Re: Abuse Desks

[Mukund Sivaraman]

On Tue, Apr 28, 2020 at 08:45:12PM -0700, Dan Hollis wrote:
> On Tue, 28 Apr 2020, Matt Corallo via NANOG wrote:
> > Please don't use this kind of crap to send automated "we received 3 login 
> > attempts on our SSH box..wa" emails.
> > This is why folks don't have abuse contacts that are responsive to real 
> > issues anymore.

> Thats what SBL is for.

Do you recommend that we use a DNS blacklist to check every SSH and
HTTPS connection attempt, about whether it should be filtered or not?

Ultimately if there is scanning happening from an IP address delegated
to someone, isn't their abuse@ responsible for handling the complaints?
What are "real" issues?

We have scanning happening on ssh, https, SIP, SMTP submission ports
everyday. fail2ban does a good job blocking many of these, but
ultimately should the scanning problem be ignored?  Is nobody ultimately
responsible to stop these hosts from scanning?

Mukund

Re: Abuse Desks

[Dan Hollis]

On Tue, 28 Apr 2020, Matt Corallo via NANOG wrote:

Please don't use this kind of crap to send automated "we received 3 login attempts 
on our SSH box..wa" emails.
This is why folks don't have abuse contacts that are responsive to real issues 
anymore.


Thats what SBL is for.

-Dan

Re: CGNAT Solutions

[Brandon Martin]

On 4/28/20 4:53 PM, William Herrin wrote:

How small is small? Up to a certain size regular NAT with enough
logging to trace back abusers will tend to work fine. if we're talking
single-digit gbps, it may not be worth the effort to consider the
wonderful world of CGNAT.


Depending on how many IPs you need to reclaim and what your target 
IP:subscriber ratio is, you may be able to eliminate the need for a lot 
of logging by assigning a range of TCP/UDP ports to a single inside IP 
so that the TCP/UDP port number implies a specific subscriber.


You can't get rid of all the state tracking without also having the CPE 
know which ports to use (in which case you might as well use LW4o6 or 
MAP), but at least you can get it down to where you really only need to 
log (or block and dole out public IPs as needed) port-less protocols.

--
Brandon Martin

Re: CGNAT Solutions

[Jared Geiger]

Take a look at DANOS for CG-NAT as a free solution or Netgate's TNSR has a
CG-NAT feature https://www.tnsr.com/features

On Tue, Apr 28, 2020 at 2:57 PM JORDI PALET MARTINEZ via NANOG <
nanog@nanog.org> wrote:

> I will say it is much better to consider 464XLAT with NAT64, if the CPEs
> allow it.
>
>
>
> https://datatracker.ietf.org/doc/rfc8683/
>
>
>
> I’m right now doing a deployment for 25.000.000 customers of an ISP (GPON,
> DLS and cellular mix), all the testing has been done, and all doing fine.
>
>
>
> I’ve done it already for smaller ISPs, but the size of this project is
> more interesting to better demonstrate that it just works.
>
>
>
> I plan to do a presentation when the information can be made public … bit
> delay because the Covid-19 confinement.
>
>
>
> Regards,
>
> Jordi
>
> @jordipalet
>
>
>
>
>
>
>
> El 28/4/20 21:15, "NANOG en nombre de John Alcock" <
> nanog-boun...@nanog.org en nombre de j...@alcock.org> escribió:
>
>
>
> Afternoon,
>
>
>
> I run a small ISP in Tennessee.  COVID has forced a lot of people to work
> from home.  I am starting to run low on IP's and need to consider CGNAT.
>
>
>
> I do have IPV6 space, but we all know that until we force everyone to move
> to IPV6, we need to keep IPV4 up and running.
>
>
>
> I could buy more space, but I am really wondering if that is the
> best option.  It is expensive. I know CGNAT devices are expensive as well,
> but it looks like I could stretch it out a bit.
>
>
>
> My thinking is to convert about 50% of my subscribers to CGNAT.
>
>
>
> I am interested in vendors or devices you have used in the past.  I
> already know about the pitfalls many of my subscribers will have with CGNAT
> such as VPN's, Gamers, etc.
>
>
>
> What are your thoughts on CGNAT vendors?
>
>
>
> A10Networks
>
> F5Networks
>
> Others?
>
> **
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
>
>

Re: CGNAT Solutions

[JORDI PALET MARTINEZ via NANOG]

I will say it is much better to consider 464XLAT with NAT64, if the CPEs allow 
it.

 

https://datatracker.ietf.org/doc/rfc8683/

 

I’m right now doing a deployment for 25.000.000 customers of an ISP (GPON, DLS 
and cellular mix), all the testing has been done, and all doing fine.

 

I’ve done it already for smaller ISPs, but the size of this project is more 
interesting to better demonstrate that it just works.

 

I plan to do a presentation when the information can be made public … bit delay 
because the Covid-19 confinement.

 

Regards,

Jordi

@jordipalet

 

 

 

El 28/4/20 21:15, "NANOG en nombre de John Alcock"  escribió:

 

Afternoon,

 

I run a small ISP in Tennessee.  COVID has forced a lot of people to work from 
home.  I am starting to run low on IP's and need to consider CGNAT.

 

I do have IPV6 space, but we all know that until we force everyone to move to 
IPV6, we need to keep IPV4 up and running.

 

I could buy more space, but I am really wondering if that is the best option.  
It is expensive. I know CGNAT devices are expensive as well, but it looks like 
I could stretch it out a bit.

 

My thinking is to convert about 50% of my subscribers to CGNAT.

 

I am interested in vendors or devices you have used in the past.  I already 
know about the pitfalls many of my subscribers will have with CGNAT such as 
VPN's, Gamers, etc.

 

What are your thoughts on CGNAT vendors?  

 

A10Networks

F5Networks

Others?



**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

Re: CGNAT Solutions

[William Herrin]

On Tue, Apr 28, 2020 at 12:12 PM John Alcock  wrote:
> I run a small ISP in Tennessee.  I am starting to run low on IP's and need to 
> consider CGNAT.

Hi John,

How small is small? Up to a certain size regular NAT with enough
logging to trace back abusers will tend to work fine. if we're talking
single-digit gbps, it may not be worth the effort to consider the
wonderful world of CGNAT.

Regards,
Bill Herrin

-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

RE: CGNAT Solutions

[Aaron Gould]

Hi John, I run a small/medium ISP in Texas.  A few years ago, needing to do the 
same thing you are speaking of, I lab evaluated the Cisco ASR9k VSM-500 and 
Juniper MX104 MS-MIC-16G… in the end I went with Juniper.  No regrets, been 
good and holding strong.  I’ve scaled it way beyond what I originally 
envisioned.  (but bought more as well)

 

I slow started my CGNat deployment, like with most things, baby-steps when 
doing something as extreme as taking away the public ip  address from my isp 
residential customers… so yeah, slow-start…

 

DSL was my first target.  One DSLAM at a time, waiting for issues to arise and 
dealing with them along the way, the best I could.  …until we had 6,000 dsl 
customers behind a pair of Juniper MX104’s with MS-MIC-16G cards, running fine. 
 (all done via mpls l3vpn for virtual L3 routing into and out of the nat 
boundary… so one vrf for inside, and one vrf for outside)…peak load as I recall 
was about 3 gbps on each MX104, so 6 gbps total.

 

Next, about a year or so later, we went after Cable Modem CMTS communities.  
But, added MS-MPC-128G modules to a pair of our mpls 100 gig ring MX960 nodes.  
This was another 5,000 subs or so.  (this was about 2 or 3 years ago).  Learned 
a lot during that one.  A lot about ecmp, inet.3 mp-ibgp route choices, (set 
protocols ldp track-igp-metric… is your friend), app, eim, eif, ams/mams 
interfaces and load-balancing on the source-ip…. Let that ride for a year or 
so…then…

 

…went after our FTTH communities.  Probably about 30 or 40 thousand ip’s were 
recoup’d here.  FTTH was nat’d behind (4) additional MS-MPC-128G modules in (4) 
other 100 gig mpls ring mx960 nodes.

 

There have been recent concerns about uPNP not working behind the cgnat’s.

 

All in all, we are getting lots of use out of our Juniper CGNat solution.  All 
told, it’s about 50,000 customers behind the (2) MX104’s and (6) MX960’s 
getting nat’d.

 

-Aaron

 

 

 

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of John Alcock
Sent: Tuesday, April 28, 2020 2:12 PM
To: nanog@nanog.org
Subject: CGNAT Solutions

 

Afternoon,

 

I run a small ISP in Tennessee.  COVID has forced a lot of people to work from 
home.  I am starting to run low on IP's and need to consider CGNAT.

 

I do have IPV6 space, but we all know that until we force everyone to move to 
IPV6, we need to keep IPV4 up and running.

 

I could buy more space, but I am really wondering if that is the best option.  
It is expensive. I know CGNAT devices are expensive as well, but it looks like 
I could stretch it out a bit.

 

My thinking is to convert about 50% of my subscribers to CGNAT.

 

I am interested in vendors or devices you have used in the past.  I already 
know about the pitfalls many of my subscribers will have with CGNAT such as 
VPN's, Gamers, etc.

 

What are your thoughts on CGNAT vendors?  

 

A10Networks

F5Networks

Others?

Re: CGNAT Solutions

[Baldur Norddahl]

Just go with Linux and iptables. It is by far the cheapest option and it
just works.


tir. 28. apr. 2020 21.13 skrev John Alcock :

> Afternoon,
>
> I run a small ISP in Tennessee.  COVID has forced a lot of people to work
> from home.  I am starting to run low on IP's and need to consider CGNAT.
>
> I do have IPV6 space, but we all know that until we force everyone to move
> to IPV6, we need to keep IPV4 up and running.
>
> I could buy more space, but I am really wondering if that is the
> best option.  It is expensive. I know CGNAT devices are expensive as well,
> but it looks like I could stretch it out a bit.
>
> My thinking is to convert about 50% of my subscribers to CGNAT.
>
> I am interested in vendors or devices you have used in the past.  I
> already know about the pitfalls many of my subscribers will have with CGNAT
> such as VPN's, Gamers, etc.
>
> What are your thoughts on CGNAT vendors?
>
> A10Networks
> F5Networks
> Others?
>

RE: Applications of MPLS in the metro area

[Aaron Gould]

Yeah, I use the heck out of the ASCX5048, it is the mpls edge of my resi/busi 
mpls ftth network…

 

Lines/terminology can get blurry…But, I would say that I will do my best to get 
mpls into every nook and cranny of my network, where/when it makes sense. 

 

Forgive the atm analogy again, but seriously, when I managed the US Navy ATM 
Network in San Diego (2000-2004) I wanted cells into every nook and cranny in 
order to benefit from all the virtual capabilities atm had to offer… 

 

…same with MPLS…

 

…I’m increasingly hearing about devices like cisco’s ncs540, that enable mpls 
into smaller edge boxes, so that you can make use of up-and-coming 
sr/spring/evpn (mpls-based apps), automation, etc, etc

 

-Aaron

 

https://www.juniper.net/us/en/company/case-studies-customer-success/gvtc/

…juniper did a write-up on us :)

 

 

From: Etienne-Victor Depasquale [mailto:ed...@ieee.org] 
Sent: Tuesday, April 28, 2020 1:13 PM
To: Aaron Gould
Cc: adamv0...@netconsultings.com; NANOG
Subject: Re: Applications of MPLS in the metro area

 

I started poking around to learn more about these use cases and came across 
this interesting extract 

 :

 

"Juniper Networks® ACX Series Universal Metro Routers are Juniper’s response to 
a shift in metro network architecture, where the access and aggregation layers 
are extending the operational intelligence from the service provider edge to 
the access network."

 

Not long ago, I used to think of anything above layer 2 as "service provider 
edge" and further still (away from access), but the responses I've garnered are 
pointing at a metro network that widely implements MPLS and access and 
aggregation segments that are seeing implementation of L3 functions.

 

 

Etienne

 

 

On Tue, Apr 28, 2020 at 7:45 PM Aaron Gould  wrote:

Yeah, I forgot earlier but I’m using EVPN/MPLS for DC interconnections now 
also, for nicely integrating L2/L3 and host/machine level route preference

 

MPLS in some ways is reminiscent of the ability to fire-off Smart-PVC’s 
(SPVC/P) over an ATM (asynchronous transfer mode) network, and thus achieve end 
to end virtual private connectivity without touching the intermediate nodes (p 
nodes)…. Since the p-nodes just do label swapping (like vpi/vci swapping in the 
atm analogy)

 

In actuality, many of my “p” nodes, are also “pe” nodes  J  it’s all about what 
it’s doing at that moment for what it is that we are talking about

 

-Aaron

 

 

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of 
adamv0...@netconsultings.com
Sent: Tuesday, April 28, 2020 10:46 AM
To: 'Etienne-Victor Depasquale'; 'NANOG'
Subject: RE: Applications of MPLS in the metro area

 

Hi,

So where the books talk about PEs -think of your metro nodes here (basically 
converting the metro into an MPLS network -or making it part of your existing 
MPLS core) (you might not have a classic design where PEs hang off of P-Core 
nodes and might have just rings of PEs in your metro area)  

And where the books talk about various L3VPN and L2VPN services that’s 
basically what you can offer over your metro -now that it’s been converted to a 
fully-fledged MPLS network.

Ranging from multicast L3VPNs for 3PALY services through L2 p2p|p2mp|mp2mp 
services for Dat-Center-Interconect, to network-slicing buzzword (cause with 
VRFs and Traffic Engineering you can slice your metro area network whichever 
way you like).  

  

adam 

 

From: NANOG  On Behalf Of Etienne-Victor Depasquale
Sent: Tuesday, April 28, 2020 2:44 PM
To: NANOG 
Subject: Applications of MPLS in the metro area

 

Hello !

 

I'm looking for what a network operator would consider a realistic reference 
deployment of MPLS within the metro area network. 

 

By "realistic reference", I'm asking about what a network operator would 
consider to be a typical, perhaps most common, application of MPLS technology.

 

>From a bookish perspective, I understand MPLS well but have never implemented 
>it in the scope of my current field of study (metro area networks). I would 
>dearly like to get this "grounded" perspective from anyone who might care to 
>share it.

 

 

Cheers,

 

Etienne

 

-- 

Ing. Etienne-Victor Depasquale
Assistant Lecturer
Department of Communications & Computer Engineering
Faculty of Information & Communication Technology
University of Malta

Web. https://www.um.edu.mt/profile/etiennedepasquale




 

-- 

Ing. Etienne-Victor Depasquale
Assistant Lecturer
Department of Communications & Computer Engineering
Faculty of Information & Communication Technology
University of Malta

Web. https://www.um.edu.mt/profile/etiennedepasquale

CGNAT Solutions

[John Alcock]

Afternoon,

I run a small ISP in Tennessee.  COVID has forced a lot of people to work
from home.  I am starting to run low on IP's and need to consider CGNAT.

I do have IPV6 space, but we all know that until we force everyone to move
to IPV6, we need to keep IPV4 up and running.

I could buy more space, but I am really wondering if that is the
best option.  It is expensive. I know CGNAT devices are expensive as well,
but it looks like I could stretch it out a bit.

My thinking is to convert about 50% of my subscribers to CGNAT.

I am interested in vendors or devices you have used in the past.  I already
know about the pitfalls many of my subscribers will have with CGNAT such as
VPN's, Gamers, etc.

What are your thoughts on CGNAT vendors?

A10Networks
F5Networks
Others?

Re: Applications of MPLS in the metro area

[Etienne-Victor Depasquale]

I started poking around to learn more about these use cases and came
across this
interesting extract

:

"Juniper Networks® ACX Series Universal Metro Routers are Juniper’s
response to a shift in metro network architecture, where the access and
aggregation layers are extending the operational intelligence from the
service provider edge to the access network."

Not long ago, I used to think of anything above layer 2 as "service
provider edge" and further still (away from access), but the responses I've
garnered are pointing at a metro network that widely implements MPLS and
access and aggregation segments that are seeing implementation of L3
functions.


Etienne


On Tue, Apr 28, 2020 at 7:45 PM Aaron Gould  wrote:

> Yeah, I forgot earlier but I’m using EVPN/MPLS for DC interconnections now
> also, for nicely integrating L2/L3 and host/machine level route preference
>
>
>
> MPLS in some ways is reminiscent of the ability to fire-off Smart-PVC’s
> (SPVC/P) over an ATM (asynchronous transfer mode) network, and thus achieve
> end to end virtual private connectivity without touching the intermediate
> nodes (p nodes)…. Since the p-nodes just do label swapping (like vpi/vci
> swapping in the atm analogy)
>
>
>
> In actuality, many of my “p” nodes, are also “pe” nodes  J  it’s all
> about what it’s doing at that moment for what it is that we are talking
> about
>
>
>
> -Aaron
>
>
>
>
>
> *From:* NANOG [mailto:nanog-boun...@nanog.org] *On Behalf Of *
> adamv0...@netconsultings.com
> *Sent:* Tuesday, April 28, 2020 10:46 AM
> *To:* 'Etienne-Victor Depasquale'; 'NANOG'
> *Subject:* RE: Applications of MPLS in the metro area
>
>
>
> Hi,
>
> So where the books talk about PEs -think of your metro nodes here
> (basically converting the metro into an MPLS network -or making it part of
> your existing MPLS core) (you might not have a classic design where PEs
> hang off of P-Core nodes and might have just rings of PEs in your metro
> area)
>
> And where the books talk about various L3VPN and L2VPN services that’s
> basically what you can offer over your metro -now that it’s been converted
> to a fully-fledged MPLS network.
>
> Ranging from multicast L3VPNs for 3PALY services through L2 p2p|p2mp|mp2mp
> services for Dat-Center-Interconect, to network-slicing buzzword (cause
> with VRFs and Traffic Engineering you can slice your metro area network
> whichever way you like).
>
>
>
> adam
>
>
>
> *From:* NANOG  *On Behalf Of *Etienne-Victor
> Depasquale
> *Sent:* Tuesday, April 28, 2020 2:44 PM
> *To:* NANOG 
> *Subject:* Applications of MPLS in the metro area
>
>
>
> Hello !
>
>
>
> I'm looking for what a network operator would consider a realistic
> reference deployment of MPLS within the metro area network.
>
>
>
> By "realistic reference", I'm asking about what a network operator would
> consider to be a typical, perhaps most common, application of MPLS
> technology.
>
>
>
> From a bookish perspective, I understand MPLS well but have never
> implemented it in the scope of my current field of study (metro area
> networks). I would dearly like to get this "grounded" perspective from
> anyone who might care to share it.
>
>
>
>
>
> Cheers,
>
>
>
> Etienne
>
>
>
> --
>
> Ing. Etienne-Victor Depasquale
> Assistant Lecturer
> Department of Communications & Computer Engineering
> Faculty of Information & Communication Technology
> University of Malta
>
> Web. https://www.um.edu.mt/profile/etiennedepasquale
>


-- 
Ing. Etienne-Victor Depasquale
Assistant Lecturer
Department of Communications & Computer Engineering
Faculty of Information & Communication Technology
University of Malta
Web. https://www.um.edu.mt/profile/etiennedepasquale

RE: Applications of MPLS in the metro area

[Aaron Gould]

Yeah, I forgot earlier but I’m using EVPN/MPLS for DC interconnections now 
also, for nicely integrating L2/L3 and host/machine level route preference

 

MPLS in some ways is reminiscent of the ability to fire-off Smart-PVC’s 
(SPVC/P) over an ATM (asynchronous transfer mode) network, and thus achieve end 
to end virtual private connectivity without touching the intermediate nodes (p 
nodes)…. Since the p-nodes just do label swapping (like vpi/vci swapping in the 
atm analogy)

 

In actuality, many of my “p” nodes, are also “pe” nodes  J  it’s all about what 
it’s doing at that moment for what it is that we are talking about

 

-Aaron

 

 

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of 
adamv0...@netconsultings.com
Sent: Tuesday, April 28, 2020 10:46 AM
To: 'Etienne-Victor Depasquale'; 'NANOG'
Subject: RE: Applications of MPLS in the metro area

 

Hi,

So where the books talk about PEs -think of your metro nodes here (basically 
converting the metro into an MPLS network -or making it part of your existing 
MPLS core) (you might not have a classic design where PEs hang off of P-Core 
nodes and might have just rings of PEs in your metro area)  

And where the books talk about various L3VPN and L2VPN services that’s 
basically what you can offer over your metro -now that it’s been converted to a 
fully-fledged MPLS network.

Ranging from multicast L3VPNs for 3PALY services through L2 p2p|p2mp|mp2mp 
services for Dat-Center-Interconect, to network-slicing buzzword (cause with 
VRFs and Traffic Engineering you can slice your metro area network whichever 
way you like).  

  

adam 

 

From: NANOG  On Behalf Of Etienne-Victor Depasquale
Sent: Tuesday, April 28, 2020 2:44 PM
To: NANOG 
Subject: Applications of MPLS in the metro area

 

Hello !

 

I'm looking for what a network operator would consider a realistic reference 
deployment of MPLS within the metro area network. 

 

By "realistic reference", I'm asking about what a network operator would 
consider to be a typical, perhaps most common, application of MPLS technology.

 

>From a bookish perspective, I understand MPLS well but have never implemented 
>it in the scope of my current field of study (metro area networks). I would 
>dearly like to get this "grounded" perspective from anyone who might care to 
>share it.

 

 

Cheers,

 

Etienne

 

-- 

Ing. Etienne-Victor Depasquale
Assistant Lecturer
Department of Communications & Computer Engineering
Faculty of Information & Communication Technology
University of Malta

Web. https://www.um.edu.mt/profile/etiennedepasquale

Pearson VUE Contact...

[Michael Bullut via NANOG]

Greetings Team,

Anyone from the aforementioned organization on this forum? I raised a query
via their Customer Service Team but havent heard back from them.

Warm regards,

Michael Bullut.

---

*Cell:*
*+254 723 393 114.**Skype Name:* *Michael Bullut.*
*Blog: http://www.kipsang.com/ *
*E-mail:* *m...@kipsang.com *

*---*

Re: Abuse Desks

[Matt Corallo via NANOG]

Please don't use this kind of crap to send automated "we received 3 login 
attempts on our SSH box..wa" emails.
This is why folks don't have abuse contacts that are responsive to real issues 
anymore.

Matt

On 4/28/20 11:57 AM, Mike Hammett wrote:
> I noticed over the weekend that a Fail2Ban instance's complain function 
> wasn't working. I fixed it. I've noticed a few
> things:
> 
> 1) Abusix likes to return RIR abuse contact information. The vast majority 
> are LACNIC, but it also has kicked back a
> couple for APNIC and ARIN. When I look up the compromised IP address in 
> Abusix via the CLI, the APNIC and ARIN ones
> return both ISP contact information and RIR information. When I look them up 
> on the RIR's whois, it just shows the ISP
> abuse information. Weird, but so rare it's probably just an anomaly. However, 
> almost everything I see in LACNIC's region
> is returned with only the LACNIC abuse information when the ones I've checked 
> on LACNIC's whois list valid abuse
> information for that prefix. Can anyone confirm they've seen similar behavior 
> out of Abusix? I reached out to them, but
> haven't heard back.
> 2) Digital Ocean hits my radar far more than any other entity.
> 3) Azure shows up a lot less than GCP or AWS, which are about similar to each 
> other.
> 4) Around 5% respond saying it's been addressed (or why it's not in the event 
> of security researchers) within a couple
> hours. The rest I don't know. I've had a mix of small and large entities in 
> that response.
> 5) HostGator seems to have an autoresponder (due to a 1 minute response) that 
> just indicates that you sent nothing
> actionable, despite the report including the relevant log file entries.
> 6) Charter seems to have someone actually looking at it as it took them 16 - 
> 17 hours to respond, but they say they
> don't have enough information to act on, requesting relevant log file 
> entries...  which were provided in the initial
> report and are even included in their response. They request relevant log 
> file entries with the date, time, timezone,
> etc. all in the body in plain text, which was delivered.
> 7) The LACNIC region has about 1/3 of my reports.
> 
> 
> 
> Do these mirror others' observations with security issues and how abuse desks 
> respond?
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
> 
> Midwest-IX
> http://www.midwest-ix.com

Abuse Desks

[Mike Hammett]

I noticed over the weekend that a Fail2Ban instance's complain function wasn't 
working. I fixed it. I've noticed a few things: 


1) Abusix likes to return RIR abuse contact information. The vast majority are 
LACNIC, but it also has kicked back a couple for APNIC and ARIN. When I look up 
the compromised IP address in Abusix via the CLI, the APNIC and ARIN ones 
return both ISP contact information and RIR information. When I look them up on 
the RIR's whois, it just shows the ISP abuse information. Weird, but so rare 
it's probably just an anomaly. However, almost everything I see in LACNIC's 
region is returned with only the LACNIC abuse information when the ones I've 
checked on LACNIC's whois list valid abuse information for that prefix. Can 
anyone confirm they've seen similar behavior out of Abusix? I reached out to 
them, but haven't heard back. 
2) Digital Ocean hits my radar far more than any other entity. 
3) Azure shows up a lot less than GCP or AWS, which are about similar to each 
other. 
4) Around 5% respond saying it's been addressed (or why it's not in the event 
of security researchers) within a couple hours. The rest I don't know. I've had 
a mix of small and large entities in that response. 
5) HostGator seems to have an autoresponder (due to a 1 minute response) that 
just indicates that you sent nothing actionable, despite the report including 
the relevant log file entries. 
6) Charter seems to have someone actually looking at it as it took them 16 - 17 
hours to respond, but they say they don't have enough information to act on, 
requesting relevant log file entries... which were provided in the initial 
report and are even included in their response. They request relevant log file 
entries with the date, time, timezone, etc. all in the body in plain text, 
which was delivered. 
7) The LACNIC region has about 1/3 of my reports. 






Do these mirror others' observations with security issues and how abuse desks 
respond? 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

RE: Applications of MPLS in the metro area

[adamv0025]

Hi,

So where the books talk about PEs -think of your metro nodes here (basically 
converting the metro into an MPLS network -or making it part of your existing 
MPLS core) (you might not have a classic design where PEs hang off of P-Core 
nodes and might have just rings of PEs in your metro area)  

And where the books talk about various L3VPN and L2VPN services that’s 
basically what you can offer over your metro -now that it’s been converted to a 
fully-fledged MPLS network.

Ranging from multicast L3VPNs for 3PALY services through L2 p2p|p2mp|mp2mp 
services for Dat-Center-Interconect, to network-slicing buzzword (cause with 
VRFs and Traffic Engineering you can slice your metro area network whichever 
way you like).  

  

adam 

 

From: NANOG  On Behalf Of Etienne-Victor Depasquale
Sent: Tuesday, April 28, 2020 2:44 PM
To: NANOG 
Subject: Applications of MPLS in the metro area

 

Hello !

 

I'm looking for what a network operator would consider a realistic reference 
deployment of MPLS within the metro area network. 

 

By "realistic reference", I'm asking about what a network operator would 
consider to be a typical, perhaps most common, application of MPLS technology.

 

>From a bookish perspective, I understand MPLS well but have never implemented 
>it in the scope of my current field of study (metro area networks). I would 
>dearly like to get this "grounded" perspective from anyone who might care to 
>share it.

 

 

Cheers,

 

Etienne

 

-- 

Ing. Etienne-Victor Depasquale
Assistant Lecturer
Department of Communications & Computer Engineering
Faculty of Information & Communication Technology
University of Malta

Web. https://www.um.edu.mt/profile/etiennedepasquale

RE: Applications of MPLS in the metro area

[Aaron Gould]

For the ISP and Carrier Ethernet network I run, I use MPLS for various things.

 

It provides wonderful segmentation of different communities (customers and 
uses).

 

I use MPLS ELINE (p2p) extensively for Cellular Backhaul

 

I use MPLS ELAN (mp2mp) in various places for emulating LAN’s over long distance

 

I use MPLS L3VPN for various things…

-Containing customer public internet routing

-Containing customer cgnat private side

-6VPE for getting IPv6 across my ipv4-only core

 

 

-Aaron

 

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Etienne-Victor 
Depasquale
Sent: Tuesday, April 28, 2020 8:44 AM
To: NANOG
Subject: Applications of MPLS in the metro area

 

Hello !

 

I'm looking for what a network operator would consider a realistic reference 
deployment of MPLS within the metro area network. 

 

By "realistic reference", I'm asking about what a network operator would 
consider to be a typical, perhaps most common, application of MPLS technology.

 

>From a bookish perspective, I understand MPLS well but have never implemented 
>it in the scope of my current field of study (metro area networks). I would 
>dearly like to get this "grounded" perspective from anyone who might care to 
>share it.

 

 

Cheers,

 

Etienne

 

-- 

Ing. Etienne-Victor Depasquale
Assistant Lecturer
Department of Communications & Computer Engineering
Faculty of Information & Communication Technology
University of Malta

Web. https://www.um.edu.mt/profile/etiennedepasquale

Applications of MPLS in the metro area

[Etienne-Victor Depasquale]

Hello !

I'm looking for what a network operator would consider a realistic
reference deployment of MPLS within the metro area network.

By "realistic reference", I'm asking about what a network operator would
consider to be a typical, perhaps most common, application of MPLS
technology.

>From a bookish perspective, I understand MPLS well but have never
implemented it in the scope of my current field of study (metro area
networks). I would dearly like to get this "grounded" perspective from
anyone who might care to share it.


Cheers,

Etienne

-- 
Ing. Etienne-Victor Depasquale
Assistant Lecturer
Department of Communications & Computer Engineering
Faculty of Information & Communication Technology
University of Malta
Web. https://www.um.edu.mt/profile/etiennedepasquale