Re: Acceptance of RPKI unknown in ROV

[Gaurav Kansal via NANOG]

> On 20-Oct-2023, at 00:35, nanog@nanog.org wrote:
> 
> On Thu, 19 Oct 2023 at 11:56, Owen DeLong  > wrote:
>>> 
>>> On Thu, 19 Oct 2023 at 11:46, Owen DeLong via NANOG >> > wrote:
 A question for network operators out there that implement ROV…
 
 Is anyone rejecting RPKI unknown routes at this time?
 
 I know that it’s popular to reject RPKI invalid (a ROA exists, but doesn’t 
 match the route), but I’m wondering if anyone  is currently or has any 
 plans to start rejecting routes which don’t have a matching ROA at all?
>>> 
>>> 
>>> This would be a bad idea and cause needless fragility in the network 
>>> without any upsides.
>> 
>> I’m not intending to advocate it, I’m asking if anyone is currently doing it.
> 
> 
> I’m not aware of anyone doing this, and have not heard operators express 
> interest in doing this (probably because it seems such an unpleasant concept).
> 
> Somewhat related:
> 
> I do know of operators that require a ROA (if it’s non-legacy space) during 
> their customer onboarding process, for example, in BOYIP for DIA cases.

In my region also, ISPs are asking valid ROAs before on-boarding users. 

> 
> But those operators do not expect the ROA to continually exist after the 
> provisioning has been completed successfully. Making the continued 
> availability of a route dependent on the continued validity of a ROA is where 
> friction starts to form.
> 
> Kind regards,
> 
> Job

Re: ARIN election statistics, eligible-to-vote ASNs/Org IDs vs. number of votes cast

[John Curran]

On Oct 19, 2023, at 5:25 PM, Eric Kuhnke  wrote:

Does anyone have general statistics on:

a) Number of eligible voting org IDs

b) Percentage of eligible voting org IDs which actually cast ballots in 
previous ARIN elections

That’s an interesting question to ask over here on nanog’s mailing list, but 
anyway here goes -

ARIN 2022 Election Results - 
https://www.arin.net/announcements/20221031_results/
ARIN 2021 Election Results - 
https://www.arin.net/announcements/2027_election/
ARIN 2020 Election Results - 
https://www.arin.net/announcements/20201103_election/

Each election result posting contains a summary at the bottom that includes 
metrics you seek - For example -
===
2020 Voter Statistics

 *   6,689 ARIN Members as of 8 September 2020
 *   5,684 ARIN eligible Voting Organizations* as of 8 September 2020
 *   ARIN Board of Trustees election: 490 voters on behalf of 603 unique 
ARIN Member organizations cast a ballot in the ARIN Board of Trustees election
 *   ARIN Advisory Council election: 485 voters on behalf of 595 unique 
ARIN Member organizations cast a ballot in the ARIN Advisory Council election

*ARIN Member in Good Standing with a properly registered Voting Contact linked 
to an ARIN Online account as of 8 September 2020.

===


Best wishes,
/John

John Curran
President and CEO
American Registry for Internet Numbers

ARIN election statistics, eligible-to-vote ASNs/Org IDs vs. number of votes cast

[Eric Kuhnke]

Does anyone have general statistics on:

a) Number of eligible voting org IDs

b) Percentage of eligible voting org IDs which actually cast ballots in
previous ARIN elections

Re: Acceptance of RPKI unknown in ROV

[Randy Bush]

>> has arin not made it easier, lowering the legal insanity, for legacy
>> holders to obtain services?
> Yes but they need to jump now if they want to take advantage of it, as
> I understand it.

arin has deep expertise in hurdles

randy

Re: Acceptance of RPKI unknown in ROV

[Fearghas Mckay]

 On 19 Oct 2023 at 17:16:21, Randy Bush  wrote:

> has arin not made it easier, lowering the legal insanity, for legacy
> holders to obtain services?
>

Yes but they need to jump now if they want to take advantage of it, as I
understand it.

f

Re: Acceptance of RPKI unknown in ROV

[Randy Bush]

> For legacy resource holders it is a problem but then it’s a
> bureaucratic issue rather technical and technology has a solution
> called SLURM.

has arin not made it easier, lowering the legal insanity, for legacy
holders to obtain services?

randy

Re: Acceptance of RPKI unknown in ROV

[Aftab Siddiqui]

On Thu, 19 Oct 2023 at 1:37 pm, Owen DeLong  wrote:

> I ask because there was discussion at the ARIN meeting and Kevin Blumburg
> made the suggestion that “in 2024, routes will not be accepted without
> ROAs”.
>

As someone who was there, that’s misrepresentation of what Kevin said. Im
sure  he can jump in and share his detailed point of view, but his point
was many operators and cloud providers are already demanding to have a
valid ROA to peer or use their services and that most likely become a
requirement moving forward.

For legacy resource holders it is a problem but then it’s a bureaucratic
issue rather technical and technology has a solution called SLURM.

Re: Acceptance of RPKI unknown in ROV

[Owen DeLong via NANOG]

I ask because there was discussion at the ARIN meeting and Kevin Blumburg made 
the suggestion that “in 2024, routes will not be accepted without ROAs”.

I didn’t think this was likely, but as someone with resources for which I 
cannot create ROAs, it is a concern. So far, I haven’t really seen a 
significant benefit to going to the trouble of creating ROAs, but I also don’t 
want to suddenly find myself offline because I didn’t, so I figured it was a 
good idea to get a sense of the community on this.

Thanks to those that replied.

Owen


> On Oct 19, 2023, at 12:17, Job Snijders  wrote:
> 
> On Thu, 19 Oct 2023 at 12:12, Aftab Siddiqui  > wrote:
>> A quick check to my routing table suggests that I have 206700 preferred 
>> routes (v4/v6) to notfound (unknown) destinations. So yeah I don't think 
>> anyone can afford to do this right now.
> 
> 
> I don’t think anyone can afford to ever do this, regardless of the number of 
> unknown destinations!
> 
> Imagine not being able to reach North American destinations for 23 hours 
> because of a cryptographic signing issue at the RIR [0] causing all ROAs to 
> blip out of existence.
> 
> Kind regards,
> 
> Job
> 
> [0] 
> https://www.arin.net/announcements/20200826/

Re: Acceptance of RPKI unknown in ROV

[Job Snijders via NANOG]

On Thu, 19 Oct 2023 at 12:12, Aftab Siddiqui 
wrote:

> A quick check to my routing table suggests that I have 206700
> preferred routes (v4/v6) to notfound (unknown) destinations. So yeah I
> don't think anyone can afford to do this right now.
>


I don’t think anyone can afford to ever do this, regardless of the number
of unknown destinations!

Imagine not being able to reach North American destinations for 23 hours
because of a cryptographic signing issue at the RIR [0] causing all ROAs to
blip out of existence.

Kind regards,

Job

[0]
https://www.arin.net/announcements/20200826/

Re: Acceptance of RPKI unknown in ROV

[Aftab Siddiqui]

A quick check to my routing table suggests that I have 206700
preferred routes (v4/v6) to notfound (unknown) destinations. So yeah I
don't think anyone can afford to do this right now.

Regards,

Aftab A. Siddiqui


On Fri, 20 Oct 2023 at 05:49, Owen DeLong via NANOG  wrote:

> A question for network operators out there that implement ROV…
>
> Is anyone rejecting RPKI unknown routes at this time?
>
> I know that it’s popular to reject RPKI invalid (a ROA exists, but doesn’t
> match the route), but I’m wondering if anyone  is currently or has any
> plans to start rejecting routes which don’t have a matching ROA at all?
>
> Thanks,
>
> Owen
>
>

Re: Acceptance of RPKI unknown in ROV

[Job Snijders via NANOG]

On Thu, 19 Oct 2023 at 11:56, Owen DeLong  wrote:

>
> On Thu, 19 Oct 2023 at 11:46, Owen DeLong via NANOG 
> wrote:
>
>> A question for network operators out there that implement ROV…
>>
>> Is anyone rejecting RPKI unknown routes at this time?
>>
>> I know that it’s popular to reject RPKI invalid (a ROA exists, but
>> doesn’t match the route), but I’m wondering if anyone  is currently or has
>> any plans to start rejecting routes which don’t have a matching ROA at all?
>
>
>
> This would be a bad idea and cause needless fragility in the network
> without any upsides.
>
>
> I’m not intending to advocate it, I’m asking if anyone is currently doing
> it.
>


I’m not aware of anyone doing this, and have not heard operators express
interest in doing this (probably because it seems such an unpleasant
concept).

Somewhat related:

I do know of operators that require a ROA (if it’s non-legacy space) during
their customer onboarding process, for example, in BOYIP for DIA cases.

But those operators do not expect the ROA to continually exist after the
provisioning has been completed successfully. Making the continued
availability of a route dependent on the continued validity of a ROA is
where friction starts to form.

Kind regards,

Job

>

Re: Acceptance of RPKI unknown in ROV

[Job Snijders via NANOG]

On Thu, 19 Oct 2023 at 11:46, Owen DeLong via NANOG  wrote:

> A question for network operators out there that implement ROV…
>
> Is anyone rejecting RPKI unknown routes at this time?
>
> I know that it’s popular to reject RPKI invalid (a ROA exists, but doesn’t
> match the route), but I’m wondering if anyone  is currently or has any
> plans to start rejecting routes which don’t have a matching ROA at all?



This would be a bad idea and cause needless fragility in the network
without any upsides.

Regards,

Job

Re: Acceptance of RPKI unknown in ROV

[JASON BOTHE via NANOG]

Assuming unknown encompasses no roa at all, im inclined to say most probably 
haven’t because that would break a lot of things because a lot of folks don’t 
have ROAs at all and some don’t seem to even have a plan around implementing 
them. 

J~

> On Oct 19, 2023, at 11:47, Owen DeLong via NANOG  wrote:
> 
> A question for network operators out there that implement ROV…
> 
> Is anyone rejecting RPKI unknown routes at this time?
> 
> I know that it’s popular to reject RPKI invalid (a ROA exists, but doesn’t 
> match the route), but I’m wondering if anyone  is currently or has any plans 
> to start rejecting routes which don’t have a matching ROA at all?
> 
> Thanks,
> 
> Owen
> 

Acceptance of RPKI unknown in ROV

[Owen DeLong via NANOG]

A question for network operators out there that implement ROV…

Is anyone rejecting RPKI unknown routes at this time?

I know that it’s popular to reject RPKI invalid (a ROA exists, but doesn’t 
match the route), but I’m wondering if anyone  is currently or has any plans to 
start rejecting routes which don’t have a matching ROA at all?

Thanks,

Owen

Re: Correcting Netflix ipv6 geolocation

[Jeroen Massar via NANOG]

> On 19 Oct 2023, at 02:09, Justin Kilpatrick  wrote:
> 
> Our ipv6 subnet 2602::FBAD::/40 is


You likely mean 2602:FBAD::/40, as the one above is not a valid IPv6 address ;)

BGP wise it seems only 2602:fbad:8::/45 and 2602:fbad:10::/45 are announced as 
per https://bgp.tools/as/400429#prefixes 

I would definitely verify what you announce, what your GeoFeed settings are etc.

Also, what helps in 99% of cases: iPhone and Android devices with GPS enabled 
as they nicely report IP + GPS coords to their various motherships.

Greets,
 Jeroen

Correcting Netflix ipv6 geolocation

[Justin Kilpatrick]

Our ipv6 subnet 2602::FBAD::/40 is showing up as in Kiev Ukraine on Fast.com 
and Netflix.com which is causing all sorts of problems for our US based 
customers.

Other services like Google and MaxMind don't seem to have any issue and report 
correct locations. Happy to follow up with more information off list.

Thanks! 

-- 
 Justin Kilpatrick | Cofounder and CTO
 jus...@althea.net