Any Zayo peeps on the list?

Howdy! Any Zayo peeps on the list? Seeing some packet loss on your network and your NCC seems to be clueless. Please shoot me an email offlist. Thank You, Mike

Re: Route aggregation w/o AS-Sets

Hello Lars,  As a comment there is a draft that proposes to deprecate AS_SET   https://datatracker.ietf.org/doc/draft-ietf-idr-deprecate-as-set-confed-set/?include_text=1 Alejandro, On 4/11/20 7:09 AM, Lars Prehn wrote: > Hi everyone, > > how exactly do you aggregate routes? When do you add

Re: Route aggregation w/o AS-Sets

Don't user as-sets step one. Rpki does not understand how to express an as-sets' authorization. Why do you want to do this? On Mon, Apr 13, 2020, 13:34 Lars Prehn wrote: > Hi everyone, > > how exactly do you aggregate routes? When do you add the AS_SET > attribute, when do you omit it? How

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

Handle it in a reasonable amount of time, and please prioritize phishing somewhere after the usual threat to life / child abuse type cases (which are, fortunately, comparatively rare). Phishes put people at risk of losing their life savings, and especially with covid already threatening to

Re: attribution

On Mon, Apr 13, 2020 at 7:38 PM Brandon Martin wrote: > > On 4/13/20 4:31 PM, Randy Bush wrote: > > it seems a lot of folk think prepending acrually works. > > I mean, there's prepending and then there's prepending 50+ times... Has > the latter EVER been useful in any way, shape, or form? for

Re: attribution

On 4/13/20 4:31 PM, Randy Bush wrote: it seems a lot of folk think prepending acrually works. I mean, there's prepending and then there's prepending 50+ times... Has the latter EVER been useful in any way, shape, or form? -- Brandon Martin

Re: attribution

Well, according to your router's error message, it *did* work...it ensured you couldn't propagate that route update, thereby ensuring no traffic from your neighbors would traverse the prepended path. Of course, it's a bit of a degenerate case of "working"--but it *did* serve to shift traffic

Re: attribution

On 13/Apr/20 23:04, Bryan Holloway wrote: >   > > Oh, it works ... just not for anything pragmatically useful. In 2020, no less. Can't recall the last time I used this feature, even if it's one we offer for BGP communities we accept from customers. Admittedly, I don't think of any of them

Re: attribution

On 4/13/20 10:31 PM, Randy Bush wrote: I’m using CAIDA’s bgpreader and this one looks like it might be an example of what you want. R|R|1586714402.00|routeviews|route-views.eqix|||2914|206.126.236.12|103.148.41.0/24|206.126.236.12|2914 58717 134371 134371 134371 134371 140076 140076

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

On Mon, Apr 13, 2020 at 10:45 AM Kushal R. wrote: > All abuse reports that we receive are dealt within 48 business > hours. As far as that tweet is concerned, it’s pending for 16 days > because they have been blocked from sending us any emails Hi Kushal, I would venture a guess that's why

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

On Mon, 13 Apr 2020, Kushal R. wrote: As far as that tweet is concerned, it???s pending for 16 days because they have been blocked from sending us any emails due to the sheer amount of emails they started sending and then our live support chats. This is not an acceptable answer. -Dan

Re: attribution

> I’m using CAIDA’s bgpreader and this one looks like it might be an > example of what you want. > > R|R|1586714402.00|routeviews|route-views.eqix|||2914|206.126.236.12|103.148.41.0/24|206.126.236.12|2914 > 58717 134371 134371 134371 134371 140076 140076 140076 140076 140076 140076 > 140076

Re: attribution

I’m using CAIDA’s bgpreader and this one looks like it might be an example of what you want. R|R|1586714402.00|routeviews|route-views.eqix|||2914|206.126.236.12|103.148.41.0/24|206.126.236.12|2914 58717 134371 134371 134371 134371 140076 140076 140076 140076 140076 140076 140076 140076

RE: IS-IS IPAM platform

Our atm network in san diego was the full base 16 hex for the 13 byte nsap prefix of all the atm switches in our 4-level PNNI cloud This may be slightly off topic of ISIS practices though But, yeah, we didn't encode any switch mgmt. ip into the nsap addressing as I recall... just the pnni peer

Re: IS-IS IPAM platform

> In y'all's opinion, do you prefer/recommend using base-10 digits or > hex in your NSAP addresses? it's the decimal representation of the octets lo0 { description "main loopback"; unit 0 { family inet { address 127.0.0.1/32;

attribution

Apr 12 17:57:42 r0.iad rpd[1752]: Prefix Send failed ! 103.148.41.0/24 bgp_rt_trace_too_big_message:1209 path attribute too big. Cannot build update. so some idiot is barfing out a ridiculous as_path. dear lazynet, is there an easy way to get attribution for this stupidity? i.e. the as_path.

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

I don’t really get the point of bothering, then. AWS takes about ~forever to respond to SES phishing reports, let alone hosting abuse, and other, cheaper, hosts/mailers (OVH etc come up all the time) don’t bother at all. Unless you want to automate “1 report = drop customer”, you’re saying that

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

RiskIQ reports phish URLs for large brands The life cycle of a typical phish campaign is in hours but I guess people can live with 24. If you handle the complaint only after two business days, that’s closing the barn door after the horse has bolted and crossed a state line. --srs

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

I would agree that Twitter is not a primary place for abuse reporting. If they are reporting things via your correct abuse channel and you are indeed handling them within 48 business hours, then I would also agree this much extra spray and pray is excessive. However RiskIQ is known to be pretty

Re: IS-IS IPAM platform

I've always wondered about folks' opinions about one thing, though: In y'all's opinion, do you prefer/recommend using base-10 digits or hex in your NSAP addresses? I like the former for readability, but the latter can (could) be better for automation. Maybe. I got into a heated argument

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

All abuse reports that we receive are dealt within 48 business hours. As far as that tweet is concerned, it’s pending for 16 days because they have been blocked from sending us any emails due to the sheer amount of emails they started sending and then our live support chats.

Re: AS27594 / UTSA contact?

I'm good -- many thanks to those who reached out! On 4/11/20 10:20 AM, Bryan Holloway wrote: Howdy ... if anyone from University of Texas, San Antonio (AS27594) is lurking, could you please reach out to me off-list? We have a mutual reachability problem through an IX in Dallas. Thanks!

Re: IS-IS IPAM platform

> Just encode the router loopback IPv4 address in the system identifier bytes > and call it a day. i think asp wrote this up back in the early '90s. anyone have a cite? randy

Re: IS-IS IPAM platform

+1, No need to worry, just use your loopback address as the SystemID. > On 13 Apr 2020, at 18:02, Tom Beecher wrote: > > My recommendation would be not to bother. :) > > Just encode the router loopback IPv4 address in the system identifier bytes > and call it a day. > > On Mon, Apr 13,

Route aggregation w/o AS-Sets

Hi everyone, how exactly do you aggregate routes? When do you add the AS_SET attribute, when do you omit it? How does the latter interplay with RPKI? Best regards, Lars

Re: IS-IS IPAM platform

+1 On 4/13/20 4:02 PM, Tom Beecher wrote: My recommendation would be not to bother. :) Just encode the router loopback IPv4 address in the system identifier bytes and call it a day. On Mon, Apr 13, 2020 at 9:55 AM JASON BOTHE via NANOG > wrote: Does anyone have

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

On Mon, Apr 13, 2020 at 07:55:37PM +0530, Kushal R. wrote: > We understand these reports and deal with them as per our policies and > timelines but this constant spamming by them from various channels is not > appreciated. Quoting from: https://twitter.com/RiskIQ_IRT/status/1249696689985740800

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

On Mon, Apr 13, 2020 at 7:25 AM Kushal R. wrote: > The problem isn’t the abuse reports themselves but the way they send them. We > receive copies of the report, on our sales, billing, TECH-POCs and almost > everything other email address of ours that is available publicly. It doesn’t > end

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

Speaking of spam, I just sent a message in and got auto responses from: c...@rankleads.com kundserv...@axofinans.se Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Apr 13, 2020 at 10:53 AM Denys Fedoryshchenko < nuclear...@nuclearcat.com>

Hulu contact (ipadmin unresponsive)

I have customers on different parts of the network saying that Hulu doesn't work. They've all said other video services work (Amazon, Youtube, Netflix, etc). Same complaint from all of them - Hulu just doesn't start. Can someone from Hulu provide some support for our mutual customer? Josh

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

On 2020-04-13 17:25, Kushal R. wrote: From the past few months we have been receiving a constant stream of abuse reports from a company that calls themselves RiskIQ (RiskIQ.com). The problem isn’t the abuse reports themselves but the way they send them. We receive copies of the report, on our

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

RiskIQ is a known good player. If there’s a stream of abuse reports maybe removing whatever customer it is might be a good idea? I am not sure why they are sending out mail to every contact they can find though. Are abuse tickets resolved in a timely manner? From: NANOG Date: Monday, 13

Constant Abuse Reports / Borderline Spamming from RiskIQ

From the past few months we have been receiving a constant stream of abuse reports from a company that calls themselves RiskIQ (RiskIQ.com). The problem isn’t the abuse reports themselves but the way they send them. We receive copies of the report, on our sales, billing,

Re: IS-IS IPAM platform

My recommendation would be not to bother. :) Just encode the router loopback IPv4 address in the system identifier bytes and call it a day. On Mon, Apr 13, 2020 at 9:55 AM JASON BOTHE via NANOG wrote: > Does anyone have any recommendations for a database or IPAM platform that > can house IS-IS

IS-IS IPAM platform

Does anyone have any recommendations for a database or IPAM platform that can house IS-IS addressing? Can’t seem to find anything out there. Thanks J~