Re: Reaching out to ARIN members about their RPKI INVALID prefixes

On Tue, Sep 18, 2018 at 6:22 PM Owen DeLong wrote: > > > > On Sep 18, 2018, at 15:07 , Job Snijders wrote: > > > > On Tue, Sep 18, 2018 at 02:44:30PM -0700, Owen DeLong wrote: > >> ROAs are useful for one hop level validation. At the second AS hop > >> they are 100% useless. > > > > This

RE: Console Servers

Perle IOLAN SCS series is great. We have them all over the United States. From: NANOG On Behalf Of Jun Tanaka Sent: Tuesday, September 18, 2018 10:52 AM To: nanog@nanog.org; Alan Hannan ; NANOG Subject: Re: Console Servers How about SMART CS series by Seiko solutions?

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

> On Sep 18, 2018, at 15:07 , Job Snijders wrote: > > On Tue, Sep 18, 2018 at 02:44:30PM -0700, Owen DeLong wrote: >> ROAs are useful for one hop level validation. At the second AS hop >> they are 100% useless. > > This conversation cannot be had without acknowledging there are multiple >

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

> On Sep 18, 2018, at 14:58 , Job Snijders wrote: > > On Tue, Sep 18, 2018 at 02:35:44PM -0700, Owen DeLong wrote: >>> "rir says owen can originate route FOO" >>> "ROA for 157.130.1.0/24 says OWEN can originate" >> >> Nope… ROA says (e.g.) AS1734 (or anyone willing to impersonate AS1734) >>

Re: Piter-IX and GOOGLE (AS15169)

On Tue, Sep 18, 2018 at 3:34 PM A.T wrote: > Hello, > > I see AS15169 announcements from Piter-IX > (https://www.peeringdb.com/ix/2149), but Google PeeringDB entry don't seem > include Piter-IX. > Any idea, is PeeringDB out of date here or should I be worried? > > sorry, looks like peeringdb

Re: Piter-IX and GOOGLE (AS15169)

On Tue, Sep 18, 2018 at 3:34 PM A.T wrote: > Hello, > > I see AS15169 announcements from Piter-IX > (https://www.peeringdb.com/ix/2149), but Google PeeringDB entry don't seem > include Piter-IX. > Any idea, is PeeringDB out of date here or should I be worried? > > send me an as-path you see

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

On Tue, Sep 18, 2018 at 4:54 PM nusenu wrote: > > Christopher Morrow wrote: > >>> Yes that is what I had in mind (notification via email to the tech > >>> contact). > >>> > >>> > >> i'm positive that will end in sadness. > > > > we can also send snail mail :) > > after all ~80 or so entities is

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

> Christopher Morrow wrote: >>> Yes that is what I had in mind (notification via email to the tech >>> contact). >>> >>> >> i'm positive that will end in sadness. > > we can also send snail mail :) > after all ~80 or so entities is a manageable amount of organizations to > notify in the ARIN

Piter-IX and GOOGLE (AS15169)

Hello, I see AS15169 announcements from Piter-IX (https://www.peeringdb.com/ix/2149), but Google PeeringDB entry don't seem include Piter-IX. Any idea, is PeeringDB out of date here or should I be worried? Best regards A.T

Re: Console Servers

How about SMART CS series by Seiko solutions? https://www.seiko-sol.co.jp/en/products/console-server/ -- Jun Tanaka - NetComBB/S.N.I

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

On Tue, Sep 18, 2018 at 02:44:30PM -0700, Owen DeLong wrote: > ROAs are useful for one hop level validation. At the second AS hop > they are 100% useless. This conversation cannot be had without acknowledging there are multiple layers of defense in securing BGP. We should also acknowledge that

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

Christopher Morrow: >> Yes that is what I had in mind (notification via email to the tech >> contact). >> >> > i'm positive that will end in sadness. we can also send snail mail :) after all ~80 or so entities is a manageable amount of organizations to notify in the ARIN region. --

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

On Tue, Sep 18, 2018 at 02:35:44PM -0700, Owen DeLong wrote: > > "rir says owen can originate route FOO" > > "ROA for 157.130.1.0/24 says OWEN can originate" > > Nope… ROA says (e.g.) AS1734 (or anyone willing to impersonate AS1734) > can originate 192.159.10.0/24. I'd phrase slightly different

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

> On Sep 18, 2018, at 2:34 PM, Job Snijders wrote: > > On Tue, Sep 18, 2018 at 12:04:19PM -0700, Owen DeLong wrote: >>> Perhaps said another way: >>> >>> "How would you figure out what prefixes your bgp peer(s) should be sending >>> you?" >>> (in an automatable, and verifiable manner) >>

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

On Tue, Sep 18, 2018 at 2:32 PM Owen DeLong wrote: > > > On Sep 18, 2018, at 2:15 PM, Christopher Morrow > wrote: > > > > On Tue, Sep 18, 2018 at 1:33 PM nusenu wrote: > >> Christopher Morrow wrote: >> > Perhaps this was answered elsewhere, but: "Why is this something >> > ARIN (the org)

Brovade/Foundry VLAN translation

I'm not thinking so, but I figured I'd ask here. Is there any way to do VLAN translation on the Brocade VDX-6720 or the Foundry FESX424? Worst case, I'll burn a couple ports looping out and then back in. We are looking to replace the Foundrys with Arista 7050s at some point. -Mike

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

> > "rir says owen can originate route FOO" > "ROA for 157.130.1.0/24 says OWEN can originate" > Nope… ROA says (e.g.) AS1734 (or anyone willing to impersonate AS1734) can originate 192.159.10.0/24. > those seem like valuable pieces of information. Especially since I

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

On Tue, Sep 18, 2018 at 12:04:19PM -0700, Owen DeLong wrote: > > Perhaps said another way: > > > > "How would you figure out what prefixes your bgp peer(s) should be sending > > you?" > >(in an automatable, and verifiable manner) > > In theory, that’s what IRRs are for. You may be

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

On Tue, Sep 18, 2018 at 12:04 PM Owen DeLong wrote: > > > On Sep 18, 2018, at 11:06 AM, Christopher Morrow > wrote: > > > > On Tue, Sep 18, 2018 at 10:36 AM Job Snijders wrote: > >> Owen, >> >> On Tue, Sep 18, 2018 at 10:23:42AM -0700, Owen DeLong wrote: >> > Personally, since all RPKI

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

> On Sep 18, 2018, at 2:15 PM, Christopher Morrow > wrote: > > > > On Tue, Sep 18, 2018 at 1:33 PM nusenu > wrote: > Christopher Morrow wrote: > > Perhaps this was answered elsewhere, but: "Why is this something > > ARIN (the org) should take on?" > >

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

> On Sep 18, 2018, at 12:09 PM, Jared Mauch wrote: > > > >> On Sep 18, 2018, at 3:04 PM, Owen DeLong wrote: >> >> >> >>> On Sep 18, 2018, at 11:06 AM, Christopher Morrow >>> wrote: >>> >>> >>> >>> On Tue, Sep 18, 2018 at 10:36 AM Job Snijders wrote: >>> Owen, >>> >>> On Tue, Sep

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

On Tue, Sep 18, 2018 at 1:33 PM nusenu wrote: > Christopher Morrow wrote: > > Perhaps this was answered elsewhere, but: "Why is this something > > ARIN (the org) should take on?" > > Thanks for this question, I believe this is an important one. > > I reasoned about why I think RIRs are in a good

RE: Reaching out to ARIN members about their RPKI INVALID prefixes

> nusenu wrote : > What do you think about the idea that ARIN actively informs their affected > members about prefixes that are unreachable in an RPKI ROV environment? Support, although I doubt it would achieve the desired result. I support it for the following reason : when someone starts to

RE: [proj-bgp] adding graphs for actually unreachable RPKI INVALID prefixes to RPKI Monitor?

Doug, > Douglas Montgomery wrote : > You should follow the discussion of draft-ietf-sidrops-validating-bgp-speaker > which proposed standardizing an approach to doing > what you suggest. Many on this thread think that it is a counterproductive > idea to do this. See discussion starting here:

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

Christopher Morrow wrote: > Perhaps this was answered elsewhere, but: "Why is this something > ARIN (the org) should take on?" Thanks for this question, I believe this is an important one. I reasoned about why I think RIRs are in a good position to send these emails here: [1] but I will quote

Re: Massive Price Increase for X-conns at Telehouse Chelsea, NYC

--- b...@ufl.edu wrote: From: Bruce H McIntosh I can remember a conversation like this at a Joint Techs meeting many years back. Several of us were outgassing about how expensive it was to get 100mbps connections off our campuses, until the guy from the University of Hawaii told us how

Re: Massive Price Increase for X-conns at Telehouse Chelsea, NYC

> On Sep 18, 2018, at 12:02 PM, Bruce H McIntosh wrote: > >>> Current list price for 10G Xconnect at the major colo site in Israel is >>> $5840/month. Discounts are available :-) >>> Keep complaining about $350/mo costs. You have no idea how lucky you are. >>> >>> -Hank >> So, you’re

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

> On Sep 18, 2018, at 3:04 PM, Owen DeLong wrote: > > > >> On Sep 18, 2018, at 11:06 AM, Christopher Morrow >> wrote: >> >> >> >> On Tue, Sep 18, 2018 at 10:36 AM Job Snijders wrote: >> Owen, >> >> On Tue, Sep 18, 2018 at 10:23:42AM -0700, Owen DeLong wrote: >> > Personally, since

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

> On Sep 18, 2018, at 10:35 AM, Job Snijders wrote: > > Owen, > > On Tue, Sep 18, 2018 at 10:23:42AM -0700, Owen DeLong wrote: >> Personally, since all RPKI accomplishes is providing a >> cryptographically signed notation of origin ASNs that hijackers should >> prepend to their announcements

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

> On Sep 18, 2018, at 11:06 AM, Christopher Morrow > wrote: > > > > On Tue, Sep 18, 2018 at 10:36 AM Job Snijders > wrote: > Owen, > > On Tue, Sep 18, 2018 at 10:23:42AM -0700, Owen DeLong wrote: > > Personally, since all RPKI accomplishes is providing a > >

Re: Massive Price Increase for X-conns at Telehouse Chelsea, NYC

Current list price for 10G Xconnect at the major colo site in Israel is $5840/month. Discounts are available :-) Keep complaining about $350/mo costs. You have no idea how lucky you are. -Hank So, you’re arguing that because the prices in Israel are 15*ridiculous, we should stop

Re: Massive Price Increase for X-conns at Telehouse Chelsea, NYC

> On Sep 17, 2018, at 9:42 PM, Hank Nussbacher wrote: > > On 17/09/2018 23:26, Phil Lavin wrote: >>> $350/mo seems to be standard. Our DCs are at $250.Seems more like they >>> held onto out of date pricing for a long time then realized it. >> For what it's worth, Telehouse London is

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

(popping back to the top of the thread.. sorry) On Tue, Sep 18, 2018 at 7:58 AM nusenu wrote: > Dear NANOG, > > when I approached ARIN about how they feel about reaching out to their > members about > prefixes that are unreachable in a route origin validation (ROV) > environment, > John Curran

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

On Tue, Sep 18, 2018 at 10:36 AM Job Snijders wrote: > Owen, > > On Tue, Sep 18, 2018 at 10:23:42AM -0700, Owen DeLong wrote: > > Personally, since all RPKI accomplishes is providing a > > cryptographically signed notation of origin ASNs that hijackers should > > prepend to their announcements

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

Owen, On Tue, Sep 18, 2018 at 10:23:42AM -0700, Owen DeLong wrote: > Personally, since all RPKI accomplishes is providing a > cryptographically signed notation of origin ASNs that hijackers should > prepend to their announcements in order to create an aura of > credibility, I think we should stop

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

Personally, since all RPKI accomplishes is providing a cryptographically signed notation of origin ASNs that hijackers should prepend to their announcements in order to create an aura of credibility, I think we should stop throwing resources down this rathole. Owen > On Sep 18, 2018, at 4:56

RE: Console Servers

I just use a Raspberry Pi with USB to Serial adapters or old servers with PCI(-E) 8 port serial cards. They make it so easy to adapt to any environment, and it phones home to my conserver (https://www.conserver.com/) gateway. The total cost for hardware is less than $150. Ryan From: NANOG On

RE: Console Servers

If anyone is looking for a product that is reasonably priced and is still being produced/update, the ADVA Optical (aka MRV, aka Xyplex) console servers still work great https://www.advaoptical.com/en/products/network-infrastructure-assurance/lx-series From their specs: 4, 8, 16, 32 and 48

Re: Console Servers

a vote for (so far so good) the nodegrid ZPE devices. On Tue, Sep 18, 2018 at 8:54 AM Sameer Khosla wrote: > My favorite are the lantronix SLC console servers. Fairly bullet-proof, > they are one of those devices that just work. Can usually be picked up > used ~$300 for 32 or 48 port

Re: Massive Price Increase for X-conns at Telehouse Chelsea, NYC

On Tue Sep 18, 2018 at 08:19:35AM +, Scott Christopher wrote: > Hank Nussbacher wrote: > > > On 18/09/2018 08:02, Christopher Morrow wrote: > >> > >> it's funny/possible that x-connect costs affect where peering appears > >> in the landscape, right?> Not this time. Just price gouging since

RE: Console Servers

My favorite are the lantronix SLC console servers. Fairly bullet-proof, they are one of those devices that just work. Can usually be picked up used ~$300 for 32 or 48 port varieties in good condition if you aren’t in the biggest hurry. Sk. From: NANOG On Behalf Of Alan Hannan Sent:

Re: Console Servers

I have been deploying Cyclades TS3000 boxes that I can sometimes find for about $75 each on eBay. The down side is the firmware is a bit old so the SSH daemon doesn't really support current ciphers. The other downside is the CLI ia a bit cumbersome. Tim On 9/18/18 8:43 AM, Andrew Latham wrote:

Re: Console Servers

Alan There are maybe too many options out there. The used Cyclades are the lowest cost entry point. An ideal solution might be https://freetserv.github.io/ but some assembly required. I have Lantronix OOB solutions in my lab. Most modern servers come with some SOL options so I will assume this is

Re: Console Servers

++ for Opengear. Been happily using them for >10yrs. > On Sep 18, 2018, at 9:26 AM, Merritt, Channing via NANOG > wrote: > > Look into OpenGear, we’ve tested out a couple different products that we’ve > implemented in remote offices to replace our 2800’s. > > > From: NANOG On Behalf Of

Re: Console Servers

I'm a big fan of Raritan's DSX2 gear. Access to serial via ssh or web interface, and the web interface is HTML5, not Java, which is a big advantage if you ever want to use that. I use a bunch of them in production as well and they've been rock solid when I've needed them for managing Cisco,

Re: Console Servers

On Tue, Sep 18, 2018 at 9:36 AM, Alan Hannan wrote: > Long ago I used Cisco 2511/2611 and was fairly happy. On Tue, Sep 18, 2018 at 9:49 AM, Mike Hammett wrote: > I'm deploying new to me Cisco 2811s for console and OOB access. > Agree. 2811, 2850s and 3845's are dirt cheap on ebay, the

RE: Console Servers

Look into OpenGear, we've tested out a couple different products that we've implemented in remote offices to replace our 2800's. From: NANOG On Behalf Of Mike Hammett Sent: Tuesday, September 18, 2018 9:49 AM To: Alan Hannan Cc: NANOG Subject: [EXTERNAL] Re: Console Servers I'm

Reaching out to ARIN members about their RPKI INVALID prefixes

Dear NANOG, when I approached ARIN about how they feel about reaching out to their members about prefixes that are unreachable in a route origin validation (ROV) environment, John Curran (CEO ARIN) referred me to you (see email bellow - quoted with permission). The question I asked ARIN was

Re: Massive Price Increase for X-conns at Telehouse Chelsea, NYC

Hank Nussbacher wrote: > On 18/09/2018 08:02, Christopher Morrow wrote: >> >> it's funny/possible that x-connect costs affect where peering appears >> in the landscape, right?> Not this time. Just price gouging since moving a >> number of cabinets > to a different location is a nightmare.

Re: [proj-bgp] adding graphs for actually unreachable RPKI INVALID prefixes to RPKI Monitor?

Michel, First, thanks for your continued support as a taxpayer. Second, in general our mission is limited to supporting the development and promulgation of consensus standards and the development of test / measurement methods and guidance to accelerate their adoption. In particular we are

Re: Console Servers

2811DC or 2811AC NM32 modem module 4 octals 32port RJ45 bulkhead On 9/18/18 05:49, Mike Hammett wrote: > I'm deploying new to me Cisco 2811s for console and OOB access. > > > > - > Mike Hammett > Intelligent Computing Solutions >

Re: Console Servers

On Tue, 18 Sep 2018 at 16:39, Alan Hannan wrote: > Long ago I used Cisco 2511/2611 and was fairly happy. A little later I used > portmaster and was less so. Recently I've been using Opengear and they work > fairly well but the price is fairly high. I use the CM7100 and IM7100. Out of

Re: Console Servers

What we did (and it fits our needs)     SeaLevel (SeaLink Familly) with a Zotak.     We got both Win/Linux/BSD debugging/monitoring station (with 2 1Gbps, 1 MGMT 1 Mirror) and up to 16 serials ports in 1U.     ( With some DYI )     I'm sure you can get a better density if you check with

Re: Console Servers

I'm deploying new to me Cisco 2811s for console and OOB access. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Alan Hannan" To: "NANOG" Sent: Tuesday, September 18, 2018 8:36:33 AM Subject:

RE: Console Servers

Depending on the budget, refurbished Cyclades off ebay do the job well. Very solid and proven products, we still run few dated from 2003 … -Stan From: NANOG On Behalf Of Alan Hannan Sent: Tuesday, September 18, 2018 9:37 AM To: NANOG Subject: Console Servers I'd like your input on

Console Servers

I'd like your input on suggestions for an alternate serial port manager. Long ago I used Cisco 2511/2611 and was fairly happy. A little later I used portmaster and was less so. Recently I've been using Opengear and they work fairly well but the price is fairly high. I use the CM7100 and

Re: Massive Price Increase for X-conns at Telehouse Chelsea, NYC

On Mon, Sep 17, 2018, at 17:30, Daniel Corbe wrote: > $300 MRC for a once-off cross connect isn’t unreasonable. There’s costs 300$ would be (at the limit of) reasonable *M*RC for a 12 FO cable (= 6 duplex XCOs). Or the one-off (*N*RC) for one XCO. That's actually close to the rates we have

Re: netflix OCA in a CG-NAT world

On Mon, Sep 17, 2018, at 17:48, Jared Mauch wrote: > I also strongly suggest you look at how to get native IPv6 from your > clients behind the CG-NAT rolled out. I know many folks have had issues Getting IPv6 to your customers is good, but they still have to use it. If I look at my stats, I

Re: Massive Price Increase for X-conns at Telehouse Chelsea, NYC

On 18/09/2018 08:02, Christopher Morrow wrote: > > > On Mon, Sep 17, 2018 at 9:44 PM Hank Nussbacher > wrote: > > On 17/09/2018 23:26, Phil Lavin wrote: > >> $350/mo seems to be standard. Our DCs are at $250.    Seems > more like they held onto out of date