Re: Request for assistance with Verizon FIOS connection

[Matt Corallo]

OP indicated they've tried both a direct laptop connection as well as another router. That seems to 
meet the requirement for having ruled out his home-made router, though obviously I agree one should 
attempt to rule out any possible errors by doing transparent packet sniffing analyzing the problem 
carefully before escalating an issue. Hopefully everyone on this list knows the value of the tech on 
the other end of the line's time :)


Matt

On 7/14/23 9:07 PM, Mel Beckman wrote:
Getting the FCC involved seems premature, since the OP hasn't yet ruled out a problem with his home 
made router. Not that there's anything wrong with making your own router, but it seems there is a 
burden of proof on the end user to demonstrate the problem isn't at with the CPE. Even a test as 
simple as connecting a laptop up for a day and running pings would rule out the CPE.


   -mel

*From:* NANOG  on behalf of Matt Corallo 

*Sent:* Friday, July 14, 2023 5:46 PM
*To:* Neil Hanlon ; nanog@nanog.org 
*Subject:* Re: Request for assistance with Verizon FIOS connection
I've always had good luck with https://consumercomplaints.fcc.gov/hc/en-us 
. This tends to result in

a higher-level tech getting assigned to your ticket at least at larger 
providers. Depending on where
you are, your local government may have a similar process (e.g. in NYC the city 
has a similar
process that tends to get very high priority tech attention as city council 
members will rake
providers over the coals on individual complaints come contract-renewal time).

Matt

On 7/14/23 8:01 AM, Neil Hanlon wrote:

Hi all - I apoligize for the not-necessarily-on-topic post, but I've been 
struggling with this issue
for the past two
weeks and am about out of ideas and options other than ask here.

The short version is I recently got FIOS at my (new) house, and plugged in my 
router (SFF PC running
Vyos). Initially,
all was fine, however, some time later, connectivity to the gateway given by 
the DHCP server is
completely lost. If I
force a renewal, the gateway (sometimes) comes back--sometimes not. When it 
doesn't work, the
DHCPDISCOVER process has
to start over again and I often recive a lease in a completely different 
subnet--which isn't really
the problem, but
seems to be symptomatic of whatever is happening upstream of me.

The problem, from my perspective, is that the IPv4 gateway given to me in my 
DHCP lease goes away
before my lease
expires--leading to broken v4 connectivity until either 1. the system goes to 
renew the lease and
fails, starting over;
or 2. A watchdog notices and renews the lease (This is what I have attempted to 
implement, without
much success).

As a note, IPv6 connectivity (dhcpv6-pd, receiving a /56) is entirely 
unaffected when IPv4
connectivity breaks.

For the past week, I have been monitoring to various IPv4 and IPv6 endpoints 
over ICMP and TCP, and
have been able to
chart the outages over that period. More or less, every two hours, shortly 
after a lease is renewed,
the gateway
disappears. I'm happy to share more details and graphs/logs with anyone who 
might be able to help.

I have attempted to contact FIOS support several times and even had a trouble 
ticket opened at one
point--though this
has been closed as they cannot apparently find any issue with the ONT.

I'm at my wit's end with this issue and would really appreciate any and all 
help. Please contact me
off list if you need
additional details--I can provide ticket numbers/conversation IDs/etc, as well 
as graphs/logs/etc.

Best,
Neil Hanlon

Re: Request for assistance with Verizon FIOS connection

[Mel Beckman]

Getting the FCC involved seems premature, since the OP hasn't yet ruled out a 
problem with his home made router. Not that there's anything wrong with making 
your own router, but it seems there is a burden of proof on the end user to 
demonstrate the problem isn't at with the CPE. Even a test as simple as 
connecting a laptop up for a day and running pings would rule out the CPE.

  -mel

From: NANOG  on behalf of Matt Corallo 

Sent: Friday, July 14, 2023 5:46 PM
To: Neil Hanlon ; nanog@nanog.org 
Subject: Re: Request for assistance with Verizon FIOS connection

I've always had good luck with https://consumercomplaints.fcc.gov/hc/en-us. 
This tends to result in
a higher-level tech getting assigned to your ticket at least at larger 
providers. Depending on where
you are, your local government may have a similar process (e.g. in NYC the city 
has a similar
process that tends to get very high priority tech attention as city council 
members will rake
providers over the coals on individual complaints come contract-renewal time).

Matt

On 7/14/23 8:01 AM, Neil Hanlon wrote:
> Hi all - I apoligize for the not-necessarily-on-topic post, but I've been 
> struggling with this issue
> for the past two
> weeks and am about out of ideas and options other than ask here.
>
> The short version is I recently got FIOS at my (new) house, and plugged in my 
> router (SFF PC running
> Vyos). Initially,
> all was fine, however, some time later, connectivity to the gateway given by 
> the DHCP server is
> completely lost. If I
> force a renewal, the gateway (sometimes) comes back--sometimes not. When it 
> doesn't work, the
> DHCPDISCOVER process has
> to start over again and I often recive a lease in a completely different 
> subnet--which isn't really
> the problem, but
> seems to be symptomatic of whatever is happening upstream of me.
>
> The problem, from my perspective, is that the IPv4 gateway given to me in my 
> DHCP lease goes away
> before my lease
> expires--leading to broken v4 connectivity until either 1. the system goes to 
> renew the lease and
> fails, starting over;
> or 2. A watchdog notices and renews the lease (This is what I have attempted 
> to implement, without
> much success).
>
> As a note, IPv6 connectivity (dhcpv6-pd, receiving a /56) is entirely 
> unaffected when IPv4
> connectivity breaks.
>
> For the past week, I have been monitoring to various IPv4 and IPv6 endpoints 
> over ICMP and TCP, and
> have been able to
> chart the outages over that period. More or less, every two hours, shortly 
> after a lease is renewed,
> the gateway
> disappears. I'm happy to share more details and graphs/logs with anyone who 
> might be able to help.
>
> I have attempted to contact FIOS support several times and even had a trouble 
> ticket opened at one
> point--though this
> has been closed as they cannot apparently find any issue with the ONT.
>
> I'm at my wit's end with this issue and would really appreciate any and all 
> help. Please contact me
> off list if you need
> additional details--I can provide ticket numbers/conversation IDs/etc, as 
> well as graphs/logs/etc.
>
> Best,
> Neil Hanlon

Re: whois server

[John Levine]

It appears that Matt Corallo  said:
>But, like they say, modern whois knows where to look, no need to use anything 
>else, I think as long 
>as you're not stuck trying to use macOS or something else shipping weird 
>ancient un-updated unix tools.

If you're inclined to roll your own, I keep a set of whois server
pointers at .whois.services.net so for example
aero.whois.services.net is a CNAME for the whois server for .aero. I
update it daily using a the info in the IANA database and a bunch of
kludges to fill in the gaps.

There's a similar set at .whois-servers.net which seems to be
less up to date.

R"s,
John

PS: Someday I'll do it for rDNS, too.

Re: Request for assistance with Verizon FIOS connection

[Matt Corallo]

I've always had good luck with https://consumercomplaints.fcc.gov/hc/en-us. This tends to result in 
a higher-level tech getting assigned to your ticket at least at larger providers. Depending on where 
you are, your local government may have a similar process (e.g. in NYC the city has a similar 
process that tends to get very high priority tech attention as city council members will rake 
providers over the coals on individual complaints come contract-renewal time).


Matt

On 7/14/23 8:01 AM, Neil Hanlon wrote:
Hi all - I apoligize for the not-necessarily-on-topic post, but I've been struggling with this issue 
for the past two

weeks and am about out of ideas and options other than ask here.

The short version is I recently got FIOS at my (new) house, and plugged in my router (SFF PC running 
Vyos). Initially,
all was fine, however, some time later, connectivity to the gateway given by the DHCP server is 
completely lost. If I
force a renewal, the gateway (sometimes) comes back--sometimes not. When it doesn't work, the 
DHCPDISCOVER process has
to start over again and I often recive a lease in a completely different subnet--which isn't really 
the problem, but

seems to be symptomatic of whatever is happening upstream of me.

The problem, from my perspective, is that the IPv4 gateway given to me in my DHCP lease goes away 
before my lease
expires--leading to broken v4 connectivity until either 1. the system goes to renew the lease and 
fails, starting over;
or 2. A watchdog notices and renews the lease (This is what I have attempted to implement, without 
much success).


As a note, IPv6 connectivity (dhcpv6-pd, receiving a /56) is entirely unaffected when IPv4 
connectivity breaks.


For the past week, I have been monitoring to various IPv4 and IPv6 endpoints over ICMP and TCP, and 
have been able to
chart the outages over that period. More or less, every two hours, shortly after a lease is renewed, 
the gateway

disappears. I'm happy to share more details and graphs/logs with anyone who 
might be able to help.

I have attempted to contact FIOS support several times and even had a trouble ticket opened at one 
point--though this

has been closed as they cannot apparently find any issue with the ONT.

I'm at my wit's end with this issue and would really appreciate any and all help. Please contact me 
off list if you need

additional details--I can provide ticket numbers/conversation IDs/etc, as well 
as graphs/logs/etc.

Best,
Neil Hanlon

Re: 1299 capacity constraints

[Ross Tajvar]

It extremely depends on who you're trying to reach and from what location.
We've seen lots of T1s have congested peering lately. Unfortunately these
days, having uncongested path requires paying a lot of attention and
distributing your traffic yourself rather than simply handing it off to
your transit providers.

On Fri, Jul 14, 2023, 7:57 AM Drew Weaver  wrote:

> Has anyone else been having near constant issues with traffic transiting
> AS 1299 being lost due to their links being oversubscribed?
>
>
>
> Off-list is fine, I am just trying to get a sense of what is going on
> there.
>
>
>
> Thanks,
>
> -Drew
>
>
>

Re: My first ARIN Experience but probably not the last, unfortunately..

[Grant Taylor via NANOG]

On 7/14/23 4:05 PM, Darin Steffl wrote:
This screams of entitlement. If you can't afford $250 a year for ARIN, 
you probably shouldn't be starting a new business. Sorry


Why do you assume that I was even thinking about cost.

I was talking purely about understanding and how it could go either way. 
 The cost is immaterial to my statement.




Grant. . . .

Re: My first ARIN Experience but probably not the last, unfortunately..

[Robert Webb]

Where did I EVER say I couldn't afford it and wasn't going to pay. Please
quit assuming!!

On Fri, Jul 14, 2023 at 5:07 PM Darin Steffl 
wrote:

> This screams of entitlement. If you can't afford $250 a year for ARIN, you
> probably shouldn't be starting a new business. Sorry
>
> On Fri, Jul 14, 2023 at 4:00 PM Grant Taylor via NANOG 
> wrote:
>
>> On 7/14/23 12:04 PM, Robert Webb wrote:
>> > For all of you who have historical knowledge of how ARIN has/does
>> > operate, throw that out the window and look at it from a newcomer
>> > point of view and the wording being taken at face value.
>> Drive by comment:
>>
>> I can see how someone not in the know -- like myself -- could mistake
>> this the way that Robert did.  I can also see how it might be taken
>> differently by those in the know.
>>
>> "There is a temporary IPv6 fee waiver for organizations in the 3X-Small
>> service category."
>>
>> I can see that as both "(new) organizations (that aren't currently
>> registered) that are the size of a 3X-Small..." and "(existing 3X-Small)
>> organizations that are (already registered and) the size of a 3X-Small..."
>>
>> It seems somewhat unclear to me if it applies to new registrants or if
>> it's a perk for existing registrants to grow.
>>
>> Just my $0.02 worth as I drive by.
>>
>>
>>
>> Grant. . . .
>>
>
>
> --
> Darin Steffl
> Minnesota WiFi
> www.mnwifi.com
> 507-634-WiFi
> Like us on Facebook 
>

Re: My first ARIN Experience but probably not the last, unfortunately..

[Matt Erculiani]

> If you can't afford $250 a year for ARIN, you probably shouldn't be
starting a new business.

That seems a little tone deaf and extremely insensitive to a lot of
non-profit organizations who fight for every penny they can.

-Matt

On Fri, Jul 14, 2023 at 3:06 PM Darin Steffl 
wrote:

> This screams of entitlement. If you can't afford $250 a year for ARIN, you
> probably shouldn't be starting a new business. Sorry
>
> On Fri, Jul 14, 2023 at 4:00 PM Grant Taylor via NANOG 
> wrote:
>
>> On 7/14/23 12:04 PM, Robert Webb wrote:
>> > For all of you who have historical knowledge of how ARIN has/does
>> > operate, throw that out the window and look at it from a newcomer
>> > point of view and the wording being taken at face value.
>> Drive by comment:
>>
>> I can see how someone not in the know -- like myself -- could mistake
>> this the way that Robert did.  I can also see how it might be taken
>> differently by those in the know.
>>
>> "There is a temporary IPv6 fee waiver for organizations in the 3X-Small
>> service category."
>>
>> I can see that as both "(new) organizations (that aren't currently
>> registered) that are the size of a 3X-Small..." and "(existing 3X-Small)
>> organizations that are (already registered and) the size of a 3X-Small..."
>>
>> It seems somewhat unclear to me if it applies to new registrants or if
>> it's a perk for existing registrants to grow.
>>
>> Just my $0.02 worth as I drive by.
>>
>>
>>
>> Grant. . . .
>>
>
>
> --
> Darin Steffl
> Minnesota WiFi
> www.mnwifi.com
> 507-634-WiFi
> Like us on Facebook 
>


-- 
Matt Erculiani
ERCUL-ARIN

Re: My first ARIN Experience but probably not the last, unfortunately..

[Darin Steffl]

This screams of entitlement. If you can't afford $250 a year for ARIN, you
probably shouldn't be starting a new business. Sorry

On Fri, Jul 14, 2023 at 4:00 PM Grant Taylor via NANOG 
wrote:

> On 7/14/23 12:04 PM, Robert Webb wrote:
> > For all of you who have historical knowledge of how ARIN has/does
> > operate, throw that out the window and look at it from a newcomer
> > point of view and the wording being taken at face value.
> Drive by comment:
>
> I can see how someone not in the know -- like myself -- could mistake
> this the way that Robert did.  I can also see how it might be taken
> differently by those in the know.
>
> "There is a temporary IPv6 fee waiver for organizations in the 3X-Small
> service category."
>
> I can see that as both "(new) organizations (that aren't currently
> registered) that are the size of a 3X-Small..." and "(existing 3X-Small)
> organizations that are (already registered and) the size of a 3X-Small..."
>
> It seems somewhat unclear to me if it applies to new registrants or if
> it's a perk for existing registrants to grow.
>
> Just my $0.02 worth as I drive by.
>
>
>
> Grant. . . .
>


-- 
Darin Steffl
Minnesota WiFi
www.mnwifi.com
507-634-WiFi
Like us on Facebook 

Re: My first ARIN Experience but probably not the last, unfortunately..

[Grant Taylor via NANOG]

On 7/14/23 12:04 PM, Robert Webb wrote:
For all of you who have historical knowledge of how ARIN has/does 
operate, throw that out the window and look at it from a newcomer 
point of view and the wording being taken at face value.

Drive by comment:

I can see how someone not in the know -- like myself -- could mistake 
this the way that Robert did.  I can also see how it might be taken 
differently by those in the know.


"There is a temporary IPv6 fee waiver for organizations in the 3X-Small 
service category."


I can see that as both "(new) organizations (that aren't currently 
registered) that are the size of a 3X-Small..." and "(existing 3X-Small) 
organizations that are (already registered and) the size of a 3X-Small..."


It seems somewhat unclear to me if it applies to new registrants or if 
it's a perk for existing registrants to grow.


Just my $0.02 worth as I drive by.



Grant. . . .

Re: My first ARIN Experience but probably not the last, unfortunately..

[John Sweeting]

Robert, we will look to make the text more clear.

Thanks

John Sweeting, ARIN CCO

Sent from my iPhone

On Jul 14, 2023, at 2:17 PM, Robert Webb  wrote:


No, I didn't quit reading..

The issue being a newcomer and not fully versed on the levels, I never made the 
connection of the /36 to the 2X-Small Category. A simple addition of adding in 
a reference to that category would make it a lot more clear..

Something as simple as changing to the below, would have more easily triggered 
that connection.

*There is a temporary IPv6 fee waiver for organizations in the 3X-Small service 
category. A 3X-Small organization may receive registry services for up to a /36 
of total IPv6 space and remain in the 3X-Small service category and not be 
charged at the 2X-Small fee schedule. This waiver will expire 31 December 2026.

On Fri, Jul 14, 2023 at 1:57 PM Jon Lewis 
mailto:jle...@lewis.org>> wrote:
On Fri, 14 Jul 2023, Robert Webb wrote:

> For all of you who have historical knowledge of how ARIN has/does operate, 
> throw that out the window and look at it from a newcomer point of view and 
> the wording being taken at
> face value.

You just stopped reading after the part you liked :)

"There is a temporary IPv6 fee waiver for organizations in the 3X-Small
service category. A 3X-Small organization may receive registry services
for up to a /36 of total IPv6 space and remain in the 3X-Small service
category. This waiver will expire 31 December 2026."

The "fee waiver" is that they're allowing a 3x-small org to grow into a
2x-small org's worth of v6 space while staying at the 3x-small org annual
fee.

Presumably, you could request a /40, and then request another (and
another...), and as long as you have a /36 or less worth of v6 space,
you'll still only owe $250/year for the IPv6 space until this "deal"
expires at the end of 2026.

--
  Jon Lewis, MCP :)   |  I route
  StackPath, Sr. Neteng   |  therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: My first ARIN Experience but probably not the last, unfortunately..

[Robert Webb]

No, I didn't quit reading..

The issue being a newcomer and not fully versed on the levels, I never made
the connection of the /36 to the 2X-Small Category. A simple addition of
adding in a reference to that category would make it a lot more clear..

Something as simple as changing to the below, would have more easily
triggered that connection.

**There is a temporary IPv6 fee waiver for organizations in the 3X-Small
service category. A 3X-Small organization may receive registry services for
up to a /36 of total IPv6 space and remain in the 3X-Small service category
and not be charged at the 2X-Small fee schedule. This waiver will expire 31
December 2026.*

On Fri, Jul 14, 2023 at 1:57 PM Jon Lewis  wrote:

> On Fri, 14 Jul 2023, Robert Webb wrote:
>
> > For all of you who have historical knowledge of how ARIN has/does
> operate, throw that out the window and look at it from a newcomer point of
> view and the wording being taken at
> > face value.
>
> You just stopped reading after the part you liked :)
>
> "There is a temporary IPv6 fee waiver for organizations in the 3X-Small
> service category. A 3X-Small organization may receive registry services
> for up to a /36 of total IPv6 space and remain in the 3X-Small service
> category. This waiver will expire 31 December 2026."
>
> The "fee waiver" is that they're allowing a 3x-small org to grow into a
> 2x-small org's worth of v6 space while staying at the 3x-small org annual
> fee.
>
> Presumably, you could request a /40, and then request another (and
> another...), and as long as you have a /36 or less worth of v6 space,
> you'll still only owe $250/year for the IPv6 space until this "deal"
> expires at the end of 2026.
>
> --
>   Jon Lewis, MCP :)   |  I route
>   StackPath, Sr. Neteng   |  therefore you are
> _ http://www.lewis.org/~jlewis/pgp for PGP public key_
>

Weekly Global IPv4 Routing Table Report

[Routing Table Analysis Role Account]

This is an automated weekly mailing describing the state of the Global
IPv4 Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-st...@lists.apnic.net.

For historical data, please see https://thyme.apnic.net.

If you have any comments please contact Philip Smith .

IPv4 Routing Table Report   04:00 +10GMT Sat 15 Jul, 2023

  BGP Table (Global) as seen in Japan.

Report Website: https://thyme.apnic.net
Detailed Analysis:  https://thyme.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  926979
Prefixes after maximum aggregation (per Origin AS):  351217
Deaggregation factor:  2.64
Unique aggregates announced (without unneeded subnets):  451896
Total ASes present in the Internet Routing Table: 74578
Prefixes per ASN: 12.43
Origin-only ASes present in the Internet Routing Table:   64040
Origin ASes announcing only one prefix:   26340
Transit ASes present in the Internet Routing Table:   10538
Transit-only ASes present in the Internet Routing Table:439
Average AS path length visible in the Internet Routing Table:   4.3
Max AS path length visible:  68
Max AS path prepend of ASN (263725)  64
Prefixes from unregistered ASNs in the Routing Table:  1048
Number of instances of unregistered ASNs:  1052
Number of 32-bit ASNs allocated by the RIRs:  42267
Number of 32-bit ASNs visible in the Routing Table:   34804
Prefixes from 32-bit ASNs in the Routing Table:  173237
Number of bogon 32-bit ASNs visible in the Routing Table:29
Special use prefixes present in the Routing Table:1
Prefixes being announced from unallocated address space:564
Number of addresses announced to Internet:   3054440448
Equivalent to 182 /8s, 15 /16s and 16 /24s
Percentage of available address space announced:   82.5
Percentage of allocated address space announced:   82.5
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   99.6
Total number of prefixes smaller than registry allocations:  309081

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   245848
Total APNIC prefixes after maximum aggregation:   69865
APNIC Deaggregation factor:3.52
Prefixes being announced from the APNIC address blocks:  239678
Unique aggregates announced from the APNIC address blocks:98658
APNIC Region origin ASes present in the Internet Routing Table:   13507
APNIC Prefixes per ASN:   17.74
APNIC Region origin ASes announcing only one prefix:   3997
APNIC Region transit ASes present in the Internet Routing Table:   1797
Average APNIC Region AS path length visible:4.5
Max APNIC Region AS path length visible: 26
Number of APNIC region 32-bit ASNs visible in the Routing Table:   8830
Number of APNIC addresses announced to Internet:  773696640
Equivalent to 46 /8s, 29 /16s and 172 /24s
APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 63488-64098, 64297-64395, 131072-153913
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:271645
Total ARIN prefixes after maximum aggregation:   123536
ARIN Deaggregation factor: 2.20
Prefixes being announced from the ARIN address blocks:   273939
Unique aggregates announced from the ARIN address blocks:130821
ARIN Region origin ASes present in the Internet Routing Table:19099
ARIN Prefixes per ASN:

Re: My first ARIN Experience but probably not the last, unfortunately..

[Jon Lewis]

On Fri, 14 Jul 2023, Robert Webb wrote:


For all of you who have historical knowledge of how ARIN has/does operate, 
throw that out the window and look at it from a newcomer point of view and the 
wording being taken at
face value.


You just stopped reading after the part you liked :)

"There is a temporary IPv6 fee waiver for organizations in the 3X-Small 
service category. A 3X-Small organization may receive registry services 
for up to a /36 of total IPv6 space and remain in the 3X-Small service 
category. This waiver will expire 31 December 2026."


The "fee waiver" is that they're allowing a 3x-small org to grow into a 
2x-small org's worth of v6 space while staying at the 3x-small org annual 
fee.


Presumably, you could request a /40, and then request another (and 
another...), and as long as you have a /36 or less worth of v6 space, 
you'll still only owe $250/year for the IPv6 space until this "deal" 
expires at the end of 2026.


--
 Jon Lewis, MCP :)   |  I route
 StackPath, Sr. Neteng   |  therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Call for Participation -- ICANN DNSSEC and Security Workshop for ICANN78

[Jacques Latour via NANOG]

Call for Participation -- ICANN DNSSEC and Security Workshop for ICANN7 Annual 
General Meeting



In cooperation with the ICANN Security and Stability Advisory Committee (SSAC), 
we are planning a DNSSEC and Security Workshop for the ICANN78 Annual General 
Meeting being held as a hybrid meeting from 21-26 October 2023 Hamburg, Germany 
in the Central European Summer Time Zone (UTC +2). This workshop date will be 
determined once ICANN creates a block schedule for us to follow; then we will 
be able to request a day and time. The DNSSEC and Security Workshop has been a 
part of ICANN meetings for several years and has provided a forum for both 
experienced and new people to meet, present and discuss current and future 
DNSSEC deployments.  For reference, the most recent session was held at the 
ICANN77 Policy Forum on Monday, 12 June 2023. The presentations and transcripts 
are available at: https://meetings.icann.org/en/icann77.


The DNSSEC Workshop Program Committee is developing a program for the

upcoming meeting.  Proposals will be considered for the following topic areas 
and included if space permits.  In addition, we welcome suggestions for 
additional topics either for inclusion in the ICANN78 workshop, or for 
consideration for future workshops.



1.  Global DNSSEC Activities Panel

For this panel, we are seeking participation from those who have been involved 
in DNSSEC deployment as well as from those who have not deployed DNSSEC but who 
have a keen interest in the challenges and benefits of deployment, including 
Root Key Signing Key (KSK) Rollover activities and plans.



2.  DNSSEC Best Practice

Now that DNSSEC has become an operational norm for many registries, registrars, 
and ISPs, what have we learned about how we manage DNSSEC?

  *   Do you still submit/accept DS records with Digest Type 1?
  *   What is the best practice around key roll-overs?
  *   What about Algorithm roll-overs?
  *   Do you use and support DNSKEY Algorithms 13-16?
  *   How often do you review your disaster recovery procedures?
  *   Is there operational familiarity within your customer support teams?
  *   What operational statistics have been gathered about DNSSEC?
  *   Are there experiences being documented in the form of best practices, or 
something similar, for transfer of signed zones?



Activities and issues related to DNSSEC in the DNS Root Zone are also desired.



3. DNSSEC Deployment Challenges

The program committee is seeking input from those that are interested in 
implementation of DNSSEC but have general or particular concerns with DNSSEC.  
In particular, we are seeking input from individuals that would be willing to 
participate in a panel that would discuss questions of the following nature:

  *   Are there any policies directly or indirectly impeding your DNSSEC 
deployment? (RRR model, CDS/CDNSKEY automation)
  *   What are your most significant concerns with DNSSEC, e.g., complexity, 
training, implementation, operation or something else?
  *   What do you expect DNSSEC to do for you and what doesn't it do?
  *   What do you see as the most important trade-offs with respect to doing or 
not doing DNSSEC?



4. Security Panel

The program committee is looking for presentations on DNS, DNSSEC, routing and 
other topics that could impact the security and/or stability of the Internet.



We are looking for presentations that cover implementation issues, challenges, 
opportunities, and best practices for:

  *   Emerging threats that could impact the security and/or stability of the 
Internet
  *   DoH and DoT
  *   RPKI (Resource Public Key Infrastructure)
  *   BGP routing & secure implementations
  *   MANRS ( Mutually Agreed Norms for Routing Security)
  *   Browser security - DNS, DNSSEC, DoH
  *   EMAIL & DNS related security - DMARC, DKIM, TLSA, etc...



If you are interested in participating, please send a brief (1-3 sentence) 
description of your proposed presentation to 
dnssec-security-works...@icann.org 
by COB Friday, 15 September 2023.



Thank you,

Kathy and Andrew

On behalf of the DNSSEC Workshop Program Committee:

Fred Baker, ISC

Steve Crocker, Edgemoor Research Institute

Mark Elkins, DNS/ZARC

Jacques Latour, .CA

Russ Mundy, Tislabs

Yoshiro Yoneya, JPRS

Dan York, Internet Society






CLASSIFICATION:CONFIDENTIAL

Re: My first ARIN Experience but probably not the last, unfortunately..

[Robert Webb]

For all of you who have historical knowledge of how ARIN has/does operate,
throw that out the window and look at it from a newcomer point of view and
the wording being taken at face value.

On Fri, Jul 14, 2023 at 12:52 PM August Yang via NANOG 
wrote:

> > *There is a temporary IPv6 fee waiver for organizations in the
> > 3X-Small service category. A 3X-Small organization may receive
> > registry services for up to a /36 of total IPv6 space and remain in
> > the 3X-Small service category. This waiver will expire 31 December 2026.
> IMHO the wording here is clear.
>
> On 2023-07-14 12:37 p.m., Robert Webb wrote:
> > Sorry for the completely off topic rant here, but maybe it will garner
> > some attention from the ARIN folks.
> >
> > So I am attempting a small startup business and and initially building
> > out three sites and thought it would be good to register and upfront
> > get my own IPv6 space instead of leasing from some other party or have
> > to renumber as future things change
> >
> > Looking at the ARIN website and fee schedule, I see there is a blurb
> > at the bottom of the RSP Categories and Fees about IPv6 fees being
> > waived until December 31, 2026. My reaction was along the lines of
> > this is great, it helps small companies and startups get IPv6 deployed
> > and up and running in their environment.
> >
> > So I put in the request for a /44 initial request and provided all my
> > justifications and within a couple of days I got word that my request
> > was approved. Wonderful..
> >
> > Then I proceed to get a $250 invoice for my /44 under a 3X-Small
> > category! Huh??
> >
> > So I call in and am told the waiver is only for those in a 2X-Service
> > Category who want to obtain a 3X-Small Category subnet and that it
> > really isn't a fee waiver, but that the 2X-Small Category organization
> > will only be charged a 3X-Small fee of $250 and that the $500 fee.
> >
> > So ARIN, either quit the bait and switch, or fix the wording in the
> > Fee Schedule AND provide a link to the full text of the waiver. As the
> > blurb in the schedule mentions nothing about the 2X-Small Category and
> > honestly, no fees are really waived.
> >
> > Again, apologies for the rant, but just needed to get it out there,
> > the frustration of a small start up business owner..
> --
> Best regards
> August Yang
>

Re: Request for assistance with Verizon FIOS connection

[Doug Barrett]

If possible, put a network tap in-between the router and the ONT, and sniff
the traffic.

I've seen this recently where in a very specific circumstance (two hardware
vendors, and only with CGNAT IPs), one side stopped responding to ARP
requests.  The tap capture showed the request going out, but the far end
never processed it.  Running a capture on the far end device wouldn't show
the received ARP request - it just vanished somewhere between the wire and
the pcap.

Solution ended up being a software update on the router side, I'm assuming
it updated a NIC driver as well.


-Original Message-
From: NANOG  On Behalf Of Neil Hanlon
Sent: Friday, July 14, 2023 10:54 AM
To: Mel Beckman 
Cc: nanog@nanog.org
Subject: Re: Request for assistance with Verizon FIOS connection

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.

Re: 1299 capacity constraints

[Daniel Marks via NANOG]

Same in the continental US via Chicago, no widespread issues here but we egress 
less than 100gbps via 1299 so we’re small potatoes. We sometimes notice QUIC 
streams to 7018 having trouble, but nothing worth complaining about yet.

Sent from my iPhone

> On Jul 14, 2023, at 12:15, Mark Tinka  wrote:
> 
>  
> 
>> On 7/14/23 13:55, Drew Weaver wrote:
>> 
>> Has anyone else been having near constant issues with traffic transiting AS 
>> 1299 being lost due to their links being oversubscribed?
> 
> We pick them up in London, so we haven't seen that. But we also have a 
> healthy mix of transit providers + peering, so we may not be as exposed.
> 
> YMMV based on where you pick them up and what other options you have.
> 
> Mark.


smime.p7s
Description: S/MIME cryptographic signature

Re: My first ARIN Experience but probably not the last, unfortunately..

[Rishi Panthee via NANOG]

Hello,

I think you misread the ARIN fee waiver guideline, they basically state that 
you can get up to a /36 of IPv6 space, 2x-Small, while paying for 3X-Small 
pricing.


Rishi Panthee


On Jul 14, 2023, at 11:37 AM, Robert Webb  wrote:

Sorry for the completely off topic rant here, but maybe it will garner some 
attention from the ARIN folks.

So I am attempting a small startup business and and initially building out 
three sites and thought it would be good to register and upfront get my own 
IPv6 space instead of leasing from some other party or have to renumber as 
future things change

Looking at the ARIN website and fee schedule, I see there is a blurb at the 
bottom of the RSP Categories and Fees about IPv6 fees being waived until 
December 31, 2026. My reaction was along the lines of this is great, it helps 
small companies and startups get IPv6 deployed and up and running in their 
environment.

So I put in the request for a /44 initial request and provided all my 
justifications and within a couple of days I got word that my request was 
approved. Wonderful..

Then I proceed to get a $250 invoice for my /44 under a 3X-Small category! Huh??

So I call in and am told the waiver is only for those in a 2X-Service Category 
who want to obtain a 3X-Small Category subnet and that it really isn't a fee 
waiver, but that the 2X-Small Category organization will only be charged a 
3X-Small fee of $250 and that the $500 fee.

So ARIN, either quit the bait and switch, or fix the wording in the Fee 
Schedule AND provide a link to the full text of the waiver. As the blurb in the 
schedule mentions nothing about the 2X-Small Category and honestly, no fees are 
really waived.

Again, apologies for the rant, but just needed to get it out there, the 
frustration of a small start up business owner..

Re: My first ARIN Experience but probably not the last, unfortunately..

[August Yang via NANOG]

*There is a temporary IPv6 fee waiver for organizations in the 
3X-Small service category. A 3X-Small organization may receive 
registry services for up to a /36 of total IPv6 space and remain in 
the 3X-Small service category. This waiver will expire 31 December 2026.

IMHO the wording here is clear.

On 2023-07-14 12:37 p.m., Robert Webb wrote:
Sorry for the completely off topic rant here, but maybe it will garner 
some attention from the ARIN folks.


So I am attempting a small startup business and and initially building 
out three sites and thought it would be good to register and upfront 
get my own IPv6 space instead of leasing from some other party or have 
to renumber as future things change


Looking at the ARIN website and fee schedule, I see there is a blurb 
at the bottom of the RSP Categories and Fees about IPv6 fees being 
waived until December 31, 2026. My reaction was along the lines of 
this is great, it helps small companies and startups get IPv6 deployed 
and up and running in their environment.


So I put in the request for a /44 initial request and provided all my 
justifications and within a couple of days I got word that my request 
was approved. Wonderful..


Then I proceed to get a $250 invoice for my /44 under a 3X-Small 
category! Huh??


So I call in and am told the waiver is only for those in a 2X-Service 
Category who want to obtain a 3X-Small Category subnet and that it 
really isn't a fee waiver, but that the 2X-Small Category organization 
will only be charged a 3X-Small fee of $250 and that the $500 fee.


So ARIN, either quit the bait and switch, or fix the wording in the 
Fee Schedule AND provide a link to the full text of the waiver. As the 
blurb in the schedule mentions nothing about the 2X-Small Category and 
honestly, no fees are really waived.


Again, apologies for the rant, but just needed to get it out there, 
the frustration of a small start up business owner..

--
Best regards
August Yang


OpenPGP_0x9C1B40F09053AE75.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

My first ARIN Experience but probably not the last, unfortunately..

[Robert Webb]

Sorry for the completely off topic rant here, but maybe it will garner some
attention from the ARIN folks.

So I am attempting a small startup business and and initially building out
three sites and thought it would be good to register and upfront get my own
IPv6 space instead of leasing from some other party or have to renumber as
future things change

Looking at the ARIN website and fee schedule, I see there is a blurb at the
bottom of the RSP Categories and Fees about IPv6 fees being waived until
December 31, 2026. My reaction was along the lines of this is great, it
helps small companies and startups get IPv6 deployed and up and running in
their environment.

So I put in the request for a /44 initial request and provided all my
justifications and within a couple of days I got word that my request was
approved. Wonderful..

Then I proceed to get a $250 invoice for my /44 under a 3X-Small category!
Huh??

So I call in and am told the waiver is only for those in a 2X-Service
Category who want to obtain a 3X-Small Category subnet and that it really
isn't a fee waiver, but that the 2X-Small Category organization will only
be charged a 3X-Small fee of $250 and that the $500 fee.

So ARIN, either quit the bait and switch, or fix the wording in the Fee
Schedule AND provide a link to the full text of the waiver. As the blurb in
the schedule mentions nothing about the 2X-Small Category and honestly, no
fees are really waived.

Again, apologies for the rant, but just needed to get it out there, the
frustration of a small start up business owner..

Re: 1299 capacity constraints

[Mark Tinka]

On 7/14/23 13:55, Drew Weaver wrote:

Has anyone else been having near constant issues with traffic 
transiting AS 1299 being lost due to their links being oversubscribed?




We pick them up in London, so we haven't seen that. But we also have a 
healthy mix of transit providers + peering, so we may not be as exposed.


YMMV based on where you pick them up and what other options you have.

Mark.

Re: Request for assistance with Verizon FIOS connection

[Neil Hanlon]

On 14.07.2023 15:44, Mel Beckman wrote:

The first thing I would do is to try a different RJ45 cable AND router to rule 
out your cable or homemade router being the problem. Yes, you’ll have to pick 
up a cheap router, but any $50 gadget, such as a Mikrotik RB or Ubiquiti ER-X 
will do. Most network techs have a garage full of castoff routers they can pull 
out in a pinch.


Yeah, I should have included that in the initial email, apologies. I've plugged 
my laptop in (Lenovo T14) and it
exhibits the same behavior. I've even plugged in my travel router which works 
pretty much anywhere I've tried it, and
after some time, the same thing happens.



-mel beckman


On Jul 14, 2023, at 8:05 AM, Neil Hanlon  wrote:

Hi all - I apoligize for the not-necessarily-on-topic post, but I've been 
struggling with this issue for the past two
weeks and am about out of ideas and options other than ask here.

The short version is I recently got FIOS at my (new) house, and plugged in my 
router (SFF PC running Vyos). Initially,
all was fine, however, some time later, connectivity to the gateway given by 
the DHCP server is completely lost. If I
force a renewal, the gateway (sometimes) comes back--sometimes not. When it 
doesn't work, the DHCPDISCOVER process has
to start over again and I often recive a lease in a completely different 
subnet--which isn't really the problem, but
seems to be symptomatic of whatever is happening upstream of me.

The problem, from my perspective, is that the IPv4 gateway given to me in my 
DHCP lease goes away before my lease
expires--leading to broken v4 connectivity until either 1. the system goes to 
renew the lease and fails, starting over;
or 2. A watchdog notices and renews the lease (This is what I have attempted to 
implement, without much success).

As a note, IPv6 connectivity (dhcpv6-pd, receiving a /56) is entirely 
unaffected when IPv4 connectivity breaks.

For the past week, I have been monitoring to various IPv4 and IPv6 endpoints 
over ICMP and TCP, and have been able to
chart the outages over that period. More or less, every two hours, shortly 
after a lease is renewed, the gateway
disappears. I'm happy to share more details and graphs/logs with anyone who 
might be able to help.

I have attempted to contact FIOS support several times and even had a trouble 
ticket opened at one point--though this
has been closed as they cannot apparently find any issue with the ONT.

I'm at my wit's end with this issue and would really appreciate any and all 
help. Please contact me off list if you need
additional details--I can provide ticket numbers/conversation IDs/etc, as well 
as graphs/logs/etc.

Best,
Neil Hanlon


signature.asc
Description: PGP signature

Re: Request for assistance with Verizon FIOS connection

[Mel Beckman]

The first thing I would do is to try a different RJ45 cable AND router to rule 
out your cable or homemade router being the problem. Yes, you’ll have to pick 
up a cheap router, but any $50 gadget, such as a Mikrotik RB or Ubiquiti ER-X 
will do. Most network techs have a garage full of castoff routers they can pull 
out in a pinch.

 -mel beckman

> On Jul 14, 2023, at 8:05 AM, Neil Hanlon  wrote:
> 
> Hi all - I apoligize for the not-necessarily-on-topic post, but I've been 
> struggling with this issue for the past two
> weeks and am about out of ideas and options other than ask here.
> 
> The short version is I recently got FIOS at my (new) house, and plugged in my 
> router (SFF PC running Vyos). Initially,
> all was fine, however, some time later, connectivity to the gateway given by 
> the DHCP server is completely lost. If I
> force a renewal, the gateway (sometimes) comes back--sometimes not. When it 
> doesn't work, the DHCPDISCOVER process has
> to start over again and I often recive a lease in a completely different 
> subnet--which isn't really the problem, but
> seems to be symptomatic of whatever is happening upstream of me.
> 
> The problem, from my perspective, is that the IPv4 gateway given to me in my 
> DHCP lease goes away before my lease
> expires--leading to broken v4 connectivity until either 1. the system goes to 
> renew the lease and fails, starting over;
> or 2. A watchdog notices and renews the lease (This is what I have attempted 
> to implement, without much success).
> 
> As a note, IPv6 connectivity (dhcpv6-pd, receiving a /56) is entirely 
> unaffected when IPv4 connectivity breaks.
> 
> For the past week, I have been monitoring to various IPv4 and IPv6 endpoints 
> over ICMP and TCP, and have been able to
> chart the outages over that period. More or less, every two hours, shortly 
> after a lease is renewed, the gateway
> disappears. I'm happy to share more details and graphs/logs with anyone who 
> might be able to help.
> 
> I have attempted to contact FIOS support several times and even had a trouble 
> ticket opened at one point--though this
> has been closed as they cannot apparently find any issue with the ONT.
> 
> I'm at my wit's end with this issue and would really appreciate any and all 
> help. Please contact me off list if you need
> additional details--I can provide ticket numbers/conversation IDs/etc, as 
> well as graphs/logs/etc.
> 
> Best,
> Neil Hanlon

Request for assistance with Verizon FIOS connection

[Neil Hanlon]

Hi all - I apoligize for the not-necessarily-on-topic post, but I've been 
struggling with this issue for the past two
weeks and am about out of ideas and options other than ask here.

The short version is I recently got FIOS at my (new) house, and plugged in my 
router (SFF PC running Vyos). Initially,
all was fine, however, some time later, connectivity to the gateway given by 
the DHCP server is completely lost. If I
force a renewal, the gateway (sometimes) comes back--sometimes not. When it 
doesn't work, the DHCPDISCOVER process has
to start over again and I often recive a lease in a completely different 
subnet--which isn't really the problem, but
seems to be symptomatic of whatever is happening upstream of me.

The problem, from my perspective, is that the IPv4 gateway given to me in my 
DHCP lease goes away before my lease
expires--leading to broken v4 connectivity until either 1. the system goes to 
renew the lease and fails, starting over;
or 2. A watchdog notices and renews the lease (This is what I have attempted to 
implement, without much success).

As a note, IPv6 connectivity (dhcpv6-pd, receiving a /56) is entirely 
unaffected when IPv4 connectivity breaks.

For the past week, I have been monitoring to various IPv4 and IPv6 endpoints 
over ICMP and TCP, and have been able to
chart the outages over that period. More or less, every two hours, shortly 
after a lease is renewed, the gateway
disappears. I'm happy to share more details and graphs/logs with anyone who 
might be able to help.

I have attempted to contact FIOS support several times and even had a trouble 
ticket opened at one point--though this
has been closed as they cannot apparently find any issue with the ONT.

I'm at my wit's end with this issue and would really appreciate any and all 
help. Please contact me off list if you need
additional details--I can provide ticket numbers/conversation IDs/etc, as well 
as graphs/logs/etc.

Best,
Neil Hanlon


signature.asc
Description: PGP signature

1299 capacity constraints

[Drew Weaver]

Has anyone else been having near constant issues with traffic transiting AS 
1299 being lost due to their links being oversubscribed?

Off-list is fine, I am just trying to get a sense of what is going on there.

Thanks,
-Drew