Re: uPRF strict more

On 9/29/21 11:12, Nick Hilliard wrote: urpf has its place if your network config build processes aren't automated to the point that it's no longer necessary.  It would be a net security loss to the internet not to have it widely implemented on access devices. As little as 12 months

Re: uPRF strict more

On 9/29/21 08:03, Saku Ytti wrote: Vast majority of access ports are stubby, with no multihoming or redundancy. And uRPF strict is indeed used often here, but answer very rarely if ever applies for non-stubby port. Having said that, I'm not convinced anyone should use uRPF at all. Because

Re: uPRF strict more

On 9/29/21 02:47, Randy Bush wrote: do folk use uPRF strict mode? i always worried about the multi-homed customer sending packets out the other way which loop back to me; see RFC 8704 §2.2 We do loose-mode for BGP customers, regardless of whether they are single- or multi-homed. We do

Fwd: [safnog] Reminder: SAFNOG-6 Virtual Conference

FYI. Mark. Forwarded Message Subject:[safnog] Reminder: SAFNOG-6 Virtual Conference Date: Mon, 20 Sep 2021 16:23:37 +0200 From: SAFNOG Conference To: saf...@lists.safnog.org Hello Everyone, SAFNOG-6 Virtual Conference is just one week away! This is a

Re: (Free)RADIUS Front-End

On 9/20/21 02:16, Philip Loenneker wrote: Splynx is a commercial product designed to be an entire package for running an ISP, including billing etc. It uses FreeRadius in the backend which chains into their own RADIUS system. Integration for MikroTik routers is very extensive, but we have

Re: (Free)RADIUS Front-End

On 9/17/21 23:20, Seun Ojedeji wrote: Hi Mark, DMA Radius manager[1] runs freeradius in its backend and it does have nice frontend controls with lots of plug and play options. Regards [1] https://dmasoftlab.com/ Thanks, Seun. This looks very good. Mark.

Re: (Free)RADIUS Front-End

On 9/17/21 19:36, Phil Lavin wrote: It’s a very large hammer for the small nut you have to crack, but Zentyal (https://zentyal.com/community/ ) is worth a look. It’s a complete Linux OS that aims to provide a compatible alternative to MS Active Directory.

Re: (Free)RADIUS Front-End

On 9/17/21 19:26, Tyler Conrad wrote: +1 for Packetfence, was just typing up a reply about it. I've used it for both standard dot1x as well as guest wired/wireless. Thanks, Tyler. My use-case is really for broadband subscriber management. Let me ping them and see what we can work out.

Re: (Free)RADIUS Front-End

On 9/17/21 19:25, Neil Hanlon wrote: and I need more coffee... PacketFenCe *sigh* https://www.packetfence.org/ Thanks, Neil. Let me reach out. Mark.

(Free)RADIUS Front-End

Hi all. I haven't been in the space in yonks, but I'm having to look into it for an acquisition. What's the latest on front-end panels for RADIUS, specifically, FreeRADIUS? I fumbled around with Daloradius some years back, but mainly to manage some pfSense captive portals for guest wi-fi

(Free)RADIUS Front-End

Hi all. I haven't been in the space in yonks, but I'm having to look into it for an acquisition. What's the latest on front-end panels for RADIUS, specifically, FreeRADIUS? I fumbled around with Daloradius some years back, but mainly to manage some pfSense captive portals for guest wi-fi

Re: IPv6 woes - RFC

On 9/13/21 02:16, Michael Thomas wrote: But it's hardly uniform across the industry. This is a classic reverse-tragedy of the commons. The problem is it's uniform in the corners that contain scale and the money to make a difference at vendor-land. 7 million mom & pop ISP's vs. 10

Re: IPv6 woes - RFC

On 9/13/21 01:00, Michael Thomas wrote: If vendors actually cared they could make the CGNAT's and other hacks ridiculously buggy and really expensive to deploy and maintain. I doubt many vendors were chomping at the bit to support CGNAT and are probably wondering what fresh hell is next

Re: IPv6 woes - RFC

On 9/8/21 10:49, Brandon Butterworth wrote: This was discussed as a follow up to World IPv6 day. We'd be 10 years closer by now if we had done it then. The sooner we start the sooner we can finish, I was in favour of it then and remain so. End of. Mark.

Re: IPv6 woes - RFC

On 9/8/21 09:40, Etienne-Victor Depasquale wrote: Membership fees can be painful, that's for sure. They do have positive aspects, though :) I encourage other operators (especially the "major" ones - but really, everyone) to seriously consider supporting this idea, and begin to circulate,

Re: IPv6 woes - RFC

On 9/8/21 09:35, Etienne-Victor Depasquale wrote: If the Telecom Infra Project is a good indicator of what operators can achieve by uniting, then you're on a good trajectory. Without the membership fees, of course :-). Mark.

Re: IPv6 woes - RFC

On 9/8/21 09:30, Saku Ytti wrote: I have no idea, I'll ask our VP if we'd entertain such a contract and if so what type of terms. That would be great! Consider our side in full support, already, as I usually have positive outcomes with my management on these sorts of things. SEACOM would

Re: IPv6 woes - RFC

On 9/8/21 08:50, Saku Ytti wrote: Fully agreed, I just don't see the driver. But I can imagine a different timeline where in 2000 several tier1 signed mutual binding contracts to drop IPv4 at the edge in 2020. And no one opposed, because 20 years before was 1980, and 20 years in the future

Re: if not v6, what?

On 9/7/21 17:25, Eric Kuhnke wrote: The vast majority of LTE based last mile users in developing nation environments (where maybe less than 5% of people have residential wireline broadband to their residence) are already behind a cgnat. Our mobile carriers in Africa, for example, will

Re: IPv6 woes - RFC

On 9/7/21 02:56, Randy Bush wrote: this amazing thread is so new, fresh, and enlightening. why has no one brought these facts and ideas up before? just wow! Have no fear, it will refresh automatically in 2 years, again. Mark.

Re: IPv6 woes - RFC

On 9/5/21 18:22, Bjørn Mork wrote: I believe this is slowly sinking in among the technology evangelists and geeks who managed to drive the half-assed dual-stack transition a decade or two ago. No one will argue for dual-stack anymore. So where does that put us in a decade or two? Which

Re: IPv6 woes - RFC

On 9/5/21 17:43, Brian Knight wrote: $DAYJOB (at a business SP) is much busier installing more VPNs in the form of SDWAN than anything IPv6 related.  There is a hell of a lot more customer demand for tools that route packets with finer control than just dest-based routing, not to mention

Re: IPv6 woes - RFC

On 9/5/21 06:44, Aaron C. de Bruyn wrote: Counting all the profit they make from a captive audience with no competition? ;) Well, with no more IPv4 to route and no IPv6 to deliver, those profits won't be lasting many more years. Mark.

Re: IPv6 woes - RFC

On 9/5/21 04:49, John Levine wrote: Well, some of us are. I have a choice of an excellent local fiber ISP that does not offer IPv6 or Spectrum cable which is generally awful but does have v6. So I use a tunnel. I have asked my ISP about IPv6 and their answer is that that they're not

Re: The great Netflix vpn debacle! (geofeeds)

On 9/3/21 17:29, Etienne-Victor Depasquale wrote: I've been mulling over the use of an interactive whiteboard - not just for the "screen real estate", as you so correctly put it, but also to save my doodles. It beats hogging whiteboards. Has anyone tried this? You mean like this one he is

Re: The great Netflix vpn debacle! (geofeeds)

On 9/3/21 17:07, Stephen Satchell wrote: Size matters, too.  For example, I have a 54" screen.  My record is twelve open (tiled) code windows.  Usually, I have three or four code windows and a LibreWriter window with the specifiations and requirements. Okay  - "screen real estate" :-).

Re: The great Netflix vpn debacle! (geofeeds)

On 9/2/21 17:46, Michael Thomas wrote: Haha I'm not a network engineer, much more of a software engineer with lots of networking. the ability to get three browser windows up side by side is really nice for writing and testing code. There's probably more of a market out there then they

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 9/2/21 09:33, Mel Beckman wrote: Here’s a nice article on the code issue, which is nationwide in the US (it’s part of the NEC). It speaks specifically about the generator requirements: https://temperaturemaster.com/furnaces-hardwired-what-you-need-to-know/

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 9/2/21 02:16, Eric Germann via NANOG wrote: 15kW is 15kVA (not 1.5 kVA) at a power factor of 1.0, if the heat is all resistive. Right! Even at a 0.8pf, 15kW is not 1.5kVA. I just didn't have the energy to get into it with him. Mark.

Re: An update on the AfriNIC situation

On 9/1/21 13:21, Tom Beecher wrote: There are enough challenges with the internet in Africa to work through already. We shouldn't encourage more difficulties by endorsing strongarm tactics that prevent issues from being properly adjudicated in courts. One would think... There are many

Re: An update on the AfriNIC situation

On 9/1/21 00:56, Owen DeLong via NANOG wrote: Not to put too fine a point on this, but what human cost? There were exactly 3 employees that AFRINIC wasn’t able to pay in July, including the CEO (who is one of the major protagonists in creating this problem in the first place). I don’t

Re: An update on the AfriNIC situation

On 8/31/21 22:55, Sabri Berisha wrote: I regret the true human cost that Mark pointed out, yet I am fascinated by the case and the arguments on both sides. The court will have their work cut out for them. The human cost has nothing to do with the wording of allocation language. That was

Re: An update on the AfriNIC situation

On 8/31/21 22:37, Rubens Kuhl wrote: I can try helping with that: in underserved regions it's not unusual for network services for that population to be physically hosted out of the region. For instance, if you have a hosting service that only accepts South African rands and your language

Re: An update on the AfriNIC situation

On 8/31/21 22:28, Sabri Berisha wrote: It's easy to argue that CI is in full compliance with that since their assignment supports connectivity between users in Africa and their clients' services. In that case, only IP space used outside of Africa not advertised to the internet would be in

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/31/21 18:32, Jay Hennigan wrote: More likely a forced-air gas furnace with an electric blower. An electric furnace would be a heavy lift for a portable generator. Yes, this was my thinking, until Mel clarified. Mark.

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/31/21 17:07, Warren Kumari wrote: Depending on what you mean by furnace -- in some places, the term is used to cover basically any permanent (usually non-wood) heater. We have something like this in a holiday/weekend property:

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/31/21 16:41, Mel Beckman wrote: But you said “Gas-fired furnaces or heaters should not have an impact because the only electrical requirement is to fire up the pilot light.” There is no gas-fired furnace I know of that doesn’t require a blower fan. How else does the heat get out of

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/31/21 16:06, Mel Beckman wrote: I think you’re forgetting about the all-important blower fan in a gas-fired furnace. Well, I was referring to a pure electric furnace, not one that uses a blower over a gas-fired one :-). In that case, the blower is not a major draw on power. But

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/31/21 12:26, Forrest Christian (List Account) wrote: Yes.   Or any other furnace where the electricity is only used for circulation of the heat.  Gas fired Hot water furnaces would be another example where there is minimal electricity used to run the furnace controls and circulate the

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/31/21 11:11, Forrest Christian (List Account) wrote: I just wish the electrical code would permit or require certain low cost things which make temporary generator connections more likely to be safe. For example, code requires most furnaces to be hardwired.  But a furnace is one of

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/31/21 07:37, John van Oppen wrote: I told my wife that she is my critical load as such I like to treat our place like a datacenter. House wide UPS for all lights and all bedroom and office outlets, large generator system, ATS and lots of fuel. Last time I was at a nanog and the

Re: An update on the AfriNIC situation

On 8/31/21 07:22, Owen DeLong wrote: Yes… AFRINIC’s actions of late are so illogical that when it comes to predicting them, all I can do is guess. And suing them for US$1.8 billion + garnishing US$50 million is significantly more logical. Got it. Mark.

Re: An update on the AfriNIC situation

On 8/31/21 07:16, Owen DeLong wrote: I guess that depends on whether or not AFRINIC is willing to engage in a reasonable settlement effort within the next 2 months or not. I guess we’ll see what they do. Lots of guessing... Mark.

Re: An update on the AfriNIC situation

On 8/31/21 04:42, Tom Beecher wrote: It strikes me that ( without pointing at anyone in particular ) that there's a bit of absolutism trending in this conversation. It's possible for many things in this list to be true. - It's possible that AFRINIC may have been following it's policies

Re: An update on the AfriNIC situation

On 8/31/21 01:29, Owen DeLong via NANOG wrote: Um, Mike, no… That’s neither a fair nor accurate characterization of the current situation. AFRINIC has been given access to the equivalent of two months of operating costs from their bank accounts in a recent court ruling, so they are nowhere

Re: An update on the AfriNIC situation

On 8/31/21 01:19, Nathan Angelacos wrote: Amen. Sucks to be moral. But at the end of the day, you have to go to sleep and say I did what was moral. To me, that is NANOG. Yep, easy to say when these "morals" are not threatening you and your family. Mark.

Re: An update on the AfriNIC situation

On 8/31/21 01:08, Owen DeLong wrote: Just as I would fight for the rights of those I disagree with to express their views in the US under the first amendment rights granted by the US Constitution. I fail to see how the U.S. Constitution is an applicable example for what CI are doing in

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/30/21 21:20, Mel Beckman wrote: I’ve had this scenario play out several times: Gotta love the Internet - we are all experts :-). Mark.

Re: Reminder: Never connect a generator to home wiring without transfer switch

I was catching 5 minutes of CNN earlier this morning down here, and Gov. Edwards (LA) was appealing to folk running generators to make sure they don't die from smoke inhalation, due to using them inside the house so as to keep them away from water. Apparently, many have died post-storm due to

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/30/21 22:13, Lamar Owen wrote: I have some friends who work for the local electric cooperative, and all of them have backfeed stories.  Around here, which is very rural, it's not at all uncommon to have a single house isolated on a distribution spur; nor is it at all uncommon for

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/30/21 18:19, Chris Cariffe wrote: That's a ground loop, you want to avoid that. Yes, that... Mark.

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/30/21 18:20, Herb L wrote: https://www.csemag.com/articles/grounding-points-single-or-multi/ Even they conclude that multiple grounding points should all converge at the main single point. Grounding is probably the most misunderstood element of electricity. In cases where earth

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/30/21 17:59, Aaron C. de Bruyn via NANOG wrote: Would you care to educate me on this? If you ground the phases on both sides of the work-site, how are you going to end up being a better path to ground? I'm not sure if it applies to work sites for linesmen, but my limited

Re: An update on the AfriNIC situation

r other participants are prohibited. Valerie Wittkop Program Director vwitt...@nanog.org <mailto:vwitt...@nanog.org> | +1 734-730-0225 (mobile) | www.nanog.org <http://www.nanog.org/> NANOG | 305 E. Eisenhower Pkwy, Suite 100 | Ann Arbor, MI 48108, USA ASN 19230 On Aug 30, 2021, at

Re: An update on the AfriNIC situation

r other participants are prohibited. Valerie Wittkop Program Director vwitt...@nanog.org <mailto:vwitt...@nanog.org> | +1 734-730-0225 (mobile) | www.nanog.org <http://www.nanog.org/> NANOG | 305 E. Eisenhower Pkwy, Suite 100 | Ann Arbor, MI 48108, USA ASN 19230 On Aug 30, 2021, at

Re: An update on the AfriNIC situation

On 8/30/21 16:19, Owen DeLong via NANOG wrote: You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy. And yet you continue to work for and support him in this capacity. But hey, you have to eat.

Re: An update on the AfriNIC situation

On 8/30/21 16:19, Owen DeLong via NANOG wrote: This is neither a fair nor accurate portrayal of the situation. Further, by acting as it had, AFRINIC was the one which tried to suffocate CI first. Yeah... look ma, he started it... You may not like Lu and/or his business model. I’m not a

Re: An update on the AfriNIC situation

On 8/30/21 08:39, Owen DeLong via NANOG wrote: As such, I think vigilante action and/or trying this case here on NANOG is probably not the best idea. Nor is jeopardizing, and probably ruining, the livelihoods of people who have families at home to feed, in a time when jobs are scarce and

Re: An update on the AfriNIC situation

On 8/29/21 19:03, Jay Hennigan wrote: Technically, four plus six Bigger, is better. Mark.

Re: An update on the AfriNIC situation

On 8/29/21 09:33, Mike Hale wrote: I feel like some IP troll literally being able to shutter a regional registrar as part of a lawsuit should be a much bigger deal on this group... Did you know... Africa runs IPv10... Mark.

Re: An update on the AfriNIC situation

On 8/28/21 20:10, Jay Hennigan wrote: All it would take is for one 800-pound gorilla to do so. Cloud Innovations would implode should Google, Microsoft, or Amazon drop all traffic from those blocks. This! CI are pushing their case relying on the rest of the Internet community to keep

Re: An update on the AfriNIC situation

On 8/27/21 22:07, Bryan Fields wrote: People, can we at least quote properly?  I can't follow this at all. I wish ARIN would stay out of this, it's not something that affects the ARIN region, and nothing said in this statement seems to refute any of the allegations against AFRINIC.  What

Re: An update on the AfriNIC situation

On 8/27/21 18:18, Aaron Wendel wrote: I suppose people who wanted to take a side could also block traffic to and from Cloud Innovations IP blocks. Oddly, I recommended to a friend (one who promotes competitors do the wrong thing, hehe) that sending CI routes to /dev/null would be ideal.

Re: netflow in the core used for surveillance

On 8/25/21 23:13, Randy Bush wrote: https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru used to get dissidents, activists, and journos killed at, comcast, ... zayo, please tell us you do not do this. I guess Cambridge Analytica ain't just for the FaceMash...

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/25/21 21:09, Warren Kumari wrote: ... and my "funny" story. We used to live in San Jose. There was a large heat-wave, and much of SJC lost power because of A/C load, etc. Anyway, my wife and I go and camp in one of the office conference rooms for a few days because the office still

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/25/21 20:15, Lady Benjamin Cannon of Glencoe, ASCE wrote: So the issue here is even a small 120vac current becomes a very fatal event at 7.2 or 11 or 14.4kV. It’s a safety issue for linepersons doing emergency restoration work. Yep, because the home generator will be boosted up by

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/25/21 20:30, b...@theworld.com wrote: Ok, I'll be the curmudgeon... Is this really a problem in practice? The issue is that "it can be". Solar inverter OEM's have long argued that UL 1741 is too stringent because the assumption is that linesmen always check for voltage on the line

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/25/21 19:25, Mel Beckman wrote: Jay, No, because transformers work in both directions :) Plus, to the previous commenter that talked about “suicide cords”: they’’re more correctly termed “homicide  cords”: “ The lineman killed yesterday was working for Pike Electric and picked up

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/25/21 19:21, Sabri Berisha wrote: At my home, I use this: https://www.amazon.com/gp/product/B00CONE4MG The interlock kit is installed in such a way that either the main or the generator circuit breaker is closed. If the main is on, you can't switch to generator power, and vice versa

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/25/21 19:10, Jay Hennigan wrote: If you fail to isolate your generator from the incoming utility feed so that you're back-feeding the utility and the power is out for your neighborhood or the whole city, would not the load of trying to light up the whole town completely overwhelm

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/25/21 16:59, Jared Mauch wrote: This is why I personally spent the $$ on a proper standby generator with multiple ATS for the multiple panels. Same here. Massively painful, which led to some boring moments testing, testing and more testing. But after 5 months with electricians,

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/25/21 16:24, Ethan O'Toole wrote: If you hook 100KW of neighbors up to your 5KW/20% THD garden generator it would probably trip the breaker, or stall. Assuming that you don't want to deliberately simulate a utility grid on the same transformer as your neighbors, the bad news is

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/25/21 15:59, Ethan O'Toole wrote: How would this not load the generator or inverter into oblivion? Not sure I understand your question. Say again, please. (Just curious, I know people who use a suicide cord usually turn off the main breaker.) At the home, you typically have

Re: Reminder: Never connect a generator to home wiring without transfer switch

On 8/23/21 19:53, Sean Donelan wrote: Currently a problem in the north-east USA, but applicable after every storm. People in the south have more experience with hurricanes, and are used to this advice.  But apparently, some folks up north aren't in practice. Never connect an electric

Re: "Tactical" /24 announcements

On 8/15/21 08:11, Saku Ytti wrote: Hey Jakob, Is there documentation for this somewhere? Are you saying that the IOS-XR host will connect to some (configured?) server to expand the as-set, and at what time? Commit time? Once every N? Yes, same question for me. We've dumped all of our IOS

Re: "Tactical" /24 announcements

On 8/12/21 19:57, Jon Lewis wrote: Yeah...changes to the network could suddenly run such a box out of FIB resources, and you could easily be wrong when predicting how much longer a box has for it's "full routes" days...but the alternatives are "don't do full routes" or replace the box

Re: "Tactical" /24 announcements

On 8/12/21 19:30, Nick Hilliard wrote: it also causes non-deterministic fib resource consumption. On most edge deployments this won't matter, but it wouldn't be hard to cook up a topology that could fail in interesting ways.  Overall fib compression is a net win, but you need to be

Re: "Tactical" /24 announcements

On 8/12/21 19:19, William Herrin wrote: A originates 10.0.0.0/16 to paid transit C B originates 10.0.1.0/24 also to paid transit C C offers both routes to D. D discards 10.0.1.0/24 from the RIB based on same-next-hop Yeah, discarding from RIB is not the idea. It's discarding from FIB. RIB

Re: "Tactical" /24 announcements

On 8/12/21 19:17, Amir Herzberg wrote: Hi Hank, I think you're right, it could result in sub-optimal routing and in particular, in your AS not being used for these subprefixes (the traffic will go instead to a competing provider who sent the subprefix), hence, as you said, sub-optimal

Re: "Tactical" /24 announcements

On 8/12/21 16:42, Tom Hill wrote: I'm glad to hear a vendor has implemented a useful knob. Which vendor? BGP-SD (Selective Download) from Cisco since about 2013. I know both Juniper and Nokia have their versions as well. It's nothing new. Mark.

Re: "Tactical" /24 announcements

On 8/11/21 12:24, Tom Hill wrote: Such anti-disaggregation/save-my-TCAM efforts really do not work, and will spawn all manner of support tickets. I'm saying this in the hope that it may prevent someone from reading this thread and concluding that it may be a good idea to try. It is not.

Re: "Tactical" /24 announcements

On 8/11/21 12:07, Tom Hill wrote: 2914 permit you to leak prefixes as specific as a /28 between your own ports with them. Someone once referred to it as a 'sneaky backhaul', believe. Given that there's no default in 2914, I guess that counts? :D I suppose some arrangement between you and

Re: "Tactical" /24 announcements

On 8/9/21 19:38, Tom Beecher wrote: Folks can announce longer than 24 masks all day. They're unlikely to propagate very far though, since most won't accept longer than 24 from the world at large. Been waiting for the day when /27's, /28's and /29's are going to make it into the DFZ, as

Fort 1.5.1 Released..

Hi all. Fort 1.5.1 has just been released: https://github.com/NICMx/FORT-validator/releases/tag/v1.5.1 Along with a number of improvements, the key ones that I've been testing for some time are: * Improved scaling for environments that have 500 routers or more. This necessitated a major

Re: Anycast but for egress

On 7/28/21 17:09, Bill Woodcock wrote: I was about to say something about us having equal success over 105 or so countries, when I came to the realization that inviting quantitative comparisons of manhood with Mark is the very definition of folly. :-) Well, we are nowhere close to the

Re: Anycast but for egress

On 7/28/21 01:16, Daniel Corbe wrote: This is interesting... I wonder whether Anycast will still have some failure modes and break TCP connections if routing (configuration) were to change? I checked the PDF linked by Bill Woodcock... while the methodology is the same from 20y ago, would

Re: Anycast but for egress

On 7/27/21 20:48, Bill Woodcock wrote: In practice, that means that services are bound to a common shared address (an “anycast service address”) as those services are deployed on servers in different locations. The service address is advertised into the BGP routing infrastructure.

Re: Global Akamai Outage

On 7/26/21 19:04, Lukas Tribus wrote: rpki-client can only remove outdated VRP's, if it a) actually runs and b) if it successfully completes a validation cycle. It also needs to do this BEFORE the RTR server distributes data. If rpki-client for whatever reason doesn't complete a validation

Re: Global Akamai Outage

On 7/26/21 17:50, heasley wrote: Since rpki-client removes "outdated" (expired) VRPs, how does an RTR server "stop considering" something that does not exist from its PoV? Did you mean that it can warn about impending expiration? StayRTR reads the VRP data generated by rpki-client. Mark.

Re: Global Akamai Outage

On 7/26/21 14:20, Lukas Tribus wrote: Some specific failure scenarios are currently being addressed, but this doesn't make monitoring optional: rpki-client 7.1 emits a new per VRP attribute: expires, which makes it possible for RTR servers to stop considering outdated VRP's:

Re: Global Akamai Outage

On 7/26/21 07:25, Saku Ytti wrote: Doesn't matter. And I'm not trying to say RPKI is a bad thing. I like that we have good AS:origin mapping that is verifiable and machine readable, that part of the solution will be needed for many applications which intend to improve the Internet by some

Re: Global Akamai Outage

On 7/25/21 17:32, Saku Ytti wrote: Steering dangerously off-topic from this thread, we have so far had more operational and availability issues from RPKI than from hijacks. And it is a bit more embarrassing to say 'we cocked up' than to say 'someone leaked to internet, it be like it do'.

Re: Global Akamai Outage

On 7/25/21 08:18, Saku Ytti wrote: Hey, Not a critique against Akamai specifically, it applies just the same to me. Everything seems so complex and fragile. Very often the corrective and preventive actions appear to be different versions and wordings of 'dont make mistakes', in this case:

Re: 1G/10G BaseT switch recommendation

The "Fabrics" layer of the ArcOS architecture may offer some clue as to VPC options for Drew:     https://www.arrcus.com/products/arcos/# Mark.

Re: 1G/10G BaseT switch recommendation

On 7/23/21 10:40, Randy Bush wrote: thanks, mark. while arrcus provides stunning world class layer three: bgp, is-is, ospf, evpn, srv6, blah blah blah, we don't really so much exciting at layer two switching. C'mon, Drew, ask Arrcus for features. You can do it :-)... Seems like the only

Re: 1G/10G BaseT switch recommendation

I'd reach out to Arrcus as well. They are a NOS house, but they can also provide hardware options that suit what you want. Mark.

Re: Global Akamai Outage

On 7/22/21 18:50, Matt Harris wrote: Seems to be clearing up at this point, was able to get to a site just now that I wasn't a little bit ago. Yes, seems to be restoring...     https://twitter.com/akamai/status/1418251400660889603?s=28 Mark.

Global Akamai Outage

https://edgedns.status.akamai.com/ Mark.

Re: Do you care about "gray" failures? Can we (network academics) help? A 10-min survey

On 7/8/21 15:22, Vanbever Laurent wrote: Did you folks manage to understand what was causing the gray issue in the first place? Nope, still chasing it. We suspect a FIB issue on a transit device, but currently building a test to confirm. Mark.

Re: Do you care about "gray" failures? Can we (network academics) help? A 10-min survey

On 7/8/21 14:29, Saku Ytti wrote: Network experiences gray failures all the time, and I almost never care, unless a customer does. If there is a network which does not experience these, then it's likely due to lack of visibility rather than issues not existing. Fixing these can take months

<    1   2   3   4   5   6   7   8   9   10   >