Re: DoD IP Space

2021-04-24 Thread Mel Beckman 
Jason,

The government subsidizes farms, too. That doesn’t mean we let them be 
militarized.

Logic. :)

 -mel

On Apr 24, 2021, at 4:35 PM, Jason Biel  wrote:


The internet that is subsidized by that same Government

Logic.

On Sat, Apr 24, 2021 at 18:19 Mel Beckman 
mailto:m...@beckman.org>> wrote:
Bill,

It’s the INTERNET that is civilian, not the IP space. As long as that IP space 
was isolated to the .mil network, it was private space, as far as the Internet 
was concerned. Now DoD has moved it into the civilian Internet, and I treat 
them as potentially malicious as I do any other organization that lies, cheats, 
and steals the public trust.

 -mel

> On Apr 24, 2021, at 3:45 PM, William Herrin 
> mailto:b...@herrin.us>> wrote:
>
> On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman 
> mailto:m...@beckman.org>> wrote:
>> This doesn’t sound good, no matter how you slice it. The lack of
>> transparency with a civilian resource is troubling at a minimum.
>
> You do understand that the addresses in question are not and have
> never been "civilian." They came into DoD's possession when this was
> all still a military project funded by what's now DARPA.
>
> Personally, I think we may have an all time record for the largest
> honeypot ever constructed. I'd love to be a fly on that wall.
>
> Regards,
> Bill Herrin
>
>
>
> --
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/

--
Jason

Re: DoD IP Space

2021-04-24 Thread Mel Beckman 
Ryan,

My motives are not political. It doesn’t matter which party is behind this (and 
it looks like both would have to be, based on the timeline).

I’m treating this sudden advertisement of IP space as I would any other hostile 
actor, which NANOGers filter all the time. If the DOD comes clean and provides 
the required registered contact information, I might reconsider. But I’ve 
already called the published abuse contact number, and they say they don’t deal 
with “the public”. Until the DoD makes clear their intentions, blocking this IP 
space is the only sensible decision.

 -mel 

> On Apr 24, 2021, at 9:11 PM, Ryan Hamel  wrote:
> 
> Mel,
> 
> I hope you're not implementing this in an ISP network, it's not net neutral 
> if a carrier is making a (political) route/filtering decision. (Points to The 
> Great Firewall of China)
> 
> Ryan
> 
> -Original Message-
> From: NANOG  On Behalf Of Mel 
> Beckman
> Sent: Saturday, April 24, 2021 4:17 PM
> To: William Herrin 
> Cc: nanog@nanog.org
> Subject: Re: DoD IP Space
> 
> Bill,
> 
> It’s the INTERNET that is civilian, not the IP space. As long as that IP 
> space was isolated to the .mil network, it was private space, as far as the 
> Internet was concerned. Now DoD has moved it into the civilian Internet, and 
> I treat them as potentially malicious as I do any other organization that 
> lies, cheats, and steals the public trust.
> 
> -mel
> 
>> On Apr 24, 2021, at 3:45 PM, William Herrin  wrote:
>> 
>>> On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman  wrote:
>>> This doesn’t sound good, no matter how you slice it. The lack of 
>>> transparency with a civilian resource is troubling at a minimum.
>> 
>> You do understand that the addresses in question are not and have 
>> never been "civilian." They came into DoD's possession when this was 
>> all still a military project funded by what's now DARPA.
>> 
>> Personally, I think we may have an all time record for the largest 
>> honeypot ever constructed. I'd love to be a fly on that wall.
>> 
>> Regards,
>> Bill Herrin
>> 
>> 
>> 
>> --
>> William Herrin
>> b...@herrin.us
>> https://bill.herrin.us/
> 
>

RE: DoD IP Space

2021-04-24 Thread Ryan Hamel 
Mel,

I hope you're not implementing this in an ISP network, it's not net neutral if 
a carrier is making a (political) route/filtering decision. (Points to The 
Great Firewall of China)

Ryan

-Original Message-
From: NANOG  On Behalf Of Mel Beckman
Sent: Saturday, April 24, 2021 4:17 PM
To: William Herrin 
Cc: nanog@nanog.org
Subject: Re: DoD IP Space

Bill,

It’s the INTERNET that is civilian, not the IP space. As long as that IP space 
was isolated to the .mil network, it was private space, as far as the Internet 
was concerned. Now DoD has moved it into the civilian Internet, and I treat 
them as potentially malicious as I do any other organization that lies, cheats, 
and steals the public trust.

 -mel

> On Apr 24, 2021, at 3:45 PM, William Herrin  wrote:
> 
> On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman  wrote:
>> This doesn’t sound good, no matter how you slice it. The lack of 
>> transparency with a civilian resource is troubling at a minimum.
> 
> You do understand that the addresses in question are not and have 
> never been "civilian." They came into DoD's possession when this was 
> all still a military project funded by what's now DARPA.
> 
> Personally, I think we may have an all time record for the largest 
> honeypot ever constructed. I'd love to be a fly on that wall.
> 
> Regards,
> Bill Herrin
> 
> 
> 
> --
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/

Re: DoD IP Space

2021-04-24 Thread Jason Biel 
The internet that is subsidized by that same Government

Logic.

On Sat, Apr 24, 2021 at 18:19 Mel Beckman  wrote:

> Bill,
>
> It’s the INTERNET that is civilian, not the IP space. As long as that IP
> space was isolated to the .mil network, it was private space, as far as the
> Internet was concerned. Now DoD has moved it into the civilian Internet,
> and I treat them as potentially malicious as I do any other organization
> that lies, cheats, and steals the public trust.
>
>  -mel
>
> > On Apr 24, 2021, at 3:45 PM, William Herrin  wrote:
> >
> > On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman  wrote:
> >> This doesn’t sound good, no matter how you slice it. The lack of
> >> transparency with a civilian resource is troubling at a minimum.
> >
> > You do understand that the addresses in question are not and have
> > never been "civilian." They came into DoD's possession when this was
> > all still a military project funded by what's now DARPA.
> >
> > Personally, I think we may have an all time record for the largest
> > honeypot ever constructed. I'd love to be a fly on that wall.
> >
> > Regards,
> > Bill Herrin
> >
> >
> >
> > --
> > William Herrin
> > b...@herrin.us
> > https://bill.herrin.us/
>
> --
Jason

Re: DoD IP Space

2021-04-24 Thread Mel Beckman 
Bill,

It’s the INTERNET that is civilian, not the IP space. As long as that IP space 
was isolated to the .mil network, it was private space, as far as the Internet 
was concerned. Now DoD has moved it into the civilian Internet, and I treat 
them as potentially malicious as I do any other organization that lies, cheats, 
and steals the public trust.

 -mel

> On Apr 24, 2021, at 3:45 PM, William Herrin  wrote:
> 
> On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman  wrote:
>> This doesn’t sound good, no matter how you slice it. The lack of
>> transparency with a civilian resource is troubling at a minimum.
> 
> You do understand that the addresses in question are not and have
> never been "civilian." They came into DoD's possession when this was
> all still a military project funded by what's now DARPA.
> 
> Personally, I think we may have an all time record for the largest
> honeypot ever constructed. I'd love to be a fly on that wall.
> 
> Regards,
> Bill Herrin
> 
> 
> 
> -- 
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/

Re: DoD IP Space

2021-04-24 Thread William Herrin 
On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman  wrote:
> This doesn’t sound good, no matter how you slice it. The lack of
> transparency with a civilian resource is troubling at a minimum.

You do understand that the addresses in question are not and have
never been "civilian." They came into DoD's possession when this was
all still a military project funded by what's now DARPA.

Personally, I think we may have an all time record for the largest
honeypot ever constructed. I'd love to be a fly on that wall.

Regards,
Bill Herrin



-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: RIP Dan Kaminsky

2021-04-24 Thread Brielle 
Well, shit.  This makes me really sad.
 
Godspeed wherever the universe takes you.

*raises her glass*

Sent from my iPhone

> On Apr 24, 2021, at 12:27 PM, George Herbert  wrote:
> 
> 
> Reported widely on Twitter by his personal friends, Dan Kaminsky passed away 
> yesterday.  The DNS community has lost an immense contributor.
> 
> 
> -George 
> 
> Sent from my iPhone

Re: RIP Dan Kaminsky

2021-04-24 Thread cosmo 
He was such an amazing friend. I still can't process the vacuum left behind.

On Sat, Apr 24, 2021, 11:28 AM George Herbert 
wrote:

>
> Reported widely on Twitter by his personal friends, Dan Kaminsky passed
> away yesterday.  The DNS community has lost an immense contributor.
>
>
> -George
>
> Sent from my iPhone

RIP Dan Kaminsky

2021-04-24 Thread George Herbert 


Reported widely on Twitter by his personal friends, Dan Kaminsky passed away 
yesterday.  The DNS community has lost an immense contributor.


-George 

Sent from my iPhone

Re: DoD IP Space

2021-04-24 Thread Mike Hammett 
I encourage my competition to make equally arbitrary routing decisions. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Mel Beckman"  
To: "Mike Hammett"  
Cc: nanog@nanog.org, "John Curran"  
Sent: Saturday, April 24, 2021 10:53:26 AM 
Subject: Re: DoD IP Space 


In this specific case the group of self-described DOD network cowboys who, due 
to lack of transparency and public oversight, could be doing all manner of 
nefarious things with this IP space. It can’t help to let it in, and it can 
definitely hurt. 


But you know that. So why are you playing dumb? 


-mel 



On Apr 24, 2021, at 8:44 AM, Mike Hammett  wrote: 







"proven-malicious IP space owner" 


The DoD? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Mel Beckman"  
To: "Mike Hammett"  
Cc: nanog@nanog.org, "John Curran"  
Sent: Saturday, April 24, 2021 10:37:42 AM 
Subject: Re: DoD IP Space 

I will not permit traffic into my network whose proven-malicious IP space owner 
is devious about its purpose. You can, if you want. 


-mel 



On Apr 24, 2021, at 8:28 AM, Mike Hammett  wrote: 







Huh? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Mel Beckman"  
To: "John Curran"  
Cc: nanog@nanog.org 
Sent: Saturday, April 24, 2021 10:24:45 AM 
Subject: Re: DoD IP Space 

This doesn’t sound good, no matter how you slice it. The lack of transparency 
with a civilian resource is troubling at a minimum. I’m going to bogon this 
space as a defensive measure, until its real — and detailed — purpose can be 
known. The secret places of our government have proven themselves untrustworthy 
in the protection of citizens’ data and networks. They tend to think they know 
“what’s good for” us. 


-mel 



On Apr 24, 2021, at 8:05 AM, John Curran  wrote: 







As noted - 
https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/#click=https://t.co/mVh26yBq9G
 


FYI, 
/John 


John Curran 
President and CEO 
American Registry for Internet Numbers 



On Jan 20, 2021, at 8:35 AM, John Curran  wrote: 







Tom – 


Most definitely: lack of routing history is not at all a reliable indicator of 
the potential for valid routing of a given IPv4 block in the future, so best 
practice suggest that allocated address space should not be blocked by others 
without specific cause. 


Doing otherwise opens one up to unexpected surprises when issued space suddenly 
becomes more active in routing and is yet is inexplicably unreachable for some 
destinations. 


/John 



On Nov 5, 2019, at 10:38 AM, Tom Beecher  wrote: 









Using the generally accepted definition of a bogon ( RFC 1918 / 5735 / 6598 + 
netblock not allocated by an RiR ), 22/8 is not a bogon and shouldn't be 
treated as one. 



The DoD does not announce it to the DFZ, as is their choice, but nothing says 
they may not change that position tomorrow. There are plenty of subnets out 
there that are properly allocated by an RiR, but the assignees do not send them 
to the DFZ because of $reasons. 


In my opinion, creating bogon lists that include allocated but not advertised 
prefixes is poor practice that is likely to end up biting an operator at one 
point or another. 


On Tue, Nov 5, 2019 at 9:45 AM Töma Gavrichenkov < xima...@gmail.com > wrote: 


Peace, 

On Tue, Nov 5, 2019, 4:55 PM David Conrad < d...@virtualized.org > wrote: 
> On Nov 4, 2019, at 10:56 PM, Grant Taylor via NANOG < nanog@nanog.org > 
> wrote: 
>> This thread got me to wondering, is there any 
>> legitimate reason to see 22/8 on the public 
>> Internet? Or would it be okay to treat 22/8 
>> like a Bogon and drop it at the network edge? 
> 
> Given the transfer market for IPv4 addresses, 
> the spot price for IPv4 addresses, and the need 
> of even governments to find “free” (as in 
> unconstrained) money, I’d think treating any 
> legacy /8 as a bogon would not be prudent. 

It has been said before in this thread that the DoD actively uses this 
network internally. I believe if the DoD were to cut costs, they 
would be able to do it much more effectively in many other areas, and 
their IPv4 networks would be about the last thing they would think of 
(along with switching off ACs Bernard Ebbers-style). With that in 
mind, treating the DoD networks as bogons now makes total sense to me. 

-- 
Töma

Re: DoD IP Space

2021-04-24 Thread Mel Beckman 
In this specific case the group of self-described DOD network cowboys who, due 
to lack of transparency and public oversight, could be doing all manner of 
nefarious things with this IP space. It can’t help to let it in, and it can 
definitely hurt.

But you know that. So why are you playing dumb?

 -mel

On Apr 24, 2021, at 8:44 AM, Mike Hammett  wrote:


"proven-malicious IP space owner"

The DoD?



-
Mike Hammett
Intelligent Computing Solutions
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/googleicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
Midwest Internet Exchange
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
The Brothers WISP
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/youtubeicon.png]

From: "Mel Beckman" 
To: "Mike Hammett" 
Cc: nanog@nanog.org, "John Curran" 
Sent: Saturday, April 24, 2021 10:37:42 AM
Subject: Re: DoD IP Space

I will not permit traffic into my network whose proven-malicious IP space owner 
is devious about its purpose. You can, if you want.

 -mel

On Apr 24, 2021, at 8:28 AM, Mike Hammett  wrote:


Huh?



-
Mike Hammett
Intelligent Computing Solutions
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/googleicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
Midwest Internet Exchange
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
The Brothers WISP
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/youtubeicon.png]

From: "Mel Beckman" 
To: "John Curran" 
Cc: nanog@nanog.org
Sent: Saturday, April 24, 2021 10:24:45 AM
Subject: Re: DoD IP Space

This doesn’t sound good, no matter how you slice it. The lack of transparency 
with a civilian resource is troubling at a minimum. I’m going to bogon this 
space as a defensive measure, until its real — and detailed — purpose can be 
known. The secret places of our government have proven themselves untrustworthy 
in the protection of citizens’ data and networks. They tend to think they know 
“what’s good for” us.

 -mel

On Apr 24, 2021, at 8:05 AM, John Curran  wrote:


As noted - 
https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/#click=https://t.co/mVh26yBq9G

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

On Jan 20, 2021, at 8:35 AM, John Curran  wrote:


Tom –

Most definitely: lack of routing history is not at all a reliable indicator of 
the potential for valid routing of a given IPv4 block in the future, so best 
practice suggest that allocated address space should not be blocked by others 
without specific cause.

Doing otherwise opens one up to unexpected surprises when issued space suddenly 
becomes more active in routing and is yet is inexplicably unreachable for some 
destinations.

/John

On Nov 5, 2019, at 10:38 AM, Tom Beecher  wrote:


Using the generally accepted definition of a bogon ( RFC 1918 / 5735 / 6598 + 
netblock not allocated by an RiR ), 22/8 is not a bogon and shouldn't be 
treated as one.

The DoD does not announce it to the DFZ, as is their choice, but nothing says 
they may not change that position tomorrow. There are plenty of subnets out 
there that are properly allocated by an RiR, but the assignees do not send them 
to the DFZ because of $reasons.

In my opinion, creating bogon lists that include allocated but not advertised 
prefixes is poor practice that is likely to end up biting an operator at one 
point or another.

On Tue, Nov 5, 2019 at 9:45 AM Töma Gavrichenkov 
mailto:xima...@gmail.com>> wrote:
Peace,

On Tue, Nov 5, 2019, 4:55 PM David Conrad 
mailto:d...@virtualized.org>> wrote:
> On Nov 4, 2019, at 10:

Re: DoD IP Space

2021-04-24 Thread Mike Hammett 
"proven-malicious IP space owner" 


The DoD? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Mel Beckman"  
To: "Mike Hammett"  
Cc: nanog@nanog.org, "John Curran"  
Sent: Saturday, April 24, 2021 10:37:42 AM 
Subject: Re: DoD IP Space 

I will not permit traffic into my network whose proven-malicious IP space owner 
is devious about its purpose. You can, if you want. 


-mel 



On Apr 24, 2021, at 8:28 AM, Mike Hammett  wrote: 







Huh? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Mel Beckman"  
To: "John Curran"  
Cc: nanog@nanog.org 
Sent: Saturday, April 24, 2021 10:24:45 AM 
Subject: Re: DoD IP Space 

This doesn’t sound good, no matter how you slice it. The lack of transparency 
with a civilian resource is troubling at a minimum. I’m going to bogon this 
space as a defensive measure, until its real — and detailed — purpose can be 
known. The secret places of our government have proven themselves untrustworthy 
in the protection of citizens’ data and networks. They tend to think they know 
“what’s good for” us. 


-mel 



On Apr 24, 2021, at 8:05 AM, John Curran  wrote: 







As noted - 
https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/#click=https://t.co/mVh26yBq9G
 


FYI, 
/John 


John Curran 
President and CEO 
American Registry for Internet Numbers 



On Jan 20, 2021, at 8:35 AM, John Curran  wrote: 







Tom – 


Most definitely: lack of routing history is not at all a reliable indicator of 
the potential for valid routing of a given IPv4 block in the future, so best 
practice suggest that allocated address space should not be blocked by others 
without specific cause. 


Doing otherwise opens one up to unexpected surprises when issued space suddenly 
becomes more active in routing and is yet is inexplicably unreachable for some 
destinations. 


/John 



On Nov 5, 2019, at 10:38 AM, Tom Beecher  wrote: 









Using the generally accepted definition of a bogon ( RFC 1918 / 5735 / 6598 + 
netblock not allocated by an RiR ), 22/8 is not a bogon and shouldn't be 
treated as one. 



The DoD does not announce it to the DFZ, as is their choice, but nothing says 
they may not change that position tomorrow. There are plenty of subnets out 
there that are properly allocated by an RiR, but the assignees do not send them 
to the DFZ because of $reasons. 


In my opinion, creating bogon lists that include allocated but not advertised 
prefixes is poor practice that is likely to end up biting an operator at one 
point or another. 


On Tue, Nov 5, 2019 at 9:45 AM Töma Gavrichenkov < xima...@gmail.com > wrote: 


Peace, 

On Tue, Nov 5, 2019, 4:55 PM David Conrad < d...@virtualized.org > wrote: 
> On Nov 4, 2019, at 10:56 PM, Grant Taylor via NANOG < nanog@nanog.org > 
> wrote: 
>> This thread got me to wondering, is there any 
>> legitimate reason to see 22/8 on the public 
>> Internet? Or would it be okay to treat 22/8 
>> like a Bogon and drop it at the network edge? 
> 
> Given the transfer market for IPv4 addresses, 
> the spot price for IPv4 addresses, and the need 
> of even governments to find “free” (as in 
> unconstrained) money, I’d think treating any 
> legacy /8 as a bogon would not be prudent. 

It has been said before in this thread that the DoD actively uses this 
network internally. I believe if the DoD were to cut costs, they 
would be able to do it much more effectively in many other areas, and 
their IPv4 networks would be about the last thing they would think of 
(along with switching off ACs Bernard Ebbers-style). With that in 
mind, treating the DoD networks as bogons now makes total sense to me. 

-- 
Töma

Re: DoD IP Space

2021-04-24 Thread Mel Beckman 
I will not permit traffic into my network whose proven-malicious IP space owner 
is devious about its purpose. You can, if you want.

 -mel

On Apr 24, 2021, at 8:28 AM, Mike Hammett  wrote:


Huh?



-
Mike Hammett
Intelligent Computing Solutions
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/googleicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
Midwest Internet Exchange
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
The Brothers WISP
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/youtubeicon.png]

From: "Mel Beckman" 
To: "John Curran" 
Cc: nanog@nanog.org
Sent: Saturday, April 24, 2021 10:24:45 AM
Subject: Re: DoD IP Space

This doesn’t sound good, no matter how you slice it. The lack of transparency 
with a civilian resource is troubling at a minimum. I’m going to bogon this 
space as a defensive measure, until its real — and detailed — purpose can be 
known. The secret places of our government have proven themselves untrustworthy 
in the protection of citizens’ data and networks. They tend to think they know 
“what’s good for” us.

 -mel

On Apr 24, 2021, at 8:05 AM, John Curran  wrote:


As noted - 
https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/#click=https://t.co/mVh26yBq9G

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

On Jan 20, 2021, at 8:35 AM, John Curran  wrote:


Tom –

Most definitely: lack of routing history is not at all a reliable indicator of 
the potential for valid routing of a given IPv4 block in the future, so best 
practice suggest that allocated address space should not be blocked by others 
without specific cause.

Doing otherwise opens one up to unexpected surprises when issued space suddenly 
becomes more active in routing and is yet is inexplicably unreachable for some 
destinations.

/John

On Nov 5, 2019, at 10:38 AM, Tom Beecher  wrote:


Using the generally accepted definition of a bogon ( RFC 1918 / 5735 / 6598 + 
netblock not allocated by an RiR ), 22/8 is not a bogon and shouldn't be 
treated as one.

The DoD does not announce it to the DFZ, as is their choice, but nothing says 
they may not change that position tomorrow. There are plenty of subnets out 
there that are properly allocated by an RiR, but the assignees do not send them 
to the DFZ because of $reasons.

In my opinion, creating bogon lists that include allocated but not advertised 
prefixes is poor practice that is likely to end up biting an operator at one 
point or another.

On Tue, Nov 5, 2019 at 9:45 AM Töma Gavrichenkov 
mailto:xima...@gmail.com>> wrote:
Peace,

On Tue, Nov 5, 2019, 4:55 PM David Conrad 
mailto:d...@virtualized.org>> wrote:
> On Nov 4, 2019, at 10:56 PM, Grant Taylor via NANOG 
> mailto:nanog@nanog.org>> wrote:
>> This thread got me to wondering, is there any
>> legitimate reason to see 22/8 on the public
>> Internet?  Or would it be okay to treat 22/8
>> like a Bogon and drop it at the network edge?
>
> Given the transfer market for IPv4 addresses,
> the spot price for IPv4 addresses, and the need
> of even governments to find “free” (as in
> unconstrained) money, I’d think treating any
> legacy /8 as a bogon would not be prudent.

It has been said before in this thread that the DoD actively uses this
network internally.  I believe if the DoD were to cut costs, they
would be able to do it much more effectively in many other areas, and
their IPv4 networks would be about the last thing they would think of
(along with switching off ACs Bernard Ebbers-style).  With that in
mind, treating the DoD networks as bogons now makes total sense to me.

--
Töma

Re: DoD IP Space

2021-04-24 Thread Mike Hammett 
Huh? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Mel Beckman"  
To: "John Curran"  
Cc: nanog@nanog.org 
Sent: Saturday, April 24, 2021 10:24:45 AM 
Subject: Re: DoD IP Space 

This doesn’t sound good, no matter how you slice it. The lack of transparency 
with a civilian resource is troubling at a minimum. I’m going to bogon this 
space as a defensive measure, until its real — and detailed — purpose can be 
known. The secret places of our government have proven themselves untrustworthy 
in the protection of citizens’ data and networks. They tend to think they know 
“what’s good for” us. 


-mel 



On Apr 24, 2021, at 8:05 AM, John Curran  wrote: 







As noted - 
https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/#click=https://t.co/mVh26yBq9G
 


FYI, 
/John 


John Curran 
President and CEO 
American Registry for Internet Numbers 



On Jan 20, 2021, at 8:35 AM, John Curran  wrote: 







Tom – 


Most definitely: lack of routing history is not at all a reliable indicator of 
the potential for valid routing of a given IPv4 block in the future, so best 
practice suggest that allocated address space should not be blocked by others 
without specific cause. 


Doing otherwise opens one up to unexpected surprises when issued space suddenly 
becomes more active in routing and is yet is inexplicably unreachable for some 
destinations. 


/John 



On Nov 5, 2019, at 10:38 AM, Tom Beecher  wrote: 









Using the generally accepted definition of a bogon ( RFC 1918 / 5735 / 6598 + 
netblock not allocated by an RiR ), 22/8 is not a bogon and shouldn't be 
treated as one. 



The DoD does not announce it to the DFZ, as is their choice, but nothing says 
they may not change that position tomorrow. There are plenty of subnets out 
there that are properly allocated by an RiR, but the assignees do not send them 
to the DFZ because of $reasons. 


In my opinion, creating bogon lists that include allocated but not advertised 
prefixes is poor practice that is likely to end up biting an operator at one 
point or another. 


On Tue, Nov 5, 2019 at 9:45 AM Töma Gavrichenkov < xima...@gmail.com > wrote: 


Peace, 

On Tue, Nov 5, 2019, 4:55 PM David Conrad < d...@virtualized.org > wrote: 
> On Nov 4, 2019, at 10:56 PM, Grant Taylor via NANOG < nanog@nanog.org > 
> wrote: 
>> This thread got me to wondering, is there any 
>> legitimate reason to see 22/8 on the public 
>> Internet? Or would it be okay to treat 22/8 
>> like a Bogon and drop it at the network edge? 
> 
> Given the transfer market for IPv4 addresses, 
> the spot price for IPv4 addresses, and the need 
> of even governments to find “free” (as in 
> unconstrained) money, I’d think treating any 
> legacy /8 as a bogon would not be prudent. 

It has been said before in this thread that the DoD actively uses this 
network internally. I believe if the DoD were to cut costs, they 
would be able to do it much more effectively in many other areas, and 
their IPv4 networks would be about the last thing they would think of 
(along with switching off ACs Bernard Ebbers-style). With that in 
mind, treating the DoD networks as bogons now makes total sense to me. 

-- 
Töma

Re: DoD IP Space

2021-04-24 Thread Mel Beckman 
This doesn’t sound good, no matter how you slice it. The lack of transparency 
with a civilian resource is troubling at a minimum. I’m going to bogon this 
space as a defensive measure, until its real — and detailed — purpose can be 
known. The secret places of our government have proven themselves untrustworthy 
in the protection of citizens’ data and networks. They tend to think they know 
“what’s good for” us.

 -mel

On Apr 24, 2021, at 8:05 AM, John Curran  wrote:


As noted - 
https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/#click=https://t.co/mVh26yBq9G

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

On Jan 20, 2021, at 8:35 AM, John Curran  wrote:


Tom –

Most definitely: lack of routing history is not at all a reliable indicator of 
the potential for valid routing of a given IPv4 block in the future, so best 
practice suggest that allocated address space should not be blocked by others 
without specific cause.

Doing otherwise opens one up to unexpected surprises when issued space suddenly 
becomes more active in routing and is yet is inexplicably unreachable for some 
destinations.

/John

On Nov 5, 2019, at 10:38 AM, Tom Beecher  wrote:


Using the generally accepted definition of a bogon ( RFC 1918 / 5735 / 6598 + 
netblock not allocated by an RiR ), 22/8 is not a bogon and shouldn't be 
treated as one.

The DoD does not announce it to the DFZ, as is their choice, but nothing says 
they may not change that position tomorrow. There are plenty of subnets out 
there that are properly allocated by an RiR, but the assignees do not send them 
to the DFZ because of $reasons.

In my opinion, creating bogon lists that include allocated but not advertised 
prefixes is poor practice that is likely to end up biting an operator at one 
point or another.

On Tue, Nov 5, 2019 at 9:45 AM Töma Gavrichenkov 
mailto:xima...@gmail.com>> wrote:
Peace,

On Tue, Nov 5, 2019, 4:55 PM David Conrad 
mailto:d...@virtualized.org>> wrote:
> On Nov 4, 2019, at 10:56 PM, Grant Taylor via NANOG 
> mailto:nanog@nanog.org>> wrote:
>> This thread got me to wondering, is there any
>> legitimate reason to see 22/8 on the public
>> Internet?  Or would it be okay to treat 22/8
>> like a Bogon and drop it at the network edge?
>
> Given the transfer market for IPv4 addresses,
> the spot price for IPv4 addresses, and the need
> of even governments to find “free” (as in
> unconstrained) money, I’d think treating any
> legacy /8 as a bogon would not be prudent.

It has been said before in this thread that the DoD actively uses this
network internally.  I believe if the DoD were to cut costs, they
would be able to do it much more effectively in many other areas, and
their IPv4 networks would be about the last thing they would think of
(along with switching off ACs Bernard Ebbers-style).  With that in
mind, treating the DoD networks as bogons now makes total sense to me.

--
Töma

Re: DoD IP Space

2021-04-24 Thread John Curran 
As noted - 
https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/#click=https://t.co/mVh26yBq9G

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

On Jan 20, 2021, at 8:35 AM, John Curran  wrote:


Tom –

Most definitely: lack of routing history is not at all a reliable indicator of 
the potential for valid routing of a given IPv4 block in the future, so best 
practice suggest that allocated address space should not be blocked by others 
without specific cause.

Doing otherwise opens one up to unexpected surprises when issued space suddenly 
becomes more active in routing and is yet is inexplicably unreachable for some 
destinations.

/John

On Nov 5, 2019, at 10:38 AM, Tom Beecher  wrote:


Using the generally accepted definition of a bogon ( RFC 1918 / 5735 / 6598 + 
netblock not allocated by an RiR ), 22/8 is not a bogon and shouldn't be 
treated as one.

The DoD does not announce it to the DFZ, as is their choice, but nothing says 
they may not change that position tomorrow. There are plenty of subnets out 
there that are properly allocated by an RiR, but the assignees do not send them 
to the DFZ because of $reasons.

In my opinion, creating bogon lists that include allocated but not advertised 
prefixes is poor practice that is likely to end up biting an operator at one 
point or another.

On Tue, Nov 5, 2019 at 9:45 AM Töma Gavrichenkov 
mailto:xima...@gmail.com>> wrote:
Peace,

On Tue, Nov 5, 2019, 4:55 PM David Conrad 
mailto:d...@virtualized.org>> wrote:
> On Nov 4, 2019, at 10:56 PM, Grant Taylor via NANOG 
> mailto:nanog@nanog.org>> wrote:
>> This thread got me to wondering, is there any
>> legitimate reason to see 22/8 on the public
>> Internet?  Or would it be okay to treat 22/8
>> like a Bogon and drop it at the network edge?
>
> Given the transfer market for IPv4 addresses,
> the spot price for IPv4 addresses, and the need
> of even governments to find “free” (as in
> unconstrained) money, I’d think treating any
> legacy /8 as a bogon would not be prudent.

It has been said before in this thread that the DoD actively uses this
network internally.  I believe if the DoD were to cut costs, they
would be able to do it much more effectively in many other areas, and
their IPv4 networks would be about the last thing they would think of
(along with switching off ACs Bernard Ebbers-style).  With that in
mind, treating the DoD networks as bogons now makes total sense to me.

--
Töma

Re: BGP and The zero window edge

2021-04-24 Thread Simon Leinen 
Job Snijders via NANOG writes:
> *RIGHT NOW* (at the moment of writing), there are a number of zombie
> route visible in the IPv6 Default-Free Zone:

[Reversing the order of your two examples]

> Another one is 
> http://lg.ring.nlnog.net/prefix_detail/lg01/ipv6?q=2a0b:6b86:d24::/48

> 2a0b:6b86:d24::/48 via:
> BGP.as_path: 201701 9002 6939 42615 212232
> BGP.as_path: 34927 9002 6939 42615 212232
> BGP.as_path: 207960 34927 9002 6939 42615 212232
> BGP.as_path: 44103 50673 9002 6939 42615 212232
> BGP.as_path: 208627 207910 34927 9002 6939 42615 212232
> BGP.as_path: 3280 34927 9002 6939 42615 212232
> BGP.as_path: 206628 34927 9002 6939 42615 212232
> BGP.as_path: 208627 207910 34927 9002 6939 42615 212232
> (first announced March 24th, last withdrawn March 24th, 2021)

So that one was resolved at AS9002, see Alexandre's followup (thanks!)

AS9002 had also been my guess when I read this, because it's the
leftmost common AS in the paths observed.

> One example is 
> http://lg.ring.nlnog.net/prefix_detail/lg01/ipv6?q=2a0b:6b86:d15::/48

> 2a0b:6b86:d15::/48 via:
> BGP.as_path: 204092 57199 35280 6939 42615 42615 212232
> BGP.as_path: 208627 207910 57199 35280 6939 42615 42615 212232
> BGP.as_path: 208627 207910 57199 35280 6939 42615 42615 212232
> (first announced April 15th, last withdrawn April 15th, 2021)

Applying the same logic, I'd suspect that the withdrawal is stuck in
AS57199 in this case.  I'll try to contact them.

Here's a (partial) RIPE RIS BGPlay view of the last lifecycle of the
2a0b:6b86:d15::/48 beacon:

https://stat.ripe.net/widget/bgplay#w.resource=2a0b:6b86:d15::/48&w.ignoreReannouncements=true&w.starttime=1618444740&w.endtime=1618542000&w.rrcs=0,1,2,4,10,12,20,21&w.instant=null&w.type=bgp

Cheers,
-- 
Simon.