Dear Denis,
On Wed, Jun 13, 2018 at 11:45:24AM +, denis walker wrote:
> >> In conclusion, If you employ a non-Afrinic asn for announcements
> >> (which means a foreign asn), using RIPE’s route object will be the
> >> only choice for you unless you are one of those big telecoms which
> >> has
Hi Job
From: Job Snijders via db-wg
To: Lu Heng
Cc: Database WG
Sent: Wednesday, 13 June 2018, 12:52
Subject: Re: [db-wg] A test on AFRINIC range announcing without RIPE route
object
>>
>> In conclusion, If you employ a non-Afrinic asn for announcements
>> (which means a
Sascha Luck [ml] via db-wg wrote on 13/06/2018 12:39:
Secondly, there is an unintended consequence to this, namely
that, if you make it impossible for a segment of resource holders
to register their routes properly, some transit providers and
IXPs will have no choice but to accept their
Hi,
On Wed, Jun 13, 2018 at 08:03:20PM +0800, Lu Heng via db-wg wrote:
> And until then, I think there is not enough consensus from the community to
> implement this change in the future.
This has been discussed extensively and there has been consensus to go
ahead with this.
Gert Doering
Hi,
On Wed, Jun 13, 2018 at 08:11:34PM +0800, Lu Heng wrote:
> On Wed, Jun 13, 2018 at 20:10 Gert Doering wrote:
>
> > On Wed, Jun 13, 2018 at 08:03:20PM +0800, Lu Heng via db-wg wrote:
> > > And until then, I think there is not enough consensus from the community
> > to
> > > implement this
Lu Heng via db-wg wrote on 13/06/2018 14:23:
All I am asking here is to delay implementation and give Afrinic
sometime to fix their IRR.
I don't see a good reason to do this. Afrinic have a process in place
to create route objects and there are other IRRDBs which can be used as
an
+1 ... in CAPITAL LETTERS too.
Regards,
Peter Thimmesch
--
hic sunt dracones
On Jun 13, 2018, at 7:12 PM, Job Snijders via db-wg
mailto:db-wg@ripe.net>> wrote:
On Wed, Jun 13, 2018 at 10:56 AM, Lu Heng
mailto:h...@anytimechinese.com>> wrote:
Internet is one, and
On Wed, Jun 13, 2018 at 11:11:09AM +, Job Snijders via db-wg wrote:
I am sympathetic, but RIPE has no obligation to keep a glaring
security hole open to accommodate another RIR's lack of expedience.
There was a time when it would have been seen as the obligation
of any RIR to keep the
Hi Job:
Internet is one, and this is a general problem of all Afrinic space, just
don’t make it personal please.
I hope Afrinic fix it rather soon that way every thing works, until then,
prevent network change is one way of breaking it.
On Wed, Jun 13, 2018 at 18:52 Job Snijders wrote:
> Dear
The ultimate discussion should be, and will be, is it RIPE net or internet?
I am saying the current situation will break network by forbidding change
it, and it is network we break, really doesn’t matter where it is which
registry it from.
We are victims of massive hijacking, many of my space
On Wed, Jun 13, 2018 at 10:56 AM, Lu Heng wrote:
> Internet is one, and this is a general problem of all Afrinic space, just
> don’t make it personal please.
I didn't intend to make anything personal, so phrased differently:
What you highlight is ultimately a problem between AfriNIC members and
On Wed, Jun 13, 2018 at 20:10 Gert Doering wrote:
> Hi,
>
> On Wed, Jun 13, 2018 at 08:03:20PM +0800, Lu Heng via db-wg wrote:
> > And until then, I think there is not enough consensus from the community
> to
> > implement this change in the future.
>
> This has been discussed extensively and
Dear colleagues,
In the past three weeks, we have done some tests on 3 AFRINIC /24 which
have been announced in the US, Europe, and Asia, by an ARIN ASN, APNIC ASN,
and an RIPE ASN.
Test results:
If it is a direct announce to NTT, Telia, GTT as a small provider and
without route object,
Dear Lu,
On Wed, Jun 13, 2018 at 06:19:10PM +0800, Lu Heng via db-wg wrote:
> In the past three weeks, we have done some tests on 3 AFRINIC /24
> which have been announced in the US, Europe, and Asia, by an ARIN ASN,
> APNIC ASN, and an RIPE ASN.
>
> Test results:
>
> If it is a direct announce
Lu Heng via db-wg wrote on 13/06/2018 13:11:
On Wed, Jun 13, 2018 at 20:10 Gert Doering wrote:
This has been discussed extensively and there has been consensus to go
ahead with this.
That’s a bullying answer.
What Gert said was simply a statement of fact:
Hello,
On 06/13/2018 01:39 PM, Sascha Luck [ml] via db-wg wrote:
> There was a time when it would have been seen as the obligation
> of any RIR to keep the internet running as smoothly as possible.
sometimes things needs to be really breaked to get fixed them. People
are lazy, they're ignoring
Hi colleagues:
I do not mean in the very least sense to delay an implementation unless the
risk shown by it is far too serious. So if it is just because no one
notices the problem in the very beginning (which I am trying to address
now), does that mean we have to ignore it? A dangerous bridge
> On Jun 13, 2018, at 8:03 AM, Lu Heng via db-wg wrote:
>
> The ultimate discussion should be, and will be, is it RIPE net or internet?
>
> I am saying the current situation will break network by forbidding change it,
> and it is network we break, really doesn’t matter where it is which
> On Jun 13, 2018, at 9:23 AM, Lu Heng via db-wg wrote:
>
> I do not mean in the very least sense to delay an implementation unless the
> risk shown by it is far too serious. So if it is just because no one notices
> the problem in the very beginning (which I am trying to address now)
Not
BUSH, RANDY, DBWGOPS would like to recall the message, "A test on
AFRINIC range announcing without RIPE route object".
?
> Why can't small ISPs use the IRR provided by the RIR?
this may come as a shock, but not all isps are close to their regional
rir.
> You only end up in a third party IRR database (such as RADB) if you
> have a prefix from AfriNIC and an ASN from RIPE.
and hundreds of dollars per year
> But if
[ off list ]
isps need the irr-based filtering 'telcoms' to use all the irr
instances, as small emerging economy isps can not afford radb
and will soon not be able to use ripe. so the attackers will
use the irr instance with lowest security to spoof.
randy
On Wed, Jun 13, 2018 at 09:39:52AM -0700, Randy Bush via db-wg wrote:
> [ off list ]
this was not offlist.
> isps need the irr-based filtering 'telcoms' to use all the irr
> instances, as small emerging economy isps can not afford radb and will
> soon not be able to use ripe. so the attackers
> [ off list ]
well, it wasn't. thanks to header modification by broken do-gooder
email software. do not modify email headers!!!
i think the bottom line here is that the IRR, and by that i mean the
total collection of IRR instances, is poorly secured by design. we
can spend a lot of time with patches and workarounds, or we can take
it for what it is and live with it.
if you want security and authenticity by design, use
25 matches
Mail list logo