>
> That's a terrible excuse for the shitty concepts behind MikroTik's CLI.
>
Fear of being sued into oblivion by a massive corporation, even if they're
in the wrong, has influenced many choices in technology.
To be clear, I am not stating that Mikrotik made the CLI choices they did
BECAUSE of
On 8/16/23 00:28, Nick Hilliard wrote:
Whatever about the web / winbox UI, there are some fairly serious
weaknesses in the cli and api:
1. there's no atomic configuration commit + auto rollback.
2. the CLI is non-idempotent, for example if you're in a list context
and issue the command
Mike Hammett wrote on 15/08/2023 23:02:
I'd say it's probably the best router UI ever, but I suppose now we'll
find ourselves in a religious argument.
Whatever about the web / winbox UI, there are some fairly serious
weaknesses in the cli and api:
1. there's no atomic configuration commit +
On Tue, Aug 15, 2023 at 6:30 PM Mike Hammett wrote:
> Most people I know don't even use the CLI. They use Winbox.
>
>
Actually, Winbox used to crash configuring BGP due to displaying full
routes if the router gets them.
So there is saying in Mikrotik communities to use CLI for BGP, while
keeping
Mike Hammett [na...@ics-il.net] wrote:
> I'd say it's probably the best router UI ever, but I suppose now we'll find
> ourselves in a religious argument.
>
If that's truly how you feel, I would want to talk with you on Signal and get a
better idea for what you like and don't like.
ot;Mike Hammett"
Cc: nanog@nanog.org, "Mark Tinka"
Sent: Tuesday, August 15, 2023 4:44:13 PM
Subject: Re: Dodgy AS327933 ...?
Mike Hammett [na...@ics-il.net] wrote:
> Most people I know don't even use the CLI. They use Winbox.
>
Which is also terrible.
Mike Hammett [na...@ics-il.net] wrote:
> Most people I know don't even use the CLI. They use Winbox.
>
Which is also terrible.
Tom Beecher [beec...@beecher.cc] wrote:
> >
> > It should be a huge embarrasment to the designers. They survive on low
> > price and unique features. It would be quite amazing to have a CLI without
> > the nonsense.
> >
>
> That ship sailed years ago. Even though the legal precedent was set after
, August 14, 2023 11:20:32 AM
Subject: Re: Dodgy AS327933 ...?
Mark Tinka [mark@tinka.africa] wrote:
>
> It is not terribly clever of Mikrotik to have two commands that do different
> things be that close in syntax.
>
It should be a huge embarrasment to the designers. They
>
> It should be a huge embarrasment to the designers. They survive on low
> price and unique features. It would be quite amazing to have a CLI without
> the nonsense.
>
That ship sailed years ago. Even though the legal precedent was set after
Cisco vs Arista that CLI elements that are of common
Mark Tinka [mark@tinka.africa] wrote:
>
> It is not terribly clever of Mikrotik to have two commands that do different
> things be that close in syntax.
>
It should be a huge embarrasment to the designers. They survive on low price
and unique features. It would be quite amazing to have a CLI
Looking at this I also saw that for a short time some prefixes belonging to
AS37451 were announced by AS2454388738 (see [0] and [1]).
Anybody have a smart idea which command could have caused this?
[0]
Malte Tashiro wrote on 12/08/2023 04:50:
Looking at this I also saw that for a short time some prefixes belonging
to AS37451 were announced by AS2454388738 (see [0] and [1]).
Anybody have a smart idea which command could have caused this?
AS2454388738 == AS37451.2, in asdot format.
Nick
BGP was indeed designed in an era when trust was implicit. Introducing
ASPA to sign a cryptographic list of authorized providers steps in the
right direction. By validating both AS_PATH and route origin, the
chances of BGP hijack and misconfigurations can be substantially
reduced.
On 8/11/23 12:56, Nick Hilliard wrote:
bgp is a policy based distance vector protocol. If you can't adjust
the primary inter-domain metric to handle your policy requirements,
it's not much use.
I am not talking about appending one's own AS in the AS_PATH. I am
talking about appending
On 8/11/23 02:26, Nick Hilliard wrote:
If your asn is 327933, then:
add chain=foo prefix=192.0.2.0/24 action=accept set-bgp-prepend=2
... will produce: "327933 327933", and:
add chain=foo prefix=192.0.2.0/24 action=accept set-bgp-prepend-path=2
... will produce: "327933 2".
Routeros does
Mark Tinka wrote on 11/08/2023 10:33:
It is not terribly clever of Mikrotik to have two commands that do
different things be that close in syntax.
no, indeed.
That said, why are we giving the routers the ability to manually
generate AS_PATH's? On any router OS, this is simply asking for it.
On 8/11/23 11:26, Nick Hilliard wrote:
If your asn is 327933, then:
add chain=foo prefix=192.0.2.0/24 action=accept set-bgp-prepend=2
... will produce: "327933 327933", and:
add chain=foo prefix=192.0.2.0/24 action=accept set-bgp-prepend-path=2
... will produce: "327933 2".
Routeros
Mark Tinka wrote on 11/08/2023 10:17:
So how would one fumble it to the degree where a fat-finger results in
what should be a prepend becoming an AS_PATH?
Genuine question - I have zero experience with Mikrotik in an SP role.
If your asn is 327933, then:
add chain=foo prefix=192.0.2.0/24
On 8/11/23 11:08, Nick Hilliard wrote:
yep, sure did. Check out the "set-bgp-prepend" action on routeros -
it's right next to "set-bgp-prepend-path".
https://wiki.mikrotik.com/wiki/Manual:Routing/Routing_filters
So how would one fumble it to the degree where a fat-finger results in
Mark Tinka wrote on 11/08/2023 09:43:
Did I miss the memo where vendors went from explicitly defining the AS
multiple times to determine the number of prepends, to, this :-)?
yep, sure did. Check out the "set-bgp-prepend" action on routeros -
it's right next to "set-bgp-prepend-path".
On 8/11/23 10:15, b...@uu3.net wrote:
Haha :) you are right.
I just checked Caida AS ranking:
http://as-rank.uu3.net/?as=2
A lot of "providers" for UDEL-DCN. Yeah right..
They all indeed probably try to prepend their AS 2 times
ending up having ASN 2 in path.
Did I miss the memo where
To: nanog@nanog.org
Subject: Re: Dodgy AS327933 ...?
Date: Thu, 10 Aug 2023 09:24:32 -0400
AS2 is the most hijacked prefix in the world. Yes UD still owns it,
but since different router vendors use different methods of prepending
AS numbers, many folks try to prepend twice and end up announcing
on AS2
On 8/10/23 20:43, Randy Bush wrote:
classic microtik prepend syntax confusion?
Uncertain. I have a Mikrotik CPE for my home router, but I can't tell
you how BGP works on it.
It seems that AS2, in the path, is not genuine. We are verifying that,
though.
Mark.
> We are seeing some weird routing from them, and the AS2 they are
> attached to (University of Delaware) seems odd.
classic microtik prepend syntax confusion?
randy
AS2 is the most hijacked prefix in the world. Yes UD still owns it,
but since different router vendors use different methods of prepending
AS numbers, many folks try to prepend twice and end up announcing
on AS2..
thanks
mike
On 8/10/23 9:02 AM, Mark Tinka wrote:
On 8/10/23 11:38, Frank
On 8/10/23 15:22, Frank Habicht wrote:
ouch!
I see in your LG that this AS 2 is originating 197.157.254.0/24 .
which seems to mean that it's not just a plain "we want to prepend 2
times, put the number 2 into config and the NOS takes this as the ASN
to insert"
putting someone from
On 10/08/2023 16:02, Mark Tinka wrote:
We are seeing some weird routing from them, and the AS2 they are
attached to (University of Delaware) seems odd.
Not sure if any of the American folk on this list can verify AS2 is
really part of the University of Delaware...
Mark.
ouch!
I see in
On 8/10/23 12:01, d...@darwincosta.com wrote:
I know someone you might know them. Happy to introduce off-list.
Yes, Darwin. That would be most appreciated. Thanks.
Mark.
On 8/10/23 11:38, Frank Habicht wrote:
from a 2019 DB snapshot:
aut-num: AS327933
as-name: GROUPE-TELECOM-SPRL
descr: GROUPE TELECOM SPRL
status: ASSIGNED
org: ORG-GTS2-AFRINIC
admin-c: YM8-AFRINIC
tech-c: YM9-AFRINIC
notify:
> On 10 Aug 2023, at 10:57, Mark Tinka wrote:
>
> Hi all.
Hi Mark,
>
> Anyone know anything about this AS:
>
> https://bgp.he.net/AS327933
I know someone you might know them. Happy to introduce off-list.
>
> Mark.
Cheers.
Darwin-.
Hi Mark,
On 10/08/2023 11:55, Mark Tinka wrote:
Anyone know anything about this AS:
https://bgp.he.net/AS327933
from a 2019 DB snapshot:
aut-num:AS327933
as-name:GROUPE-TELECOM-SPRL
descr: GROUPE TELECOM SPRL
status: ASSIGNED
org:ORG-GTS2-AFRINIC
32 matches
Mail list logo