers a very boring night on November 3rd.
>
>
>
> In other news, New Zealand is having national elections this weekend.  New
> Zealand is usually ranked in the top 10 best election administrations
> worldwide. NZ expects to have the majority of ballots counted within 2
> hours of their polls closing on Saturday evening.
>
> Jealous of the Kiwis and their competently run elections. :-)
>

Virginia voter registration down due to cable cut [ID #5475491x3]

2020-10-19 Thread Alain Hebert 
 DO NOT EDIT BELOW THIS LINE 

Assigned to: BuyGoods Support


 
Or what Matt?
-
Alain Hebertaheb...@pubnix.net   
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  
https://u51012.ct.sendgrid.net/ls/click?upn=kruC0fnA4Hpw17IEn3t97pGHr8E7VyKgPRuHdmxM2Lw-3D9-M7_FXQS9GGQnf2NUciIM2Uj1P5Rmzx6-2Fb1NEqYJ37Xi2EYetMihpCQ0TiMIS7v0RJZkkLS9euLvWu4Cy7nHCFzgw8cw23Zc-2BD7wZpduquHc-2BIFE6-2Bb-2F1w3wsHVOUd8d6ceNJMH5KXJnnYI1qB9uSvxzC1dxVlxhoFbDlsmprIZa7JKsnfB9fvONwpLntZfaPtHSzlo32wx1CNuVDK-2F-2FNNfk2uBxB4RFfkUtdM2U5F68QJE5Ri2ixDJAmrP1pth53vFn3K5H00uGL07HZlpIzySDKg-3D-3D
Fax: 514-990-9443

On 2020-10-16 19:26, Matt Erculiani
  wrote:


  
  Non-network-related government politics are
off-topic for NANOG. Please keep them to yourself.


Thanks,
-Matt
  
  

On Fri, Oct 16, 2020 at 2:49
  PM Alain Hebert  wrote:


Hi,

 Beside being:

  . a country with 1/10th of the population;

  . centralized voting rules;

  . ...


 PS: And there is a lot in that  about
the (publicly) unreal amount of insanity being pulled by the
GOP this year.

-
Alain Hebertaheb...@pubnix.net   
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  
https://u51012.ct.sendgrid.net/ls/click?upn=kruC0fnA4Hpw17IEn3t97pGHr8E7VyKgPRuHdmxM2Lw-3Dz4uF_FXQS9GGQnf2NUciIM2Uj1P5Rmzx6-2Fb1NEqYJ37Xi2EYetMihpCQ0TiMIS7v0RJZkf2qi-2FKIZRJAAcPTM6Yvc69eE1KMG52u8EoWm0cUZW6kIxeVNVjZokE7aEcJHYI7DdmUEPNLuUDe3jpq2zuzbXTS7baX6vHDRRZ7xVKGbT8emSIJHnegVx4u394Xe1Rp9JxPME27I1BdC4-2FmmvFQJK48Ye31CVzGCWFeXPV8e6bKzVhoOAMsX7EiS1SZ0Zz5BgE7ZGRrBxPo6MIGBHVKkdw-3D-3D
Fax: 514-990-9443

On 2020-10-16 02:36, Sean Donelan wrote:

On Tue, 13 Oct 2020, Valdis
  Kltnieks wrote: 
  my reaction was more like 
 
Surprise, surprise, surprise... 
 
  
  
  S.N.A.F.U. 
  
  Other SNAFUs, Georgia had technical problems with its
  voter database systems during the first couple of days of
  early voting. Expect all sorts of minor problems
  throughout the election and afterwards. Nonetheless they
  are unlikely to significantly impact the results
  (hopefully), but will generate lots of noise. 
  
  Its not just underfunded state I.T. systems. Even very
  large social media companies can have technical Oopsies.
  Again, hopefully Twitter won't fall down again during the
  evening of November 3rd. The digeratti will lose thier
  minds. 
  
  Even if Twitter or another major social media platform
  does go belly-up, most likely it will be a normal
  technical problem. Wishing the FBI & CISA & OGAs
  watch officers a very boring night on November 3rd. 
  
  
  
  In other news, New Zealand is having national elections
  this weekend. New Zealand is usually ranked in the top 10
  best election administrations worldwide. NZ expects to
  have the majority of ballots counted within 2 hours of
  their polls closing on Saturday evening. 
  
  Jealous of the Kiwis and their competently run elections.
  :-) 


  

  
  
  
  
  -- 
  
Matt Erculiani
  ERCUL-ARIN

  


 
 



Team BuyGoods
===

Re: Virginia voter registration down due to cable cut

2020-10-19 Thread Alain Hebert 

    Or what Matt?

-
Alain Hebertaheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443

On 2020-10-16 19:26, Matt Erculiani wrote:
Non-network-related government politics are off-topic for NANOG. 
Please keep them to yourself.


Thanks,
-Matt

On Fri, Oct 16, 2020 at 2:49 PM Alain Hebert > wrote:


    Hi,

    Beside being:

        . a country with 1/10th of the population;

        . centralized voting rules;

        . ...


    PS: And there is a lot in that  about the
(publicly) unreal amount of insanity being pulled by the GOP  this
year.

-
Alain hebertaheb...@pubnix.net  
PubNIX Inc.

50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911http://www.pubnix.net Fax: 514-990-9443

On 2020-10-16 02:36, Sean Donelan wrote:

On Tue, 13 Oct 2020, Valdis Klētnieks wrote:

my reaction was more like

Surprise, surprise, surprise...



S.N.A.F.U.

Other SNAFUs, Georgia had technical problems with its voter
database systems during the first couple of days of early voting.
Expect all sorts of minor problems throughout the election and
afterwards. Nonetheless they are unlikely to significantly impact
the results (hopefully), but will generate lots of noise.

Its not just underfunded state I.T. systems.  Even very large
social media companies can have technical Oopsies. Again,
hopefully Twitter won't fall down again during the evening of
November 3rd.  The digeratti will lose thier minds.

Even if Twitter or another major social media platform does go
belly-up, most likely it will be a normal technical problem. 
Wishing the FBI & CISA & OGAs watch officers a very boring night
on November 3rd.



In other news, New Zealand is having national elections this
weekend.  New Zealand is usually ranked in the top 10 best
election administrations worldwide. NZ expects to have the
majority of ballots counted within 2 hours of their polls closing
on Saturday evening.

Jealous of the Kiwis and their competently run elections. :-)




--
Matt Erculiani
ERCUL-ARIN

cheap MPLS router recommendations [ID #5475255x3]

2020-10-19 Thread t...@pelican.org 
 DO NOT EDIT BELOW THIS LINE 

Assigned to: BuyGoods Support


 
On Saturday, 17 October, 2020 
00:41, "Tony Wicks"  said:

> Well, there is always the MX104 (if you want redundancy) or MX80 if you
> dont. That will give you 80gig wire speed just dont load it up with
> more than one full table.

Bear in mind that the MX80 is now in the EoL process, you have  
 



Team BuyGoods
===

RE: cheap MPLS router recommendations

2020-10-19 Thread t...@pelican.org 
On Saturday, 17 October, 2020 00:41, "Tony Wicks"  said:

> Well, there is always the MX104 (if you want redundancy) or MX80 if you
> don’t. That will give you 80gig wire speed just don’t load it up with
> more than one full table.

Bear in mind that the MX80 is now in the EoL process, you have <4 years of 
support left.  Depending on your expected life-time / depreciation rules, 
buying one new right now might be unwise.

Do *not* throw a full table at it (or any of the PowerPC Junipers) unless you 
have a lot of patience for reconvergence, and black-holes while you wait.

MX104 is a nice box for getting dual-RE in something relatively compact and 
cheap, and has environmental hardening if that matters to you, but is still not 
best pleased with full tables.

OP could do with clarifying "cheap" :)

Regards,
Tim.