Re: Dodgy AS327933 ...?

2023-08-11 Thread August Yang via NANOG 
BGP was indeed designed in an era when trust was implicit. Introducing 
ASPA to sign a cryptographic list of authorized providers steps in the 
right direction. By validating both AS_PATH and route origin, the 
chances of BGP hijack and misconfigurations can be substantially 
reduced.


https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/

On 2023-08-11 13:51, Mark Tinka wrote:

On 8/11/23 12:56, Nick Hilliard wrote:



bgp is a policy based distance vector protocol. If you can't adjust 
the primary inter-domain metric to handle your policy requirements, 
it's not much use.


I am not talking about appending one's own AS in the AS_PATH. I am 
talking about appending someone else's AS in the AS_PATH.


To be fair, I have never had to do that, since I've always thought it 
would be considered bad form. But I suspect that on the simple BGP 
mechanics of it, no vendor would be able to prevent that in any 
meaningful way.


Then again, path hijacking likely wasn't a thought at the time the 
Border Gateway Protocol was being conceived.


Mark.


--
August

Re: My first ARIN Experience but probably not the last, unfortunately..

2023-07-14 Thread August Yang via NANOG 
*There is a temporary IPv6 fee waiver for organizations in the 
3X-Small service category. A 3X-Small organization may receive 
registry services for up to a /36 of total IPv6 space and remain in 
the 3X-Small service category. This waiver will expire 31 December 2026.

IMHO the wording here is clear.

On 2023-07-14 12:37 p.m., Robert Webb wrote:
Sorry for the completely off topic rant here, but maybe it will garner 
some attention from the ARIN folks.


So I am attempting a small startup business and and initially building 
out three sites and thought it would be good to register and upfront 
get my own IPv6 space instead of leasing from some other party or have 
to renumber as future things change


Looking at the ARIN website and fee schedule, I see there is a blurb 
at the bottom of the RSP Categories and Fees about IPv6 fees being 
waived until December 31, 2026. My reaction was along the lines of 
this is great, it helps small companies and startups get IPv6 deployed 
and up and running in their environment.


So I put in the request for a /44 initial request and provided all my 
justifications and within a couple of days I got word that my request 
was approved. Wonderful..


Then I proceed to get a $250 invoice for my /44 under a 3X-Small 
category! Huh??


So I call in and am told the waiver is only for those in a 2X-Service 
Category who want to obtain a 3X-Small Category subnet and that it 
really isn't a fee waiver, but that the 2X-Small Category organization 
will only be charged a 3X-Small fee of $250 and that the $500 fee.


So ARIN, either quit the bait and switch, or fix the wording in the 
Fee Schedule AND provide a link to the full text of the waiver. As the 
blurb in the schedule mentions nothing about the 2X-Small Category and 
honestly, no fees are really waived.


Again, apologies for the rant, but just needed to get it out there, 
the frustration of a small start up business owner..

--
Best regards
August Yang


OpenPGP_0x9C1B40F09053AE75.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: IPv4 Subnet 23.151.232.0/24 blackholed?

2023-04-25 Thread August Yang via NANOG 
The range has only been announced for 2 hours. Just wait longer for 
filters to refresh as Ryan advised.


On 2023-04-25 10:49 p.m., Ryan Hamel wrote:

Neel,

Carriers rebuild their prefixes lists once or twice in a 24 hour 
period. Considering that you just got the block today and is in 
ReliableSite's AS-SET, you just got to be patient.


Having announcements propagated immediately either sounds like it 
happened a day after you gave them the LOA, or they have unfiltered 
transit circuits, which is worrisome.


Ryan

-- Original Message --
From "Neel Chauhan" 
To nanog@nanog.org
Date 4/25/2023 7:35:40 PM
Subject IPv4 Subnet 23.151.232.0/24 blackholed?


Hi,

I recently got the IPv4 allocation 23.151.232.0/24 from ARIN. I also 
had my hosting company ReliableSite announce it to the internet.


Right now, I can only access networks that peer with ReliableSite via 
internet exchanges, such as Google, CloudFlare, OVH, Hurricane 
Electric, et al.


It seems the Tier 1 ISPs (e.g. Lumen, Cogent, AT, et al.) are 
blackholing the IPv4 subnet 23.151.232.0/24. Could someone who works 
at a Tier 1 NOC please check and remove the blackhole if any exists?


Normally when ReliableSite announced my prior (then-leased) IPv4 
space it gets propagated via BGP almost immediately. This time it's 
not going through at all.


Best,

Neel Chauhan

--
Best regards
August Yang

smime.p7s
Description: S/MIME Cryptographic Signature

Re: Spamhaus flags any IP announced by our ASN as a criminal network

2023-03-21 Thread August Yang via NANOG 
Firstly, it's worth noting that AS47158 was registered to 
ORG-IL649-RIPE, which was not a LIR.


Additionally, LIRs do not assign ASNs to end users whereas RIPE does. 
NIR in certain regions is another story.


End user may enter into a sponsorship agreement with LIR to receive ASN 
assignment, still directly from NCC.


It's important to note that ASNs and IP resources have quite different 
assignment policies, so the involvement of IP brokers is not relevant in 
this particular case.


On 2023-03-21 2:33 p.m., George Toma wrote:
Well that's for end users. The company in question seems to be a 
Telecom operator.
The RIPE model is a very strange and confusing one, where ISPs 
basically become LIRs and they themselves assign ASNs and IPs, and 
there are 23000 LIRs in ARIN. Basically any ISP , webhosting company, 
datacenter or even a trading company can become a LIR.


It's a very strange model which had just cost me 15 minutes of my time 
to just dig into and get some basic understanding of it. I would not 
put my hand in the fire that the OP is a LIR or not, but they are an 
ISP so I would assume they are LIR and as such can reassign the IPs,a 
nd if they are not LIR they can become one.


Anyway many of IP renting companies such as IPXO are RIPE-based, and 
those who are ARIN or APNIC based also have subnets from RIPE region. 
If RIPE was against subletting, the whole market would not exist with 
RIPE subnets.


Regards
George



On Tue, Mar 21, 2023 at 2:17 PM  wrote:

RIPE NCC Requirements: End User Assignment Agreement states:

“End User may not sub-assign resources to third parties.”

Best regards,
August Yang

On 2023-03-21 13:12, George Toma wrote:
> I do not believe ASN sharing is illegal or prohibited, it's not
> prohibited in LACNIC and in APNIC policy I also could not find
> anything about ASN sharing, only
>
> APNIC policy states:
> "2.3. Autonomous System (AS)An Autonomous System (AS) is a connected
> group of one or more IP prefixes run by one or more network
operators
> under a single and clearly defined routing policy.
> 2.3.1. Autonomous System Number (ASN)
> An Autonomous System Number (ASN) is a unique two- or four-byte
number
> associated with an AS. The ASN is used as an identifier to allow the
> AS to exchange dynamic routing information with other Autonomous
> Systems."
>
> Nothing prohibiting ASN sharing and 2.3 specifically states "run by
> one or more network operators... single routing policy"
>
> Regards
> George
>
> On Tue, Mar 21, 2023 at 8:00 AM  wrote:
>
>> Message: 19
>> Date: Mon, 20 Mar 2023 16:24:09 -0400
>> From: ay...@august.tw
>> To: Collider 
>> Cc: nanog@nanog.org
>> Subject: Re: Spamhaus flags any IP announced by our ASN as a
>> criminal
>> network
>> Message-ID: <5b7ed1b1fbff65dfc63d188c2e1f9...@august.tw>
>> Content-Type: text/plain; charset=UTF-8; format=flowed
>>
>> Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to
>> RIR
>> policy violations, which include prohibited sharing of ASNs with
>> third
>> parties, IP hijacking, and malicious path prepending.
>>
>> Given this history, it is not surprising that Spamhaus would
>> blacklist
>> IP addresses associated with their ASN. In my opinion, such action
>> is
>> well-justified.
>>
>> Best regards,
>> August Yang


--
Best regards
August Yang

smime.p7s
Description: S/MIME Cryptographic Signature

Re: Spamhaus flags any IP announced by our ASN as a criminal network

2023-03-21 Thread August Yang via NANOG 

RIPE NCC Requirements: End User Assignment Agreement states:

“End User may not sub-assign resources to third parties.”

Best regards,
August Yang

On 2023-03-21 13:12, George Toma wrote:

I do not believe ASN sharing is illegal or prohibited, it's not
prohibited in LACNIC and in APNIC policy I also could not find
anything about ASN sharing, only

APNIC policy states:
"2.3. Autonomous System (AS)An Autonomous System (AS) is a connected
group of one or more IP prefixes run by one or more network operators
under a single and clearly defined routing policy.
2.3.1. Autonomous System Number (ASN)
An Autonomous System Number (ASN) is a unique two- or four-byte number
associated with an AS. The ASN is used as an identifier to allow the
AS to exchange dynamic routing information with other Autonomous
Systems."

Nothing prohibiting ASN sharing and 2.3 specifically states "run by
one or more network operators... single routing policy"

Regards
George

On Tue, Mar 21, 2023 at 8:00 AM  wrote:


Message: 19
Date: Mon, 20 Mar 2023 16:24:09 -0400
From: ay...@august.tw
To: Collider 
Cc: nanog@nanog.org
Subject: Re: Spamhaus flags any IP announced by our ASN as a
criminal
network
Message-ID: <5b7ed1b1fbff65dfc63d188c2e1f9...@august.tw>
Content-Type: text/plain; charset=UTF-8; format=flowed

Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to
RIR
policy violations, which include prohibited sharing of ASNs with
third
parties, IP hijacking, and malicious path prepending.

Given this history, it is not surprising that Spamhaus would
blacklist
IP addresses associated with their ASN. In my opinion, such action
is
well-justified.

Best regards,
August Yang

Re: Spamhaus flags any IP announced by our ASN as a criminal network

2023-03-20 Thread August Yang via NANOG 
Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to RIR 
policy violations, which include prohibited sharing of ASNs with third 
parties, IP hijacking, and malicious path prepending.


Given this history, it is not surprising that Spamhaus would blacklist 
IP addresses associated with their ASN. In my opinion, such action is 
well-justified.


Best regards,
August Yang

On 2023-03-20 15:32, Collider wrote:

Why do two different companies with what should be independent
networks share an AS number?

On 20 March 2023 18:20:08 UTC, Aaron Wendel
 wrote:


The solution to your problem is to terminate the customer causing
the abuse, in this case 62yun.com.  Once you do that I'm sure
Spamhaus will stop listing all your IPs.

Aaron

On 3/20/2023 6:54 AM, Brandon Zhi wrote:

It seems you've reached the point that they ignore specific
prefixes and set every prefix you are advertising as criminal.

*
*
Our sponsor (LIR) 62yun.com , they have 2 prefixes
for VPS/Dedicated Server using our ASN.*
*
62yun did receive a lot of complaints, but as far as I know they
have been handling them (their head said their team is not good at
English and so they did not reply emails)
For me, I cannot reply to all emails for them, since I don't have
that much time. I also need to work for my company.

As I understand it, most things at Spamhaus are manual
determinations.
You click on "show details" and they give you a list of timestamped
report IDs, each with a 1-line description of the reviewer's
assessment of the fault.

I checked https://check.spamhaus.org/listed/?searchterm=46.23.100.0
and the reason they gave us was simple, saying our not willing to
handle abuse. but we stressed with them many times that we are 2
different companies. We also do not have the authority to handle
these complaints, but we will alert 62yun.com .

But they still intend to blacklist all the prefixes under our ORG
ID, even if the user is not us.

Based on my past experiences, Spamhaus is rather gracious at
first, but if you ignore them, they will start blocking you en
masse. About 10 years ago, I worked for a datacenter/NSP and
personally handled all Spamhaus complaints, and as soon as I left
to go to another company (and the company stopped taking care of
the complaints), Spamhaus blocked every single one of their IPs
until they committed to actually handling the complaints again.

This has little impact on 62yun.com 's VPS
business, and my feeling is that if someone uses their VPS to build
a mail server those emails that are sent from this server may be
rejected.

However, we are recently building a CDN for one of our partners (a
social media company), and we need to use a provider like vultr,
which is not really an IP Transit provider, to announce prefixes,
however, they reject prefixes on the Spamhaus list.

I don't think any ISP would reject an IP that is on the Spamhaus
list.

*Brandon Zhi*
HUIZE LTD

www.huize.asia | www.ixp.su
 | Twitter

This e-mail and any attachments or any reproduction of this e-mail
in whatever manner are confidential and for the use of the
addressee(s) only. HUIZE LTD can’t take any liability and
guarantee of the text of the email message and virus.

On Mon, 20 Mar 2023 at 02:29, Tim Burke  wrote:

Have you received complaints from Spamhaus in the past? If so,
have you acted on them in a timely manner?

Based on my past experiences, Spamhaus is rather gracious at
first, but if you ignore them, they will start blocking you en
masse. About 10 years ago, I worked for a datacenter/NSP and
personally handled all Spamhaus complaints, and as soon as I left
to go to another company (and the company stopped taking care of
the complaints), Spamhaus blocked every single one of their IPs
until they committed to actually handling the complaints again.

V/r
Tim

On Mar 18, 2023, at 8:57 AM, Brandon Zhi 
wrote:

Hello guy,

We recently discovered that any IP address announced by our ASN
is blacklisted by Spamhaus, even if we only announced it but not
use it.

I would like to ask if this is manually set by Spamhaus or is the
system misjudgment? Has anyone encountered the same situation as us?

Best,

*Brandon Zhi*
HUIZE LTD

www.huize.asia | www.ixp.su
 | Twitter

This e-mail and any attachments or any reproduction of this
e-mail in whatever manner are confidential and for the use of the
addressee(s) only. HUIZE LTD can’t take any liability and
guarantee of the text of the email message and virus.


--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Looking for anyone from Cox Communications

2022-08-25 Thread August Yang via NANOG 
Some Cox customers reported they were not able to reach one of our IPv6 
prefixes, including more specifics announced by different ASNs. I 
suspect the whole range is blackholed or something.


```
mtr -r -c1 -w 2a12:dd44::1

Start: 2022-08-25T18:09:50-0700
HOST: ronsor-lg-arch  Loss%   Snt   Last   Avg  
Best  Wrst StDev
  1.|-- 2600:8800:3b80:3d70:424c:77ff:fe74:cf7a  0.0% 1   30.8  30.8 
 30.8  30.8   0.0
  2.|-- 2600:8800:3bff:::0.0% 1   97.1  97.1 
 97.1  97.1   0.0
  3.|-- 2001:578:801:fffc:600::2c0.0% 1   15.3  15.3 
 15.3  15.3   0.0
  4.|-- 2001:578:900:4::60.0% 1   13.8  13.8 
 13.8  13.8   0.0
  5.|-- 2001:578:1:0:172:17:248:216  0.0% 1   73.5  73.5 
 73.5  73.5   0.0
  6.|-- ??? 100.0 10.0   0.0 
  0.0   0.0   0.0

```
2a12:dd47:805e::1 originated from AS211233 dropped at the same router 
2001:578:1:0:172:17:248:216.


Feel free to contact me off list.

Thanks
August Yang

Re: IPv6 internet broken, cogent/telia/hurricane not peering

2022-08-11 Thread August Yang via NANOG 
Think twice before asking the largest global IPv6 network as measured by 
prefixes announced to pay Cogent for peering.


Also what’s with Telia here?

Best regards
August Yang

On 2022-08-11 09:46, VOLKAN KIRIK wrote:

hello

nobody has to peer with some operator for free. they are simply
trading internet services. they do not have to believe in FREE (as in
price) internet connectivity.. if they peered you, you would decrease
the price of the products even more and more...

ask cogentco (as174) for paid peering. they will give you nice paid
peering or ip transit offer that you can use for both ipv4 and ipv6.

for example i would assume they would be OK charging he.net (as6939) 5
usd cent per megabit.

you need to understand that you are never going to become tier1
without support from as174. they are currently cheapest and they are
okay with dual homing too. think like united nations security council.

you must think twice; are you gaining any profit by segmenting
world-wide internet? or are you loosing prospective single-homing
customers because you lack connectivity to as174 clients?

we must think big. asking for a money is OKay while begging for FREE
service is not... operating NOC and backbone has some expenses that
henet wouldnt understand with their rented links. cogentco bear much
more expenses than henet

i am not here to insult henet but i honestly think that they are
contemptible... just like google's peering decision makers.

sir! if you have become big content/eyeball operator, doesnt mean that
every operator in the industry have to respect your tier-1 policy and
give you their services for free. thats the thing henet and google
couldnt understand. think like UNSC and you will understand

even USA can not do anything they want in the world, as RU has voting
right, too.

TL;DR; instead of crying here and begging for free service. send real
representatives that could negotiate the money you would pay.

bye

Re: cogent - Sales practices

2022-08-05 Thread August Yang via NANOG 
He has to do that to show there is activity on the account otherwise another 
rep can challenge it.

Best regards
August Yang

> On Aug 5, 2022, at 4:20 PM, Dennis Burgess  wrote:
> 
> So we just got an email from cogent, we have told them time and time again to 
> stop calling and stop emailing.  We tell them are good on bandwidth and we 
> don’t need any of their services.. They then sent us a e-mail stating that 
> they saw us coming though one of their customers networks from us, and 
> figured we would want to buy direct instead of going though one of their 
> customers. Yes COGENT stated this; well at least one of their sales reps.  
> Sounds underhanded, shady, and unethical to me.Just figured I would post 
> about it; see if I am making a mountain out of a mole hill
>  
> Here is the e-mail:
>  
> "Hey (redacted) ,
> Maybe there is a misunderstanding. (ISP’s name removed) is a cogent customer 
> who we provide upstream to.
> My initial inquiry was to see if it makes sense for Link Technologies to be 
> utilizing our network instead of through (ISP’s name removed). That way we 
> could be a direct network for you.
> Would that be at all something that interests you?
>  
> Eric Gogerty | Global Account Manager | AS 174
> Cogent Communications | Minneapolis, MN (United States Of America)| 
> www.cogentco.com 
> Contact: 612-217-5506| email: egoge...@cogentco.com 
> 
> The Internet, Unleashed!"
>  
>  
>  
>  
> 
> Dennis Burgess
> 
> Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless Engineer, 
> Traffic Control Engineer, Inter-Networking Engineer, Security Engineer, 
> Enterprise Wireless Engineer
> Hurricane Electric: IPv6 Sage Level
> Cambium: ePMP
>  
> Author of "Learn RouterOS- Second Edition”
> Link Technologies, Inc -- Mikrotik & WISP Support Services
> Office: 314-735-0270  Website: http://www.linktechs.net 
> 
> Create Wireless Coverage’s with www.towercoverage.com 
> 
> Need MikroTik Cloud Management: https://cloud.linktechs.net 
> 
> How did we do today?
>  
> 
>  
> 
>  
> 
>  
> 


smime.p7s
Description: S/MIME cryptographic signature

Re: What's going on with AS147028?

2022-07-13 Thread August Yang via NANOG 

Just to name few others with the same issue.

AS140731
AS141011
AS141237

Best regards
August Yang

> On Jul 12, 2022, at 6:20 PM, Mike Leber via NANOG  wrote:
>
> This kind of thing is a problem from time to time with the data we get from 
> route collectors.
>
> When we see it we have to add the culprit ASN to a filter list we keep in 
> bgp.he.net.
>
> It tends to be a repeat problem with some collectors and some ASNs.
>
> We haven't really figured out why people send junk routes to route collectors.
>
> The things we've seen aren't just route leaks.  We've seen a variety of AS 
> path spoofing.
>
> We've already added this specific ASN to the filter list and pushed an update 
> for bgp.he.net.
>
> Note, this email is specifically talking about routes received from route 
> collectors and not routes operationally received by he.net via BGP sessions 
> with actual networks.
>
> Mike.
>
> On 7/12/22 12:49 PM, Eric Dugas via NANOG wrote:
>> A friend of mine mentioned that both our Canadian ASNs were listed in 
>> AS147028's peer list on https://bgp.he.net/AS147028 but we have no adjacency 
>> to this network.
>>
>> Their peer count jumped from 1 in May 2022 to 1,800 and just a few days ago 
>> jumped to 8,800. Beside NL-IX, all the IX they are listed on are virtual IX 
>> with a few dozen "hobby networks".
>>
>> The only lead I have is they use HE as transit and they're pumping back BGP 
>> feed to route collectors like RIPE RIS or Route Views with routes stripped 
>> of HE's ASN.
>>
>> Eric
>>



smime.p7s
Description: S/MIME cryptographic signature

Re: What's going on with AS147028?

2022-07-12 Thread August Yang via NANOG 
Indeed the network feeds some of the major route collectors.

One known cause is LL-IX  which operates in a 
topology that partially transits routes from physical exchanges to its 
participants and strips their ASN in path. 
> Possibility to peer with a large number of AMS-IX (Netherlands, Haarlem), 
> DE-CIX (Germany, Frankfurt), MSK-IX (Russia, Moscow), SIX (USA, Seattle) and 
> PLIX (Poland, Warsaw) participants

The network operator might have intentionally or unintentionally forgot to 
prepend his own ASN before exporting to the collectors. Chances are 
misconfigured route reflector or the eager of more visible peers on those 
toolkits.

The issue is widely observed on a number of hobby networks.

Best regards
August Yang

> On Jul 12, 2022, at 3:49 PM, Eric Dugas via NANOG  wrote:
> 
> A friend of mine mentioned that both our Canadian ASNs were listed in 
> AS147028's peer list on https://bgp.he.net/AS147028 but we have no adjacency 
> to this network.
> 
> Their peer count jumped from 1 in May 2022 to 1,800 and just a few days ago 
> jumped to 8,800. Beside NL-IX, all the IX they are listed on are virtual IX 
> with a few dozen "hobby networks".
> 
> The only lead I have is they use HE as transit and they're pumping back BGP 
> feed to route collectors like RIPE RIS or Route Views with routes stripped of 
> HE's ASN.
> 
> Eric
> 



smime.p7s
Description: S/MIME cryptographic signature