Re: FYI - 2FA to be come mandatory for ARIN Online?

2022-05-24 Thread Raymond Burkholder 

On 2022-05-24 16:22, John Curran wrote:

On 24 May 2022, at 4:39 PM, niels=na...@bakker.net wrote:

* nanog@nanog.org (Laura Smith via NANOG) [Tue 24 May 2022, 22:22 CEST]:

Its 2022. Do we really still need a consultation on why mandatory 2FA is a good 
thing ? Even more so for something like ARIN ?

To many of us in 2022 it's clear that SMS 2FA isn't necessarily a good way to 
protect critical infrastructure, but apparently ARIN does need a consultation 
for that

Niels -

I can think of several reasons why "SMS 2FA isn't necessarily a good way to 
protect critical infrastructure”…

Of course, there’s also the point that requiring 2FA for everyone – even if 
just SMS – would still be a superior state of affairs then the present 
condition (wherein 97% of ARIN Online users rely on just a password, and this 
despite 2FA via TOTP being available for ARIN Online accounts for years…)
What about optional additional second factor of sending out an email 
with digits to enter or a link to confirm login / some other critical 
operation?

There could easily be some operational concerns resulting from making 2FA 
authentication mandatory of which we on the ARIN staff are not aware, so we 
conduct a consultation.  Your voice can be part of that consultation,  but 
again it’s taking place on arin-consult mailing list (open to all) – not here.

Re: FYI - 2FA to be come mandatory for ARIN Online?

2022-05-24 Thread John Curran 


> On 24 May 2022, at 4:39 PM, niels=na...@bakker.net wrote:
> 
> * nanog@nanog.org (Laura Smith via NANOG) [Tue 24 May 2022, 22:22 CEST]:
>> Its 2022. Do we really still need a consultation on why mandatory 2FA is a 
>> good thing ? Even more so for something like ARIN ?
> 
> To many of us in 2022 it's clear that SMS 2FA isn't necessarily a good way to 
> protect critical infrastructure, but apparently ARIN does need a consultation 
> for that

Niels - 

I can think of several reasons why "SMS 2FA isn't necessarily a good way to 
protect critical infrastructure”…

Of course, there’s also the point that requiring 2FA for everyone – even if 
just SMS – would still be a superior state of affairs then the present 
condition (wherein 97% of ARIN Online users rely on just a password, and this 
despite 2FA via TOTP being available for ARIN Online accounts for years…) 

There could easily be some operational concerns resulting from making 2FA 
authentication mandatory of which we on the ARIN staff are not aware, so we 
conduct a consultation.  Your voice can be part of that consultation,  but 
again it’s taking place on arin-consult mailing list (open to all) – not here.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: FYI - 2FA to be come mandatory for ARIN Online?

2022-05-24 Thread niels=nanog 

* nanog@nanog.org (Laura Smith via NANOG) [Tue 24 May 2022, 22:22 CEST]:
Its 2022. Do we really still need a consultation on why mandatory 
2FA is a good thing ? Even more so for something like ARIN ?


To many of us in 2022 it's clear that SMS 2FA isn't necessarily a good 
way to protect critical infrastructure, but apparently ARIN does need 
a consultation for that



-- Niels.

Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts

2022-05-24 Thread Matt Harris 
On Tue, May 24, 2022 at 3:21 PM Laura Smith via NANOG 
wrote:

> Its 2022. Do we really still need a consultation on why mandatory 2FA is a
> good thing ? Even more so for something like ARIN ?
>

While it's probably obvious to most of us that mandatory 2fa is a good
thing, I think it should be likewise clear that community consultation is
also a very good thing as a general practice for changes such as this. A
good example is that several folks in the context of this discussion on the
ARIN-CONSULT list have voiced concerns related to SMS as the secondary
method, and others of us have discussed options which may be superior for a
variety of reasons.

- mdh

Matt Harris|VP of Infrastructure
816-256-5446|Direct
Looking for help?
Helpdesk|Email Support
We build customized end-to-end technology solutions powered by NetFire Cloud.

Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts

2022-05-24 Thread Laura Smith via NANOG 
Its 2022. Do we really still need a consultation on why mandatory 2FA is a good 
thing ? Even more so for something like ARIN ?

--- Original Message ---
On Tuesday, May 24th, 2022 at 19:28, John Curran  wrote:


> NANOGers - 
> A consultation opened today on potentially requiring use of 2-factor 
> authentication to login into ARIN Online – this would take place once SMS 2FA 
> is deployed.   If you think that this is: a) a great idea, b) a bad idea, c) 
> anything else, then feel free to subscribe to the arin-consult mailing list 
> (open to all at http://lists.arin.net/mailman/listinfo/arin-consult) and 
> provide your feedback.
> Best wishes,/John
> John CurranPresident and CEOAmerican Registry for Internet Numbers
>
>
> > Begin forwarded message:
> > From: ARIN 
> > Subject: [arin-announce] Consultation on Requiring Two-Factor 
> > Authentication (2FA) for ARIN Online Accounts
> > Date: 24 May 2022 at 12:45:48 PM EDT
> > To: "arin-annou...@arin.net" 
> >
> > **Background**
> >
> > In 2015, ARIN deployed a Time-Based One-Time password (TOTP) implementation 
> > of Two-Factor Authentication (2FA). Since the time of implementing that 
> > login security feature, 3.2 percent of ARIN Online users have opted to use 
> > 2FA with their accounts.
> >
> > Since October 2020, the ARIN Online system has been subject to a series of 
> > dictionary-based password guessing attacks. In March of 2021, we conducted 
> > ACSP Consultation 2021.2: Password Security for ARIN Online Accounts 
> > (https://www.arin.net/participate/community/acsp/consultations/2021/2021-2/)
> >  on proposed improvements to increase account security. This consultation 
> > resulted in an agreement to move forward with several improvements that 
> > have subsequently been deployed. However, we continue to see frequent 
> > attacks on our log-in systems, and ARIN staff continues to be heavily 
> > engaged in mitigating these attacks. Accounts not using 2FA are susceptible 
> > to these attacks. We recently updated the community on this topic during 
> > ARIN 49 held in Nashville and online in April. You can review this 
> > information from the ARIN 49 Meeting Report 
> > (https://www.arin.net/participate/meetings/ARIN49/) by looking for the 
> > presentation titled “Brute Force Login Attacks”.  
> >
> > It is our intention to make 2FA mandatory for all existing and new ARIN 
> > Online accounts going forward. The security of ARIN Online accounts is 
> > paramount to the success of the registry, and we do not believe it is 
> > tenable to continue without making 2FA required for all ARIN Online 
> > accounts.  
> >
> > We are currently developing a second method of 2FA use with ARIN Online to 
> > add to our long-deployed TOTP implementation. In the coming months, we will 
> > deploy a Short Message Service (SMS) 2FA implementation, thereby adding a 
> > second 2FA option for ARIN Online users. At that time, users will be able 
> > to choose between two types of 2FA – SMS and TOTP.   Adoption of TOTP 2FA 
> > has been limited in part due to perceived complexity, and the addition of 
> > SMS-based 2FA will provide a second option that is easier to use for many 
> > customers – and provide much more protection than the simple 
> > username-password condition of many ARIN Online user accounts today.  (ARIN 
> > also plans on adding support for a third 2FA option in the future – Fast 
> > Identity Online 2 (FIDO2) – in response to community suggestions, but we do 
> > not believe it is prudent to delay requiring 2FA on ARIN Online accounts 
> > until that third option becomes available.)
> >
> > **Requiring 2FA For ARIN Online Accounts**
> >
> > By requiring 2FA for ARIN Online accounts that control number resources, 
> > the ARIN community should see stronger security for the registry, reduced 
> > risk of account fraud attempts, and increased confidence in the integrity 
> > of their ARIN resources.  
> >
> > ARIN intends to require 2FA for all ARIN Online accounts shortly after 
> > SMS-based 2FA authentication is generally available.  We are seeking 
> > confirmation from the ARIN community regarding this plan, and ask the 
> > following consultation question:  
> >
> > ---
> > Once SMS-based two-factor authentication (2FA) is available for ARIN 
> > Online, do you believe ARIN *should not* proceed with requiring 2FA 
> > authentication (SMS-based or TOTP) for all ARIN Online accounts?  If so, 
> > why?
> > ---
> >
> > The feedback you provide during this consultation will help form our path 
> > forward to increasing the security of ARIN Online for all customers. Thank 
> > you for your participation in the ARIN Consultation and Suggestion Process. 
> > Please provide comments to arin-cons...@arin.net. You can subscribe to this 
> > mailing list at:
> >
> > http://lists.arin.net/mailman/listinfo/arin-consult
> >
> > This consultation will remain open through 5:00 PM ET on 24 June 2022.
> >
> > Regards,

Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)

2022-05-24 Thread Geoff Huston 


> On 25 May 2022, at 5:45 am, Jakob Heitz (jheitz) via NANOG  
> wrote:
> 
> This attack will work very well until the victim starts advertising
> its prefix. The victim may not notice the fake advertisement because the fake
> advertisement will not reach the victim AS due to AS-path loop checking.


Often the best forms of attack are ones that are scoped in locality. 
Advertising the
same prefix from a different location in BGP may create a localised preference 
to follow the
synthesised route which is not visible everywhere. Sometimes this is exactly 
what the
attacker wants to achieve.

Geoff

RE: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)

2022-05-24 Thread Jakob Heitz (jheitz) via NANOG 
This attack will work very well until the victim starts advertising
its prefix. The victim may not notice the fake advertisement because the fake
advertisement will not reach the victim AS due to AS-path loop checking.

So potential victims must advertise all prefixes that they register in
RPKI or subscribe to an Internet monitoring service to detect the
fake advertisements.

And don't forget maxlen. You must advertise in BGP every prefix
covered by maxlen.

Regards,
Jakob.

-Original Message-
From: Saku Ytti 

On Tue, 24 May 2022 at 11:23, Max Tulyev  wrote:

> To make a working hijack of the routed prefix (for sniffing traffic,
> DDoS or something similar), you have to announce a more specific
> prefix(es). It can be denied by RPKI.
>
> If you signed RPKI prefix is still unannounced - yes, somebody can
> hijack it by forging the origin ASN - that's quite easy.

This axiomatically assumes first come, first serve, which is obviously
not complete understanding of BGP best path algorithm.

-- 
  ++ytti

Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread Aaron Wendel 




On 5/24/2022 10:48 AM, Mitchell Tanenbaum via NANOG wrote:


I have two fixed wireless Internet connections here.  One is 25/5, the 
other is 35/5.  There is no cable, no fiber, no cellular, not even DSL 
from the phone company.  That is reality in metro Denver, CO 
(actually, the foothills, 25 miles from the state Capitol building).


Regarding Starlink, no, you can’t get it.  I paid my deposit a year 
and a half ago and I am still on the waiting list.  Every time that I 
get close to the date they promise, they change the promise. Maybe I 
will get Starlink service some time in the future, but, not any time soon.


Oh, yeah, and 25 meg down costs $75 a month.  If you want VoIP, that 
is another $20+.


So not only is it slow, it is expensive too.

So yes, there still is a problem, right here in America.  And not just 
in the boonies.


Mitch



This brings up another issues no one is really talking about and that's 
affordability.  We're about to lower our price on 10G to the home to 
$50/mo because that was the number the FCC would pay people who 
qualified.  Now they've lowered that subsidy to $30.  The pandemic 
exposed the fact that there are a lot of people out there that just 
can't afford the current pricing structure.  We give a gig away for free 
with a one time install fee and we had people calling us who's kids were 
at home for school and they couldn't afford the $25/mo we'd break their 
$300 install into.  We ended up just waiving a ton of fees during those 
early COVID days.


Aaron

FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts

2022-05-24 Thread John Curran 
NANOGers -

A consultation opened today on potentially requiring use of 2-factor 
authentication to login into ARIN Online – this would take place once SMS 2FA 
is deployed.   If you think that this is: a) a great idea, b) a bad idea, c) 
anything else, then feel free to subscribe to the arin-consult mailing list 
(open to all at http://lists.arin.net/mailman/listinfo/arin-consult) and 
provide your feedback.

Best wishes,
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] Consultation on Requiring Two-Factor Authentication 
(2FA) for ARIN Online Accounts
Date: 24 May 2022 at 12:45:48 PM EDT
To: "arin-annou...@arin.net" 
mailto:arin-annou...@arin.net>>

**Background**

In 2015, ARIN deployed a Time-Based One-Time password (TOTP) implementation of 
Two-Factor Authentication (2FA). Since the time of implementing that login 
security feature, 3.2 percent of ARIN Online users have opted to use 2FA with 
their accounts.

Since October 2020, the ARIN Online system has been subject to a series of 
dictionary-based password guessing attacks. In March of 2021, we conducted ACSP 
Consultation 2021.2: Password Security for ARIN Online Accounts 
(https://www.arin.net/participate/community/acsp/consultations/2021/2021-2/) on 
proposed improvements to increase account security. This consultation resulted 
in an agreement to move forward with several improvements that have 
subsequently been deployed. However, we continue to see frequent attacks on our 
log-in systems, and ARIN staff continues to be heavily engaged in mitigating 
these attacks. Accounts not using 2FA are susceptible to these attacks. We 
recently updated the community on this topic during ARIN 49 held in Nashville 
and online in April. You can review this information from the ARIN 49 Meeting 
Report (https://www.arin.net/participate/meetings/ARIN49/) by looking for the 
presentation titled “Brute Force Login Attacks”.

It is our intention to make 2FA mandatory for all existing and new ARIN Online 
accounts going forward. The security of ARIN Online accounts is paramount to 
the success of the registry, and we do not believe it is tenable to continue 
without making 2FA required for all ARIN Online accounts.

We are currently developing a second method of 2FA use with ARIN Online to add 
to our long-deployed TOTP implementation. In the coming months, we will deploy 
a Short Message Service (SMS) 2FA implementation, thereby adding a second 2FA 
option for ARIN Online users. At that time, users will be able to choose 
between two types of 2FA – SMS and TOTP.   Adoption of TOTP 2FA has been 
limited in part due to perceived complexity, and the addition of SMS-based 2FA 
will provide a second option that is easier to use for many customers – and 
provide much more protection than the simple username-password condition of 
many ARIN Online user accounts today.  (ARIN also plans on adding support for a 
third 2FA option in the future – Fast Identity Online 2 (FIDO2) – in response 
to community suggestions, but we do not believe it is prudent to delay 
requiring 2FA on ARIN Online accounts until that third option becomes 
available.)

**Requiring 2FA For ARIN Online Accounts**

By requiring 2FA for ARIN Online accounts that control number resources, the 
ARIN community should see stronger security for the registry, reduced risk of 
account fraud attempts, and increased confidence in the integrity of their ARIN 
resources.

ARIN intends to require 2FA for all ARIN Online accounts shortly after 
SMS-based 2FA authentication is generally available.  We are seeking 
confirmation from the ARIN community regarding this plan, and ask the following 
consultation question:

---
Once SMS-based two-factor authentication (2FA) is available for ARIN Online, do 
you believe ARIN *should not* proceed with requiring 2FA authentication 
(SMS-based or TOTP) for all ARIN Online accounts?  If so, why?
---

The feedback you provide during this consultation will help form our path 
forward to increasing the security of ARIN Online for all customers. Thank you 
for your participation in the ARIN Consultation and Suggestion Process. Please 
provide comments to arin-cons...@arin.net. You 
can subscribe to this mailing list at:

http://lists.arin.net/mailman/listinfo/arin-consult

This consultation will remain open through 5:00 PM ET on 24 June 2022.

Regards,

John Curran
President and CEO
American Registry for Internet Numbers (ARIN)


___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List (arin-annou...@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.

Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread Aaron Wendel 



On 5/24/2022 9:57 AM, Forrest Christian (List Account) wrote:
If the government is going to fund anything at all anymore, it needs 
to be fiber all the way to the home which is built and managed in a 
way that any provider can use it.   This probably means a single 
strand from each home to some concentration point no more than 10km 
from the home and then a backbone/middle mile supporting several 
carriers from that point.   The position of this concentration point 
to be determined by the density in the area.


In an ideal world, yes, this is exactly how it would work although there 
would be some logistical issues.


If you sit in these hearings the various government entities hold and 
listen to Charter's "Government Affairs Representative" then that is 
absolutely not true and coax is the wave of the future.

Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

2022-05-24 Thread David Conrad 
Max,

On May 23, 2022, at 9:12 AM, Max Tulyev  wrote:
> 11.05.22 15:31, Masataka Ohta пише:
>> There are various ways, such as crawling the web, to enumerate
>> domain names.
> 
> Come on, web is dying! People are moving to mobile applications!
> So more and more domains do not need any web site by design.

An interesting assertion. I’ve heard similar statements since about 2005.  Not 
disagreeing (haven’t looked at stats in a while), but what data are you basing 
this upon?  How does this correlate with the proliferation of blockchain-based 
squatted TLDs (e.g., unstoppable domains, handshake, etc.)?

Thanks,
-drc



signature.asc
Description: Message signed with OpenPGP

RE: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread Mitchell Tanenbaum via NANOG 
I have two fixed wireless Internet connections here.  One is 25/5, the other is 
35/5.  There is no cable, no fiber, no cellular, not even DSL from the phone 
company.  That is reality in metro Denver, CO (actually, the foothills, 25 
miles from the state Capitol building).

 

Regarding Starlink, no, you can’t get it.  I paid my deposit a year and a half 
ago and I am still on the waiting list.  Every time that I get close to the 
date they promise, they change the promise. Maybe I will get Starlink service 
some time in the future, but, not any time soon.

 

Oh, yeah, and 25 meg down costs $75 a month.  If you want VoIP, that is another 
$20+.

 

So not only is it slow, it is expensive too.

 

So yes, there still is a problem, right here in America.  And not just in the 
boonies.

 

Mitch

 

From: NANOG  On Behalf Of Matthew 
Huff
Sent: Tuesday, May 24, 2022 9:38 AM
To: Brian Turnbow ; David Bass ; Sean 
Donelan 
Cc: nanog@nanog.org
Subject: RE: FCC proposes higher speed goals (100/20 Mbps) for USF providers

 

I grew up in rural Texas where my mother still lives. She has adequate speed 
internet, the biggest issue is reliability. The whole town (there is only 1 
provider) has an outage for about an hour every week. Two weeks ago, there was 
no internet for 3 days. Cellular service is 4G and not even that reliable for 
data even on the best days.

 

From: NANOG mailto:nanog-bounces+mhuff=ox@nanog.org> > On Behalf Of Brian Turnbow via 
NANOG
Sent: Tuesday, May 24, 2022 9:35 AM
To: David Bass mailto:davidbass...@gmail.com> >; Sean 
Donelan mailto:s...@donelan.com> >
Cc: nanog@nanog.org  
Subject: RE: FCC proposes higher speed goals (100/20 Mbps) for USF providers

 

Here in Italy there have been a lot of investments to get better broadband.

Such as government sponsored bundles for areas with no return on investments, 
for schools etc with a lot of focus on reaching gigabit speeds

The results have been mainly positive even though there are delays.

On the end user side in 2020 one of the largest ISPs started offering 2.5Gbps 
service

Adds all over and users started asking for it, even though they don’t have a 
2.5 nic or router,  so now all of the major providers are rolling it out.

Illiad one uped them a couple of months ago pushing  a 5Gbps service and now I 
get people asking me if we offer 5Gbps fiber lines.. pure marketing…

I have a 1Gbps/100Mbps line and it is plenty enough for the family rarely do we 
even get near the limits.

It’s kind of like when I ask for an Italian espresso in the states and get a 
cup full of coffee, no I just want a very small italian style espresso..

The response is Why? you are paying for it take it all 

Bigger is better, even if you don’t need it, reigns supreme.

 

The real problem most users experience isn’t that they have a gig, or even 
100Mb of available download bandwidth…it’s that they infrequently are able to 
use that full bandwidth due to massive over subscription .  

 

The other issue is the minimal upload speed.  It’s fairly easy to consume the 
10Mb that you’re typically getting as a residential customer.  Even “business 
class” broadband service has a pretty poor upload bandwidth limit.  

 

We are a pretty high usage family, and 100/10 has been adequate, but there’s 
been times when we are pegged at the 10 Mb upload limit, and we start to see 
issues. 

 

I’d say 25/5 is a minimum for a single person. 

 

Would 1 gig be nice…yeah as long as the upload speed is dramatically increased 
as part of that.  We would rarely use it, but that would likely be sufficient 
for a long time.  I wouldn’t pay for the extra at this point though. 

 

On Mon, May 23, 2022 at 8:20 PM Sean Donelan mailto:s...@donelan.com> > wrote:


Remember, this rulemaking is for 1.1 million locations with the "worst" 
return on investment. The end of the tail of the long tail.  Rural and 
tribal locations which aren't profitable to provide higher speed 
broadband.

These locations have very low customer density, and difficult to serve.

After the Sandwich Isles Communications scandal, gold-plated proposals 
will be viewed with skepticism.  While a proposal may have a lower total 
cost of ownership over decades, the business case is the cheapest for 
the first 10 years of subsidies.  [massive over-simplification]

Historically, these projects have lack of timely completion (abandoned, 
incomplete), and bad (overly optimistic?) budgeting.

RE: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread Matthew Huff 
I grew up in rural Texas where my mother still lives. She has adequate speed 
internet, the biggest issue is reliability. The whole town (there is only 1 
provider) has an outage for about an hour every week. Two weeks ago, there was 
no internet for 3 days. Cellular service is 4G and not even that reliable for 
data even on the best days.

From: NANOG  On Behalf Of Brian Turnbow 
via NANOG
Sent: Tuesday, May 24, 2022 9:35 AM
To: David Bass ; Sean Donelan 
Cc: nanog@nanog.org
Subject: RE: FCC proposes higher speed goals (100/20 Mbps) for USF providers

Here in Italy there have been a lot of investments to get better broadband.
Such as government sponsored bundles for areas with no return on investments, 
for schools etc with a lot of focus on reaching gigabit speeds
The results have been mainly positive even though there are delays.
On the end user side in 2020 one of the largest ISPs started offering 2.5Gbps 
service
Adds all over and users started asking for it, even though they don’t have a 
2.5 nic or router,  so now all of the major providers are rolling it out.
Illiad one uped them a couple of months ago pushing  a 5Gbps service and now I 
get people asking me if we offer 5Gbps fiber lines.. pure marketing…
I have a 1Gbps/100Mbps line and it is plenty enough for the family rarely do we 
even get near the limits.
It’s kind of like when I ask for an Italian espresso in the states and get a 
cup full of coffee, no I just want a very small italian style espresso..
The response is Why? you are paying for it take it all
Bigger is better, even if you don’t need it, reigns supreme.

The real problem most users experience isn’t that they have a gig, or even 
100Mb of available download bandwidth…it’s that they infrequently are able to 
use that full bandwidth due to massive over subscription .

The other issue is the minimal upload speed.  It’s fairly easy to consume the 
10Mb that you’re typically getting as a residential customer.  Even “business 
class” broadband service has a pretty poor upload bandwidth limit.

We are a pretty high usage family, and 100/10 has been adequate, but there’s 
been times when we are pegged at the 10 Mb upload limit, and we start to see 
issues.

I’d say 25/5 is a minimum for a single person.

Would 1 gig be nice…yeah as long as the upload speed is dramatically increased 
as part of that.  We would rarely use it, but that would likely be sufficient 
for a long time.  I wouldn’t pay for the extra at this point though.

On Mon, May 23, 2022 at 8:20 PM Sean Donelan 
mailto:s...@donelan.com>> wrote:

Remember, this rulemaking is for 1.1 million locations with the "worst"
return on investment. The end of the tail of the long tail.  Rural and
tribal locations which aren't profitable to provide higher speed
broadband.

These locations have very low customer density, and difficult to serve.

After the Sandwich Isles Communications scandal, gold-plated proposals
will be viewed with skepticism.  While a proposal may have a lower total
cost of ownership over decades, the business case is the cheapest for
the first 10 years of subsidies.  [massive over-simplification]

Historically, these projects have lack of timely completion (abandoned,
incomplete), and bad (overly optimistic?) budgeting.

RE: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread Brian Turnbow via NANOG 
Here in Italy there have been a lot of investments to get better broadband.
Such as government sponsored bundles for areas with no return on investments, 
for schools etc with a lot of focus on reaching gigabit speeds
The results have been mainly positive even though there are delays.
On the end user side in 2020 one of the largest ISPs started offering 2.5Gbps 
service
Adds all over and users started asking for it, even though they don’t have a 
2.5 nic or router,  so now all of the major providers are rolling it out.
Illiad one uped them a couple of months ago pushing  a 5Gbps service and now I 
get people asking me if we offer 5Gbps fiber lines.. pure marketing…
I have a 1Gbps/100Mbps line and it is plenty enough for the family rarely do we 
even get near the limits.
It’s kind of like when I ask for an Italian espresso in the states and get a 
cup full of coffee, no I just want a very small italian style espresso..
The response is Why? you are paying for it take it all
Bigger is better, even if you don’t need it, reigns supreme.

The real problem most users experience isn’t that they have a gig, or even 
100Mb of available download bandwidth…it’s that they infrequently are able to 
use that full bandwidth due to massive over subscription .

The other issue is the minimal upload speed.  It’s fairly easy to consume the 
10Mb that you’re typically getting as a residential customer.  Even “business 
class” broadband service has a pretty poor upload bandwidth limit.

We are a pretty high usage family, and 100/10 has been adequate, but there’s 
been times when we are pegged at the 10 Mb upload limit, and we start to see 
issues.

I’d say 25/5 is a minimum for a single person.

Would 1 gig be nice…yeah as long as the upload speed is dramatically increased 
as part of that.  We would rarely use it, but that would likely be sufficient 
for a long time.  I wouldn’t pay for the extra at this point though.

On Mon, May 23, 2022 at 8:20 PM Sean Donelan 
mailto:s...@donelan.com>> wrote:

Remember, this rulemaking is for 1.1 million locations with the "worst"
return on investment. The end of the tail of the long tail.  Rural and
tribal locations which aren't profitable to provide higher speed
broadband.

These locations have very low customer density, and difficult to serve.

After the Sandwich Isles Communications scandal, gold-plated proposals
will be viewed with skepticism.  While a proposal may have a lower total
cost of ownership over decades, the business case is the cheapest for
the first 10 years of subsidies.  [massive over-simplification]

Historically, these projects have lack of timely completion (abandoned,
incomplete), and bad (overly optimistic?) budgeting.

Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread Forrest Christian (List Account) 
These people are fictional at this point.

Starlink has changed the equation such that there are basically no places
in the continental US that can't get service which is usable for most
internet needs.  I have starlink for backup purposes and don't notice any
meaningful practical difference between this and my main connection which
is about the same raw speed as starlink.   I use it for typical work from
home purposes including streaming, voip, and web usage.

If the government is going to fund anything at all anymore, it needs to be
fiber all the way to the home which is built and managed in a way that any
provider can use it.   This probably means a single strand from each home
to some concentration point no more than 10km from the home and then a
backbone/middle mile supporting several carriers from that point.   The
position of this concentration point to be determined by the density in the
area.


On Tue, May 24, 2022, 8:21 AM Josh Luthman 
wrote:

> CAF nor RDOF required IPv6.  BEAD doesn't say anything about IPv6.  I
> seriously doubt v6 gets included into the conversation because even NANOG
> can't agree it is needed.  The bigger concern are the people that have no
> connectivity at all (no 1 mbps, no 25/3, no 100/20, no gigabit, etc).
>
> On Tue, May 24, 2022 at 9:41 AM j k  wrote:
>
>> With this funding, does the FCC require IPv6 and/or dual stack?  If not,
>> it could cause a new IPv6 digital divide.
>>
>> Joe Klein
>>
>> On Tue, May 24, 2022, 9:21 AM Max Tulyev  wrote:
>>
>>> Do they help with a local government ("we do not need your cables, go
>>> avway")?
>>>
>>> 23.05.22 21:56, Sean Donelan пише:
>>> >
>>> > Money, money, money.
>>> >
>>> >
>>> > On Mon, 23 May 2022, Aaron Wendel wrote:
>>> >
>>> >> The Fiber Broadband Association estimates that the average US
>>> >> household will need more than a gig within 5 years.  Why not just
>>> jump
>>> >> it to a gig or more?
>>> >>
>>> >>
>>> >> On 5/23/2022 1:40 PM, Sean Donelan wrote:
>>> >>>
>>> >>>
>>> https://www.fcc.gov/document/fcc-proposes-higher-speed-goals-small-rural-broadband-providers-0
>>> >>>
>>> >>> The Federal Communications Commission voted [May 19, 2022] to seek
>>> >>> comment on a proposal to provide additional universal service
>>> support
>>> >>> to certain rural carriers in exchange for increasing deployment to
>>> >>> more locations at higher speeds. The proposal would make changes to
>>> >>> the Alternative Connect America Cost Model (A-CAM) program, with the
>>> >>> goal of achieving widespread deployment of faster 100/20 Mbps
>>> >>> broadband service throughout the rural areas served by rural
>>> carriers
>>> >>> currently receiving A-CAM support.
>>> >>>
>>> >>
>>> >>
>>> >
>>>
>>

RE: Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread Jamie Bowden via NANOG 
As much as I hate giving C/Bell Atlantic/Verizon praise for anything ever, my 
1gb FIOS connection reliably delivers 900+mb/s in both directions any time I 
care to test it.  Generally, if I can’t fill the pipe it’s the other end’s lack 
of available bandwidth.

Thanks,
-- 
Jamie

From: NANOG  On Behalf Of 
David Bass
Sent: Tuesday, May 24, 2022 7:34 AM
To: Sean Donelan 
Cc: nanog@nanog.org
Subject: [External] Re: FCC proposes higher speed goals (100/20 Mbps) for USF 
providers

The real problem most users experience isn’t that they have a gig, or even 
100Mb of available download bandwidth…it’s that they infrequently are able to 
use that full bandwidth due to massive over subscription .  

The other issue is the minimal upload speed.  It’s fairly easy to consume the 
10Mb that you’re typically getting as a residential customer.  Even “business 
class” broadband service has a pretty poor upload bandwidth limit.  

We are a pretty high usage family, and 100/10 has been adequate, but there’s 
been times when we are pegged at the 10 Mb upload limit, and we start to see 
issues. 

I’d say 25/5 is a minimum for a single person. 

Would 1 gig be nice…yeah as long as the upload speed is dramatically increased 
as part of that.  We would rarely use it, but that would likely be sufficient 
for a long time.  I wouldn’t pay for the extra at this point though. 

On Mon, May 23, 2022 at 8:20 PM Sean Donelan  wrote:

Remember, this rulemaking is for 1.1 million locations with the "worst" 
return on investment. The end of the tail of the long tail.  Rural and 
tribal locations which aren't profitable to provide higher speed 
broadband.

These locations have very low customer density, and difficult to serve.

After the Sandwich Isles Communications scandal, gold-plated proposals 
will be viewed with skepticism.  While a proposal may have a lower total 
cost of ownership over decades, the business case is the cheapest for 
the first 10 years of subsidies.  [massive over-simplification]

Historically, these projects have lack of timely completion (abandoned, 
incomplete), and bad (overly optimistic?) budgeting.

Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread Josh Luthman 
CAF nor RDOF required IPv6.  BEAD doesn't say anything about IPv6.  I
seriously doubt v6 gets included into the conversation because even NANOG
can't agree it is needed.  The bigger concern are the people that have no
connectivity at all (no 1 mbps, no 25/3, no 100/20, no gigabit, etc).

On Tue, May 24, 2022 at 9:41 AM j k  wrote:

> With this funding, does the FCC require IPv6 and/or dual stack?  If not,
> it could cause a new IPv6 digital divide.
>
> Joe Klein
>
> On Tue, May 24, 2022, 9:21 AM Max Tulyev  wrote:
>
>> Do they help with a local government ("we do not need your cables, go
>> avway")?
>>
>> 23.05.22 21:56, Sean Donelan пише:
>> >
>> > Money, money, money.
>> >
>> >
>> > On Mon, 23 May 2022, Aaron Wendel wrote:
>> >
>> >> The Fiber Broadband Association estimates that the average US
>> >> household will need more than a gig within 5 years.  Why not just jump
>> >> it to a gig or more?
>> >>
>> >>
>> >> On 5/23/2022 1:40 PM, Sean Donelan wrote:
>> >>>
>> >>>
>> https://www.fcc.gov/document/fcc-proposes-higher-speed-goals-small-rural-broadband-providers-0
>> >>>
>> >>> The Federal Communications Commission voted [May 19, 2022] to seek
>> >>> comment on a proposal to provide additional universal service support
>> >>> to certain rural carriers in exchange for increasing deployment to
>> >>> more locations at higher speeds. The proposal would make changes to
>> >>> the Alternative Connect America Cost Model (A-CAM) program, with the
>> >>> goal of achieving widespread deployment of faster 100/20 Mbps
>> >>> broadband service throughout the rural areas served by rural carriers
>> >>> currently receiving A-CAM support.
>> >>>
>> >>
>> >>
>> >
>>
>

Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread j k 
With this funding, does the FCC require IPv6 and/or dual stack?  If not, it
could cause a new IPv6 digital divide.

Joe Klein

On Tue, May 24, 2022, 9:21 AM Max Tulyev  wrote:

> Do they help with a local government ("we do not need your cables, go
> avway")?
>
> 23.05.22 21:56, Sean Donelan пише:
> >
> > Money, money, money.
> >
> >
> > On Mon, 23 May 2022, Aaron Wendel wrote:
> >
> >> The Fiber Broadband Association estimates that the average US
> >> household will need more than a gig within 5 years.  Why not just jump
> >> it to a gig or more?
> >>
> >>
> >> On 5/23/2022 1:40 PM, Sean Donelan wrote:
> >>>
> >>>
> https://www.fcc.gov/document/fcc-proposes-higher-speed-goals-small-rural-broadband-providers-0
> >>>
> >>> The Federal Communications Commission voted [May 19, 2022] to seek
> >>> comment on a proposal to provide additional universal service support
> >>> to certain rural carriers in exchange for increasing deployment to
> >>> more locations at higher speeds. The proposal would make changes to
> >>> the Alternative Connect America Cost Model (A-CAM) program, with the
> >>> goal of achieving widespread deployment of faster 100/20 Mbps
> >>> broadband service throughout the rural areas served by rural carriers
> >>> currently receiving A-CAM support.
> >>>
> >>
> >>
> >
>

Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread Max Tulyev 
Do they help with a local government ("we do not need your cables, go 
avway")?


23.05.22 21:56, Sean Donelan пише:


Money, money, money.


On Mon, 23 May 2022, Aaron Wendel wrote:

The Fiber Broadband Association estimates that the average US 
household will need more than a gig within 5 years.  Why not just jump 
it to a gig or more?



On 5/23/2022 1:40 PM, Sean Donelan wrote:


https://www.fcc.gov/document/fcc-proposes-higher-speed-goals-small-rural-broadband-providers-0 

The Federal Communications Commission voted [May 19, 2022] to seek 
comment on a proposal to provide additional universal service support 
to certain rural carriers in exchange for increasing deployment to 
more locations at higher speeds. The proposal would make changes to 
the Alternative Connect America Cost Model (A-CAM) program, with the 
goal of achieving widespread deployment of faster 100/20 Mbps 
broadband service throughout the rural areas served by rural carriers 
currently receiving A-CAM support.

Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread Bjørn Mork 
Michael Thomas  writes:
> On 5/23/22 11:49 AM, Aaron Wendel wrote:
>> The Fiber Broadband Association estimates that the average US
>> household will need more than a gig within 5 years.  Why not just
>> jump it to a gig or more?
>
> Really? What is the average household doing to use up a gig worth of
> bandwidth?

I don't think this "need" is based on using up all the available
bandwitdh, but about speed expectations.  Customers want to download the
same amount of data as before, only faster.  Increasing the subscriber
port bandwidth allows the ISP to oversubscribe their access network even
more, so the cost doesn't necessarily increase much.  You get faster
downloads for "free".  Customers will want that.

Don't know how many of you on the wrong side of the pond followed
RIPE84? There was an interesting talk there from Init7 in Switzerland on
their experiences delivering 25 gig FTTH:
https://ripe84.ripe.net/archives/video/797/

I noticed in particular the "Monthly volume won't change" on one of the
slides..

Dealing with extreme syncronized peaks, like a popular game launch for
example, will be harder with higher bandwidths.  But we do have CDNs for
efficient distribution of the same content to many ports. You'll just
have to move those further out in the access network.


Bjørn

Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

2022-05-24 Thread David Bass 
The real problem most users experience isn’t that they have a gig, or even
100Mb of available download bandwidth…it’s that they infrequently are able
to use that full bandwidth due to massive over subscription .

The other issue is the minimal upload speed.  It’s fairly easy to consume
the 10Mb that you’re typically getting as a residential customer.  Even
“business class” broadband service has a pretty poor upload bandwidth
limit.

We are a pretty high usage family, and 100/10 has been adequate, but
there’s been times when we are pegged at the 10 Mb upload limit, and we
start to see issues.

I’d say 25/5 is a minimum for a single person.

Would 1 gig be nice…yeah as long as the upload speed is dramatically
increased as part of that.  We would rarely use it, but that would likely
be sufficient for a long time.  I wouldn’t pay for the extra at this point
though.

On Mon, May 23, 2022 at 8:20 PM Sean Donelan  wrote:

>
> Remember, this rulemaking is for 1.1 million locations with the "worst"
> return on investment. The end of the tail of the long tail.  Rural and
> tribal locations which aren't profitable to provide higher speed
> broadband.
>
> These locations have very low customer density, and difficult to serve.
>
> After the Sandwich Isles Communications scandal, gold-plated proposals
> will be viewed with skepticism.  While a proposal may have a lower total
> cost of ownership over decades, the business case is the cheapest for
> the first 10 years of subsidies.  [massive over-simplification]
>
> Historically, these projects have lack of timely completion (abandoned,
> incomplete), and bad (overly optimistic?) budgeting.
>

Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)

2022-05-24 Thread Saku Ytti 
On Tue, 24 May 2022 at 11:23, Max Tulyev  wrote:

> To make a working hijack of the routed prefix (for sniffing traffic,
> DDoS or something similar), you have to announce a more specific
> prefix(es). It can be denied by RPKI.
>
> If you signed RPKI prefix is still unannounced - yes, somebody can
> hijack it by forging the origin ASN - that's quite easy.

This axiomatically assumes first come, first serve, which is obviously
not complete understanding of BGP best path algorithm.

-- 
  ++ytti

Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

2022-05-24 Thread Max Tulyev 

11.05.22 15:31, Masataka Ohta пише:

As I wrote:


But some spam actors
deliberately compared zone file editions to single out additions, and
then harass the owners of newly registered domains, both by e-mail and
phone.


If that is a serious concern, stop whois.


There are various ways, such as crawling the web, to enumerate
domain names.


Come on, web is dying! People are moving to mobile applications!
So more and more domains do not need any web site by design.

Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)

2022-05-24 Thread Max Tulyev 

15.05.22 00:19, Nick Hilliard пише:
a malicious actor will spoof the origin AS.  The aim of RPKI to help 
stop mis-origination of prefixes, and the root cause of most of this is 
accidental.


To make a working hijack of the routed prefix (for sniffing traffic, 
DDoS or something similar), you have to announce a more specific 
prefix(es). It can be denied by RPKI.


If you signed RPKI prefix is still unannounced - yes, somebody can 
hijack it by forging the origin ASN - that's quite easy.