Fwd: [apops] APRICOT 2018 Call for Presentations
Greetings - FYI. Mark. Forwarded Message Subject:[apops] APRICOT 2018 Call for Presentations Date: Thu, 12 Oct 2017 20:27:00 +1000 From: Philip Smith To: ap...@apops.net Hi everyone, The call for presentations for APRICOT 2018 has now been published - a copy is below FYI. philip -- Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT) 25th - 28th February 2018, Kathmandu, Nepal https://2018.apricot.net CALL FOR PAPERS === The APRICOT 2018 Programme Committee is now seeking contributions for Presentations and Tutorials for the APRICOT 2018 Conference. We are looking for presenters who would: - Offer a technical tutorial on an appropriate topic; - Participate in the technical conference sessions as a speaker; - Convene and chair panel sessions of relevant topics. Please submit on-line at: http://papers.apricot.net/user/login.php?event=63 CONFERENCE MILESTONES - Call for Papers Opens: Now Draft Program Published: As Papers Confirmed Final Deadline for Submissions: 26 January 2018 Final Program Published: 2 February 2018 Final Slides Received: 16 February 2018 *NOTE THAT REGARDLESS OF DEADLINES, SLOTS ARE FILLED ON A FIRST COME, FIRST SERVED BASIS* PROGRAMME MATERIAL -- The APRICOT Conference Programme consists of three parts, these being the Peering Forum, Tutorials, and Conference Tracks. Topics proposed must be relevant to Internet Operations and Technologies: - IPv4 / IPv6 Routing and Operations - IPv6 deployment and transition technologies - Internet backbone operations - ISP and Carrier services - IXPs and Peering - Research on Internet Operations and Deployment - Software Defined Networking / Network Function Virtualisaton - Network security issues (NSP-SEC, DDoS, Anti-Spam, Anti-Malware) - DNS / DNSSEC - Internet policy (Security, Regulation, Content Management, Addressing, etc) - Access and Transport Technologies, including Cable/DSL, LTE/5G, wireless, metro ethernet, fibre, segment routing - Content & Service Delivery (Multicast, Voice, Video, "telepresence", Gaming) and Cloud Computing CfP SUBMISSION -- Draft slides for both tutorials and conference sessions MUST be provided with CfP submissions otherwise the Programme Committee will be unable to review the submission. For avoidance of doubt this means that submissions which do not include slides will be rejected immediately. For work in progress, the most current information available at time of submission is acceptable. All draft and complete slides must be submitted in PDF format only. Final slides are to be provided by the specified deadline for publication on the APRICOT website. Prospective presenters should note that the majority of speaking slots will be filled well before the final submission deadline. The PC may, at their discretion, retain a limited number of slots up to the final submission deadline for presentations that are exceptionally timely, important, or of critical operational importance. Every year we turn away submissions, due to filling up all available programme slots before the deadline. Presenters should endeavour to get material into the PC sooner rather than later. Any questions or concerns should be addressed to the Programme Committee by e-mail at: pc-chairs at apricot.net We look forward to receiving your presentation proposals. Mark Tinka, Jonny Martin & Philip Smith Co-Chairs, APRICOT 2018 Programme Committee -- ___ apops mailing list ap...@apops.net https://mailman.apnic.net/mailman/listinfo/apops Website: www.apops.net .
Re: Google DNS intermittent ServFail for Disney subdomain
:I know it doesn't help your problem, but friends don't let friends use public DNS resolvers (Google, L3, Open DNS, etc.). ;-) I've been experimenting with using Google's DNS resolvers for Google's assorted domains. At some point, I keep meaning to add Google's address space as in-addr.arpa domains, but just haven't gotten there yet. Why? Just curious, that's all. Thus far, I haven't really noted any major differences, but wasn't sure what to expect. Maybe something would be notably faster/slower, maybe different results/ads/whatever, I dunno. It just seemed reasonable to punt Google DNS to Google DNS and see how things work. YMMV, void where prohibited. ~Mike -- Michael J. O'Connor m...@dojo.mi.org =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "If you have enough plutonium, everything starts looking like a city." -Ches signature.asc Description: PGP signature
RE: AS-Path - ORF Draft
IOS-XR does not have a pre-policy prefix limit. When the limit is reached, the session will not automatically re-establish. It needs to be manually cleared first. It has the extra options: warning-only- does not drop the session. discard-extra-paths - additionally, drops prefixes after the limit is reached. restart- automatically re-establish the session after the timeout. I agree with Job that the use of warning-only can lead to unexpected routing, because there is no control over which prefixes are dropped. This is a big hammer that only comes down when the other hammers don't work. Thanks, Jakob. -- Date: Mon, 23 Oct 2017 06:57:19 -0400 From: Greg Hankins To: Job Snijders Cc: nanog@nanog.org Subject: Re: AS-Path - ORF Draft Message-ID: <20171023105719.gh27...@nokia.com> Content-Type: text/plain; charset=us-ascii Nokia SR OS defaults to pre-policy but can be configured to post-policy by adding "post-import". prefix-limit ipv4 100 // pre-policy prefix-limit ipv6 100 post-import // post-policy Greg -- Greg Hankins -Original Message- Date: Mon, 23 Oct 2017 12:37:13 +0200 From: Job Snijders To: nanog@nanog.org Subject: Re: AS-Path - ORF Draft On Mon, Oct 23, 2017 at 08:35:42AM +0200, Job Snijders wrote: > > or it could compare each additional prefix received to already learned > > prefixes and decide to drop one to make room for the new one. For > > example you could drop the most specific routes before less specific > > routes. > > The moment a BGP implementation can do such RIB compression, it may > indeed make sense to offer two types of limits: a 'pre-policy maximum > prefix limit' and a 'post-policy maximum prefix limit'. The former type > of limit would be useful in context of route leaks, the latter in > context of protecting against overflow of the FIB capability. Apparently this already exists and is widely available, Saku Ytti gave me some additional information. There are various keywords available, and they operate at different attachment points in the conceptual model. | IOS XR | Junos === pre-policy keyword | | prefix-limit +--+ post-policy keyword | maximum-prefix | accepted-prefix-limit (? means the keyword does not exist) Now I wonder what Arista EOS, Nokia SR-OS, etc offer in this regard. :-) (screenshot here http://instituut.net/~job/screenshots/baf76f9c29a31d2e55454ddd.png for those of you who can't easily view ASCII tables) Kind regards, Job
Re: Chinese websites loading slower recently?
I can confirm, several customers complaining of being suddenly unable to access baidu/weibo and so on Same conclusion ensues. > On 20 oct. 2017 at 23:27, Tianhao Xiao wrote : > > The National Congress[0] just happened, and the Chinese government does > make a very big deal out of it. I know that many universities were asked > to temporarily block inbound HTTP traffic, which even affected open > source mirrors during that time. > > With all this going on it is only natural that something restrictive > happened to the rest of the international network. I'm not exactly sure > what has been done, but it is very likely that it is not your problem. > > > On Fri, 20 Oct 2017, at 08:51, Simon Lockhart wrote: >> >> Is anyone else seeing an increase in problems related to Chinese >> websites?
Re: Allstream/Zayo in the house?
If you haven't, make sure you also drop a note to ip...@zayo.com as that is their IP specific network center. Not sure it will help, but it sure can't hurt.. --- Howard Leadmon PBW Communications, LLC http://www.pbwcomm.com On 10/21/2017 10:00 AM, Jason Lixfeld wrote: Having an issue where you’re caching announcements for my AS via a peering session that was turned down hours ago causing * * *, and my Saturday to suck :) Emails out to NOC/Peering contacts on peeringdb haven’t had a response yet. Hoping someone here can poke and/or prod. Thanks in advance.
Re: Chinese websites loading slower recently?
Hi Simon, The National Congress[0] just happened, and the Chinese government does make a very big deal out of it. I know that many universities were asked to temporarily block inbound HTTP traffic, which even affected open source mirrors during that time. With all this going on it is only natural that something restrictive happened to the rest of the international network. I'm not exactly sure what has been done, but it is very likely that it is not your problem. [0]https://en.wikipedia.org/wiki/19th_National_Congress_of_the_Communist_Party_of_China -- Tianhao Xiao hx...@dargasea.com On Fri, 20 Oct 2017, at 08:51, Simon Lockhart wrote: > All, > > I know that access to Chinese websites from outside China is notorious > for > being slow or broken, but we seem to have had a major increase in support > calls from our users over the last couple of weeks, complaining of slow > or > no access to major Chinese websites, such as www.baidu.com, www.youku.com > and > world.taobao.com. > > We can't find anything on our network that would be affecting this, and > at > various times can (and cannot!) reproduce it with off-net connections, > which > would indicate that it's an intermittent, but widespread issue. > > Is anyone else seeing an increase in problems related to Chinese > websites? > > Thanks in advance, > > Simon
Re: AS-Path - ORF Draft
On Mon, Oct 23, 2017 at 10:13:15AM -0500, Mike Hammett wrote: > > Great news! You can already do that in arouteserver: > > http://arouteserver.readthedocs.io/en/latest/CONFIG.html > > If you're using Bird. ;-) We're using OpenBGPd. I enjoy using both BIRD and OpenBGPD. Please look more closely. Look for the string 'openbgpd' on that page. The attachment points for BIRD and OpenBGPD are different, but arouteserver supports hooking in manual config for both BIRD and OpenBGPD. YYCIX, ofcourse based on OpenBGPD :-), is successfully documenting manual overrides in a 'pre-filters' file. You'll want to do the same. Kind regards, Job
Re: AS-Path - ORF Draft
> Great news! You can already do that in arouteserver: > http://arouteserver.readthedocs.io/en/latest/CONFIG.html#bird-hooks If you're using Bird. ;-) We're using OpenBGPd. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP
Re: AS-Path - ORF Draft
On Mon, 23 Oct 2017 at 16:57, Mike Hammett wrote: > I was looking at using arouteserver to automate my prefix filter > generation. Excellent choice. I would happily recommend arouteserver to any internet exchange operator looking to modernize their route servers. I'll do a feature request over there. > Great news! You can already do that in arouteserver: http://arouteserver.readthedocs.io/en/latest/CONFIG.html#bird-hooks Kind regards, Job
Re: AS-Path - ORF Draft
I was looking at using arouteserver to automate my prefix filter generation. I'll do a feature request over there. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Job Snijders" To: "Mike Hammett" Cc: "NANOG" Sent: Monday, October 23, 2017 8:24:51 AM Subject: Re: AS-Path - ORF Draft On Mon, Oct 23, 2017 at 07:53:03AM -0500, Mike Hammett wrote: > Should I assume that invigorating traction for a 17 year old draft is > rather difficult? John Heasley told me that a fundamental difficulty here is that not every implementation uses the same style/type of regular expressions. Unifying this behaviour across vendors will require a lot of pull. > It is my understanding that Network B does wish to accept Network A's > prefixes elsewhere, just not here. I believe that specifying the block > via IRR would be universal and probably not wanted. You can make it IX specific by using an old proposal called 'RPSL VIA'. Look for "The script supports most of the IETF snijders-rpsl-via draft extensions": https://ams-ix.net/technical/specifications-descriptions/ams-ix-route-servers > Some of my fellow IX operators have advised me to avoid doing manual > filtering for a variety of reasons. Yes, they are right. The moment the route server operator introduces hacks like that, the affected participants may forget those hacks existed over time. On the flip side, if Network B can't filter out the announcements, or insists on using a pre-policy maximum prefix limit - and Network A refuses to add a suppression community to their announcements to the route server (maybe because they want to cookie stamp all those configs), what can you (as person in the middle) do? If both network A and network B refuse to cooperate / coordinate, it somewhat dilutes the value of the route server to participants C/D/E because network B keeps flapping. > Which IXes have a web portal for that? Offlist is fine. I'd like to > see that and talk to them about their implementation. I believe NL-IX (https://nl-ix.net/) and VIX (https://www.vix.at) are example IXPs that have this. There are probably a bunch more that offer this type of feature. Kind regards, Job
Re: AS-Path - ORF Draft
On Mon, Oct 23, 2017 at 07:53:03AM -0500, Mike Hammett wrote: > Should I assume that invigorating traction for a 17 year old draft is > rather difficult? John Heasley told me that a fundamental difficulty here is that not every implementation uses the same style/type of regular expressions. Unifying this behaviour across vendors will require a lot of pull. > It is my understanding that Network B does wish to accept Network A's > prefixes elsewhere, just not here. I believe that specifying the block > via IRR would be universal and probably not wanted. You can make it IX specific by using an old proposal called 'RPSL VIA'. Look for "The script supports most of the IETF snijders-rpsl-via draft extensions": https://ams-ix.net/technical/specifications-descriptions/ams-ix-route-servers > Some of my fellow IX operators have advised me to avoid doing manual > filtering for a variety of reasons. Yes, they are right. The moment the route server operator introduces hacks like that, the affected participants may forget those hacks existed over time. On the flip side, if Network B can't filter out the announcements, or insists on using a pre-policy maximum prefix limit - and Network A refuses to add a suppression community to their announcements to the route server (maybe because they want to cookie stamp all those configs), what can you (as person in the middle) do? If both network A and network B refuse to cooperate / coordinate, it somewhat dilutes the value of the route server to participants C/D/E because network B keeps flapping. > Which IXes have a web portal for that? Offlist is fine. I'd like to > see that and talk to them about their implementation. I believe NL-IX (https://nl-ix.net/) and VIX (https://www.vix.at) are example IXPs that have this. There are probably a bunch more that offer this type of feature. Kind regards, Job
Re: AS-Path - ORF Draft
Should I assume that invigorating traction for a 17 year old draft is rather difficult? It is my understanding that Network B does wish to accept Network A's prefixes elsewhere, just not here. I believe that specifying the block via IRR would be universal and probably not wanted. Some of my fellow IX operators have advised me to avoid doing manual filtering for a variety of reasons. Which IXes have a web portal for that? Offlist is fine. I'd like to see that and talk to them about their implementation. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Job Snijders" To: "Mike Hammett" Cc: "NANOG" Sent: Monday, October 23, 2017 12:36:24 AM Subject: Re: AS-Path - ORF Draft On Sun, Oct 22, 2017 at 05:37:52PM -0500, Mike Hammett wrote: > Network A was sending more routes into the route server than Network B > could handle. Network B would like Network A's routes filtered before > they even got to their router. > > Googling a bit I saw pages talking about saving CPU or what have you, > but the main thing was Network B has a limited FIB. They have a prefix > limit specified to protect that. Their device goes through prefix > limit before prefix filter, so their filters wouldn't even see the > advertisements as the prefix limit already killed the session. Raise > the prefix limit so that the filters can get to work and now you're > vulnerable to someone else injecting a ton of routes and melting their > router. > > If that draft were supported by Network B's router and the route > servers, I believe that Network B could tell the route servers to > filter Network A's prefixes before sending them, thus saving their > FIB. Your interpretation of the functionality described in the draft is correct. Work on this draft started in december 2000 as can be read here: https://tools.ietf.org/html/draft-keyur-bgp-aspath-orf. I am not aware of any implementations, and having read the draft and observing there are no IANA codepoint assignments yet, it is very unlikely there are any implementations available for production use. Generally speaking it is safe to say that 17 year old Internet-Drafts (without known implementations) may be lacking the required traction to become a RFC. So alternatively, network B can tell the route server operator via email "do not send me these prefixes", and the route server operator in the middle honors that request and doesn't send those prefixes to network B. Some IXP's offer a webportal for this type of functionality, other IXPs allow signaling via RPSL in the IRR or as mentioned before, email. > Obviously the most correct answer is for Network A to get routers with > big enough FIBs, but that's not always possible or practical. s/Network A/Network B/ - Yes, this can be a challenge. I fear that bgp-aspath-orf won't be of any help in the short term. Kind regards, Job
Re: AS-Path - ORF Draft
Nokia SR OS defaults to pre-policy but can be configured to post-policy by adding "post-import". prefix-limit ipv4 100 // pre-policy prefix-limit ipv6 100 post-import // post-policy Greg -- Greg Hankins -Original Message- Date: Mon, 23 Oct 2017 12:37:13 +0200 From: Job Snijders To: nanog@nanog.org Subject: Re: AS-Path - ORF Draft On Mon, Oct 23, 2017 at 08:35:42AM +0200, Job Snijders wrote: > > or it could compare each additional prefix received to already learned > > prefixes and decide to drop one to make room for the new one. For > > example you could drop the most specific routes before less specific > > routes. > > The moment a BGP implementation can do such RIB compression, it may > indeed make sense to offer two types of limits: a 'pre-policy maximum > prefix limit' and a 'post-policy maximum prefix limit'. The former type > of limit would be useful in context of route leaks, the latter in > context of protecting against overflow of the FIB capability. Apparently this already exists and is widely available, Saku Ytti gave me some additional information. There are various keywords available, and they operate at different attachment points in the conceptual model. | IOS XR | Junos === pre-policy keyword | | prefix-limit +--+ post-policy keyword | maximum-prefix | accepted-prefix-limit (? means the keyword does not exist) Now I wonder what Arista EOS, Nokia SR-OS, etc offer in this regard. :-) (screenshot here http://instituut.net/~job/screenshots/baf76f9c29a31d2e55454ddd.png for those of you who can't easily view ASCII tables) Kind regards, Job
Re: AS-Path - ORF Draft
On Mon, Oct 23, 2017 at 08:35:42AM +0200, Job Snijders wrote: > > or it could compare each additional prefix received to already learned > > prefixes and decide to drop one to make room for the new one. For > > example you could drop the most specific routes before less specific > > routes. > > The moment a BGP implementation can do such RIB compression, it may > indeed make sense to offer two types of limits: a 'pre-policy maximum > prefix limit' and a 'post-policy maximum prefix limit'. The former type > of limit would be useful in context of route leaks, the latter in > context of protecting against overflow of the FIB capability. Apparently this already exists and is widely available, Saku Ytti gave me some additional information. There are various keywords available, and they operate at different attachment points in the conceptual model. | IOS XR | Junos === pre-policy keyword | | prefix-limit +--+ post-policy keyword | maximum-prefix | accepted-prefix-limit (? means the keyword does not exist) Now I wonder what Arista EOS, Nokia SR-OS, etc offer in this regard. :-) (screenshot here http://instituut.net/~job/screenshots/baf76f9c29a31d2e55454ddd.png for those of you who can't easily view ASCII tables) Kind regards, Job
