RE: Netskrt - ISP-colo CDN

[Dennis Burgess via NANOG]

They are not a CDN themselves, they partner with CDNs etc, and focusing on live 
video streams.  For FREE, you will peer with their device and they will send 
you one prefix.  That prefix will be used by CDNs if they have provisioned your 
IPs with NetSkrt.  Live streaming video will be grabbed from Amazon and 
delvered to the NetSkrt appliance once, and then all other streams within your 
netblock will be directed to that single IP on the NetSkrt device, therefore, 
you receive one stream from the internet, and the rest of the network will get 
that same stream from that box.

Again, I have several customers doing this, seeing that its FREE, all you have 
to do is give them information on the /30 that you will assign it, your BGP 
peering information and that’s about it.  Very simple.  Honestly, unless you 
have something that will deliver that transit, its really a no brainer to just 
install it and let it run.  As more services opt to use them, they will have 
more fill time as well though…

Dennis

From: NANOG  On Behalf Of 
Aaron Gould
Sent: Thursday, April 4, 2024 6:01 PM
To: John Stitt ; Eric Dugas 
Cc: nanog@nanog.org
Subject: Re: Netskrt - ISP-colo CDN


Thanks ... that svta caching sounds interesting.  i watched the presentation, 
but don't understand how it's used by ISP's that want to benefit from it.

-Aaron
On 4/4/2024 5:14 PM, John Stitt wrote:
The website says they are part of the Streaming Video Technology Alliance.

I wonder if this is a prepackaged Open Cache box.

https://opencaching.svta.org/

We also don’t appear to have had any traffic from them.  Not much on the 
peeringdb for the USA ASN either.

BGP.tools shows they have upstreams with each ASN, and are on Ohio IX with 
AS53471, but not really any peers anywhere.  Looks like Cogent and Zayo for 
upstreams and only peer I see is AS1239 (Sprint Wireline (Cogent))

John Stitt

From: NANOG 

 On Behalf Of Aaron Gould
Sent: Thursday, April 4, 2024 4:36 PM
To: Eric Dugas 
Cc: nanog@nanog.org
Subject: Re: Netskrt - ISP-colo CDN


You don't often get email from aar...@gvtc.com. Learn 
why this is important


Thanks... they told me it was free.

-Aaron
On 4/4/2024 4:12 PM, Eric Dugas wrote:
That name rang a bell so I looked up my emails.

They contacted me last year, they were claiming to be "working with some of the 
major streaming brands, such as Amazon Prime Video, to improve the quality of 
both VOD and live streaming while also reducing the load on ISP networks such 
as your own.".

Based on my quick research, they have a few registered ASNs (their peeringdb 
page) with a few netblocks but I get 0 
traffic from them (we're a sizable eyeball network). Their origin network might 
still not be ready but digging a little bit more, it seems they act as a 
third-party video caching solution and not as an origin CDN so in the end, 
they're really just trying to sell ISPs and other types of customers their 
caching solutions.

Eric

On Thu, Apr 4, 2024 at 4:00 PM Aaron Gould 
mailto:aar...@gvtc.com>> wrote:
Anyone out there using Netskrt CDN?  I mean, installed in your network
for content delivery to your customers.  I understand Netskrt provides
caching for some well known online video streaming services... just
wondering if there are any network operators that have worked with
Netskrt and deployed their caching servers in your networks and what
have you thought about it?  What Internet uplink savings are you seeing?

Netskrt - 
https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.netskrt.io=0BC8F4C2-155C-0006-865C-9ACE9122981D=079c058f437b7c6303d36c6513e5e8848d0c5ac4-4155aaa63fbecd5e029360686b5937e73940ca76


--
-Aaron

--

-Aaron

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe. If you are not expecting this message contact the sender directly via 
phone/text to verify.


--

-Aaron

RE: DNSSEC & WIldcards

[Dennis Burgess via NANOG]

Looks like Bjorn was correct, one two many signatures ☹  Removed one and its 
all fixed!  Thanks too all that replied!!  

-Original Message-
From: Bjørn Mork  
Sent: Friday, March 15, 2024 12:59 PM
To: Dennis Burgess via NANOG 
Cc: Dennis Burgess 
Subject: Re: DNSSEC & WIldcards

Looks like your DNS server correctly queues up the RRs, but erronously believes 
it can drop data from the Authority section without setting the TC bit.

Reducing the bufsize so the answer doesn't fit makes trucation work:

bjorn@miraculix:~$ dig a www.app.linktechs.net. +dnssec +multiline +norecur 
@139.60.210.20 +bufsize=512 ;; Truncated, retrying in TCP mode.

; <<>> DiG 9.18.24-1-Debian <<>> a www.app.linktechs.net. +dnssec +multiline 
+norecur @139.60.210.20 +bufsize=512 ;; global options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5946 ;; flags: qr aa; 
QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280 ;; QUESTION SECTION:
;www.app.linktechs.net. IN A

;; ANSWER SECTION:
www.app.linktechs.net.  3600 IN A 139.60.210.81 www.app.linktechs.net.  3600 IN 
RRSIG A 8 3 3600 (
20240427232616 20240313222616 37041 
linktechs.net.
NYC/4H2VZg12vj+tiWVkEROhXwm7JkBna6RQg6LO8kXr
oosDUpGnxrgOtJYsWYbYfM58opiC1OeAbcaCB9+nctIU
grrwcpuhmvlXYLZi1n/oAmelPldnQ6Hf93HuHi4ULFsS
Qfsoo8sdfjt/YSJ4WxjmsM9LMbZ2CZPMU44a3MdftGW1
fNKmZ1fLtVreP41KmvP6b01lyUMvjrvT26Yq57DgUDTo
iqU5skT+OHzx6ERJkt3tzzwm2pBMvBWFDXC668NtouIW
s3mrhJRBuNW3xSCsroaLQ0vmdml2BqNNh7MZNc38FNMJ
eh+ts3mbMnOOkzlI1Q8gKMMCWv+VRmv2DA== ) 
www.app.linktechs.net.  3600 IN RRSIG A 8 3 3600 (
20240427232616 20240313222616 11340 
linktechs.net.
Th3OcZwOMNUb1zMdipnTnFdgFEaOGJ/VofQOTyxmnNCg
wl+1Q7eiQ89KHAWEDBisxd0S+EHu6/YBWY2srNx5q58P
XIZJ9oQXCqDLzSE884DTQNDEVrSMoKJ9slRU4N4Lj5tT
9LzbODmCM9ytRavOKXJHIddQa0MZT4p9cV8K2HI7XSFX
0rjieKFa7wDRJqhKyqrT3Rh/S93pavhKWUgN3GVO6hkI
H5F67UFpZK7o7nRlyqvM42ep5XaRZS/WJtLuXcTk/QM3
MBPTDWgJ0Bh8qpNuHDOb2XFH2I5dwjeKxuYCzeQzN1hL
gsmw3d1J2pNsYbC40jmi1bZr0bz2fDurIA== )

;; AUTHORITY SECTION:
_acme-challenge.app.linktechs.net. 1200 IN NSEC auto.linktechs.net. TXT RRSIG 
NSEC _acme-challenge.app.linktechs.net. 1200 IN RRSIG NSEC 8 4 1200 (
20240427232616 20240313222616 11340 
linktechs.net.
grjacRLmt+h5UMJkWMgrxeeY4m8kzNCokMsEFAi/10ld
2zcx7IZnB5oljSoZo2ZoqN0DEWVOrORGaU0kAcXDIwmD
89JG728W78+gikb8D+rpcSejfpAO8tRFO9saPSDY72uk
oP0Wle87oMcKmP9EXGcgsTZhd6Dld9qcAlUByGAZC/bi
SL5SDeALjpdqzXPXivP597VyJGakeEEjW0y2SmUOIDcg
6lOcSGX1QdmbaiHyAxHSjBsg4VV2Qpo2Br75xyfw3o1Z
oHMeacsAhhz5HQhtzv9DzULzmtmoA5sQn2VyBm2kcS+S
ZKpKioFnHj9BtOv3dn/F5hrQFhEInNPROw== ) 
_acme-challenge.app.linktechs.net. 1200 IN RRSIG NSEC 8 4 1200 (
20240427232616 20240313222616 37041 
linktechs.net.
bt6W5P4VDC5fs2r/lxwSnI8bhqS2MH7n67Gd2EK6+DDx
HYy9MAmSZEy2OYGg7QHamrWr2I+Bq2Og8A0bRRA5TitQ
VcWyq3b+VpXUPukg7bmXl4KRNGxdAB8NysoOT75yvPTe
Jy1baNzYv9/in6rf8VKXUrKSPUqcAsK3Sz5QHkuzzaIP
d+u5m59DAlobNi17QbRGKIQaXTtgkSHpj4rt61MMEzpB
JDXE5FRLCJ4pqQPm+DcF0ZrKoYqKv/1rYZSVbW3rY0XB
VEBDVy5MJg0YenhbVPcDM9OYh2dfvh5ZvYS6xsXZulv8
mKnjdJo7v6qAzPNvIhymghM+0Tp8INxAjw== )

;; Query time: 120 msec
;; SERVER: 139.60.210.20#53(139.60.210.20) (TCP) ;; WHEN: Fri Mar 15 18:57:20 
CET 2024 ;; MSG SIZE  rcvd: 1326


And directly using tcp also works:

bjorn@miraculix:~$ dig a www.app.linktechs.net. +dnssec +multiline +norecur 
@139.60.210.20 +vc

; <<>> DiG 9.18.24-1-Debian <<>> a www.app.linktechs.net. +dnssec +multiline 
+norecur @139.60.210.20 +vc ;; global options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29513 ;; flags: qr aa; 
QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280 ;; QUESTION SECTION:
;www.app.linktechs.net. IN A

;; ANSWER SECTION:
www.app.li

DNSSEC & WIldcards

[Dennis Burgess via NANOG]

So have *.app.linktechs.net that I have been trying to get to work, we have 
DNSSEC on this, and its failing, but cannot for the life of me understand why.  
I think it may have something to do with proving it exists as a wildcard, but 
any DNSSEC experts want to take a stab at it ?


Dennis Burgess

RE: Switch for SFP+

[Dennis Burgess via NANOG]

Yep, run SwichOS, prevents you from running things in software. 


[LTI-Full_175px]
Dennis Burgess, Mikrotik Certified Trainer
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE, MTCSE, HE IPv6 Sage, Cambium ePMP Certified
Author of "Learn RouterOS- Second Edition”
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270  Website: 
http://www.linktechs.net
Create Wireless Coverage’s with www.towercoverage.com

From: NANOG  On Behalf Of Mike Hammett
Sent: Monday, May 18, 2020 4:37 PM
To: Mauro Gasparini 
Cc: nanog@nanog.org
Subject: Re: Switch for SFP+

That's a downfall of Mikrotik, they give you ultimate power. You can do some 
pretty atypical things on there.


-
Mike Hammett
Intelligent Computing 
Solutions
[https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.ics%2dil.com%2fimages%2ffbicon.png%5d=B47E9451-A5F3-0D05-8BDE-9FDBD4B4C161=079c058f437b7c6303d36c6513e5e8848d0c5ac4-c5ec4171d8eb30d5845a6c42bb158eac5049c875[https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.ics%2dil.com%2fimages%2fgoogleicon.png%5d=B47E9451-A5F3-0D05-8BDE-9FDBD4B4C161=079c058f437b7c6303d36c6513e5e8848d0c5ac4-be2e4edf2d685ea567f2602c305bfa048c02fad1[https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.ics%2dil.com%2fimages%2flinkedinicon.png%5d=B47E9451-A5F3-0D05-8BDE-9FDBD4B4C161=079c058f437b7c6303d36c6513e5e8848d0c5ac4-9b0374f5a186eee94c15990608340f801b26[https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.ics%2dil.com%2fimages%2ftwittericon.png%5d=B47E9451-A5F3-0D05-8BDE-9FDBD4B4C161=079c058f437b7c6303d36c6513e5e8848d0c5ac4-5022b39587706bd2ec7239629cf89dc0926aa6a9
Midwest Internet Exchange
[https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.ics%2dil.com%2fimages%2ffbicon.png%5d=B47E9451-A5F3-0D05-8BDE-9FDBD4B4C161=079c058f437b7c6303d36c6513e5e8848d0c5ac4-c5ec4171d8eb30d5845a6c42bb158eac5049c875[https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.ics%2dil.com%2fimages%2flinkedinicon.png%5d=B47E9451-A5F3-0D05-8BDE-9FDBD4B4C161=079c058f437b7c6303d36c6513e5e8848d0c5ac4-9b0374f5a186eee94c15990608340f801b26[https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.ics%2dil.com%2fimages%2ftwittericon.png%5d=B47E9451-A5F3-0D05-8BDE-9FDBD4B4C161=079c058f437b7c6303d36c6513e5e8848d0c5ac4-5022b39587706bd2ec7239629cf89dc0926aa6a9
The Brothers WISP
[https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.ics%2dil.com%2fimages%2ffbicon.png%5d=B47E9451-A5F3-0D05-8BDE-9FDBD4B4C161=079c058f437b7c6303d36c6513e5e8848d0c5ac4-c5ec4171d8eb30d5845a6c42bb158eac5049c875[https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.ics%2dil.com%2fimages%2fyoutubeicon.png%5d=B47E9451-A5F3-0D05-8BDE-9FDBD4B4C161=079c058f437b7c6303d36c6513e5e8848d0c5ac4-c3a2a0a72aa5c9ab369580d4aacc6f70b7e85886

From: "Mauro Gasparini" mailto:mjgaspar...@gmail.com>>
To: nanog@nanog.org
Sent: Monday, May 18, 2020 1:45:59 PM
Subject: Re: Switch for SFP+

It's clear then that I must use "bridge vlan" to achieve the goal I am looking 
for.
Now it's time for me to study, research and test on my side.
If I have any specific questions, I will draw on your experience.
Thanks a lot.
El 15/5/20 a las 22:11, Travis Garrison escribió:
On the CRS 3xx line, use vlan filtering instead. This guarantees hardware 
offloading.

PS. Do not use this method on the 1xx or 2xx lines.

/interface bonding
add mode=802.3ad name=bond-inet slaves=ether9,ether10,ether8 
transmit-hash-policy=layer-2-and-3

/interface bridge
add name=bridge vlan-filtering=yes

/interface bridge port
add bridge=bridge interface=bond-inet
add bridge=bridge interface=sfp1

/interface bridge vlan
add bridge=bridge tagged=bond-inet,sfp1 vlan-ids=201

Thanks
Travis

From: NANOG  On Behalf 
Of Mauro Gasparini
Sent: Friday, May 15, 2020 10:55 AM
To: nanog@nanog.org
Subject: Re: Switch for SFP+

This works well on my CRSs:

/interface bonding
add mode=802.3ad name=bond-inet slaves=ether9,ether10,ether8 
transmit-hash-policy=layer-2-and-3

ATT Watch TV Contact

[Dennis Burgess via NANOG]

If a watch TV contact, or if you have a technical contact, would contact me 
off-list that would be great.

I have a new IP block that is not working with ATT Watch TV app.


[LTI-Full_175px]
Dennis Burgess, Mikrotik Certified Trainer
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE, MTCSE, HE IPv6 Sage, Cambium ePMP Certified
Author of "Learn RouterOS- Second Edition"
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270  Website: 
http://www.linktechs.net
Create Wireless Coverage's with www.towercoverage.com

RE: Free Program to take netflow

[Dennis Burgess via NANOG]

It specifically states it uses AS data from the netflow source.  I don't have 
that ☹  

FROM website:
collects NetFlow v8/v9 AS aggregation records

Dennis Burgess, 

-Original Message-
From: NANOG  On Behalf Of na...@jack.fr.eu.org
Sent: Monday, May 20, 2019 8:43 AM
To: nanog@nanog.org
Subject: Re: Free Program to take netflow

Check out AS-Stats¹, with perl-ip2as

[1] https://github.com/manuelkasper/AS-Stats


On 05/20/2019 03:36 PM, Dennis Burgess via NANOG wrote:
> Please let me clarify.  Currently the Netflow data that this customer is 
> sending does NOT supply AS information.  So I need something to generate that 
> AS data and display.  The goal is to figure out where we need to peer next.  
> Where the top traffic is coming in from (what AS) on our paid transit.
> 
> 
> 
> Dennis Burgess,
> 
> From: NANOG  On Behalf Of Dennis Burgess via NANOG
> Sent: Friday, May 17, 2019 9:27 AM
> To: nanog@nanog.org
> Subject: Free Program to take netflow
> 
> I am looking for a free program to take netflow and output what the top 
> traffic ASes to and from my AS are.   Something that we can look at every 
> once in a while, and/or spin up and get data then shutdown..  Just have two 
> ports need netflow from currently.
> 
> Thanks in advance.
> 
> 
> 
> Dennis Burgess
> 
> 

RE: Free Program to take netflow

[Dennis Burgess via NANOG]

Please let me clarify.  Currently the Netflow data that this customer is 
sending does NOT supply AS information.  So I need something to generate that 
AS data and display.  The goal is to figure out where we need to peer next.  
Where the top traffic is coming in from (what AS) on our paid transit.



Dennis Burgess,

From: NANOG  On Behalf Of Dennis Burgess via NANOG
Sent: Friday, May 17, 2019 9:27 AM
To: nanog@nanog.org
Subject: Free Program to take netflow

I am looking for a free program to take netflow and output what the top traffic 
ASes to and from my AS are.   Something that we can look at every once in a 
while, and/or spin up and get data then shutdown..  Just have two ports need 
netflow from currently.

Thanks in advance.



Dennis Burgess

Free Program to take netflow

[Dennis Burgess via NANOG]

I am looking for a free program to take netflow and output what the top traffic 
ASes to and from my AS are.   Something that we can look at every once in a 
while, and/or spin up and get data then shutdown..  Just have two ports need 
netflow from currently.

Thanks in advance.


[LTI-Full_175px]
Dennis Burgess, Mikrotik Certified Trainer
Author of "Learn RouterOS- Second Edition"
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270  Website: 
http://www.linktechs.net
Create Wireless Coverage's with www.towercoverage.com

RE: Cogent v6 Blackhole server issues???

[Dennis Burgess via NANOG]

Out of St. Louis, mine has been up since the last reboot of my router.  

2001:550:0:1000::421c:802 is my peering..  





Dennis Burgess, Mikrotik Certified Trainer 
Author of "Learn RouterOS- Second Edition” 
Link Technologies, Inc -- Mikrotik & WISP Support Services 
Office: 314-735-0270  Website: http://www.linktechs.net 
Create Wireless Coverage’s with www.towercoverage.com 

-Original Message-
From: NANOG  On Behalf Of John Von Essen
Sent: Friday, February 22, 2019 12:15 PM
To: nanog@nanog.org
Subject: Cogent v6 Blackhole server issues???

2 days ago my IPv6 BGP session to Cogent's Blackhole server went down 
(2001:550:0:1000::421C:802), I've spent all morning emailing their NOC and I'm 
getting nowhere. Anyone else seeing this? Im in the Phila Metro area.

-John

RE: CenturyLink

[Dennis Burgess via NANOG]

National outage since 4:33 am this morning..


[LTI-Full_175px]
Dennis Burgess, Mikrotik Certified Trainer
Author of "Learn RouterOS- Second Edition"
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270  Website: 
http://www.linktechs.net
Create Wireless Coverage's with www.towercoverage.com

From: NANOG  On Behalf Of Naslund, Steve
Sent: Thursday, December 27, 2018 12:46 PM
To: nanog@nanog.org
Subject: CenturyLink

Anyone have any insight to the nationwide CenturyLink issues/outages today?  
Just wondering.  Know for sure that our connections to them from Florida, Iowa, 
and Washington State are all affected.  Voice and data.

Steven Naslund
Chicago IL

Playstation/Sony Support

[Dennis Burgess via NANOG]

I am looking for someone that can help me with a IP that appears banned from 
the PS4 network.  If you are around, please hit me off-list :)

Thanx,


Dennis Burgess, Mikrotik Certified Trainer
Author of "Learn RouterOS- Second Edition"
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270  Website: 
http://www.linktechs.net
Create Wireless Coverage's with www.towercoverage.com