RE: what is acceptible jitter for voip and videoconferencing?

2023-09-21 Thread Brian Turnbow via NANOG 
> 
> Looks like codecs still are rapidly evolving in walled gardens. I just learned
> about 'Satin'.
> 
Yeah

There  are also some opensourced like  lyra from google with v2 released last 
year. 
https://opensource.googleblog.com/2022/09/lyra-v2-a-better-faster-and-more-versatile-speech-codec.html

otoh the voip specifications here  in Italy mandates the use of only g711 and 
g729 for calls between landline providers.
Transcode or use only 729/711 making Killing them softly with quality issues  
sound like a good title for a song.

 
Brian

RE: Lossy cogent p2p experiences?

2023-09-06 Thread Brian Turnbow via NANOG 
> If you applications can tolerate reordering, per-packet is fine. In the public
> Internet space, it seems we aren't there yet.

Yeah  this
During lockdown here in Italy one day we started getting calls about 
performance issues performance degradation, vpns dropping or becoming unusable, 
and general randomness of this isn't working like it used to.
All the lines checked out, no bandwidth contention etc  only strange thing we 
found was all affected sessions had a lot of OOR packets with a particular 
network in Italy.
With them we traced it down to traffic flowing through one  IXP and found they 
had added capacity between two switches and it had been configured with per 
packet balancing.
It was changed to flow based balancing and  everything went back to normal.

Brian

RE: Are we back to the 2000's again?

2023-06-05 Thread Brian Turnbow via NANOG 

>You wouldn't download a boat ;)

Wouldn't that be a boatload?

Sorry it's Monday morning and I could resist...

ITNOG7 may 19th

2023-03-10 Thread Brian Turnbow via NANOG 
Hello everyone,

Itnog7 is taking place in Bologna May 9th and 10th and we have published our 
CFP.

Topics

Past event feedback has shown interest from the attendees in sessions that are 
practical and applicable to their networks. 
This year we will be giving preference to presentations and tutorials that 
benefit the Italian operators community on the following topics
*   Ever changing network technologies drive the question of how to define 
a "network engineer". What is the evolution?
*   Share your experiences, choices, best practices, and business decisions 
on ipv6 deployment and ipv4 exhaustion
*   SDN, Telemetry and Artificial intelligence are redefining Network 
monitoring and orchestration, what are you doing?
*   Strategic Italian infrastructure from new undersea cables, new 
datacenters to ixps, Investments are being made tell us about them and who 
decides what is "strategic"?
*   Access and backbone networks: design , technologies and operations
*   Peering and Interconnections: tools, strategies and useful information 
for building and maintaining a resilient Italian Internet
Have another topic?
If it is technical and can be of interest to the community send it in.

Submissions will only be accepted if they match the requirements defined 
herein. 
The topic of the presentation should be technical, with strong focus on the 
development, engineering and operation of internet networks.
The ITNOG community is quite sensitive to keeping presentations non-commercial, 
and product marketing talks will not be accepted. 
For example, presenters wishing to describe a commercial solution should focus 
on the underlying technology and not attempt a product demonstration.
Repeated audience feedback shows that the most successful talks are lightning 
talks that focus on operational experience, research results, or case studies. 
To submit a presentation to the Program Committee make sure to include:
*   An abstract of your presentation ( in English or Italian )
*   The requested time frame
*   A draft or the final version of the slide deck to be presented.
*   Presentations may be in English or Italian, and will be divided between 
lightning talks (max7 minutes) and tutorials or presentation between 10 and 30 
minutes in length.
A 5 minute Q session will follow each presentation.
Submissions should be sent to itnog...@lists.itnog.it no later than 15th of 
April 2023.

Event information is available here 
https://www.itnog.it/itnog7/
Even if you do not want to present, you are welcome to come and experience an  
Italian style Nog.
Bologna you know is the home of lasagna.

Brian

RE: Typical last mile battery runtime (protecting against power cuts)

2023-02-03 Thread Brian Turnbow via NANOG 



Hi,

> At $day_job, I have a team of engineers who are oncall for critical services 
> in
> the United Kingdom. For $reasons, the national power grid is announcing the
> possibility of rolling power cuts over the coming months.
> Right now it's "unlikely", but possible. If cuts do happen, it'll be 3+ hours,
> possibly several times/day.


They have been discussing it here in Italy as well.
The isp/telecommunication industry here is tryng to get Cos/pops/cabinets 
listed as critical infra and removed from rolling power cuts.

> Question is, how much battery runtime can I typically expect from ISPs'
> last mile infra.
> 
> - For FTTP, I *think* (but am not sure) that the UK mostly uses PON, so guess
> it would be runtime of OLT and onwards

Here this is mainly ran from pops that have ups and generator systems so 
several hours to days of uptime depending on site.
OTOH I have seen providers daisy chain customer sites in a ring that crash 
miserably when 2 customers loose power isolating all in between sites.
But that is not the norm...

> - For DSL: runtime of DSLAM cabinet and onwards

Street cabinets for fttc services here have low times if any.
Same thing for mini dslams mounted on poles in the middle of nowhere.
0 to 2 hours for these.
Most have batteries/capacitors in the cabinet but not all and they are not 
designed for extended power outages 2 hours max.
Some are remotely powered from the CO, but that does not seem to be a thing 
anymore. Too costly
DSL ran from COs are protected as for fiber above.

> - For CATV: CMTS and onwards, maybe any active equipments in the HFC to
> the CPE?
> - For 4G: BSS and onwards

Don't operate a 4g network, so take this info accordingly ,  but here it 
depends on the tower from what I have seen.
All towers I have seen have  battery backup , a lot have generators too.
I would say they have higher times than the fttc times above.

HTH

Brian

RE: BCP38 For BGP Customers

2022-11-08 Thread Brian Turnbow via NANOG 
Hi Mike



> This may not exist yet, but what about a uRPF-like feature that uses RPKI, 
> IRR, etc. instead of current BGP feed?


There is rfc8704 that extends urpf
But I do not know of any commercial available solutions


Brian

RE: FCC chairwoman: Fines alone aren't enough (Robocalls)

2022-10-10 Thread Brian Turnbow via NANOG 
Hi,
> > Most operators here have been against stir/shaken as a means to resolve the
> problems.
> 
> What reasons?
> 
That it is complex and would take too much time and money,  that it is only 
effective if done on international level and should only be done if decided on 
a European level.
Without international support it would have little or no effect on 
robocall/spoofed calls.
It is funny because when the topic first came up years ago some proposed 
creating a dedicated blockchain service... now that would not be complex nor 
costly...

Brian

RE: FCC chairwoman: Fines alone aren't enough (Robocalls)

2022-10-07 Thread Brian Turnbow via NANOG 
> The federal law in 47 USC 227(e) says:
> 
> (1)In general
> 
>  It shall be unlawful for any person within the United  States, or any person
> outside the United States if the recipient is  within the United States, in
> connection with any voice service or text  messaging service, to cause any
> caller identification service to  knowingly transmit misleading or inaccurate
> caller identification  information with the intent to defraud, cause harm, or
> wrongfully  obtain anything of value, unless such transmission is exempted
> pursuant to paragraph (3)(B).
> 
> In (3)(B) is a narrow carve-out for law enforcement and court orders.
> 
> The important point is that spoofing is illegal with fraudulent intent, OK 
> with
> benign intent.

This is a very interesting conversation as there is a ongoing discussion on how 
to ban spoofed calls here in Italy..
Here operators must identify each customer and ensure that they are screening 
incoming numbers.
Most do, but some do not and become sources of spoofed traffic.
The biggest problem however comes from out of country originators that allow 
foreign call centers to use Italian numbers.
Thus the calls come in from an international carrier.
We are moving twords blocking incoming calls from international trunks 
containing Italian from numbers, something we see already in place for carriers 
in other EU countries such as France.
Most operators here have been against stir/shaken as a means to resolve the 
problems.

Brian

RE: Disney+ Contact

2022-08-31 Thread Brian Turnbow via NANOG 

Hi Mark

>Anyone from Disney who can help with a geo issue on-list? We have customers in 
>South Africa mapping to India. Thanks.

Did you try the emails in thebrotherswisp geo page?
I have had some success though the Techops emails.
Sometimes it does take a while for a response...

Disney+: E-mail them the trouble subnet at 
techops-distribut...@disneystreaming.com. Also, 
techops-servi...@disneystreaming.com will probably be where that sends you. 
Another possible email is disneyplusispsupp...@disneyplus.com


Brian

RE: HE.net and BGP Communities

2022-07-25 Thread Brian Turnbow via NANOG 
> Google has let you down, 6730 (sunrise) is not 6939 (HE) ;)
> 

Oops I should check thing better at the end of the day ..
My bad

RE: HE.net and BGP Communities

2022-07-25 Thread Brian Turnbow via NANOG 
Hi,

>I do understand the reasoning behind preferring customer routes.   However in 
>the case where a customer of a customer also connects to you directly via 
>peering doesn't it make sense to prefer the direct connection?  or at >least 
>not prefer the customer learned routes.

Business not technical. Fill up the bandwidth and they will buy more!!

>In our situation, we were buying transit, heavily prepended, from a provider 
>on a tiny circuit.   The purpose of the transit was related to another service 
>we were acquiring from that provider and wasn't about the transit, but >the  
>transit was needed for the service to work reliably.   Unfortunately this 
>provider was also a HE customer and so we now had all of the HE traffic coming 
>down this tiny link, since all of our other transit providers and >ourselves 
>only peered with HE.

>I don't remember why,  but we couldn't have the transit provider not announce 
>our routes toward HE, so we ended up doing the announce more specifics 
>everywhere else thing.   Which I hate doing on so many levels. 

>Thus the desire for a community to tell HE that although they learned this 
>route from a customer, it is not a customer route.

You can use communities to set the local preference with HE.
This should do the trick 
  6730:0008   set local pref to 64   (lowest they have afaik)
Provided that  your provider accepts it and propagates it.
Or you can ask them to set it for you.

Brian

ITNOG6

2022-07-05 Thread Brian Turnbow via NANOG 
Hello Everyone,

The 15th and 16th of September we will be holding ITNOG6 in Bologna Italy.
EPF is being held in Rome from the 12th to the 14th and Bologna is a short 
speed train ride away, so if you are attending why not come and nog Italian 
style?
We have published the event details and call for papers on our website and we 
welcome presentations in English as well as Italian.
https://www.itnog.it/itnog6/

Hope to see a lot of you there and If you would like to present something 
please send it in to our PC.

Sorry for any duplicates

Brian

RE: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread Brian Turnbow via NANOG 
Here in Italy there have been a lot of investments to get better broadband.
Such as government sponsored bundles for areas with no return on investments, 
for schools etc with a lot of focus on reaching gigabit speeds
The results have been mainly positive even though there are delays.
On the end user side in 2020 one of the largest ISPs started offering 2.5Gbps 
service
Adds all over and users started asking for it, even though they don’t have a 
2.5 nic or router,  so now all of the major providers are rolling it out.
Illiad one uped them a couple of months ago pushing  a 5Gbps service and now I 
get people asking me if we offer 5Gbps fiber lines.. pure marketing…
I have a 1Gbps/100Mbps line and it is plenty enough for the family rarely do we 
even get near the limits.
It’s kind of like when I ask for an Italian espresso in the states and get a 
cup full of coffee, no I just want a very small italian style espresso..
The response is Why? you are paying for it take it all
Bigger is better, even if you don’t need it, reigns supreme.

The real problem most users experience isn’t that they have a gig, or even 
100Mb of available download bandwidth…it’s that they infrequently are able to 
use that full bandwidth due to massive over subscription .

The other issue is the minimal upload speed.  It’s fairly easy to consume the 
10Mb that you’re typically getting as a residential customer.  Even “business 
class” broadband service has a pretty poor upload bandwidth limit.

We are a pretty high usage family, and 100/10 has been adequate, but there’s 
been times when we are pegged at the 10 Mb upload limit, and we start to see 
issues.

I’d say 25/5 is a minimum for a single person.

Would 1 gig be nice…yeah as long as the upload speed is dramatically increased 
as part of that.  We would rarely use it, but that would likely be sufficient 
for a long time.  I wouldn’t pay for the extra at this point though.

On Mon, May 23, 2022 at 8:20 PM Sean Donelan 
mailto:s...@donelan.com>> wrote:

Remember, this rulemaking is for 1.1 million locations with the "worst"
return on investment. The end of the tail of the long tail.  Rural and
tribal locations which aren't profitable to provide higher speed
broadband.

These locations have very low customer density, and difficult to serve.

After the Sandwich Isles Communications scandal, gold-plated proposals
will be viewed with skepticism.  While a proposal may have a lower total
cost of ownership over decades, the business case is the cheapest for
the first 10 years of subsidies.  [massive over-simplification]

Historically, these projects have lack of timely completion (abandoned,
incomplete), and bad (overly optimistic?) budgeting.

RE: Disney+ Issues

2022-04-29 Thread Brian Turnbow via NANOG 
Hi Norman
>Anyone from Disney+ here? If you can reply off-list I'd appreciate it. I have 
>emailed every place I can think of to solve a geoip problem affecting hundreds 
>of customers, no reply in weeks.


Yeah we just went through the same thing.
Many other providers in Italy have been impacted as well.  
Only way we found to resolve the issue was single customers opening tickets…
We tried at the  provider level but were continuously rebuffed.
The single customers opening TTs had it resolved in minutes and after a bunch 
did  the others were able to connect...
If you do find a way to get it done on the provider level I would love to hear 
about it.

Brian

RE: NXDOMAIN Resolvers

2022-04-20 Thread Brian Turnbow via NANOG 
Ciao Antonia,

If you are specifically looking for the Italian market try itnog. Itnog.it
This has been discussed a couple of times on our telegram group and more 
lengthy questions can go on the mailing list.
Both English and Italian are accepted.
Some providers here in Italy offer protection as a paid service , others 
include it and all are required to block the agcom,CNCPO etc requests.


Brian

From: NANOG  On Behalf Of Antonia 
Affinito
Sent: Wednesday, April 20, 2022 11:07 AM
To: nanog@nanog.org
Subject: NXDOMAIN Resolvers

Good morning,
I am currently analysing the DNS resolvers (local and public ones) in terms of 
protection and performance (in particular their speed).
I noticed that, in case of a malicious domain name, some local resolvers send 
an NXDOMAIN and others a courtesy page address. Do you know if the resolvers 
(for example TIM, Wind or Fastweb) can return an NXDomain in order to protect 
their clients?

Thanks a lot

[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]

Mail priva di virus. 
www.avast.com

RE: Authoritative Resources for Public DNS Pinging

2022-02-09 Thread Brian Turnbow via NANOG 
> On 2/9/22 09:30, Stephane Bortzmeyer wrote:
> 
> >
> > Let me repeat that there is a service which is officially intended to
> > be pinged/queried/etc, the RIPE Anchors.
> 
> Yeah, but how do we get out there in a manner that Jane can easily find and
> use, like she does 8.8.8.8?

It wouldn't be too hard for ripe to setup a dns record for  ping.ripe.net and  
point it towards a local anchor for each request.
I think it could generate some interesting data for the atlas project as well.
Once it becomes popular the anchor hosters may not be so happy  about the 
traffic they receive , but that is another story.

Brian

GTT contact

2022-02-08 Thread Brian Turnbow via NANOG 
Hello everyone,

Is there someone from GTT on list that can contact me in pvt?

For over a week we have been seeing loss and latency between Frankfurt and 
Milan as reported in outages by Lukas

https://puck.nether.net/pipermail/outages/2022-February/014230.html


After a week of TT updates  and escalation reporting over and over that we see 
loss and latency between Frankfurt and Milan every afternoon/evening
Sending mtrs, traces, showing them graphs  that show the issue twords us as 
well as other Italians ISPs

Today their noc sends me pings done this morning saying all is ok and is asking 
me for the duplex and mtu setting on our transit port.

Terribly frustrating.

Thanks

Brian

RE: BGP Route Monitoring

2022-01-07 Thread Brian Turnbow via NANOG 
Hi Mihai,

Have you looked into object tracking?
This will work if the route state changes and is removed from the routing table.
So if the route is no longer present it will trigger for sure.
I admit I have not tried to see if it would trigger on a change from peer 1 to 
peer 2, as the route is still "up".

This functionality is built into XR and can generate  syslog events directly 
from the router without any additional software.

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-5/system-management/configuration/guide/b-system-management-cg-asr9000-65x/b-system-management-cg-asr9000-65x_chapter_0110.html


Brian


From: NANOG  On Behalf Of Sandoiu 
Mihai
Sent: Thursday, January 6, 2022 11:35 AM
To: nanog@nanog.org
Subject: BGP Route Monitoring

Hi

I am looking for a route monitoring product that does the following:
-checks if a specific bgp route from a specific neighbor is present the BGP 
table (in some vrf, not necessarily internet routed vrf) of an ASR9K running 
IOS XR
-sends a syslog message or an alarm if the route goes missing

The use case is the following: we are receiving same routes over 2 or more bgp 
peerings, due to best route we cannot really see at the moment if one of the 
routes ceased to be received over a certain peering.

Alternative approach: a product that measures the number of bgp received 
prefixes from a certain peer.

Do you know of such product that is readily available and does not require ssh 
sessions to the routers and parsing the outputs?
I am trying to find a solution that does not require much scripting or 
customization.

Many thanks.

Regards
Mihai

RE: Latency/Packet Loss on ASR1006

2021-12-09 Thread Brian Turnbow via NANOG 


> On 11/26/2021 1:09 PM, Colin Legendre wrote:
> > Hi,
> >
> > We have ...
> >
> > ASR1006  that has following cards...
> > 1 x ESP40
> > 1 x SIP40
> > 4 x SPA-1x10GE-L-V2
> > 1 x 6TGE
> > 1 x RP2
> >
> > We've been having latency and packet loss during peak periods...
> >
> > We notice all is good until we reach 50% utilization on output of...
> >
> > 'show platform hardware qfp active datapath utilization summary'
> >
> > Literally ... 47% good... 48% good... 49% latency to next hop goes
> > from 1ms to 15-20ms... 50% we see 1-2% packet-loss and 30-40ms
> > latency... 53% we see 60-70ms latency and 8-10% packet loss.
> >
> > Is this expected... the ESP40 can only really push 20G and then starts
> > to have performance issues?
> >

He had a similar issue about 4 years ago.
We were showing packet loss and drops getting progressively worse and the 
router was falling over when reaching about 70% of usage.
We could see the interface reliability go down and input errors due to overruns 
on the interfaces.
Cisco blamed it on microburtst not being able to be handled under load.


"We were able to replicate this scenario in our lab as well.
QFP under high load generated input errors and overruns which in turn led to 
unicast failures/ drops/ latency.
The issue is not consistent with QFP % utilization as sometimes with even 80%+ 
traffic, we  do not see the drops:"

And recommended removing traffic or upgrading esp.

One of our guys disabled nbar on the router and the problem disappeared.
I would suggest taking a look at what features you are using and if you can try 
and disable them to see if it makes any impact.
We then upgraded esps and all has been fine since.

Brian

RE: Increase bandwidth usage in partial-mesh network?

2021-10-14 Thread Brian Turnbow via NANOG 

Has anyone come across any product or technology that can handle the 
multi-path-ness and the private-network-ness like a regular router, but also 
provides the intelligent per-flow path steering based on e.g. latency, like an 
SD-WAN device (and/or some firewalls)?

Maybe add a little bit of linear optimization on top of 
faucet/openvswitch/openflow to calculate best paths based upon bandwidth, 
paths, and fill-factors.  There is a presentation where Google uses that 
technique to obtain high utilization on their links (not necessarily those 
tools though).

Raymond Burkholder

This is what a large Italian wisp has done, here are a couple of presentations 
made at our ITNOG sessions.
I’m not sure if they have open sourced anything though.
https://www.itnog.it/itnog4/files/14-Traffic%20Engineering%20-%20the%20EOLO%20way%20of%20life.pdf
https://www.itnog.it/itnog3/files/ITNOG3-EOLO.pdf
Brian

RE: [External] Re: uPRF strict more

2021-09-30 Thread Brian Turnbow via NANOG 
Hi 

> 
> > What it does allow is for *deliberate* blackholing for traffic; if you
> > null-route a prefix, you now block incoming traffic from that subnet
> > as well. This can be useful and it is how we are using URPF.
> 
> I don't think it is implied here, but just for clarification this is 
> implementation
> detail. Loose and blackhole route does not imply this behaviour, It might, it
> might not, depending on vendor/implementation.
> JunOS by default considers null route as loose path satisfied, and you need
> 'set forwarding-options rpf-loose-mode-discard family X' to behave like you
> explain.

Yes even in cisco land for Ios XR SBRTBH you need set next-hop discard in route 
policy.
You cannot use recursive lookup to null in urpf

Brian

RE: uPRF strict more

2021-09-29 Thread Brian Turnbow via NANOG 
Hi,

> Having said that, I'm not convinced anyone should use uRPF at all.
> Because you should already know what IP addresses are possible behind the
> port, if you do, you can do ACL, and ACL is significantly lower cost in PPS 
> in a
> typical modern lookup engine.
> 
uRPF still has it's place in access.
We use it in single homed customers and one of the reasons is the limit to the 
number of acls.
Asr 1ks are 4k unique acls IIRC , but you can put a lot more users on them.
Maybe things have changed since I last looked but this was the main driver for 
us to use uRPF when we started with 1ks.

Brian

RE: [EXTERNAL] VoIP Provider DDoSes

2021-09-22 Thread Brian Turnbow via NANOG 
Hi

>Something you may want to consider is to put ACLs as far upstream as possible 
>from your SBCs and only allow through what you need to the SBCs.  For example, 
>apply a filter only permitting UDP 5060 and your RTP port range to your SBCs 
>and then blocking everything else.  This is free and should stop a lot of 
>>common DDoS attacks before they ever get to your SBCs.  Even better if you 
>can get your upstream ISP to apply the ACL.  DDoS attack traffic should be 
>dropped as close to the source as possible.

Yes Attacks on voip have become more prevalent unfortunately.
Another thing to consider is blocking fragments , which have been a major 
factor in the attacks I have seen in sip.
But to do this you need to make sure that you are not exceeding mtu length in 
Invites, or block fragments only from untrusted IPs.

Brian

RE: IPv6 woes - RFC

2021-09-20 Thread Brian Turnbow via NANOG 
Hi,

> > v4 is so thoroughly fragmented and v6 is a lot less likely to become
> > so.
> 
> It is true that fragmentation is a problem. However, it merely means that IPv6
> address space will also be fragmented and that
> IPv4 can but IPv6 can't be deployed at full scale,

Just this week We had our first customer asking if we can setup BGP to route 
the /48 they received from the headquarters in the states.
They are asking us to provide a few v4 addresses , but to use their own v6 
block.
Yes they are a large conglomerate with their own AS and a large v6 allocation, 
so not a common customer, but they have hundreds of offices everywhere in the 
world where they are doing this... 
I can just see the Cxx presenting their solution at some event and it becoming 
the new thing to do
What you are still using your providers addresses? You must be crazy... We 
assign our own it's much better...
A couple hundred corporations like this and the v6 table would surpass v4...

Brian

RE: Alien waves

2021-07-21 Thread Brian Turnbow via NANOG 
Hi,

Not related to who is using them really but..
The presentation, From Alien Waves to Disaggregated Optical Network by Paolo 
Boletta  from ITNOG3 meeting  may be of interest to you.
The site contains both the presentation and the ½ hour video.
https://www.itnog.it/itnog3/
It covers the use if alienwaves in the Italian and EU Research and education 
networks
Both GARR (italy) and GEANT (EU) have published papers and different reports 
regarding their results.


Brian




From: NANOG  On Behalf Of Lady 
Benjamin Cannon of Glencoe, ASCE
Sent: Tuesday, July 20, 2021 8:30 PM
To: NANOG Operators' Group 
Subject: Alien waves

Does anyone have a comprehensive (or any) list of carriers doing alien 
wavelengths? (background: 
https://thecinict.com/2021/03/05/adding-alien-wavelengths/ 
https://www.ekinops.com/solutions/optical-transport/alien-wavelength )

Emphasis on subsea operators.
—L.B.

Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
6x7 Networks & 6x7 Telecom, LLC
CEO
l...@6by7.net
"The only fully end-to-end encrypted global telecommunications company in the 
world.”
FCC License KJ6FJJ

[cid:245ADEA1-477E-4B5A-989E-9177BDB798AE][cid:B186E2C6-EE26-4B99-A6BD-F71BFE6B78F4]

route-views.oregon-ix.net

2021-07-05 Thread Brian Turnbow via NANOG 
Hello,

Does anyone know if the  route-views.oregon-ix.net name been retired?


; <<>> DiG 9.10.3-P4-Ubuntu <<>> type=a route-views.oregon-ix.net 
@phloem.uoregon.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4

; <<>> DiG 9.10.3-P4-Ubuntu <<>> type= route-views.oregon-ix.net 
@phloem.uoregon.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35471

route-views.routeviews.org  resolves fine.


Thanks

Brian

RE: Buying IPs with poor reputation

2021-05-19 Thread Brian Turnbow via NANOG 
Hi,

Our experience has been that most blacklist operators/owners  are more than 
willing to remove IPs after a change of ownership, same with updating of geo IP 
services.
The bigger problem for us has been the huge number of statically defined or 
never updated blacklists/geo blocking by webmasters/postmasters/firewall admins 
that take months to get straightened out.
This is what makes the difference in price well worth getting reputable IPs and 
avoiding countries that may be considered as potentially unsafe.


Brian


From: NANOG  On Behalf Of David Guo 
via NANOG
Sent: Wednesday, May 19, 2021 10:24 AM
To: Ross Tajvar ; North American Network Operators' Group 

Subject: Re: Buying IPs with poor reputation

Let's say normal IPs are $35, those blocked IPs may be $32, and you'll need 
much work to delist from all database.

xTom GmbH

From: NANOG 
mailto:nanog-bounces+david=xtom@nanog.org>>
 on behalf of Ross Tajvar mailto:r...@tajvar.io>>
Sent: Wednesday, May 19, 2021 4:20:14 PM
To: North American Network Operators' Group 
mailto:nanog@nanog.org>>
Subject: Buying IPs with poor reputation

I'm curious if anyone has experience deliberately buying blacklisted blocks, or 
blocks that otherwise have poor reputation. Is there a significant price 
difference? How do you seek them out? Most of the sellers I've found seem to 
focus on blocks with good reputation, or on improving the reputation of a bad 
block. But I am interested in purchasing some IPs for internal services where 
reputation doesn't really matter.

Thanks,
Ross

RE: EMail server gets blocked by Microsoft

2021-04-27 Thread Brian Turnbow via NANOG 
Hi Dominque,

And sign up for snds
https://sendersupport.olc.protection.outlook.com/snds/index.aspx

It will give you the status of your IPs and  you can get jenkmail reports etc.

Brian

From: NANOG  On Behalf Of Mel Beckman
Sent: Tuesday, April 27, 2021 4:19 PM
To: Dominque Roux 
Cc: nanog@nanog.org
Subject: Re: EMail server gets blocked by Microsoft

Dominque,

Have you read this Microsoft guidance on email servers? It covers the most 
common problems, such as missing SPF records, incorrect or missing IN-ADDR DNS, 
etc:

https://sendersupport.olc.protection.outlook.com/pm/troubleshooting.aspx



 -mel beckman


On Apr 27, 2021, at 6:54 AM, Dominque Roux 
mailto:dominique.r...@ungleich.ch>> wrote:
Hi All,

is there anyone out there who has some experience with the blocking
mechanism of Microsofts mail server? We're running a mail server at our
company which ends up on their blacklist from time to time and we're
wondering if there are some steps we could take in order to prevent this.

Cheers,
Dominique

RE: Submitting Fake Geolocation for blocks to Data Brokers and RIRs

2021-04-22 Thread Brian Turnbow via NANOG 
> 
> Question - if a country is not assigned to an allocation or sub-assignment,
> what does it default to within the RIPE region?
> 
> In the AFRINIC region, for example, it would be MU (Mauritius), as that is
> where AFRINIC are located.

AFAIK Ripe does not set a default, it is up to the LIR.
You can assign geoloc to orgs ans assignments
Ripe publishes a list of all allocations made to the provider and lists their 
country of record.
If the address space is unassigned I'm not sure as it is not listed in the file 
 of allocations that contains the country , but I would guess NL as the RIPE 
country of record.

Brian

RE: Submitting Fake Geolocation for blocks to Data Brokers and RIRs

2021-04-22 Thread Brian Turnbow via NANOG 
Hi,


>>If the endpoint (e.g. web server) is physically located in Germany and
>>you're helping a client misrepresent that it's located in Estonia in
>>order to evade a legal requirement that it be located in Estonia then
>>you've made yourself a party to criminal fraud.

>While I agree with the overall sentiment of your message, I am curious ; have 
>there been any instances where an internet provider has been found liable 
>(criminally or civilly) for willfully misrepresenting IP >geolocation 
>information? 

So to extend this further,  you assign a class of IPs to a customer and 
register it to them  in the RIPE database.
Do you assign it to the customers address, in Estonia , or use the DC Address 
which is in Germany? 
Which could be the basis of geolocalizing the Address.
I would not want to be the lawyer on either side of the battle.

Brian

RE: an IP hijacking attempt

2021-03-17 Thread Brian Turnbow via NANOG 
Hi Noah,


> Would you care to share the said prefix?  

This is the prefix we found associated with their name in the afrinic db.

inetnum:169.239.204.0 - 169.239.207.255


Cheers,

Brian

RE: an IP hijacking attempt

2021-03-11 Thread Brian Turnbow via NANOG 
Hi Daniel,


> 
> Tracing it back to the originator of the route is of course a good first step.

Yes, we have done that and the results were not good.
The company that created the LOA is registered in the Seychelles and they have 
IPs that were/are being revoked by Afrinic
remarks:* * * * * * * * * * * * * * * * * * * * * * * * *
remarks:*   *
remarks:*  This IP prefix will be reclaimed and *
remarks:*  returned to the free pool by AFRINIC *
remarks:* on the 5th March 2021.*
remarks:*   *
remarks:* For more information, please contact  *
remarks:*   AFRINIC at hostmas...@afrinic.net   *
remarks:*   *
remarks:* * * * * * * * * * * * * * * * * * * * * * * * *

> 
> I would send an FYI to the RIR that allocated the prefix; preferably after the
> initial investigation established that it was not a genuine mistake. In that
> message I would make very clear if any action is requested from the RIR or
> not. If it is just an FYI the RIR will take note of it, watch for trends and 
> take it
> into account before doing anything with the registration.
> 
> Just what I would do.

Thanks for the Advice, I will do so



Brian

Re: an IP hijacking attempt

2021-03-09 Thread Brian Turnbow via NANOG 
If they had a route record that was close, I Would give them the benefit of 
doubt.
They do not however as the only records start with 217. And our IPs are 45.

So It Is very strange. Would you send a LOA without a route record?


Brian Turnbow

Da: Mel Beckman 
Inviato: martedì 9 marzo 2021 19:17
A: Brian Turnbow
Cc: North American Network Operators' Group
Oggetto: Re: an IP hijacking attempt

It could just be a typo on the LOA. It seems unlikely any ISP would approve a 
forged LOA that could readily be debunked by contacting the IP space owner. The 
whole point of LOA’s is to facilitate this verification.

-mel via cell

> On Mar 9, 2021, at 10:01 AM, Brian Turnbow via NANOG  wrote:
>
> Hello everyone,
>
> We received a strange request that I wanted to share.
> An email was sent to us asking to confirm a LOA from a diligent ISP.
> The Loa was a request to open bgp for an AS , that is not ours, to announce a 
> /23 prefix that is ours.
> So basically this entity sent to their upstream a request to announce a 
> prefix from one our allocated ranges.
> We have the allocation correctly registered and ROAs in place , but it is 
> worrisome that someone would attempt this.
> Obviously we have informed the ISP that the LOA is not valid and are trying 
> to contact the originating party.
> Aside from RIRs for the offending AS and our IPs,  Is there anywhere to 
> report this type of activity?
> We have dealt with hijacking technically speaking in the past but this is the 
> first time, to my knowledge, of someone forging a LOA with our IPs.
>
> Thanks in advance for any advice
>
> Brian
>
> P.S. a big thanks to Chris for checking the boxes before activating the 
> filter if you are on the list!
>
>
>
>

an IP hijacking attempt

2021-03-09 Thread Brian Turnbow via NANOG 
Hello everyone,

We received a strange request that I wanted to share.
An email was sent to us asking to confirm a LOA from a diligent ISP.
The Loa was a request to open bgp for an AS , that is not ours, to announce a 
/23 prefix that is ours.
So basically this entity sent to their upstream a request to announce a prefix 
from one our allocated ranges.
We have the allocation correctly registered and ROAs in place , but it is 
worrisome that someone would attempt this.
Obviously we have informed the ISP that the LOA is not valid and are trying to 
contact the originating party.
Aside from RIRs for the offending AS and our IPs,  Is there anywhere to report 
this type of activity?
We have dealt with hijacking technically speaking in the past but this is the 
first time, to my knowledge, of someone forging a LOA with our IPs.

Thanks in advance for any advice

Brian

P.S. a big thanks to Chris for checking the boxes before activating the filter 
if you are on the list!

RE: Need someone with clue @ Network Solutions.

2020-12-15 Thread Brian Turnbow via NANOG 
Hi Matt


It has been a long time since I’ve used network solutions but from what I 
remember in their interface you have a section advanced or more settings to 
create your dns servers before associating them to the domain.
And it is in this section where you can create or change the dns name and IP 
address.
Once they are ok, then you go inside the domain where you can assign  them to 
the domain.

Sorry no contact

Brian



From: NANOG  On Behalf Of Matthew 
Crocker
Sent: Tuesday, December 15, 2020 5:43 PM
To: nanog@nanog.org
Subject: Need someone with clue @ Network Solutions.

I need to get Network Solutions to remove glue records for hosts in my domain.  
 My domain isn’t registered with Network Solutions and they refuse to speak 
with me as I’m not a customer.

I’ve had my customer attempt to update their domain through Network Solutions 
but the only thing they can change is the NS record, not the underlying host 
glue record.   I don’t think the glue records even need to exist as they are 
published by my domain already.

Does anyone have any contacts at Network Solutions that can help?

Example:


dig .com NS @i.gtld-servers.net.



; <<>> DiG 9.10.6 <<>> .com NS @i.gtld-servers.net.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24593

;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3

;; WARNING: recursion requested but not available



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;.com.IN NS



;; AUTHORITY SECTION:

.com.  172800 IN NS dns-auth4.crocker.com.

.com.  172800 IN NS dns-auth3.crocker.com.



;; ADDITIONAL SECTION:

dns-auth4.crocker.com.  172800 IN A  66.59.48.95

dns-auth3.crocker.com.  172800 IN A  66.59.48.94



;; Query time: 73 msec

;; SERVER: 192.43.172.30#53(192.43.172.30)

;; WHEN: Tue Dec 15 11:34:41 EST 2020

;; MSG SIZE  rcvd: 124


The correct servers are:


dns-auth3.crocker.com.  299IN A  66.59.61.10

dns-auth4.crocker.com.  299IN A  66.59.61.194

Re: Re[4]: Disney+ Geolocation (again)

2020-11-20 Thread Brian Turnbow via NANOG 
Hi Jeff
That seems to be oriented twords end users, not isps.
Are you suggesting that isps call/chat customer service?
So there Is no noc to noc services available?

When I opened a chat saying that i was writing from an ISP the response was 
 What Is an ISP?

Thanks
Brian


Brian Turnbow

Da: Jeff Mansukhani 
Inviato: venerdì 20 novembre 2020 20:17
A: Brian Turnbow; Mike Hammett; j...@imaginenetworksllc.com
Cc: nanog@nanog.org
Oggetto: Re[4]: Disney+ Geolocation (again)

HI all,

Sorry there is a misunderstanding.  Requests for Disney+ should go via 
https://help.disneyplus.com/csp instead.  Please kindly remove from your 
documentation and do not email  thse two @disneystreaming.com email addresses.

Thank you

J

-- Original Message --
From: "Brian Turnbow via NANOG" mailto:nanog@nanog.org>>
To: "Mike Hammett" mailto:na...@ics-il.net>>
Cc: "nanog@nanog.org<mailto:nanog@nanog.org>" 
mailto:nanog@nanog.org>>
Sent: 11/16/2020 8:12:29 AM
Subject: RE: Re[2]: Disney+ Geolocation (again)

Hi Mike,

You may want to add
technical operations services team 
techops-servi...@disneystreaming.com<mailto:techops-servi...@disneystreaming.com>

We wrote to the  distribution address and they replied forwarding it to services

Brian

From: NANOG 
mailto:nanog-bounces+b.turnbow=twt...@nanog.org>>
 On Behalf Of Mike Hammett
Sent: Friday, November 13, 2020 7:25 PM
To: Jeff Mansukhani mailto:j...@mansukhani.net>>
Cc: Nanog@nanog.org<mailto:Nanog@nanog.org>
Subject: Re: Re[2]: Disney+ Geolocation (again)

I updated our page.  :-)


-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com


From: "Jeff Mansukhani" mailto:j...@mansukhani.net>>
To: "Seth Mattinen" mailto:se...@rollernet.us>>, 
Nanog@nanog.org<mailto:Nanog@nanog.org>
Sent: Thursday, November 12, 2020 5:49:40 PM
Subject: Re[2]: Disney+ Geolocation (again)

Specifically for Network Operators, you may email
techops-distribut...@disneystreaming.com<mailto:techops-distribut...@disneystreaming.com>
 for technical issues relating
to Disney+.  Hope this helps.

Thanks

J

RE: Re[2]: Disney+ Geolocation (again)

2020-11-16 Thread Brian Turnbow via NANOG 
Hi Mike,

You may want to add
technical operations services team 
techops-servi...@disneystreaming.com

We wrote to the  distribution address and they replied forwarding it to services

Brian

From: NANOG  On Behalf Of Mike Hammett
Sent: Friday, November 13, 2020 7:25 PM
To: Jeff Mansukhani 
Cc: Nanog@nanog.org
Subject: Re: Re[2]: Disney+ Geolocation (again)

I updated our page.  :-)


-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com


From: "Jeff Mansukhani" mailto:j...@mansukhani.net>>
To: "Seth Mattinen" mailto:se...@rollernet.us>>, 
Nanog@nanog.org
Sent: Thursday, November 12, 2020 5:49:40 PM
Subject: Re[2]: Disney+ Geolocation (again)

Specifically for Network Operators, you may email
techops-distribut...@disneystreaming.com
 for technical issues relating
to Disney+.  Hope this helps.

Thanks

J

RE: 100G over 100 km of dark fiber

2020-10-30 Thread Brian Turnbow via NANOG 

Hi jared 

as others have pointed out there are lots of options


inphi offers these
https://www.inphi.com/products/colorz/


or use a box like packetlight, here is a Arista solution brief 
https://www.arista.com/assets/data/pdf/Whitepapers/Arista_Packetlight_100G_Extension_Solution.pdf
and if you serch for openline systems there are a few that do smaller systems 
2/4/8 ports that are available
FS even offers this
https://www.fs.com/de-en/specials/100g-fmx-transport-platform-103.html
more expensive than optics  but an alternative and you can stay in low 5 
figures.

cisco has the ncs55a2 with these
https://www.cisco.com/c/en/us/products/collateral/routers/network-convergence-system-5500-series/datasheet-c78-743732.html
that costs like a gazzilion dollars but your company may have great discounts...


HTH

Brian


> -Original Message-
> From: NANOG  On Behalf Of
> Jared Brown
> Sent: Friday, October 30, 2020 3:19 PM
> To: nanog@nanog.org
> Subject: 100G over 100 km of dark fiber
> 
> Hello NANOG!
> 
> I need to push 100G over 100 km of dark fiber. Since there are no 100G
> pluggable optics with this reach (~25 dB), I have been offered coherent
> transport systems to solve my problem. This is all good and well, except total
> system costs start from high five figures.
> 
> So, my question is, do I have any other options?
> 
> I can't help noticing that you can break out a 100G QSFP into four 25G QSFPs.
> 25G DWDM systems are relatively inexpensive (low five figures), but can you
> make 25G DWDM go 100 km?
> 
> I only need the one 100G, so I don't really need a highly scalable DWDM
> system. I can't put anything midspan, or if I could it would cost more than 
> just
> going with a coherent system.
> 
> 
> Jared

RE: microsoft mail contact

2020-09-15 Thread Brian Turnbow via NANOG 
Hi Nick
> 
> We recently acquired some IP space, but it seems outlook does not want to
> receive email from that space.
> 
> If there's someone that knows what we need to do, we would be grateful
> for any pointers in the right direction.
> 

First sign up for snds and get the ips under your control.
This will allow you to see what state they are in
https://sendersupport.olc.protection.outlook.com/snds/

Note that MS throttles all new IPs until they get a baseline on what the IP is 
sending, so if you have mail servers with new IPs they will take time to get up 
to speed.
So if you have a lot of 451 errors from them this may be the cause.

Then you can try and open a ticket.
https://support.microsoft.com/en-us/supportrequestform/d75c9d92-a918-3a46-52bd-565a528f1b64

They will tell you to sign up for sender support, follow there guidelines for 
sending etc.
But I have had some success with them, not always , but there are not really 
any alternatives that I know if.

Brian

RE: IP addresses on subnet edge (/24)

2020-09-15 Thread Brian Turnbow via NANOG 
> On 9/14/20 2:25 PM, Andrey Khomyakov wrote:
> > TL;DR I suspect there are middle boxes that don't like IPs ending in
> > .255. Anyone seen that?
> 
> Yes. We'd every so often get random complaints that "my friend can't reach
> my website but I can", etc., with not enough detail to track it down. The
> problem would disappear when we moved it to another IP address.
> 
> Because of this, we stopped allocating customer websites on .0 and .255 IP
> addresses about 10 years ago, instead using them for internal / controlled
> access purposes where we could investigate any problems.
> (Which never occur. )

We have started using .0 and .255  again in the past two years more or less.  
here is what one NAS shows 26 .255 users and 21 .0  users

asr1006-jn1#sh user | count \.255$
Number of lines which match regexp = 26
asr1006-jn1#sh user | count \.0$
Number of lines which match regexp = 21

We do occasionally have to change an IP but it is rare and for the most part 
things just work.
This is much different to 10 years ago where it was impossible to use them and 
we needed to exclude them from our pools.

A plus,  it is kind of fun when a super consultant calls and says he can't use 
a broadcast/network address for nat or a vpn endpoint.

Brian

RE: Partial vs Full tables

2020-06-12 Thread Brian Turnbow via NANOG 
Hi all,

> 
> Loose mode RPF will essentially drop traffic received on the interface if the
> router does not have any route for. (will not match a default or a discard
> route, at least in IOS-XR)
> 
> As Bill has pointed out, this may drop traffic from some peering networks that
> are not in the global routing table. Though one could argue that if a packet
> needs to be fragged it's typically closer to the edges rather than the
> transit/peering links.
> 

No one has mentioned it , but you can also use an acl combined with urpf.
You could even go so far as permiting everything and just using urpf for rtbh 
purposes.


Brian