Engineering contact at RocketFiber

[Eric Dugas]

Anyone from RocketFiber's engineering group on this list?

Contact me off-list please!

Eric

Re: gagging *IX directors re snoop/block orders

[Christian de Larrinaga]

It's a pretty shocking development.

It's one thing to nobble a single network under the IP Act to interfere
with equipment but to use a neutral exchange to nobble shared
infrastructure used across US and UK and ... is a completely different
can of worms.

I don't exercise a vote anymore at LINX but I do hope members will pause
and consider this very carefully indeed.


Christian

> Brandon Butterworth 
> 17 February 2017 at 17:38
> On Fri Feb 17, 2017 at 05:19:32PM +, William Waites wrote:
>> So instead of saying, "we have this new spying law in the UK and we need
>> to rejigg the decision-making at LINX so we will be ready in case we are
>> required to do something that must be kept secret"
>
> Yes but "hey government, swivel on this" isn't going to be an
> effective secret weapon, they'll neutralise it before you use it
>
>> what was proposed to
>> the membership was, "we have embarked on this long governance journey
>> and this is what we have come up with as the best way to run LINX". Those
>> are two very different propositions
>
> A big winking eye emoji was needed
>
> brandon
> William Waites 
> 17 February 2017 at 17:19
>> On Feb 17, 2017, at 16:46, Patrick W. Gilmore  wrote:
>>
>> There is one problem: The article is factually incorrect on multiple points.
>
> It would be interesting to know what points those are, it reads mostly 
> accurately
> to me.
>
>> The proposed constitutional changes are in the public domain.
>
> The main problem, though this point may have gotten lost in the very long
> discussion on the LINX members list, is that the reasoning and motivation for
> the changes was not made clear. Even when explanatory materials were
> belatedly provided, they weren’t especially clear.
>
> So instead of saying, "we have this new spying law in the UK and we need
> to rejigg the decision-making at LINX so we will be ready in case we are
> required to do something that must be kept secret" what was proposed to
> the membership was, "we have embarked on this long governance journey
> and this is what we have come up with as the best way to run LINX". Those
> are two very different propositions, especially for busy people who don’t have
> time to read in detail and understand all the implications.
>
> All that I suggested is that the members be properly informed so that they
> can make this choice with their eyes open. It is important to have this
> discussion in the open, and explicitly mark the transition where Internet
> Exchange Points re-organise themselves to accommodate spying laws and 
> gag orders.
>
> William Waites
> Laboratory for Foundations of Computer Science
> School of Informatics, University of Edinburgh
> Informatics Forum 5.38, 10 Crichton St.
> Edinburgh, EH8 9AB, Scotland
>
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>

-- 
Christian de Larrinaga  FBCS, CITP,
-
@ FirstHand
-
+44 7989 386778
c...@firsthand.net
-

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG,
MENOG, SAFNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 18 Feb, 2017

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  635871
Prefixes after maximum aggregation (per Origin AS):  247826
Deaggregation factor:  2.57
Unique aggregates announced (without unneeded subnets):  306367
Total ASes present in the Internet Routing Table: 56267
Prefixes per ASN: 11.30
Origin-only ASes present in the Internet Routing Table:   48704
Origin ASes announcing only one prefix:   21704
Transit ASes present in the Internet Routing Table:7563
Transit-only ASes present in the Internet Routing Table:208
Average AS path length visible in the Internet Routing Table:   4.3
Max AS path length visible:  41
Max AS path prepend of ASN ( 55644)  36
Prefixes from unregistered ASNs in the Routing Table:71
Numnber of instances of unregistered ASNs:   72
Number of 32-bit ASNs allocated by the RIRs:  17355
Number of 32-bit ASNs visible in the Routing Table:   13507
Prefixes from 32-bit ASNs in the Routing Table:   54157
Number of bogon 32-bit ASNs visible in the Routing Table:47
Special use prefixes present in the Routing Table:0
Prefixes being announced from unallocated address space:416
Number of addresses announced to Internet:   2833030564
Equivalent to 168 /8s, 220 /16s and 157 /24s
Percentage of available address space announced:   76.5
Percentage of allocated address space announced:   76.5
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   98.4
Total number of prefixes smaller than registry allocations:  212477

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   173711
Total APNIC prefixes after maximum aggregation:   49697
APNIC Deaggregation factor:3.50
Prefixes being announced from the APNIC address blocks:  173034
Unique aggregates announced from the APNIC address blocks:71428
APNIC Region origin ASes present in the Internet Routing Table:7873
APNIC Prefixes per ASN:   21.98
APNIC Region origin ASes announcing only one prefix:   2196
APNIC Region transit ASes present in the Internet Routing Table:   1127
Average APNIC Region AS path length visible:4.4
Max APNIC Region AS path length visible: 41
Number of APNIC region 32-bit ASNs visible in the Routing Table:   2702
Number of APNIC addresses announced to Internet:  760465540
Equivalent to 45 /8s, 83 /16s and 200 /24s
APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 63488-64098, 64297-64395, 131072-137529
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:193535
Total ARIN prefixes after maximum aggregation:92922
ARIN Deaggregation factor: 2.08
Prefixes being announced from the ARIN address blocks:   195954
Unique aggregates announced from the ARIN address blocks: 89899
ARIN Region origin ASes present in the Internet Routing Table:17786
ARIN Prefixes per ASN:   

Re: gagging *IX directors re snoop/block orders

[Brandon Butterworth]

On Fri Feb 17, 2017 at 05:19:32PM +, William Waites wrote:
> So instead of saying, "we have this new spying law in the UK and we need
> to rejigg the decision-making at LINX so we will be ready in case we are
> required to do something that must be kept secret"

Yes but "hey government, swivel on this" isn't going to be an
effective secret weapon, they'll neutralise it before you use it

> what was proposed to
> the membership was, "we have embarked on this long governance journey
> and this is what we have come up with as the best way to run LINX". Those
> are two very different propositions

A big winking eye emoji was needed

brandon

Re: gagging *IX directors re snoop/block orders

[William Waites]

> On Feb 17, 2017, at 16:46, Patrick W. Gilmore  wrote:
> 
> There is one problem: The article is factually incorrect on multiple points.

It would be interesting to know what points those are, it reads mostly 
accurately
to me.

> The proposed constitutional changes are in the public domain.

The main problem, though this point may have gotten lost in the very long
discussion on the LINX members list, is that the reasoning and motivation for
the changes was not made clear. Even when explanatory materials were
belatedly provided, they weren’t especially clear.

So instead of saying, "we have this new spying law in the UK and we need
to rejigg the decision-making at LINX so we will be ready in case we are
required to do something that must be kept secret" what was proposed to
the membership was, "we have embarked on this long governance journey
and this is what we have come up with as the best way to run LINX". Those
are two very different propositions, especially for busy people who don’t have
time to read in detail and understand all the implications.

All that I suggested is that the members be properly informed so that they
can make this choice with their eyes open. It is important to have this
discussion in the open, and explicitly mark the transition where Internet
Exchange Points re-organise themselves to accommodate spying laws and 
gag orders.

William Waites
Laboratory for Foundations of Computer Science
School of Informatics, University of Edinburgh
Informatics Forum 5.38, 10 Crichton St.
Edinburgh, EH8 9AB, Scotland

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

Re: gagging *IX directors re snoop/block orders

[Patrick W. Gilmore]

There is one problem: The article is factually incorrect on multiple points. So 
comparing A to B when B is a fairy tale does not make much sense.

The proposed constitutional changes are in the public domain.

-- 
TTFN,
patrick

P.S. Full disclosure, I am a LINX director. So maybe I’m saying this to protect 
myself. If only you could read the proposed changes and decide for yourself. 
Oh, wait….


> On Feb 17, 2017, at 11:07 AM, Ken Chase  wrote:
> 
> Just meant it as a parallel operational example. Both situations, while 
> legally
> distinct, present the same operational issues. 
> 
> Purposely breaking things - and then being required to keep the breakage 
> secret -
> is going to mess up a whole lot of things. (How does Chinese operators handle 
> this?)
> 
> Additionally the snooping is an issue, though I can't imagine anyone depends 
> on
> an IX for maintaining secrecy at a contract level :/ Today's realities.
> 
> /kc
> 
> 
> On Fri, Feb 17, 2017 at 10:03:00AM -0600, Mike Hammett said:
>> I'm not sure Cogent is on any IXes? 
>> 
>> 
>> 
>> 
>> - 
>> Mike Hammett 
>> Intelligent Computing Solutions 
>> http://www.ics-il.com 
>> 
>> Midwest-IX 
>> http://www.midwest-ix.com 
>> 
>> - Original Message -
>> 
>> From: "Ken Chase"  
>> To: nanog@nanog.org 
>> Sent: Friday, February 17, 2017 9:56:23 AM 
>> Subject: gagging *IX directors re snoop/block orders 
>> 
>> And when you go to figure out why that IP wont ping through Cogent on 
>> your exchange, and start troubleshooting but can't get any answers 
>> as to why things are bust... 
>> 
>> [ Clearly now an operational issue for NANOG. ] 
>> 
>> Purposely breaking routing and not being able to talk about why is going to 
>> set many orgs at odds with their basic operational charters. I expect that 
>> a paid service will work when it's provided, including help debugging their 
>> end. 
>> 
>> This is slightly different from a service provider, ostensibly you can 
>> go elsewhere to get service - but when you are a member of a nonprofit *IX 
>> (as we are with TorIX), things get a lot more complex. 
>> 
>> I imagine contract lawyers are going to be all over this. 
>> 
>> https://www.theregister.co.uk/2017/02/17/linx_snoopers_charger_gagging_order/
>>  
>> 
>> (their typo in the url) 
>> 
> 
> /kc 
> -- 
> Ken Chase - m...@sizone.org Guelph/Toronto Canada 

Re: gagging *IX directors re snoop/block orders

[Ken Chase]

Just meant it as a parallel operational example. Both situations, while legally
distinct, present the same operational issues. 

Purposely breaking things - and then being required to keep the breakage secret 
-
is going to mess up a whole lot of things. (How does Chinese operators handle 
this?)

Additionally the snooping is an issue, though I can't imagine anyone depends on
an IX for maintaining secrecy at a contract level :/ Today's realities.

/kc


On Fri, Feb 17, 2017 at 10:03:00AM -0600, Mike Hammett said:
  >I'm not sure Cogent is on any IXes? 
  >
  >
  >
  >
  >- 
  >Mike Hammett 
  >Intelligent Computing Solutions 
  >http://www.ics-il.com 
  >
  >Midwest-IX 
  >http://www.midwest-ix.com 
  >
  >- Original Message -
  >
  >From: "Ken Chase"  
  >To: nanog@nanog.org 
  >Sent: Friday, February 17, 2017 9:56:23 AM 
  >Subject: gagging *IX directors re snoop/block orders 
  >
  >And when you go to figure out why that IP wont ping through Cogent on 
  >your exchange, and start troubleshooting but can't get any answers 
  >as to why things are bust... 
  >
  >[ Clearly now an operational issue for NANOG. ] 
  >
  >Purposely breaking routing and not being able to talk about why is going to 
  >set many orgs at odds with their basic operational charters. I expect that 
  >a paid service will work when it's provided, including help debugging their 
end. 
  >
  >This is slightly different from a service provider, ostensibly you can 
  >go elsewhere to get service - but when you are a member of a nonprofit *IX 
  >(as we are with TorIX), things get a lot more complex. 
  >
  >I imagine contract lawyers are going to be all over this. 
  >
  
>https://www.theregister.co.uk/2017/02/17/linx_snoopers_charger_gagging_order/ 
  >
  >(their typo in the url) 
  >

/kc 
-- 
Ken Chase - m...@sizone.org Guelph/Toronto Canada 

Re: gagging *IX directors re snoop/block orders

[Mike Hammett]

I'm not sure Cogent is on any IXes? 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Ken Chase"  
To: nanog@nanog.org 
Sent: Friday, February 17, 2017 9:56:23 AM 
Subject: gagging *IX directors re snoop/block orders 

And when you go to figure out why that IP wont ping through Cogent on 
your exchange, and start troubleshooting but can't get any answers 
as to why things are bust... 

[ Clearly now an operational issue for NANOG. ] 

Purposely breaking routing and not being able to talk about why is going to 
set many orgs at odds with their basic operational charters. I expect that 
a paid service will work when it's provided, including help debugging their 
end. 

This is slightly different from a service provider, ostensibly you can 
go elsewhere to get service - but when you are a member of a nonprofit *IX 
(as we are with TorIX), things get a lot more complex. 

I imagine contract lawyers are going to be all over this. 

https://www.theregister.co.uk/2017/02/17/linx_snoopers_charger_gagging_order/ 

(their typo in the url) 

/kc 
-- 
Ken Chase - m...@sizone.org Guelph/Toronto Canada 

gagging *IX directors re snoop/block orders

[Ken Chase]

And when you go to figure out why that IP wont ping through Cogent on
your exchange, and start troubleshooting but can't get any answers
as to why things are bust...

[ Clearly now an operational issue for NANOG. ]

Purposely breaking routing and not being able to talk about why is going to
set many orgs at odds with their basic operational charters. I expect that
a paid service will work when it's provided, including help debugging their end.

This is slightly different from a service provider, ostensibly you can
go elsewhere to get service - but when you are a member of a nonprofit *IX
(as we are with TorIX), things get a lot more complex.

I imagine contract lawyers are going to be all over this.

 https://www.theregister.co.uk/2017/02/17/linx_snoopers_charger_gagging_order/

(their typo in the url)

/kc
-- 
Ken Chase - m...@sizone.org Guelph/Toronto Canada

Re: backbones filtering unsanctioned sites

[Florian Weimer]

* > On Friday, 17 February, 2017 08:29, "Florian Weimer"  
said:
>
>> Of course they do, see the arrest of Augusto Pinochet.
>
> Universal Jurisdiction is supposed to cover the likes of war crimes,
> torture, extrajudicial executions and genocide, that are generally
> agreed to be crimes against humanity as a whole, regardless of where
> they take place.  Much as the copyright cartel would like to put any
> (perceived) loss of revenue into the same bracket, are you *really*
> advocating that copyright infringement belongs in that list?

I think the Spanish prosecutor claimed at the time that crimes were
committed against Spaniards, too.  So it's not quite a case of
absolute universal jurisdiction.  Assuming that Spanish copyright
holders sought the court order, the situation isn't too different.

>> Due to the nature of mass copyright violation, it is likely that these
>> sites violate the rights of Spanish copyright holders, and if such a
>> violated party obtains a court order against an ISP, I see no reason
>> why the violations should go on everywhere except Spain.
>
> The action isn't against the people infringing copyright, the sites
> (arguably) aiding them in infringing copyright, or even the company
> providing hosting services to those sites.  It is, if the situation is
> being reported correctly, forcing a connectivity provider to block
> access to some elements of the hosting services *worldwide* based on
> the fact that it operates in one country.  In my view, both far too
> many steps removed from the offence, and, more importantly,
> overly-broad in impact.

There can be some debate whether a transit ISP should be subject to
such an injunction, rather than a party closer to the source.  But I
don't see why if a Spanish court determines that Spanish law requires
compliance by the ISP, the blocking order should be restricted to
Spain.  The rights are violated everywhere, after all.

Sometimes, global compliance is just a cost of doing business locally.

> Do you think the Chinese government should be able to force any voice
> provider operating in China to block any of their customers, anywhere
> in the world, from talking about Taiwan as an independent country?
>
> Do you think the Iranian government should be able to force any mobile
> phone company operating in Iran to implement a worldwide ban of
> Pokemon Go?
>
> If the answer to either of those questions is "no", can you explain
> why the jurisdiction should be limited in these cases, but not for
> Spanish copyright holders?

Iranian law appears to require permission for running nation-wide
games, not games around the globe.  Similarly, I doubt that Chinese
law has a legal basis for demanding filtering of voice calls, but it's
difficult to find confirmation for that.  (I believe that a lot of
service bans in China are enacted by the government upon encouragement
from would-be competitors, but that does not make such bans legal
according to Chinese law.)

So the difference is that your hypothetical scenarios violate local
laws.

Re: backbones filtering unsanctioned sites

[t...@pelican.org]

On Friday, 17 February, 2017 08:29, "Florian Weimer"  said:

> Of course they do, see the arrest of Augusto Pinochet.

Universal Jurisdiction is supposed to cover the likes of war crimes, torture, 
extrajudicial executions and genocide, that are generally agreed to be crimes 
against humanity as a whole, regardless of where they take place.  Much as the 
copyright cartel would like to put any (perceived) loss of revenue into the 
same bracket, are you *really* advocating that copyright infringement belongs 
in that list?

> Due to the nature of mass copyright violation, it is likely that these
> sites violate the rights of Spanish copyright holders, and if such a
> violated party obtains a court order against an ISP, I see no reason
> why the violations should go on everywhere except Spain.

The action isn't against the people infringing copyright, the sites (arguably) 
aiding them in infringing copyright, or even the company providing hosting 
services to those sites.  It is, if the situation is being reported correctly, 
forcing a connectivity provider to block access to some elements of the hosting 
services *worldwide* based on the fact that it operates in one country.  In my 
view, both far too many steps removed from the offence, and, more importantly, 
overly-broad in impact.

Do you think the Chinese government should be able to force any voice provider 
operating in China to block any of their customers, anywhere in the world, from 
talking about Taiwan as an independent country?

Do you think the Iranian government should be able to force any mobile phone 
company operating in Iran to implement a worldwide ban of Pokemon Go?

If the answer to either of those questions is "no", can you explain why the 
jurisdiction should be limited in these cases, but not for Spanish copyright 
holders?

(Note that I'm not talking about the "right" or "wrong" of those decisions 
within their respective jurisdiction, that's not relevant to where their 
jurisdiction extends.)


Regards,
Tim.

Re: backbones filtering unsanctioned sites

[Florian Weimer]

* Todd Crane:

> I am not familiar with Cogent’s architecture but why couldn’t they
> just null route the IP address at their edge routers from within
> Spain? I am not a lawyer but from what I understand, since the Spanish
> government has zero say on what goes on outside of their borders,

Of course they do, see the arrest of Augusto Pinochet.

Due to the nature of mass copyright violation, it is likely that these
sites violate the rights of Spanish copyright holders, and if such a
violated party obtains a court order against an ISP, I see no reason
why the violations should go on everywhere except Spain.

Re: backbones filtering unsanctioned sites

[Florian Weimer]

* Jared Mauch:

> So risk avoidance on the part of the 100k other sites hosted by CF is
> now a conspiracy?

Conspiracy is perhaps a bit too strong, but I would be annoyed if
someone took my business, but then deliberately undermined the service
they provide.  Of course, if it's all part of the agreement, it's
fine, but if it is not, it certainly looks like a crass net neutrality
violation.

Re: backbones filtering unsanctioned sites

[Florian Weimer]

* Andrew Paolucci:

> Can anyone with a Cogent connection in Canada verify that they are
> impacted as well?

I think it's global.  I tried sites in Canada and Germany, and the
traces look like deliberate blocking of /32s.  I don't have a BGP view
for these sites, though.

Why wouldn't it be global?  If someone forces their hands, ISPs aren't
shipping companies and can pick and choose where they comply.