Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)

[Mark Tinka]

On 5/12/22 23:40, Jakob Heitz (jheitz) via NANOG wrote:


To address the risk of somebody exhausting your memory by dumping a ton of 
routes on you,
we added two new options to "soft-reconfiguration inbound" in IOS-XR.

RPKI-dropped-only
Saves a copy of only the routes dropped by an RPKI validation-state test in 
neighbor-in route-policy.

RPKI-tested-only
Saves a copy of only the routes tested in an RPKI validation-state test in 
neighbor-in route-policy.

This was released in 7.3.1 in Feb 2021.

The bug CSCwb17937 was fixed in 7.5.2, just released. Fixed a few other things 
in 7.5.2 also.
Tomoya, apologies that you had a terrible time with it.


Awesome!

Mark.

RE: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)

[Jakob Heitz (jheitz) via NANOG]

To address the risk of somebody exhausting your memory by dumping a ton of 
routes on you,
we added two new options to "soft-reconfiguration inbound" in IOS-XR.

RPKI-dropped-only
Saves a copy of only the routes dropped by an RPKI validation-state test in 
neighbor-in route-policy.

RPKI-tested-only
Saves a copy of only the routes tested in an RPKI validation-state test in 
neighbor-in route-policy.

This was released in 7.3.1 in Feb 2021.

The bug CSCwb17937 was fixed in 7.5.2, just released. Fixed a few other things 
in 7.5.2 also.
Tomoya, apologies that you had a terrible time with it.


Regards,
Jakob.

-Original Message-
Date: Wed, 11 May 2022 14:31:28 -0700
From: Randy Bush 
To: Pirawat WATANAPONGSE via NANOG 
Subject: Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)
and upstream(s)
Message-ID: 
Content-Type: text/plain; charset=US-ASCII

> Is setting 'Soft Reconfiguration' enough for me to keep ROV running?

yes, should be.

> If not, is there any other solution?

yes.  jakob says he has implemented
https://datatracker.ietf.org/doc/draft-ietf-sidrops-rov-no-rr/, though i
do not known in what xr image(s)

randy

NANOG 85 Sneak Peek + More

[Nanog News]

*NANOG 85 Sneak Peek*
*Meeting Will Take Place Jun. 6 - 8 in Montréal*

REGISTER NOW  for hours of talks by
industry leaders, networking opportunities + more!
*Coming Soon to the NANOG 85 Stage: *

   -  Keynote Speaker: Sylvie LaPerrire
   -  Special IPv6 World Launch Anniversary Day programming
   - 4 different panels that will be taking place in Montréal
   -  Panel: Women in Executive Leadership: Challenges and Opportunities
   - Tutorial: Optical Fiber Capacity Limits - Where Do We Go Next?
   - More

* MORE INFO *

*Register for NANOG 85 Hackathon *
*Theme: Projects That Make a Difference *

Let's Hack! The NANOG 85 Hackathon will focus on Projects that Make a
Difference. In-person and virtual attendees are welcome to attend!

*Wed. - May 25* - Intro/Tutorial/Team Formation
*Sat. + Sun. - Jun. 4 - 5* - Hacking



*REGISTER NOW  *
*ArriveCAN Required for Traveling to Canada **NANOG 85 Travel Guidelines *

In-person attendees: Have you created your ArriveCAN profile for NANOG 85?

ArriveCAN continues to be mandatory for travelers to Canada. Those who do
not comply could be subject to a $5K fine.

To be ready for your trip, create your free ArriveCAN account on your
desktop and/or download the ArriveCAN mobile app TODAY.



*TRAVEL GUIDELINES
NANOG 85 Sponsorships
Still Available! *

Contact Shawn Winstead at swinst...@nanog.org for more information.

*Apply for the Peering Coordination Forum*

The Peering Coordination Forum is a 90-minute session to be held on Jun. 6
during the NANOG 85 conference. The forum provides time for attendees to
meet and network with others in the peering community present at NANOG.

NANOG 85 Peering Coordination Forum applications will remain open until we
have 20 applications or May 31.

*APPLY NOW  *

[NANOG-announce] NANOG 85 Sneak Peek + More

[Nanog News]

*NANOG 85 Sneak Peek*
*Meeting Will Take Place Jun. 6 - 8 in Montréal*

REGISTER NOW  for hours of talks by
industry leaders, networking opportunities + more!
*Coming Soon to the NANOG 85 Stage: *

   -  Keynote Speaker: Sylvie LaPerrire
   -  Special IPv6 World Launch Anniversary Day programming
   - 4 different panels that will be taking place in Montréal
   -  Panel: Women in Executive Leadership: Challenges and Opportunities
   - Tutorial: Optical Fiber Capacity Limits - Where Do We Go Next?
   - More

* MORE INFO *

*Register for NANOG 85 Hackathon *
*Theme: Projects That Make a Difference *

Let's Hack! The NANOG 85 Hackathon will focus on Projects that Make a
Difference. In-person and virtual attendees are welcome to attend!

*Wed. - May 25* - Intro/Tutorial/Team Formation
*Sat. + Sun. - Jun. 4 - 5* - Hacking



*REGISTER NOW  *
*ArriveCAN Required for Traveling to Canada **NANOG 85 Travel Guidelines *

In-person attendees: Have you created your ArriveCAN profile for NANOG 85?

ArriveCAN continues to be mandatory for travelers to Canada. Those who do
not comply could be subject to a $5K fine.

To be ready for your trip, create your free ArriveCAN account on your
desktop and/or download the ArriveCAN mobile app TODAY.



*TRAVEL GUIDELINES
NANOG 85 Sponsorships
Still Available! *

Contact Shawn Winstead at swinst...@nanog.org for more information.

*Apply for the Peering Coordination Forum*

The Peering Coordination Forum is a 90-minute session to be held on Jun. 6
during the NANOG 85 conference. The forum provides time for attendees to
meet and network with others in the peering community present at NANOG.

NANOG 85 Peering Coordination Forum applications will remain open until we
have 20 applications or May 31.

*APPLY NOW  *
___
NANOG-announce mailing list
NANOG-announce@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-announce

Re: Github/gist list of modern telemetry/networking polling tools

[Tom Beecher]

>
> such as telegraf+influxdb+grafana, although that’s more resource intensive
> than the old school stuff that just works.
>

I'm also generally a fan of the older 'simple, just work' things , but
influxdb + grafana has absolutely grown on me over time.

On Thu, May 12, 2022 at 10:36 AM Rafael Possamai <
rafael.possa...@bluebirdnetwork.com> wrote:

> Here is a list: https://github.com/kahun/awesome-sysadmin#monitoring
>
>
>
> Personally, I’ve used smokeping for over a decade (mrtg works too, or rrd
> and a cron job), as well as librenms/prtg and as of the last couple of
> years a software “stack” such as telegraf+influxdb+grafana, although that’s
> more resource intensive than the old school stuff that just works.
>
>
>
> *From:* NANOG 
> *On Behalf Of *Drew Weaver
> *Sent:* Thursday, May 12, 2022 7:50 AM
> *To:* nanog@nanog.org
> *Subject:* Github/gist list of modern telemetry/networking polling tools
>
>
>
> Hello,
>
>
>
> If you guys are like me I find something that works and I just stick with
> it.
>
>
>
> Now that we’re getting to a place where we can re-tool some of our
> monitoring and telemetry for our network I am looking for
> information/recommendations on new tools.
>
>
>
> Specifically I am looking a list of NMS, SNMP poller/grapher,
> sflow/netflow cap/dump tools that people are enjoying.
>
>
>
> I know a lot of times people post lists of tools over on github or a gist
> so I am just wondering if anyone has any lists for this that they like?
>
>
>
> Thanks,
>
> -Drew
>
>
>

Re: Github/gist list of modern telemetry/networking polling tools

[Tarko Tikan]

hey,

snmp_exporter
gnmic

feeding to prometheus
+ alertmanager
+ grafana

Building meaningful dashboards and setting up actionable alerts 
(relevant for your network) is the hardest part.


--
tarko

RE: Github/gist list of modern telemetry/networking polling tools

[Rafael Possamai]

Here is a list: https://github.com/kahun/awesome-sysadmin#monitoring

Personally, I've used smokeping for over a decade (mrtg works too, or rrd and a 
cron job), as well as librenms/prtg and as of the last couple of years a 
software "stack" such as telegraf+influxdb+grafana, although that's more 
resource intensive than the old school stuff that just works.

From: NANOG  On 
Behalf Of Drew Weaver
Sent: Thursday, May 12, 2022 7:50 AM
To: nanog@nanog.org
Subject: Github/gist list of modern telemetry/networking polling tools

Hello,

If you guys are like me I find something that works and I just stick with it.

Now that we're getting to a place where we can re-tool some of our monitoring 
and telemetry for our network I am looking for information/recommendations on 
new tools.

Specifically I am looking a list of NMS, SNMP poller/grapher, sflow/netflow 
cap/dump tools that people are enjoying.

I know a lot of times people post lists of tools over on github or a gist so I 
am just wondering if anyone has any lists for this that they like?

Thanks,
-Drew

Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

[John McCormac]

On 12/05/2022 11:16, Masataka Ohta wrote:

John McCormac wrote:


There are various ways, such as crawling the web, to enumerate
domain names.



That is not an efficient method.


Not a problem for large companies or botnet. So, only
small legal players suffer from hiding zone information.


Agree on the effects on smaller legal players.

A domain name does not always have to have a website. This means that 
some domain names may have no presence on the Web unless they are 
mentioned on a site or in e-mail. With the increased automation of 
webhosting control panels, undeveloped domain names may be automatically 
parked on the webhoster's or registrar's holding page.



You misunderstand my statement. Domain names not offering
HTTP service can also be collected by web crawling.


Perhaps if there are lists of new registrations published or the domain 
names are reregistrations that had been previously deleted. Some might 
be detected if they have reverse DNS set up for the domain name. DNS 
traffic could be another source. Other than those cases, I am not sure 
about web crawling detecting domain names without HTTP service.



Google can also use gmail to collect domain names used by
sent or received e-mails.


Or even Google Analytics but that may have legal issues over privacy.

But there is a problem with that because of all the FUD about websites 
linking to "bad" websites that had been pushed in the media a few 
years ago.


Is your concern privacy of "bad" websites?


No. The problem for search engines and other crawlers that detect new 
websites by crawling links from others are at a disadvantage because of 
websites being less likely to link to others due to search engine 
optimisation. The decline of web directories has also had an effect. It 
becomes increasingly difficult for newer players without the resources 
of Google or Microsoft to compete at detecting new websites, typically 
ccTLD, when they have no inbound links from other websites.



Another factor that is often missed is the renewal rate of domain names.


That's not a problem related to enumeration of domain names.


It is when millions of (gTLD and ccTLD) domain names per month are 
deleted. Even after a run of enumerating domain names in a zone, some of 
those domain names will have been deleted before the process is 
completed. Enumerating domain names is very much a continual process 
rather than a one-off process. The set of domain names in a zone is 
rarely a static one. An enumerated zone is a snapshot of that zone at a 
particular time. It becomes increasingly unreliable.


A lot of personal data such as e-mail addresses, phone numbers and 
even postal addresses have been removed from gTLD records because of 
the fear of GDPR.


As I have been saying, the problem, *if+ *any*, is whois. So?


There are multiple issues. The redaction of WHOIS data has made dealing 
with fradulent/malware/phishing sites more difficult. It can also cause 
problems for registrants who have registered their domain name through a 
reseller that has disappeared.


Spammers using WHOIS data from new registrations to target registrants 
has declined somewhat since 2018. The redaction of data from the WHOIS 
is not a one-size-fits-all solution. This is why ICANN is moving towards 
RDAP and a more controlled access to registrant data.


The zones change. New domain names are registered and domain names are 
deleted. For many TLDs, the old WHOIS model of registrant name, e-mail 
and phone number no longer exists. And there are also WHOIS privacy 
services which have obscured ownership.


As I wrote:

: Moreover, because making ownership information of lands and
: domain names publicly available promotes public well fair
: and domain name owners approve publication of such
: information in advance, there shouldn't be any concern
: of privacy breach forbidden by local law of DE.

that is not a healthy movement.


There has been some discussion about using a Natural Person or Legal 
Person field in gTLD WHOIS records with the Legal Person (effectively a 
business or company) having more information published. There are 
multiple jurisdictions and some have different protections for data. 
Some registrars and registries allow registrants to publish ownership 
details but others do not. With gTLDs, there is a central organisation 
(ICANN). With ccTLDs, each ccTLD registry is almost unique (a few 
registries also run IDN versions of ccTLDs in addition to their main 
ccTLD) and subject to the local laws of its country. GDPR has caused a 
lot of problems inside and outside of the EU.


Regards...jmcc
--
**
John McCormac  *  e-mail: j...@hosterstats.com
MC2*  web: http://www.hosterstats.com/
22 Viewmount   *  Domain Registrations Statistics
Waterford  *  Domnomics - the business of domain names
Ireland*  https://amzn.to/2OPtEIO
IE *  Skype: hosterstats.com

Github/gist list of modern telemetry/networking polling tools

[Drew Weaver]

Hello,

If you guys are like me I find something that works and I just stick with it.

Now that we're getting to a place where we can re-tool some of our monitoring 
and telemetry for our network I am looking for information/recommendations on 
new tools.

Specifically I am looking a list of NMS, SNMP poller/grapher, sflow/netflow 
cap/dump tools that people are enjoying.

I know a lot of times people post lists of tools over on github or a gist so I 
am just wondering if anyone has any lists for this that they like?

Thanks,
-Drew

Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

[Masataka Ohta]

John McCormac wrote:


There are various ways, such as crawling the web, to enumerate
domain names.



That is not an efficient method.


Not a problem for large companies or botnet. So, only
small legal players suffer from hiding zone information.


For example, large companies such as google can obtain enumerated
list of all the current most active domains in the world, which
can, then, be used to access whois.


What Google might obtain would be a list of domain names with websites. 
The problem is that the web usage rate for TLDs varies with some ccTLDs 
seeing a web usage rate of over 40% (40% of domain names having 
developed websites) but some of the new gTLDs have web usage rates below 
10%. Some of the ccTLDs have high web usage rates.


You misunderstand my statement. Domain names not offering
HTTP service can also be collected by web crawling.


Hiding DNS zone information from public is beneficial to powerful
entities such as google.


In some respects, yes.


Google can also use gmail to collect domain names used by
sent or received e-mails.

But there is a problem with that because of all 
the FUD about websites linking to "bad" websites that had been pushed in 
the media a few years ago.


Is your concern privacy of "bad" websites?


Another factor that is often missed is the renewal rate of domain names.


That's not a problem related to enumeration of domain names.

A lot of personal data 
such as e-mail addresses, phone numbers and even postal addresses have 
been removed from gTLD records because of the fear of GDPR.


As I have been saying, the problem, *if+ *any*, is whois. So?

The zones change. New domain names are registered and domain names are 
deleted. For many TLDs, the old WHOIS model of registrant name, e-mail 
and phone number no longer exists. And there are also WHOIS privacy 
services which have obscured ownership.


As I wrote:

: Moreover, because making ownership information of lands and
: domain names publicly available promotes public well fair
: and domain name owners approve publication of such
: information in advance, there shouldn't be any concern
: of privacy breach forbidden by local law of DE.

that is not a healthy movement.

Masataka Ohta