Update - RIPE Database Proxy Service Issues
[Apologies for duplicate emails] Dear colleagues, Thank you for your comments on this issue. I would like to point out that the *DRAFT* Activity Plan and Budget is published around September of each year, allowing members ample time to read it before it is discussed at the Autumn General Meeting. The RIPE NCC Executive Board then takes the outcome of the discussions and any new developments into consideration before finalising and approving the definitive Activity Plan and Budget, which is then published before the end of the year. On 13 December 2012, we informed the membership of the definitive Activity Plan and Budget and listed the changes from the draft plan. Please note that the membership does not vote on either the draft or the final Activity Plan and Budget - this is one of the member-elected Executive Board's functions. One of the modifications that took place from the draft to the final Activity Plan was the addition of the RIPE Database Proxy Service as a member-only service. This was a follow-up on an action point that stemmed from the Data Protection Task Force and a need to strengthen our contractual relationship between the current users of the RIPE Database Proxy Service and the RIPE NCC ensuring compliance with Dutch and EU legislation. Partially based on the membership's vote of approval regarding the new Charging Scheme of one LIR, one fee and partially based on the fact that the RIPE Database Proxy Service is only actively used by less than a handful of entities (both members and non-members), the Executive Board made the decision, which they felt was in the members' interest, to ask the users of this service to sign both a specific RIPE Database Proxy Service Agreement and the Standard Service Agreement (Membership Agreement) that adheres to both EU and Dutch legislation, which would entail the users of this service paying the annual membership fee. Based on the recent mailing list discussions it seems apparent that this is a contentious issue that requires further membership and community discussion. Therefore, we will keep the RIPE Database Proxy Service running as it was in 2012 (i.e., no fee and no Membership Agreement) until we have completed these discussions. We will prepare a legal analysis of the options at hand for the contractual documentation required to use this service and gauge whether or not the membership feels that we should charge a fee for this service. Regards, Axel Pawlik Managing Director RIPE NCC
Highwinds / Bandcon tech contact?
Hi all - Working on an issue for a very large customer of Bandcon's and they have not been able to flag anyone down from Bandcon since the I believe the Highwinds acquisition and we need some BGP changes to be made. Can anyone contact me offlist? Would be most grateful. -Justin
Re: Gmail and SSL
This email, right here? This is Exhibit 1 in my not all the tradeoffs of outsourcing your $SERVICE are visible or trivial list. Thanks. Cheers, -- jra - Original Message - From: Maxim Khitrov m...@mxcrypt.com To: Damian Menscher dam...@google.com Cc: nanog@nanog.org Sent: Thursday, January 3, 2013 9:01:09 AM Subject: Re: Gmail and SSL On Thu, Jan 3, 2013 at 12:14 AM, Damian Menscher dam...@google.com wrote: Back on topic: encryption without knowing who you're talking to is worse than useless (hence no self-signed certs which provide a false sense of security), and there are usability difficulties with exposing strong security to the average user (asking users to generate and upload a self-signed cert would be a customer-support disaster, not to mention all the outages that would occur when those certs expired). Real-world security is all about finding a reasonable balance and adapting to the current threats. The most recent change to POP3 mail retrieval over SSL is not a reasonable balance. My organization uses Google Apps for mail hosting, but a number of users also have us.army.mil accounts. They used to pull mail from their .mil account into Google Apps via POP3. Army servers do not allow unencrypted connections and their root certificates are not part of the Mozilla Root CA list (and, as you can guess, I have no control over their servers). Google didn't just block the use of self-signed certs; you broke communication with all servers using perfectly legitimate PKIs that are not part of the Mozilla Root CA list. Thus, instead of self-signed certs = false sense of security, your argument is really not on some arbitrary root CA list = false sense of security, which is absolute nonsense. I talked to Google Apps support a few weeks ago, sent them a link to this discussion, but all they could do is file a feature request. IMHO, this change should never have been allowed to go into production until there is an interface for uploading our own root certificates. Of course, any root (i.e. self-signed) certificate can be used by the POP3 server directly, so this would also solve the problem for people trying to use self-signed certs not part of any PKI. Finally, asking users to generate and upload a self-signed cert would be a customer-support disaster, so you just block their access completely? Anyone who doesn't know how to generate and upload a certificate would probably avoid encryption altogether, don't you think? And as for outages that would occur when those certs expired, what do you think people in my organization are dealing with right now? Only an expired cert can be renewed or replaced, whereas our access has been blocked and there is nothing we can do about it. - Max -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, TRNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith pfsi...@gmail.com. Routing Table Report 04:00 +10GMT Sat 05 Jan, 2013 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary BGP routing table entries examined: 438213 Prefixes after maximum aggregation: 181057 Deaggregation factor: 2.42 Unique aggregates announced to Internet: 215491 Total ASes present in the Internet Routing Table: 42975 Prefixes per ASN: 10.20 Origin-only ASes present in the Internet Routing Table: 33999 Origin ASes announcing only one prefix: 15908 Transit ASes present in the Internet Routing Table:5711 Transit-only ASes present in the Internet Routing Table:139 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 31 Max AS path prepend of ASN ( 28730) 25 Prefixes from unregistered ASNs in the Routing Table: 374 Unregistered ASNs in the Routing Table: 129 Number of 32-bit ASNs allocated by the RIRs: 3618 Number of 32-bit ASNs visible in the Routing Table:3265 Prefixes from 32-bit ASNs in the Routing Table:8876 Special use prefixes present in the Routing Table: 15 Prefixes being announced from unallocated address space:178 Number of addresses announced to Internet: 2622004844 Equivalent to 156 /8s, 72 /16s and 158 /24s Percentage of available address space announced: 70.8 Percentage of allocated address space announced: 70.8 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 94.1 Total number of prefixes smaller than registry allocations: 154787 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes: 105421 Total APNIC prefixes after maximum aggregation: 32827 APNIC Deaggregation factor:3.21 Prefixes being announced from the APNIC address blocks: 106384 Unique aggregates announced from the APNIC address blocks:43509 APNIC Region origin ASes present in the Internet Routing Table:4810 APNIC Prefixes per ASN: 22.12 APNIC Region origin ASes announcing only one prefix: 1246 APNIC Region transit ASes present in the Internet Routing Table:804 Average APNIC Region AS path length visible:4.6 Max APNIC Region AS path length visible: 23 Number of APNIC region 32-bit ASNs visible in the Routing Table:404 Number of APNIC addresses announced to Internet: 716927840 Equivalent to 42 /8s, 187 /16s and 115 /24s Percentage of available APNIC address space announced: 83.8 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 131072-133119 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8, 163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:156128 Total ARIN prefixes after maximum aggregation:78474 ARIN Deaggregation factor: 1.99 Prefixes being announced from the ARIN address blocks: 156813 Unique aggregates announced from the ARIN address blocks: 70729 ARIN Region origin ASes present in the Internet Routing Table:15368 ARIN Prefixes per ASN:10.20 ARIN Region origin
The Cidr Report
This report has been generated at Fri Jan 4 21:13:10 2013 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
28-12-12440905 252741
29-12-12440921 252832
30-12-12440920 252878
31-12-12441045 252978
01-01-13441252 252919
02-01-13441130 252917
03-01-13440943 253050
04-01-13441064 252781
AS Summary
43079 Number of ASes in routing system
17944 Number of ASes announcing only one prefix
3458 Largest number of prefixes announced by an AS
AS7029 : WINDSTREAM - Windstream Communications Inc
115684832 Largest address span announced by an AS (/32s)
AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 04Jan13 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 441027 252781 18824642.7% All ASes
AS6389 3117 135 298295.7% BELLSOUTH-NET-BLK -
BellSouth.net Inc.
AS28573 2265 71 219496.9% NET Servicos de Comunicao S.A.
AS17974 2486 454 203281.7% TELKOMNET-AS2-AP PT
Telekomunikasi Indonesia
AS4766 2928 928 200068.3% KIXS-AS-KR Korea Telecom
AS7029 3458 1611 184753.4% WINDSTREAM - Windstream
Communications Inc
AS22773 1952 183 176990.6% ASN-CXA-ALL-CCI-22773-RDC -
Cox Communications Inc.
AS18566 2081 423 165879.7% COVAD - Covad Communications
Co.
AS10620 2270 652 161871.3% Telmex Colombia S.A.
AS7303 1674 397 127776.3% Telecom Argentina S.A.
AS4323 1600 402 119874.9% TWTC - tw telecom holdings,
inc.
AS4755 1664 552 111266.8% TATACOMM-AS TATA
Communications formerly VSNL
is Leading ISP
AS2118 1052 53 99995.0% RELCOM-AS OOO NPO Relcom
AS7552 1142 163 97985.7% VIETEL-AS-AP Vietel
Corporation
AS7545 1819 948 87147.9% TPG-INTERNET-AP TPG Internet
Pty Ltd
AS18101 1016 171 84583.2% RELIANCE-COMMUNICATIONS-IN
Reliance Communications
Ltd.DAKC MUMBAI
AS8151 1424 584 84059.0% Uninet S.A. de C.V.
AS1785 1944 1160 78440.3% AS-PAETEC-NET - PaeTec
Communications, Inc.
AS4808 1124 351 77368.8% CHINA169-BJ CNCGROUP IP
network China169 Beijing
Province Network
AS13977 848 118 73086.1% CTELCO - FAIRPOINT
COMMUNICATIONS, INC.
AS18881 747 35 71295.3% Global Village Telecom
AS855715 52 66392.7% CANET-ASN-4 - Bell Aliant
Regional Communications, Inc.
AS9808 682 32 65095.3% CMNET-GD Guangdong Mobile
Communication Co.Ltd.
AS17676 712 92 62087.1% GIGAINFRA Softbank BB Corp.
AS3356 1121 510 61154.5% LEVEL3 Level 3 Communications
AS3549 1036 437 59957.8% GBLX Global Crossing Ltd.
AS22561 1040 442 59857.5% DIGITAL-TELEPORT - Digital
Teleport Inc.
AS19262 1000 405 59559.5% VZGNI-TRANSIT - Verizon Online
LLC
AS24560 1038 444 59457.2% AIRTELBROADBAND-AS-AP Bharti
Airtel Ltd., Telemedia
Services
AS22047 579 30 54994.8% VTR BANDA ANCHA S.A.
AS4804 632 96 53684.8% MPX-AS Microplex PTY LTD
Total 45166119313323573.6% Top 30
BGP Update Report
BGP Update Report Interval: 27-Dec-12 -to- 03-Jan-13 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS982977618 5.7% 46.2 -- BSNL-NIB National Internet Backbone 2 - AS45271 45100 3.3% 193.6 -- ICLNET-AS-AP 5th Floor, Windsor Building, Off: CST Road 3 - AS390936140 2.6% 12046.7 -- QWEST-AS-3908 - Qwest Communications Company, LLC 4 - AS29256 28656 2.1% 434.2 -- INT-PDN-STE-AS Syrian Telecommunications Establishment 5 - AS840223204 1.7% 51.6 -- CORBINA-AS OJSC Vimpelcom 6 - AS465718609 1.4% 72.4 -- STARHUBINTERNET-AS StarHub Internet Exchange 7 - AS755216582 1.2% 20.9 -- VIETEL-AS-AP Vietel Corporation 8 - AS48159 16399 1.2% 42.6 -- TIC-AS Telecommunication Infrastructure Company 9 - AS28306 12104 0.9% 356.0 -- TC Net Informática e Telecomunicações LTDA 10 - AS37113 11706 0.8% 260.1 -- tangerine-ug-as 11 - AS163710380 0.8% 324.4 -- DNIC-AS-01637 - Headquarters, USAISC 12 - AS128809181 0.7% 64.7 -- DCI-AS Information Technology Company (ITC) 13 - AS2697 7698 0.6% 98.7 -- ERX-ERNET-AS Education and Research Network 14 - AS369157667 0.6% 225.5 -- AFOL-KE-AS 15 - AS9756 7591 0.6% 506.1 -- CHEONANVITSSEN-AS-KR Cheonan Broadcast Corporation 16 - AS8151 7342 0.5% 7.8 -- Uninet S.A. de C.V. 17 - AS570447007 0.5% 500.5 -- BRYANSK-AS CJSC ER-Telecom Holding 18 - AS2033 6792 0.5%6792.0 -- PANIX - Panix Network Information Center 19 - AS298596764 0.5% 32.8 -- WOW-INTERNET-ILL - WideOpenWest Finance LLC 20 - AS4802 6332 0.5% 186.2 -- ASN-IINET iiNet Limited TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS390936140 2.6% 12046.7 -- QWEST-AS-3908 - Qwest Communications Company, LLC 2 - AS2033 6792 0.5%6792.0 -- PANIX - Panix Network Information Center 3 - AS427055440 0.4%5440.0 -- TALIA Talia provides VSAT network and hosting services worldwide. 4 - AS579183677 0.3%3677.0 -- ACOD-AS ACOD CJSC 5 - AS6174 5692 0.4%2846.0 -- SPRINTLINK8 - Sprint 6 - AS6629 2598 0.2%2598.0 -- NOAA-AS - NOAA 7 - AS194064399 0.3%2199.5 -- TWRS-MA - Towerstream I, Inc. 8 - AS374302179 0.2%2179.0 -- vdctelecom 9 - AS6407 2154 0.2%2154.0 -- PRIMUS-AS6407 - Primus Telecommunications Canada Inc. 10 - AS9950 4008 0.3%2004.0 -- PUBNETPLUS2-AS-KR DACOM 11 - AS172933939 0.3%1969.5 -- VTXC - VTX Communications 12 - AS146804906 0.4%1635.3 -- REALE-6 - Auction.com 13 - AS4826 1459 0.1%1459.0 -- VOCUS-BACKBONE-AS Vocus Connect International Backbone 14 - AS287221392 0.1%1392.0 -- ENERGETYKA-KALISKA-AS ENERGA-OPERATOR SA 15 - AS365292476 0.2%1238.0 -- AXXA-RACKCO - Rackco.com 16 - AS6620 1237 0.1%1237.0 -- AS-6620 - AMA Communications, LLC 17 - AS409311706 0.1% 853.0 -- MOBITV - MobiTV, Inc 18 - AS275941605 0.1% 802.5 -- UTSA - University of Texas at San Antonio 19 - AS33976 672 0.1% 672.0 -- AFTONBLADET-SE aftonbladet.se 20 - AS32529 672 0.1% 672.0 -- CGI-FEDERAL-ASN-1 - CGI Federal TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 151.118.255.0/24 12070 0.8% AS3909 -- QWEST-AS-3908 - Qwest Communications Company, LLC 2 - 151.118.254.0/24 12070 0.8% AS3909 -- QWEST-AS-3908 - Qwest Communications Company, LLC 3 - 151.118.18.0/24 12000 0.8% AS3909 -- QWEST-AS-3908 - Qwest Communications Company, LLC 4 - 209.48.168.0/246792 0.5% AS2033 -- PANIX - Panix Network Information Center 5 - 109.194.4.0/24 6606 0.5% AS57044 -- BRYANSK-AS CJSC ER-Telecom Holding 6 - 203.28.157.0/245997 0.4% AS4802 -- ASN-IINET iiNet Limited 7 - 80.251.10.0/24 5440 0.4% AS42705 -- TALIA Talia provides VSAT network and hosting services worldwide. 8 - 69.38.178.0/24 4396 0.3% AS19406 -- TWRS-MA - Towerstream I, Inc. 9 - 194.63.9.0/24 4323 0.3% AS1273 -- CW Cable and Wireless Worldwide plc 10 - 12.139.133.0/244162 0.3% AS14680 -- REALE-6 - Auction.com 11 - 58.184.229.0/244002 0.3% AS9950 -- PUBNETPLUS2-AS-KR DACOM 12 - 91.236.24.0/24 3677 0.2% AS57918 -- ACOD-AS ACOD CJSC 13 - 206.105.75.0/242848 0.2% AS6174 -- SPRINTLINK8 - Sprint 14 - 208.16.110.0/242844 0.2% AS6174 -- SPRINTLINK8 - Sprint 15 - 115.170.128.0/17 2843 0.2% AS4847 -- CNIX-AP China Networks
