Verizon (uu.net) DNS managers out there?

[Joel M Snyder]

If there's anyone out there who is responsible for the UU.NET 
nameservers (authxx.ns.uu.net), can you please contact me off-list?


I have a customer who is trying to move their DNS off of UU.NET and of 
course everyone they used to know as a technical contact is no longer 
available.  The NIC side is done; we just need to get those nameservers 
to stop doing zone transfers and stop thinking that they are 
authoritative for the zone.


Thanks,

jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One   Phone: +1 520 324 0494
j...@opus1.comhttp://www.opus1.com/jms

RingCentral STUN Engineer?

[Stephen M]

Anyone with abilities to view traffic for the STUN servers able to message
me off list?

I have been going back and forth a couple of weeks now doing PCAPs with not
only RingCentral but with Palo Alto on the phone as well showing there is
no return traffic coming from the RC side on call initiations and reviewing
our configurations continually showing the traffic is allowed on our side.
We created explicit in and out rules to define all traffic and no change.

I'm stuck in tier 3 (they have been good though) and they are timid to
escalate up to the STUN engineers to verify but I can't keep doing the same
'its not us' test with them when it is work impacting.

Thanks in advance!

Re: NTP Sync Issue Across Tata (Europe)

[Giovane C. M. Moura via NANOG]

So the Anycast address our devices use internally to find the closest
 NTP server is geo-mapped to MU. 


So indeed, the pool will only send you a single NTP server in this case.
GeoDNS essentially map  you to mu.pool.ntp.org.

You can verify what NTP servers you can expect from the Pool by querying 
it directly (and thus bypassing GeoDNS mappings)


$ dig mu.pool.ntp.org


mu.pool.ntp.org.62  IN  A   197.224.66.40


However, the physical server is 
geo-mapped to the specific countries in Europe, e.g., GB, NL, FR, DE,


What really matters from GeoDNS is the IP address of your client -- the 
one that goes in the NTP query. So if you are using your anycast address 
to query, it does not matter what are the unicast addresses of your servers.



Unless the geo data ntp.org are using is inconsistent, I'd imagine
the servers should be mapped to a European pool, since the physical
address from which the server queries the pool is geo-mapped locally,
for this specific reason.


They also use the latest Maxmind mappings, and I confirmed it 
experimentally. ( I think it's fully automated their update method)


/giovane

Re: NTP Sync Issue Across Tata (Europe)

[Giovane C. M. Moura via NANOG]

Hi Mark,



I have NTP servers in Europe that are choosing Tata (6453) to get to
 0.freebsd.pool.ntp.org which lives on 197.224.66.40:


NTP is not sync'ing to that address, and sessions stay in an Init
state.
TL;DR: I'd guess your NTP Server IP address is geolocated to Mauritius. 
The Mauritius zone[0] on the pool has only one server, so you'll only 
see this one. To fix it, use europe.pool.ntp.org (_do not_ use 
pool.ntp.org).



Longer answer:

NTP pool folks use GeoDNS[1], which is their DNS server to map clients 
to servers.


The `0.freebsd.pool.ntp.org` name is just an alias for them -- what they 
really do is this:


 * Get geolocation_data(client_IP_address): 
 * check country subzone in NTP pool (e.g, nl.pool.ntp.org [2]):
   * If there are >=1  servers in the zone, return (up to) 4 or them
   * If there is one, then return just one (this is a _known issue_)
   * if there is none, then fall back to the continent zone (Europe[3])

I've seen the same issue before with Guernsey clients (only one server). 
We have contact the pool operators and they are working now on a new 
GeoDNS version to prevent this from happening [4]


More details in [5].

In short, change your ntp configuration; the issue you have is that 
despite having 4k servers on the Pool, this strict GeoDNS mapping 
prevents you from accessing the other servers just bc of your IP 
address. The reasoning is to prevent asymmetric routing [4], but they 
are working on a fix to prevent these scenarios.



/giovane

[0] https://www.ntppool.org/zone/mu
[1] https://github.com/abh/geodns
[2] https://www.ntppool.org/zone/nl
[3] https://www.ntppool.org/zone/europe
[4] https://community.ntppool.org/t/minor-new-features-on-the-website/2947/8
[5] 
https://www.sidnlabs.nl/downloads/5aPx86UtFmvKs6WE3LHwbU/c6acce6a012fe07256bab8caefff54af/Diving_into_the_NTP_Pool.pdf

Searchable archives of the list?

[Joel M Snyder]

This seems an absurd question but … “where are the searchable archives of this 
list?”  I have found an innumerable set of archives and copies of archives 
broken into months, but I cannot find a way to search the content of the list 
archive (short of downloading the archives and grepping from there). 

Is there a searchable archive someplace maintained by nanog?  And if so… how 
about updating the nanog web pages about this list with a pointer? 

And finally, the question I was searching to avoid asking on the list: does 
anyone have any experience, good or bad, with leasing out unused IPv4 space 
through ipway?

Thanks, 


jms
---
Joel M Snyder - Opus One - j...@opus1.com

Are there any DNS POCs from Raytheon on here?

[Stephenson, Ryan M CIV DISA IE (USA) via NANOG]

Please reach out to me.


Ryan Stephenson
Defense Information Systems Agency
DoD NIC IE721
UE: ryan.m.stephenson2@mail.mil

AS 10797 Charter Communications Contact

[Aaron M. Pace]

If anyone from Charter could contact me off list would appreciate it. 
Troubleshooting an issue for slow performance to remote users using with a 
hardware IPsec appliance. If I use a different egress circuit from my network, 
fixes the issue. It seems to be resolved after a few days, and the transit AS 
(Lumen) does not see any issues in their path. 

Thanks
Aaron

Fwd: [lacnog] LACNOG2022 - Call for Presentations

[Carlos M. Martinez]

FYI,

Come join NANOG’s kid brother from the South ! :-)

This year’s event will be hybrid, so traveling shouldn’t be an 
issue.


Cheers!

/Carlos

Forwarded message:


From: Jorge Villa vía LACNOG 
To: Latin America and Caribbean Region Network Operators Group 


Cc: Jorge Villa 
Subject: [lacnog] LACNOG2022 - Call for Presentations
Date: Tue, 14 Jun 2022 08:52:53 -0400

LACNOG 2022 - Call for Presentations



LACNOG, the Latin American and Caribbean Network Operators Group, will 
hold its LACNOG 2022 conference together with the LACNIC 38 event from 
3 to 7 October 2022. This meeting will be held in person in the city 
of Santa Cruz, Bolivia (provided that the evolution of the 
epidemiological situation in the region allows). Otherwise, the 
conference will once again be held online.




The LACNOG 2022 Program Committee invites the Internet community to 
submit their presentation proposals for the event.




In line with the spirit of LACNOG, presentations should address topics 
geared towards regional Internet development. The following is a 
non-exhaustive list of some of the topics of interest for the LACNOG 
2022 meeting:




●Network operation and professional experiences, success 
stories


●Internet of Things

●MANRS

●Community networks

●IPv6 integration and deployment

●Experiences involving botnets, malware, spam, viruses, 
denial of service attacks, and exploit techniques


●IP network architecture, sizing, configuration, and 
administration


●Routing and switching protocols, including unicast, 
multicast, anycast, SDN, etc.


●End-user applications (e.g., e-mail, HTTP, DNS, NFVs, etc.)

●Value-added services, such as VPNs, distributed systems, 
cloud computing, etc.


●Peering, Internet traffic exchange, IXPs

●Network data security and management, attack mitigation

●Network monitoring, performance, measurements, and 
telemetry


●Network automation, evolution, and convergence

●Infrastructure and physical transport, including optical 
and wireless networks


●Legislation, regulations, and Internet governance issues

●Research and education



Possible presentation formats include:



●Lightning talk: brief, 10-minute presentation (including a 
space for Q).


●Presentation: 20-minute presentation (including a space for 
Q).


●Poster: includes a single-page PDF (A2 or smaller) with the 
basic information of the presentation and a 2- to 5-minute video with 
the presentation.




The timeline for the 2022 call for proposals will be as follows:


Reception of proposals: 31 May to 17 July 2022
Proposals will be accepted until: 17 July 2022 at 23:59 UTC-3 (Uruguay 
time)

Evaluation by the Program Committee: 18 July to 7 August 2022
Announcement of results: 10 August 2022
Reception of final presentations: 10 August to 18 September 2022 at 
23:59 UTC-3 (Uruguay time)

Event date: 3 to 7 October 2022




Applicants must submit a summary and a draft of the slides of their 
proposed presentation along with a brief biography, for which they 
must use the form available at  https://eventos.nog.lat/e/lacnog2022




If your work is selected, you authorize LACNOG and LACNIC to publish 
your name, photograph, biography, and final work in the event program.




Speakers presenting their work at the LACNOG 2022 conference will 
receive a certificate acknowledging their participation.




Guidelines for Submitting a Presentation for LACNOG including a 
description of the criteria that will be considered when evaluating 
each proposal, presentation format, and other details are available at 
https://lacnog.org/seccion/postulacion-trabajos




Communications with the Program Committee will be handled through 
p...@lacnog.org.




We thank you in advance for your attention and look forward to 
receiving your proposals for LACNOG 2022.




The Program Committee



___
LACNOG mailing list
lac...@lacnic.net
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog

Re: ISP data collection from home routers

[Giovane C. M. Moura via NANOG]

Who cares about the SSID???


I don't remember the data model, but I remember that they retrieved data 
very often, multiple times a minute.


(some ppl in the list may have access to this data and know it very well)

They can easily profile you and know when you're at home, and when 
you're gone. Some people may find this interesting...


To have a really meaningful discuss on the privacy implications, we 
would need to see the data model, and the frequency that they pool the data.


/giovane

ISP data collection from home routers

[Giovane C. M. Moura via NANOG]

Hello there,

Several years ago, a friend of mine was working for a large telco and 
his job was to detect which clients had the worst networking experience.


To do that, the telco had this hadoop cluster, where it collected _tons_ 
of data from home users routers, and his job was to use ML to tell the 
signal from the noise.


 I remember seeing a sample csv from this data, which contained 
_thousands_ of data fields (features) from each client.


I was _shocked_ by the amount of (meta)data they are able to pull from 
home routers. These even included your wifi network name _and_ password!

(it's been several years since then).

And home users are _completely_ unaware of this.

So my question to you folks is:

- What's the policy regulations on this? I don't remember the features 
(thousands) but I'm pretty sure you could some profiling with it.


- Is anyone aware of any public discussion on this? I have never seen it.

Thanks,

Giovane Moura

SF DigitalRealty <> Equinix PAIX Dark Fiber

[Stephen M]

Hello NANOG,

I’m looking for dark fiber providers between:

Digital Realty at 200 Paul Ave, San Francisco &
Equinix SV8/PAIX at 529 Bryant St, Palo Alto

I am looking for 2 strands (simplex count).

I’m already in talks with Zayo and Wave (known as Astound now) but am checking 
to see if there are any others I can reach out to as well that I may have 
missed.

Off list emails are fine.

Thanks in advance and enjoy your hopefully quiet weekends!

Cheers,
Stephen

//please pardon any brevities - sent from mobile//

Re: Coverage of the .to internet outage

[Joel M Snyder]

Got an Intelsat press release which may be of interest to folks 
following the situation in Tonga.  I wish I could include just a URL, 
but they sent it to be as text so I am including the full thing:

---
FOR IMMEDIATE RELEASE: January 21, 2022

Intelsat and Partners Bring Emergency Connectivity to Tonga

McLean, Va. – Intelsat, operator of the world’s largest integrated 
satellite and terrestrial network, in cooperation with Telstra and Spark 
deployed emergency communications services to support humanitarian aid 
to Tonga and the archipelago for Digicel Tonga and Tonga Communications 
Corporation.


The undersea volcano, Hunga-Tonga-Hunga-Ha’apai, erupted on Jan. 15, 40 
miles north of Tonga’s capital, Nuku’alofa. The volcanic explosion and 
subsequent tsunami knocked out the undersea internet cables, 
disconnecting the region of 100,000 as residents sought higher ground 
with the onslaught of rising water and dangerously high waves.


Intelsat is providing space-based broadband connectivity on Horizons 3e 
and Intelsat 18, while partners, Telstra and Spark, are providing the 
ground infrastructure, including VSAT hubs at their teleports, uplink, 
internet access and remote kits.


The services provided are now fully provisioned expanding broadband and 
voice services.


Additionally, Intelsat is providing services in conjunction with Optus 
to the New Zealand Defence Force, who will provide humanitarian support 
in Tonga.


“Communications infrastructure is essential to assisting the residents, 
coordinating medical staff and providing supplies, clean food and water 
and basic human needs,” said Intelsat CEO Stephen Spengler. “Our hearts 
go out to the residents of Tonga and all impacted by this devastation, 
and we’re working with our partners to play a role in supporting the 
community in their time of need.”


Intelsat’s swift response is a testament to its communications 
infrastructure over the Pacific Islands, operational efficiencies, and 
longstanding commitment to serving the region. It is the quintessential 
demonstration of satellite solutions’ near-instantaneous communications 
activation in areas where disasters have crippled terrestrial networks.


In 2019, Tonga lost internet access for nearly two weeks when a 
fiber-optic cable was severed. Intelsat played a significant role in 
restoring the island's restoration connectivity by providing satellite 
capacity on Horizons 3e and Intelsat18 at that time.


--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One   Phone: +1 520 324 0494
j...@opus1.comhttp://www.opus1.com/jms

Re: possible rsync validation dos vuln

[Giovane C. M. Moura via NANOG]

Good news: the disclosure has been postponed


Quoting from:

https://english.ncsc.nl/latest/news/2021/october/29/upcoming-announcement-of-rpki-cvd-procedure

Update 31 October: Talks have resumed, disclosure is postponed.

Since 30 October, constructive conversation is fortunately taking place
with the parties involved. As such, the NCSC will not publish details
about this vulnerability on Monday 1 November, as previously announced,
but at a later moment (in agreement with the parties involved).


/giovane

On 10/29/21 3:03 AM, Randy Bush wrote:
> received this vuln notice four days before these children intend to
> disclose.  so you can guess how inclined to embargo.
> 
> randy
> 
> 
> From: Koen van Hove 
> Subject: CVD: Vulnerabilities in RPKI Validators
> To: ra...@psg.com, s...@hactrn.net
> Cc: c...@ncsc.nl
> Date: Wed, 27 Oct 2021 14:59:21 -0700
> 
> Dear Randy Bush and Rob Austein,
> 
> Apologies, this email was previously sent to the wrong email address.
> 
> On behalf of the University of Twente and the National Cyber Security
> Centre of the Netherlands (NCSC-NL) we want to notify you of a Coordinated
> Vulnerability Disclosure for RPKI vulnerabilities that also impact rcynic
> developed by Dragon Research Labs.
> 
> The vulnerabilities were discovered by scientific research on the
> implementation of RPKI validators.
> Together with you, the NCSC-NL, the University of Twente, and multiple
> other parties, we would like to come to a timely solution before the
> results of this research will be made public. More information about
> Coordinated Vulnerability Disclosure can be found here [1].
> 
> The vulnerabilities are classified as a denial of service vulnerability and
> impact multiple implementations of RPKI validators including rcynic. Since
> RPKI is of international interest we hope that you will work together with
> us on this CVD.
> 
> The goal is to have fixes available before 1 November which will also be
> the date that the results of this research will become public. Before 1
> November the information in the CVD, or the fact that a CVD is taking
> place, is to be kept strictly confidential. The fixes are to be released
> collectively on 1 November.
> 
> Please let us know whether you agree to these terms, and want to
> participate in this CVD. If so, we will send you the details. We hope to
> hear from you.
> 
> If there are any further questions, please let us know.
> 
> Yours sincerely,
> 
> Koen van Hove
> University of Twente
> 
> [1] https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd
> 
> - --
> Koen van Hove
> -BEGIN PGP SIGNATURE-
> Version: FlowCrypt Email Encryption 8.1.5
> Comment: Seamlessly send and receive encrypted email
> 
> wsDzBAEBCgAGBQJhecu4ACEJEPnqm/++VTh9FiEE5Q3GCKqW0RQyUpA/+eqb
> /75VOH1CjwwAq8Hd0psDhfj6mL4X9ybLGogONpzFKYp9Okv9/CKzQvG4AkLR
> Cvrz3vHlQRKJP8I2PYSLZvtG9D/HXjjKcU+m24jjl2qbKKuSwprqQhLAqabN
> Md+RZFjQGve5Z4vtJsfhXKc4PhaAzMujVc4Mh5Mdbs4sFEdrub1hSnYKlcQV
> PvS/O9SpCYU0E0IC1I455HXxSXUtme+KHtzbGIWQe/mz4KpnZD2Me/Cr1LvG
> Od9izri0Qx5vF+kdpR51PEiwHgN+QkmnUP6Gkrca8TSC2x3ta9B1/ZprdCoZ
> ZYQ7QUFUAkfV+tKCMaBECNOrnDjw8E9GonvzmqpDHBtKBZ3LaxjZX/sxuuTC
> +Ele5nVeWW0ZFqrbanbPy9y1q04tFQd8ewdSN40iXdTj7Ha8GadUhcdSLWqJ
> cLmf71qUAvdwpp0Bt1nhExpU/bEtAaxfnEcTRDX43yUkZXSqV5BxYEyneSLj
> IvFV9AUi56Cx45ESkGRR1ASuCzoc8FCjRH7KOWnaL3fl
> =YQZI
> -END PGP SIGNATURE-
> 

Re: setting ntp with dhcp

[Giovane C. M. Moura via NANOG]

Thanks everyone for their answers.

To summarize:

 1. NTP from DHCP usage:
* Not all clients accept DHCP configs for NTP (like android phones)
* WiFi VoIP phones use ntp from dhcp (default) -- Google Fiber case

  showed that VOIP phones may fail to register if DHCP provides 
  unreachable NTP servers.
2. DOCSIS devices use TIME protocol, and sometimes NTP as well
3. Most devices likely to use hard-coded values

I'm approaching this a researcher, trying to understand these settings
usage in the wild.

W.r.t. Hal Murray bursts queries, that's interesting, we also run some
servers that we share on the NTPPool but we don't see such bursts -- we
see sort of a stable timeseries with thousands of NTP queries per second.

thanks everyone for sharing their thoughts and experiences,

/giovane





On 10/1/21 5:05 PM, Mukund Sivaraman wrote:
> Hi Giovane
> 
> On Fri, Oct 01, 2021 at 04:12:15PM +0200, Giovane C. M. Moura via NANOG wrote:
>> hello folks,
>>
>> So DHCP can also be used to set NTP servers on clients, for both
>> IPv4[rfc2132] and IPv6[rfc5908].
>>
>> I'm looking for statistics on setting NTP servers on clients using DHCP,
>> in the wild. Does anyone know if there is any available somewhere?
>>
>> I'm also looking for reports from operators and their experiences on
>> this, and why they use (or not) this DHCP feature, and what types of
>> networks is this deployed, and their motivations, etc.
> 
> Some PC OSs such as Linux distributions obey the "ntp-servers" ISC DHCP
> option (mapped to option code 42 in RFC 2132 section 8.3) and configure
> the client's NTP service with it.
> 
> But not all DHCP clients do. E.g., Android phones ignore this option
> completely.
> 
> We use this option in our office to configure a local timeserver (uses a
> Garmin GPS 18x LVC receiver), but it only works on client machines that
> attempt to make use of that option.
> 
>   Mukund
> 

setting ntp with dhcp

[Giovane C. M. Moura via NANOG]

hello folks,

So DHCP can also be used to set NTP servers on clients, for both
IPv4[rfc2132] and IPv6[rfc5908].

I'm looking for statistics on setting NTP servers on clients using DHCP,
in the wild. Does anyone know if there is any available somewhere?

I'm also looking for reports from operators and their experiences on
this, and why they use (or not) this DHCP feature, and what types of
networks is this deployed, and their motivations, etc.

Thanks in advance,

/giovane

any POCs for cicimar.ipn.mx available?

[Stephenson, Ryan M CIV DISA IE (USA) via NANOG]

There are some DNSSEC issues with ipn.mx. 
https://dnsviz.net/d/cicimar.ipn.mx/dnssec/

 Are there any POCs available to inform of the errors?

Ryan Stephenson 
Defense Information Systems Agency
DoD NIC IE721
COM: 614-692-5284 | DSN: 312-850-5284
UE: ryan.m.stephenson2@mail.mil
CE: ryan.m.stephenson2@mail.smil.mil
iPhone: (614) 769-1921

Re: Juniper hardware recommendation

[Stephen M]

Side to side airflow can be implemented in a front to rear environment with 
some baffling acting as intake from one side to exhaust out the other

Not ideal, but doable

//please pardon any brevities - sent from mobile//

From: NANOG  on behalf of 
Tony Wicks 
Sent: Friday, May 7, 2021 2:33:23 PM
To: 'Javier Gutierrez Guerra' 
Cc: nanog@nanog.org 
Subject: RE: Juniper hardware recommendation


You really should discuss this with you local Juniper rep in the first instance 
I would suggest.



From: NANOG  On Behalf Of Javier 
Gutierrez Guerra
Sent: Saturday, 8 May 2021 9:28 am
To: r...@rkhtech.org; nanog@nanog.org
Subject: RE: Juniper hardware recommendation



I need to do MPLS (vlls), VXLAN, Multicast, full routing tables, multiple VRFs, 
q-in-q, QoS

Anything with 1Tbs of throughput should be more than enough at this time for me

I also need it to be able to support 100G interfaces, 1G and 10G



Javier Gutierrez Guerra

Network Analyst

CCNA R, JNCIA

Westman Communications Group

Phone: 204-717-2827

Email: guer...@westmancom.com

[WCG_Corp_Logo_horiz_cFullcolorHR]



[cisco-certified-network-associate-routing-and-switching-ccna-routing-and-switching]



From: Ryan Hamel mailto:administra...@rkhtech.org>>
Sent: May 7, 2021 4:23 PM
To: Javier Gutierrez Guerra 
mailto:guer...@westmancom.com>>; 
nanog@nanog.org
Subject: RE: Juniper hardware recommendation



CAUTION: This email is from an external source. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.

Hello!



We wouldn’t be able to give any sort of answer without knowing your current and 
future requirements. Each model has its own throughput classes, and sometimes a 
full on MX router isn’t required.



From: NANOG 
mailto:nanog-bounces+ryan=rkhtech@nanog.org>>
 On Behalf Of Javier Gutierrez Guerra
Sent: Friday, May 7, 2021 1:55 PM
To: nanog@nanog.org
Subject: Juniper hardware recommendation



Hi,

Just out of curiosity, what would you recommend using for a core router/switch 
from Juniper?

MX208,480,10K

Datasheets show them all as very nice and powerful devices (although they do 
use a lot of rack space and side to side airflow is painful) but I’m just 
wondering here what most people use and how good or bad of an experience you 
have with it ??

Thanks,



Javier Gutierrez Guerra

Network Analyst

CCNA R, JNCIA

Westman Communications Group

Phone: 204-717-2827

Email: guer...@westmancom.com

[WCG_Corp_Logo_horiz_cFullcolorHR]



[cisco-certified-network-associate-routing-and-switching-ccna-routing-and-switching]

Re: DoD IP Space

[Carlos M. Martinez]

That would be true if “the Internet” was still fully comprised of 
American providers and customers. That hasn’t been the case for a 
long, long time.


On 26 Apr 2021, at 16:27, Mel Beckman wrote:


Owen,

Well, no. The Internet — meaning the ISPs and customers that 
comprise it — get substantial subsidies to this day. But that’s no 
call for the government to be obtuse with the purposes of its IP 
space.


https://www.nasdaq.com/articles/more-than-300-companies-participate-in-internet-subsidy-program-u.s.-agency-2021-04-01

 -mel



On Apr 26, 2021, at 11:05 AM, Owen DeLong  wrote:




On Apr 24, 2021, at 16:34 , Jason Biel  wrote:

The internet that is subsidized by that same Government….


Uh, s/is/was/

There’s really no subsidy any more.

Owen

Re: (Slightly OT?) K8S Platform As A Service Recommendations

[M B]

You could look at the combo of Tinkerbell and CAPI (ClusterAPI). Happy to
chat more off list.

-matt

On Wed, Apr 7, 2021, 10:42 AM Charles N Wyble  wrote:

> Hello all,
>
>
> I know this is primarily a networking list, but I know lots of server
> admins hang out here.
>
> Does anyone have a recommendation for a self-hosted, on premise, platform
> as a service layer for k8s (specifically k3s)?
>
> I have written up some context here:
>
>
> https://github.com/TSYSGroup/docs-techops/blob/master/Applications/AppRuntimeLayerTodo.md
>
> tl:dr : I have about 70 to 200 apps / (micro) services that will need to
> run across a handful of k3s servers . I already have HA
> database/networking/certificate/application load balanacer/authentication
> stacks in production use, I am currently running the actual
> websites/applications on a single Ubuntu LAMP server and want to build out
> an HA runtime layer for all the properties/applications and need a way to
> orchestrate k3s/metallb
>
> Rancher rio has come up a few times in my research:
> https://bram.dingelstad.works/blog/finding-the-right-paas-for-k8s/
> In addition to the web apps , I will also will be running a number of r
> applications and CUDA enabled containers (across a mix of physical
> x86/jetson/tegra machines with k3s workers).
>
> Suggestions/comments/questions/flames welcome :)
>
> On or off list as you prefer.
>

Re: Famous operational issues

[Regis M. Donovan]

On Thu, Feb 18, 2021 at 07:34:39PM -0500, Patrick W. Gilmore wrote:
> And to put it on topic, cover your EPOs

I worked somewhere with an uncovered EPO, which was okay until we had a
telco tech in who was used to a different data center where a similar
looking button controlled the door access, so he reflexively hit it
on his way out to unlock the door.  Oops.

Also, consider what's on generator and what's not.  I worked in a corporate
data center where we lost power.  The backup system kept all the machines
running, but the ventilation system was still down, so it was very warm very
fast as everyone went around trying to shut servers down gracefully while
other folks propped the doors open to get some cooler air in.

--r

Merhaba

[M. Omer GOLGELI via NANOG]

Selamlar




M. Omer GOLGELI
---
AS202365

  https://as202365.peeringdb.com 
  https://bgp.he.net/AS202365 

NOC:
 Phone: +90-533-2600533
 Email:  o...@chronos.com.tr

Re: DMVPN via Internet or Private APN

[Joel M Snyder]

I offer a question to help me settle an internal debate. As a network
engineer for a large enterprise, do you choose ISP flexibility or ISP
security when you build an OOB network? 


Flexibility.  (will not joke about immense problem of including the 
words "ISP" and "security" in same sentence, unless accompanied by the 
phrase "complete and total absence of" as well)


My particular area of concentration the last decade or so has been large 
multi-national WANs.  I've been fortunate enough to see entire waves of 
deployment and redeployment, which has added a thick layer of scarring.


One of the lessons that I take away from these deployments is that 
anything which is not pure "Internet" IP must be avoided, because if it 
doesn't bite you in the *ss on day 1, it will on day 1,000 or 10,000.


Providers love to deliver a customized service, and in small deployments 
(such as connecting offices within a metropolitan area) I can see the 
value.  But whether the provider is creating lock-in (sinister 
conspiracy theory) or just wants to give you a better service 
(optimistic world view theory), it *always* ends up being a problem 
sooner or later.


I can pull a dozen anecdotes out where this happened and cost between $ 
and  to deal with, but my long-term experience is that the more 
vanilla the pipe, the better off you will be in the long run especially 
as the clock ticks past years and years.


There are certainly issues with having multiple contracts, and the 
overhead of handling hundreds of semi-overlapping and slightly different 
bills and contact points is not to be dismissed lightly; it is a BIG 
deal especially for larger organizations with high internal costs for 
administrative overhead.  Providers also claim better pricing on big 
contracts, but rarely is this true, because of the sharp and continuous 
drop in costs for Internet worldwide.


Go with vanilla.  It's easier to pour syrup and nuts on top than it is 
to dig out those disgusting frozen marshmallow chunks from the rocky 
road someone committed to.



jms

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One   Phone: +1 520 324 0494
j...@opus1.comhttp://www.opus1.com/jms

Re: Gaming Consoles and IPv4

[Carlos M. Martinez]

Delay, or “lag” in gamer parlance is everything. Have too much lag 
and you are dead without realizing you are dead. Lag frustrates gamers 
enormously and is probably one of the main drivers of NOC calls.


It seems to me that a purely client/server model will inherently have 
more lag issues than a peer-to-peer game.


Not to mention cost… if you are the game publisher suddenly you’re 
faced with maintaining a global footprint of servers with all that 
implies.


/Carlos

On 28 Sep 2020, at 11:21, Tom Beecher wrote:


>

Why stray away from how PC games were 20 years ago where there was a
dedicated server and clients just spoke to servers?



Much cheaper to just let all the game clients talk peer to peer than 
it is

to maintain regional dedicated server infrastructure.

On Mon, Sep 28, 2020 at 8:35 AM Mike Hammett  wrote:


Why stray away from how PC games were 20 years ago where there was a
dedicated server and clients just spoke to servers?



-
Mike Hammett
Intelligent Computing Solutions 




Midwest Internet Exchange 



The Brothers WISP 


--
*From: *"Justin Wilson (Lists)" 
*To: *"North American Network Operators' Group" 
*Sent: *Monday, September 28, 2020 7:22:28 AM
*Subject: *Re: Gaming Consoles and IPv4

There are many things going on with gaming that makes natted IPv4 an 
issue
when it comes to consoles and gaming in general.   When you break it 
down

it makes sense.

-You have voice chat
-You are receiving data from servers about other people in the game
-You are sending data to servers about yourself
-If you are using certain features where you are “the host” then 
you are
serving content from your gaming console.  This is not much different 
than
a customer running a web server.  You can’t have more than one 
customer

running a port 80 web-server behind nat.
-Streaming to services like Twitch or YouTube

All of these take up standard, agreed upon ports. It’s really only
prevalent on gaming consoles because they are doing many functions.  
Look

at it another way.  You have a customer doing the following.

-Making a VOIP call
-Streaming a movie
-Running a web server
-Running bittorrent on a single port
-Having a camera folks need to access from the outside world

This is why platforms like Xbox developed things like Teredo.

Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

On Sep 27, 2020, at 9:33 PM, Daniel Sterling 


wrote:

Matt Hoppes raises an interesting question,

At the risk of this being off-topic, in the latest call of duty games 
I've
played, their UDP-NAT-breaking algorithm seems to work rather well 
and
should function fine even behind CGNAT. Ironically turning on upnp 
makes
this *worse*, because when their algorithm probes to see what ports 
to use,
upnp sends all traffic from the "magical xbox port" to one box 
instead of

letting NAT control the ports. This does cause problems when multiple
xboxes are behind one NAT doing upnp. If upnp is on and both xboxes 
are
fully powered off and then turned on one at a time, things do work. 
But

when upnp is off everything works w/o having to do that.

There are many other games and many CPE NAT boxes that may do 
horrible
things, but CGNAT by itself shouldn't cause problems for any recent 
device

/ gaming system.

It is true that I've yet to see any FPS game use ipv6. I assume 
that's cuz
they can't count on users having v6, so they have to support v4, and 
it
wouldn't be worth their while to have their gaming host support 
dual-stack.

just a guess there

-- Dan



On Sun, Sep 27, 2020 at 7:29 PM Mike Hammett  
wrote:



Actually, uPNP is the only way to get two devices to work behind one
public IP, at least with XBox 360s. I haven't kept up in that realm.



-
Mike Hammett
Intelligent Computing Solutions 




Midwest Internet Exchange 



The Brothers WISP 


--
*From: *"Matt Hoppes" 
*To: *"Darin Steffl" 
*Cc: *"North 

Softbank Contact

[Evan M. Gillman via NANOG]

Hello, 

Can someone from Sofbank sales contact me off list?
 
Thanks,

Evan







Evan M. Gillman | transitbroker.com | P. 212.420.1222 | M. 917.664.0707

Re: 60ms cross continent

[Joel M Snyder]

On Jul 8, 2020, at 3:05 AM, Mark Tinka  wrote:

>Satellite earth stations are not irrelevant, however. They still do get
>used to provide satellite-based TV services, and can also be used for
>media houses who need to hook up to their network to broadcast video
>when reporting in the region (even though uploading a raw file back
>home over the Internet is where the tech. has now gone).

Oh man I wish that were wholly true... Satellite/VSAT has another very
very important attribute: it's not subject to the whims of the local
government or regulators.  So when there's an election or some unrest or
coup or the prime minister has very bad flatulence, and some person says
"turn off the Internet," your non-terrestrial connection is there so
that you can continue to do business.

Right now I'm in the middle of a project installing more than 300 VSATs,
replacing an incumbent provider, and the rationale for all that money
and all that equipment and all that work is "the bits must flow."

(Plus, there are also still many places outside of capital cities in the
world where the Internet is truly awful and if you want bits, you have
to bring your own)

jms

-- 
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One   Phone: +1 520 324 0494
j...@opus1.comhttp://www.opus1.com/jms

Fwd: [lacnog] LACNOG 2020 - Call for Presentations

[Carlos M. Martinez]

Hi all,

LACNOG (the Latin American and Caribbean Network Operators Group) will 
be a virtual meeting this year.


Looking forward to great talks from our big brother NANOG members :-)

/Carlos
LACNOG PC

Forwarded message:


From: Jorge Villa 
To: Latin America and Caribbean Region Network Operators Group 


Subject: [lacnog] LACNOG 2020 - Call for Presentations
Date: Mon, 08 Jun 2020 11:49:02 -0400

LACNOG 2020 - Call for Presentations



https://www.lacnog.org/eventos/



LACNOG, the Latin American and Caribbean Network Operators Group, will 
hold its LACNOG 2020 conference in the city of Santa Cruz de la 
Sierra, Bolivia, from 5 to 9 October 2020, which will be co-located 
with the LACNIC 34 event.




The LACNOG 2020 Program Committee invites the Internet community to 
submit their proposals for the event.




In line with the spirit of LACNOG, proposed topics must be geared 
towards Internet development in the region. The following is a 
non-exhaustive list of some of the topics of interest for the LACNOG 
2020 meeting:



Network operation and professional experiences, success stories
Internet of Things
MANRS
Community networks
IPv6 integration and deployment
Experiences involving botnets, malware, spam, viruses, denial of 
service attacks and exploit techniques

IP network architecture, sizing, configuration and administration
Routing and switching protocols, including unicast, multicast, 
anycast, SDN, etc.

End-user applications (e.g. e-mail, HTTP, DNS, NFVs, etc.)
Value-added services such as VPNs, distributed systems, cloud 
computing, etc.

Peering, Internet traffic exchange, IXPs
Network data security and management, attack mitigation
Network monitoring, performance, measurements and telemetry
Network automation, evolution and convergence
Infrastructure and physical transport, including optical and wireless 
networks

Legislation, regulations and Internet governance issues
Research and education


Possible presentation formats include:


Lightning talk: brief, 8-minute presentation plus 4 additional minutes 
for questions.
Presentation: 20-minute presentation plus 5 additional minutes for 
questions.



The deadlines for the 2020 call for proposals will be as follows:


Reception of proposals: 8 June - 7 July 2020
Proposals will be accepted until: 7 July 2020 at 23:59 UTC-3 (Uruguay 
time)

Evaluation by the Program Committee: 8-19 July 2020
Announcement of results: 20 July 2020
Deadline for submitting the final presentation: 1 August - 18 
September 2020
Final presentations will be accepted until: 21 September 2020 at 23:59 
UTC-3 (Uruguay time)

Event date: 5-9 October 2020


Applicants must submit a summary and a draft of the slides of their 
proposed presentation along with a brief biography and photograph 
using the form available at https://vulcano.lacnog.org/e/lacnog2020




If your work is selected, you authorize LACNOG and LACNIC to publish 
your name, photograph, biography, and final work in the event program.




Regardless of the chosen format, all works must presented in person at 
the event venue.




Given the current pandemic caused by the coronavirus (covid-19) 
outbreak, there is the possibility that the event may be held in 
virtual format, in which case speakers will be notified in advance and 
the necessary adjustments will be coordinated based on the schedule 
determined by the Program Committee.




Applicants whose proposals are accepted will be exempted from paying 
their in-person event registration fee but will not automatically 
receive financial assistance for their travel and/or accommodation 
expenses. However, LACNIC offers a fellowship program for attending 
the LACNIC 34 event which will be held jointly with LACNOG 2020 to 
which speakers can apply independently. When submitting your draft to 
the LACNOG Program Committee, please specify whether you are applying 
(or planning to apply) for a LACNIC fellowship.




Speakers presenting their work at the LACNOG 2020 conference will 
receive a certificate acknowledging their participation.




Guidelines for Submitting a Presentation for LACNOG have been prepared 
containing a description of the criteria that will be considered when 
evaluating each proposal, presentation format details and other data. 
These Guidelines are available at 
https://www.lacnog.org/guiapresentaciones/.




Communications with the Program Committee will be handled through 
p...@lacnog.org.




We thank you in advance for your attention and look forward to your 
proposals for LACNOG 2020.




Program Committee




___
LACNOG mailing list
lac...@lacnic.net
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog

LiquidWeb contact re phishing 24 days

[Jonathan M]

Greetings, If anyone can help me reach a contact at LiquidWeb, there
appears to be phishing on its network for 24 days now and I cannot get a
response from them or an acknowledgement of receipt of our notices Yes, we
filled our web forms as early as May 5. I can be reached at
jonatha...@riskiq.net or if Liquid Web can just respond to the notice, that
would be great! They just need to email notice335...@irt.riskiq.net. Thanks
for any help you can provide here!

By the way, I could not find the phish myself, but I preserved it at
https://perma.cc/LR8N-SMTH from a RiskIQ crawl that I just looked over
internally.  The snapshot was taken Fri May 29 05:38:44 PDT 2020 From Chrome

Below is an example of what we are sending them:

From
RiskIQ Incident Response Team 
To
ab...@liquidweb.com

Sent At
May 18, 2020 8:02 PM






Subject
Important Notice - Phishing Materials on Your Network / Incident ID:
54873584 / IP Address: 69.167.190.92 / ASN: LIQUID-WEB-INC - Liquid Web,
Inc., US


2020-05-18 19:53:03 +0300


Team, please see the notice below from our incident response team beneath
my signature block. However, I need to point out a few things here.

I personally spoke with your team on 2020-03-19 12:49:00 +0200, where we
discussed you purchased Nexcess, and that is why there is a different
technical abuse contact. I had also re-submitted a ticket referencing the
prior ticket and someone at LiquidWeb was opening a ticket on the call to
make sure they are on top of this.

On 2020-03-24 20:13:44 +0200, Scott at LiquidWeb was investigating this
tenacious event. I was told that if this is a repeat offender, you will
terminate the account all together, but you woouldn't be able to share that
info with us for privacy reasons. However, your team was conducting at the
moment an internal investigation to see if they need to take different
measures.

At that time, Scott put me on hold while he reached out to the security
team.

At 2020-03-24 20:35:13 +0200, the Security supervisor was looking this over
and it was going to take some time for them to decide best course of
action. The site was then down. I was told that if it re-surfaces, we can
list the UTC date and time stamps that it came back online and your team
might then be able to take further action without a court order. You said
that if you check the logs, and it doesn’t match up, we would have to get
the courts involved.

We have preserved a lot of evidence that the phishing has gone back up
again after you took it down. For example, for your reference, we have
uploaded a screenshot at https://perma.cc/SL7L-6XUE

This screenshot in the PERMA record captures
hXXps://zionhighschools[.]com/wp-content/themes/ivy-school/vc_templates/american-express/home/?cmd=www.ssaonline-account-service.com-update_submit%3bid=93dd5ecd270aecd21435f29da5626bcb93dd5ecd270aecd21435f29da5626bcb%3bsession=93dd5ecd270aecd21435f29da5626bcb93dd5ecd270aecd21435f29da5626bcb

Load Date: Mon May 18 08:13:18 PDT 2020

IP Address: 69.167.190.92

HTTP Method: GET
Response Code 200
Response Message OK
Content Type text/htmlCharacter SetUTF-8Is
HTML Page true
Is From Cache false
Local Content Length 2.00 K
Overall Content Length 319.19 K
Local Response Time 4.97 s
Overall Response Time5.87 s
CPU Time76 ms
Dependent Requests 5
Window Name: TopLevelWindow@79c734a4

Please take appropriate action. See all the confirmed URLs in the notice
below.

Thanks,

Jonathan Matkowsky , Vice President - Digital Risk (SME)*
Incident Investigation & Intelligence (i3)

Phone +1.888.415.4447 (USA) | +44 (0)203 282 7149 (UK)
RiskIQ: World Leader in Attack Surface Management


*GIAC-GLEG; IAPP-FIP; Active Attorney Admissions: NY, WA
This email does not create an attorney-client relationship or constitute
legal advice.

***We have defanged URLs in this notice. In the identity and location of
the phishing materials, please substitute "." for "[dot]", "http" for
"hxxp", and "https" for "hxxps"***

*** * * ** 

*Summary*

*Threat Activity Type*: Phishing
*Industry Impact*: Financial

*Spoofed Brand*: American Express

*Date and Time of Abuse:*: 2020-05-05 06:32 AM PDT

*IP Address*: 69.167.190.92

*ASN*: LIQUID-WEB-INC - Liquid Web, Inc., US

*Identify and Location of Phishing Materials*:

hxxps://zionhighschools[dot]com/wp-content/themes/ivy-school/vc_templates/american-express/home/?cmd=www.ssaonline-account-service.com-update_submit&%3bid=93dd5ecd270aecd21435f29da5626bcb93dd5ecd270aecd21435f29da5626bcb&%3bsession=93dd5ecd270aecd21435f29da5626bcb93dd5ecd270aecd21435f29da5626bcb
hxxp://zionhighschools[dot]com/wp-content/themes/ivy-school/vc_templates/american-express/home/
hxxps://zionhighschools[dot]com/wp-content/themes/ivy-school/vc_templates/american-express/home/?cmd=www.ssaonline-account-service.com-update_submit=93dd5ecd270aecd21435f29da5626bcb93dd5ecd270aecd21435f29da5626bcb=93dd5ecd270aecd21435f29da5626bcb93dd5ecd270aecd21435f29da5626bcb

Re: COVID-19 vs. our Networks

[Eric M. Carroll]

I suggest the NANOG community needs to actively recognize this risks
becoming the largest north american wide test of mass work from home that
has happened since I got involved in the public internet back in 1986.

It may also drive some permanent changes in traffic patterns as high volume
remote work becomes the new normal.

There is good news here. The infrastructure has never been better
positioned to support this kind of mass event. We can shop from home, work
from home, get groceries from home, order drugs, get entertainment, all via
IP. The ISP community needs to be ready to respond to the magnitude of what
is happening.

In Toronto, municipal services are shut down, schools are closed,
university classes are cancelled, transit is reduced, Person is a ghost
town, mass gatherings are cancelled, multiple senior politicians are
self-isolating. Discussions are happening about closing malls. All this
happened in the last week. The downtown core was a ghost town on Friday. We
have a fraction of the cases in Canada as the US does.

I personally know numerous very large companies that have formally
activated their business continuity plans and have or are about to send
tens of thousands to work from home.

Numerous ISPs have waived overage fees

in consideration of the situation here.

I start formal work from home as of Monday *with no defined timeline for
recall as yet*. My current department went from thinking about it, to
testing BCP, to sending people home, inside of 1 week.

This is real. It is rapidly evolving. Be prepared and realize your
networks, if they were not before, are now safety critical.

Regards,

Eric Carroll

Re: digitalelement.com GeoIP?

[M. Omer GOLGELI]

You may try to check and reach InfoSniper instead.

https://community.hulu.com/s/idea/0871L00V3ntQAC/detail 
(https://community.hulu.com/s/idea/0871L00V3ntQAC/detail)
M. Omer GOLGELI
---
AS202365

 https://as202365.peeringdb.com (https://as202365.peeringdb.com)
 https://bgp.he.net/AS202365 (https://bgp.he.net/AS202365)

NOC:
 Phone: +90-533-2600533
 Email: o...@chronos.com.tr (mailto:o...@chronos.com.tr)
January 24, 2020 11:21 AM, "Justin Wilson" mailto:li...@mtin.net?to=%22Justin%20Wilson%22%20)> wrote:
Has anyone have a contact with digitalelement.com (http://digitalelement.com) 
and their GeoIP stuff? We received a new ipv4 block from ARIN last week and 
HULU tells digitalelement.com (http://digitalelement.com) is who they use. Our 
new block is not being coded correctly. I can not find any sort of technical 
contact on the Digital Element web-site. It’s all marketing stuff.
Any help would be appreciated. 
 Justin Wilson j...@mtin.net (mailto:j...@mtin.net)  —  https://j2sw.com 
(https://j2sw.com) - All things jsw (AS209109)  https://blog.j2sw.com 
(https://blog.j2sw.com) - Podcast and Blog

Re: China Network Diversity

[Stephen M]

We weren't even able to deploy our own DWDM.

China (Beijing), like India (Mumbai), forced the use of their own transport 
equipment.

//please pardon any brevities - sent from mobile//


From: NANOG  on behalf of Rod 
Beck 
Sent: Thursday, January 16, 2020 8:55 AM
To: Gabe Cole; JASON BOTHE
Cc: nanog@nanog.org
Subject: Re: China Network Diversity

I think the issue is mainland China, not Hong Kong or Singapore.


From: NANOG  on behalf of JASON BOTHE via NANOG 

Sent: Thursday, January 16, 2020 5:30 PM
To: Gabe Cole 
Cc: nanog@nanog.org 
Subject: Re: China Network Diversity

I’ve had good luck with PCCW operating as my China liaison since we terminate a 
lot of circuits in Hong Kong and Singapore. It’s not cheap I’ll tell ya but 
they can get the info and deliver.

J~

On Jan 16, 2020, at 10:21, Gabe Cole  wrote:



We are trying to design a physically diverse network in China and have been 
challenged.  All of the major carriers say that they cannot provide us KMZs or 
similar detailed route information.  Has anyone been able to crack this code?

G. Gabriel Cole
RTE Group, Inc.
Strategic Consulting for Mission Critical Infrastructure
56 Woodridge Rd
Wellesley, MA 02482
US +1-617-303-8707
fax +1-781-209-5577
www.rtegroup.com
g...@rtegroup.com
skype:  ggabrielcole
Twitter:  @DataCenterGuru
Linked In:  http://www.linkedin.com/in/gabecole
Blog:  http://datacenterguru.blogspot.com/

The information contained herein is confidential and proprietary to RTE Group, 
Inc. It is intended for presentation to and permitted use solely by those 
person(s) to whom it has been transmitted by RTE Group, Inc. and it is 
transmitted to such person(s) solely for, conditional upon, and only to the 
extent necessary for use by such person(s) as part of their business 
relationship with RTE Group, Inc. or to further their respective evaluation(s) 
of a potential business relationship with RTE Group, Inc., and no other use, 
release, or reproduction of this information is permitted.

Sent via Superhuman

Comcast iNET Contact

[Stephen M]

Hello,

I'm a network engineer with a county government and I'm trying to get in 
contact with someone from Comcast who can provide a .KMZ or similar of our iNET 
(Institutional Network) dark fiber.

I've called through the normal support lines and gotten bounced around a few 
times... Which isn't surprising... This stuff is 20 years or so old.

Thanks in advance!

Cheers,
Stephen

//please pardon any brevities - sent from mobile//

Re: FRR as Route-Reflector & Scaling stats

[Rakesh M]

Hi Adam,

The intention is not to put in the Data Plane at all but use it for control
functions and calculating optimal paths, we are happy with how FRR is
handling small network islands to Route traffic in Data Plane and wanted to
test this as a candidate for Hierarchical Route-Reflection at site level
while proven hardware will be used at a Cluster level.

for the benefit of others, FRR member replied about his observations

'''
Hi Rakesh,
We currently running one FRR route-reflector on a backbone, some peers send
FV, some not. Here is header of 'show bgp summary':

IPv4 Unicast Summary:
BGP router identifier 10.10.10.100, local AS number 65009 vrf-id 0
BGP table version 143698323
RIB entries 1428204, using 218 MiB of memory
Peers 26, using 537 KiB of memory
Peer groups 9, using 576 bytes of memory

We hit problem with bgpd eating whole CPU core on 7.1, so I built FRR with
appropriate patch manually. But that must been fixed in 7.2. Otherwise it
runs pretty good for the last ~3 months.

'''








On Fri, Nov 15, 2019 at 11:04 AM  wrote:

> > ERCIN TORUN
> > Sent: Friday, November 15, 2019 9:34 AM
> >
> > Hello Rakesh,
> >
> > As James said, better to ask it at FRR mailing list.
> >
> > Generally chipset is what limits the scale (e.g. trident2 is 128k ipv4
> lpm
> > https://docs.cumulusnetworks.com/cumulus-linux/Layer-3/Routing/ ).  If
> > you disable "zebra" daemon, FRR works only in control-plane then you
> would
> > most likely have a limitation with memory/RAM only. (speed is another
> > issue).
> >
> Data-plane lookup memory limitations have nothing to do with the scale of
> a RR function, as you eluded to (if the RR is in path then it has to act as
> any other routing node so FIB scaling limitations apply -but that is
> completely orthogonal to the RR function).
> One would assume that NOS to be used for a crucial role in the overall BGP
> infrastructure would feature the essential ability to limit the
> installation (complete/selective) of routes to FIB/data-plane. (or in the
> modern virtual deployments lack the data-plane altogether).
>
> adam
>
>

-- 
--
Rakesh Madupu
2xJNCIE - SP/DC / CCIE-SP#47613

https://r2079.wordpress.com

FRR as Route-Reflector & Scaling stats

[Rakesh M]

Hi Nanog,


We want to Deploy and use FRR for Route reflection on a Dell Edge. Any one
has expereience with it and can give insight into number of routes and
scale that you used FRR to do Route Reflection



--
Rakesh Madupu
2xJNCIE - SP/DC / CCIE-SP#47613

https://r2079.wordpress.com

Re: Cogent sales reps who actually respond

[Stephen M.]

Please don’t praise or complain like we’re supposed to take it at a total face 
value. If you don’t like them so much - we are you’re audience. Explain. 

If you like Cogent - explain.
If you don’t like Cogent - explain.

Cheers,
Stephen

//please pardon any brevities - sent from mobile//

> On Sep 16, 2019, at 10:01 PM, Mike Lyon  wrote:
> 
> Whenever asked about Cogent, i just say, “Friends don’t let friends use 
> Cogent.”
> 
> I’ve told two of their reps over the past two years that even if the service 
> was free, i wouldn’t use it. And yet, they still call.
> 
> -Mike
> 
>>> On Sep 16, 2019, at 13:53, Ronald F. Guilmette  
>>> wrote:
>>> 
>>> In message , 
>>> Owen DeLong  wrote:
>>> 
>>> Given their practice of harvesting whois updates in order to spam newly
>>> acquired AS contacts, any time it is my decision, Cogent is ineligible
>>> as a vendor.
>> 
>> So I guess then that their aiding and abetting of fraud and IP block
>> theft, as I documented here recently, is an entirely secondary concern...
>> as long as they don't spam you, yes?
>> 
>> 
>> Regards,
>> rfg

Contact for Crown Media in California

[Mike M]

Hi,

Looking for a contact number for Crown Media in Studio City, CA. Need
access for a technician into that location.

Thanks
Mike Mackley
Crown Castle Fiber

Re: netstat -s

[Steven M. Miano]

Ideally folks should be subshells (unless you're on a strange system or
legacy system).

netstat is now mostly obsolete. 
Replacement for netstat is ss.  
Replacement for  netstat -r is ip route.
Replacement for netstat -i is ip -s link.
Replacement for netstat -g is ip maddr.

https://www.linux.com/learn/intro-to-linux/2017/7/introduction-ss-command

r/s,

Steven M. Miano
(727)244-9990
http://stevenmiano.com
1811 C2CB 8219 4F52

On 7/17/19 20:54, Randy Bush wrote:
> do folk use `netstat -s` to help diagnose on routers/switches?
>
> randy



signature.asc
Description: OpenPGP digital signature

Re: Colo in Africa

[Joel M Snyder]

Ken:

>Is there a good location where we could either rent bare metal servers
>(something like Internap - preferred) or colocate servers within
>Africa that can serve most of the region?

Africa is a tough nut to crack.  I have been building networks there for 
clients for decades and the first thing to understand is that Africa is 
BIG.  Geographically, you can fit the US, Europe, and Canada (and have 
room to spare).  Typical Mercator maps make it look much smaller than it 
really is.  Anyway, my point here is that you should not be thinking 
about Africa as "a region" or "a continent."


When a lot of people say "Africa," they really mean "South Africa" (the 
small country), and there is great connectivity there---but positioning 
yourself in South Africa doesn't really help you any more to get to 
Ghana (for example) than being in the Netherlands.


If you really are thinking AFRICA as in AFRICA, you probably should use 
an approach that divides it into regions.  You can break it up however 
you want, but if you start with 4 regions (Southern, Northern, Western, 
Eastern/Central) you'll have chunks that actually hold together from a 
telecoms point of view pretty well.


My best experiences (and these are about 3 years out of date) have been 
in Jo'burg (Southern), Nairobi/Addis (Eastern/Central), Ghana (Western), 
and Egypt (Northern), but there is a lot of interest and a lot of 
progress so getting some ground knowledge would be a good idea.


The real bandwidth is submarine cables that go up and down the coasts 
--- you can find some maps of these of varying accuracy and quality --- 
while actual E/W and N/S connectivity in the center of the continent is 
much more limited.


There are a number of Internet-promoting organizations in Africa---you 
can start with ISOC and Afrinic that sponsor a number of projects aimed 
at increasing capacity there, but you'll find a bunch of people trying 
to do good things.  If you are mostly interested in South Africa, 
there's NAPAfrica and SAFNOG (Southern African equivalent of NANOG) as 
information sources.


Anyway: I can get more specific, but it's hard to really offer 
super-specific advice on a vague question because, you know, Africa. 
That's a big topic.


jms


--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One   Phone: +1 520 324 0494
j...@opus1.comhttp://www.opus1.com/jms

Re: Spamming of NANOG list members

[M. Omer GOLGELI]

There are also variants of it with subjects like

" Ref Id: %VARIABLE% "
and
"%Domain.tld% Ref Id: %VARIABLE% "
And as Bryan said, we are increasingly getting more and more as well.
M. Omer GOLGELI
---
AS202365
June 1, 2019 6:05 AM, "Richard" mailto:rgolod...@infratection.com?to=%22Richard%22%20)>
 wrote:
On 5/31/19 8:07 PM, Niels Bakker wrote: * br...@shout.net 
(mailto:br...@shout.net) (Bryan Holloway) [Sat 01 Jun 2019, 01:54 CEST]:Anybody 
else noticed a significant uptick in these e-mails?

When I first saw this thread, I hadn't seen any. A couple days later, I got my 
first one. (yay!) Now I'm getting 2-3 a day. (yay?) 
Yes. It's pretty annoying. And somebody seems to be burning through a lot of 
stolen credentials. I wonder what the success rate is...
-- Niels.
I am getting several a day as well as ugly MS Word based trojan.  

They come to me from all over the world with the subject line: 

"NANOG Payment Remittance Advice" 

I agree with Niels, someone or some spamming outfit is burning  

through quite a bit of stolen credentials. 

Richard Golodner 

Infratection

Re: modeling residential subscriber bandwidth demand

[Robert M. Enger]

An article was published recently that discusses the possible impact of 
Cloud-based gaming on last-mile capacity requirements, as well as external 
connections. The author suggests that decentralized video services won't be the 
only big user of last-mile capacity. 
https://medium.com/@rudolfvanderberg/what-google-stadia-will-mean-for-broadband-and-interconnection-and-sony-microsoft-and-nintendo-fe20866e6c5b
 


From: "Tom Ammon"  
To: "NANOG"  
Sent: Tuesday, April 2, 2019 9:54:47 AM 
Subject: modeling residential subscriber bandwidth demand 

How do people model and try to project residential subscriber bandwidth demands 
into the future? Do you base it primarily on historical data? Are there more 
sophisticated approaches that you use to figure out how much backbone bandwidth 
you need to build to keep your eyeballs happy? 
Netflow for historical data is great, but I guess what I am really asking is - 
how do you anticipate the load that your eyeballs are going to bring to your 
network, especially in the face of transport tweaks such as QUIC and TCP BBR? 

Tom 
-- 
----- 
Tom Ammon 
M: (801) 784-2628 
thomasam...@gmail.com 
- 

RE: [Non-DoD Source] Re: FYI - Major upgrade this weekend to Caution-www.arin.net and ARIN Online

[Stephenson, Ryan M CIV DISA IE (USA) via NANOG]

This looks amazing.  Can't wait!  Great job to ARIN!



-Original Message-
From: NANOG  On Behalf Of John Curran
Sent: Wednesday, February 27, 2019 12:03 PM
To: Mitcheltree, Harold B 
Cc: nanog list 
Subject: [Non-DoD Source] Re: FYI - Major upgrade this weekend to 
Caution-www.arin.net and ARIN Online 

All active links contained in this email were disabled. Please verify the 
identity of the sender, and confirm the authenticity of all links contained 
within the message prior to copying and pasting the address to a Web browser. 






Argh - my error on errant truncation.

Correct link is further down the email, but also here - 

   Caution-https://teamarin.net/2019/02/27/getting-ready-for-the-big-reveal/ < 
Caution-https://teamarin.net/2019/02/27/getting-ready-for-the-big-reveal/ > 

/John

John Curran
President and CEO
American Registry for Internet Numbers



On 27 Feb 2019, at 11:59 AM, Mitcheltree, Harold B 
mailto:p...@ots.utsystem.edu > > wrote:

Link fails - 

ARTICLE NOT FOUN




--Pete



From: NANOG mailto:nanog-boun...@nanog.org > > on behalf of John Curran 
mailto:jcur...@arin.net > >
Sent: Wednesday, February 27, 2019 10:56:27 AM
To: nanog list
Subject: FYI - Major upgrade this weekend toCaution-www.arin.net < 
Caution-http://www.arin.net >  and ARIN Online 
 
NANOGers - 

This weekend there will be a major upgrade to Caution-www.arin.net < 
Caution-http://www.arin.net/ >  website and the ARIN Online system.  

If you routinely use these systems, you might want to read what follows 
for an overview of the upcoming change – 
Caution-https://teamarin.net/…/02/27/getting-ready-for-the-big-rev…/ < 
Caution-https://teamarin.net/%E2%80%A6/02/27/getting-ready-for-the-big-rev%E2%80%A6/
 > 

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers



Begin forwarded message:

From: ARIN mailto:i...@arin.net > >

Subject: [arin-announce] How Community Input Shaped Our New 
ARIN.NET < Caution-http://arin.net/ > 

Date: 27 February 2019 at 11:50:22 AM EST

To: mailto:arin-annou...@arin.net > >


On 2 March, we will be deploying a new and improved 
Caution-www.arin.net < Caution-http://www.arin.net/ > . This
project is the product of collaboration with our community; 
user input
was a driving factor at every stage. We encourage you to read 
our new
blog post about the process and some of the changes you will 
see when we
go live:


Caution-https://teamarin.net/2019/02/27/getting-ready-for-the-big-reveal/ < 
Caution-https://teamarin.net/2019/02/27/getting-ready-for-the-big-reveal/ > 

Regards,

Communications and Member Services
American Registry for Internet Numbers (ARIN)

___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List (arin-annou...@arin.net < 
Caution-mailto:arin-annou...@arin.net > ).
Unsubscribe or manage your mailing list subscription at:
Caution-https://lists.arin.net/mailman/listinfo/arin-announce < 
Caution-https://lists.arin.net/mailman/listinfo/arin-announce > 
Please contact i...@arin.net if you experience any issues.




smime.p7s
Description: S/MIME cryptographic signature

Re: No IPv6 by design to increase reliability...

[Carlos M. Martinez]

It is an interesting question to ponder. It is true that IPv6 tends to 
be somewhat more problematic than IPv4, but these days the incidents 
where IPv6 becomes unavailable or has issues are rare.


BTW I have had recently an issue where I had IPv4 reachability problems 
while IPv6 worked perfectly.


regards,

-Carlos

On 17 Jan 2019, at 16:45, John Von Essen wrote:

I was having a debate with someone on this. Take a critical web site, 
say one where you want 100% global uptime, no potential issues with 
end users having connectivity or routing issues getting to your IP. 
Would it be advantageous to purposely not support a  record in DNS 
and disable IPv6, only exist on IPv4?


My argument against this was "Broken IPv6 Connectivity" doesn't really 
occur anymore, also, almost all browsers and OS IP stacks implement 
Happy Eyeballs algorithm where both v4 and v6 are attempted, so if v6 
dies it will try v4. I would also argue that lack of IPv6 technically 
makes the site unreachable from native IPv6 clients, and in the event 
of an IPv4 outage, connectivity might still remain on IPv6 if the site 
had an IPv6 address (I've experienced scenarios with a bad IPv4 BGP 
session, but the IPv6 session remained up and transiting traffic...)


Thoughts?


-John

Re: Verizon IDE

[Justin M. Streiner]

On Sat, 5 Jan 2019, Mitchell Lewis wrote:

How common is it for Verizon to deliver "Internet Dedicated Ethernet" 
over sonet? Ran into a situation where the canoga-perkins nte was 
uplinked to a Flashwave 4100es in the basement (uplinked by an OC-48). 
There is in a Verizon ILEC area.


If the location has an existing Verizon SONET node, and there is capacity 
on it to provide the Ethernet service you need, Verizon could opt to 
deliver the Ethernet service that way.


Thank you
jms

Re: Cleveland/Cincinnati Co-location

[Justin M. Streiner]

On Tue, 1 Jan 2019, Mitchell Lewis wrote:

I am working on project that may involve building points of presence in 
Cleveland & Cincinnati. Any suggestions as to which colocation facility 
in each city to build in? The prime factor of consideration for this 
project is access to waves to places like Chicago, New York & Ashburn. 
It would be nice to have multiple wave provider options to choose from.


I have been looking at Cyrus One-7thStreet in Cincinnati & Databank in 
Cleveland.


Expedient has two facilities in Cleveland that might be worth looking at.

Thank you
jms

Re: Real-time BGP hijacking detection: ARTEMIS-1.0.0 just released

[M. Omer GOLGELI]

Hi Vasileios,

Congratulations of building this.

Wanted to try it out as a VM but frankly...
The "docker" part put me off...


M.
---


On 2018-12-20 20:23, Vasileios Kotronis wrote:

Dear operators,

FORTH's INSPIRE group and CAIDA are delighted to announce the public
release of the ARTEMIS BGP prefix hijacking detection tool, available
as open-source software at
https://github.com/FORTH-ICS-INSPIRE/artemis

ARTEMIS is designed to be operated by an AS in order to monitor BGP
for potential hijacking attempts against its own prefixes. The system
detects such attacks within seconds, enabling immediate mitigation.
The current release has been tested at a major greek ISP, a dual-homed
edge academic network, and a major US R backbone network.

We would be happy if you'd give it a try and provide feedback. Feel
free to make pull requests on GitHub and help us make this a true
community project.

ARTEMIS is funded by European Research Council (ERC) grant agreement
no. 338402 (NetVolution Project), the RIPE NCC Community Projects
2017, the Comcast Innovation Fund, US NSF grants OAC-1848641 and
CNS-1423659 and US DHS S contract HHSP233201600012C.

Best regards,
Vasileios

Re: Auto-reply from Yahoo...

[M . Ömer GÖLGELİ]

Here, I have added the admins to this mail to let them know what bugs us... And sure with each response I do too get an email like the one attached screenshot. Yeah, these are notes bounces but one of the auto responders which is hard to track. Maybe there should be a reporting address listed on NANOG page just for this purposes. M. ---On 20 Dec 2018 21:00, Grant Taylor via NANOG  wrote:On 12/20/2018 10:17 AM, M. Ömer GÖLGELİ wrote:

> This can happen for many reasons.

> Quitting employees, dropping domains, death whatever.



Yep.  I get it.



> They should be *somehow* auto removed after a certain number of bounces.



The catch is, they aren't /bounces/.  They are auto-responses to the 

sender of the email.  Meaning I'll get one to me for this reply.  You 

very likely got one to you for the message that I'm replying to.



Delivery to the problematic recipient is very likely succeeding at an 

SMTP level.



So, the mailing list manager doesn't see them and has no opportunity to 

do anything about them.







-- 

Grant. . . .

unix || die

Re: Auto-reply from Yahoo...

[M . Ömer GÖLGELİ]

This can happen for many reasons. Quitting employees, dropping domains, death whatever. They should be *somehow* auto removed after a certain number of bounces. M. ---On 20 Dec 2018 19:46, Grant Taylor via NANOG  wrote:On 12/14/2018 11:48 AM, Grant Taylor wrote:

> I've been seeing them for three or four days now.



BUMP



This has been going on for more than a week now.  I'm quite confident 

that there have been hundreds of auto-replies.  (I'm seeing 285 incoming 

message from the NANOG mailing list since I became aware of the auto-reply.)



I'm really surprised that there has not been any reply or action by the 

NANOG list owner(s).  I would have hoped, if not expected, better, or 

any, response by now.







-- 

Grant. . . .

unix || die

Re: Salesmen: ARIN Records are NOT Leads

[M . Ömer GÖLGELİ]

Gee... It seems like NTT sales people are not doing a good job as well as Cogent does since I've yet to see anyone getting calls or mails from them. Only Cogent contacts most for the moment, at least in the EU part of the world. And only mails and calls for the moment M. On 19 Dec 2018 21:08, Ross Tajvar  wrote:After setting up my ASN, I received unsolicited emails from NTT and calls from Cogent. Fortunately I haven't gotten anything (or at least anything that I noticed) on LinkedIn.On Wed, Dec 19, 2018, 12:58 PM Brielle Bruns <br...@2mbit.com wrote:On 12/19/2018 9:58 AM, Rich Kulawiec wrote:
> On Wed, Dec 19, 2018 at 09:49:29AM -0700, Brielle Bruns wrote:
>> Every time I post to NANOG, I get multiple LinkedIn link requests or e-mails
>> about selling my excess gear.  It's getting old real quick.
> 
> I recommend:
> 
>       Connect:linkedin.com    ERROR:5.7.1:"550 Mail refused"
>       From:linkedin.com       ERROR:5.7.1:"550 Mail refused"
> 
> Salt to taste for your environment/MTA, but since the spammers running
> LinkedIn seem very unlikely to stop, this appears to be the optimal
> way to conserve bandwidth and time.
> 
> ---rsk
> 


Except you know, those of us who actually use LinkedIn for professional 
contacts and all.  I don't mind connecting with people as long as I've 
actually talked with you before on some professional level.

It does have some nice features for connecting on a business level, just 
people are abusing the shit out of it.
-- 
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org    /     http://www.ahbl.org

Re: historical Bogon lists

[M. Omer GOLGELI]

I think Alessandro Isolario Project may be of help completing the 
missing data where you fell short.



M.
---


On 2018-12-19 18:07, Alberto Dainotti wrote:

Hi all,

CAIDA has been collecting Team Cymru’s bogon list from 2013-09-18 to
2018-03-23. Unfortunately we just noticed the script hasn’t been
working since then but we just fixed it and restarted it.
We’re happy to share the data as long as Team Cymru’s is ok with it.

Cheers,
Alberto

PS
I think Rabbi+Randy also helped us in the past by recovering diffs for
2010-2013 data. Looking for the files. Stay tuned.


On Dec 18, 2018, at 9:00 AM, Rabbi Rob Thomas  wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear Tom,


I wonder if there's value in having the lists that Team Cymru
generates auto pushed to a public Git repo. Covers historical
changes for folks who want that, and also provides a more modern
ingestion method for automation around that info. (Not that I'm
hating on wget / curl ... :) )


We'd be happy to make that happen, if folks are keen.  We're fine with
Git, as we use it regularly.

Be well!
Rob.
- --
Rabbi Rob Thomas   Team Cymru
  "It is easy to believe in freedom of speech for those with whom we
   agree." - Leo McKern
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEDcVjavXj08cL/QwdQ+hhYvqF8o0FAlwZJ5wACgkQQ+hhYvqF
8o2ULQ/+N++KAtZkfuYvzjnAwFQZGWvfTmFcmEwQKtbS+O53ymn2tGfMf/NjZKrS
AyJdiNby1PFjDd4X/4bKsm1k4pOcqIvWHrNuQfSCMnsAAVlWWZr1SWjkV+rD2o80
XSrpz1nXYFH/Et3TMedc6fKLt6UgKlfua1t7xm4pBypjSHTBari601cvGMqa++4k
wqAB5KUoIC1Ni5GVff1i+NCQ+6kfuVvXvnTHBjq6q6O+rLC5KpQwI/9pY3J5LODm
3nfqPYEo/otNRn/vX4lENMI/3lrMIXC4NO8fjYDgStVZ/1CZVWzxNFc4MgplpwKJ
k/VLYnkuai7o4yT5Ao4xhKIctGOO79v8Gmgv9NJUXkfcqrL+EVI6FGQoWB8PiHxI
ZWppA3kdiB7csG+zHG/+hliB5xI3SzlvNH/ywPzym06FLK5/1yKSI788qjyXBgZ4
h/Vs14DSrtqw/VlgBAV0f25PPJllmZeJwrtgqGzgwakLKqrk9ByCHBA77Xhk3XN8
Y5klq2uE8n2tYq5RHlUg1/+jdj6kQo2APHN7Q3H7FWv0CrW8JluHQdb7dLCnqFR8
Obo4H/G1DtjR60ECXvnS7X/6Fzs0KZFhd0E+jAbb2ErKQ2ZL+6+XuzaCXkDJ3oEp
M+RftjLnwywE1MNf7q3Hmrpt3ku7HKjDQjvLZv2h8/f92rwy/1M=
=i27M
-END PGP SIGNATURE-

Re: Stupid Question maybe?

[Justin M. Streiner]

On Mon, 17 Dec 2018, Joe wrote:


Apologizes in advance for a simple question. I am finding conflicting
definitions of Class networks. I was always under the impression that a
class "A" network was a /8 a class "B" network was a /16 and a class "C"
network was a /24. Recently, I was made aware that a class "A" was indeed a
/8 and a class "B" was actually a /12 (172.16/172.31.255.255) while a class
"C" is actually a /16.


As others have mentioned, IP address classes are no longer relevant, 
beyond understanding how things were done in the past.  Address classes 
haven't been used for assignment or routing purposes for over 20 years, 
but the term lives on because it keeps getting undeserved new life in 
networking classes and training materials.


Classfull address assignment/routing was horribly inefficient for two main 
reasons, both of which were corrected by a combination of CIDR and VLSM:


1. Assigning IP networks on byte boundaries (/8, /16, /24) was not 
granular enough to allow networks to be assigned as close as possible to 
actual need in many cases.  If you only needed 25 addresses for a 
particular network, you had to request or assign a /24 (legacy class C), 
resulting in roughly 90% of those addresses being wasted.


2. Classfull routing was starting to bloat routing tables, both inside of 
and between networks.  If a network had a little over 8,000 IPv4 addresses 
under its control, in the pre-CIDR days, that meant that they or their 
upstream provider would need to announce routes for 32 individual and/or 
contiguous /24s.  In the post-CIDR world, under the the best 
circumstances (all of their address space is contiguous and falls on an 
appropriately maskable boundary like x.y.0.0 through x.y.31.0), that 
network could announce a single /19.  When scaled up to a full Internet 
routing table, the possible efficiencies become much more obvious.  The 
network operator community has has to continue to grapple with routing 
table bloat since then, but for different reasons.


Had CIDR, VLSM, and NAT/PAT not been implemented, we (collectively) would 
have run out of IPv4 addresses many years before we actually did.


Thank you
jms


Is this different depending on the IP segment, i.e. if it is part of a
RC1918 group it is classed differently (maybe a course I missed?) Or aren't
all IP's classed the same.
I was always under the impression, /8 = A, /16 = B, /24=C, so rightly, or
wrongly I've always seen 10.x.x.x as "A", and 192.168.x.x as "B", with
172.16/12 as one that just a VLSM between the two.

Again, apologizes for the simple question, just can't seem to find a solid
answer.

Happy holidays all the same!
-Joe

Re: Unsolicited LinkedIn requests

[M. Omer GOLGELI]

Well, that must be my curse... 

Even when adblocker doesn't notify me, I have stuff blocking stuff... 

:) 

M. OMER GOLGELI
---
AS202365 [1]

 https://as202365.peeringdb.com [2]
 https://bgp.he.net/AS202365 [1]

NOC:
 Phone: +90-533-2600533
 Email: o...@chronos.com.tr 

On 2018-12-12 00:57, Daniel Corbe wrote:

> at 4:48 PM, M. Omer GOLGELI  wrote: 
> Well said...
> 
> But I can't see that on his website...
> 
> M. OMER GOLGELI
> ---
> AS202365
> 
> On 2018-12-12 00:39, Daniel Corbe wrote:
> If you don't want people contacting you on Linkedin then why do you
> have a link to your profile on your website?
> at 4:08 PM, Alfie Pates  wrote:
> Hi folks,
> I'm not going to name-and-shame, but I just got a LinkedIn connection request 
> completely out of the blue from somebody with the comment "Greetings from 
> another NANOG user!"
> I didn't recognise the name, and a quick search of my email history suggests 
> we haven't interacted before.
> Please don't do this: It's not very polite.
> ~A

  

Links:
--
[1] https://bgp.he.net/AS202365
[2] https://as202365.peeringdb.com/

Re: Unsolicited LinkedIn requests

[M. Omer GOLGELI]

Well, that must be my curse... 

Even when adblocker doesn't notify me, I have stuff blocking stuff... 

:) 

M. OMER GOLGELI
---
AS202365 [1]

 https://as202365.peeringdb.com [2]
 https://bgp.he.net/AS202365 [1]

NOC:
 Phone: +90-533-2600533
 Email: o...@chronos.com.tr 

On 2018-12-12 00:57, Daniel Corbe wrote:

> at 4:48 PM, M. Omer GOLGELI  wrote: 
> Well said...
> 
> But I can't see that on his website...
> 
> M. OMER GOLGELI
> ---
> AS202365
> 
> On 2018-12-12 00:39, Daniel Corbe wrote:
> If you don't want people contacting you on Linkedin then why do you
> have a link to your profile on your website?
> at 4:08 PM, Alfie Pates  wrote:
> Hi folks,
> I'm not going to name-and-shame, but I just got a LinkedIn connection request 
> completely out of the blue from somebody with the comment "Greetings from 
> another NANOG user!"
> I didn't recognise the name, and a quick search of my email history suggests 
> we haven't interacted before.
> Please don't do this: It's not very polite.
> ~A

  

Links:
--
[1] https://bgp.he.net/AS202365
[2] https://as202365.peeringdb.com/

Re: Should ISP block child pornography?

[Lotia, Pratik M]

Thank you everybody for sharing your views. I think I've got a clear answer. 
It's better to not go down this slippery path.

With Gratitude,
 
Pratik Lotia  
 
“Security is like legos. You can build pretty much whatever you want if you 
have a clear vision of the final product and the skill to put the pieces 
together correctly.”

On 12/11/18, 12:27, "NANOG on behalf of Max Tulyev" 
 wrote:

Yes, in some countries (NOT in US, AFAIK) court can issue an order to
block IP/domain/URL.

If home operator of crime man is blocking the direct access - he have to
use TOR/VPN/... to avoid blocking (or may be you really believe he just
stop any tries to watch his lovely CP?)

If he use TOR/VPN/... to avoid blocking - the original home IP address
will be changed to the exit node of TOR/VPN - and we will lost any
chance to catch the crime man.

Is it clear?

11.12.18 21:06, John Lee пише:
> It is my understanding that ISPs block IP addresses and domains under
> court order now for copyright violations, criminal activity which would
> include CP. They require a court order as they cannot ascertain if it is
> CP or not, that is a Law Enforcement decision. The US Supreme Court
> decision's was just being nude is not lewd, also with aging software
> which can regress photos, LEOs in the US have to ascertain if this is CP
> or photo shopped. 
> 
> On Tue, Dec 11, 2018 at 12:54 PM Max Tulyev  <mailto:max...@netassist.ua>> wrote:
> 
> ...and you will see the TOR exit nodes instead of crime home IP if
> censorship is implemented.
> 
> 11.12.18 19:35, Aaron1 пише:
> > ... The only thing I can think of is the idea that I’ve heard
> before is
> > the way to catch someone is to watch them well they are accessing, 
the
> > concept of honeypots comes to mind
> >
> > Aaron
> >
> > On Dec 11, 2018, at 10:43 AM, Larry Allen  <mailto:mrallen1...@gmail.com>
> > <mailto:mrallen1...@gmail.com <mailto:mrallen1...@gmail.com>>> 
wrote:
> >
> >> I can't imagine a single rational argument against this. 
> >>
> >> On Tue, Dec 11, 2018, 10:56 William Anderson  <mailto:ne...@well.com>
> >> <mailto:ne...@well.com <mailto:ne...@well.com>> wrote:
> >>
> >> On Fri, 7 Dec 2018 at 06:08, Lotia, Pratik M
> >> mailto:pratik.lo...@charter.com>
> <mailto:pratik.lo...@charter.com <mailto:pratik.lo...@charter.com>>>
> wrote:
> >>
> >> Hello all, was curious to know the community’s opinion on
> >> whether an ISP should block domains hosting CPE (child
> >> pornography exploitation) content? Interpol has a 
‘worst-of’
> >> list which contains such domains and it wants ISPs to
> block it.
> >>
> >>
> >> This already happens in the UK, and has done for years.
> >>
> >> https://en.wikipedia.org/wiki/Child_abuse_image_content_list 
> >>
> >>
> >> -n
> >>
> 


E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Re: Unsolicited LinkedIn requests

[Justin M. Streiner]

On Tue, 11 Dec 2018, David Cornejo wrote:


not sure he was complaining about the request, just that it provided
no context or reason why they should link. a personal pet peeve of
mine.


Agreed, and I do get unsolicited Linkedin requests quite often. 
Sometimes, this is clearly the result of someone scraping a list like 
NANOG in an effort to drum up new business/contacts.  Those end up in the 
bitbucket.


It is annoying, but an unfortunate reality these days...

Thank you
jms

Re: Unsolicited LinkedIn requests

[M. Omer GOLGELI]

Well said...

But I can't see that on his website...


M. OMER GOLGELI
---
AS202365


On 2018-12-12 00:39, Daniel Corbe wrote:

If you don’t want people contacting you on Linkedin then why do you
have a link to your profile on your website?

at 4:08 PM, Alfie Pates  wrote:


Hi folks,

I'm not going to name-and-shame, but I just got a LinkedIn connection 
request completely out of the blue from somebody with the comment 
"Greetings from another NANOG user!"


I didn't recognise the name, and a quick search of my email history 
suggests we haven't interacted before.


Please don't do this: It's not very polite.

~A

Re: Should ISP block child pornography?

[Lotia, Pratik M]

Very well explained, Max!


With Gratitude,
Pratik Lotia
 
“Information is not knowledge.”

On 12/7/18, 13:16, "NANOG on behalf of na...@jack.fr.eu.org" 
 wrote:

Well said


On 12/07/2018 07:48 PM, Max Tulyev wrote:
> Hi All,
> 
> we are fighting with censorship in our country. So I have something to 
say.
> 
> First, censorship is not just "switch off this website and that
> webpage". No magic button exist. It is more complex, if you think as for
> while system.
> 
> Initially, networks was build without systems (hardware and software)
> can block something.
> 
> Yes, you may nullroute some IP with some site, but as the collateral
> damage you will block part of Cloudflare or Amazon, for example. So you
> have to buy and install additional equipment and software to do it a bit
> less painful. That's not so cheap, that should be planned, brought,
> installed, checked and personal should be learned. After that, your
> system will be capable to block some website for ~90% of your customers
> will not proactively avoid blocking. And for *NONE* who will, as CP
> addicts, terrorists, blackmarkets, gambling, porn and others do.
> 
> Yep. Now you network is capable to censor something. You just maid the
> first step to the hell. What's next? Some people send you some websites
> to ban. This list with CP, Spamhaus DROP, some court orders, some
> semi-legal copyright protectors orders, some "we just want to block it"
> requests... And some list positions from time to time became outdated,
> so you need to clean it from time to time. Do not even expect people
> sent you the block request will send you unblock request, of course.
> Then, we have >6000 ISPs in our country - it is not possible to interact
> with all of them directly.
> 
> So, you end up under a lot of papers, random interactions with random
> people and outdated and desyncronized blocking list. It will not work.
> 
> Next, government realizes there should be one centralized blocking list
> and introduces it.
> 
> Ok. Now we have censored Internet. THE SWITCH IS ON.
> 
> In a very short time the number of organizations have permission to
> insert something in the list dramatically increases. Corruption rises,
> it becomes possible, and then becomes cheap to put your competitor's
> website into the list for some time. And of course, primary target of
> any censorship is the elections...
> 
> What about CP and porn addicts, gamblers, killers, terrorists? Surprise,
> they are even more fine than at the beginning! Why? Because they learned
> VPN, TOR and have to use it! Investigators end up with TOR and VPN exit
> IP addresses from another countries instead of their home IPs.
> 
> Hey. It is a very very bad and very very danger game. Avoid it.
> Goal of that game is to SWITCH ON that system BY ANY REASON. CP, war,
> gambling - any reason that will work. After the system will be switched
> on - in several months you will forget the initial reason. And will
> awake in another world.
> 
> 07.12.18 08:06, Lotia, Pratik M пише:
>> Hello all, was curious to know the community’s opinion on whether an ISP
>> should block domains hosting CPE (child pornography exploitation)
>> content? Interpol has a ‘worst-of’ list which contains such domains and
>> it wants ISPs to block it.
>>
>> On one side we want the ISP to not do any kind of censorship or
>> inspection of customer traffic (customers are paying for pipes – not for
>> filtered pipes), on the other side morals/ethics come into play. Keep in
>> mind that if an ISP is blocking it would mean that it is also logging
>> the information (source IP) and law agencies might be wanting access to 
it.
>>
>>  
>>
>> Wondering if any operator is actively doing it or has ever considered
>> doing it?
>>
>>  
>>
>> Thanks.
>>
>>  
>>
>>  
>>
>> With Gratitude,
>>
>> * *
>>
>> *Pratik Lotia*  
>>
>>  
>>
>> “Information is not knowledge.”
>>
>> The contents of this e-mail message and
>> any attachments are intended solely for the
>> addressee(s) and may contain confidential
>> and/or legally privileged information. If you
>> are not the intended recipient of this message
>> or if this message h

Re: Should ISP block child pornography?

[Lotia, Pratik M]

>>What is “ROKSO's DROP list” ?

ROKSO:
The Register of Known Spam Operations database is a depository of information 
and evidence on known persistent spam operations, assembled to assist service 
providers with customer vetting and the Infosec industry with Actor Attribution.

Spamhaus (https://www.spamhaus.org) provides a 'DROP' list which is a list of 
domains which are hijacked or leased by professional spam operations. As per 
them this is Not a list of just 'suspicious' domains - they are 100% sure that 
these are bad domains and one should not peer with them or have a route to them.


With Gratitude,
 
Pratik Lotia 
 
“Information is not knowledge.”

On 12/7/18, 11:47, "NANOG on behalf of Aaron1"  wrote:

What is “ROKSO's DROP list” ?

Aaron

> On Dec 7, 2018, at 8:57 AM, John Von Essen  wrote:
> 
> ROKSO's DROP list



E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Re: Should ISP block child pornography?

[Lotia, Pratik M]

>> The only issue with blocking domains of CPE is I imagine those domains 
>> change all the time as they get shutdown, if you block the IP

>> (from domain lookup) its likely that IP maybe be legitimate in the future.

The list would be updated daily/weekly. The ACLs would have to be updated 
accordingly – this can be automated. This way no stale entries are present.

With Gratitude,


Pratik Lotia

From: NANOG  on behalf of John Von Essen 

Date: Friday, December 7, 2018 at 08:59
To: "nanog@nanog.org" 
Subject: Re: Should ISP block child pornography?


I block stuff all the time (like ROKSO's DROP list). The only issue with 
blocking domains of CPE is I imagine those domains change all the time as they 
get shutdown, if you block the IP (from domain lookup) its likely that IP maybe 
be legitimate in the future.

It should be stopped it at the DNS level, but even that has workarounds. I 
would think CPE is a violation of terms of "most" registrars.

-John
On 12/7/18 1:06 AM, Lotia, Pratik M wrote:
Hello all, was curious to know the community’s opinion on whether an ISP should 
block domains hosting CPE (child pornography exploitation) content? Interpol 
has a ‘worst-of’ list which contains such domains and it wants ISPs to block it.
On one side we want the ISP to not do any kind of censorship or inspection of 
customer traffic (customers are paying for pipes – not for filtered pipes), on 
the other side morals/ethics come into play. Keep in mind that if an ISP is 
blocking it would mean that it is also logging the information (source IP) and 
law agencies might be wanting access to it.

Wondering if any operator is actively doing it or has ever considered doing it?

Thanks.


With Gratitude,

Pratik Lotia

“Information is not knowledge.”
The contents of this e-mail message and
any attachments are intended solely for the
addressee(s) and may contain confidential
and/or legally privileged information. If you
are not the intended recipient of this message
or if this message has been addressed to you
in error, please immediately alert the sender
by reply e-mail and then delete this message
and any attachments. If you are not the
intended recipient, you are notified that
any use, dissemination, distribution, copying,
or storage of this message or any attachment
is strictly prohibited.
E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Should ISP block child pornography?

[Lotia, Pratik M]

Hello all, was curious to know the community’s opinion on whether an ISP should 
block domains hosting CPE (child pornography exploitation) content? Interpol 
has a ‘worst-of’ list which contains such domains and it wants ISPs to block it.
On one side we want the ISP to not do any kind of censorship or inspection of 
customer traffic (customers are paying for pipes – not for filtered pipes), on 
the other side morals/ethics come into play. Keep in mind that if an ISP is 
blocking it would mean that it is also logging the information (source IP) and 
law agencies might be wanting access to it.

Wondering if any operator is actively doing it or has ever considered doing it?

Thanks.


With Gratitude,

Pratik Lotia

“Information is not knowledge.”
E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Re: Most peered AS per country

[M. Omer GOLGELI]

Checking Isolario Project, I've noticed in Isolario has something
country-related as they are displaying country statics on the main page
(Screenshot attached) 

Even if they do not publicly display the data, maybe the guys have
something! 

Alessandro might give you better insight I guess.

M. OMER GOLGELI
---
AS202365 [1]

 https://as202365.peeringdb.com [2]
 https://bgp.he.net/AS202365 [1]

NOC:
 Phone: +90-533-2600533
 Email: o...@chronos.com.tr 

On 2018-11-28 04:37, Mehmet Akcin wrote:

> Hello there, 
> 
> http://as-rank.caida.org/ is impressively showing ranking of ISPs and how 
> well peered they are and I love this.  
> 
> Is there any research / page similar to this which shows similar data but per 
> country basis breakdown instead of showing globally? 
> 
> thanks in advance for your help 
> 
> Mehmet
 

Links:
--
[1] https://bgp.he.net/AS202365
[2] https://as202365.peeringdb.com/

Re: Tata Scenic routing in LAX area?

[Lotia, Pratik M]

9498/Airtel seems to be leaking a lot of routes.

Source: https://bgpstream.com/

All Events for BGP Stream.
Event type

Country

ASN

Start time (UTC)

End time (UTC)

More info

BGP Leak

Origin AS: Etisalat Lanka (Pvt) Ltd. (AS 17470)
Leaker AS: BHARTI Airtel Ltd. (AS 9498)

2018-11-15 19:41:26

More detail

BGP Leak

Origin AS: Bharti Airtel Lanka Pvt. Limited (AS 132045)
Leaker AS: BHARTI Airtel Ltd. (AS 9498)

2018-11-15 19:41:26

More detail

BGP Leak

Origin AS: Antena3 S.A. (AS 47220)
Leaker AS: BHARTI Airtel Ltd. (AS 9498)

2018-11-15 19:22:39

More detail

BGP Leak

Origin AS: INDOSATM2 ASN (AS 4795)
Leaker AS: BHARTI Airtel Ltd. (AS 9498)

2018-11-15 18:46:59

More detail

BGP Leak

Origin AS: KANARTEL (AS 33788)
Leaker AS: BHARTI Airtel Ltd. (AS 9498)

2018-11-15 18:33:09

More detail

BGP Leak

Origin AS: FranTech Solutions (AS 53667)
Leaker AS: BHARTI Airtel Ltd. (AS 9498)

2018-11-15 18:04:47

More detail

BGP Leak

Origin AS: Pure Line Co. For Telecommunications & Internet Ltd. (AS 59458)
Leaker AS: BHARTI Airtel Ltd. (AS 9498)

2018-11-15 18:04:05

More detail

BGP Leak

Origin AS: Sepehr Ava Data Processing Company (LTD) (AS 51541)
Leaker AS: BHARTI Airtel Ltd. (AS 9498)

2018-11-15 18:01:09

More detail




~Pratik Lotia

“Improvement begins with I.”


From: NANOG  on behalf of Marcus Josephson 

Date: Thursday, November 15, 2018 at 13:48
To: Christopher Morrow , "stillwa...@gmail.com" 

Cc: nanog list 
Subject: RE: Tata Scenic routing in LAX area?

I have tried to reach out to Airtel, no response yet, but yah I could see my 
issue being due to them leaking routes.


-Marcus

From: NANOG  On Behalf Of Christopher Morrow
Sent: Thursday, November 15, 2018 3:30 PM
To: stillwa...@gmail.com
Cc: nanog list 
Subject: Re: Tata Scenic routing in LAX area?


On Thu, Nov 15, 2018 at 3:21 PM Michael Still 
mailto:stillwa...@gmail.com>> wrote:
FYI 29791 isn't the only origin I'm seeing this on from one point of view:
  AS path: 3257 6453 9498 4637
  AS path: 3257 6453 9498 4637 10310 26085 14210
  AS path: 3257 6453 9498 4637 20773 29066
  AS path: 3257 6453 9498 4637 2906
  AS path: 3257 6453 9498 4637 2906 40027
  AS path: 3257 6453 9498 4637 29791
  AS path: 3257 6453 9498 4637 30844
  AS path: 3257 6453 9498 4637 30844 36991
  AS path: 3257 6453 9498 4637 30844 38056 38056 38056
  AS path: 3257 6453 9498 4637 37468 37230
  AS path: 3257 6453 9498 4637 37468 37230 37230 37230
  AS path: 3257 6453 9498 4637 47869
  AS path: 3356 6453 9498 4637
  AS path: 3356 6453 9498 4637 1299 2906
  AS path: 3356 6453 9498 4637 1299 3491 20485 20485 4809 
49209
  AS path: 3356 6453 9498 4637 20773 29066
  AS path: 3356 6453 9498 4637 2906
  AS path: 3356 6453 9498 4637 29791
  AS path: 3356 6453 9498 4637 30844
  AS path: 3356 6453 9498 4637 30844 36991
  AS path: 3356 6453 9498 4637 30844 38056 38056 38056
  AS path: 3356 6453 9498 4637 37468 37230
  AS path: 3356 6453 9498 4637 37468 37230 37230 37230
  AS path: 3356 6453 9498 4637 47869

I'm not sure what is supposed to be there for 6453_9498 but I suspect not 
nearly as much as is currently present (only 4637 listed here for brevity).


huh... us-carrier -> tata -> airtel -> telstra .. that seems TOTALLY 
PLAUSIBLE.. no.



On Thu, Nov 15, 2018 at 2:53 PM John Weekes 
mailto:j...@nuclearfallout.net>> wrote:
Marcus,

From route-views output, it looks like AS9498/airtel is probably leaking your 
route between two of its upstreams (AS6453/Tata and AS4637/Telstra) overseas, 
funneling some of your traffic through their router.

route-views>sh ip bgp 23.92.178.22 | i 9498
  3356 6453 9498 4637 29791
  1403 6453 9498 4637 29791
  3549 3356 6453 9498 4637 29791
  19214 3257 6453 9498 4637 29791
  1403 6453 9498 4637 29791
  286 6453 9498 4637 29791
  53364 3257 6453 9498 4637 29791
  3257 6453 9498 4637 29791
  1239 6453 9498 4637 29791
  2497 6453 9498 4637 29791
  57866 6453 9498 4637 29791
  7660 2516 6453 9498 4637 29791
  701 6453 9498 4637 29791
  3561 209 6453 9498 4637 29791

You might try halting advertisements to your AS4637/Telstra peer while you 
contact AS9498.

-John
On 11/15/2018 10:43 AM, Marcus Josephson wrote:
Anyone else seeing an odd Scenic routing in the LAX/SJE area for tata.

traceroute 

Re: Switch with high ACL capacity

[Lotia, Pratik M]

Mike,

Can you shed some light on the use case? Looks like you are confusing ACLs and 
BGP Flowspec. ACLs and Flowspec rules are similar in some ways but they have a 
different use case. ACLs cannot be configured using Flowspec announcements. 
Flowspec can be loosely explained as 'Routing based on L4 rules' (there's a lot 
more to it than just L4). I doubt if a there is a Switch which can hold a large 
number of Flowspec entries.

 
~Pratik Lotia
“Improvement begins with I.”
 

On 11/6/18, 10:39, "NANOG on behalf of Mike Hammett"  wrote:

I am looking for recommendations as to a 10G or 40G switch that has the 
ability to hold a large number of entries in ACLs.

Preferred if I can get them there via the BGP flow spec, but some sort of 
API or even just brute force on the console would be good enough.

Used or even end of life is fine.

-Mike HammettIntelligent Computing SolutionsMidwest Internet 
ExchangeThe Brothers WISP


E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

RE: automatic rtbh trigger using flow data

[Lotia, Pratik M]

>many operators doing this have concentrated on common 
>port-pairs observed in UDP reflection/amplification attacks.

Yes, because that's a great starting point.

> And when we're using techniques like 
>QoSing down certain ports/protocols, we must err on the side of caution,

Arbor report mentions volumetric attacks using DNS, NTP form 75+% of the 
attacks. Then QoSing certain ports and protocols is the best way to start with.

~Pratik Lotia  



-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Roland Dobbins
Sent: Friday, August 31, 2018 11:13 AM
To: NANOG list
Subject: Re: automatic rtbh trigger using flow data


On 31 Aug 2018, at 23:53, Lotia, Pratik M wrote:

> Instead of rtbh I would suggest blocking/rate limiting common ports 
> used in DDoS attacks.

This isn't an 'instead of', it's an 'in addition to'.  And it must be 
done judiciously; many operators doing this have concentrated on common 
port-pairs observed in UDP reflection/amplification attacks.

It's important to understand that any kind of packet of any 
protocol/ports (if such concepts apply on the protocol in question) can 
be used to launch DDoS attacks.

We've many tools in the toolbox, and should use them in a 
situationally-appropriate manner.  And when we're using techniques like 
QoSing down certain ports/protocols, we must err on the side of caution, 
lest we cause larger problems than the attacks themselves.

---
Roland Dobbins 
E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

RE: automatic rtbh trigger using flow data

[Lotia, Pratik M]

Instead of rtbh I would suggest blocking/rate limiting common ports used in 
DDoS attacks. That will block 90% of the DDoS attacks. We recently open sourced 
a BGP Flowspec based tool for DDoS Mitigation. It applies Flowspec rules per 
victim IP Addr.
https://github.com/racompton/docker-auto-flowspec


~Pratik Lotia 


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of H I Baysal
Sent: Friday, August 31, 2018 3:09 AM
To: Michel Py; Aaron Gould; mic...@arneill-py.sacramento.ca.us
Cc: Nanog@nanog.org
Subject: Re: automatic rtbh trigger using flow data

Most of the solutions mentioned are paid, or fastnetmon is partially 
paid. And the thing you want is paid i believe
Nice tool though, not saying anything against it. However

My personal view is, as long as you can store your flow info in a 
timeseries database (like influxdb and NOT SQL LIKE!!!) you can do 
whatever you want with the (raw) data. And create custom triggers for 
different calculations.

Flows are on the fly and are coming in constantly, you could have a 
calculation like group by srcip and whatever protocol you want or just 
srcip,
and make a calculation for every x seconds or minutes. As i mentioned 
the flow data is a constant stream, so you could have it triggered as 
fast as you want.

(and the nice thing is, with sflow, you also get as path, peer as, 
localpref,community (if enabled). You could group by anything.. :)

I admit it takes a bit more time to setup but the outcome is amazing ;) 
(especially if you graph it then with grafana)
And in your case it would be a script that does a influxdb command to 
make the calculations and if the outcome shows an IP meeting the 
thresholds you have set in the calculation, you trigger a script that 
adjusts the route to be announced to your upstream with the correct 
(rtbh) community.
( as i mentioned, as long as you have the "raw" flows, you can do anything )


Good luck, whatever you choose :)


On 31-08-18 02:14, Michel Py wrote:
>> Aaron Gould wrote :
>> I'm really surprised that you all are doing this based on source ip, simply 
>> because I thought the distribution of botnet members around
>> the world we're so extensive that I never really thought it possible to 
>> filter based on sources, if so I'd like to see the list too.
> I emailed you. For years I ran it at home on a Cisco 1841, 100,000 BGP 
> prefixes is nothing these days. I am not surprised that Joe pushes that to 
> some CPEs.
>
>> Even so, this would not stop the attacks from hitting my front door, my side 
>> of my Internet uplink...when paying for a 30 gigs CIR
>> and paying double for megabits per second over that, up to the ceiling of 
>> 100 gig every bit that hits my front door over 30 gig
>> would cost me extra, remotely triggering based on my victim IP address 
>> inside my network would be my solution to saving money.
> I agree. If you want to get a real use of source blacklisting, to save 
> bandwidth, you probably went to rent a U in a rack at your upstream(s) to 
> block it there.
> I never did it past 1GE, and I have never measured seriously the bandwidth it 
> would save, would be curious to know.
> I think the two approaches are complementary to each other though.
>
> Michel.
>
>
> On Aug 30, 2018, at 6:43 PM, Michel Py  wrote:
>
>>> Joe Maimon wrote :
>>> I use a bunch of scripts plus a supervisory sqlite3 database process all 
>>> injecting into quagga
>> I have the sqlite part planned, today I'm using a flat file :-( I know :-(
>>
>>> Also aimed at attacker sources. I feed it with honeypots and live servers, 
>>> hooked into fail2ban and using independent host scripts. Not very 
>>> sophisticated, the remotes use ssh executed commands to add/delete. I also 
>>> setup a promiscuous ebgp RR so I can extend my umbrella to CPE with diverse 
>>> connectivity.
>> I would like to have your feed. How many attacker prefixes do you currently 
>> have ?
>>
>>> Using flow data, that sounds like an interesting direction to take this 
>>> into, so thank you!
>> The one thing we can share here is the attacker prefixes. The victim 
>> prefixes are unique to each of us but I expect our attacker prefixes to be 
>> very close.
>>
>> Michel.
>>
>> TSI Disclaimer:  This message and any files or text attached to it are 
>> intended only for the recipients named above and contain information that 
>> may be confidential or privileged. If you are not the intended recipient, 
>> you must not forward, copy, use or otherwise disclose this communication or 
>> the information contained herein. In the event you have received this 
>> message in error, please notify the sender immediately by replying to this 
>> message, and then delete all copies of it from your system. Thank you!...

E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not 

RE: tcp md5 bgp attacks?

[Lotia, Pratik M]

Just to point out -
Data about md5 attacks from various organizations will depend on a number of 
factors such as -
Is BGP TTL Security check being done?
Are anti-spoofing ACLs enabled?
uRPF enabled? Strict or Loose?
BGP Session over a separate interface (tunnel)?



With Gratitude,


Pratik Lotia  |  Security Engineer  | Advanced Engineering Security
Charter Communications

"A satisfied customer is the best business strategy of all."

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Randy Bush
Sent: Tuesday, August 14, 2018 3:39 PM
To: North American Network Operators' Group
Subject: tcp md5 bgp attacks?

so we started to wonder if, since we started protecting our bgp
sessions with md5 (in the 1990s), are there still folk trying to
attack?

we were unable to find bgp mib counters.  there are igp interface
counters, but that was not our immediate interest.  we did find
that md5 failures are logged.

looking at my logs for a few years, i find essentially nothing;
two 'attackers,' one my own ibgp peer, and one that noted evildoer
rob thomas, bgprs01.ord08.cymru.com.

we would be interested in data from others.

note that we are neither contemplating nor suggesting removing md5
from [y]our bgp sessions.

randy
E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Contact at SpeedTest.net

[Carlos M. Martinez]

Hi all,

If anyone has a contact at SpeedTest it would be greatly appreciated.

Thanks!

/Carlos

Re: Multicast traffic % in enterprise network ?

[Justin M. Streiner]

On Wed, 8 Aug 2018, Mankamana Mishra (mankamis) via NANOG wrote:

 *   If there is any data which can provide what % of traffic is 
multicast traffic. And if multicast is removed, how much unicast traffic 
it would add up?
 *   Since this forum has people from deployment area, I would love to 
know if there is real deployment problems or its pain to deploy 
multicast.


These questions is to work / discussion in IETF to see what is pain 
points for multicast, and how can we simplify it.


The amount of multicast traffic on an enterprise network will depend 
greatly on how multicast is being used, and to some extent, the type of 
business the enterprise is in.


An enterprise that uses multicast primarily for IPTV distribution might 
have different business and technology drivers than, say, a hospital 
or healthcare organization that has patient monitors that use multicast 
to communicate back to a central monitoring station.  The percentage of 
multicast traffic in those two scenarios might be vastly different, but 
no less important to their respective organizations.


Thank you
jms

Re: Confirming source-routed multicast is dead on the public Internet

[Justin M. Streiner]

On Tue, 31 Jul 2018, John Kristoff wrote:


Second best might be the Internet2 community where a number of
institutions that have always had it might still have it turned on.
Though there has been only one post in all of 2018 on their list if
that tells you anything.


At my previous job (large .edu), we spoke MSDP with Internet2 through our 
regional I2 connector, however we turned that MSDP session off probably 
two years ago, and I don't think that session moved any useful traffic for 
probably two years before that.  Multicast was used extensively within our 
network, but nothing outside for quite a while.


I agree with general sentiment that multicast across the larger Internet 
is dead.


Thank you
jms

Re: Rising sea levels are going to mess with the internet

[Justin M. Streiner]

All:

Let's kindly kill off the portions of this thread that have absolutely 
nothing to do with running a network.  Political rants, plate tectonics, 
Math 101, and debating whether or not climate change is a thing really 
have no place on this list / in this context.


Thank you
jms

RE: SP security knowledge build up

[Lotia, Pratik M]

On Mon, Jul 23, 2018 at 03:22:46PM +0200, Ramy Hashish wrote:
> I am planning to build up a security team of fresh engineers whom are 
> "network oriented", any advice on the knowledge resources we can start 
> with?

To add to the academic programs - 

CU Boulder has an excellent telecom program for network security and network 
engineering; one of their courses focuses solely on SP networks (full 
disclosure: I am a CU Boulder alumnus).


With Gratitude,

Pratik Lotia  |  Security Engineer III  
Charter Communications


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rich Kulawiec
Sent: Tuesday, July 24, 2018 10:43 AM
To: nanog@nanog.org
Subject: Re: SP security knowledge build up

On Mon, Jul 23, 2018 at 03:22:46PM +0200, Ramy Hashish wrote:
> I am planning to build up a security team of fresh engineers whom are 
> "network oriented", any advice on the knowledge resources we can start 
> with?

1. Start with one or more engineers who aren't "fresh".  This is more 
expensive, potentially much more expensive, but it's much more likely to result 
in success than trying to feed a crash course in security into the brains of 
people who've never done any of this before.  Even if all those experienced 
people do is stop you from making well-known mistakes, then the investment will 
be more than worth it.

2. I see that several academic programs were mentioned downthread; one that I'd 
add to the list is UMBC, which is excellent.

---rsk
E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Re: SD-WAN Solutions

[Sabina M.]

Thanks everyone for replying! 

As for why I'm asking, working today together with a $customer in order to 
figure out integration with other VXLAN environments, and extending the control 
plane past just the nuage solution. There's plenty of customers that use either 
basic VXLAN (think Cisco N9k with barebone VXLAN EVPN, not ACI), Juniper 
Contrail and others. The "rumors" that I heard regarding the nuage solution is 
that so far, Nokia/Alcatel hasn't implemented the RFC for EVPN to the letter 
and that there there's quite a bit of custom stuff in there (from sym/asym 
routing methods) to signaling and all. 

My question boils down to when/how will nuage implement interoperability with 
other vendors at VXLAN level? In the SP market we've had it for years where you 
can have MPLS on a variety of boxes and the network wouldn't suffer from this. 
It seems with VXLAN it's less cooperative (and I understand there's more to it 
now than just the protocol and it's more a fabric approach)

Also, can you maybe tell me/us more about these extensions? 


​​

‐‐‐ Original Message ‐‐‐

On May 24, 2018 11:40 PM, Alastair Johnson  wrote:

> ​​
> 
> On 5/24/18 5:43 AM, Sabina M. wrote:
> 
> > Has anyone worked with Nuage from around here? Additionally, is anyone 
> > familiar with what RFC Alcatel/Nokia is implementing for the VXLAN part of 
> > the solution? It looks a bit non-standard but I can't find any clear 
> > documentation regarding this anywhere
> > 
> > Cheers,
> > 
> > S.
> 
> Hi Sabina,
> 
> I work for Nuage Networks. What can I help you with? Happy to discuss
> 
> our architecture, but may I know why you are asking?
> 
> VxLAN is just the datapath. Control plane is based on EVPN and is
> 
> standards-based for our DC overlay platform, but the SD-WAN product uses
> 
> a number of extensions.
> 
> Regards,
> 
> AJ
> 
> a...@nuagenetworks.net

SD-WAN Solutions

[Sabina M.]

Has anyone worked with Nuage from around here? Additionally, is anyone familiar 
with what RFC Alcatel/Nokia is implementing for the VXLAN part of the solution? 
It looks a bit non-standard but I can't find any clear documentation regarding 
this anywhere

Cheers,
S.

Contacting AS6589 - "Beneficial Technologies"

[Carlos M. Martinez]

Hello all,

I’m trying to reach anyone at AS 6589, “Beneficial Technologies”. 
They are announcing large chunk of LACNIC unallocated space, as can be 
seen here: https://bgp.he.net/AS6589


Although I usually give people the benefit of doubt, in this case we are 
talking about 5 /16 prefixes. Talk about fat fingers.


Private email is ok.

Thanks

Carlos
LACNIC CTO

Re: How can I obtain the abuse e-mail address for IPs from Japan?

[Justin M. Streiner]

On Wed, 23 Aug 2017, Kurt Kraut wrote:


Network Information:
a. [Network Number] 59.106.12.0-59.106.27.255
b. [Network Name]   SAKURA-NET
g. [Organization]   SAKURA Internet Inc.
m. [Administrative Contact] KT749JP
n. [Technical Contact]  KW419JP

No e-mail addresses of the abuse team or NOC or SOC.


Since they don't have an abuse contact and there's not much additional 
useful contact information in their peeringdb entry, your next best bet 
would be to reach out to the admin and technical contacts listed in their 
whois record, or try the abuse contacts for one or more of their

upstreams.

jms

Re: Creating a Circuit ID Format

[Justin M. Streiner]

On Tue, 22 Aug 2017, James Bensley wrote:


In my opinion the circuit ID should be an abitrary (but unique) value
and nothing more. As Nick suggested start at 1 and go up. If your
company is called ABC Ltd then maybe have your first circuit ID as
ABC0001 and count up from there, it's as simple as that.

For me, all the circuit ID should be is a record number/ID of a
database entry and nothing more (or a search string). Some people like
to have circuit IDs which include circuit types, or circuit speeds, or
interface type, but as you asked, do you then change the circuit ID if
the circuit speed changes, or the interface types changes, or the
medium etc?


Agreed.  I designed something similar at a previous employer, and it just 
used a date-coded ID with sequence number (ex: UOP 20170822.0001), and 
then all of the cross-connect details were recorded in a place that was 
better suited to capturing that sort of information.  That would also 
allow us to re-use fiber paths when we upgraded 1G links to 10G, etc.


This also included IDs that could reference other circuit IDs - including 
circuit IDs from other providers - so we could tie non-dark elements 
together, such as waves through DWDM gear end up riding on separate dark 
fiber paths on either side of the mux.


The biggest obstacle was getting people to label fiber jumpers in the 
field, but that obstacle went away as people get a better understanding of 
it and having all of the cross-connects documented saved lots of time and 
frustration when having to search through a large patch field at 3 AM...


jms

Re: Point 2 point IPs between ASes

[Justin M. Streiner]

On Thu, 29 Jun 2017, William Herrin wrote:


Heck, I’m gonna do whatever it takes to NOT subnet on bits with my v6

deployment.  Hopefully with v6, gone are the days of binary subnetting math.


I hedged my bets when I laid out our v6 space at my previous $dayjob.  We 
used /126s for point-to-point links, but carved out a /64 for each 
point-to-point link in our IPAM system.  That way, if we ever encountered 
a device that wouldn't play nicely with a /126 on a point-to-point link, 
we could just change the mask to /64 (or something else, if the device 
requires a byte or nibble boundary) on the interface and any relevant 
ACLs and not have to re-provision addresses for the link.


I seem to recall that our upstreams generally standardized on /126s for 
point-to-point interconnects to us.  We had one interconnect that was a 
/64, but that also wasn't a point-to-point link.


jms

Fwd: [lacnog] Call for Presentations – LACNOG 2017

[Carlos M. Martinez]

FYI, apologies for duplicates.

Forwarded message:


From: Tomas Lynch 
To: lac...@lacnog.org 
Subject: [lacnog] Call for Presentations – LACNOG 2017
Date: Thu, 15 Jun 2017 08:55:17 -0400

LACNOG, the Latin American and Caribbean Network Operators Group, will 
be
holding its annual conference – LACNOG 2017 – in the city of 
Montevideo,
Uruguay, on 18-22 September 2017. This event will be co-located with 
the

LACNIC 28 meeting.

The 2017 LACNOG Program Committee invites the Internet community to 
submit

their presentations for the event.



Possible formats are as follows:

   -

   Lightning talk: short, 10-minute presentation with an additional 5
   minutes for questions.
   -

   Presentation: 20-minute presentation with an additional 10 minutes 
for

   questions.
   -

   Tutorial: 45-minute presentation with an additional 15 minutes for
   questions.

In the spirit of LACNOG, the topics to be covered by the presentations
should be geared towards regional Internet development. The topics of
interest to LACNOG 2017 include, but are not limited to:

   -

   Network operation and professional experiences, success stories
   -

   IP network architecture, sizing, configuration and administration
   -

   Routing and switching protocols, including unicast, multicast, 
anycast,

   and others
   -

   End-user applications (e.g. E-mail, HTTP, DNS, etc.)
   -

   Value-added services such as VPNs, distributed systems, cloud 
computing,

   etc.
   -

   Peering, regional traffic exchange, IXPs
   -

   Transition to IPv6 and IPv6 Deployment
   -

   Network security and data management, attack mitigation
   -

   Network monitoring, performance, measurements and telemetry
   -

   Network automation, evolution and convergence
   -

   Infrastructure and physical transport including optical and 
wireless

   networks
   -

   Internet governance issues, legislation and regulations
   -

   Research and education



All submissions must meet the following requirements:

   -

   Proposals must be submitted in English, Portuguese or Spanish.
   -

   Accepted formats: Microsoft Powerpoint (PPT, PPTX), Apache 
OpenOffice
   Presentation (ODP), LibreOffice Impress (ODP), or Portable Document 
Format

   (PDF).
   -

   The number of slides must be appropriate for the time assigned for 
the

   presentation. As a rule of thumb, estimate 1-2 minutes per slide.
   -

   We recommend following the Guidelines for Submitting a Presentation
   .



Presentations must be submitted according to the following schedule:

   -

   Reception of drafts and abstracts: 12 June to 17 July
   -

   Evaluation by the Program Committee: 17 to 31 July
   -

   Submission of the final presentation: 31 July to 28 August
   -

   Event date: 18-22 September



Anyone wishing to participate must submit a short biography, picture 
and
abstract to 
http://www.lacnog.org/en/call-for-presentations-lacnog-2017/




Presenters at the LACNOG 2017 conference will receive a certificate
attesting their participation.



Program Committee




___
LACNOG mailing list
lac...@lacnic.net
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog

Re: Cellular enabled console server

[A . L . M . Buxey]

Hi,

> OpenGear all the way.  Models for every need.

+1  OpenGear all the time - just ensure you are patching/manageing them(!)

alan

Re: BGP IP prefix hijacking

[Carlos M. Martinez]

We use a mix of BGPMon and RPKI+RIPE Validator.

On 30 Jan 2017, at 4:41, Nagarjun Govindraj via NANOG wrote:

> Hi All,
>
> I am planning to write a tool to detect real time BGP IP prefix hijacking.
> I am glad to know some of the open problems faced by
> providers/companies/community.
> I would like to know how the community is currently dealing and mitigating
> with such problems.
> It will be very helpful to know some of the adopted strategies by the
> community to detect bgp IP prefix hijacking and problems that are yet to be
> solved.
> Also I would like to know some of the very well industry standard open
> source tools used in the area of BGP which makes life easier.
>
> Regards,
> Nagarjun

premiumcolo.net IP address rental

[Joel M Snyder]

Folks:

I've been getting mail from "premiumcolo.net" offering to rent unused 
IPv4/IPv6 space.  Their web site is a farce of random phrases, 
grammatical errors, misspellings, and randomly inserted words, and won't 
even render in Firefox.


That being said, I'm curious as to whether anyone has had any experience 
with them or knows the back story.


Also, is there some reason that there is no official searchable archive 
of the nanog mailing list?  (or dependable unofficial one...)?


Best in the new year to you all,

jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One   Phone: +1 520 324 0494
j...@opus1.comhttp://www.opus1.com/jms

Re: PSN download speeds

[A . L . M . Buxey]

Hi,

really not the right place for this... 

however, its pretty well documented elsewhere, eg

https://www.reddit.com/r/PS4/comments/5drvcc/an_update_on_psn_download_speeds/


alan

Distributed Object Architecture versus DNS

[Stephenson, Ryan M CIV DISA IE (US)]

Does anyone have any information about DOA versus DNS.  Any ideas about
security with DOA is better than DNS.  Maybe pros and cons of DOA versus
DNS?

Matt Lewis


smime.p7s
Description: S/MIME cryptographic signature

Anyone have contact info for NOC of PlayStation Network?

[Edmond M]

Hello,

I'm getting a lot of auto abuse notices stemming from 'account takeover
attempts' via 443 and would like to resolve it with someone directly there.

All I have is snei-noc-ab...@am.sony.com and not getting any response.

Thanks in advance

Re: OSPF vs ISIS - Which do you prefer & why?

[Joel M Snyder]

>> Vendor support for IS-IS is quite limited - many options for OSPF.

>Depends on the vendor.

I think you misunderstood his point: it's not the knobs, but the 
vendors.  Generally, when you're trying to integrate random crap into an 
otherwise well-structured network, you'll find OSPF available, but very 
rarely IS-IS.


I run into this a lot in the security appliance space, where you want 
your security appliances to either learn or advertise routes internally 
(VPN tunnel reachability is a big reason for this), but also in devices 
such as load balancers and other middlebox cruft that occasionally needs 
to participate in routing advertisement/subscription.


Some vendors grab random open source routing protocol code that includes 
everything and dump it into their boxes, usually accessible via an 
entirely separate configuration interface; this can include IS-IS, but 
these implementations rarely actually work as they are usually "check 
list" implemented for a specific RFP or customer and never get widely 
tested.


The ones who actually care about making it work almost always include 
RIP and OSPF, with a few shout-outs to BGP.  IS-IS (and OSPF v3) rarely 
makes the cut.


In a world where you are doing well-controlled Cisco/Juniper/etc 
networks with fairly homogeneous code bases, the engineers get to have 
this discussion.  When you have to link in devices for which routing is 
not their primary reason to exist, your options narrow very quickly. 
It's not ideal; that's just the way it is.



jms


--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One   Phone: +1 520 324 0494
j...@opus1.comhttp://www.opus1.com/jms

Re: PlayStationNetwork blocking of CGNAT public addresses

[A . L . M . Buxey]

Hi,

as others have said, need to engage with one of their other units to get this 
sorted
out - as a network provider, their customers are relying on YOU to access their 
service, PSN should
care. 

technically, you could start looking at netflows to the PSN and see if anyone 
is engaged in DDoS
via that route...and , if you offer IPv6 native service to end users, ask PSN 
when they are going to 
be offer an IPv6 service to their users - so this CGNAT stuff can go  ;-)

alan

Re: Don't press the big red buttom on the wall!

[A . L . M . Buxey]

Hi,

whilst we're posting YouTube clips. maybe they'd have been better off 
keeping 
a copy of the Internet


https://www.youtube.com/watch?v=iDbyYGrswtg


;-)

alan

Re: Don't press the big red buttom on the wall!

[A . L . M . Buxey]

Hi,

>  https://www.youtube.com/watch?v=NITBfc1EOBo#t=27s

"This video contains content from B_Viacom, who has blocked it in your country 
on copyright grounds."

I love YouTube and copyright regional laws :/

alan

Re: Why the internal network delays, Gmail?

[A . L . M . Buxey]

Hi,

> I was working within the limits of what I had available.

Google offer several trouble shooting tools for their service too,
you might want to look at their toolbox eg

https://toolbox.googleapps.com/apps/messageheader/

(part of their 'why is my email slow to deliver?' process)

alan

Re: Why the internal network delays, Gmail?

[A . L . M . Buxey]

Hi,

> administrator reaching out to peers for assistance with a particular
> problem that is clearly network related is inappropriate for a network

clearly network related?   people have an interesting expectation of email - 
expecting instant delivery.  you might check their level of expectationthe
SLA etc define service availability but email delivery is pretty much 'best 
efforts
of all parties involved in the transaction' - ideally it gets there 
quickly...but
it could take up to 72 hours.  google have several status dashboards that you 
can check/monitor.

generally, if you have an issue with a particular service on the internet, 
contact them directly.
dont use a 3rd party mail list - they *might* be aroudn on it but its not their 
official
service desk contact point ;-)

alan

Re: Speedtest.net not accessible in Chrome due to deceptive ads

[A . L . M . Buxey]

Hi,

> Since this morning Speedtest.net is not accessible in Chrome
> Reason:
> https://www.google.com/transparencyreport/safebrowsing/diagnostic/#url=c.speedtest.net

someones complained about the URL based on them stupidly installing 
'cleanmymac' or such?

use the non flash junk HTML5 version instead

http://beta.speedtest.net/

still bleats about "Deceptive site ahead"

and PS "is not accessible in Chrome" - not true.

click DETAILS,  then click on 

visit this unsafe site.

(with the pre-condition of " if you understand the risks to your security"


I personally dont want or need Google to start being my nanny on the internet  
:/


alan

PS you may have other interests involved here given your affiliation to 
speedchecker.xyz 

Re: Leap Second planned for 2016

[A . L . M . Buxey]

Hi,

> Leap second handling code is not well-tested and is an ultimate corner
> case.  There's been debate about abolishing leap seconds; with all the

well, we've gone through a few of these now...so if it was all okay before
its likely to be again... exception: any NEW code that
you are running since last time - THAT hasnt been tested ;-)

alan

Re: Bitcoin mining reward halved

[A . L . M . Buxey]

Hi,
> This is pretty O/T for this list, isn't it?

not if he's using his routers ASICs to do it! ;-)
(or maybe its related to the bitcoin network traffic volumes...but
thats too logical...)

alan

Re: NAT firewall for IPv6?

[A . L . M . Buxey]

Hi,

> Right.  But how long is it going to take to secure the Palo Alto firewall?

around 5 minutes?

recover password, restart, log in, fix rules.

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Reset-the-Administrator-Password/ta-p/57581


obviously the firewall is also blocking google access! ;-)

alan

Re: NAT firewall for IPv6?

[A . L . M . Buxey]

Hi,

> > The Palo-Alto's also don't support anything but NAT64,
> 
> They don't support proper dual-stack??  Or NAT64 is the only NAT flavor

of course they support native IPv6 ...or IPv4 with IPv6 in dual-stack.

i believe the comment was related to the 6/4 xlat stuff - ie just NAT64 and not 
464XLAT etc - 
I've not looked into that myself as we do dual stack

alan

Re: NAT firewall for IPv6?

[A . L . M . Buxey]

Hi,


I would go through the password recovery options on the PaloAlto.

as a next gen firewall you need to ensure you are getting all the latets 
rulesets
and detection code through - check your subscription with them


once you've sorted out access you can look at the policies and ensure that
the IPv6 AV filtering rules match that for IPv4 - fairly easy with their 
interface.
(check your codebase version for feature abilitiesonce again, you may need 
to
deal with PA to ensure your codebase is current. these things get OLD quickly


as for NAT for IOV6. nope.   and turning it off ISNT the answer (yes, its an 
answer...just
the wrong one! ;-) )


alan

Re: NANOG67 - Tipping point of community and sponsor bashing?

[A . L . M . Buxey]

Hi,

well, you an say one thing - the talk got a lot of conversation going  - most 
of it useful
and positive and informational.isnt that the sign of a good talk?  ;-)

seriously, this thread has been very active/alive based on the initial trigger 
of his talk.


as for the talk itselfeveryone has their viewsand people should feel 
free to
provide their opinion when on the soapbox/presentation stage - as long as its 
within the law
(in some doamins being offensive / testing boundaries is part of the territory 
- eg comedians -
but I wouldnt accept that sort of boundary/officensiveness at an IT/networking 
presentation).
theres an old adage about opinions and everyone having oneits a tru-ism for 
sure - but
whilst he might not have had a full picture the resulting conversation on this 
mailing list
has provided much information. 

Now, just need similar talk on the topic of BGP peering security  ;-)

alan

Re: Webmail / IMAPS software for end-user clients in 2016

[Adrian M]

>From AfterLogic you may use the following webmail clients:

- without calendar -> WebMail-lite PHP
- with personal calendar -> WebMail PHP
- with calendar and full sharing exchange style -> Aurora

On Tue, Jun 14, 2016 at 8:50 PM, Guillaume Tournat 
wrote:

> Zimbra is a full featured groupware server. I don't think you can just use
> the webmail part with existing IMAP server.
>
> So it doesn't fulfill requirements stated by initial poster.
>
>
>
> > Le 13 juin 2016 à 21:24, Greg Sowell  a écrit :
> >
> > +1 for Zimbra
> >
> >> On Sun, Jun 12, 2016 at 12:53 PM, Jim Lucas  wrote:
> >>
> >> June 8 2016 6:08 PM, "Eric Kuhnke"  wrote:
> >>> If you had to put up a public facing webmail interface for people to
> use,
> >>> and maintain it for the foreseeable future (5-6 years), what would you
> >> use?
> >>>
> >>> Roundcube?
> >>> https://roundcube.net
> >>>
> >>> Rainloop?
> >>> http://www.rainloop.net
> >>>
> >>> Something else?
> >>>
> >>> Requirements:
> >>> Needs to be open souce and GPL, BSD or Apache licensed
> >>>
> >>> Email storage will be accessed via IMAP/TLS1.2
> >>>
> >>> Runs on a Debian based platform with apache2 or nginx
> >>>
> >>> Desktop browser CSS and mobile device CSS/HTML functionality on 4" to
> 7"
> >>> size screens with Chrome and Safari
> >>
> >> I work for an ISP, and recently we were faced with the same dilemma. We
> >> knew that our RoundCube was rather old and needed a facelift.  We
> started
> >> looking at new clients what I came across RainLoop.
> >>
> >> IMO RoundCube still doesn't have a decent working mobile theme.
> >>
> >> I went ahead and installed RainLoop on my personal server. Configuration
> >> was a breeze. The interface is very nice. And the mobile layout is very
> >> slick.
> >>
> >> I did come across a problem with displaying emails and when I emailed
> >> their support email, they were very quick to respond.  And within 24
> hors
> >> they were able to write a fix for my specific issue and build a new
> release
> >> for me to download and test.
> >>
> >> I think that says something for their support team.
> >>
> >> Even if my office doesn't adopt RainLoop,  I will continue using it on
> my
> >> personal server for the forsee able future.
> >>
> >> --
> >> Jim Lucas
> >> C - 5414085189
> >> H - 5413234219
> >> http://cmsws.com
> >
> >
> >
> > --
> >
> > GregSowell.com
> > TheBrothersWISP.com
>
>

Re: Firewall list recommendations (config conversion options)

[A . L . M . Buxey]

Hi,

> > Looking for options on converting a large amount of Fortinet rules to
> > Checkpoint.  Ultimately converting the entire configuration to Checkpoint
> > would be nice.

theres a post online asking the same question back in early 2010 with no 
responses...

there are also a lost of tools that do Checkpoint TO Fortinet  - says 
something? ;-)


but actually, looking for firewall conversion tools does give you a picture
of typical/common moves  :)



alan

Re: GeoIP database issues and the real world consequences

[Carlos M. Martinez]

Or (90S,0), so they get a bit of fresh air and have some time think
during the voyage :-)

On 4/11/16 2:14 PM, Josh Luthman wrote:
> Or 0,0, send the FBI to Africa on a boating trip.  that would probably be
> easier than "unknown" or "null".
> 
> 
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> 
> On Mon, Apr 11, 2016 at 1:11 PM, Hugo Slabbert <h...@slabnet.com> wrote:
> 
>>
>> On Mon 2016-Apr-11 13:02:14 -0400, Ken Chase <m...@sizone.org> wrote:
>>
>> TL;DR: GeoIP put unknown IP location mappings to the 'center of the
>>> country'
>>> but then rounded off the lat long so it points at this farm.
>>>
>>> Cant believe law enforcement is using this kind of info to execute
>>> searches.
>>> Wouldnt that undermine the credibility of any evidence brought up in
>>> trials
>>> for any geoip locates?
>>>
>>> Seems to me locating unknowns somewhere in the middle of a big lake or
>>> park in
>>> the center of the country might be a better idea.
>>>
>>
>> ...how about actually marking an unknown as...oh, I dunno: "unknown"?  Is
>> there no analogue in the GeoIP lookups for a 404?
>>
>>
>>> /kc
>>>
>>
>> --
>> Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
>> pgp key: B178313E   | also on Signal
>>
>>
>>
>>> On Mon, Apr 11, 2016 at 11:55:11AM -0500, Chris Boyd said:
>>>  >
>>>  >Interesting article.
>>>  >
>>>  >http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
>>>  >
>>>  >An hour???s drive from Wichita, Kansas, in a little town called Potwin,
>>>  >there is a 360-acre piece of land with a very big problem.
>>>  >
>>>  >The plot has been owned by the Vogelman family for more than a hundred
>>>  >years, though the current owner, Joyce Taylor n??e Vogelman, 82, now
>>>  >rents it out. The acreage is quiet and remote: a farm, a pasture, an old
>>>  >orchard, two barns, some hog shacks and a two-story house. It???s the
>>> kind
>>>  >of place you move to if you want to get away from it all. The nearest
>>>  >neighbor is a mile away, and the closest big town has just 13,000
>>>  >people. It is real, rural America; in fact, it???s a two-hour drive from
>>>  >the exact geographical center of the United States.
>>>  >
>>>  >But instead of being a place of respite, the people who live on Joyce
>>>  >Taylor???s land find themselves in a technological horror story.
>>>  >
>>>  >
>>>  >For the last decade, Taylor and her renters have been visited by all
>>>  >kinds of mysterious trouble. They???ve been accused of being identity
>>>  >thieves, spammers, scammers and fraudsters. They???ve gotten visited by
>>>  >FBI agents, federal marshals, IRS collectors, ambulances searching for
>>>  >suicidal veterans, and police officers searching for runaway children.
>>>  >They???ve found people scrounging around in their barn. The renters have
>>>  >been doxxed, their names and addresses posted on the internet by
>>>  >vigilantes. Once, someone left a broken toilet in the driveway as a
>>>  >strange, indefinite threat.
>>>  >
>>>  >--Chris
>>>  >
>>>
>>

Re: Stop IPv6 Google traffic

[A . L . M . Buxey]

Hi,
> The problem is IPv6-enabled customers complaints see captcha, and Google
> NOC refuses to help solve it saying like find out some of your customer
> violating some of our policy. As you can imagine, this is not possible.

your customers are getting  addresses when looking up google addresses...so 
their
clients are trying to use IPv6 to talk to google. so doing anything to that 
traffic - blackholing
or just denying it, WILL affect the clients. 

give clients their own bigger blocks - or identify the clients violating policy 
(what the policy
they are violating?) - you'll probably find the ones getting the captchas are 
the ones violating! ;-)

alan

Re: DataCenter color-coding cabling schema

[A . L . M . Buxey]

Hi,


I'm not sure I'm keen on a colour standard - especially given our recent 
difficulties
sourcing cabling to our spec in certain colours...or lengths!however, what 
we do - and others
do based on this thread - is have our own internal colour scheme for 
purposes/systems/customers.

fibre is far more difficult for this - coloured labels (and a decent labelling 
regime in the first place)
win in that arena.  (obviously the copper plant has labelling too but the 
choice of colours means
that function/purpose is already known from many metres away ;-) ) 

alan