RE: DMCA processing software

Speaking for Networks outside of the USA (and not being at all helpful sorry), /dev/null works well. Sorry, couldn't help myself... -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jason Baugher Sent: Wednesday, 7 June 2017 5:18 PM To: NANOG

DMCA processing software

I'm curious what people are using to manage DMCA takedown notices in mid-sized networks. I've been searching, and have found the ACNS spec, and a few obscure references to an RT plugin, but not much else. As the ISP I work for grows, manual handling of notices is starting to be a problem. I'd

Re: Proxying NetFlow traffic correctly

samplicate is very good, been using it for 6 years for netflow duplication using botth the spoofing and non, depending on the sensor's needs if it needs to retain the source ip or not. On 6 June 2017 at 20:39, Dobbins, Roland wrote: > > > On Jun 7, 2017, at 06:32, Sami via

Re: Proxying NetFlow traffic correctly

On Jun 7, 2017, at 06:32, Sami via NANOG > wrote: My goal is to centralize NetFlow traffic into a single machine and then proxy some flows to other destinations for further analysis Or nprobe, as was already

Spectrum TV authentication failures

NANOG is probably not the optimal venue for looking into auth failures on the IPTV service which Spectrum/Charter/TWC/BH's TV app for Android uses (which are legion), even though it probably uses RADIUS to get the work done. Anyone got a pointer to a better venue for such questions? Cheers, --

Re: IPv4 Hijacking For Idiots

In message <2541cadf-4a76-b172-b395-0822f1889...@bryanfields.net>, Bryan Fields writes: > On 6/6/17 9:13 PM, Mark Andrews wrote: > > Getting to that stage requires several companies to simultaneously > > say "we will no longer accept as valid mechanisms to verify > > routes announcements. You

Re: IPv4 Hijacking For Idiots

On 6/6/17 9:13 PM, Mark Andrews wrote: > Getting to that stage requires several companies to simultaneously > say "we will no longer accept as valid mechanisms to verify > routes announcements. You need to use X or else we won't accept > the announcement". Yes, this requires guts to do. And

Re: IPv4 Hijacking For Idiots

On Tue, Jun 6, 2017 at 9:13 PM, Mark Andrews wrote: > > In message gmail.com>, Christopher Morrow writes: > > > > On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews wrote: > > > > > Now we could continue

Re: IPv4 Hijacking For Idiots

In message , Christopher Morrow writes: > > On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews wrote: > > > Now we could continue discussing how easy it is to hijack addresses > > of we could spend the time addressing

Re: IPv4 Hijacking For Idiots

On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews wrote: > Now we could continue discussing how easy it is to hijack addresses > of we could spend the time addressing the problem. All it takes is > a couple of transit providers to no longer accept word-of-mouth and > the world will

Re: IPv4 Hijacking For Idiots

In message <1496754899.2014592.1000384072.3e553...@webmail.messagingengine.com>, Scott Christopher writes: > Hank Nussbacher wrote: > > > 2. Create a domain called acme-corp.com and a user called peering > > Or one could register aсme.com > > (If the reader can't tell the difference between

Re: Proxying NetFlow traffic correctly

On Tue 2017-Jun-06 16:39:16 -0700, Hugo Slabbert wrote: On Tue 2017-Jun-06 17:43:46 -0400, Sami via NANOG wrote: Hello, I have been searching for a solution that collects/duplicates NetFlow traffic properly for a while but i couldn't find any. Do you

Re: Templating/automating configuration

❦ 6 juin 2017 14:30 +0100, Oliver Elliott  : > I echo Ansible. I'm using it with NAPALM and jinja2 templates to push and > verify config on switches. Why not using the builtin ability of ansible for most vendors? (genuine question)

Re: Proxying NetFlow traffic correctly

On Tue 2017-Jun-06 17:43:46 -0400, Sami via NANOG wrote: Hello, I have been searching for a solution that collects/duplicates NetFlow traffic properly for a while but i couldn't find any. Do you know any good unix alternative to ntopng, flowd, flow-tools? nprobe of netflow

Re: Proxying NetFlow traffic correctly

nProbe is what you want, it’s another product from NTop. http://www.ntop.org/products/netflow/nprobe/ - Tim > On 7 Jun 2017, at 7:43 am, Sami via NANOG wrote: > > Hello, > I have been searching for a solution that

Re: NANOG70 tee shirt mystery

* David Barak [Mon 05 Jun 2017, 02:09 CEST]: https://en.m.wikipedia.org/wiki/Ten_(Pearl_Jam_album) Pearl Jam are from Seattle... I only knew the CD version, which looks cropped from the LP edition: https://www.discogs.com/Pearl-Jam-Ten/release/376650#images/3899643 -- Niels.

Proxying NetFlow traffic correctly

Hello, I have been searching for a solution that collects/duplicates NetFlow traffic properly for a while but i couldn't find any. Do you know any good unix alternative to ntopng, flowd, flow-tools? nprobe of netflow seems to be the closest one to fit my needs but i want to see if there are any

Re: IPv4 Hijacking For Idiots

Hank Nussbacher wrote: > 2. Create a domain called acme-corp.com and a user called peering Or one could register aсme.com (If the reader can't tell the difference between acme.com and aсme.com , the reader is using one of the multitude of email clients and/or fonts that presents Unicode

Re: Templating/automating configuration

I echo Ansible. I'm using it with NAPALM and jinja2 templates to push and verify config on switches. Oli On 6 June 2017 at 14:27, Pui Edylie wrote: > Hi, > > Take a look at Ansible > > https://www.ansible.com/ > > Our whole infra is automated using it and it is great! > >

Re: NANOG 70 network diagram and upstream

Looks like the network diagram was updated and they ended up with just 2x 10Gb circuits from Wave. I guess the 100Gb connections and redundant carriers fell through? --Andrew > On Jun 4, 2017, at 5:33 PM, Eric Kuhnke wrote: > > Doesn't cost a lot to use the regional

AT Broken Uverse IPv6 routing.

Sorry for the noise but normal support channels are not understanding IPv6 is broken, they just see IPv4 works. Can anyone contact me or maybe provide a contact or pass this along to someone in ATT who can deal with broken IPv6 routing for Uverse Res/Small Biz IPv6 blocks that are being assigned.

Re: NANOG70 tee shirt mystery

That's correct. Andy > On Jun 4, 2017, at 8:10 PM, Jon Sevier wrote: > > It's a play on Pearl Jam's "Ten" album cover as best as I can tell. > > -Jon > >> On Jun 4, 2017 16:57, "Matthew Petach" wrote: >> >> So, I've been staring at the NANOG70

Re: Templating/automating configuration

Go templates: http://golang.org Fast and simple with gRPC and other good stuff like kelsey’s confd (a daemon that watches for changes and update templates) % go doc text/template package template // import "text/template" Package template implements data-driven templates

Re: NANOG 70 network diagram and upstream

Yes, frankly, it doesn't cost us (NANOG) anything - the sponsors like to do it for the "cool" factor, and so long as it's not an undue burden on us, they can throw as much bandwidth at us as they'd like. -Dave On Sun, Jun 4, 2017 at 4:02 PM, James Breeden wrote: > Yeah, I

RE: Looking for Cisco ASR9000v feedback

Yeah - look for bundles if possible. I know it cut about 3/4 of the cost off of an NCS5K that we were looking at in a ASR9K satellite config. Also, if you're doing satellite on the 9000V, I believe support for that feature is going away in a future version of IOS-XR. Double-check w/ your

Re: Templating/automating configuration

Hi, Here are some extra pointers: https://youtube.com/watch?v=C7pkab8n7ys https://www.nanog.org/sites/default/files/dosdontsnetworkautomation.pdf https://github.com/coloclue/kees Kind regards, Job On Tue, 6 Jun 2017 at 13:49, Brian Knight wrote: > Because we had

Re: Templating/automating configuration

Because we had different sources of truth which were written in-house, we wound up rolling our own template engine in Python. It took about 3 weeks to write the engine and adapt existing templates. Given a circuit ID, it generates the full config for copy and paste into a terminal session. It

Re: Templating/automating configuration

https://youtu.be/ltqXgtLWXFo and the assocaited pdf https://www.nanog.org/meetings/nanog44/presentations/Monday/Gill_programatic_N44.pdf On Tue, Jun 6, 2017 at 10:09 AM, Nick Hilliard wrote: > Graham Johnston wrote: > > Short of complete SDN, for those of you that have some

Re: IP Hijacking For Dummies

On Mon, Jun 05, 2017 at 04:46:04PM -0700, Ronald F. Guilmette wrote: > It did also strike me as passing strange that this company has apparently > elected to not actually put its own web server, name servers, or mail > server anywhere within its own duly allocated IPv4 blocks. Out of curiosity, I

Re: IPv4 Hijacking For Idiots

On Tue, Jun 6, 2017 at 2:25 AM, Hank Nussbacher wrote: (I think this is really Ron and Bill chatting, but some of the linkage got lost on the tubes) > > > > I've read article after article after article bemoanging the fact that > >> "BGP isn't secure", > > > > They're

Re: Looking for Cisco ASR9000v feedback

On 06/06/17 15:34, Erik Sundberg wrote: > Looking for the pro's, con's, and the gotcha's of moving our 1G ports to the > 9000V. The nV licenses for one. Talk about printing money. -- Tom

Looking for Cisco ASR9000v feedback

Does anyone have any experience with the Cisco 9000v? Looking for the pro's, con's, and the gotcha's of moving our 1G ports to the 9000V. CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it

Re: Templating/automating configuration

http://ipspace.net - search on everything ref network automation, under webinars. Ivan is among the best in analysis and consolidation of such info, and in documenting all options you may have. Once you see what he has to offer, and definitely not only in the network automation space, you may

Re: Templating/automating configuration

Graham Johnston wrote: > Short of complete SDN, for those of you that have some degree of > configuration templating and/or automation tools what is it that you > run? I'm envisioning some sort of tool that let's me define template > snippets of configuration and aids in their deployment to

Re: Templating/automating configuration

Hi, Take a look at Ansible https://www.ansible.com/ Our whole infra is automated using it and it is great! Regards, Edy On 6/6/2017 9:22 PM, Graham Johnston wrote: Short of complete SDN, for those of you that have some degree of configuration templating and/or automation tools what is it

Templating/automating configuration

Short of complete SDN, for those of you that have some degree of configuration templating and/or automation tools what is it that you run? I'm envisioning some sort of tool that let's me define template snippets of configuration and aids in their deployment to devices. I'm okay doing the

Re: IPv4 Hijacking For Idiots

On 06/06/2017 03:20, William Herrin wrote: Ronald, Here is how I would do it: 1. As you noted in your first email in this thread, find an abandoned ASN, lets call it AS12345, with a POC of supp...@acme.com 2. Create a domain called acme-corp.com and a user called peering 3. Contact an IX,