Re: Global Akamai Outage

On 7/26/21 14:20, Lukas Tribus wrote: Some specific failure scenarios are currently being addressed, but this doesn't make monitoring optional: rpki-client 7.1 emits a new per VRP attribute: expires, which makes it possible for RTR servers to stop considering outdated VRP's:

Re: Global Akamai Outage

On 7/26/21 07:25, Saku Ytti wrote: Doesn't matter. And I'm not trying to say RPKI is a bad thing. I like that we have good AS:origin mapping that is verifiable and machine readable, that part of the solution will be needed for many applications which intend to improve the Internet by some

Re: Global Akamai Outage

On 7/25/21 17:32, Saku Ytti wrote: Steering dangerously off-topic from this thread, we have so far had more operational and availability issues from RPKI than from hijacks. And it is a bit more embarrassing to say 'we cocked up' than to say 'someone leaked to internet, it be like it do'.

Re: Global Akamai Outage

On 7/25/21 08:18, Saku Ytti wrote: Hey, Not a critique against Akamai specifically, it applies just the same to me. Everything seems so complex and fragile. Very often the corrective and preventive actions appear to be different versions and wordings of 'dont make mistakes', in this case:

Re: 1G/10G BaseT switch recommendation

The "Fabrics" layer of the ArcOS architecture may offer some clue as to VPC options for Drew:     https://www.arrcus.com/products/arcos/# Mark.

Re: 1G/10G BaseT switch recommendation

On 7/23/21 10:40, Randy Bush wrote: thanks, mark. while arrcus provides stunning world class layer three: bgp, is-is, ospf, evpn, srv6, blah blah blah, we don't really so much exciting at layer two switching. C'mon, Drew, ask Arrcus for features. You can do it :-)... Seems like the only

Re: 1G/10G BaseT switch recommendation

I'd reach out to Arrcus as well. They are a NOS house, but they can also provide hardware options that suit what you want. Mark.

Re: Global Akamai Outage

On 7/22/21 18:50, Matt Harris wrote: Seems to be clearing up at this point, was able to get to a site just now that I wasn't a little bit ago. Yes, seems to be restoring...     https://twitter.com/akamai/status/1418251400660889603?s=28 Mark.

Global Akamai Outage

https://edgedns.status.akamai.com/ Mark.

Re: Do you care about "gray" failures? Can we (network academics) help? A 10-min survey

On 7/8/21 15:22, Vanbever Laurent wrote: Did you folks manage to understand what was causing the gray issue in the first place? Nope, still chasing it. We suspect a FIB issue on a transit device, but currently building a test to confirm. Mark.

Re: Do you care about "gray" failures? Can we (network academics) help? A 10-min survey

On 7/8/21 14:29, Saku Ytti wrote: Network experiences gray failures all the time, and I almost never care, unless a customer does. If there is a network which does not experience these, then it's likely due to lack of visibility rather than issues not existing. Fixing these can take months

Re: Do you care about "gray" failures? Can we (network academics) help? A 10-min survey

On 7/8/21 14:29, Saku Ytti wrote: Network experiences gray failures all the time, and I almost never care, unless a customer does. If there is a network which does not experience these, then it's likely due to lack of visibility rather than issues not existing. Fixing these can take months

Re: Scanning activity from 2620:96:a000::/48

On 7/6/21 11:53, Tore Anderson wrote: I was just curious to hear if anyone else is seeing the same thing, and also whether or not people feel that this is an okay thing for this «Internet Measurement Research (SIXMA)» to do (assuming they are white-hats)? One would think that they if they

Fort Bug - FreeBSD

Hi all. I ran into an issue getting Fort to run on FreeBSD: Jul  2 10:46:14 nms2 fort[14304]: ERR: - Resource temporarily unavailable Jul  2 10:46:14 nms2 fort[14304]: ERR: Client socket read interrupted Jul  2 10:46:14 nms2 fort[14304]: ERR: - Resource temporarily unavailable Jul  2 10:46:14

Re: FreeBSD's ping Integrates IPv6

On 7/5/21 16:19, Saku Ytti wrote: EVO doesn't have a hypervisor, just flat linux. It is very different to classic Junos under the hood. All modern classic Junos boot Linux but run Freebsd in KVM, but it's the same architecture as Junos always. Yes, this bit I'm aware of, which is why I was

Re: FreeBSD's ping Integrates IPv6

On 7/5/21 12:54, Baldur Norddahl wrote: Some Juniper gear is Linux hypervisor :-) Isn't this that Junos Evolved thing? Never played with it :-). Cisco's "ping" did not need a protocol option before they even had a Linux underbelly :-). lg-01-jnb.za>ping yahoo.com Translating

Re: FreeBSD's ping Integrates IPv6

On 7/4/21 19:25, John Levine wrote: I've run it on an android phone. I have not... and I am sure of that, despite all the wine I drink :-). Mark.

Re: FreeBSD's ping Integrates IPv6

On 7/4/21 17:42, Justin Streiner wrote: I think he meant that the underlying OS on lots of network gear is either some variant of Linux or BSD. I know what he meant... I've never ran "ping" on a TV or fingerprint scanner... Mark.

Re: FreeBSD's ping Integrates IPv6

On 7/4/21 17:15, Bjørn Mork wrote: I seriously doubt that. You're just not aware of it. I think I'd know if I've run "ping" on a box. Mark.

Re: FreeBSD's ping Integrates IPv6

On 7/4/21 05:51, Owen DeLong wrote: Linux did this quite some time ago. I guess BSD is just now catching up. Been nearly 14 years since I last operated a Linux machine. Mark.

Re: FreeBSD's ping Integrates IPv6

On 7/3/21 02:04, Thomas Fragstein wrote: Hi Mark, I think its time to make this switch. So one argument is that when I use the default ping (or other tools) it should be handle the actual protocol version in default. So IPv6 is the actual ip protocol version :) I don't mind it. I was

Re: FreeBSD's ping Integrates IPv6

On 7/2/21 16:12, Patrick Cole wrote: Mark, iputils-ping on linux seems to behave the same for quite some time... [z@tyl][~] % host ns0 ns0.spirit.net.au has address 27.113.240.197 ns0.spirit.net.au has IPv6 address 2403:3600:8002::100 [z@tyl][~] % ping ns0 PING ns0(2403:3600:8002::100

Re: FreeBSD's ping Integrates IPv6

On 7/2/21 16:22, Niels Bakker wrote: Yes, this broke some of my home network monitoring. Sadly there is no 'ping4' in the system, you have to add -4 to the commandline to return to the common BSD behaviour. This is a good point, as it's the same reason I discovered this today. A

FreeBSD's ping Integrates IPv6

Hi all. I just noticed (although it appears to have come in version 13.0) that FreeBSD's "ping" app now defaults to IPv6, i.e., no need for ping6: https://www.freebsd.org/cgi/man.cgi?query=ping=8=html Does anyone know whether other *nix systems are doing this now? My Mac (Catalina) still

Re: irrd 4.1.2 deployed at NTT

On 6/10/21 20:08, Randy Bush wrote: i am sure there are more things to do; and hope that wiser folk will expand, comment, and correct. Stay far away from AS0... Mark.

Re: A survey on BGP MRAI timer values in practice

On 6/10/21 08:26, Saku Ytti wrote: I don't understand the question, but the way I read the question it may be unanswerable even if I did understand it. As the reader would self-define negligible and well acceptable and answer yes/no based on the definition they used, which might be different

Re: DANE of SMTP Survey

On 6/3/21 23:41, babydr DBA James W. Laferriere wrote: The Signing of the 'Zone' ,  Can the 'Zone' be signed by a self-signed key ?  Or MUST I (and others) rely on a external certificate authority ? Mind you I notice in rfc6487 (note(s)) about self-signed certificates . So

Re: Muni broadband sucks (was: New minimum speed for US broadband connections)

On 6/3/21 09:28, Mikael Abrahamsson wrote: Sweden is mostly Active-e. There is some PON nowadays though. Stokab typically only rents out dark fiber, so they don't have any of it. Yes, this is how I remember it some 4 or so years ago... Thanks for the clarification. Mark.

Re: Muni broadband sucks (was: New minimum speed for US broadband connections)

On 6/3/21 09:15, Mark Tinka wrote:   In South Africa (we don't have city-owned/operated fibre access)... That's actually untrue - I just remembered that the City of Cape Town actually does build fibre. It's not very clear to me to what extent they operate it, particularly beyond

Re: Muni broadband sucks (was: New minimum speed for US broadband connections)

On 6/3/21 09:07, Jim Troutman wrote: No.  Most of the municipal proposals I see are open access, even with a PON design. In South Africa (we don't have city-owned/operated fibre access), all the major fibre operators run a GPON network. They all provide open access to the ISP's they

Re: New minimum speed for US broadband connections

On 6/3/21 00:26, Lady Benjamin Cannon of Glencoe, ASCE wrote: Then honestly we should organize and do a better job. Imagine if all the carriers represented here worked together, combined builds, etc. We’ve finally got a few of the tier-1s playing ball with us, but it took 27 years.

Re: DANE of SMTP Survey

On 6/3/21 00:25, babydr DBA James W. Laferriere wrote: Again ,  Will this handle the case of self-signed only ? Not sure I understand your question, in both cases of recursion and authoritative. Mark.

Re: DANE of SMTP Survey

On 6/3/21 04:53, Jeroen Massar via NANOG wrote:  Jeroen   (who has the majority of domains under my control DNSSEC signed, but... not all; need to do the DANE part though still) You and me both, on the DANE bit :-). Mark.

Re: New minimum speed for US broadband connections

On 6/2/21 23:27, Lady Benjamin Cannon of Glencoe wrote: Agree Mark, we are lighting fiber into EADC Nairobi as we speak. There's been a bit of glass in Nairobi for some time now :-). But sure, the more, the merrier. Mark.

Re: Muni broadband sucks (was: New minimum speed for US broadband connections)

On 6/3/21 07:36, Masataka Ohta wrote: With single star topology, that's fine. However, with PON, only the provider with the largest share can win the initial competition, after which there is monopoly. I'll let Mikael confirm, but last time I checked, Stokab was mostly (if not all)

Re: Muni broadband sucks (was: New minimum speed for US broadband connections)

On 6/2/21 18:12, William Herrin wrote: If you were to structure muni broadband to enhance competition rather than limit it, you might get a different result. For example, if municipalities installed and leased fiber optic cables to every structure but didn't provide any services on those

Re: New minimum speed for US broadband connections

On 6/2/21 16:35, Josh Luthman wrote: Oh I see where you're coming from. "No such thing as a free lunch" is a phrase, basically stating nothing is ever actually free.  In other words, making it affordable for everyone comes at a cost to everyone. See:

Re: New minimum speed for US broadband connections

On 6/2/21 15:53, Josh Luthman wrote: "If it was affordable" is a tricky statement. There's no such thing as a free lunch.  If taxes/government/municipalities/etc are required to make it "affordable" that means all of the people are paying for it with extra steps. Nobody says we should

Re: New minimum speed for US broadband connections

On 6/2/21 15:46, Josh Luthman wrote: Netflix has a different library in the US versus UK: https://surfshark.com/blog/netflix-uk-vs-us Practically, not sure this matters. There are a lot more titles on Netflix than we shall ever be able to

Re: New minimum speed for US broadband connections

On 6/2/21 15:26, Josh Luthman wrote: I for one am not part of that goal (water for sure, power second).  Not everyone needs fiber at the massive cost it has. Cost aside, I'm sure you'd want everyone to have fibre it was affordable. Heck, for many people, water and power are not cheaply

Re: New minimum speed for US broadband connections

On 6/2/21 15:25, Josh Luthman wrote: I think going to other countries gets us a different market (ie less video content/quality, probably significantly less upload due to 384k rates, etc). Huh? Mark.

Re: DANE of SMTP Survey

On 6/2/21 11:07, Jeroen Massar via NANOG wrote: As for solutions: better education, more improvements to the tools & making it easier. CDS records already help a lot. But we might also need to improve recovery mechanisms, as f-ups are made, and you don't want to be off this Internet thing

Re: Muni broadband sucks (was: New minimum speed for US broadband connections)

On 6/2/21 14:27, Jared Brown wrote: Excluding cases where muni broadband doesn't suck, why does muni broadband suck? Personally I wouldn't mind more access to dark fiber à la Stokab, much like the dry copper pairs of yesterday. Same here. Municipal broadband promotes the ability

Re: New minimum speed for US broadband connections

On 6/2/21 13:19, Mike Hammett wrote: While I don't have any stats to back it up myself, one of my fixed wireless colleagues reported moving nearly a whole neighborhood from 25 meg fixed wireless to 200 - 500 meg fiber. The 95th% usage changed approximately 10%. It's kind of like

Re: New minimum speed for US broadband connections

On 6/2/21 10:44, Peter Kristolaitis wrote: Of course it is.  Commonly referred to as SaaS -- Steak As A Service.   You order whatever type of steak you want, then the vendor manages the rest for you -- allocating a slice of the hardware, managing the entire lifecycle from system assembly

Re: New minimum speed for US broadband connections

On 6/2/21 11:04, Owen DeLong wrote: I disagree… If it could be forced into a standardized format using a standardized approach to data acquisition and reliable comparable results across providers, it could be a very useful adjunct to real competition. If we can't even agree on what

Re: New minimum speed for US broadband connections

On 6/2/21 05:50, Haudy Kazemi via NANOG wrote: I'd love to see connection 'Nutrition Facts' type labeling. Include: Typical downstream bandwidth, typical upstream bandwidth, median latency and packet loss rates (both measured from CPE in advertised ZIP code to the top 10 websites), data

Re: New minimum speed for US broadband connections

On 6/2/21 02:47, Valdis Klētnieks wrote: The big question is how to get a CFO to buy into stuff with a long break-even schedule when short-term profits get emphasized. Make sure they are born and raised in Japan? Mark.

Re: New minimum speed for US broadband connections

On 6/1/21 23:26, Mike Hammett wrote: My family farms. I can see some of the cattle out of my office window. That's not really a thing. You might be able to find a couple of magazine articles with it, but farmers don't do that, even when capacity is available. Not because they can't, but

Re: New minimum speed for US broadband connections

On 6/1/21 20:46, Andy Ringsmuth wrote: How about the farmer using an HD or 4k drone with WAPs on his center pivot irrigation sprinklers to monitor crops? Or monitor the cattle herd that is currently growing the next T-bone or porterhouse steak you’ll be eating? Is that a thing? Just

Re: New minimum speed for US broadband connections

On 6/1/21 20:36, Jim Troutman wrote: I also believe that ISPs need to manage the customer’s WiFi most of the time, because it is a is huge part of the end-user’s quality of experience.  WiFi 6E will go a long way towards reducing interference and channel congestion and making “auto channel”

Re: New minimum speed for US broadband connections

On 6/1/21 20:27, Chris Adams (IT) wrote: This short term mindset is part of the problem. Welcome to capitalism :-). Those quarterly earnings calls aren't just for the laugh, hehe... Mark.

Re: New minimum speed for US broadband connections

On 6/1/21 20:13, james.cut...@consultant.com wrote: Of course, this is because the “industry” is driven short term profits and can not vision the eventual dispersion of remote workers begun in earnest about a year and which could result in longer term return on investment. I miss the old

Re: New minimum speed for US broadband connections

On 6/1/21 19:40, Lady Benjamin Cannon of Glencoe wrote: I’ve had people cry about how fast the internet is at my office… I guess your mileage may vary, but yes humans do notice those kinds of delays and they are cumulative.  (It’s not just bandwidth, it’s latency.  The 3ms ping in my

Re: New minimum speed for US broadband connections

On 6/1/21 19:38, Raymond Burkholder wrote: On 6/1/21 11:33 AM, Mike Hammett wrote: 99% of the end-users I know can't tell the difference in any amount of speed above 5 megs. It then just either works or doesn't work. And that might be the crux: 'just make it work'. In 2010 when we were

Re: New minimum speed for US broadband connections

On 6/1/21 19:37, Lady Benjamin Cannon of Glencoe wrote: While I agree with you Mark that any practical technology should be used first to extend global communications in the first place, My goal of fiber water and power to every human remains. I am reasonably certain that every NANOG

Re: New minimum speed for US broadband connections

On 6/1/21 19:20, Lady Benjamin Cannon of Glencoe wrote: I’m building a network to out-last me… Are other people not doing this? If they aren't doing it, it's not for a lack of desire. In much of the real world, money is your handicap. How can it be that so many fine minds don’t see

Re: New minimum speed for US broadband connections

On 6/1/21 19:14, Christopher Morrow wrote: On Tue, Jun 1, 2021 at 12:44 PM Mike Hammett > wrote: That is true, but if no one uses it, is it really gone? There's an underlying, I think, assumption that people won't use access speed/bandwidth that keeps

Re: New minimum speed for US broadband connections

On 6/1/21 18:18, aar...@gvtc.com wrote: Yeah I thought gpon was 2.4 ghz down and 1.2 ghz up... so you could only honestly sell (1) 1 gbps symm service via that gpon interface correct? (without oversubscription) It's not about what the OLT can do, it's about what your customers will do,

Re: MPLS/MEF Switches and NIDs

On 6/1/21 16:26, Colton Conor wrote: What replacement options are you looking at for the ASR920? I'm not at liberty to say yet as it's for kit that's still in alpha testing, but what I can say is it's from Juniper. Mark.

Re: New minimum speed for US broadband connections

On 6/1/21 15:49, Don Fanning wrote: One thing to consider in regards to "developing" places - most people in Africa and India get their internet from SmartPhones/Mobile devices. Reason being: power, mobility, and that in many places, the phone company in many locations acts as a "western

Re: New minimum speed for US broadband connections

On 6/1/21 15:28, Livingood, Jason via NANOG wrote: I have seen a lot of questions about what is needed for video/eLearning/telehealth. IMO the beauty of those apps is that they use adaptive bitrate protocols and can work in a wide range of last mile environments – even quite acceptably via

Re: New minimum speed for US broadband connections

On 6/1/21 15:20, Livingood, Jason via NANOG wrote: I'm not sure ratio is the right thing to focus upon - especially as asymmetry has grown the last few years due to the rising using of streaming video services and greater availability of 4K-resolution content. Ratio seems like more a

Re: MPLS/MEF Switches and NIDs

On 6/1/21 14:37, Fabrizio Fiore Donati wrote: you are right :) cisco ASR920 is a very good platform here We have started hitting its limits on IPv6 TCAM, though. And this is without a full feed for either IPv4 or IPv6. We are having to look for a replacement, even though it's

Re: New minimum speed for US broadband connections

On 6/1/21 12:44, Shawn L wrote: From the ISP side, I can tell you that when a customer signs up for service and you offer them a couple of choices of wireless routers, they almost always pick the cheapest one. If you give them a reasonable / good router when you hook-up their service,

Re: New minimum speed for US broadband connections

On 6/1/21 02:19, Eric Kuhnke wrote: d) may be using badly configured wifi things that stomp on each other, sometimes provided by the ISP Many times provided by the ISP. Between turning up new customers everyday, and fixing problems with pre-existing ones, ISP's tend to do the absolute

Re: New minimum speed for US broadband connections

On 6/1/21 01:54, Tim Burke wrote: With that said, if there needs to be regulation on minimum broadband speeds, should there be regulation to require home ISPs to provide high-end 802.11ax-capable network gear, so the average clueless home user with a 1gbps FTTP connection can actually use

Re: MPLS/MEF Switches and NIDs

On 5/31/21 19:44, Adam Thompson wrote: But for 4x10G the MX104 is a very nice box - if you can afford it. If you don't need a full BGP table, sure :-). Mark.

Re: New minimum speed for US broadband connections

On 5/31/21 16:17, Andy Ringsmuth wrote: Where there is a will, there is a way. The big boys don’t have the will to do it. Case after case after case after case after case demonstrates that fiber to the home can be done and can be done for a very reasonable cost. We read about smaller

Re: New minimum speed for US broadband connections

On 5/31/21 11:49, Daniel Karrenberg wrote: I do not live in the US and I do not pay US taxes. So I have no opinion on the original question. Let me offer an observation: I live in NL and I have two strands of glass plus coax into my house in a rural village in the ‘far south’. I do not

Re: New minimum speed for US broadband connections

On 5/31/21 11:32, Baldur Norddahl wrote: But why would the goal be fiber to every household? There are other ways to deliver good internet. In fact all of the major platforms can do so: fiber, coax, DSL, fixed wireless, 4G / 5G. The fiber platform will do so naturally, the others may

Re: MPLS/MEF Switches and NIDs

On 5/29/21 04:17, Patrick Cole wrote: We ran a medium sized mpls network using ciena 3900 and 5000 series boxes on our microwave network. Nothing but problems, the mpls code was just not mature enough and our radio network had the boxes falling apart at the seams as storms rolled

Re: MPLS/MEF Switches and NIDs

On 5/29/21 00:46, Colton Conor wrote: Yes, I was surprised as you that they have these routing features. I was also surprised they had multiple boxes that compete with aggregation devices like the ACX5048. The question is how good is Ciena's MPLS, switching, and routing stack compared to

Re: New minimum speed for US broadband connections

On 5/29/21 00:38, Lady Benjamin Cannon of Glencoe, ASCE wrote: 8 billion fiber drops for 8 billion people. Technically speaking, 8 billion people is not 8 billion households :-). But the bigger problem is getting fibre to every family in the world is not yet currently feasible. There

Re: Comcast RPKI origin validation

On 5/20/21 20:34, Tony Tauber wrote: Last week we at Comcast reached some substantial milestones in our RPKI rollout (validation on inter-provider sessions, ROAs for our address-space). Jason Livingood and I collaborated on a blog post, FWIW.

Re: TLD .so Partial Outage?

On 5/16/21 17:24, Bill Woodcock wrote: Our staff contacted AfriNIC staff and got an acknowledgement that they were in process of resolving it at the time. Yes, got the same back from them as well. Mark.

Re: Juniper hardware recommendation

All sounds like a bit of Broadcom to me :-). Mark. On 5/16/21 14:56, Colton Conor wrote: Looks like its replacement is the 5120 series. The question is does the 5120 have the same limitations and similar chipset? On Sun, May 16, 2021 at 7:06 AM Jason Healy

Re: TLD .so Partial Outage?

On 5/15/21 21:05, Tom Daly wrote: Hello NANOG'ers! I'm observing a near global outage of DNS services from d.nic.so. This appears to be an AfriNIC anycast DNS service. Does anyone have contacts at AfriNIC for their DNS systems available? e.nic.so seems to be responding (hosted behind

Re: Juniper hardware recommendation

On 5/15/21 10:38, Saku Ytti wrote: Not sure why 76 is better than 24. Both are wrong and will cause operational confusion because people think the link is not congested. This is extremely poorly understood even by professionals, so poorly that people regularly think you can't get 100%

Re: Juniper hardware recommendation

On 5/10/21 20:22, aar...@gvtc.com wrote: Thanks Mark.  We have a ring of MX960’s currently and wanted to spare the parts with each other, between the 960’s and 240’s…. scb’s, re’s, mpc’s… Ah, makes sense in that case, then. Mark.

Re: Juniper hardware recommendation

On 5/10/21 16:19, aar...@gvtc.com wrote: I prefer MX204 over the ACX5048.  The ACX5048 can’t add L3 interface to an mpls layer 2 type of service.  There are other limitations to the ACX5048 that cause me to want to possibly replace them with MX204’s.  But in defense of the ACX5048, we have

Re: Juniper hardware recommendation

On 5/8/21 23:37, Baldur Norddahl wrote: It is possible to get a 48V 6A DC power supply as a power brick laptop style. Just look at it as an external psu :-) For the number of units we'd need to deploy, it doesn't make sense for us. Easier to buy a UPS than try to convert AC to DC. I

Re: Juniper hardware recommendation

On 5/8/21 22:50, Baldur Norddahl wrote: Maybe they did in the ACX710? Does most things except full routing table. We looked at it. Apart from supporting only DC power (which we don't like), it's Broadcom. Granted, there's a whole new line of ACX7XXX boxes they are putting out, one of

Re: Juniper hardware recommendation

On 5/8/21 09:22, Marco Paesani wrote: Hi Mark, PTX series are dedicated for core backbone like "P Provider"... Yes, this is what we are using it for. probably you just using it like "PE Provider Edge" in this role is much better than the MX series. Not this. We have the MX480 for that

Re: Juniper hardware recommendation

On 5/8/21 00:56, Mann, Jason via NANOG wrote: We are using MX204's as our internet routers and I want to replace our ASR's with them to be used as an aggregate circuit router. With the amount of 10G/40G/100G interface and the price point we have been happy with them. The big issue was

Re: Juniper hardware recommendation

On 5/7/21 23:28, Javier Gutierrez Guerra wrote: I need to do MPLS (vlls), VXLAN, Multicast, full routing tables, multiple VRFs, q-in-q, QoS If it's a typical MPLS-based, BGP-free(ish) core router, you probably don't need it to do all of those things. If it's a collapsed core (P/PE),

Re: Juniper hardware recommendation

On 5/7/21 23:14, Adam Thompson wrote: If you don’t already know that you want a PTX, then you don’t want a PTX.  The product is fine, but niche, and has the same interface limitations as MX10k. We are testing the PTX1000 as a core router. Not terribly unhappy so far. Mark.

Re: IS-IS and IPv6 LLA next-hop - just Arista, or everyone?

On 5/4/21 21:07, Adam Thompson wrote: LOLOLOL. “%VXLAN-4-IPV6_UNDERLAY_UNSUPPORTED: VXLAN encapsulation using IPv6 VTEP addresses is not supported on this platform” Guess it’s going to be a non-issue for me, at this time, since VxLAN was the main reason for this entire setup… Thanks

Re: IS-IS and IPv6 LLA next-hop - just Arista, or everyone?

On 5/4/21 17:34, Saku Ytti wrote: I don't think you are, I read like an opinion piece so it's inherently not right or wrong. I don't have the same experience and I consider forcing LLA a blessing in limiting attack vectors and I personally don't see downsides as all addresses are gibbering

Re: IS-IS and IPv6 LLA next-hop - just Arista, or everyone?

On 5/4/21 03:28, Adam Thompson wrote: Hey, just checking as I don’t have any Cisco or Extreme or Juniper gear running IS-IS to verify myself… On current Arista (7280SR2K) and older Brocade (MLXe) routers, the IPv6 next-hop address in IS-IS seems to always be the link-local address of the

Re: DNSSEC Best Practices

On 4/28/21 11:51, Tony Finch wrote: Yes. I recommend p256 because the security advantages of p384 are not significant enough to justify the increased costs in space (packet size) and time. Both 13 and 14 are already smaller than 8 (which is the most widely deployed algorithm today). 512

Re: DNSSEC Best Practices

On 4/27/21 22:56, Arne Jensen wrote: In the end, I would simply set up everything with 14 4, a.k.a. ECDSAP384SHA384, unless any customers/clients could provide valid justification (including evidence) why it "cannot" be used, such as e.g. a TLD not supporting it, could be valid

Re: DNSSEC Best Practices

On 4/27/21 21:31, Eric Germann via NANOG wrote: What algorithms do you typically sign with (RSASHA256, ECDSAP256SHA256, both, something other)? I've been using ECDSAP384SHA384 (14) for a few months now, with no problems of note. I know that ECDSAP256SHA256 (13) is "firmer", but hey

Re: Submitting Fake Geolocation for blocks to Data Brokers and RIRs

On 4/22/21 16:55, Brian Turnbow wrote: AFAIK Ripe does not set a default, it is up to the LIR. You can assign geoloc to orgs ans assignments Ripe publishes a list of all allocations made to the provider and lists their country of record. If the address space is unassigned I'm not sure as it

Re: Submitting Fake Geolocation for blocks to Data Brokers and RIRs

On 4/22/21 15:57, Brian Turnbow via NANOG wrote: So to extend this further, you assign a class of IPs to a customer and register it to them in the RIPE database. Do you assign it to the customers address, in Estonia , or use the DC Address which is in Germany? Which could be the basis of

Re: Malicious SS7 activity and why SMS should never by used for 2FA

On 4/20/21 01:46, b...@theworld.com wrote: If they want to protect trillions of dollars in assets maybe they need to toss in a few billion to help, and stop hoping some bad press for the technical community will shame some geniuses into dreaming up better security for them mostly for free in

Re: Malicious SS7 activity and why SMS should never by used for 2FA

On 4/19/21 16:10, Mel Beckman wrote: Can you cite data? Or provide a rational argument other than “they are”? https://www.businessinsider.co.za/whatsapp-scam-asking-for-money-after-number-port-2020-1

Re: Malicious SS7 activity and why SMS should never by used for 2FA

On 4/19/21 15:33, Mel Beckman wrote: Tom, Well, yes, not everyone can afford all technology options. That’s life. One has to wonder how someone who needs to protect online accounts cannot afford a $30 hardware token (which can be shared across several accounts). These low-income people

Re: Malicious SS7 activity and why SMS should never by used for 2FA

On 4/19/21 17:48, William Herrin wrote: Convenience is the most important factor in any security scheme. But often not at the top of the implementation priority list. Hint: carrying around a separate hardware fob for each important Internet-based service is a non-starter. Users might do

Re: Malicious SS7 activity and why SMS should never by used for 2FA

On 4/19/21 15:07, Tom Beecher wrote: I'm not arguing for or against anything here honestly. I'm just pointing out that we ( as in the technical community we ) have a tendency to put forward solutions that completely ignore what might be reasonably feasible for those of lower income , or

<    2   3   4   5   6   7   8   9   10   11   >