Any default route to a non-ROV enabled upstream ?
Do you receive the test prefix from more than one upstream and the previous
test success could be a function of upstream ROV ?
Rubens
On Tue, Jun 16, 2020 at 8:35 PM Baldur Norddahl
wrote:
> Hello
>
> I noticed that we regressed and started
Hello
I noticed that we regressed and started failing the test at
https://isbgpsafeyet.com/. Investigating I found that we apparently had
some routes in the validation state "unknown" that should have been either
invalid or valid. Including the test prefix which was received via NL-IX
(and Cogent
Summary
During the evening on Saturday June 20, 2020 between 0300 to 0600 UTC,
the NANOG Tech Committee will preform an upgrade of the mailman software
and migration of archives. During this time, all mailing lists will be
unavailable, including the ability to make changes to
If we want to go down that rabbit trail, then aren’t we talking about
Reputation lists?
On Tue, Jun 16, 2020 at 3:44 PM Harald Koch wrote:
> On Tue, Jun 16, 2020, at 15:08, J. Hellenthal via NANOG wrote:
>
> blacklists are not always deny/block/disallow and conformed of things that
> allow you
Yikes. I suppose the old guard will continue to block progressive change.
We can do better, folks.
--
Zach Rogers
Lead Security Analyst
Network Security Monitoring
Oregon Research & Teaching Security Operations Center (ORTSOC)
Phone: 541.737.7723
GPG Fingerprint: ECC5 03A6 7E91 17C6 50C6 8FAC
> On Jun 16, 2020, at 1:51 PM, Mark Tinka wrote:
>
>
>
> On 16/Jun/20 22:43, Owen DeLong wrote:
>
>> Covering them all under vendor contract doesn’t necessarily guarantee that
>> the vendor does, either. In general, if you can cover 10% of your hardware
>> failing in the same 3-day period,
hey everyone! we are hosting a live event talking about Puerto Rico
internet Exchange! feel free to join to ask questions about how you can
join Puerto Rico Internet exchange! We need more content local in the
island! https://www.youtube.com/watch?v=kCp4kK-mavU
On Fri, Dec 13, 2019 at 6:04 PM
Baldur Norddahl wrote on 16/06/2020 07:32:
purpose in life is to be a cold spare and a lab router. Why pay someone
else for having a cold spare ready for next day replacement when you can
have it yourself?
e.g. your production deployment might be in another country, and getting
equipment in
On 16/Jun/20 22:43, Owen DeLong wrote:
> Covering them all under vendor contract doesn’t necessarily guarantee that
> the vendor does, either. In general, if you can cover 10% of your hardware
> failing in the same 3-day period, you’re probably not going to do much better
> with vendor
> On Jun 16, 2020, at 12:37 AM, Mark Tinka wrote:
>
>
>
> On 16/Jun/20 08:32, Baldur Norddahl wrote:
>
>>
>> Why pay someone else for having a cold spare ready for next day
>> replacement when you can have it yourself? Having a lab router to test
>> config before rollout has really been a
Dear Mike, Ytti, others,
First of all and most importantly: congratulations Mike! I thank you and
your team for having constructed a great mechanism that helps honor the
routing intentions everyone publishes in the RPKI.
On Tue, Jun 16, 2020 at 09:08:41AM +0300, Saku Ytti wrote:
> On Tue, 16 Jun
J. Hellenthal, thank you for your reply.
I am not in marketing. I represent a team of talented network engineers,
some of which are persons of color and under-represented minorities. I
believe we, as a community, can do better to effect change, and hold each
other accountable to this end. It is a
On Tue, Jun 16, 2020, at 15:08, J. Hellenthal via NANOG wrote:
> blacklists are not always deny/block/disallow and conformed of things that
> allow you to take actions whatever your choosing upon their contents and your
> policies.
>
> What’s next ? redlisting ? Don’t offend the Russians ...
Guess we all better start rewriting all of the documentation out there because
some PC marketing snowflake wants to get extra brownie points and attention for
classifying a color in RGB into a racial divide for which it never originated.
blacklists are not always deny/block/disallow and
Yo Rachee!
On Tue, 16 Jun 2020 10:59:17 -0700
Rachee Singh wrote:
> PS: as someone correctly pointed out, the more appropriate
> terminology is "IP blocklists".
Google says that descriminates against the Eastern Block of the EU.
RGDS
GARY
Just a complementary demonstration of a cenário we this "bgpfs2acl" been
used.
https://youtu.be/8pNZJUHlRPk
Em ter., 16 de jun. de 2020 às 15:39, Douglas Fischer <
fischerdoug...@gmail.com> escreveu:
> We were looking for some way to implement BGP Flowspec Filtering(just the
> permit/deny basic)
We were looking for some way to implement BGP Flowspec Filtering(just the
permit/deny basic) using L3 switches in an automated way.
Searching a bit we found https://github.com/ios-xr/bgpfs2acl
Is almost what we are looking for!
But is focused on Cisco devices.
We even considered fork it to our
We would very much appreciate input from security professionals.
PS: as someone correctly pointed out, the more appropriate terminology is
"IP blocklists". I apologize for the mistake and I have fixed it in the
google survey.
Thanks,
Rachee
On Tue, Jun 16, 2020 at 10:41 AM Rogers, Zachery <
Would you be interested in input from security professionals or are you
targeting network engineers directly with this?
--
Zach Rogers
Lead Security Analyst
Network Security Monitoring
Oregon Research & Teaching Security Operations Center (ORTSOC)
Phone: 541.737.7723
GPG Fingerprint: ECC5 03A6
In kind, I'd like to encourage the use of terms like permit/accept list or
deny/block list.
Respectfully,
-Ryan
On Tue, Jun 16, 2020 at 11:33 AM Rachee Singh
wrote:
> Hi NANOG community,
>
> We are a group of researchers studying the use of IP blacklists as a
> mechanism to mitigate security
Hi NANOG community,
We are a group of researchers studying the use of IP blacklists as a
mechanism to mitigate security threats -- particularly over the IPv6
Internet. We would like to understand if and how you use IP blacklists to
secure your networks. Please consider taking our short survey:
Hey folks,
I was hoping maybe someone could point me in a useful direction here. I'm
looking into software tools (ideally, they'd support Windows, Mac, and
Linux, though Windows is perhaps the only critical one) that can be sent
over to random users with varying (mostly very little) knowledge of
Pretty sure you can via the following PNs.
S-MX204-IR
S-MX204-R
-Original Message-
From: NANOG On Behalf Of Jared Brown
Sent: Tuesday, June 16, 2020 11:11 AM
To: Matt Harris
Cc: North American Network Operators' Group
Subject: Re: Router Suggestions
*External Email: Use Caution*
Sent: Tuesday, June 16, 2020
From: "Matt Harris"
>> On Tue, Jun 16, 2020 at 9:52 AM Jared Brown
>> mailto:nanog-...@mail.com]> wrote:
>> My no-effort quote from last month lists just the box at $13,000. Once you
>> are all in the total is that 1.5 multiple Baldur mentioned compared to OP.
>>
On Tue, Jun 16, 2020 at 11:51 AM Randy Bush wrote:
> router implementations; i.e. every step in the chain. the only reason
> the mess is not blatantly visible is the fail soft design, aka notFound.
> the problem with fail soft is that you think you are protected when you
> are not.
I don't see
Matt Harris|Infrastructure Lead Engineer
816-256-5446|Direct
Looking for something?
Helpdesk Portal|Email Support|Billing Portal
We build and deliver end-to-end IT solutions.
On Tue, Jun 16, 2020 at 9:52 AM Jared Brown wrote:
> My no-effort quote from last month lists just the box at $13,000.
>> when Google got people worried about dropping routes.
> That may have an impact down the road, but I doubt that really had
> that much impact on current deployments.
i suspect different folk moved for various reasons. i appreciate the
motion.
while things are moving, the problem is that
From: Mike Hammett
Date: Fri, 5 Jun 2020 08:17:26 -0500 (CDT)
> I've been wondering a similar thing for how to take advantage of the 150k -
> 250k hardware routes the CRS317 now has in
> v7 beta. That many routes should cover the peering tables for most operators,
> maybe even transit's
My no-effort quote from last month lists just the box at $13,000. Once you are
all in the total is that 1.5 multiple Baldur mentioned compared to OP.
However, if you google "mx204 price" the first hit wants very much to sell you
one for <$11,000. Caveat emptor and YMMV.
Jared
> Yes I too
> On Jun 16, 2020, at 7:53 AM, John Kristoff wrote:
> when Google got people worried about dropping routes.
>
That may have an impact down the road, but I doubt that really had that much
impact on current deployments.
-dorian
> From: Mark Tinka
> Sent: Tuesday, June 16, 2020 12:09 PM
>
> On 16/Jun/20 12:00, adamv0...@netconsultings.com wrote:
>
> > Hence my earlier comment on why I think it's not commercially feasible
> > to switch to v6 control plane,
>
> Personally, I've never been a fan of a single-stack
On Sun, 14 Jun 2020 18:09:24 +
Randy Bush wrote:
> thanks to a few vendor engineers who implemented as skunkworks,
> to jay, you, and other large ops who have deployed, and to job
> who has taken over waving the pom poms, i am rather optimistic.
I concur. I asked our four major networks we
On 16/Jun/20 12:00, adamv0...@netconsultings.com wrote:
> Hence my earlier comment on why I think it's not commercially feasible to
> switch to v6 control plane,
Personally, I've never been a fan of a single-stack backbone. I can,
however, understand the use-case where a new or growing
NANOGers –
Our ARIN 45 Virtual Meeting will be held today and tomorrow, and is starting in
approximately 5 hours… There’s plenty of time to register for this free
event, and participate in the development of the policies by which we manage
the ARIN registry.
Details available below.
Best
> From: Mark Tinka
> Sent: Monday, June 15, 2020 4:07 PM
>
> On 15/Jun/20 12:13, adamv0...@netconsultings.com wrote:
>
> > Not to mention this whole thread is focused solely on next-hop
> identification -which is just the lowest of the layers of abstraction in the
> vertical stack.
> > We
> On 6/15/20 8:00 AM, Colton Conor wrote:
> For around $11,000 right now, you can get a brand new Juniper MX204
> router. Alternatively, you can get a used MX240 / MX480 with quad
> power supplies, redundant quad core RE's, and 2 16X10G MIC cards for
> around $12,000.
>
> My question, is there
On 16/Jun/20 08:32, Baldur Norddahl wrote:
>
> Why pay someone else for having a cold spare ready for next day
> replacement when you can have it yourself? Having a lab router to test
> config before rollout has really been a life saver.
Depends on network size. You can have multiple failures
On 14/Jun/20 20:09, Randy Bush wrote:
> charlie lynn wrote the first rpki draft in 1999. the steves
> shanghaied me in 2000. considering it took eight years for the
> ietf to change a constant of 4k to 64k, rpki/rov is moving right
> along at a swift pace.
>
> thanks to a few vendor engineers
I bought three MX204 a year ago and paid maybe 50% more than the quoted 11K
for hardware and standard license. On top of that I paid a significant
amount for BNG features and scale licenses, but not everyone needs that.
The third MX204 was considerably cheaper (half price) because its purpose
in
On Tue, 16 Jun 2020 at 07:51, Mike Leber via NANOG wrote:
Hey,
> These prefix filters are updated automatically both through a system of
> daily updates and real time updates to prevent RPKI INVALID routes from
> being carried in our routing table.
What does real time mean in this context?
40 matches
Mail list logo
