Suggestiins for DIA link in Alamo,CA area

Guys, I'm looking for 300-500Mbps DIA circuit (with /28 IPs) to be installed in Alamo, CA. Any suggestions?

Re: RPKI TAs

> I dunno, 'straightforward' to me would mean the ARIN TA is installed by > default when you install a RPKI Cache Validator implementation uh, i want a trustable downlad of trust anchors. and it ain't from vendors. but yes, arin's legal dos it typical arin. but, if i ignore the bumph, i can

Re: BGP full feed for testing purposes

Greg Sowell helps you out here: http://gregsowell.com/?page_id=5771 Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 3, 2020 at 4:19 PM Brendan Carlson wrote: > Set up a Vultr instance and you can get a full feed from them for

Re: BGP full feed for testing purposes

Set up a Vultr instance and you can get a full feed from them for testing. I've done this for a route collector and it worked well. On Mon, Aug 3, 2020, 13:16 Blažej Krajňák wrote: > Hello, > > I'm wondering, if there is any public service I can get full BGP feed > from for testing purposes. >

BGP full feed for testing purposes

Hello, I'm wondering, if there is any public service I can get full BGP feed from for testing purposes. I admin multi-homed AS50242 with two default routes for now (fail-over). I'm going to prepare new routing setup with extended validation so reall full BGP feed would be usefull. Yes, I

Re: RPKI TAs

While I certainly agree with you, I have a certainly-naive question - what the difference is between ARIN and RIPE's T: Aug 3 19:07:15 rpki-validator rpki-client[16164]: The RIPE NCC Certification Repository is subject to Terms and Conditions Aug 3 19:07:15 rpki-validator rpki-client[16164]:

Re: RPKI TAs

> On Aug 3, 2020, at 07:54 , Job Snijders wrote: > > On Mon, Aug 03, 2020 at 08:17:55AM -0500, John Kristoff wrote: >> On Sun, 2 Aug 2020 18:52:11 + >> Randy Bush wrote: >> >>> not to mention the ARIN stupidity >> >> Notwithstanding the RPA, downloading ARIN's TAL is straightforward:

Re: RPKI TAs

> why is it so hard that all RIRs make their TAL files available under > the same URL path but different hosts, e.g., https://ripe.net/rpki/tal, > https://arin.net/rpki/tal ? no, you are supposed to get TRUST material from alex's secret stash. sigh. it should be a dnssec lookup of ripe.net,

Re: BGP route hijack by AS10990

On 3/Aug/20 17:09, Baldur Norddahl wrote: > > We suffered a series of crashes that led to JTAC recommending > disabling RPKI. We had a core dump which matches PR1332626 which is > confidential, so I have no idea what it is about. Apparently what > happened was the server running the RPKI

Re: BGP route hijack by AS10990

On Mon, Aug 3, 2020 at 3:54 PM Job Snijders wrote: > On Mon, Aug 03, 2020 at 02:36:25PM +0200, Alex Band wrote: > > According to the information I received from the community[1], you > > should read PR1461602 and PR1309944 before deploying. > > > > [1]

Re: BGP route hijack by AS10990

On 1/Aug/20 02:44, Rafael Possamai wrote: > To your point with regards to multiple failures combined causing an > outage, here's some basic reading on the Swiss cheese model: > https://en.wikipedia.org/wiki/Swiss_cheese_model You just reminded me of the defense's strategy in the court case

Re: BGP route hijack by AS10990

On 3/Aug/20 14:57, Tom Beecher wrote: > Agreed.  > > However, every time we go on this Righteous Indignation of Should Do > crusade, it would serve us well to stop and remember that in every one > of our jobs, at many points in our careers, we have been faced with a > situation where something

Re: RPKI TAs

On Mon, Aug 03, 2020 at 08:17:55AM -0500, John Kristoff wrote: > On Sun, 2 Aug 2020 18:52:11 + > Randy Bush wrote: > > > not to mention the ARIN stupidity > > Notwithstanding the RPA, downloading ARIN's TAL is straightforward: > > As documented here: > >

Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990)

Dear Ryan, I have come to believe this is a Noction IRP specific issue. On Sat, Aug 01, 2020 at 01:29:59PM -0700, Ryan Hamel wrote: > I disagree on the fact that it is not fair to the BGP implementation > ecosystem, to enforce a single piece of software to activate the > no-export community by

Re: BGP route hijack by AS10990

On Mon, Aug 03, 2020 at 02:36:25PM +0200, Alex Band wrote: > According to the information I received from the community[1], you > should read PR1461602 and PR1309944 before deploying. > > [1] https://rpki.readthedocs.io/en/latest/rpki/router-support.html My take on PR1461602 is that it can be

Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990)

> > Why are you not on your soap box about BIRD, FRrouting, OpenBGPd, Cisco, > Juniper, etc... about how they can possibly allow every day screw ups to > happen, but the same options like the NO_EXPORT community are available for > the engineer to use? One solution would be to implement "BGP

Re: RPKI TAs

On Sun, 2 Aug 2020 18:52:11 + Randy Bush wrote: > not to mention the ARIN stupidity Notwithstanding the RPA, downloading ARIN's TAL is straightforward: As documented here: One can wget, curl, or whatever this:

Re: BGP route hijack by AS10990

To your point with regards to multiple failures combined causing an outage, here's some basic reading on the Swiss cheese model: https://en.wikipedia.org/wiki/Swiss_cheese_model >From over here it looks like the legacy filter was a latent failure, and the >BGP automation from the downstream

Re: Has virtualization become obsolete in 5G?

Containerization and k8s aren't so much a shift away from virtualization (horizontally), but a shift up from virtualization (vertically). It is a broader theme than 5G - initially gaining traction with SaaS companies, and recently appearing in NFV scenarios. Under the hood, k8s relies on an

Yahoo! admin

If there's a Yahoo! admin on list that can contact me offlist I'd appreciate it. You have a TLS issue on IPv6 only that your front line customer care people insist is an email sending related issue. Please tell me the only way to speak to someone there is to pay a monthly fee when your own coders

Re: BGP route hijack by AS10990

On 3/Aug/20 14:36, Alex Band wrote: > According to the information I received from the community[1], you should > read PR1461602 and PR1309944 before deploying. The good news is the code that fixes both of those issues is shipping. Mark.

Re: BGP route hijack by AS10990

> > We can all do better. We should all do better. > Agreed. However, every time we go on this Righteous Indignation of Should Do crusade, it would serve us well to stop and remember that in every one of our jobs, at many points in our careers, we have been faced with a situation where something

Re: BGP route hijack by AS10990

> On 3 Aug 2020, at 11:04, adamv0...@netconsultings.com wrote: > >> Darrell Budic >> Sent: Sunday, August 2, 2020 6:23 PM >> >> On Jul 30, 2020, at 5:37 PM, Baldur Norddahl >> wrote: >>> >>> Telia implements RPKI filtering so the question is did it work? Were any >> affected prefixes RPKI

Re: Has virtualization become obsolete in 5G?

On 3/Aug/20 08:40, Etienne-Victor Depasquale wrote: > Is the following extract from this Heavy Reading white paper > , > useful? > > " For transport network slicing,  > operators strongly

RE: BGP route hijack by AS10990

> Darrell Budic > Sent: Sunday, August 2, 2020 6:23 PM > > On Jul 30, 2020, at 5:37 PM, Baldur Norddahl > wrote: > > > > Telia implements RPKI filtering so the question is did it work? Were any > affected prefixes RPKI signed? Would any prefixes have avoided being > hijacked if RPKI signing had

Re: RPKI TAs

On Mon, 3 Aug 2020, Alex Band wrote: > These are what we believe to be the correct, up-to-date RPKI TALs: > > https://github.com/NLnetLabs/routinator/tree/master/tals > why is it so hard that all RIRs make their TAL files available under the same URL path but different hosts, e.g.,

Re: RPKI TAs

I concur. Four out of five RIR Trust Anchor Locators were recently updated to allow fetching the Trust Anchor via an HTTPS URI, further removing the dependence on rsync. Sadly, most TALs are not clearly published anywhere and I had to get them though GitHub issues and emails to be able to

Re: Has virtualization become obsolete in 5G?

> > Still not sure how this will work considering a great deal of the global > Internet is for services that live on the public Internet, and many > specialized/private services would typically still run over fibre. > Is the following extract from this Heavy Reading white paper