Re: [routing-wg] BGP Update Report

Dear community, As an extension to this useful IPv4 report, I'd love to receive a weekly overview of what is going on in the IPv6-world. Regardless of IPv6 deployment status or traffic volume, misconfigured or unstable IPv6 networks can inflict pain on a global scale (affecting IPv4 too). The

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

Hi Bob, On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote: > This seems like a very good proper civil approach - maybe this or > something like it ARIN might help promote and endorse as a benefit to > the community ? Be nice if with the cash they did something simple > like this and got

Rob Blokzijl Dies Peacefully Aged 72

NANOG, Rob Blokzijl, one of the founding fathers of the RIPE (and by extent, internet as we know it in Europe), passed away yesterday. The links in the email below offer more insight into his life and accomplishments. Kind regards, Job - Forwarded message from Daniel Karrenberg

Re: IPv6 Cogent vs Hurricane Electric

On Tue, Dec 01, 2015 at 09:23:08PM +0200, Max Tulyev wrote: > we got an issue today that announces from Cogent don't reach Hurricane > Electric. HE support said that's a feature, not a bug. > > So we have splitted Internet again? Was there ever an adjacency between 6939 and 174 in the IPv6 DFZ?

Bogon ASN Filter Policy

aching out to impacted parties on a weekly basis. Kind regards, Job Contact persons: Job Snijders <j...@ntt.net>, Jared Mauch <jma...@us.ntt.net>, NTT Communications NOC <n...@ntt.net> References: [1]: https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00 [2]: h

Re: Bogon ASN Filter Policy

Dear Michael, On Wed, Jun 08, 2016 at 12:56:18PM +, Michael Hare wrote: > Upon examination on my view of the DFZ from AS3128 I see over 400 > upstream routes falling into this category, mostly in the 64512 - > 65534 range. Based on our flow bandwidth stats we chose to reach out > to several

Re: intra-AS messaging for route leak prevention

On Mon, Jun 06, 2016 at 11:41:52AM +, Sriram, Kotikalapudi (Fed) wrote: > I am a co-author on a route-leak detection/mitigation/prevention draft > in the IDR WG in the IETF: > https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-03 > > > Question: Are there other

Re: intra-AS messaging for route leak prevention

Hi All, On Wed, Jun 08, 2016 at 08:48:11AM -0400, Joe Provo wrote: > On Wed, Jun 08, 2016 at 11:48:36AM +, Sriram, Kotikalapudi (Fed) wrote: > > Thanks for the inputs about the inter-AS messaging and route-leak > > prevention techniques between neighboring ASes. Certainly helpful > >

Re: rfc 1812 third party address on traceroute

On Mon, May 30, 2016 at 10:03:33PM -0700, Randy Bush wrote: >.-. >| | >| B |- D > S -| A R| >| C |- (toward S) >|

Re: NANOG67 - Tipping point of community and sponsor bashing?

On Thu, Jun 16, 2016 at 03:52:02PM +0200, Nurani Nimpuno wrote: > A growing exchange point is not only a "nice-to-have" for those > operating it, but vital to those networks who peer there. If you stop > adding value to those networks peering at the IX, you will slowly > become irrelevant. I

Re: Timeouts Loading Major Websites

On Tue, Jun 21, 2016 at 06:13:10PM -0400, Christopher Morrow wrote: > "the internet is on fire" > > not as helpful a troublereport as one might want. > > please provide at least (so everyone else can verify/help/troubleshoot): > 1) from location X > 2) site Y with protocol Z (which resolves

Re: Change re ARIN RPKI Relying Party TAL access

Dear John, On Thu, Feb 04, 2016 at 08:15:29PM +, John Curran wrote: > One of the concerns raised at a previous NANOG was with respect to the > need for an RPKI relying parties to explicitly accept ARIN's relying > party agreement (RPA) - note that this has now been changed (per the > attached

Re: Dear Windstream engineers

On Fri, Jan 29, 2016 at 10:51:05PM -0600, George Skorup wrote: > Why doesn't Windstream have RTBH for their BGP customers? It cannot be > impossible to implement. vote with your wallet?

Re: The IPv6 Travesty that is Cogent's refusal to peer Hurricane Electric - and how to solve it

On Wed, Jan 27, 2016 at 09:11:59AM -0500, jimmy keffer wrote: > does ntt peer with he for ip6? You can review sites like: https://radar.qrator.net/as2914/ipv6-peerings#startDate=2015-10-10=2016-01-27=current or http://bgp.he.net/AS2914#_peers6 to get a sense of what relations

Re: mrtg alternative

On Sat, Feb 27, 2016 at 12:18:16AM +0100, Baldur Norddahl wrote: > I am currently using MRTG and RRD to make traffic graphs. I am > searching for more modern alternatives that allows the user to > dynamically zoom and scroll the timeline. > > Bonus points if the user can customize the graphs

Re: Observium

On Mon, Feb 29, 2016 at 08:07:40PM +0530, sathish kumar Ippani wrote: > This is off topic, i am posting request as i need some help in > configuring obsrvium for RANCID and traffic polling. This is indeed the wrong mailing-list. Please direct your questions to

Re: IPv6 traffic percentages?

On Thu, Jan 21, 2016 at 11:44:34PM +0900, Randy Bush wrote: > > You can configure pmacct to specify on which properties of the received > > flow data it should aggregate its output data, one could configure > > pmacct to store data using the following primitives: > > > > ($timeperiod,

Re: IPv6 traffic percentages?

On Thu, Jan 21, 2016 at 08:23:09AM +0900, Randy Bush wrote: > > We could assert that the TTL is an indication of distance traveled. > > you might hypothesize it. but the wide variance in per-hop rtt would > seem to belie that. > > > Maybe one should record the TTL and Address Family of all

Re: IPv6 traffic percentages?

On Wed, Jan 20, 2016 at 01:32:11PM +0100, nanog-...@mail.com wrote: > On Wednesday, January 20, 2016 Jared Mauch wrote: > > I currently see around 56.4:1 with the timing of peaks the same in v4 and > > v6. > So that's more in line with AMS-IX (70G/4T) than Comcast/Swisscom > then. AMS-IX: >

Re: IPv6 traffic percentages?

On Wed, Jan 20, 2016 at 11:13:41PM +0900, Randy Bush wrote: > > I propose the following axiom: the greater the distance over which a > > packet is forwarded, the less likely it is to be an IPv6 packet. > > that is a hypothesis not an axiom [...] Thanks. > but an interesting hypothesis. how do

Re: NTT Charles

On Mon, Feb 15, 2016 at 02:22:31PM +0530, Anurag Bhatia wrote: > Very interesting. For how long does the record stays? :) For about a day. Kind regards, Job

Re: Documentation on generating IOS-XR prefix and as path sets with rtconfig

On Fri, Feb 19, 2016 at 01:31:06AM +, courtneysm...@comcast.net wrote: > Can anyone point me to examples of using rtconfig to generate IOS-XR > configs? Specifically prefix and as-path sets. My Google skills are > coming up short. The man page for rtconfig does not mention IOS-XR but > it is

Re: L-Root IPv6 address renumbering

Hi David, On Wed, Mar 09, 2016 at 09:06:20PM +, David Soltero wrote: > This is advance notice that there is a scheduled change to the IPv6 > addresses in the Root Zone for the L root-server, also known as > L.ROOT-SERVERS.NET, which is administered by the ICANN. > > The current IP addresses

Re: Internet Exchanges supporting jumbo frames?

Hi Kurt, On Wed, Mar 09, 2016 at 11:26:35AM -0300, Kurt Kraut via NANOG wrote: > I'm trying to convince my local Internet Exchange location (and it is not > small, exceed 1 terabit per second on a daily basis) to adopt jumbo frames. > For IPv6 is is hassle free, Path MTU Discovery arranges the

Re: PeeringDB ?

On Tue, May 24, 2016 at 12:13:18PM +0200, Marco Paesani wrote: > Whats happened today at PeeringDB web site ? And PeeringDB is back in business! http://instituut.net/~job/screenshots/2f255c17a8aa9cb99121b448.png A post-mortem will be shared on the pdb-tech@ list later today. Kind regards, Job

Re: PeeringDB ?

Hi Marco, On Tue, May 24, 2016 at 12:13:18PM +0200, Marco Paesani wrote: > Whats happened totady at PeeringDB web site ? We ran out of peerings, but as we speak our service provider is printing new ones ;-) In all seriousness: our SP has issues with a storage array. The staff is aware and they

Re: netflow + as path = buildout decision

On Mon, Aug 15, 2016 at 10:40:40AM +0200, Randy Bush wrote: > my poor memory says that, some years back, someone announced or > mentioned an open tool which i, a small isp, could feed my netflow data > and bgp and ask if i should peer with X or build out or ... > > anyone with a more precise

Re: packet loss question

Hi Philip, I can't address your immediate concern, but I do have some hints regarding traceroute: 1/ Please review the excellent presentation from RA{T,S}: https://www.nanog.org/meetings/nanog47/presentations/Sunday/RAS_Traceroute_N47_Sun.pdf https://www.youtube.com/watch?v=a1IaRAVGPEE

Re: radb mirroring

This is a clear case of broken mirroring. Unfortunately this is not immediately apparent (for the operator) through the IRRd software. Usually this is resolved by directly contacting the other side. I've found RADB support staff to be responsive and courteous. radb-supp...@merit.edu

Re: IPv6 BGP prefix filters

On Mon, Jan 16, 2017 at 10:01:00PM +, Alistair Mackenzie wrote: > So recently I've come across an issue with a large ISP announcing a > /22 and /25 of IPv6 space. We are currently filtering <28 and >48 > which until now has worked fine for us. > > What are others using as their prefix filters

Re: IRR database for local usage

On Wed, Mar 01, 2017 at 10:49:07AM +, Nagarjun Govindraj via NANOG wrote: > Is it possible to maintian an IRR database locally for quering route > objects from various RIR's and do a regular sync like what RPKI validator > does for ROA's. IRRExplorer's database is available as json blob, if

Re: AS47860 - 93.175.240.0/20 - Wiskey Tango Foxtrot

On Fri, Oct 07, 2016 at 10:28:10AM +0100, Martin List-Petersen wrote: > On 06/10/16 16:38, Sandra Murphy wrote: > > Private reply: > > > > bgp.he.net sees it. For me. > > > > http://bgp.he.net/net/93.175.240.0/20 > > > > I don’t know why they do and you do not. > > That just means, they

Re: Zayo Extortion

Dear nanog, I'm asking the group to stay focussed on network operator topics. While I appreciate the time and effort spend on the original legal research in this thread, I fear the problem space of what defines libel or slander is too far removed from the mailing list charter as described here:

Re: AS4233852001 advertising 192.0.0.0/2?

On Mon, Sep 26, 2016 at 08:52:20AM -0400, Adam Greene wrote: > We were alerted to this by https://radar.qrator.net. > > This seems wrong from a number of angles . Maybe the alerting system was confused. I don't see this confirmed in RIPE RIS: https://stat.ripe.net/AS4233852001#tabId=routing

Re: Large BGP Communities beacon in the wild

+0200, Job Snijders wrote: > Large BGP Communities are a novel way to signal information between > networks. An example of a Large BGP Communities is: 2914:4056024901:80. > > Large BGP Communities are composed of three 4-octet integers, separated > by something like a colon. This is e

Re: Here we go again.

Hi all, Please consider our Mail List Charter and Policy: http://nanog.org/list The NANOG mailing list is established to provide a forum for the exchange of technical information and the discussion of specific implementation issues that require cooperation among network service providers. In

Re: peeringdb contact me please

Hi Erich, everyone, On Sat, Nov 19, 2016 at 02:02:15PM -0600, Kaiser, Erich wrote: > Anyone out there from PeeringDB, please contact me offlist, we are > having trouble updating our records. You can reach PeeringDB support at supp...@peeringdb.com. Feel free to CC me. Kind regards, Job

Re: list scrap by long time participant?

On Sun, Nov 20, 2016 at 12:19:35PM -0800, Scott Weeks wrote: > --- Begin forwarded message: > > Hi Ladies and Gentlemen, > > . > Contact me for further details. > - > > Did anyone get this? I hesitate to think a long time NANOG >

Large BGP Communities beacon in the wild

Dear all, Large BGP Communities are a novel way to signal information between networks. An example of a Large BGP Communities is: 2914:4056024901:80. Large BGP Communities are composed of three 4-octet integers, separated by something like a colon. This is easy to remember and accommodates

Re: Just a quick question...

Hi Eric, On Wed, Oct 12, 2016 at 06:43:18PM -0400, Eric Tykwinski wrote: > IPv4 routes did a quick bounce to 600,949 around 9:30AM EST, than went > back down to 599,241 shortly after. Seemed like a big jump so I setup > an alert, just wondering if anyone else noticed anything, I’m not > overly

Re: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

Dear Alexandru, > > > MACs that didnt make it through the switch when running 4.12.3.1: > > > > > > 4*:**:**:**:**:** > > > 6*:**:**:**:**:** > > > *4:**:**:**:**:** > > > *6:**:**:**:**:** > > > **:**:*B:**:6*:** > > > **:**:*F:**:4*:** > > > > Can anyone explain the last

Re: Prepending with another ASN you don't own

Hi Andrew, On Thu, Dec 15, 2016 at 01:54:34PM -0500, Andrew Imeson wrote: > Is it acceptable to prepend using another networks ASN as long as your > ASN is the last one in the path? I can think of a few scenarios where > this is helpful. Your milage may vary. You risk introducing breakage

Re: Soliciting your opinions on Internet routing: A survey on BGP convergence

On Tue, Jan 10, 2017 at 03:51:04AM +0100, Baldur Norddahl wrote: > If a transit link goes, for example because we had to reboot a router, > traffic is supposed to reroute to the remaining transit links. > Internally our network handles this fairly fast for egress traffic. > > However the problem

Re: Looking for some Quagga experience to discuss 32 bit ASN + community issue with

On Fri, Dec 02, 2016 at 09:00:57AM +, Nick Hilliard wrote: > Eric Germann wrote: > > Basically trying to advertise 4 byte ASN’s + communities, and then > > pick them off elsewhere in a private network. Can’t get the config > > right for the route map to import them on the “receiving” side. >

Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

Hi all, Ever since the IEEE started allocating OUIs (MAC address ranges) in a randomly distributed fashion rather then sequentially, the operator community has suffered enormously. Time after time issues pop up related to MAC addresses that start with a 4 or a 6. I believe IEEE changed their

Re: Looking for some Quagga experience to discuss 32 bit ASN + community issue with

On Fri, Dec 02, 2016 at 09:13:25AM -0800, Eric Germann wrote: > So from reading the draft, if I’m understanding it correctly, I should > be able (with the patch) to encode the 32 bit ASN + a community in to > this as > > as32:x:y > > Is that correct? yes. I recommend you take a look at

Re: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

On Fri, Dec 02, 2016 at 09:32:37AM -0800, Leo Bicknell wrote: > I also do not think this is an IEEE/MAC assignement problem. This is a > vendor's box can't forward a particular payload problem. On Fri, Dec 02, 2016 at 04:59:37PM +, Nick Hilliard wrote: > Job Snijders wrote: >

Re: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

ibilities. Big thank you to Richard van Looijen (Flowmailer) for finding this issue, Edwin Kalle (2hip) for pointing us at this thread, and Job Snijders, his email which prompted us to investigate the intermediate switches. Kind regards, Robert

Re: NTT Taipei 3 data center address?

On Tue, Dec 20, 2016 at 02:15:31PM +, Rivera, Alberto wrote: > I am searching for NTT Taipei 3 data center address. Do you have it by > any chance? I'll ping you off-list. Kind regards, Job

Re: ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

171 also seems affected. Job On Fri, 17 Mar 2017 at 10:54, Stephane Bortzmeyer wrote: > On Fri, Mar 17, 2017 at 12:03:58PM +0300, > Eygene Ryabinkin wrote > a message of 71 lines which said: > > > Seems like the other /16 from 144.in-addr.arpa are

Re: AS9498 Bharti BGP hijacks

Hi all, Perhaps another explanation is that these are router2router linknets between the involved parties, and all we are seeing is the effect of "redistribute connected". If this is the case, the word "hijack" might be somewhat strong worded. Kind regards, Job On Sat, 1 Apr 2017 at 23:25,

Re: Facebook more specific via Level3 ?

On Sun, Apr 16, 2017 at 04:20:20PM +0300, Max Tulyev wrote: > got the same from Kiev, Ukraine: > > dig fbcdn.com > fbcdn.com.300 IN A 31.13.74.1 > which is slow and routed through USA > > and > dig fbcdn.com @8.8.8.8 > fbcdn.com.299 IN A

Re: Amazon EU-West 1 trouble

On Sun, Apr 23, 2017 at 12:52:08PM +0200, Baldur Norddahl wrote: > We are currently experiencing massive packet loss from Amazon EU-West 1. > This page http://ec2-reachability.amazonaws.com/ will show most of eu-west-1 > as down but actually it is packet loss of 90+ %. > > I have found that if I

Re: google ipv6 routes via cogent

On Fri, Mar 03, 2017 at 09:42:04AM -0500, Patrick W. Gilmore wrote: > On Mar 3, 2017, at 7:00 AM, Nick Hilliard wrote: > > Niels Bakker wrote: > >> As I explained in the rest of my email that you conveniently didn't > >> quote, it's so that you can selectively import routes from

Re: IPv6 doc. prefix (2001:db8::/32) - APNIC object ?

Hi. On Mon, Mar 6, 2017 at 5:03 PM, Alarig Le Lay wrote: > On lun. 6 mars 10:55:18 2017, Brandon Applegate wrote: >> Just did a whois on the documentation prefix and was surprised to see what >> looks like a user object registered for it: >> >> % Information related to

Re: IPv6 doc. prefix (2001:db8::/32) - APNIC object ?

Hi, On Mon, Mar 6, 2017 at 4:55 PM, Brandon Applegate wrote: > Just did a whois on the documentation prefix and was surprised to see what > looks like a user object registered for it: > > % Information related to '2001:0DB8::/32AS132111' > > route6: 2001:0DB8::/32 >

Re: Multicom Hijacks: Do you peer with these turkeys (AS35916)?

Dear Ronald, Thanks for your report, we'll investigate. Kind regards, Job

Re: Point 2 point IPs between ASes

On Wed, Jun 28, 2017 at 11:09:25PM +0200, Thomas Bellman wrote: > On 2017-06-28 17:03, William Herrin wrote: > > The common recommendations for IPv6 point to point interface numbering are: > > > > /64 > > /124 > > /126 > > /127 > > I thought the only allowed subnet prefix lengths for IPv6 were

RFC 8195 "Use of Large Communities"

Dear all, RFC 8195 "Use of BGP Large Communities" was just now published: https://tools.ietf.org/html/rfc8195 RFC 8195 presents examples and inspiration for the operational application of Large Communities. The document suggests logical categories of Large Communities and demonstrates

EdgeRouter Infinity as medium-sized "IXP Peering Router"?

Dear NANOG, Some friends of mine are operating a nonprofit (on shoe string) and looking to connect some CDN caches to an IX fabric. A BGP speaking device is needed between the caches and the BGP peers connected to the fabric. The BGP speaker is needed to present the peers on the IX with a unified

Heads-up: RFC 8212 on default EBGP route handling behavior

Dear NANOG, After a bit of tug-of-war common sense prevailed and RFC 8212 "External BGP (EBGP) Route Propagation Behavior without Policies" was published: https://tools.ietf.org/html/rfc8212 This industry has a long history of improving default behavior: DEC MOP is no longer enabled by default,

Re: Point 2 point IPs between ASes

On Tue, 27 Jun 2017 at 22:29, Krunal Shah wrote: > Hello, > > What subnet mask you are people using for point to point IPs between two > ASes? Specially with IPv6, We have a transit provider who wants us to use > /64 which does not make sense for this purpose. isn’t it

Re: ipv6 accepted & announcement size upto /48 or longer than /48 ?

On Thu, Apr 27, 2017 at 09:30:48AM -0700, Seth Mattinen wrote: > On 4/27/17 06:47, root wrote: > > > > Am i right ? > > > > Policy for ipv4 accept and send upto /24 > > Policy for ipv6 accept and send upto /48 > > > >

Re: Contact at Orange?

Hi Anne, You aren't very specific about what you are looking for. Orange has many business units and subsidiaries. Are you looking for sales contacts or investor relations? Kind regards, Job ps. Do you think it's possible to make your footer somewhat longer? It doesn't quite yet fill a 28"

Re: Templating/automating configuration

Hi Graham, The talk was giving in context of motivating people to start with network automation and help them go from 'no automation' to a step further 'some automation'. On Wed, Jun 14, 2017 at 07:50:05PM +, Graham Johnston wrote: > Would you be able to provide any further insight into your

Re: Templating/automating configuration

On Wed, Jun 14, 2017 at 09:35:59PM +0100, Nick Hilliard wrote: > Graham Johnston wrote: > > Would you be able to provide any further insight into your Don’t #5 – > > “Don’t agree to change management. Managers are rarely engineers and > > should not be making technical decisions. (nor should

Re: Financial services BGP hijack last week?

On Tue, May 02, 2017 at 08:29:32AM +0100, Nikos Leontsinis wrote: > it only proves the need for wider RPKI adoption How can we actually encourage RPKI adoption? Kind regards, Job

Re: Need recommendation on an affordable internet edge router

What have you compared so far yourself? Job On Thu, 4 May 2017 at 22:40, c b wrote: > We have a number of internet edge routers across several data centers > approaching EOL/EOS, and are budgeting for replacements. Like most > enterprises, we have been Cisco-centric in

Re: Templating/automating configuration

Hi, Here are some extra pointers: https://youtube.com/watch?v=C7pkab8n7ys https://www.nanog.org/sites/default/files/dosdontsnetworkautomation.pdf https://github.com/coloclue/kees Kind regards, Job On Tue, 6 Jun 2017 at 13:49, Brian Knight wrote: > Because we had

Re: Find carriers that peer in two IX's

On Fri, Sep 15, 2017 at 11:25:10AM -0400, Dovid Bender wrote: > Does anyone know of a tool like PeeringDB where I can select two exchanges > say TELX 60 Hudson and then SIX (Seattle IX) and find all carriers that > have a presence in both locations? a bit hacky ;-) Vurt:~ job$ comm -1 -2 <(curl

Sideloading RFC 8212 on Junos

Dear all, Adam Chappell created an interesting shim to improve the default behaviour related to EBGP Internet routing on Juniper Junos. https://twitter.com/packetsource/status/910219911150080007 SLAX script here: https://github.com/packetsource/rfc8212-junos Props to both Adam for creating the

Re: IOS new versions and network load

On Mon, Sep 18, 2017 at 12:48:45AM -0400, Christopher Morrow wrote: > On Sun, Sep 17, 2017 at 11:05 PM, JASON BOTHE wrote: > > My best experience with Apple has been directly peering with them. > > Definitely handles the update issue without putting strain on transit > > links.

Re: Gonna be a long day for anybody with CPE that does WPA2..

Dear all, Website with logo: https://www.krackattacks.com/ Paper with background info: https://papers.mathyvanhoef.com/ccs2017.pdf Kind regards, Job

Re: AS PATH limits

Has anyone tried calling them? Kind regards, Job On Fri, 13 Oct 2017 at 23:03, Ken Chase wrote: > It is happening AGAIN. > > And of course it started on a friday aft 15 min before quittin' time in > EDT: > > Last time it was 186.177.184.0/23 0 174 262206 262206 262197

Re: Getting an RADB entry removed that was added by a previous peer

On Wed, 13 Sep 2017 at 13:08, Matthew Huff wrote: > It appears that Reliance Globalcom (AS6157) added an RADB entry for our > prefix (129.77.0.0/16) when we were a peer of theirs years ago, and it > was never removed when we ended the relationship. We are ASN 14607. > > I've

Re: IPv6 Loopback/Point-to-Point address allocation

Hi, On Sun, Sep 10, 2017 at 11:53:20AM +0200, Enno Rey wrote: > On Sun, Sep 10, 2017 at 10:47:05AM +0100, Nick Hilliard wrote: > > Baldur Norddahl wrote: > > > Loopback interfaces should be configured as /128. How you allocate these > > > do > > > not matter. > > > > ..so long as there are

Re: Settle Free Peering - Default Route Abuse Monitoring

Dear Raymond, On Sun, 24 Sep 2017 at 21:33, Raymond Beaudoin < raymond.beaud...@icarustech.com> wrote: > How is this monitored and tracked? Are ACLs applied to help enforce this > (seems to be limited at scale)? Flow export and alarming? Analytics and > anomalous behavior detection? Common

Re: Regex expression

Hi Craig, You are probably best off by reaching out to the Juniper NSP mailing list at https://puck.nether.net/mailman/listinfo/juniper-nsp Kind regards, Job On Mon, Sep 25, 2017 at 3:31 PM, craig washington < craigwashingto...@hotmail.com> wrote: > Hello all, not sure if this is the right

Re: Long BGP AS paths

On Sat, 30 Sep 2017 at 15:33, William Herrin wrote: > To the chucklehead who started announcing a 2200+ byte AS path yesterday > around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga > that's present in all versions released in the last decade. Your >

Re: Peering at public exchange authentication

Hi Craig, It may be simplest to use GTSM https://tools.ietf.org/html/rfc5082 Kind regards, Job On Fri, Sep 29, 2017 at 10:41 AM, craig washington wrote: > Hello all, > > > Wondering your views or common practices for using authentication via BGP at > public

zayo / AS 6461 maximum prefix limit

Hi all, It appears one of our fellow network operators ran into some issues earlier today, probably due to the turn-up of a some new circuits for customers. In order to expedite the restoration I'm sharing the below information. I recommend any peering partners that saw BGP sessions go down with

Re: Verizon 701 Route leak?

On Mon, Aug 28, 2017 at 03:48:44PM +, someone wrote: > Damn you Google.. yup. I am not sure it is fair to say "damn you Google", because accidents happen (be it through human error or software defects). All of us have entered commands at some point and subsequently

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

Dear Jörg, On Thu, Aug 31, 2017 at 12:50:58PM +0200, Jörg Kost wrote: > but isn't peer A prefix-out a synonym for peer B prefix-in, that will > lead to the same result, e.g. a BGP teardown? > > I just feel that this will add another factor, that people will not > use or abuse: neigh $x max-out

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

On Sat, 2 Sep 2017 at 05:41, Randy Bush wrote: > >>> i have 142 largish bgp customers, a large enough number that the number > >>> of prefixes i receive from them varies annoyingly. how do i reasonably > >>> automate setting of my outbound prefix limit? > >> > >> First, it seems

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

On Sat, Sep 02, 2017 at 04:27:03PM +0900, Randy Bush wrote: > > I am not sure what the issue here is. If I can tell my peering > > partner a recommended maximum prefix value for them to set on their > > side, surely I can configure that same value on my side as the upper > > outbound limit. > >

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

On Sat, Sep 02, 2017 at 12:08:41PM -0400, Christopher Morrow wrote: > > I think you'll find that some of your peers will make an educated > > guess and set an inbound limit anyway. Actively requesting that no > > limit is applied may make one part of a fringe minority. > > This is a quick survey

Re: Cogent BCP-38

On Tue, Aug 29, 2017 at 08:41:12AM -0400, Robert Blayzor wrote: > > On 29 August 2017 at 03:38, Robert Blayzor wrote: > > > >> Well not completely useless. BCP will still drop BOGONs at the edge > >> before they leak into your network. > > > > Assuming you don't use them

Re: Validating possible BGP MITM attack

Hi Andy, It smells like someone in 38478 or 131477 is using Noction or some other BGP "optimizer" that injects hijacks for the purpose of traffic engineering. :-( Kind regards, Job On Thu, 31 Aug 2017 at 19:38, Andy Litzinger wrote: > Hello, > we use

BGP Optimizers (Was: Validating possible BGP MITM attack)

Dear all, disclaimer: [ The following is targetted at the context where a BGP optimizer generates BGP announcement that are ordinarily not seen in the Default-Free Zone. The OP indicated they announce a /23, and were unpleasantly surprised to see two unauthorized announcements

Re: AS-Path - ORF Draft

On Mon, Oct 23, 2017 at 08:35:42AM +0200, Job Snijders wrote: > > or it could compare each additional prefix received to already learned > > prefixes and decide to drop one to make room for the new one. For > > example you could drop the most specific routes before less s

Re: AS-Path - ORF Draft

On Mon, Oct 23, 2017 at 07:53:03AM -0500, Mike Hammett wrote: > Should I assume that invigorating traction for a 17 year old draft is > rather difficult? John Heasley told me that a fundamental difficulty here is that not every implementation uses the same style/type of regular expressions.

aggregate6 - a fast versatile prefix list compressor

Dear NANOG, I re-implemented the venerable 'aggregate' tool (by Joe Abley & co) in python under the name of 'aggregate6'. The 'aggregate6' tool is faster and also has IPv6 support. https://github.com/job/aggregate6 Installation is can be done through 'pip', or your operating system's

Re: aggregate6 - a fast versatile prefix list compressor

Someone suggested I should clarify what 'aggregate6' actually does :-) aggregate6 takes a list of IPv4 and/or IPv6 prefixes in conventional format, and performs two optimisations to attempt to reduce the length of the prefix list. The first optimisation is to remove any supplied prefixes which

Re: Arista Layer3

On Thu, Nov 30, 2017 at 10:38:53PM +, Nick Hilliard wrote: > Jared Mauch wrote: > > Lots of folks also use MikroTik as well if the traffic is in the 1G > > range or so. > > mikrotik support for ipv6 is still dodgy: recursive next-hop is not > supported in bgp/ipv6: > >

Re: aggregate6 - a fast versatile prefix list compressor

On Fri, Dec 01, 2017 at 09:09:38PM +1100, Julien Goodwin wrote: > Will it catch cases like: > 10.0.0.0/24 10.0.1.0/24 10.0.2.0/23 -> 10.0.0.0/22 Yes it does! hanna:~ job$ echo 10.0.0.0/24 10.0.1.0/24 10.0.2.0/23 | aggregate6 10.0.0.0/22 hanna:~ job$ Kind regards, Job

Re: aggregate6 - a fast versatile prefix list compressor

On Fri, Dec 01, 2017 at 12:35:13PM -0500, Aliaksei Sheshka wrote: > On Thu, Nov 30, 2017 at 3:07 PM, Job Snijders <j...@ntt.net> wrote: > > I re-implemented the venerable 'aggregate' tool (by Joe Abley & co) > > in python under the name of 'aggregate6'. The 'aggregate6' to

What to do about BGP Hijacks

Some carriers view measures to improve routing security as a hinderance rather than as a safeguard to enable business. The BGP protocol itself has no inherent safety mechanisms, so the network operator has to ensure adequate layers of protection are implemented on the boundary between their own

a new source for authoritative routing data: ARIN WHOIS

Dear NANOG, I'd like to share an update on some routing security activities that ARIN, NTT Communications, YYCIX (Calgary Internet Exchange), the NLNOG Foundation, and the arouteserver project have been collaborating on. Quite some puzzles pieces were brought together! :) Traditionally, there

Re: Issues with 4-octet BGP AS and Akamai?

Hi, What prefix and ASN is this about? Are you sure you are advertising from an AS4 capable router? Do you see the expected 4-byte ASN as origin in a aggregator looking glass like http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=www.nlnog.net ? Kind regards, Job

Re: Issues with 4-octet BGP AS and Akamai?

Hi James, On Wed, Nov 15, 2017 at 1:40 AM, james machado wrote: > I don't see a routing database object for your routes pointing too your > AS394666 /24's, I only see one for AS12 for the /23 and /24's. It is > possible (and probable) you are being filtered due to that.

<    1   2   3   4   5   >