Re: RU evidently hijacked UA netblock

[Scott Weeks]

--- j...@west.net wrote:
On 3/4/22 18:03, Scott Weeks wrote:

> It looks like a 'too many' AS prepends, but it is only 250 prepends.

In most reasonable scenarios I'd say that this qualifies as too many.
-


Yeah, technically, but it was not 256 or something where I'd expect an issue to 
happen.  Just curious as to why only that ASN caused the buffer overflow 
messages as I got them from no other AS ever and wondered if anyone else has 
seen them.  Other ASNs almost certainly have sent 250+ prepends to me before, 
but they did not cause the overflow.  Like I said, I have a ticket open because 
I am curious:

BGP-WARNING-tBgp4RouteInvalid-2007  Route invalid reason - Cannot 
add/prepend AS-path.  Buffer overflow\nNRLI -   where prefixes are 
several and different lengths.

Probably nothing, but I always look into stuff I see in the syslog server's 
router.log.

scott

Re: RU evidently hijacked UA netblock

[Scott Weeks]

--- george.herb...@gmail.com wrote:

https://bgpstream.com/event/287556

Beware of further such activity…

---


I have a ticket open with my vendor, but I see strange NLRI buffer overflow 
syslog messages about Khazkstan's AS21299 (TNSPLUS) announcements.  It looks 
like a 'too many' AS prepends, but it is only 250 prepends.  Could be a mistake 
or intentional. 

I get those from no other ASNs and I am sure some AS sent 250 AS path prepends 
before.  Anyone else see stuff from them?

scott

Re: Coverage of the .to internet outage

[Scott Weeks]

--- sur...@mauigateway.com wrote:
--- j...@baylink.com wrote:
From: "Jay R. Ashworth" 

This piece:

https://www.npr.org/2022/01/18/1073863310/an-undersea-cable-fault-could-cut-tonga-from-the-rest-of-the-world-for-weeks

drills down to this piece with slightly more detail:

https://www.reuters.com/markets/funds/undersea-cable-fault-could-cut-off-tonga-rest-world-weeks-2022-01-18/

I'm told their national carrier is trying to bring in a ground station as 
well, though not whom it will connect to.
--


It's hard to imagine they don't have a lot of Kacific Terminals or other 
satellite connectivity there.

That's what most of the South Pacific uses and all used before the cables were 
laid.  Maybe the journalists
missed that like they miss things when talking about our stuff?
--


PFFT, no sooner than I hit send and the answer comes out of the PICISOC list:

https://www.capacitymedia.com/articles/3830551/dispute-over-57m-impedes-moves-to-re-connect-tonga-to-the-world

"Dispute over $5.7m impedes moves to re-connect Tonga to the world"

"The government has still not paid Kacific for a 15-year deal, signed three 
years ago, to provide satellite back-up 
in just such an eventuality."

"Now Kacific says it is “standing by” to connect the islands and its 105,000 
people, who were cut off by the 
weekend’s volcano."

"owever, company noted that “the previous government was unwilling to perform 
the contract, and it is currently 
subject to arbitration in Singapore”.

Patouraux said: “All we need is to activate that service and perform that 
contract. We are now awaiting instructions. 
We have one simple message for the government of Tonga. We can help. Please get 
in touch.”


Notably: "Getting in touch might be a problem, as both the 827km Tonga Cable 
from Fiji is cut about 37km from the 
cable landing station, and so is the 410km Tonga Domestic Cable Extension, 
which connects the main island with two 
outlying islands to the north.

scott

Re: Coverage of the .to internet outage

[Scott Weeks]

--- j...@baylink.com wrote:
From: "Jay R. Ashworth" 

This piece:

https://www.npr.org/2022/01/18/1073863310/an-undersea-cable-fault-could-cut-tonga-from-the-rest-of-the-world-for-weeks

drills down to this piece with slightly more detail:

https://www.reuters.com/markets/funds/undersea-cable-fault-could-cut-off-tonga-rest-world-weeks-2022-01-18/

I'm told their national carrier is trying to bring in a ground station as 
well, though not whom it will connect to.
--


It's hard to imagine they don't have a lot of Kacific Terminals or other 
satellite connectivity there.

That's what most of the South Pacific uses and all used before the cables were 
laid.  Maybe the journalists
missed that like they miss things when talking about our stuff?

scott

Re: AFRINIC IP Block Thefts -- The Saga Continues

[scott weeks]

On 11/15/20 8:57 PM, Elad Cohen wrote:

That's it...

-


I find it strange that you ignored the exact same message at AfNOG
sent several minutes earlier, yet try to save your 'reputation' here.
I also note that after Ronald's email at AfNOG there was exactly zero
discussion by anyone on that list.

scott

Re: Vint Cerf & Interplanetary Internet

[scott weeks]

*From:* NANOG  on behalf of 
Rod Beck 

https://www.quantamagazine.org/vint-cerfs-plan-for-building-an-internet-in-space-20201021/



On 10/21/20 2:27 PM, Suresh Ramasubramanian wrote:

Right. This means we are going to catch a spaceship for a future nanog / 
have
interplanetary governance federation debates with space aliens from 
Andromeda,
and we will finally run out of v6 and ipv9 will rule the roost while 
there’s a
substantial aftermarket + hijack scene going on for the last remaining 
v6 blocks.




More like IP to Nokia's new cell network on the moon:

https://www.theguardian.com/science/2020/oct/20/talking-on-the-moon-nasa-and-nokia-to-install-4g-on-lunar-surface
(Everyone on the moon will want to have access to LOL cats!)

Or... using DTN (https://datatracker.ietf.org/wg/dtn/about) to reach 
Mars and other
planets by being relayed through communications relay satellites similar 
to the

Mars Telecommunication Orbiter (canceled),  Mars Odyssey or Mars
Reconnaissance Orbiter spacecraft.

Or... IP to robots visiting other non-planet objects in the solar system 
like

comets/asteroids:
https://spacenews.com/osiris-rex-touches-down-on-asteroid
https://www.bbc.com/news/science-environment-47293317

Or... 

The IPI idea has been around for a long time now:
https://en.wikipedia.org/wiki/Interplanetary_Internet

The main question is will NANOG On The Road meet on the moon?  I missed
the only Hawaii one, so maybe I could make the moon one!

scott

Re: Has virtualization become obsolete in 5G?

[Scott Weeks]

--- ed...@ieee.org wrote:
From: Etienne-Victor Depasquale 

See, for example, Azhar Sayeed's (Red Hat) contribution here
@15:33.



Don't send links to this list that require one to register 
to read the article and then say, "By registering for our 
site, your email will be added to our promotions list" and 
"Occasionally our trusted partners may want to send you 
information about exciting new products and services"

No one's going to click on that!

scott

Re: favorite network troubleshooting tools (online)

[Scott Weeks]

>> what are your favorite network troubleshooting tools?

I thought I'd add a little data to my first response:



To watch the network in real time with syslog, which puts 
messages in /var/log/router.log:

tail -f /var/log/router.log | egrep -vi 
'terms|I|do|not|want|to|see|SyncConfigOK|SaveConfigSucceeded|LogFile|etcetera|etcetera'




To look for a problems on router1:

grep -i router1 /var/log/router.log | egrep -vi 'terms|I|do|not|want|to|see' | 
less


scott

ps. it's free.  no cost.  low learning curve.  easy and fast.

Re: favorite network troubleshooting tools (online)

[Scott Weeks]

On 15/07/2020 10:37, Mehmet Akcin wrote:


> what are your favorite network troubleshooting tools?
--


syslog  :)


scott

Re: questions asked during network engineer interview

[Scott Weeks]

--- mpet...@netflight.com wrote:
From: Matthew Petach 
On Tue, Jul 14, 2020, 11:00 Ahmed elBorno  wrote:

> I had less than two years experience.
>
> The interviewer asked me:
> [...]
> 2) If we had a 1GB file that we need to transfer between America and
> Europe, how much time do we need, knowing that we start with a TCP size of
> X?
>


I *love* questions like that, because I can immediately respond back with
"well, that depends; did your sysadmin configure rfc1323 extension support
in your TCP stack?  Is SACK enabled?  What about window scaling?  Does your
OS do dynamic buffer tuning for TCP, or are the values locked in at start
time?"




I'm not so sure someone with only 2 years experience would know that.

scott

Re: ARIN

[Scott Weeks]

--- nanog@nanog.org wrote:

I had to do several things in ARIN. The support has team was very 
quick responding, very useful with their recommendations to my 
questions, and had a great attitude towards solving problems.


thank you all ARIN support desk 
--


I mentioned this the last time we had this conversation, but I 
want to say it again.  As mentioned, folks are quick to complain 
and slow to compliment.  So, I want to add a +1 to the original 
email.

I am having my first dealings with them since about 10 years ago.  
And now, just like then, the support folks are stellar in their 
interaction with me.  

Thanks a LOT! :)

scott

Re: mail admins?

[Scott Weeks]

--- m...@mtcc.com wrote:
From: Michael Thomas 

I'm not sure why the admins of nanog's site should 
particularly care about appeasing the js tinfoil hat 
set. i mean, computers computing! who will stop this 
madness!
-


Not the tin foil hat crowd, security.  Computers be
computing with or without security.  Many turn off JS.
Especially in this crowd.  The only time I wanted to 
use the site anyway was to find a thread as I can't 
seem to find them well in search engines.  For example, 
what was the thread about SOHO firewalls and pfsense
not too long ago?  I can't remember what everyone was 
saying about a pfsense replacement as pfsense is no 
longer what it was.  I am having to greenfield my home 
network and want to find a nerdable "dual WAN' firewall.  
That's off topic, though, as it's just a home network 
question.

scott

Re: mail admins?

[Scott Weeks]

--- m...@mtcc.com wrote

> So I should just get used to configuring routers with HTTP and
> Notepad and forget about that nasty, old, 20th century vi crap? :)

No, but complaining about javascript on websites 
-


Just to be clear, I was only complaining about NANOG's site. 
Well, ARIN's, too. I get what you're saying for the internet 
in general.  It seems NANOG could see javascript being 
blocked and redirect folks to a non-insecure (javascript) 
site like others (twitter, for example) do.  Then, I could 
use Lynx! (kidding!) :)

scott

Re: mail admins?

[Scott Weeks]

--- m...@mtcc.com wrote:

From: Michael Thomas 
To: nanog@nanog.org
Subject: Re: mail admins?
Date: Tue, 21 Apr 2020 17:34:36 -0700


On 4/21/20 5:19 PM, Scott Weeks wrote:
>
>
>> I think you just need to let scripts run in your browser for
>> nanog.org.
> sad.  http://nanog.org used to be the brilliant example of a fully
> featured web site sans javascript, flash, ...
> ---
>
>
> I'm not one to plus-one anything, but this should be plus-infinity.
> I whined about it a year or so ago.  Crickets.  I gave up on doing
> anything on the web site because I can't get anything to work
> unless I make my computer less secure.  Sad trend.  More flash and
> trash marketing crap and less network engineering acumen.  Like
> configuring routers from a web browser, rather than a CLI...
>
this ship left port in the 90's. you might as well be an old man yelling 
at clouds. oh wait, randy does kind of resemble grandpa simpson :)
--



So I should just get used to configuring routers with HTTP and 
Notepad and forget about that nasty, old, 20th century vi crap? :)

scott

ps.  One guy I know claims vi is the spawn of satan.

Re: mail admins?

[Scott Weeks]

> I think you just need to let scripts run in your browser for
> nanog.org.

sad.  http://nanog.org used to be the brilliant example of a fully
featured web site sans javascript, flash, ...
---


I'm not one to plus-one anything, but this should be plus-infinity.
I whined about it a year or so ago.  Crickets.  I gave up on doing 
anything on the web site because I can't get anything to work 
unless I make my computer less secure.  Sad trend.  More flash and 
trash marketing crap and less network engineering acumen.  Like 
configuring routers from a web browser, rather than a CLI...

scott

Re: Scientists predict more major hurricanes than normal in 2020 season

[Scott Weeks]

On 4/2/20 10:02 AM, Sean Donelan wrote:
>
> How is ISPs hurricane response planning going?


--- m...@mtcc.com wrote:
From: Michael Thomas 

And a comet too!

https://www.cnet.com/news/brightening-comet-atlas-could-soon-lift-your-gaze-and-spirits-just-a-little/



Relatively well prepared for a hurricane hit, but 
prepared for a comet hit?  Haven't started that 
prep yet... ;-)

scott

Re: CISA critical infrastructure letters

[Scott Weeks]

I got these.  One each for travel and fuel.  I could fake
one in 15 minutes or so.  Heck, I could probable find one 
online and modify it in less time than that! Because of 
that I don't see the usefulness.

scott

Re: free collaborative tools for low BW and losy connections

[Scott Weeks]

Thanks, my facepalm moment of the day (so far; it's 
only 7:30am here) is...

Use tools from the past when the connections everywhere
were losy and slow.  They already mentioned RT.  I'll
mention that and NNTP/UUCP/etc.

scott

free collaborative tools for low BW and losy connections

[Scott Weeks]

Hello,I was watching SDNOG and saw the below conversation recently.  Here is the relavant part:"I
 think this is the concern of all of us, how to work from home and to 
keep same productivity level,, we need collaborative tools to engaging the team.  I am still searching for tool and apps that are free, tolerance the poor internet speed."I know of some free tools and all, but am not aware of the tolerancethey may have to slow speed and (likely) poor internet connections.I was wondering if anyone here has experience with tools that'd work, so I could suggest something to them.I don't know if everyone's aware of what they have been going throughin Sudan (both of them), but it has been a rough life there recently.Thanks!scott Original Message Subject: [sdnog] How to work from homeHi all Hope you are all safe wherever you are,Regards to the current situation around the world , and as we all adviced/forced to start working from home which is not common here in our community , and I know some bosses are not convinced unless they saw you in your desk :D my question is , for simple offices ,with no great infrastructure , just an internet connection to their edge ,how can they work from home ? Is there any free tools /ways  they can use,  what are the options, with taking along the security concernswhat is your advice to achieve that in a proper way , and for those who managed to work from home , how did you do that ? Please share your experience ^_^And how we as "sdnog community" can help in that "for the old fashioned bosses :D"--From: "aseromeru...@hotmail.com" I
 think this is the concern of all of us, how to work from home and to 
keep same productivity level,, we need collaborative tools to engaging 
the team.I am still searching for tool and apps that are free, tolerance the poor internet speed. Any suggestion 

Re: COVID-19 vs. our Networks

[Scott Weeks]

We do about 70-80Gbps at peak over the external 
BGP links we have and I am not seeing a large 
increase nor am I seeing it spread out over time.  
We're an eyeball network plus some really large 
customers.

Anyone else seeing something different?  We're
now into the 3rd day, so I thought I'd see
something change by now.

scott

Re: COVID-19 vs. our Networks

[Scott Weeks]

--- alexandre.petre...@gmail.com wrote:
From: Alexandre Petrescu 
  
That map does not show Texas, as far as I know America 
(USA) geography. 
---


Being raised in Texas in a family that've been there 
for a buncha generations, I know that at least some 
folks there would challange that... :)

https://en.wikipedia.org/wiki/Texas_secession_movements

It was a nation unto itself for over decade:

https://en.wikipedia.org/wiki/Republic_of_Texas



Many old timers are a pretty independent type of people.


scott
ps. traffic is still normal here

Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users

[Scott Weeks]

--- o...@delong.com wrote:
From: Owen DeLong 

For anyone considering enabling DOH, I seriously recommend 
reviewing Paul Vixie’s keynote at SCaLE 18x Saturday morning.

https://www.youtube.com/watch?v=artLJOwToVY

It contains a great deal of food for thought on a variety 
of forms of giving control over to corporations over things 
you probably don’t really want corporations controlling in 
your life.

---



Definitely informative.  I had no idea.  As well Paul Vixie
always sees things from a uniqus PoV.  Thanks for sharing!

I add a +1 that folks should watch this.

scott

Re: China’s Slow Transnational Network

[Scott Weeks]

In fact, Great Canon (GC) [55] is such an in-path system. But it 
is known for intercepting a subset of traffic (based on protocol 
type) only. What’s more, GC has been activated only twice in 
history (the last one in 2015 [55]). 
---


AT security says otherwise:

https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again

The Great Cannon is a distributed denial of service tool (“DDoS”) 
that operates by injecting malicious Javascript into pages served 
from behind the Great Firewall."

"The Great Cannon was the subject of intense research after it was 
used to disrupt access to the website Github.com in 2015. Little 
has been seen of the Great Cannon since 2015. However, we’ve 
recently observed new attacks..."

"On August 31, 2019, the Great Cannon initiated an attack 
against a website (lihkg.com) used by members of the Hong 
Kong democracy movement to plan protests."

scott

Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that

[Scott Weeks]

I can't help myself... :)



My mother in the 1980s: "no one can ever call us because the phone line is 
always busy"

Me with an Osborne 1 and a 300 baud modem:  "We need a second phone line!"  
(https://en.wikipedia.org/wiki/Osborne_1)

My mother: "That's too expensive.  Quit clogging up the phone line with that 
toy!"

Me: 
"Ok...Pshhhkk​kakingkakingkakingtsh​chchchchchchchcch​*ding*ding*ding*" 
  (*)



I never would've guessed in those days that it would provide me an entire 
professional career.

scott



(*) I copied 
Pshhhkk​kakingkakingkakingtsh​chchchchchchchcch​*ding*ding*ding*
from a website as I could not spell that.

Re: akamai yesterday - what in the world was that

[Scott Weeks]

--
On 2/11/20 6:41 PM, Tom Deligiannis wrote:
> There is a major update that has released today, how's everything 
> looking for everyone?
---


Did anyone else notice a big traffic dip from noon to 8pm local time?  
Strange look on the graphs.

scott

Re: akamai yesterday - what in the world was that

[Scott Weeks]

--
On 2/11/20 6:41 PM, Tom Deligiannis wrote:
> There is a major update that has released today, how's everything 
> looking for everyone?
---


eyeball network here...

It shifted our traffic patterns to earlier peaks.  It started at 9am.  
The first peak was at 3pm and the main peak was at 7pm and the traffic
fell back to normal loads at 1am.  There was increased traffic all 
night, though, as our low traffic was still 4-5Gbps over normal lows 
at the 2-5am period.

Normal peak is ~16Gbps, but this one was ~33Gbps almost all on one
inexpensive link.  The other main link showed and increase of about 
8Gbps with a funny dip between noon and 9pm HST.

scott

Re: CISCO 0-day exploits

[Scott Weeks]

--- nanog@nanog.org wrote:
From: "Jean | ddostest.me via NANOG" 

> https://www.armis.com/cdpwn/
>
> What's the impact on your network? Everything is under control?
---

I really thought that more Cisco devices were deployed among NANOG.

I guess that these devices are not used anymore or maybe that I 
understood wrong the severity of this CVE.
---


Just because you use cisco devices doesn't mean you have to use 
their proprietary protocols, such as EIGRP or CDP.  OSPF or LLDP
work just fine and interoperate with other vendors... :)

scott

Re: Hawaii exchange and connection to mainland pops

[Scott Weeks]

--- a.matama...@gmail.com wrote:
From: Antoni Matamalas 

I'm trying to figure out how is the connectivity in the Hawaiian Islands
for a project I have. I'm based in Europe and my knowledge of the details
of the communications in the islands is still limited. The project is based
in the O'ahu island but I'm trying to understand how things are working in
the whole Hawaiian islands (pure professional curiosity). I'm focusing on
two aspects:

* Content delivery and connection to content providers (Google, Apple,
Netflix,...)
* Availability of providers that can supply wavelength between Hawaiian
Islands and the continent (LA, Seattle or other locations)
--




I'm assuming you're talking Commercial only?  DoD is a different 
animal as is UH.

I work for the ILEC and can fill you in on that to a certain 
degree. We have the normal Google/Netflix/Akamai/etc caches.

The population in the state of Hawaii is small.
https://census.hawaii.gov/whats-new-releases/2019-state-population-estimates
On July 1, 2019, the resident population for the State of Hawaii 
was 1,415,872.

And of those about 1 million live on one island: Oahu.  There're 
5 other islands.

We have a lot of trans-pacific fiber landing here, but it mostly 
just transits the island.  Not much gets peeled off to service 
the state due to its size.  The ILEC owns part of SEA-US:
https://www.submarinenetworks.com/systems/trans-pacific/sea-us
and we get service on Hawaiki for South Pacific connectivity.
https://www.submarinenetworks.com/en/systems/australia-usa/hawaiki-cable

Most of the inter-island fiber is owned by the ILEC, which was
bought by Cincinatti Bell, which will be bought by either 
Brookfield Infrastructure or another company whose name isn't 
public yet. (Anyone been bought by BI?  email me, please)

As mentioned in another email HIX is the internet exchange 
managed by UH and DR Fortress connects to that.  We do as 
well:

http://www.hawaii.edu/hix/Hawaii_Internet_Exchange/Home.html

https://www.drfortress.com/about/company-overview/

https://www.drfortress.com/services/internet-exchange/overview/

https://www.drfortress.com/services/internet-exchange/drfxchange/

https://www.drfortress.com/services/internet-exchange/peering-and-connectivity/

scott

Re: cisco nexus 9000 cctrl ERROR

[Scott Weeks]

--- bs...@teamonesolutions.com wrote:From: Brandon Svec Anyone can create a Cisco login.  I would do that and check the bug tracking tool.  I did a quick search on your error message and came up with this:I was unaware that anyone could do that as I have been away from cisco for a good while now.  Thank you both for the quick response.  It helped a lot!scott

cisco nexus 9000 cctrl ERROR

[Scott Weeks]

I don't have a login to cisco to find out what this 
is and I'm having trouble finding anything about it 
in search engines that doesn't require a login to 
cisco.  I guess they only want certain folks to know 
about it... :(  Does anyone know anything about this 
and can explain it to me?  If not, I'll go join 
cisco-nsp and ask there.


%KERN-3-SYSTEM_MSG: [65292299.903992]  - kernel

%KERN-3-SYSTEM_MSG: [66730914.839059] cctrl ERROR: 
cctrl_wait_for_pmbio_busy_status NACK error tmp_data 3b19600 - kernel

%KERN-3-SYSTEM_MSG: [67511639.312284] cctrl ERROR: 
cctrl_wait_for_pmbio_busy_status NACK error tmp_data 1b18100 - kernel


Those last numbers after tmp_data repeat over and over.

Thanks!
scott

please block servicefinder-kundservice.se

[Scott Weeks]

I resort to this again because I have sent email to admin,
had an email conversation with someone at NANOG (who is 
reading the list, I'm sure) and sent to the main list 
previously.  Also, others have complained here about the 
same autoresponder.

Please block this.  I get an email from them every time
we respond to the list.

scott



MIME-Version:   1.0
X-Google-Original-From: nanog@nanog.org
In-Reply-To:<20200102140348.30d...@m0117459.ppops.net>
X-Mailer:   Desk.com Support Platform
Content-Type:   multipart/alternative; 
boundary=mimepart_5e0e694ec6881_fcee3fa5196d9324185880
Message-ID: 
<5e0e694a7c046_1a3b13fec074d9328213...@servicefinder-kundservice.se>
Reply-To:   nanog@nanog.org
X-Received: by 2002:a17:902:fe98:: with SMTP id 
x24mr88078733plm.155.1578002767934; Thu, 02 Jan 2020 14:06:07 -0800 (PST)

Received:   from mail-pl1-f172.google.com (mail-pl1-f172.google.com 
[209.85.214.172])by m0116275.mta.everyone.net (EON-INBOUND) with ESMTP id 
m0116275.5dc217b6.11c6bd0for ; Thu, 2 Jan 2020 14:06:09 
-0800

by mail-pl1-f172.google.com with SMTP id g6so18335892plt.2 for 
; Thu, 02 Jan 2020 14:06:09 -0800 (PST)

from delayed-be-usw1c-04.internal.desk.com 
(ec2-54-241-38-66.us-west-1.compute.amazonaws.com. [54.241.38.66]) by 
smtp.gmail.com with ESMTPSA id i127sm67580843pfc.55.2020.01.02.14.06.06 for 
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 
bits=128/128); Thu, 02 Jan 2020 14:06:07 -0800 (PST)

X-Google-SMTP-Source:   
APXvYqze6Ii/ETQC1QG3kiX5U9tkqjiGY8ag8p5QouCiRfzP/5jDBh9BVhylmWL75beyXkCX+SUX8A==
X-Eon-DM:   m0116275.ppops.net
Subject:ServiceFinder: Ärendenummer 185897
Return-Path:


Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; 
d=servicefinder-com.20150623.gappssmtp.com; s=20150623; 
h=from:date:reply-to:to:message-id:in-reply-to:subject:mime-version; 
bh=CmyhFklukE5vTFzzo4EsDP1hM3yGEviWCJuyYmYbApc=; 
b=QIuRiEFG7HqV0Ip9Z9D/jbWS922hEAcpH1965kKlEfzxCavGKWhkZuBP4o5XLNGwH4 
Mku7ZPz0plXKh86H0MWlCoKLeYbVg3S4Lw+dpP3YF0vEdfeMNOJo/vIlfWuZ0AY+t/fj 
J9fNi9Tr+b9Rm1nUywilHMbYUGCRSur8Xjh8ZtpmaaHAqMwLZ6/lEgbrJtvGOWd3ZHT2 
+imxWlrnhTrL5n71tAxfkhZ1nl4tEOxto+Szr2Tv933S91W21JciaB74MiM/qe58LSg3 
5EOdccl1V8q15CBGL0Jvr+dHLzrd11aLlTF+Pp55pNxsDgE/G03MTU8bLEmrI7M3dCpN k+Cg==

X-Google-Dkim-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed; 
d=1e100.net; s=20161025; 
h=x-gm-message-state:from:date:reply-to:to:message-id:in-reply-to 
:subject:mime-version; bh=CmyhFklukE5vTFzzo4EsDP1hM3yGEviWCJuyYmYbApc=; 
b=D6IEnflaUU6dG+ssr79vdk3iw7nSLPwwheHHpDWnRsiFt6FdoNCh9BZ6PyFiZkbmPo 
L2bIt/mGb0j99L3GDmac/lJUUpHHS/XOW5sS1OMj+zSJu7rLDchLSkFsJHAmWJEAk0Af 
2wivow/Qr5hUvqUYJmPK6qDAn2hM5Y1Bz9KByMpTwMvmnLzwERefcxEaRXXlLbyclCfx 
12wl56VQP/IxE1azDlLKExGNR0u9VJKB8BTMzl4hFRYXFL8GBcjR5/JXei6Ld0IYy5/f 
mvTOjVZ+EXlYQVo+XzoCF88q5S5JI5IGn/gF+HAhGscORcFK1rqdOJDJf97tn1bUgiL7 ISqw==

Date:   Thu, 2 Jan 2020 22:06:06 +
To: sur...@mauigateway.com
X-GM-Message-State: 
APjAAAUAq9G57eo7rjhSO5QUcw0c4p4TAHsAidALbc/UjqsbVMGhfDIcjEj3gCWCCs6Qd+N49yUirDQg3kr0l3Y=
From:   i...@servicefinder.com


 
Vänligen skriv endast ovanför denna markering när du svarar på meddelandet.
Hej Scott Weeks,
Tack för din fråga!

Vi har nu registrerat ditt ärende och du kommer inom kort att bli kontaktad av 
oss på Kundservice.

Du kan också få hjälp själv via vårt Support Center på 
www.support.servicefinder.se.

Du har ärendenummer 185897 – och alla våra ärenden hanteras i den turordning 
som de kommer in.

Vi kontaktar dig så snart vi bara kan, din fråga är viktig för oss.

Ha en fortsatt bra dag,
--

Med vänliga hälsningar
Kundservice

Öppettider: Vardagar 9-17 | Växel: 08-653 00 00
Hemsida: www.servicefinder.se   ServiceFinder.se
--
Detta meddelande skickades till sur...@mauigateway.com med hänvisning till 
ärende 185897.

Re: power to the internet

[Scott Weeks]

-
> I don't know where you live, but I pay around 38 cents/KWh. Depending
> on your rate, that can go up to 53 cents/KWh during peak times.

I live in upstate New York where I pay about 8c/kwh and a fixed $15/mo 
connection charge.  We have day/night rates available but they're not very 
different for retail customers.  I get a slight discount due to credits
from remote net metering at a nearby solar farm.
--


Damn, I'm jealous:

https://www.hawaiianelectric.com/billing-and-payment/rates-and-regulations/average-price-of-electricity

These're averaged...

Rate Schedule  2018 Average Cents/kWh

Oahu
"R" Residential 31.18
"G" Small Power Use Business32.58
"J" Medium Power Use Business   27.44
"P" Large Power Use Business25.17
"DS" Large Power Use Business, Directly Served  24.04

maui/molokai/lanai
"R" Residential 34.21   40.16   40.14
"G" Small Power Use Business38.40   47.17   45.09
"J" Medium Power Use Business   33.53   38.98   42.73
"P" Large Power Use Business30.80   33.05   38.78

scott

Re: Iran cuts 95% of Internet traffic

[Scott Weeks]

--- jhellent...@dataix.net wrote:
From: "J. Hellenthal" 

Yeah sorry to say any email list or not is going to be one 
of the things that are not going to get through unless ... 
you’ve taken extra measures to circumvent that.

Personally, email would be the easiest to block behind 
riuting.
---


After I sent the email I started to realize I likely 
misunderstood.  I hesitated to correct that to the list, 
but here I go. :)


> queues can be written to media, physically transported 
> in/out, and then injected either into an internal or 
> external network seamlessly modulo the time delay.

I believe he meant similar to *nix boxes where you could 
just copy the files in $HOME/mail (or where ever it is) 
onto media and once the data is out of the country it can 
be copied onto another mail system's $HOME/mail and then 
shared with the unblocked part of the internet.  Not a 
user account on somethingmail.com, but rather the entire 
$HOME/mail of all accounts and mailed to someone else who 
is somewhere else on a regular basis.  Also, the reverse 
path for receiving mail in the repressive country.

A good idea either way.  KISS works. :)

scott
















-- 
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a 
lot about anticipated traffic volume.

> On Dec 29, 2019, at 15:57, Scott Weeks  wrote:
> 
> 
> 
> :: If you're trying to get information in/out of a 
> :: society that is raising network barriers to 
> :: realtime communication, then you need methods 
> :: that don't rely on a network and aren't realtime.
> 
> 
> This is a great idea, but 99.9% of folks use GUI
> email. :-(
> 
> scott
> 
> 
> 
> 
> --- r...@gsp.org wrote:
> 
> From: Rich Kulawiec 
> To: nanog@nanog.org
> Subject: Re: Iran cuts 95% of Internet traffic
> Date: Sun, 29 Dec 2019 09:11:23 -0500
> 
> 
> And this is why, despite all the disdainful remarks labeling such
> things as "antiquated", mailing lists and Usenet newsgroups are vastly
> superior to web sites/message boards/et.al. when it comes to facilitating
> many-to-many communications between people.  Why?  Well, there are many
> reasons, but one of the applicable ones in this use case is that their
> queues can be written to media, physically transported in/out, and then
> injected either into an internal or external network seamlessly modulo the
> time delay.  And because the computing resources required to handle this
> are in any laptop or desktop made in the last decade, probably earlier.
> 
> If you're trying to get information in/out of a society that is raising
> network barriers to realtime communication, then you need methods that
> don't rely on a network and aren't realtime.
> 
> ---rsk
> 
> 
> 

Re: Iran cuts 95% of Internet traffic

[Scott Weeks]

:: If you're trying to get information in/out of a 
:: society that is raising network barriers to 
:: realtime communication, then you need methods 
:: that don't rely on a network and aren't realtime.


This is a great idea, but 99.9% of folks use GUI
email. :-(

scott




--- r...@gsp.org wrote:

From: Rich Kulawiec 
To: nanog@nanog.org
Subject: Re: Iran cuts 95% of Internet traffic
Date: Sun, 29 Dec 2019 09:11:23 -0500


And this is why, despite all the disdainful remarks labeling such
things as "antiquated", mailing lists and Usenet newsgroups are vastly
superior to web sites/message boards/et.al. when it comes to facilitating
many-to-many communications between people.  Why?  Well, there are many
reasons, but one of the applicable ones in this use case is that their
queues can be written to media, physically transported in/out, and then
injected either into an internal or external network seamlessly modulo the
time delay.  And because the computing resources required to handle this
are in any laptop or desktop made in the last decade, probably earlier.

If you're trying to get information in/out of a society that is raising
network barriers to realtime communication, then you need methods that
don't rely on a network and aren't realtime.

---rsk

Re: Thursday: Internet outage eastern Europe Iran and Turkey

[Scott Weeks]

--- morrowc.li...@gmail.com wrote:
From: Christopher Morrow 
On Sat, Dec 21, 2019 at 11:53 PM Scott Weeks  wrote:

> --- morrowc.li...@gmail.com wrote:
> From: Christopher Morrow 
>
> I do think the overall conversation about nation states
> disabling internet (which is not likely the case with
> Sean's original post?) is nanog-worthy.
> --
>
> Yes, I believe you're correct for the most part.  I just
> was more interested in the technical parts and there is
> a global audience here that may have insight as to how
> that part of the network is working.  I can easily see
> how that would get out of control.  But, how are they
> configuring their network elements to block is my
> question.  (DPI? BGP? etc.)

ah! ok... I imagine there are a few knobs for each sort of thing that
can get turned. I think we've seen over the years at least:
  1) turkey blocking access to 8.8.8.8
   (looked like mostly done with static /32's?)

  2) egypt turning off internet for the country
 (prior to overthrow? - I believe 'phone calls to providers' was
renesys's conclusion)
 https://dyn.com/blog/egypt-leaves-the-internet/
this article points at tunisia and iran as well.

  3) pktelecom bgp routery making youtube less cat and more pain.
   https://dyn.com › blog › pakistan-hijacks-youtube-1

  4) prc firewall - forms of mostly DPI packet skullduggery
   blocking random http (really tcp traffic), specific DNS RRs,
disrupting/blocking various VPN technologies

I'd say it probably depends a bunch on whom is doing the poking, for
how long they plan
to make this work/not-work and the tools they have immediately available :(

Figuring more of this out seems like a good plan though... I'm not
sure trying to
actively subvert any of these nation state actions is particularly
smart/healthy though :(
  (note: i don't think YOU/scott are looking for this last part, but
generally speaking...
   it seems like folk put themselves in a bad place if/when they
attempt to get around
   a nationstate's actions, particularly from inside that nationstate)
---


Thanks, I have left this on the list for now.  I can go off list 
if necessary.

That's good information.  Does Dyn put this out regularly or just 
for certain events?  I knew about 1-3, but how do folks find out 
about 4?

:: Figuring more of this out seems like a good plan though...

What I would like to find out is something like "the XXXcountry
part of the network is unreachable via BGP/DNS/at all (firewall 
drops)" or something like that.  It would be interesting to see 
how the different blocks are technically implemented and how that 
changes over time.

And, no, I'm not looking to subvert those things.  I live in the 
US where they do everything sneakily (ATT closet in SF still 
going?) but I wonder why microwave over the border or satellite 
isn't used.  Then ad-hoc jumped through the country.  I guess the 
getting killed or jailed if you get caught thing is why?

I dunno, it is just an interesting thing to me.

scott

Re: Thursday: Internet outage eastern Europe Iran and Turkey

[Scott Weeks]

--- morrowc.li...@gmail.com wrote:
From: Christopher Morrow 

I do think the overall conversation about nation states 
disabling internet (which is not likely the case with 
Sean's original post?) is nanog-worthy.
--


Yes, I believe you're correct for the most part.  I just
was more interested in the technical parts and there is
a global audience here that may have insight as to how
that part of the network is working.  I can easily see 
how that would get out of control.  But, how are they 
configuring their network elements to block is my 
question.  (DPI? BGP? etc.)

scott

javascript just to email the admins :(

[Scott Weeks]

X3wg79X9l41rfGF4dQC 
Xkka2IykcN2b+2rpYM4VCHQ28LWtBEjlznq8nNddO6V+eH6cVAOoVhAFkFVJbeD9QNHx 
t52AKb+XTBcxv7jfT+SbGJjLzhsquT0xEFmMQsBPqEeb4Rt24KEbwfmHhPTg5T0uyDW7 9i+w==

X-Google-Dkim-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed; 
d=1e100.net; s=20161025; 
h=x-gm-message-state:from:date:reply-to:to:message-id:in-reply-to 
:subject:mime-version; bh=AUZb1VOf2RbCoIpNW/MKWz+SC2n9UZdx/xRe60MVz2g=; 
b=f0lhUuEkCNOFN20pu3E5CNxMKBjMV50x0aQ+sz9tqgHXfQfoTrRevr8E85iBfprjjI 
X4z/Y+rgA7u8nBEfrekE0k4l4erUxj35k1i47gyBd4X4pXbreROvYPgxKEcEaEjdWHo+ 
DRlqWiUkzvUFtThUiYlIpjFIdohzMm7x6kLCzMsOYwSmWoWnzTLQFzzkwXyqeiysyGl1 
xLwa9eJTuuGUWhAKHdops3OCOuRE9uRFJXfuSBjcq58mb0vo9UBoWee3sOjS6ppweHyu 
djrkFAHNi4WQxYzFnU4VySU5uoblzmaVaVWZz8OY0hW61QHIYd8QQZXAef/GCBAEZLCU hUDQ==

Date:   Sat, 21 Dec 2019 23:24:00 +

To: sur...@mauigateway.com

X-GM-Message-State: 
APjAAAU4uaCfoofYxJwyG6p0f1ph3aN+Pu7AjE4tff5HkE6zC3IotHA6tRA/YN6c3OPHsOzbGk69dq+d+yNPKx0=

From:   i...@servicefinder.com



Attachments
NameTypeSaveView
Part 1  text/plain  Save 
Part 2  text/html   Save 
Vänligen skriv endast ovanför denna markering när du svarar på meddelandet.
Hej Scott Weeks,
Tack för din fråga!

Vi har nu registrerat ditt ärende och du kommer inom kort att bli kontaktad av 
oss på Kundservice.

Du kan också få hjälp själv via vårt Support Center på 
www.support.servicefinder.se.

Du har ärendenummer 185004 – och alla våra ärenden hanteras i den turordning 
som de kommer in.

Vi kontaktar dig så snart vi bara kan, din fråga är viktig för oss.

Ha en fortsatt bra dag,
--

Med vänliga hälsningar
Kundservice

Öppettider: Vardagar 9-17 | Växel: 08-653 00 00
Hemsida: www.servicefinder.se   ServiceFinder.se
--
Detta meddelande skickades till sur...@mauigateway.com med hänvisning till 
ärende 185004.

Re: Thursday: Internet outage eastern Europe Iran and Turkey

[Scott Weeks]

--- s...@donelan.com wrote:
From: Sean Donelan 

I hadn't seen messages about this Internet outage affecting multiple 
countries (Eastern Europe, Turkey and Iran) from Thursday.

Multiple fiber cuts affecting major parts of sub-continents don't happen 
as much any more. Yes, I still remember the day of FIVE (5) simultaneous, 
trans-continental fiber cuts in the USA.  I was busy :-)

I don't know if Internet route diversity has improved... or people aren't 
sending me messages about them anymore.
-

I have become quite interested in this lately.  I don't send them
to the list as no one seemed interested when I sent them before.  
For example, India as been turning off the internet like they turn 
the lights:

https://internetshutdowns.in/


Kashmir has been without internet for over 100 days:

https://guardian.ng/news/world/restive-kashmir-marks-100-days-since-india-stripped-autonomy/

Just think how you'd do anything without internet for 100+ days!





Usually after a country as 3 or 4 major egress points, large-scale 
unintentional internet outages are relatively rare. Countries with only 
1 or 2 egress points still have lots of problems.


I'm not so sure 3-4 is a large enough number.  Many countries are
copying China in information repression (among other things) which 
includes building in the ability to turn off internet access
(internationally as well as intranationally) as their network is 
built out. Funny that one thing something as large as a country 
is afraid of is normal folks talking to each other freely.  They
really don't like the end-to-end principle. :)

scott






https://www.bbc.com/news/technology-50851420

Severed fibre optic cables disrupted internet access in parts of eastern 
Europe, Iran and Turkey on Thursday.

The issue, which lasted for about two hours, was caused by multiple fibre 
cables being physically cut at the same time, a highly unusual thing to 
happen.
[...]

Re: RIPE our of IPv4

[Scott Weeks]

--- sur...@mauigateway.com wrote:
From: "Scott Weeks" 

No, it's just that (at least in my case at several different
companies) we're so focused by management on getting the sale
done by augmenting the existing network there is not enough 
time to devote to **planning an entire network from the 
ground up**, then working your plan.  The other way (just 
start configuring stuff) is replete with troubles.

BTW, I have been the IPv6 loudmouth every time, but I don't 
get any traction at all in any of the companies I've worked 
for.  Eyes gloss over and someone quickly changes the 
conversation.  Then we talk about sizing subnets and stuff...
-


BTW, what Mark Andrews said about 6rd fixes (I'm assuming 
a relatively low level of network architecturing work is 
necessary to get it done) what I am saying, but it feels 
so dirty.  I would like to go straight to dual stack.

scott

Re: RIPE our of IPv4

[Scott Weeks]

--- bran...@rd.bbc.co.uk wrote:
From: Brandon Butterworth 

If you're an internet professional you are a negligent one if by
now you are not ensuring all you build quietly includes IPv6, no
customer should need to know to ask for it. It's not like it
needs different kit.
-


No, it's just that (at least in my case at several different
companies) we're so focused by management on getting the sale
done by augmenting the existing network there is not enough 
time to devote to **planning an entire network from the 
ground up**, then working your plan.  The other way (just 
start configuring stuff) is replete with troubles.

BTW, I have been the IPv6 loudmouth every time, but I don't 
get any traction at all in any of the companies I've worked 
for.  Eyes gloss over and someone quickly changes the 
conversation.  Then we talk about sizing subnets and stuff...

scott

Re: RIPE our of IPv4

[Scott Weeks]

--- cb.li...@gmail.com wrote:
From: Ca By 

If your business is dysfunctional, that is a different 
issue from ipv6 being dysfunctional.
-


I was just expressing the problems eyeball networks are 
having getting this done.  Shittons of stuff is out there 
in the CPE that mobile and DC networks do not have to deal 
with.  The suits are looking at the short term cost/risk.

scott

Re: RIPE our of IPv4

[Scott Weeks]

--- c...@firsthand.net wrote:
From: Christian 

Sounds like your company is about to go offline. So I will 
say bye bye for now just in case it happens faster than you 
expected.
-


Speaking of flippant...  No the ILEC has been here since the 
1800s.  I don't think it's going anywhere fast.

scott

Re: RIPE our of IPv4

[Scott Weeks]

Top posting...

-
:: But it is not that simple in the real corporate world. 
:: Execs have bonus targets.

Why would an exec care?  Ipv6 is just normal work like ipv4.
-

No, you have to make purchases and have folks across the 
company do work to get everything going.  Refocusing folks 
work on deploying IPv6 to *everything* (rather than, say, 
getting that shiny new Nokia 7750 deployed so we can sell 
more services) costs money.  Ancient boxen are out here 
and don't support aye pee vee six well or at all.  Getting 
ones that do costs money.  Training lower level folks takes 
them away from their current work and costs money.  Etc.

::> - Modifying old (ancient) internal code;
:: Ancient in 2019 means what? Is this code not in security 
:: compliance ?

I recently started back with a company after being gone nine 
years.  My code was still running and no one in neteng had 
the knowledge of how to do anything with it much less to try 
to write in IPv6 sections.  To take an SA and look into the 
networking code I wrote takes them away from things they
need to do to sell services.  That costs money.

What Sabri wrote hit home here.  Folks are not looking into 
it and will wait until forced to do so.  Then said companies 
will be behind the ball in a big way, but that it what it is 
here and in the other companies I worked for.

A lot of this read to me as flippant.  You don't seem to be 
willing to listen to those of us out here on the raggedy 
edges. I've said what Sabri said at least a few times on this 
list.

scott





--- cb.li...@gmail.com wrote:

From: Ca By 
To: Sabri Berisha 
Cc: nanog 
Subject: Re: RIPE our of IPv4
Date: Tue, 26 Nov 2019 15:11:40 -0800

On Tue, Nov 26, 2019 at 12:15 AM Sabri Berisha 
wrote:

> - On Nov 26, 2019, at 1:36 AM, Doug Barton do...@dougbarton.us wrote:
>
> > I get that some people still don't like it, but the answer is IPv6. Or,
> > folks can keep playing NAT games, etc. But one wonders at what point
> > rolling out IPv6 costs less than all the fun you get with [CG]NAT.
>
> When the MBAs start realizing the risk of not deploying it.
>

Hey, i have an mba. That and $5 will get me cup of coffee.


> I have some inside knowledge about the IPv6 efforts of a large eyeball
> network.


Me too.

In that particular case, the cost of deploying IPv6 internally is not
> simply configuring it on the network gear; that has already been done. The
> cost of fully supporting IPv6 includes (but is probably not limited to):
>
> - Support for deploying IPv6 across more than 20 different teams;


Wow.  I support 80M mobile subscribers, 90% of which are ipv6-only.  I
think 20 people in the company can spell ipv6, but somehow you need 20
teams how many teams speak ipv4 ?


> - Modifying old (ancient) internal code;


Ancient in 2019 means what? Is this code not in security compliance ?


> - Modifying old (ancient) database structures (think 16 character fields
> for IP addresses);


Hash 128 bits into 240/4 is how i heard Google handled it early on


> - Upgrading/replacing load balancers and other legacy crap that only
> support IPv4 (yeah, they still exist);


Again, with all the CVEs, this code is always moving in the real world.


> - Modifying the countless home-grown tools that automate firewalls etc;


Home grown means it can be fixed instead of replaced.


> - Auditing the PCI infrastructure to ensure it is still compliant after
> deploying IPv6;
>

Ah, so you are keeping up with compliance / cve and are upgrading at
regular intervals?



> If it was as simple as upgrading a few IP stacks here and there, it would
> be a non-issue.
>

Usually is just a few edge stacks to start and scale the edge


> Don't get me wrong, I'm not advocating against IPv6 deployment; on the
> contrary. But it is not that simple in the real corporate world. Execs have
> bonus targets.


Why would an exec care?  Ipv6 is just normal work like ipv4.

IPv6 is not yet important enough to become part of that bonus target:


The bonus target was normal business continuity planning... in 2008.  Sorry
you missed that one.  Here you go, just put 1 in 2009 to make it 2019 so
you dont look so bad

https://www.arin.net/vault/knowledge/about_resources/ceo_letter.pdf


there is no ROI at this point. In this kind of environment there needs to
> be a strong case to invest the capex to support IPv6.
>
> IPv6 must be supported on the CxO level in order to be deployed.
>
> Thanks,
>
> Sabri, (Badum tsss) MBA


I seewell let me translate it you MBA-eese for you:

FANG deployed ipv6 nearly 10 years ago. Since deploying ipv6, the cohort
experienced 300% CAGR. Also, everything is mobile, and all mobile providers
in the usa offer ipv6 by default in most cases. Latency! Scale! As your
company launches its digital transformation iot 2020 virtualization
container initiatives, ipv6 will be an integral part of staying relevant on
the blockchain.  Also, FANG 

Re: RIPE our of IPv4

[Scott Weeks]

> RIPE isn’t dead… Just IPv4.



--- jeffshu...@sctcweb.com wrote:
From: Jeff Shultz 

Hard to say that something that is in full implementation 
and use is dead.
---


Ok...  In the process of dying a slow, painful, agonizing, 
brutal, sickening, won't-just-up-and-friggin-die-already 
death.  Does that work? :)

scott

Re: Iran cuts 95% of Internet traffic

[Scott Weeks]

--- eric.kuh...@gmail.com wrote:
From: Eric Kuhnke 

The vast majority of Iranian ISPs' international transit 
connectivity is through AS12880 DCI , which is a government 
run telecom authority. Google "AS12880 DCI Iran" for more 
info. DCI is also responsible for layer 2 transport and 
DWDM services for smaller downstream ISPs, on other
international terrestrial fiber links, which are opaque to 
us NANOG list people from the perspective of global v4/v6 
routing table/prefix announcement analysis.
-



Quoting a journalist, so

https://www.theguardian.com/world/2019/nov/21/irans-digital-shutdown-other-regimes-will-be-watching-closely

First quote out of order from the article:

"Internet penetration and complexity has vastly grown in Iran 
over the past decade, but the country’s users still connect 
to the global network through just two gateways. Both are 
controlled by the regime, and can be blocked when it chooses."





"Access to the internet is gradually being restored in Iran 
after an unprecedented five-day shutdown that cut its population 
off from the rest of the world and suppressed news of the 
deadliest unrest since the country’s 1979 revolution."

"The internet-freedom group Access Now recorded 75 internet
outages in 2016, which more than doubled to 196 last year."

"Iranians were cut off from the global internet, but 
internally, networks appeared to be functioning relatively 
normally."

"the Iranian government has been working to develop the 
so-called “halal net”, a closed-off version of the internet 
similar to China’s “great firewall”. Iran has been 
pressuring businesses to shift their operations inside the 
country on to what it calls the National Information Network, 
which now boasts its own banking platforms, industrial 
services and messaging apps – ones that activists believe 
are closely surveilled by authorities."



"The Trump sanctions have actually made it easier for Iran 
to seal its citizens off from the global internet ... Many 
Iranian tech firms have been left with no option but to use 
the Islamic Republic’s internal network and infrastructure 
instead."  (reordered quote)

"The last time Iran attempted to choke off access, during 
unrest in January 2018, it was forced to open connections 
again after just 30 minutes, Rashidi says.

“It was a disaster,” he says. “Nothing was working: all 
the government offices, hospitals, financial services 
were gone ... they’ve discovered a lot of things do need 
access to the outside world”

This time, it appears to have gone more smoothly: two 
sources able to monitor internet traffic inside Iran 
confirmed to the Guardian there was no significant 
disruption, indicating hospitals, financial software 
and even ride-sharing apps were still able to function, 
even as Iranians were unable to connect to websites 
such as Google."

"Other authoritarian governments are pursuing a similar 
path. This month, Russia implemented a new law requiring 
ISPs to install equipment better able to identify the 
source of web traffic, as part of a strategy to one day 
be able to completely re-route the Russian internet 
through state-controlled data points."

  :)

“Regimes around the world will be watching very closely 
both the public response and the response of the 
international community,” he says. “If it turns out 
this is feasible to implement, they will see there is 
no political cost.”

scott

OT: RE: Iran cuts 95% of Internet traffic

[Scott Weeks]

--- t...@wicks.co.nz wrote:
From: "Tony Wicks" 

I guess all these governments who like to control...



The wierd thing to me is the one thing governments are afraid 
of is people talking to each other without restriction.  Not 
this or that, rather just people talking freely.  WTF...

scott

 

 

 

Re: Iran cuts 95% of Internet traffic

[Scott Weeks]

--- s...@donelan.com wrote:
From: Sean Donelan 

Its very practical for a country to cut 95%+ of its Internet connectivity. 
Its not a complete cut-off, there is some limited connectivity. But for 
most ordinary individuals, their communication channels are cut-off.

https://twitter.com/netblocks/status/1196366347938271232
--


Does anyone know the network mechanics of how this happens?  For
example, do all fiber connections go through a governmant choke
point for suppression?  If so, what's to stop ubiquity-style 
microwave over the border to sympathetic folks on the other side?  

scott

Re: TCP and anycast (was Re: ECN)

[Scott Weeks]

--- ra...@psg.com wrote:
lots of good research lit on catchment topology of anycasted 
dns, which is very non-local.
---


For the others here that didn't know what that is and are 
curious.  I couldn't take it and just had to know... :)

https://tools.ietf.org/html/rfc4786

Catchment:  in physical geography, an area drained by a river, also
  known as a drainage basin.  By analogy, as used in this document,
  the topological region of a network within which packets directed
  at an Anycast Address are routed to one particular node.

scott

Re: Russian government’s disconnection test

[Scott Weeks]

--- sur...@mauigateway.com wrote:
From: "Scott Weeks" 

Anyone got any technical info on how Russia plans to execute 
a disconnection test of the internet?  



Got crickets, so now I have to respond to my own post on 
what I just found out about it.  Is that like talking to 
yourself? :)

https://www.npr.org/2019/11/01/775366588/russian-law-takes-effect-that-gives-government-sweeping-power-over-internet

"The "sovereign Internet law," as the government calls it, 
greatly enhances the Kremlin's control over the Web. It was 
passed earlier this year and allows Russia's government to 
cut off the Internet completely or from traffic outside 
Russia "in an emergency," as the BBC reported. But some of 
the applications could be more subtle, like the ability to 
block a single post."

"The equipment would conduct what's known as "deep packet 
inspection," an advanced way to filter network traffic. 

"Regardless of what the government intends, some experts 
think it would be technically difficult for Russia to 
actually close its network if it wanted to, because of the 
sheer number of its international connections."

"What I found was that there were hundreds of existing 
Internet exchange points in Russia, some of which have 
hundreds of participants...Many of them are international 
network providers, he says, so "basically it's challenging 
— if not impossible, I think — to completely isolate the 
Russian Internet."

Belson says that the requirement for Internet service 
providers to install tracking software will very likely 
also be challenging in practice. He adds that it will be 
difficult to get hundreds of providers to deploy it and 
hard to coordinate that they're all filtering the same 
content.

scott

Russian government’s disconnection test

[Scott Weeks]

Anyone got any technical info on how Russia plans to execute a 
disconnection test of the internet?  I am starting to see this 
on web sites again: 

https://slate.com/technology/2019/10/russia-runet-disconnection-domestic-internet.html

and started wondering how they plan to do that?  DNS? firewalls?
Shut off optics on fiber?  Stop satellite comms?  What about 
microwave?

https://aviatnetworks.com/solutions/ip-mpls-microwave


"Russia plans to execute a so-called disconnection test of the 
internet sometime in October—right ahead of Nov. 1, when a new 
law about domestic internet kicks into gear. Russia plans to then 
repeat this test at least once a year."

"For one, “equipment is being installed on the networks of 
major telecom operators,” Alexander Zharov, head of Roskomnadzor, 
told reporters."


scott

Re: Quantum Internet Article - Netherlands

[Scott Weeks]

--- rod.b...@unitedcablecompany.com wrote:

https://www.quantamagazine.org/stephanie-wehner-is-designing-a-quantum-internet-20190925/
[https://d2r55xnwy6nx47.cloudfront.net/uploads/2019/09/WehnerQA_1200x630.jpg]
To Invent a Quantum Internet - Quanta 
Magazine
Fifty years after the current internet was born, the physicist and computer 
scientist Stephanie Wehner is planning and designing the next internet — a 
quantum one. The first data ever transmitted over Arpanet, the precursor of the 
internet, blipped from a computer at the University of California ...
www.quantamagazine.org
-


Also see IRTF's Qirg.   https://irtf.org/qirg

scott

RE: IPv6 Pain Experiment

[Scott Weeks]

--- aar...@gvtc.com wrote:
From: "Aaron Gould" 

Thank God for DNS  ;)



No, just Paul Mockapetris... :-)

https://en.wikipedia.org/wiki/Paul_Mockapetris

scott

Re: IPv6 Thought Experiment

[Scott Weeks]

--
“MUST NOT support IPv4”..

I think a good start would be: "MUST support IPv6"!
---


Woah, there!  Hold your horses.  It's only been 20-something 
years.  You can't expect these things to happen overnight!  

>;-)
scott

RE: Colombia Network Operators Group

[Scott Weeks]

>-Original Message-
>From: NANOG  On Behalf Of Scott Weeks
>--- meh...@akcin.net wrote:
>From: Mehmet Akcin 
>
>Few people who is doing a lot of work in Colombia, we decided to start
>Colombia network operators group and arrange local meetups, provide
>people
>support who want to have infrastructure here.
>
>Feel free to join www.nog.com.co and our first face to face meeting will
>be
>in december, date to be announced soon!
>-


>For whatever reason, cisco is not happy with the site:
>
>"This site is blocked due to a security threat that was discovered by
>the Cisco Umbrella security researchers."



--- kmedc...@dessus.com wrote:
From: "Keith Medcalf" 

Fascinating.  What is the security threat I wonder, that there is no 
JavaScript?
---



I don't know.  New job with new security stuff (that I don't have 
anything to do with) and I am sure I'm not the one, so I thought 
I'd let folks know.

scott

Re: Colombia Network Operators Group

[Scott Weeks]

--- meh...@akcin.net wrote:
From: Mehmet Akcin 

Few people who is doing a lot of work in Colombia, we decided to start
Colombia network operators group and arrange local meetups, provide people
support who want to have infrastructure here.

Feel free to join www.nog.com.co and our first face to face meeting will be
in december, date to be announced soon!
-



For whatever reason, cisco is not happy with the site:

"This site is blocked due to a security threat that was discovered by 
the Cisco Umbrella security researchers."

scott

Re: Art and Tech is madness

[Scott Weeks]

--- cb...@gizmopartners.com wrote:
From: Chris Boyd 

There’s also this gem from 2005 or 2007 days. I’ve heard Cisco staff was 
involved in its creation.
http://www.mattzrelak.com/mp3/t1down.htm
--



At work...

==
This site is blocked due to a security threat.

www.mattzrelak.com

This site is blocked due to a security threat that was discovered by the 
Cisco Umbrella security researchers.

Report an incorrect block 
=


scott

list admin contact is only a web gui???

[Scott Weeks]

We can only get to the list admins through a GUI (ewww) 
now days, or am I having drinks on the beach and not 
finding it on the web site because of that?

Please stop this guy.  Four of these for every post.

scott


--- Begin forwarded message:

From: 
To: 
Subject:
Date: 01 Sep 2019 20:06:08 EDT

Message to 7867650...@email.uscc.net failed.

Re: Weekly Routing Table Report

[Scott Weeks]

--- mo...@necom830.hpcl.titech.ac.jp wrote:
From: Masataka Ohta 
Scott Weeks wrote:

> I have been reading your posts on IETF and here regarding the
> above and I'm curious as to your thoughts on John Day's RINA.

As you give no reference, let's rely on wikipedia

https://en.wikipedia.org/wiki/Recursive_Internetwork_Architecture



Yes, my apologies for no reference.  Further, I have no URL to
point to as I read the book. (actual book; no e-something)

Here's something:  http://pouzinsociety.org

Like the book, in the Wikipedia article you have to get through 
or skip the first part.  In the book, that's the first 5 or so 
chapters.  He just describes why, in his opinion, previous things 
have failed and the way he does it turns a lot of folks off.  
Likewise, I skipped the last 1-2 chapters.  So in the Wikipedia 
article skip to the Introduction" section.


A couple more things:

---
E2E (end-to-end principle) is not relevant

IPv6 is/was a waste of time

The RINA's fundamental principles are that computer 
networking is just Inter-Process Communication or IPC,
and that layering should be done based on scope/scale, 
with a single recurring set of protocols, rather than 
function, with specialized protocols.
---



 more from Wikipedia 

The IPC model of RINA concretizes distributed applications in 
Distributed Application Facilities or DAFs, as illustrated in 
Figure 2. A DAF is composed of two or more Distributed Application 
or DAPs, which collaborate to perform a task. These DAPs 
communicate using a single application protocol called Common 
Distributed Application Protocol or CDAP, which enables two DAPs 
to exchange structured data in the form of objects. All of the 
DAP's externally visible information is represented by objects and 
structured in a Resource Information Base or RIB, which provides a 
naming schema and a logical organization to the objects known by 
the DAP (for example a naming tree). CDAP allows the DAPs to 
perform six remote operations on the peer's objects: create, delete, 
read, write, start and stop.

In order to exchange information, DAPs need an underlying facility 
that provides communication services to them. This facility is 
another DAF whose task is to provide and manage Inter Process 
Communication services over a certain scope, and is called a 
Distributed IPC Facility or DIF. A DIF can be thought of as a layer, 
and enables a DAP to allocate flows to one or more DAPs, by just 
providing the names of the targeted DAPs and the characteristics 
required for the flow such as bounds on data loss and delay, 
in-order delivery of data, reliability, etc. 

DIFs, being DAFs, can in turn use other underlying DIFs themselves. 
This is the recursion of the RINA.


scott














and restrict scope only for multihoming.

Then, it is true that:

 > 1972. Multi-homing not supported by the ARPANET.

which means current specifications do not support multihoming very well.

but, the statement

 > The solution was obvious: as in operating systems, a logical address
 > space naming the nodes (hosts and routers) was required on top of the
 > physical interface address space.

is wrong, because it is enough to let transport layer identify
connections based on a set of physical interface addresses of
all the interfaces, which is what draft-ohta-e2e-multihoming-*
proposes.

That is, he misunderstand restrictions by the current specification
something inevitably required by layering.

 > It tosses all this on its head.

If you have some text of RINA denying the E2E argument, quote it
with URLs please.

Masataka Ohta

Re: Weekly Routing Table Report

[Scott Weeks]

From: Masataka Ohta 

If you can't accept the following principle of the End to End
argument:

The function in question can completely and correctly be
implemented only with the knowledge and help of the
application standing at the end points of the
communication system.
---


I have been reading your posts on IETF and here regarding the 
above and I'm curious as to your thoughts on John Day's RINA.  
It tosses all this on its head.

scott

Re: Weekly Routing Table Report

[Scott Weeks]

--- w...@typo.org wrote:

"WTF, PEOPLE??? CAN'T ANYONE AGGREGATE ANYMORE???"
---


Is that like the NANOG version of "get off my lawn"? :)

scott
bgp since ~50k

Re: Tiered operations support

[Scott Weeks]

--- harbor...@gmail.com wrote:

How do I do that without having my entire staff leave?  
Current staff is not a professional organization and 
are used to a purely reactive state.
-

Maybe you want some of them to leave, if they're "not 
a professional organization".  Get some fresh folks 
from professional minded organizations and see if
the others quit being reactionary only and step up 
their game.

scott

Re: 44/8

[Scott Weeks]

> On Mon, Jul 22, 2019 at 4:02 PM Jerry Cloe  wrote:
>
> > There's already widespread use (abuse ?) of DOD /8's.
> > T-Mobile commonly assigns 26/8 space (and others) to
> > customers and nat's it.


> --- cb.li...@gmail.com wrote:
> From: Ca By 
>
> My understanding is that is not currently commonly the
> case
> https://www.worldipv6launch.org/apps/ipv6week/measurement/images/graphs/T-MobileUSA.png
> ---


On Mon, Jul 22, 2019 at 4:31 PM Scott Weeks  wrote:
> Did they renumber (IPv4) out of that space?  Or are 
> they just not continuing to expand into it?


--- cb.li...@gmail.com wrote:
From: Ca By 

They stopped using ipv4 assigned for handsets for most 
cases with 464xlat

--


Ah, OK.  I didn't realize they were just using it for handsets.  I
thought the address space was used elsewhere.  When orgs do this the
ugliness of squatting sticks to the org seemingly forever like stink 
on sh!+

scott

Re: 44/8

[Scott Weeks]

On Mon, Jul 22, 2019 at 4:02 PM Jerry Cloe  wrote:

> There's already widespread use (abuse ?) of DOD /8's. 
> T-Mobile commonly assigns 26/8 space (and others) to 
> customers and nat's it.


--- cb.li...@gmail.com wrote:
From: Ca By 

My understanding is that is not currently commonly the 
case

https://www.worldipv6launch.org/apps/ipv6week/measurement/images/graphs/T-MobileUSA.png
---


Did they renumber (IPv4) out of that space?  Or are they 
just not continuing to expand into it?

scott

RE: 44/8

[Scott Weeks]

From:Michel Py 

As an extension of RFC1918, it would have solved the questionable 
and nevertheless widespread squatting of 30/8 and other un-announced
DoD blocks because 10/8 is not big enough for some folks.


--- je...@jtcloe.net wrote:
From: Jerry Cloe 

There's already widespread use (abuse ?) of DOD /8's. T-Mobile 
commonly assigns 26/8 space (and others) to customers and nat's it.
--



I participated in cutting Verizon Hawaii's assets into a standalone
network for Hawaiian Telcom in 2005.  They used 113/8 all over the 
place.  I worked at HT for 5 years after that, left for nine years 
and am now back and I am STILL dealing with that crap!

scott

Re: FCC workshop: Security vulnerabilities within our communications networks

[Scott Weeks]

--- s...@donelan.com wrote:
From: Sean Donelan 

If they come up with a better idea, that's great.  I'll 
take good ideas  from anywere.



FCC.  gov't.  Design by committee.  

Never seen good design come out of these, but like Chris 
said, maybe today's the day...   

;-)
scott

Re: Public Subnet re-assignments

[Scott Weeks]

--- sc...@viviotech.net wrote:
From: Scott 

To  your previous question, yes .0 and .3 are 
unused. Once I change the subnet .3 becomes a 
usable IP and it's getting hammered with 
traffic, causing packet loss.
--


Is it legitimate traffic or DDoS stuff?

scott

Re: CloudFlare issues?

[Scott Weeks]

--- beec...@beecher.cc wrote:
From: Tom Beecher 

:: Shouldn’t we be working on facts?

Nah, this is NANOG...  >;-)



:: But this industry is one big ass glass house. What’s that 
:: thing about stones again?

We all have broken windows?


:)
scott

Re: someone is using my AS number

[Scott Weeks]

>On 12 June 2019 6:05:58 pm GMT+02:00, Philip Lavine via NANOG

>What is the procedure to have another party to cease and desist
>in using my AS number?



On 12 June 2019 7:57:52 pm GMT+02:00, Philip Lavine  wrote:
> Here is what I got from BGPMon- MY AS is 15053
>
>Detected new prefix: 134.37.2.0/23
>ASpath: 394256 174 702 25213 25213 25213 15001 15053 



--- f...@fhrnet.eu wrote:
From: Filip Hruska 

Seems the issue was on AS25213 side. They don't provide transit 
to AS15001 at all. 
---



Here's how I see it:

134.37.2.0/23  -   702 25213 25213

So, Verizon or Telia should be able to help stop Cargotec or DNA 
in Helsinki, Finland from announcing the prefix to the world.

https://bgp.he.net/AS25213#_graph4
https://bgp.he.net/AS16086#_graph4


scott

Re: CenturyLink/Level 3 combined AS

[Scott Weeks]

Just for fun...  :)

--- c...@cmadams.net wrote:
From: Chris Adams 

"...old Savvis (aka Cable & Wireless aka InternetMCI) 
AS 3561, and untold more Internet history... :)
-

hosting services (global reach)
digital island -> cable & wireless -> savvis -> level3 -> centurylink? (got 
complcated)

-

cdn (akamai and sp/di waged legal war over who invented the cdn technologies
http://www.centurylink.com/business/networx/products/ipbased/cdns.html)

sandpiper -> digital island -> cable & wireless -> savvis -> level3 -> 
centurylink

-

I went to look for where AS6553 is now days, but it looks like it has been 
given back to ARIN and reused.

scott

Re: BGP prefix filter list

[Scott Weeks]

--- valdis.kletni...@vt.edu wrote:
From: "Valdis Klētnieks" 

On Thu, 30 May 2019 16:07:53 -0700, "Scott Weeks" said:

> Having been on quite a few networks in my career,
> (eyeball/enterprise) I'd say many struggle with
> having a "single and clearly defined routing policy"

Which part do they find problematic, the "single" part, 
or the "clearly defined" part? ;)
--


Both.  Two guys have authority over different parts of 
a network.  They don't agree and neither budges.  The 
manager is not technical (at all) and is hands off on 
decisions like those.  I see fights like this in configs 
all the time.  You look at the configs and go WTF, but 
after learning what happened in the past between those 
two folks I go; "Ok, NOW I get it."

And for 'clearly defined'...well...to put it politely
'clearly defined' is subjective. ;)  I'm OCD about
KISS, documentation and consistency, but many folks are 
not.  They want it their way, regardless of what is 
already there, and they like to turn knobs and not let 
others know what knobs they turned.

You wouldn't believe what we see out here on the 
raggedy edges of the internet.  I started my career in 
the 90s with a company called Digital Island.  There 
were extremely competent folks building it.  Every thing 
was KISS and consistent.  It was a beautiful DFZ network.  
I miss that.  2001 was the last time I saw it.  Been on
the ragged edge ever since.

scott

Re: BGP prefix filter list

[Scott Weeks]

--- bell...@nsc.liu.se wrote:
From: Thomas Bellman 

... prefixes with a "single and clearly defined 
routing policy"
--


Having been on quite a few networks in my career,
(eyeball/enterprise) I'd say many struggle with 
having a "single and clearly defined routing policy"

>;-)   <=== evil grin
scott

Re: NTP for ASBRs?

[Scott Weeks]

--- valdis.kletni...@vt.edu wrote:
From: "Valdis Klētnieks" 
On Wed, 08 May 2019 14:00:11 -0700, "Scott Weeks" said:
> From: Job Snijders 
>
> on this topic, i strongly recommend to operate all
> devices in the Etc/UTC timezone, this makes
> coordination with external entities much easier.
> 
>
>
> Yes, this!  Holy crap I come upon a lot of networks
> that don't do this and it's always painful.

Newfoundland time, anybody? :)


I had to go and look that up:

"The Newfoundland Time Zone (NT) is a geographic 
region that keeps time by subtracting ​3 1⁄2 hours 
from Coordinated Universal Time (UTC) during 
standard time, resulting in UTC−03:30; or subtracting ​
2 1⁄2 hours during daylight saving time."

WTF???  This is exactly what I mean on a geographicly 
dispersed network.  Do everything UTC and put clocks 
on your computer/wall/phone/whatever.  Then, like Job 
said, it's easier to coordinate with others not in 
your timezone.

scott

Re: NTP for ASBRs?

[Scott Weeks]

--- br...@shout.net wrote:
From: Bryan Holloway 
On 5/8/19 4:00 PM, Scott Weeks wrote:
> --- j...@ntt.net wrote:
> From: Job Snijders 
> 
> on this topic, i strongly recommend to operate all
> devices in the Etc/UTC timezone, this makes
> coordination with external entities much easier.
> 
> 
> 
> Yes, this!  Holy crap I come upon a lot of networks
> that don't do this and it's always painful.

Now if only we could get rid of Daylight Saving Time ...
--

Luckily, Hawaii doesn't have that problem...

https://en.wikipedia.org/wiki/Daylight_saving_time_in_the_United_States#Hawaii

But, that's the thing.  One time.  No trying to figure 
out who does DST and who doesn't.

>From the above:

===
Arizona has not observed DST since 1967

Calif - in 2018, voters ratified a legislative plan for 
year-round daylight saving time, subject to congressional 
approval.

On March 6, 2018, the Florida Senate approved the "Sunshine 
Protection Act" which would put Florida on permanent Daylight 
Saving Time year round...Congress would need to amend the 
existing 1966 federal law to allow the change.

Hawaii has never observed daylight saving time



etc...

scott

Re: NTP for ASBRs?

[Scott Weeks]

--- j...@ntt.net wrote:
From: Job Snijders 

on this topic, i strongly recommend to operate all 
devices in the Etc/UTC timezone, this makes 
coordination with external entities much easier.



Yes, this!  Holy crap I come upon a lot of networks 
that don't do this and it's always painful.

scott

Re: EXERCISE: 2019 IAA Planetary Defence Conference - Day 5 Scenario

[Scott Weeks]

--- s...@donelan.com wrote:
From: Sean Donelan 

Of course, any fictional scenario is more likely to hit 
an ocean...But that makes for a dull exercise.
-


Not for some of us...  ;-)

scott

Re: NTP question

[Scott Weeks]

> But wait. What is the GPS constellation goes down? 
> THEN we have bigger problems :)
> --
> 
> 
> What if the US military intentionally messes with 
> the signal to thwart the advances of an enemy who 
> is using GPS in their attack?  ;-)

--- m...@beckman.org wrote:

Enemies aren’t dependent on US GPS, by the way. lol!
---

Oops, but still from the second link: "...which could 
be disabled or degraded by their operators at any time"

Most big countries say the same: "...will provide an 
alternative global navigation satellite system..."

scott



Details for the intrested.


https://en.wikipedia.org/wiki/GLONASS

"Russian...provides an alternative to GPS and is the 
second navigational system in operation with global 
coverage and of comparable precision. 


https://en.wikipedia.org/wiki/Galileo_(satellite_navigation)

"...live in 2016,[4] created by the European Union"
"...so European nations do not have to rely on the 
U.S. GPS, or the Russian GLONASS systems, which could 
be disabled or degraded by their operators at any time"


https://en.wikipedia.org/wiki/BeiDou

"a Chinese satellite navigation systemBeidou-1 was 
decommissioned at the end of 2012."
"BeiDou-2, became operational in China in December 2011 
with a partial constellation of 10 satellites in orbit.
Since December 2012, it has been offering services to 
customers in the Asia-Pacific region."
"In 2015, China started the build-up of the third 
generation BeiDou system (BeiDou-3) for global coverage 
constellation. The first BDS-3 satellite was launched on 
30 March 2015.[5] As of October 2018, fifteen BDS-3 
satellites have been launched[6]. BeiDou-3 will 
eventually consist of 35 satellites and is expected to 
provide global services upon completion in 2020. When 
fully completed, BeiDou will provide an alternative 
global navigation satellite system to the United States 
owned Global Positioning System (GPS),[7][8] the Russian 
GLONASS or European Galileo systems and is expected 
to be more accurate than these



https://en.wikipedia.org/wiki/Indian_Regional_Navigation_Satellite_System

"...is an autonomous regional satellite navigation 
system that provides accurate real-time positioning 
and timing services.[4] It covers India and a region 
extending 1,500 km (930 mi) around it, with plans for 
further extension."


https://en.wikipedia.org/wiki/Quasi-Zenith_Satellite_System

"...a project of the Japanese government for the 
development of a four-satellite regional time transfer 
system and a satellite-based augmentation system for the 
United States operated Global Positioning System (GPS) 
to be receivable in the Asia-Oceania regions, with a 
focus on Japan.

Re: NTP question

[Scott Weeks]

--- m...@beckman.org wrote:
From: Mel Beckman 

But wait. What is the GPS constellation goes down? 
THEN we have bigger problems :)
--


What if the US military intentionally messes with 
the signal to thwart the advances of an enemy who 
is using GPS in their attack?  ;-)

scott

Re: NTP via GPS

[Scott Weeks]

--- fkitt...@gwi.net wrote:
From: Fletcher Kittredge 
On Thu, May 2, 2019 at 12:12 AM Richard  wrote:

> I found this article very helpful as I knew very little. I was smarter
> for reading it though it may be to basic for many:
>
> https://timetoolsltd.com/gps/gps-ntp-server/
>
It is basic and has at least some inaccuracies. I skimmed it and found:

"The NTP protocol was originally developed for the LINUX operating system. "

Kids these days so much history lost.

For those under 60 revolutions of the sun: NTP and related protocols far
pre-date Linux. Linux is a relatively late arriving implementation of Unix.
The vast majority of intellectual property behind Linux was from prior
variants of Unix; Linux was just a free, unencumbered version that was
widely adopted.
---



https://tools.ietf.org/pdf/rfc958.pdf

Network Working Group 
D.L. MillsRequest for Comments: 958 
M/A-COM Linkabit
September 1985
Network Time Protocol (NTP)



No linux in 1985...

scott

Re: looking for hostname router identifier validation

[Scott Weeks]

--- large.hadron.colli...@gmx.com wrote:

And 666 is Nero Caesar :-)
--


It's the US Army.

scott

Re: My .sig (Was Re: Packetstream - how does this not violate just about every provider's ToS?)

[Scott Weeks]

--- amitch...@isipp.com wrote:
From: "Anne P. Mitchell, Esq." 

[This .sig space open to suggestions.]
---


I don't really care about your .sig, but in general...

%s/\[This .sig space open to suggestions.\]//g

scott

Re: Disney+ CDN

[Scott Weeks]

--- cgrundem...@gmail.com wrote:
From: Chris Grundemann 

Yep, they decided to buy BAMTech and build their own:
https://www.thewaltdisneycompany.com/walt-disney-company-acquire-majority-ownership-bamtech/



https://www.bamtechmedia.com/company

2004 - "Patent awarded for GeoLocation"

I'd be interested in learning about how well that one works!

scott

Re: modeling residential subscriber bandwidth demand

[Scott Weeks]

:: How do people model and try to project residential 
:: subscriber bandwidth demands into the future? Do 
:: you base it primarily on historical data?
--


Yes, if you have a lot of quality data that goes far 
back in the past you can make pretty good judgements 
on future needs.  Less data and/or not very far back 
lessens the accuracy of a prediction about the future.

scott








--- thomasam...@gmail.com wrote:

From: Tom Ammon 
To: NANOG 
Subject: modeling residential subscriber bandwidth demand
Date: Tue, 2 Apr 2019 12:54:47 -0400

How do people model and try to project residential subscriber bandwidth
demands into the future? Do you base it primarily on historical data? Are
there more sophisticated approaches that you use to figure out how much
backbone bandwidth you need to build to keep your eyeballs happy?

Netflow for historical data is great, but I guess what I am really asking
is - how do you anticipate the load that your eyeballs are going to bring
to your network, especially in the face of transport tweaks such as QUIC
and TCP BBR?

Tom
-- 
-
Tom Ammon
M: (801) 784-2628
thomasam...@gmail.com
-

OT: friday fun - geko outsge

[Scott Weeks]

I thought some here might enjoy this. 

--
Technician arrived onsite and found no issue with the 
fiber connection back to the CO. Tech then attempted 
to reseat the SM-A card and found a gecko in the card 
slot. Technician removed the gecko and verified that 
equipment was back in service after slotting back the 
card.
--

Troubleshooting in the tropics... :-)

scott

Re: Should Netflix and Hulu give you emergency alerts?

[Scott Weeks]

--- m...@mtcc.com wrote:
From: Michael Thomas 

But if you're about to be incinerated in real 
life -- Paradise -- you want the alert. 
--

So you can toss your children in the storm 
drain?

http://www.hawaiinewsnow.com/story/37259815/biggest-fright-of-my-life-many-scramble-for-shelter-after-false-alarm-missile-warning

"One video on social media showed an adult 
putting children into a storm drain; other 
social media images showed residents 
huddling in bathtubs."


Or like me and this guy, just stay out in 
the ocean and watch it all happen...

"We didn't know what to do except paddle 
[our surfboards] in and do as best we 
could. We debated whether we should just 
stay out"

:)
scott

Re: Should Netflix and Hulu give you emergency alerts?

[Scott Weeks]

--- beec...@beecher.cc wrote:
From: Tom Beecher 

Business ask to create near real time, location aware notification system
to increase user engagement and refine ad tracking : "That's a a great
idea, we can do that!"

Government ask to create near real time, location aware notification system
for public safety warnings : "THAT IS A BRIDGE TOO FAR, THIS IS OUTRAGEOUS
GOVERNMENT OVERREACH!"
---


No, it is overreach and Doing The Wrong Thing (AKA we do 
evil now even though we said we wouldn't in the beginning) 
for businesses as well.

scott

Re: A Zero Spam Mail System [Feedback Request]

[Scott Weeks]

--- beec...@beecher.cc wrote:
From: Tom Beecher 

Every single person on this list has either 
sent an email they later regret[...]
--


Not me.  No way.  Never.  ;)

scott

Re: ASNs decimation in ZW this morning

[Scott Weeks]

--- col...@gt86car.org.uk wrote:
From: Colin Johnston 

I wonder how they block social media sites/whats up, 
is it null routing on peering cores or filtering since 
did not see filtering in place from ZIM<>UK last month...
-

Regarding the shutdown:

https://allafrica.com/stories/201901160010.html

"As it was a written directive issued in terms of the 
law, non-compliance would result in immediate 
imprisonment of management on the ground."



It's back on.

https://www.newzimbabwe.com/internet-back-on-mnangagwa-says-understands-pain-and-frustration/



Side effects:

https://www.newzimbabwe.com/by-killing-the-internet-zimbabwe-kills-commerce-and-lights/



Folks are just trying to survive.  Fuel is over $13 USD
per gallon (out of reach for ordinary folks), prices are 
crazy high and folks are just trying to survive:

https://www.newzimbabwe.com/civilians-beaten-and-abducted-in-major-zimbabwe-crackdown/



But the gov't still has enough for weapons!

https://www.newzimbabwe.com/moscow-mnangagwa-says-zimbabwe-to-buy-state-of-the-art-russian-arms/


scott

RE: rfd

[Scott Weeks]

--- snasl...@medline.com wrote:
From: "Naslund, Steve" 

Mainly because propagating a flapping route across 
the entire Internet is damaging...


https://www.researchgate.net/publication/220850232_Route_Flap_Damping_Made_Usable

scott

Re: Stupid Question maybe?

[Scott Weeks]

--- nanog@nanog.org wrote:
From: Grant Taylor via NANOG 

You can safely say that 72.234.7.0/24 is a 
Class C /sized/ network. 
--

But most don't say that.  They just say it's 
a Class C, which it most assuredly is not.  
I heckle them until they can give the correct 
answer: leading bits are 110 or it's not a 
Class C subnet.

scott

Re: Stupid Question maybe?

[Scott Weeks]

--- beec...@beecher.cc wrote:
From: Tom Beecher 

It's good to have at least a passing understanding of 
the old terminology simply because documentation for 
newer stuff likes to reference it...
--


Plus it's fun (and informative about a netgeek's skill) 
when they call, say, 72.234.7.0/24 a Class C and you 
can say no it's not.  Then you see if they can say why.  
If they can't, well...ummm... I really mess with them 
after that.  It helps pass the work day. >;-)

https://en.wikipedia.org/wiki/Classful_network#Classful_addressing_definition

scott


ps.  Be sure to send Wikipedia a small Christmas gift.  
It's invaluable.

Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking

[Scott Weeks]

China Telecom's response:

"The content of these reports was lack of factual evidence. 
The conclusion was ungrounded. Also, it did not match with 
the current status and technical principles of global Internet 
operation."

http://www.irasia.com/listco/hk/chinatelecom/press/p181122.htm

scott

Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking

[Scott Weeks]

--- alfie@fdx.services wrote:
From: Alfie Pates 

Never attribute to malice that which can be adequately 
explained by apathy.
---



Especially when they can do it without being seen as
was discussed here years ago.  I believe this was one
of the discussions?

https://www.nanog.org/meetings/nanog44/presentations/Tuesday/Kapela_steal_internet_N44.pdf

scott

Re: IGP protocol

[Scott Weeks]

--- valdis.kletni...@vt.edu wrote:
On Mon, 12 Nov 2018 20:21:26 +, "Naslund, Steve" 
said:

> 2.  Most corporate networks will be running OSPF 
and/or EIGRP as an IGP.

And I'm sure there's still some crazies out there 
using RIPv2. :)
--


Yes, there are networks out there on the ragged edges 
doing that.  They've been around since forever.  I've 
worked for them.  Show up on day 1: WTF???  Oh crap, 
what'd I get myself into *this* time?!

scott

Re: [OT?] Anyone else been contacted by networkequipment.net after commenting here?

[Scott Weeks]

--- br...@2mbit.com wrote:
From: Brielle Bruns 

RE shaming: networkequipment.net

Isn't the first time I've been contacted by a 
networking gear vendor after they 'mysteriously' 
got my e-mail address (shortly after I posted a 
comment here) as someone who was interested in 
their wares.
-


We should get a list of these folks so we can 
look at it when we're buying so we don't 
purchase from these types of companies/people.

scott

Re: It's been 20 years today (Oct 16, UTC). Hard to believe.

[Scott Weeks]

--- rjo...@centergate.com wrote:
From: Rodney Joffe 

At NANOG two weeks ago, we had an interesting discussion at 
one of the lunch tables. One of the subjects we discussed 
was the original IANA, and RFC Editor, Jon Postel.

Seven of the ten people at the table had never heard of him. 
Maybe these days it no longer matters who he was, and what 
he meant to where we are today.



Wow, was it a table of folks new to network engineering?
If so, then schooling; if not, then clue bat...  :-)

scott

RE: bloomberg on supermicro: sky is falling

[Scott Weeks]

--- snasl...@medline.com wrote:
From: "Naslund, Steve" 

>Make a second account at your bank.  One account is
>'storage' and has all your money.  You never use
>the 'storage account' ATM card for anything outside
>your bank's ATM machines.

Doubling the service fees from your bank.


No, it's free.  It also depends on the type of accounts
you set up.  Most banks I have heard of do this for free.



>The second one is where you only keep $50-$100 in
>it.  When you use your ATM card it's only this account
>that's used.  Just before you make a purchase, move
>money from your 'storage account' into your 'active
>account' and make the purchase.

Don’t really want to be doing transfers with service fees 
every time I decide to fill up the gas tank.  Also, lots 
of banks will allow overdrafts which creates even more 
fees and some even auto transfer from one account to 
another to cover your overdrafts.  Also, does nothing for 
credit cards at all.
--

This is all under your control.  I don't use ATM cards at 
gas stations or other places like that.  Mostly it's for 
online purchases and to get money from non-bank ATM 
machines and I pay nothing extra.  Last, I don't allow
overdrafts.  No money in the account; nothing can be
bought.


scott

Re: ifIndex

[Scott Weeks]

--- ra...@psg.com wrote:
From: Randy Bush 

do folk have experience with platforms where 
ifIndexes are not stable across reboots etc?  
how do you deal with it?  do some of those 
platforms trap on change?
---


I'm surprised everyone doesn't have stable 
ifIndexes these days.  That's straight outta 
the 90s!  Care to name-n-shame the vendor, so 
we can all be aware when evaluating vendors?

scott

Re: bloomberg on supermicro: sky is falling

[Scott Weeks]

--- bj...@mork.no wrote:
There is nothing preventing a rogue online shop from 
storing and reusing the CVV you give them.  Or selling
your complete card details including zip code, CVV 
and whatever.
-

As a side note on the tail end of this and as someone
who has had their data compromised and 1000s of 
dollars stolen online...  ATM, though; not CC.

Make a second account at your bank.  One account is 
'storage' and has all your money.  You never use 
the 'storage account' ATM card for anything outside 
your bank's ATM machines.

The second one is where you only keep $50-$100 in 
it.  When you use your ATM card it's only this account 
that's used.  Just before you make a purchase, move 
money from your 'storage account' into your 'active 
account' and make the purchase.  If your 'active 
account' is compromised all they can steal is the 
$50-$100 in the account.

scott

RE: bloomberg on supermicro: sky is falling

[Scott Weeks]

--- snasl...@medline.com wrote:
From: "Naslund, Steve" 

You are free to disagree all you want with the default 
deny-all policy but it is a DoD 5200.28-STD requirement 
and NSA Orange Book TCSEC requirement.  It is baked into 
all approved secure operating systems including SELINUX 
so it is really not open for debate if you have meet 
these requirements.  
---


I believe you need to specify what type of DoD networks 
you're talking about.  NIPR is not default deny.

scott

Re: Oct. 3, 2018 EAS Presidential Alert test

[Scott Weeks]

--- a...@andyring.com wrote:
From: Andy Ringsmuth 

Yeah, this thread is getting somewhat removed from the 
original question, so what the heck.  I’ve often thought 
that vehicle radios should have a location-based weather 
radio built in
---


This is coming.  See IETF's ipwave.

https://www.ietfjournal.org/vehicular-networks-are-expected-to-save-lives-but-carry-privacy-risks/

https://datatracker.ietf.org/wg/ipwave/documents/

scott