Re: BGP communities, was: Re: Facebook post-mortems... - Update!

2021-10-07 Thread Ross Tajvar 
There are also a bunch at http://bgp.community (linked to the source where
possible instead of keeping a stale copy).

On Tue, Oct 5, 2021, 1:17 PM Jay Hennigan  wrote:

> On 10/5/21 09:49, Warren Kumari wrote:
>
> > Can someone explain to me, preferably in baby words, why so many
> > providers view information like https://as37100.net/?bgp
> >  as secret/proprietary?
> > I've interacted with numerous providers who require an NDA or
> > pinky-swear to get a list of their communities -- is this really just 1:
> > security through obscurity, 2: an artifact of the culture of not
> > sharing, 3: an attempt to seem cool by making you jump through hoops to
> > prove your worthiness, 4: some weird 'mah competitors won't be able to
> > figure out my secret sauce without knowing that 17 means Asia, or 5:
> > something else?
>
> Not sure the rationale of leeping them secret, but at least one
> aggregated source of dozens of them exists and has been around for a
> long time. https://onestep.net/communities/
>
> --
> Jay Hennigan - j...@west.net
> Network Engineering - CCIE #7880
> 503 897-8550 - WB6RDV
>

Re: Facebook post-mortems... - Update!

2021-10-05 Thread Randy Bush 
> Can someone explain to me, preferably in baby words, why so many providers
> view information like https://as37100.net/?bgp as secret/proprietary?

it shows we're important

BGP communities, was: Re: Facebook post-mortems... - Update!

2021-10-05 Thread Jay Hennigan 

On 10/5/21 09:49, Warren Kumari wrote:

Can someone explain to me, preferably in baby words, why so many 
providers view information like https://as37100.net/?bgp 
 as secret/proprietary?
I've interacted with numerous providers who require an NDA or 
pinky-swear to get a list of their communities -- is this really just 1: 
security through obscurity, 2: an artifact of the culture of not 
sharing, 3: an attempt to seem cool by making you jump through hoops to 
prove your worthiness, 4: some weird 'mah competitors won't be able to 
figure out my secret sauce without knowing that 17 means Asia, or 5: 
something else?


Not sure the rationale of leeping them secret, but at least one 
aggregated source of dozens of them exists and has been around for a 
long time. https://onestep.net/communities/


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

Re: Facebook post-mortems... - Update!

2021-10-05 Thread Warren Kumari 
On Tue, Oct 5, 2021 at 9:56 AM Mark Tinka  wrote:

>
>
> On 10/5/21 15:40, Mark Tinka wrote:
>
> >
> > I don't disagree with you one bit. It's for that exact reason that we
> > built:
> >
> > https://as37100.net/
> >
> > ... not for us, but specifically for other random network operators
> > around the world whom we may never get to drink a crate of wine with.
>

Can someone explain to me, preferably in baby words, why so many providers
view information like https://as37100.net/?bgp as secret/proprietary?
I've interacted with numerous providers who require an NDA or pinky-swear
to get a list of their communities -- is this really just 1: security
through obscurity, 2: an artifact of the culture of not sharing, 3: an
attempt to seem cool by making you jump through hoops to prove your
worthiness, 4: some weird 'mah competitors won't be able to figure out my
secret sauce without knowing that 17 means Asia, or 5: something else?

Yes, some providers do publish these (usually on the website equivalent of
a locked filing cabinet stuck in a disused lavatory with a sign on the door
saying ‘Beware of the Leopard.”), and PeeringDB has definitely helped, but
I still don't understand many providers stance on this...

W




> >
> > I have to say that it has likely cut e-mails to our NOC as well as
> > overall pain in half, if not more.
>
> What I forgot to add, however, is that unlike Facebook, we aren't a
> major content provider. So we don't have a need to parallel our DNS
> resiliency with our service resiliency, in terms of 3rd party
> infrastructure. If our network were to melt, we'll already be getting it
> from our eyeballs.
>
> If we had content of note that was useful to, say, a handful-billion
> people around the world, we'd give some thought - however complex - to
> having critical services running on 3rd party infrastructure.
>
> Mark.
>


-- 
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
  -- E. W. Dijkstra

Re: Facebook post-mortems... - Update!

2021-10-05 Thread Mark Tinka 




On 10/5/21 15:40, Mark Tinka wrote:



I don't disagree with you one bit. It's for that exact reason that we 
built:


    https://as37100.net/

... not for us, but specifically for other random network operators 
around the world whom we may never get to drink a crate of wine with.


I have to say that it has likely cut e-mails to our NOC as well as 
overall pain in half, if not more.


What I forgot to add, however, is that unlike Facebook, we aren't a 
major content provider. So we don't have a need to parallel our DNS 
resiliency with our service resiliency, in terms of 3rd party 
infrastructure. If our network were to melt, we'll already be getting it 
from our eyeballs.


If we had content of note that was useful to, say, a handful-billion 
people around the world, we'd give some thought - however complex - to 
having critical services running on 3rd party infrastructure.


Mark.