Re: ipv6 address management - documentation

[Gaurav Kansal via NANOG]

I will second this.
Netbox is very rich and we can do and manage multiple other things also in 
netbox.
Like I am managing my complete server infra details and my service connectivity 
details in netbox.
Kudos to the developer and the netbox community.

Regards,
Gaurav Kansal


> On 16-Nov-2023, at 23:39, ja...@biel-tech.com wrote:
> 
> My recommendation:
> 
> https://github.com/netbox-community
> 
> 
> On Thu, Nov 16, 2023 at 12:04 PM Aaron Gould  > wrote:
>> For years I've used an MS Excel spreadsheet to manage my IPv4 
>> addresses.  IPv6 is going to be maddening to manage in a spreadsheet.  
>> What does everyone use for their IPv6 address prefix management and 
>> documentation?  Are there open source tools/apps for this?
>> 
>> -- 
>> -Aaron
>> 
> 
> 
> -- 
> Jason

Re: Generally accepted BGP acceptance criteria?

[Frank Habicht]

Also, you don't want to accept Google prefixes from your customer, even 
if they are ROV valid.


i.e. you want to restrict what you accept to customer and customer's 
customer prefixes...


Frank

On 17/11/2023 08:38, Pierfrancesco Caci wrote:
If you need to support RTBH you need to check prefix list (thus IRR) 
first, then the RTBH , then RPKI. Otherwise blackhole route gets dropped 
before executing.

Re: ipv6 address management - documentation

[Ryan Hamel]

Christopher,

A residential customer would be getting their /56 from the providers pool via 
RA or DHCPv6. With a /32 aggregate, it can handle 1.6 million /56 delegations, 
which can cover a few regions. It all depends on the planning going into 
splitting up the aggregate.

A rule of thumb I go by in the datacenter is, a /48 per customer per site, and 
further splitting it into /64s per VLAN, all of which can be plugged into a 
spreadsheet formula to produce a valid complete subnet.

Either way, keeping track of IPAM via spreadsheet is a recipe for disaster. 
NetBox and Nautobot are my choices, and is worth deploying on a server or VPS, 
even for home labs.

Ryan


From: NANOG  on behalf of Christopher 
Hawker 
Sent: Thursday, November 16, 2023 3:52:59 PM
To: Aaron Gould ; Owen DeLong 
Cc: nanog@nanog.org 
Subject: Re: ipv6 address management - documentation

Caution: This is an external email and may be malicious. Please take care when 
clicking links or opening attachments.

One of the first things that comes to mind, is that if you were to breakout a 
/64 v6 subnet (a standard-issue subnet to a residential customer) in an Excel 
spreadsheet, the number of columns you would need is 14 digits long. You could 
breakout the equivalent of a /12 v4 in just one column. Understandably in the 
real world no one (in their right mind) would do this, this is just for 
comparison.

Regards,
Christopher H.

From: NANOG  on behalf of Owen 
DeLong via NANOG 
Sent: Friday, November 17, 2023 10:39 AM
To: Aaron Gould 
Cc: nanog@nanog.org 
Subject: Re: ipv6 address management - documentation

Spreadsheets are terrible for IPAM regardless of address length, but I am 
curious to know why you think IPv6 would be particularly worse than IPv4 in 
such a scenario?

Owen


> On Nov 16, 2023, at 10:02, Aaron Gould  wrote:
>
> For years I've used an MS Excel spreadsheet to manage my IPv4 addresses.  
> IPv6 is going to be maddening to manage in a spreadsheet.  What does everyone 
> use for their IPv6 address prefix management and documentation?  Are there 
> open source tools/apps for this?
>
> --
> -Aaron

Generally accepted BGP acceptance criteria?

[Pierfrancesco Caci]

If you need to support RTBH you need to check prefix list (thus IRR) first, 
then the RTBH , then RPKI. Otherwise blackhole route gets dropped before 
executing.

RE: [External] announcing IPs by scrubbing service to help with DDoS attacks and ROAs

[Tom Krenn via NANOG]

It has been a few years, but I recall advertising my routes to the scrubbing 
center via a tunnel and just prepending to my other peers when in mitigation. 
This was pre-RPKI days, but my ASN was still originating the route. So, I would 
assume no change in ROA would be needed in that scenario. Are you allowing them 
to originate your routes or are they just another hop in your as-path?

Tom Krenn
Network Architect
Enterprise Architecture - Information Technology
[Hennepin County logo]


From: NANOG  On Behalf Of Amir 
Herzberg
Sent: Thursday, November 16, 2023 19:58
To: NANOG 
Subject: [External] announcing IPs by scrubbing service to help with DDoS 
attacks and ROAs


CAUTION: This email was sent from outside of Hennepin County. Unless you 
recognize the sender and know the content, do not click links or open 
attachments.
Hi, do people use scrubbing services, when under DDoS attack, by having the 
scrubbing service announce the attacked IP prefix(es)?

If so, and you have a ROA for these prefixes, do you authorize the scrubbing AS 
(by issuing ROA or otherwise), and if so, do you do it in advance or only when 
you need the scrubbing service to announce your prefix?

To clarify: we have a possible method to allow such `emergency ROAs' but I'm 
not convinced if we have a solution to a real problem - or if we just found a 
cute crypto solution and will end up writing it for a non-real problem. I 
prefer not to waste our time on presenting cute solutions to non-real problems 
:)

So thanks for your help! Use your judgement if to respond on list or off list.

Many thanks, Amir
--
Amir Herzberg

Comcast professor of Security Innovations, Computer Science and Engineering, 
University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' textbook and 
lectures:https://sites.google.com/site/amirherzberg/cybersecurity




Disclaimer: If you are not the intended recipient of this message, please 
immediately notify the sender of the transmission error and then promptly 
permanently delete this message from your computer system.

Re: Generally accepted BGP acceptance criteria?

[Tom Beecher]

>
> I imagine there is a some sort of coalescing industry standard out there,
> but so far I can’t find it.
>

There is not, and won't be for a long time, if ever.

There isn't a one size fits all solution.

On Thu, Nov 16, 2023 at 9:31 PM Tom Samplonius  wrote:

>
>   In the world of IRR and RPKI, BGP route acceptance criteria is important
> to get right.
>
>   DE-CIX has published a detailed flow chart documenting their acceptance
> criteria:
> https://www.de-cix.net/en/locations/frankfurt/route-server-guide
>
>   But I don’t see a lot of operators publishing their criteria.  I imagine
> there is a some sort of coalescing industry standard out there, but so far
> I can’t find it.  Of the upstreams I use, just one publishes a flowchart.
> Another is basically refusing to explain anything other than they “use” IRR
> and RPKI, ad that RPKI is “good”.
>
>   I assumed that everyone implementing RPKI validation, would skip IRR
> route object validation if the route is RPKI-valid.  I assumed that
> everyone is doing this now, or would do this when they implement RPKI
> validation.  But I spoke to an operator today, which still expects all
> routes to pass IRR as well (and while they perform RPKI-validation, they
> effectively do nothing with the result).  To me, this seems like a
> different direction than most operators are going.  Or is it?
>
>   The most surprising thing in the DE-DIX flow chart, was that they check
> that the origin AS exists in the IRR as-set, before doing RPKI, and if the
> set existence fails, they reject the route.  I don’t see a problem with
> this, as maintaining as-sets is easy, but it does prevent an eventual 100%
> RPKI future with no IRR at all.
>
>   I also thought there may be an informational RFC on this, but I couldn’t
> find anything.  Has there been anything published or any presentations
> given, on generally accepted BGP route acceptance criteria?
>
>
> Tom

Generally accepted BGP acceptance criteria?

[Tom Samplonius]

  In the world of IRR and RPKI, BGP route acceptance criteria is important to 
get right.

  DE-CIX has published a detailed flow chart documenting their acceptance 
criteria:  https://www.de-cix.net/en/locations/frankfurt/route-server-guide

  But I don’t see a lot of operators publishing their criteria.  I imagine 
there is a some sort of coalescing industry standard out there, but so far I 
can’t find it.  Of the upstreams I use, just one publishes a flowchart.  
Another is basically refusing to explain anything other than they “use” IRR and 
RPKI, ad that RPKI is “good”.

  I assumed that everyone implementing RPKI validation, would skip IRR route 
object validation if the route is RPKI-valid.  I assumed that everyone is doing 
this now, or would do this when they implement RPKI validation.  But I spoke to 
an operator today, which still expects all routes to pass IRR as well (and 
while they perform RPKI-validation, they effectively do nothing with the 
result).  To me, this seems like a different direction than most operators are 
going.  Or is it?

  The most surprising thing in the DE-DIX flow chart, was that they check that 
the origin AS exists in the IRR as-set, before doing RPKI, and if the set 
existence fails, they reject the route.  I don’t see a problem with this, as 
maintaining as-sets is easy, but it does prevent an eventual 100% RPKI future 
with no IRR at all.

  I also thought there may be an informational RFC on this, but I couldn’t find 
anything.  Has there been anything published or any presentations given, on 
generally accepted BGP route acceptance criteria?


Tom

announcing IPs by scrubbing service to help with DDoS attacks and ROAs

[Amir Herzberg]

Hi, do people use scrubbing services, when under DDoS attack, by having the
scrubbing service announce the attacked IP prefix(es)?

If so, and you have a ROA for these prefixes, do you authorize the
scrubbing AS (by issuing ROA or otherwise), and if so, do you do it in
advance or only when you need the scrubbing service to announce your
prefix?

To clarify: we have a possible method to allow such `emergency ROAs' but
I'm not convinced if we have a solution to a real problem - or if we just
found a cute crypto solution and will end up writing it for a non-real
problem. I prefer not to waste our time on presenting cute solutions to
non-real problems :)

So thanks for your help! Use your judgement if to respond on list or off
list.

Many thanks, Amir
-- 
Amir Herzberg

Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' textbook and lectures:
https://sites.google.com/site/amirherzberg/cybersecurity

Re: ipv6 address management - documentation

[Christopher Hawker]

One of the first things that comes to mind, is that if you were to breakout a 
/64 v6 subnet (a standard-issue subnet to a residential customer) in an Excel 
spreadsheet, the number of columns you would need is 14 digits long. You could 
breakout the equivalent of a /12 v4 in just one column. Understandably in the 
real world no one (in their right mind) would do this, this is just for 
comparison.

Regards,
Christopher H.

From: NANOG  on behalf of Owen 
DeLong via NANOG 
Sent: Friday, November 17, 2023 10:39 AM
To: Aaron Gould 
Cc: nanog@nanog.org 
Subject: Re: ipv6 address management - documentation

Spreadsheets are terrible for IPAM regardless of address length, but I am 
curious to know why you think IPv6 would be particularly worse than IPv4 in 
such a scenario?

Owen


> On Nov 16, 2023, at 10:02, Aaron Gould  wrote:
>
> For years I've used an MS Excel spreadsheet to manage my IPv4 addresses.  
> IPv6 is going to be maddening to manage in a spreadsheet.  What does everyone 
> use for their IPv6 address prefix management and documentation?  Are there 
> open source tools/apps for this?
>
> --
> -Aaron

Re: ipv6 address management - documentation

[Owen DeLong via NANOG]

Spreadsheets are terrible for IPAM regardless of address length, but I am 
curious to know why you think IPv6 would be particularly worse than IPv4 in 
such a scenario?

Owen


> On Nov 16, 2023, at 10:02, Aaron Gould  wrote:
> 
> For years I've used an MS Excel spreadsheet to manage my IPv4 addresses.  
> IPv6 is going to be maddening to manage in a spreadsheet.  What does everyone 
> use for their IPv6 address prefix management and documentation?  Are there 
> open source tools/apps for this?
> 
> -- 
> -Aaron

Re: Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

[Christopher Hawker]

Hi Christopher and Tom,

I'll reply to you together, as they seem to be along the same lines.

For the purposes of this survey/research, a reference to an LOA is a reference 
to an LOA for the advertisement/filtering of IP space. I agree, the acronym LOA 
has multiple uses in the world of IT for things such as datacentre 
cross-connects, however given what we are looking into, I believe its quite 
clear that any references to an LOA is a reference to a Letter of Authorisation 
for the advertisement/filtering of IP space.

Other facility providers (such as Equinix, see 
https://docs.equinix.com/en-us/Content/Interconnection/DiLOA/xc-Loa.htm) have 
already started looking into the realm of digital LOAs for services such as 
cross-connects. While they are not the same as traditional LOAs, in my belief 
they are designed to reduce the timeframes in issuing them, having them sent 
across and completed.

Regards,
Christopher Hawker


From: Christopher Morrow 
Sent: Friday, November 17, 2023 3:18 AM
To: Tom Beecher 
Cc: Christopher Hawker ; nanog@nanog.org 
Subject: Re: Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

On Thu, Nov 16, 2023 at 10:22 AM Tom Beecher  wrote:
>>
>> In the service provider industry, its primary use is for advertising address 
>> resources (IPv4/v6 and ASN)
>
>
> Not really.



I would think there are a few uses of LOA in the telco/SP world, at least:

  1) 'can I make this cross-connect happen?'
  2) 'can I do some work on this link/path/fiber/conduit on behalf of
 where the entity to be worked on is 
infrastructure'
  3) 'Please accept this internet number resource from 
when the number resource is authorized for use by '

I would love to see ROA take over the 3rd of those, since it's a clear
indicator that:
  "RIR authorizes LIR to use , LIR authorizes
AS-OWNER to originate "

and by 'clear indicator' I mean: "has some cryptographic/PKI backing
you can follow to the RIR in an automated fashion"
Where 'LOA' generally is a xerox of a photocopy of a fax of a
dot-matrix printed MS-Word templated document which perhaps has an X
on the 'signature' line...

-chris

Fiber/OSP Technician Training and Apprenticeship Programs

[Rhys Barrie via NANOG]

Hey all,

I've recently been working with our county's broadband task force,
investigating the expansion and equity of broadband networks on a
local and state level. Through that, it's become clear that there's a
painful shortage of fiber / outside plant technicians in the state of
Michigan (if not nation-wide) in order to fulfill the workforce
requirements of maintaining the current broadband fiber infrastructure
in the state, much less to fuel fiber expansion, and especially in
rural areas. There appear to be few options for training the required
workforce, especially outside of the large enterprises that have the
resources to run their own internal programs, and small (or even
mid-sized) ISPs seem to be left with predominantly informal
person-to-person transfer of internal knowledge, assuming that they
have the required internal knowledge in the first place. This need for
a qualified workforce is exacerbated in the face of the multitude of
state and federal programs to encourage broadband internet expansion
and equity, such as the upcoming $42.5 billion in BEAD grant funding
and corresponding construction starting in ~12-18 months state- and
nation-wide.

As a result, our workforce development team over here at Mott
Community College (Genesee County, MI) is working to develop a fiber /
outside plant training and apprenticeship program in order to help
address this shortage of qualified personnel and training options at a
local and state level. We're looking for some industry contacts that
would be interested in collaborating with us to establish high-level
requirements regarding what skills need to be taught to prospective
fiber / outside plant technicians, what qualifications trainees should
have after completion in order to fulfill current workforce demands,
and to otherwise provide input in sketching out a high-level
curriculum. We're looking for feedback from a wide cross-section of
industry stakeholders -- large enterprise backbone transit providers,
rural residential ISPs, fiber co-ops and municipal networks,
operations and outside plant managers, etc. -- in order to determine
what the industry wants and needs, and how the entire community
college system can help meet those needs.

If anyone thinks that they have valuable input to provide regarding
these workforce requirements, or knows the right people to talk to,
please reach out and let me know!

Rhys Barrie (He/Him)
Network Engineer - Mott Community College
Member - Genesee County Broadband Task Force
(810) 762-0030 | rhys.bar...@mcc.edu | https://mcc.edu/

Re: ipv6 address management - documentation

[borg]

I use my own console/terminal based stuff.
Its composed of 2 main scripts called blgrep for searching
and bldiff to display differences between revision/files.
Backend is SVN to keep stuff in sync and allow multiple people
to work on data.

Works pretty well for small/medium DC/NOC. I guess it wont scale much tho.

We used to have Excel files for those too years ago and it was madness.


-- Original message --

From: Aaron Gould 
To: nanog@nanog.org
Subject: ipv6 address management - documentation
Date: Thu, 16 Nov 2023 12:02:36 -0600

For years I've used an MS Excel spreadsheet to manage my IPv4 addresses.  IPv6
is going to be maddening to manage in a spreadsheet.  What does everyone use for
their IPv6 address prefix management and documentation?  Are there open source
tools/apps for this?

-- 
-Aaron

Re: ipv6 address management - documentation

[Mel Beckman]

I second Netbox, which has detailed IPv4/6 IPAM plus many other features:


IP Address Management - NetBox 
Documentation
demo.netbox.dev
[favicon.png]


 -mel

On Nov 16, 2023, at 10:31 AM, Jesse DuPont  
wrote:

 phpIPAM for the win. NIPAP is effective, if basic. I've heard of lots of 
people who like Netbox.

On 11/16/23 11:12 AM, Niels Bakker wrote:
* aar...@gvtc.com (Aaron Gould) [Thu 16 Nov 2023, 19:04 
CET]:
For years I've used an MS Excel spreadsheet to manage my IPv4  addresses.  IPv6 
is going to be maddening to manage in a spreadsheet.  What does everyone use 
for their IPv6 address prefix management and documentation?  Are there open 
source tools/apps for this?

The first three hits for "open source ipam" on a search engine are:

- phpipam.net/
- spritelink.github.io/NIPAP/
- github.com/netbox-community/netbox

I'd pick the last option, or possibly Nautobot.

You may want to scroll through https://github.com/topics/ipam for more options.


-- Niels.

[NANOG-announce] NANOG 90 Registration is OPEN! + Call for Presentations + More

[Nanog News]

*NANOG 90 Registration is OPEN!*
*Don't Miss Out on Discounted Early Registration*

NANOG 90 will take place 12-14 Feb 2024, in Charlotte, NC. Register to
attend in-person or virtually now!

*REGISTER NOW * 

*Call for Presentations: NANOG 90 *
*Don't Wait - Submit Your Presentation Now *

*The NANOG Program Committee (PC) is accepting proposals for in-person or
live remote presentations at all sessions of NANOG 90! Requested Topics: *

• Network Automation - practical uses, how to get started
• Future of Networking - forecast for changes in technology, design,
applications
• Research & Education - what research is happening now in network
operations
• + More

*MORE INFO * 

*Annual ACM/IRTF Event Connects Importance of Network Research to Network
Operations*
ANRW Discusses Emerging Results in Applied Networking Research

*Why it's worth your time:* The recent Applied Networking Research Workshop
(ANRW) organized by the Association for Computing Machinery (ACM) +
Internet Research Task Force (IRTF) showed that measurements can inform how
Internet protocols are being used and more.
Internet Research Task Force Chair + Associate Professor in the School of
Computing Science at the University of Glasgow, Colin Perkins, writes about
an upcoming annual event our community should attend.

*READ MORE
*

*Sponsorships Available! Hackathon, Peering Forum + More *
*Invest in the Strength of the Community We Have Built*

NANOG is, and always has been, dedicated to the people who make up our
community. Our in-person conferences draw up to 1,500 individuals in
multiple facets of network engineering, operations, and architecture, who
gather with us in major cities across North America. We are still in need
of a sponsor for Hackathon and the Peering Forum.

*Contact Shawn Winstead swinst...@nanog.org  for more
details.*
___
NANOG-announce mailing list
NANOG-announce@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-announce

NANOG 90 Registration is OPEN! + Call for Presentations + More

[Nanog News]

*NANOG 90 Registration is OPEN!*
*Don't Miss Out on Discounted Early Registration*

NANOG 90 will take place 12-14 Feb 2024, in Charlotte, NC. Register to
attend in-person or virtually now!

*REGISTER NOW * 

*Call for Presentations: NANOG 90 *
*Don't Wait - Submit Your Presentation Now *

*The NANOG Program Committee (PC) is accepting proposals for in-person or
live remote presentations at all sessions of NANOG 90! Requested Topics: *

• Network Automation - practical uses, how to get started
• Future of Networking - forecast for changes in technology, design,
applications
• Research & Education - what research is happening now in network
operations
• + More

*MORE INFO * 

*Annual ACM/IRTF Event Connects Importance of Network Research to Network
Operations*
ANRW Discusses Emerging Results in Applied Networking Research

*Why it's worth your time:* The recent Applied Networking Research Workshop
(ANRW) organized by the Association for Computing Machinery (ACM) +
Internet Research Task Force (IRTF) showed that measurements can inform how
Internet protocols are being used and more.
Internet Research Task Force Chair + Associate Professor in the School of
Computing Science at the University of Glasgow, Colin Perkins, writes about
an upcoming annual event our community should attend.

*READ MORE
*

*Sponsorships Available! Hackathon, Peering Forum + More *
*Invest in the Strength of the Community We Have Built*

NANOG is, and always has been, dedicated to the people who make up our
community. Our in-person conferences draw up to 1,500 individuals in
multiple facets of network engineering, operations, and architecture, who
gather with us in major cities across North America. We are still in need
of a sponsor for Hackathon and the Peering Forum.

*Contact Shawn Winstead swinst...@nanog.org  for more
details.*

Re: ipv6 address management - documentation

[Jesse DuPont]

  
  
phpIPAM for the win. NIPAP is effective, if
  basic. I've heard of lots of people who like Netbox.

On 11/16/23 11:12 AM, Niels Bakker
  wrote:

*
  aar...@gvtc.com (Aaron Gould) [Thu 16 Nov 2023, 19:04 CET]:
  
  For years I've used an MS Excel
spreadsheet to manage my IPv4  addresses.  IPv6 is going to be
maddening to manage in a spreadsheet.  What does everyone use
for their IPv6 address prefix management and documentation?  Are
there open source tools/apps for this?

  
  
  The first three hits for "open source ipam" on a search engine
  are:
  
  
  - phpipam.net/
  
  - spritelink.github.io/NIPAP/
  
  - github.com/netbox-community/netbox
  
  
  I'd pick the last option, or possibly Nautobot.
  
  
  You may want to scroll through https://github.com/topics/ipam for
  more options.
  
  
  
  -- Niels.
  


  

Re: ipv6 address management - documentation

[Niels Bakker]

* aar...@gvtc.com (Aaron Gould) [Thu 16 Nov 2023, 19:04 CET]:
For years I've used an MS Excel spreadsheet to manage my IPv4  
addresses.  IPv6 is going to be maddening to manage in a 
spreadsheet.  What does everyone use for their IPv6 address prefix 
management and documentation?  Are there open source tools/apps for 
this?


The first three hits for "open source ipam" on a search engine are:

- phpipam.net/
- spritelink.github.io/NIPAP/
- github.com/netbox-community/netbox

I'd pick the last option, or possibly Nautobot.

You may want to scroll through https://github.com/topics/ipam for more 
options.



-- Niels.

Re: ipv6 address management - documentation

[Jason Biel]

My recommendation:

https://github.com/netbox-community


On Thu, Nov 16, 2023 at 12:04 PM Aaron Gould  wrote:

> For years I've used an MS Excel spreadsheet to manage my IPv4
> addresses.  IPv6 is going to be maddening to manage in a spreadsheet.
> What does everyone use for their IPv6 address prefix management and
> documentation?  Are there open source tools/apps for this?
>
> --
> -Aaron
>
>

-- 
Jason

ipv6 address management - documentation

[Aaron Gould]

For years I've used an MS Excel spreadsheet to manage my IPv4 
addresses.  IPv6 is going to be maddening to manage in a spreadsheet.  
What does everyone use for their IPv6 address prefix management and 
documentation?  Are there open source tools/apps for this?


--
-Aaron

Re: Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

[Brian Knight via NANOG]

On 2023-11-15 21:47, Christopher Hawker wrote:


Hello everyone,

Aftab Siddiqui is currently exploring the possibility of using Route 
Object Authorisations (ROAs) as a potential replacement to LOAs. 
Separate to this (and unknowing of Aftab's research), I had started a 
discussion on the RPKI Community guild on Discord 
(https://discord.gg/9jYcqpbdRE) discussing the usage of ROAs instead of 
LOAs.


An LOA, or "Letter of Authority" / "Letter of Authorization," is a 
formal document granting permission for third parties to take specific 
actions regarding network resources or services. In the service 
provider industry, its primary use is for advertising address resources 
(IPv4/v6 and ASN). When an organization intends to announce its IP 
prefixes through its own or a transit provider's ASN to the global 
internet, it typically needs to provide an LOA to their transit 
provider, confirming their custodianship or ownership of the resources.


I've found WHOIS is a good enough resource for this purpose. The SPs 
that are delegating prefixes are good about using SWIP to show 
assignment.


North American SPs are motivated to keep SWIP assignments up to date 
because of ARIN's requirement to demonstrate usage of IP resources for 
IP block transfers.


I think I've needed to request an LOA from a customer for this purpose 
just once in the past 10 years because the SWIP wasn't done. IIRC the 
assigning provider did a SWIP instead.



RPKI ROA, stands for "Resource Public Key Infrastructure Route Origin 
Authorization," is part of a security framework designed to validate 
the authenticity of internet routing information. It involves a 
digitally signed object that specifies which Autonomous Systems (ASes) 
are permitted to announce specific IP address prefixes.


Could you please take a moment to fill out our brief survey? Your 
feedback will play a crucial role in our understanding of this topic.


Survey Link: https://www.surveymonkey.com/r/JCHLWBB

Thanks,
Christopher Hawker


-Brian

[NANOG-announce] NANOG 90 Meeting Registration Open

[NANOG Support]

Dear NANOG Community,


NANOG 90 hybrid meeting will take place February 12-14 2024 in Charlotte,
North Carolina. Please note the change in date.


   1.

   Registration Fees + Deadlines
   2.

   Hotel Guest Room Block
   3.

   VISA Requests




   1.

   Registration Fees + Deadlines

NANOG Registration Fees: NANOG registration fees are in USD and include the
following:

access to general and breakout sessions, breakfast daily, lunch on the
first two days of the event, entry to all social/networking events.

Guest Passes: NANOG attendees are permitted to bring a guest to our social
events for an additional fee. Purchase is required with your registration.

Meeting Registration: https://www.nanog.org/events/nanog-90/registration/

In person Registration

Start Date

End Date

Member

NonMember

Student

Early

November 16, 2023

December 03, 2023

$675

$700

$100

Standard

December 04, 2023

January 21, 2024

$775

$800

$100

Late

January 22, 2024

February 10, 2024

$875

$900

$100

Onsite

February 11, 2024

February 14, 2024

$1,075

$1,100

$100



If you are not able to join us in person, Virtual Registration is available
for $100.

Social Event Guest Registration Pass:

Monday Social Event Guest Pass: $50 per guest (purchase separately when you
register, limit 2)

Tuesday Night Beer N Gear Pass: $50 per guest (purchase separately when you
register, limit 1)

Registration Cancellation Fees:

NANOG hopes everyone who registers for the meeting will be able to attend;
however, we know extenuating circumstances do occur, therefore the
NANOG cancellation
and refund policies are as follows:

   -

   Registrations canceled on 14 November, 2023  to 21 January, 2024 is
   refundable but will incur a $50.00 fee
   -

   Registrations canceled on 22 January - 10 February , 2024 is refundable
   but will incur a $100.00 fee
   -

   Registrations canceled on or after 11 February, 2024 will not receive a
   refund


Substitutions are honored at any time. No-shows are not eligible for
refunds.



   1.

   Hotel Guest Room Block

The NANOG 90 Conference hotel guest room block will be posted and made
available to only registered attendees the week of November 27, 2023.



   1.

   VISA Requests

A letter of invitation is issued solely for the purpose of assisting
participants with visa applications for their attendance at the conference.
If you require a letter of invitation, please register and pay for the
NANOG meeting. Once the payment has been received, all requests for Letters
of Invitation should be addressed by email directly to
nanog-supp...@nanog.org

The following information is required before a letter of invitation will be
issued:

   1.

   Name as it appears on your passport
   2.

   Passport Number
   3.

   Email Address
   4.

   Hotel name and reservation number
   5.

   Company name and address





If you have any questions about the meeting, please contact us directly at:
nanog-supp...@nanog.org.

We look forward to seeing you in Charlotte!

Sincerely,

the NANOG Staff

nanog-supp...@nanog.org
___
NANOG-announce mailing list
NANOG-announce@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-announce

Re: Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

[Tom Beecher]

>
> 
>

In a decade working on the SP side of the world, I worked with prob 20
different upstream carriers. I can only think of one that required LOA to
accept prefixes via BGP. Everyone else was via RIR methods, or nothing.
There are of course providers out there that do, but not nearly as many to
state it's a "primary use case", especially relative to #1 and #2 on your
list.




On Thu, Nov 16, 2023 at 11:18 AM Christopher Morrow 
wrote:

> On Thu, Nov 16, 2023 at 10:22 AM Tom Beecher  wrote:
> >>
> >> In the service provider industry, its primary use is for advertising
> address resources (IPv4/v6 and ASN)
> >
> >
> > Not really.
>
> 
>
> I would think there are a few uses of LOA in the telco/SP world, at least:
>
>   1) 'can I make this cross-connect happen?'
>   2) 'can I do some work on this link/path/fiber/conduit on behalf of
>  where the entity to be worked on is 
> infrastructure'
>   3) 'Please accept this internet number resource from 
> when the number resource is authorized for use by '
>
> I would love to see ROA take over the 3rd of those, since it's a clear
> indicator that:
>   "RIR authorizes LIR to use , LIR authorizes
> AS-OWNER to originate "
>
> and by 'clear indicator' I mean: "has some cryptographic/PKI backing
> you can follow to the RIR in an automated fashion"
> Where 'LOA' generally is a xerox of a photocopy of a fax of a
> dot-matrix printed MS-Word templated document which perhaps has an X
> on the 'signature' line...
>
> -chris
>

MCC (Microsoft Connected Cache for ISP)

[Aaron Gould]

Is MCC for ISP comparable to other well-known CDN's, like Facebook FNA, 
Netflix OCA, etc?


Anyone have any experience with MCC in an ISP environment, and do you 
see much bandwidth savings with it?


https://learn.microsoft.com/en-us/windows/deployment/do/mcc-isp


--
-Aaron

Re: Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

[Christopher Morrow]

On Thu, Nov 16, 2023 at 10:22 AM Tom Beecher  wrote:
>>
>> In the service provider industry, its primary use is for advertising address 
>> resources (IPv4/v6 and ASN)
>
>
> Not really.



I would think there are a few uses of LOA in the telco/SP world, at least:

  1) 'can I make this cross-connect happen?'
  2) 'can I do some work on this link/path/fiber/conduit on behalf of
 where the entity to be worked on is 
infrastructure'
  3) 'Please accept this internet number resource from 
when the number resource is authorized for use by '

I would love to see ROA take over the 3rd of those, since it's a clear
indicator that:
  "RIR authorizes LIR to use , LIR authorizes
AS-OWNER to originate "

and by 'clear indicator' I mean: "has some cryptographic/PKI backing
you can follow to the RIR in an automated fashion"
Where 'LOA' generally is a xerox of a photocopy of a fax of a
dot-matrix printed MS-Word templated document which perhaps has an X
on the 'signature' line...

-chris

Re: Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

[Tom Beecher]

>
> In the service provider industry, its primary use is for advertising
> address resources (IPv4/v6 and ASN)


Not really.

On Thu, Nov 16, 2023 at 9:19 AM Christopher Hawker 
wrote:

> Hello everyone,
>
> Aftab Siddiqui is currently exploring the possibility of using Route
> Object Authorisations (ROAs) as a potential replacement to LOAs. Separate
> to this (and unknowing of Aftab's research), I had started a discussion on
> the RPKI Community guild on Discord (https://discord.gg/9jYcqpbdRE)
> discussing the usage of ROAs instead of LOAs.
>
> An LOA, or "Letter of Authority" / "Letter of Authorization," is a formal
> document granting permission for third parties to take specific actions
> regarding network resources or services. In the service provider industry,
> its primary use is for advertising address resources (IPv4/v6 and ASN).
> When an organization intends to announce its IP prefixes through its own or
> a transit provider's ASN to the global internet, it typically needs to
> provide an LOA to their transit provider, confirming their custodianship or
> ownership of the resources.
>
> RPKI ROA, stands for "Resource Public Key Infrastructure Route Origin
> Authorization," is part of a security framework designed to validate the
> authenticity of internet routing information. It involves a digitally
> signed object that specifies which Autonomous Systems (ASes) are permitted
> to announce specific IP address prefixes.
>
> Could you please take a moment to fill out our brief survey? Your feedback
> will play a crucial role in our understanding of this topic.
>
> Survey Link: https://www.surveymonkey.com/r/JCHLWBB
>
> Thanks,
> Christopher Hawker
>

Re: Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

[John Kristoff]

On Thu, 16 Nov 2023 03:47:43 +
Christopher Hawker  wrote:

> Aftab Siddiqui is currently exploring the possibility of using Route
> Object Authorisations (ROAs) as a potential replacement to LOAs.
> Separate to this (and unknowing of Aftab's research), I had started a
> discussion on the RPKI Community guild on Discord
> (https://discord.gg/9jYcqpbdRE) discussing the usage of ROAs instead
> of LOAs.

There is similar work also being done in the NETSEC SIG in FIRST.org.
Aftab may be aware of that and possibly this is where it seems from.
Started by Carlos Friacas (fccn.pt) there is a blog post in the works
that begins by raising questions about when and whether to accept a LoA
as the primary means of agreeing to announce a prefix.  The answer is
not so cut and dry.  If anyone wants to comment on the draft before it
gets published, which should be imminently, let me know and I'll put
you in touch with Carlos and a draft.

John

Reminder to Submit Presentations for NANOG 90

[NANOG Program]

NANOG Community,

The NANOG Program Committee (PC) would like to remind you that we are
accepting proposals for in-person or live remote presentations at all
sessions of NANOG 90, taking place in Charlotte, NC on 12-14 Feb 2024.
Below is a summary of key details and dates from the Call For Presentations
on the NANOG website, which can be found at
https://www.nanog.org/program/call-presentations/.

Requested Topics:

Based on feedback from our survey results, we have seen numerous requests
for the following topics:

   -

   Network Automation - practical uses, how to get started
   -

   Future of Networking - forecast for changes in technology, design,
   applications
   -

   Research & Education - what research is happening now in network
   operations
   -

   Security - various protocols of, developments in, problems/solutions
   -

   Optical Networking - technology, practice, deployment options
   -

   Tutorials - all levels, IPv6, BGP, Segment Routing, DNS, MPLS, VXLAN


We are looking to schedule  1,600 minutes of content between General
Session and Breakout Rooms for NANOG 90, and have only confirmed 75 minutes
at this time - so don’t wait! Presentation abstracts and draft slides
should be submitted no later than Thursday, 28 Dec 2023 to be considered
for NANOG 90.

Presentations may cover current technologies, soon-to-be deployed
technologies, and industry innovation. Vendors are welcome to submit talks
which cover relevant technologies and capabilities, but presentations
should not be promotional, or discuss proprietary solutions.


The primary speaker, moderator, or author should submit a presentation
proposal and abstract via the Program Committee Tool at:
https://www.nanog.org/meetings/submit-presentation/

   -

   Sign in with your Profile Account
   -

   Select the type of talk you propose to present, and complete the form


Timeline for submission and proposal review:

   -

   Submitter enters abstract (and draft slides if possible) in the Program
   Committee Tool prior to the deadline for slide submission.
   -

   PC performs initial review and assigns a “shepherd” to help develop the
   submission — typically within 2 weeks.
   -

   Submitter develops draft slides of talk if not already submitted with
   the initial proposal. Please submit initial draft slides early — the PC
   does not evaluate submissions until draft slides are available for review.
   NANOG Staff is available to assist with slide templates upon request from
   the submitter.
   -

   Panel and Track submissions should provide a topic list and
   intended/confirmed participants in the abstract.
   -

   PC reviews the slides and continues to work with Submitter as needed to
   develop the topic.
   -

   FINAL SUBMISSION DEADLINE Draft presentation slides should be submitted
   prior to the published deadline for slides (28 Dec 2023).
   -

   PC evaluates submissions to determine presentations for the agenda
   (posted on 22 Jan 2024).
   -

   Submitters notified.
   -

   Agenda assembled and posted.
   -

   Final presentation slides must be submitted prior to the published
   deadline for slides (05 Feb 2024 for in person + live remote presentations).


If you think you have an interesting topic but want feedback or suggestions
for developing an idea into a presentation, please email the PC (
nano...@nanog.org), and a representative will respond to you in a timely
manner. Otherwise, submit your talk, tutorial, track, or panel proposal to
the Program Committee Tool at your earliest convenience. We look forward to
reviewing your submission!
NANOG 90 Calendar of Events

Date

Event/Deadline

Thurs, 16 November 2023

CFP Reminder Announcement

Thurs, 28 December 2023

DRAFT Presentation Slides Due

Mon, 15 January 2024

Topics List Published

Mon, 22 January 2024

Meeting Agenda Published

Mon, 05 February 2024

Final Slides DUE

Sun, 11 February  2024

On-Site Lightning Talk Submissions Open


Final slides for accepted presentations must be submitted by Monday, 05
February 2024. Materials received after that date may be updated on the
website after the completion of the conference.

We look forward to seeing you in February!

Sincerely,

Stevan Plote

Program Committee Chair

Sent on behalf of the NANOG PC

[NANOG-announce] Reminder to Submit Presentations for NANOG 90

[NANOG Program]

NANOG Community,

The NANOG Program Committee (PC) would like to remind you that we are
accepting proposals for in-person or live remote presentations at all
sessions of NANOG 90, taking place in Charlotte, NC on 12-14 Feb 2024.
Below is a summary of key details and dates from the Call For Presentations
on the NANOG website, which can be found at
https://www.nanog.org/program/call-presentations/.

Requested Topics:

Based on feedback from our survey results, we have seen numerous requests
for the following topics:

   -

   Network Automation - practical uses, how to get started
   -

   Future of Networking - forecast for changes in technology, design,
   applications
   -

   Research & Education - what research is happening now in network
   operations
   -

   Security - various protocols of, developments in, problems/solutions
   -

   Optical Networking - technology, practice, deployment options
   -

   Tutorials - all levels, IPv6, BGP, Segment Routing, DNS, MPLS, VXLAN


We are looking to schedule  1,600 minutes of content between General
Session and Breakout Rooms for NANOG 90, and have only confirmed 75 minutes
at this time - so don’t wait! Presentation abstracts and draft slides
should be submitted no later than Thursday, 28 Dec 2023 to be considered
for NANOG 90.

Presentations may cover current technologies, soon-to-be deployed
technologies, and industry innovation. Vendors are welcome to submit talks
which cover relevant technologies and capabilities, but presentations
should not be promotional, or discuss proprietary solutions.


The primary speaker, moderator, or author should submit a presentation
proposal and abstract via the Program Committee Tool at:
https://www.nanog.org/meetings/submit-presentation/

   -

   Sign in with your Profile Account
   -

   Select the type of talk you propose to present, and complete the form


Timeline for submission and proposal review:

   -

   Submitter enters abstract (and draft slides if possible) in the Program
   Committee Tool prior to the deadline for slide submission.
   -

   PC performs initial review and assigns a “shepherd” to help develop the
   submission — typically within 2 weeks.
   -

   Submitter develops draft slides of talk if not already submitted with
   the initial proposal. Please submit initial draft slides early — the PC
   does not evaluate submissions until draft slides are available for review.
   NANOG Staff is available to assist with slide templates upon request from
   the submitter.
   -

   Panel and Track submissions should provide a topic list and
   intended/confirmed participants in the abstract.
   -

   PC reviews the slides and continues to work with Submitter as needed to
   develop the topic.
   -

   FINAL SUBMISSION DEADLINE Draft presentation slides should be submitted
   prior to the published deadline for slides (28 Dec 2023).
   -

   PC evaluates submissions to determine presentations for the agenda
   (posted on 22 Jan 2024).
   -

   Submitters notified.
   -

   Agenda assembled and posted.
   -

   Final presentation slides must be submitted prior to the published
   deadline for slides (05 Feb 2024 for in person + live remote presentations).


If you think you have an interesting topic but want feedback or suggestions
for developing an idea into a presentation, please email the PC (
nano...@nanog.org), and a representative will respond to you in a timely
manner. Otherwise, submit your talk, tutorial, track, or panel proposal to
the Program Committee Tool at your earliest convenience. We look forward to
reviewing your submission!
NANOG 90 Calendar of Events

Date

Event/Deadline

Thurs, 16 November 2023

CFP Reminder Announcement

Thurs, 28 December 2023

DRAFT Presentation Slides Due

Mon, 15 January 2024

Topics List Published

Mon, 22 January 2024

Meeting Agenda Published

Mon, 05 February 2024

Final Slides DUE

Sun, 11 February  2024

On-Site Lightning Talk Submissions Open


Final slides for accepted presentations must be submitted by Monday, 05
February 2024. Materials received after that date may be updated on the
website after the completion of the conference.

We look forward to seeing you in February!

Sincerely,

Stevan Plote

Program Committee Chair

Sent on behalf of the NANOG PC
___
NANOG-announce mailing list
NANOG-announce@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-announce

Re: Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

[Niels Bakker]

Hi Christopher,

No.

Why would your survey take an additional 6.5 minutes to fill out?


-- Niels.

* ch...@thesysadmin.dev (Christopher Hawker) [Thu 16 Nov 2023, 15:20 CET]:

Hello everyone,

Aftab Siddiqui is currently exploring the possibility of using Route Object 
Authorisations (ROAs) as a potential replacement to LOAs. Separate to this (and 
unknowing of Aftab's research), I had started a discussion on the RPKI 
Community guild on Discord (https://discord.gg/9jYcqpbdRE) discussing the usage 
of ROAs instead of LOAs.

An LOA, or "Letter of Authority" / "Letter of Authorization," is a formal 
document granting permission for third parties to take specific actions regarding network resources 
or services. In the service provider industry, its primary use is for advertising address resources 
(IPv4/v6 and ASN). When an organization intends to announce its IP prefixes through its own or a 
transit provider's ASN to the global internet, it typically needs to provide an LOA to their 
transit provider, confirming their custodianship or ownership of the resources.

RPKI ROA, stands for "Resource Public Key Infrastructure Route Origin 
Authorization," is part of a security framework designed to validate the 
authenticity of internet routing information. It involves a digitally signed object that 
specifies which Autonomous Systems (ASes) are permitted to announce specific IP address 
prefixes.

Could you please take a moment to fill out our brief survey? Your feedback will 
play a crucial role in our understanding of this topic.

Survey Link: https://www.surveymonkey.com/r/JCHLWBB

Thanks,
Christopher Hawker

Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

[Christopher Hawker]

Hello everyone,

Aftab Siddiqui is currently exploring the possibility of using Route Object 
Authorisations (ROAs) as a potential replacement to LOAs. Separate to this (and 
unknowing of Aftab's research), I had started a discussion on the RPKI 
Community guild on Discord (https://discord.gg/9jYcqpbdRE) discussing the usage 
of ROAs instead of LOAs.

An LOA, or "Letter of Authority" / "Letter of Authorization," is a formal 
document granting permission for third parties to take specific actions 
regarding network resources or services. In the service provider industry, its 
primary use is for advertising address resources (IPv4/v6 and ASN). When an 
organization intends to announce its IP prefixes through its own or a transit 
provider's ASN to the global internet, it typically needs to provide an LOA to 
their transit provider, confirming their custodianship or ownership of the 
resources.

RPKI ROA, stands for "Resource Public Key Infrastructure Route Origin 
Authorization," is part of a security framework designed to validate the 
authenticity of internet routing information. It involves a digitally signed 
object that specifies which Autonomous Systems (ASes) are permitted to announce 
specific IP address prefixes.

Could you please take a moment to fill out our brief survey? Your feedback will 
play a crucial role in our understanding of this topic.

Survey Link: https://www.surveymonkey.com/r/JCHLWBB

Thanks,
Christopher Hawker

DDOS scrubbing

[john doe]

Hi!

I could not find any recent thread on the list about ddos scrubbing
devices. We are looking into some kind of hybrid service with onprem
hardware and scrubbing centers. At the moment we are evaluating NSFocus and
Riorey, do the list have any experience from them?

Johan