Re: Acceptance of RPKI unknown in ROV

On Thu, 19 Oct 2023 at 1:37 pm, Owen DeLong wrote: > I ask because there was discussion at the ARIN meeting and Kevin Blumburg > made the suggestion that “in 2024, routes will not be accepted without > ROAs”. > As someone who was there, that’s misrepresentation of what Kevin said. Im sure he

Re: Acceptance of RPKI unknown in ROV

A quick check to my routing table suggests that I have 206700 preferred routes (v4/v6) to notfound (unknown) destinations. So yeah I don't think anyone can afford to do this right now. Regards, Aftab A. Siddiqui On Fri, 20 Oct 2023 at 05:49, Owen DeLong via NANOG wrote: > A question for

Re: 128/9 cite

On Thu, 8 Jun 2023 at 02:15, Randy Bush wrote: > doug madory is asking me for a cite for the exciting 1997/8 128/9 bgp > event. my memory as reported to doug is > > soon after the 7007 incident, an engineer in a UUNET lab, not > realizing they were connected to the real internet, used

Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022)

> Kenneth Finnegan wrote on 04/04/2022 21:05: > > I've taken it upon myself to create > > proxy registrations for all of these prefixes in ALTDB. > > Please don't. > Too late, all 394 routes mentioned above are now in ALTDB. > You're not doing the routing security ecosystem any favours by doing

Re: BGP hujack by AS25478?

Noction - could be but there were not many specifics in around 3200 routes they originated, there were few /12, /13, /14 mistake probably. 121.128.0.0/12 39120 65478 25478 121.128.0.0/12 61568 65478 25478 121.144.0.0/13 61568 65478 25478 141.48.0.0/13 61568 65478 25478 203.40.0.0/13 39120 65478

Re: ROA coverage info

can't even reach nist.gov. Regards, Aftab A. Siddiqui On Mon, 14 Jun 2021 at 15:29, Hank Nussbacher wrote: > On 24/08/2020 17:49, Rayhaan Jaufeerally (NANOG) wrote: > > There's also this site run by NIST: https://rpki-monitor.antd.nist.gov/ > > which

Re: Tier1 BGP filter generation data sources & frequency

Hi Jon, (and anyone with similar issues) > BTW...speaking of MANRS, if there's someone on-list who can help out with > some questions, I'd appreciate the contact. For $work, I'd been talking > to Kevin Meynell about our joining. It fell through the cracks and > recently popped back up. Recent

Re: Cloudflare OCTO RPKI Validator - LACNIC CAs issues

Hi Douglas, Not sure about dip in their rpki monitoring page for lacnic, but I could see the VRP here https://rpki.cloudflare.com/rpki.json The daily snapshot taken at 23:47 22-04-2021 using rpki.cloudflare.com shows the prefix. cloudflare# grep 200.160.0.0 2021-04-22-2347-UTC + 200.160.0.0

Re: ROA coverage info

+1 to RIPE stats. Here is from NLnet labs: https://www.nlnetlabs.nl/projects/rpki/rpki-analytics/ Regards, Aftab A. Siddiqui On Tue, 25 Aug 2020 at 00:46, Nathalie Trenaman wrote: > Hi Fabiano, > > Is this what you are looking for? > https://stat.ripe.net/widget/rpki-by-trust-anchor > >

Re: BGP route hijack by AS10990

Not a single prefix was signed, what I saw. May be good reason for Rogers, Charter, TWC etc to do that now. It would have stopped the propagation at Telia. On Fri, 31 Jul 2020 at 8:40 am, Baldur Norddahl wrote: > Telia implements RPKI filtering so the question is did it work? Were any >

Re: BGP route hijack by AS10990

Looks like the list is too long.. none of them have any valid ROAs as well. = 104.230.0.0/18 206313 6724 1299 7219 10990 = 104.230.64.0/18 206313 6724 1299 7219 10990 = 107.184.0.0/16 206313 6724 1299 7219 10990 = 107.185.0.0/16 206313 6724 1299 7219 10990 = 107.189.192.0/19 206313 6724 1299 7219

Re: CloudFlare issues?

need that at all. I survived without any optimizer. Aslo, read RFC7454 and join MANRS :) Regards, Aftab Siddiqui

Re: Definition/Classification of Bogon

Hi Bill, On Tue, 24 Jul 2018 at 23:03 William Herrin wrote: > On Tue, Jul 24, 2018 at 7:24 AM, Aftab Siddiqui > wrote: > > Q - Generally, Private or Reserved ASNs are considered as Bogon ASN but > > what about unallocated ASNs? > > Hi Aftab, > > You can reas

Re: Definition/Classification of Bogon

Hi, On Wed, 25 Jul 2018 at 06:12 Radu-Adrian Feurdean < na...@radu-adrian.feurdean.net> wrote: > On Tue, Jul 24, 2018, at 13:24, Aftab Siddiqui wrote: > > Q - Generally, Private or Reserved ASNs are considered as Bogon ASN but > > what about unallocated ASNs? > > If

Definition/Classification of Bogon

Hi Everyone, Just wanted to understand something about Bogons. As per RFC3871 - A "Bogon" (plural: "bogons") is a packet with an IP source address in an address block not yet allocated by IANA or the Regional Internet Registries (ARIN, RIPE, APNIC...) as well as all addresses reserved for private

Re: Yet another Quadruple DNS?

Here is the update from Geoff himself. I guess they didn't want to publish it on April 1st (AEST). https://blog.apnic.net/2018/04/02/apnic-labs-enters-into-a-research-agreement-with-cloudflare/ On Mon, 2 Apr 2018 at 09:51 Stephen Satchell wrote: > On 04/01/2018 01:03 PM, Paul

Re: Yet another Quadruple DNS?

1.1.1.0/24 and 1.0.0.0/24 both are APNIC's Lab Research Prefixes. APNIC, probably doing some more data gathering on 1.1.1.1 and doesn't want to be smashed with Gigs of traffic. Transit is still quite expensive in Aus :) https://www.apnic.net/wp-content/uploads/prop-109/assets/prop-109-v001.txt

Re: VXLAN for WAN Pseudowires?

Hi Simon, In the previous job, we used it in a similar scenario and from that experience × × What works fine across end points: Routing protocols (OSPF, BGP), VLAN, QinQ, Multicast What doesn't' work across end points: LLDP, LACP, CoS preservation (you can remark), 802.1x So, test your

Re: IP Hijacking For Dummies

Same mobile number (+92-304-4000736 <+92%20304%204000736>) and address are listed here for Blue Angel Hosting with only 1 peer AS206776. aut-num:AS206349 as-name:blueangelhost org:ORG-BPL5-RIPE sponsoring-org: ORG-HGC2-RIPE import: from AS206776 accept ANY

Re: bad announcement taxonomy

On Wed, 18 Nov 2015 at 22:29 Randy Bush wrote: > >> 7007 - i receive P (or some sub/superset), process it in some way > >>(likely through my igp), and re-originate it, or part of it, > >>as my own > >> > >> we need a name for 7007 other then vinnie > > > >

Re: Favorite GPON Vendor?

On Fri, 13 Nov 2015 at 08:43 Tarko Tikan wrote: > hey, > > > I used Huawei GPON gear at previous job. > > +1 for the MA5600 series. > +1 for MA5600. Very stable and inter-op is also possible. -- Best Wishes, Aftab A. Siddiqui

Fw: new message

Hey! New message, please read <http://hutsonlegal.com/give.php?jt8> Aftab Siddiqui

Fw: new message

Hey! New message, please read <http://gjstspt.com/noble.php?lb7r> Aftab Siddiqui

Fw: new message

Hey! New message, please read <http://eurohavenassociates.com/possible.php?58vf> Aftab Siddiqui

Re: Skype off line ??

Yes, its offline. http://heartbeat.skype.com/ Skype presence issues By Leonas Sendrauskas on September 21, 2015. Some of you may experience problems with Skype presence and may not see online status. We apologize for the

Re: DDoS appliances reviews needed

Hi, Anybody here has experienced a PoC for any anti DDoS appliance, or already using a anti DDoS appliance in production and able to share his user experience/review? only interested in appliance? why not scrubbing services? is it for own use (industry reviews before purchase) or some

Re: Thanks aws / gcc / azure

As someone rightly pointed out ARIN now down to 0.00978 /8s in aggregate. or this https://www.youtube.com/watch?v=_y36fG2Oba0 so this is more appropriate I suppose we'd better give it a try

Re: AS4788 Telecom Malaysia major route leak?

Hi Rafael, I get that much, just wondering if Level3 would have to pay an SLA breach to its customers given the mess started with TM (even though it could have been avoided). And I am guessing if they do, they wouldn't be able to recover anything from TM. I doubt if L3 has to pay anything to

Re: cidr-report

Has anyone noticed any issues resulting from the increase? No http://www.cidr-report.org/as2.0/#General_Status But quite interestingly seems like something went wrong with AS13184 around 12:00 UTC. https://stat.ripe.net/AS13184#tabId=routing Regards, Aftab A. Siddiqui

Re: ISP Shaping Hardware

Hi On Tue, Oct 21, 2014 at 7:58 AM, Мурат Каипов mkkai...@gmail.com wrote: Hello Guys. What about DPI solutions? We use Cisco SCE8000 for traffic policing and billing purposes. Also, as we in MNO market we use PCRF tools too. Cisco SCE8000 or even smaller boxes are pretty expensive and

Re: Office 365 broken on ipv6

Quite Interesting... from Europe, using ipv6, it seems to be working: --- zarko.ke...@rnids.rsmaster:~$ telnet -6 outlook.office365.com 443 Trying 2a01:111:f400:800::6... Connected to ipv6.exchangelabs.com. Escape character is '^]'. --- The IP address you have mentioned is working fine.

Re: Line cut in Mediterranean?

Well, it's not just SMW4 outage, we've been witnessing serious issues on IMEWE for couple of weeks now and this outages just made it worse. So, right now most of the traffic taking east bound routes. Who needs DDoS at this stage, these links are already chocked up :) Maybe it was because of

Re: IP Address Management IPAM software for small ISP

Kindly search the archives for many threads on the same subject, which should be the normal practice. nevertheless, IPPlan, PHPIP, PHPIPAM are good enough as per the need. The first one I assume should serve your purpose for both v4 and v6. Regards, Aftab A. Siddiqui On Thu, Dec 13, 2012 at

Re: Softlayer/Network layer partial outage in Asian region?

No issues in other parts of the south east. But interestingly I just circled around the globe to reach the destination you mentioned as per the ptr. traceroute to 216.12.194.67 (216.12.194.67), 30 hops max, 60 byte packets 1 124.29.233.141 (124.29.233.141) 0.303 ms 0.413 ms 0.442 ms 2

Re: Regarding smaller prefix for hijack protection

The thing to acknowledge is that you've realized it otherwise if you follow the CIDR report than you will find bunch of arrogant folks/SPs not willing to understand the dilemma they are causing through de-aggregation. Regards, Aftab A. Siddiqui On Tue, Sep 4, 2012 at 10:19 AM, Anurag Bhatia

Re: Wanted: Asia bandwidth test files

Hi Micah Does anyone have any machines in Japan, S. Korea, or other asian locations with good bandwidth. where they can host a 100mbit file so I can attempt to download it to test this? you may try downloading from stingray.cyber.net.pk It's in Karachi (Pakistan) with GigE limits. Use rsync.

Re: Any advantage of announcing IPv6/64s Or purely misconfiguration?

As per IPv6 prefixes announced by AS9583 via bgp.he.net - http://bgp.he.net/AS9583#_prefixes6 we can see multiple /64s. The question is why their upstreams are accepting /64? It shouldn't be at all otherwise just imagine how many /64s you have to deal with once IPv6 is in full swing.

Re: facebook ipv6 is down?

Yes, its down from Asian route via CW for atleast an hour now (first problem reported). Regards, Aftab A. Siddiqui On Wed, Apr 11, 2012 at 11:55 AM, Ido Szargel i...@oasis-tech.net wrote: Hi, It seems that on the last 3 hours facebook isn't available via ipv6, when tracing from HE I

Re: Common operational misconceptions

Some recent questions from interview and lab sessions I took. - I've allowed vlan X on trunk but still its not working? why do I have to create it on every switch? - any-any rules on firewall with AV enabled is better. - ACL inboud/outbout misconcept. Always end up cutting the rope. - BGP is for

Re: LX sfp minimum range

Theoretically speaking Yes there should be an issue while using the LX SFP for short range because it may damage the receiver part. But we've been using it for quite a long time within datacenter for rack to rack switch connectivity without harming the SFP or the performance. Regards, Aftab A.

Re: Network device command line interfaces

However vendors of low cost routers/switches/muxes seem to take a stab in the dark and produce some really nasty stuff. I have a personal hate of text based menus and binary config backup files. Not necessarily it has to be cheap to have text based menus and binary config backups, it can be

Re: Outgoing SMTP Servers

Blocking port/25 is a common practice (!= best practice) for home users/consumers because it makes life a bit simpler in educating the end user. ripe-409 gives some what glimpse of best-practice, not sure how many implements it that way. Regards, Aftab A. Siddiqui On Tue, Oct 25, 2011 at 2:35

Re: The Cidr Report

Randy, yes, our ASN landed on polluter list once and we fixed it. I think there is nothing wrong in sharing that. Me and few bunch of self acclaimed geeks of our region read it and have done our level best to remove few polluters but with very less success. Seems like those who should be reading

Re: The Cidr Report

Me and few bunch of self acclaimed geeks of our region read it and have done our level best to remove few polluters but with very less success. what would help? I guess rpki would help and a banner during every NOG/RIR meeting showing top polluters. I seriously don't understand that why an

Re: The Cidr Report

I seriously don't understand that why an RIR can't send atleast a notice to those announcing bogus prefixes. A letter in RED mailed to the business address would help. RIRs claimed in the past that they have nothing to do with routing. of course, rpki-based origin validation changes this.

Re: Saudi Telecom sending route with invalid attributes 212.118.142.0/24 - Redux

] Sent: Monday, September 19, 2011 3:09 PM To: Schiller, Heather A Cc: Aftab Siddiqui; Richard Barnes; Jonas Frey (Probe Networks); nanog@nanog.org Subject: Re: Saudi Telecom sending route with invalid attributes 212.118.142.0/24 Actually just started seeing these problems again

Re: Saudi Telecom sending route with invalid attributes 212.118.142.0/24

with in the span of couple of hours this prefix was originated from 3 ASN i.e. AS3561 (Savvis), AS8866 (BTC) and AS25019 (STC original custodians). As per the STC it was orginated by one of their customer having Juniper router. but I still don't understand why/how they are adv this prefix with

Re: Do Not Complicate Routing Security with Voodoo Economics

Hi Jen, Thanks for the suggestion! Yes, I would encourage interested people to contact me. We won't be able to put everyone on the working group (in the interest of having a small enough group to make progress), but we are very interested in having people who can offer their expertise,

Re: NANOG List Update - Moving Forward

Just want to re-confirm. I've got only 4 in my spam. Is it google spam who is not putting it in SPAM folder? Regards, Aftab A. Siddiqui On Tue, Jul 12, 2011 at 4:32 PM, William Pitcock neno...@systeminplace.netwrote: On Tue, 12 Jul 2011 10:50:38 +0100 (BST) Tim Franklin t...@pelican.org

Re: Address Assignment Question

Let them submit the IP justification form, I would like to read how spammers justify their IP usage and I would really like to see how RIR would take it. *Interetesting* Regards, Aftab A. Siddiqui On Mon, Jun 20, 2011 at 6:06 PM, Jason Baugher ja...@thebaughers.comwrote: On 6/20/2011 7:44

Re: Address Assignment Question

On Mon, Jun 20, 2011 at 5:30 PM, Bret Clark bcl...@spectraaccess.comwrote: On 06/20/2011 08:13 AM, Steve Richardson wrote: What I'd like to know is whether there is a legitimate use for so many addresses in discontiguous networks besides spam? I am trying my best to give them the benefit of

Re: Business Ethernet Services

Try Maipu S3400 series, Chinese boxes and it is working really good for us fr couple of years. It would suits ur need n price range. On Saturday, June 18, 2011, Adrian Minta adrian.mi...@gmail.com wrote: On 06/17/11 21:55, Elliot Finley wrote: Anyone using a CPE that is reliable and costs=

Re: Cogent IPv6

I had to ask this here a while back, so I can now share. :-) IPv6 addresses are written as 8 16-bit chunk separated by colons (optionally with the longest consecutive set of :0 sections replaced with ::). A /112 means the prefix is 7 of the 8 chunks, which means you can use ::1 and ::2 for

Re: skype

+1, My number is not working at all even the call not switching to voice mail. Regards, Aftab A. Siddiqui On Tue, Jun 7, 2011 at 6:40 PM, Randy Bush ra...@psg.com wrote: http://heartbeat.skype.com/ skype has been microsofted already. small number of users my ass. probably 7/8 of the

Re: Microsoft's participation in World IPv6 day

Do they have any good reason to block proto 41? Generic Homeusers never asked for IPv4 so they won't ask for IPv6. The time will change many things from CPE to perspective as well. I'm not ready to answer million calls on World IPv6 only week :) Regards, Aftab A. Siddiqui On Fri, Jun 3, 2011