Re: Tier1 BGP filter generation data sources & frequency

2021-05-24 Thread Job Snijders via NANOG
On Mon, May 24, 2021 at 02:04:32PM -0400, Luca Salvatore wrote: > Curious if anyone is aware of other Tier1s deprecating support for RADB? Rather than deprecating RADB, I think the industry would be better off if either RADB or the Tier1s (in their local caching layer) deploy IRR database

Re: [nanog] TC x IRRd 4.2

2021-04-28 Thread Job Snijders via NANOG
Dear Ruben, all, On Tue, Apr 27, 2021 at 10:18:32PM -0300, Rubens Kuhl wrote: > TC IRR, an IRR operator focused on Brazilian networks, just changed to > IRRd 4.2. The new version allowed TC to deploy RPKI validation > (thanks NTT for sponsoring that development) and expose HTTPS > endpoints for

Re: Cogent RPKI invalid filtering

2021-04-26 Thread Job Snijders via NANOG
Hi Robert, NANOG, On Mon, Apr 26, 2021 at 09:29:27AM -0400, Robert Blayzor via NANOG wrote: > According to Cloudflares isbgpsafeyet.com, Cogent has been considered "safe" > and is filtering invalids. > > But I have found that to be untrue (mostly). It appears that some days they > filter IPv4,

Re: BGP and The zero window edge

2021-04-22 Thread Job Snijders via NANOG
On Thu, Apr 22, 2021 at 02:29:31PM +0300, Alexandre Snarskii wrote: > 9002. Hit by Juniper PR1562090, route stuck in DeletePending.. > Workaround applied, sessions with 6939 restarted, route is gone. Thank you for the details and clearing the issue. Kind regards, Job

Re: BGP and The zero window edge

2021-04-21 Thread Job Snijders via NANOG
On Wed, Apr 21, 2021 at 09:22:57PM +, Jakob Heitz (jheitz) wrote: > I'd like to get some data on what actually happened in the real cases > and analyze it. > > [snip] > > TCP zero window is possible, but many other things could > cause it too. Indeed. There could be a number of reasons that

Re: BGP and The zero window edge

2021-04-21 Thread Job Snijders via NANOG
Dear Jakob, group, On Wed, Apr 21, 2021 at 08:59:06PM +, Jakob Heitz (jheitz) via NANOG wrote: > Ben's blog details an experiment in which he advertises routes and then > withdraws them, but some of them remain stuck for days. > > I'd like to get to the bottom of this problem. I think there

Re: ARIN-NONAUTH IRR final retirement set for 31 March 2022 (was: ARIN-NONAUTH data ARIN-NONAUTH dataFwd: [ARIN-consult] ACSP Consultation 2021.1: Future of ARIN’s Unauthenticated IRR is now Closed)

2021-03-16 Thread Job Snijders via NANOG
Dear John, Thank you for extending the deadline with another 6 months. Obviously 6 months amidst a global pandamic would never be enough time. :-) Both John Sweeting [1] and myself [2] assert there are tens of thousands of objects for which the relationship between the object's existence and the

Re: RPKI invalid logs?

2021-02-20 Thread Job Snijders via NANOG
Dear Hank, On Sat, Feb 20, 2021 at 07:37:08PM +0200, Hank Nussbacher wrote: > Is there a place where one can examine RPKI invalid logs for a specific date > & time I have set up a publicly accessible archiver instance in Dallas, and one in Amsterdam which capture and archive data every 20

Re: Famous operational issues

2021-02-16 Thread Job Snijders via NANOG
On Tue, Feb 16, 2021 at 01:37:35PM -0600, John Kristoff wrote: > I'd like to start a thread about the most famous and widespread Internet > operational issues, outages or implementation incompatibilities you > have seen. > > Which examples would make up your top three? This was a fantastic

Re: Problems with newish IP block assignment issues from ARIN

2021-02-08 Thread Job Snijders via NANOG
On Mon, Feb 08, 2021 at 04:02:14PM -0500, Justin Wilson (Lists) wrote: > I enabled 134.195.47.1 on one of our routers. Cool! I noticed the following: from many NLNOG RING nodes I can reach that IP address, but not from 195.66.134.42: deepmedia01.ring.nlnog.net:~$ mtr -z -w -r 134.195.47.1

Re: Problems with newish IP block assignment issues from ARIN

2021-02-08 Thread Job Snijders via NANOG
Dear Justin, On Mon, Feb 08, 2021 at 03:14:47PM -0500, Justin Wilson (Lists) wrote: > It acts like the IP block was blacklisted at some point and got on > some bad lists but I don’t want ti limit myself to that theory. > I have opened up a ticket with ARIN asking for any guidance. Has > anyone

Re: Issues with NANOG mailing list operations and subscriptions

2021-01-18 Thread Job Snijders
Hi Sean, Will, group, On Sun, Jan 17, 2021 at 03:01:22PM -0800, William Herrin wrote: > On Sun, Jan 17, 2021 at 1:37 PM Sean Donelan wrote: > > Some people think its funny to ghost subscribe email addresses, and > > the NANOG mailing list auomation doesn't catch them in the verification > >

Re: what is the policy about sharing email offlist?

2021-01-18 Thread Job Snijders
Dear all, On Mon, Jan 18, 2021 at 11:17:06AM -0700, Anne P. Mitchell, Esq. wrote: > Either Alexandria Ocasio-Cortez' office is on the NANOG list or > someone is forwarding NANOG email to AOC's press office (in which case > either spoofed as the original sender or AOC's office sends an ack to >

Fw: [lacnog] Update on LACNIC's IRR: Near-Real-Time Mirroring Now Available

2020-11-24 Thread Job Snijders
RENTSERIAL NRTM Host: irr.lacnic.net NRTM Port:43 When LACNIC enables NRTM in the coming days, other IRRs such as RADB and NTT will begin mirroring the LACNIC source. We would also like to thank the DashCare team (https://dashcare.nl/), Job Snijders (NTT) and the RADB team for their support.

Re: inspecting RPKI data: console.rpki-client.org

2020-11-20 Thread Job Snijders
On Fri, Nov 20, 2020 at 12:02:04PM -0500, Tom Beecher wrote: > In before snark of "OMG "http" links to RPKI info HURF BLURF!" But Tom, that is exactly the whole point of the RPKI :-) It's funny, but true! You really can safely use the RPKI data from the console website in your own production

inspecting RPKI data: console.rpki-client.org

2020-11-20 Thread Job Snijders
Dear all, I'd like to introduce another tool to inspect RPKI data... the rpki-client console! Comes with an authentic 90s look & feel :-) The Frontpage - http://console.rpki-client.org/ --- On the front page you can see stdout + stderr of the most

Re: Newbie Questions: How-to remove spurious IRR records (and keep them out for good)?

2020-11-02 Thread Job Snijders
Dear Pirawat, On Mon, Oct 26, 2020 at 08:13:19PM +0700, Pirawat WATANAPONGSE wrote: > I am seeking advice concerning someone else announcing IRR records on > resources belonging to me. Change is underway in the IRR ecosystem! The situation we are all used to is that it is rather cumbersome to

Re: plea for comcast/sprint handoff debug help

2020-11-02 Thread Job Snijders
On Mon, Nov 02, 2020 at 09:13:16AM +0100, Tim Bruijnzeels wrote: > On the other hand, the fallback exposes a Malicious-in-the-Middle > replay attack surface for 100% of the prefixes published using RRDP, > 100% of the time. This allows attackers to prevent changes in ROAs to > be seen. This is a

RPKI over RSYNC vs RRDP (Was: plea for comcast/sprint handoff debug help)

2020-10-30 Thread Job Snijders
On Fri, Oct 30, 2020 at 12:47:44PM +0100, Alex Band wrote: > > On 30 Oct 2020, at 01:10, Randy Bush wrote: > > i'll see your blog post and raise you a peer reviewed academic paper > > and two rfcs :) > > For the readers wondering what is going on here: there is a reason > there is only a vague

Re: plea for comcast/sprint handoff debug help

2020-10-30 Thread Job Snijders
On Thu, Oct 29, 2020 at 09:14:16PM +0100, Alex Band wrote: > In fact, we argue that it's actually a bad idea to do so: > > https://blog.nlnetlabs.nl/why-routinator-doesnt-fall-back-to-rsync/ > > We're interested to hear views on this from both an operational and > security perspective. I don't

Recommendation to update RPKI validators

2020-10-29 Thread Job Snijders
Hi all, About eight months ago I discovered a number of issues in the validation procedure of most RPKI validator softwares (including the RIPE NCC Validator, Routinator, and OctoRPKI). The impact of improper verification of Manifests (and associated aspects of the X.509 system) in the RPKI can

Re: IRR Explorer Error/Issue

2020-10-07 Thread Job Snijders
Dear Kevin, I am the maintainer of NLNOG's IRRexplorer and can help. On Wed, Oct 07, 2020 at 08:37:00PM +, Kevin McCormick wrote: > There seems to an issue with IRR Explorer. > > I check the following prefix and I get the message, “The server > encountered an internal error and was unable to

Re: CIDR cleanup

2020-10-02 Thread Job Snijders
On Fri, Oct 02, 2020 at 03:39:00AM -0700, Randy Bush wrote: > > Marco Marzetti (PCCW) wrote an even faster compression tool! > > https://github.com/lamehost/aggregate-prefixes > > > > Both these python implementations are meant as replacements for ISC's > > vintage 'aggregate' Unix utility, with

Re: CIDR cleanup

2020-10-02 Thread Job Snijders
On Thu, Oct 01, 2020 at 02:15:01PM -0300, Marcos Manoni wrote: > Check https://github.com/job/aggregate6 (thank you, Job) Marco Marzetti (PCCW) wrote an even faster compression tool! https://github.com/lamehost/aggregate-prefixes Both these python implementations are meant as replacements

Re: SPAM for nanog@ senders

2020-09-21 Thread Job Snijders
Dear Łukasz, others, Can you please send any suspecious emails (including headers) to the mailing list admin team at ge...@nanog.org? We'll try to figure out if it happens through an existing subscription. Kind regards, Job (hat: NANOG geeks) On Mon, Sep 21, 2020 at 12:51:44PM +0200, Octolus

Re: how would draft-ymbk-opsawg-finding-geofeeds work in noam

2020-09-16 Thread Job Snijders
On Tue, Sep 15, 2020 at 01:52:05PM -0700, Randy Bush wrote: > perchance is RDAP implemented by all RIRs? Yes, but in 5 slightly different ways :-) Kind regards, Job

Re: Centurylink having a bad morning?

2020-08-30 Thread Job Snijders
I believe from this moment forward things are converging back to normal. Kind regards, Job

Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

2020-08-25 Thread Job Snijders
On Tue, Aug 25, 2020 at 08:27:24AM -0400, K. Scott Helms wrote: > Comcast is blocking it. From the table on that page. > > "Port 0 is a reserved port, which means it should not be used by > applications. Network abuse has prompted the need to block this port." The 'Transport' column seems to

Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

2020-08-25 Thread Job Snijders
On Tue, Aug 25, 2020 at 07:27:33AM -0400, K. Scott Helms wrote: > I think a fairly easy thing to do is see what other large retail ISPs > have done. Comcast, as an example, lists all of the ports they block > and 0 is blocked. I do recommend that port 0 be blocked by all of the > ISPs I work

Re: RPKI TAs

2020-08-03 Thread Job Snijders
On Mon, Aug 03, 2020 at 08:17:55AM -0500, John Kristoff wrote: > On Sun, 2 Aug 2020 18:52:11 + > Randy Bush wrote: > > > not to mention the ARIN stupidity > > Notwithstanding the RPA, downloading ARIN's TAL is straightforward: > > As documented here: > >

Re: Issue with Noction IRP default setting (Was: BGP route hijack by AS10990)

2020-08-03 Thread Job Snijders
Dear Ryan, I have come to believe this is a Noction IRP specific issue. On Sat, Aug 01, 2020 at 01:29:59PM -0700, Ryan Hamel wrote: > I disagree on the fact that it is not fair to the BGP implementation > ecosystem, to enforce a single piece of software to activate the > no-export community by

Re: BGP route hijack by AS10990

2020-08-03 Thread Job Snijders
On Mon, Aug 03, 2020 at 02:36:25PM +0200, Alex Band wrote: > According to the information I received from the community[1], you > should read PR1461602 and PR1309944 before deploying. > > [1] https://rpki.readthedocs.io/en/latest/rpki/router-support.html My take on PR1461602 is that it can be

Issue with Noction IRP default setting (Was: BGP route hijack by AS10990)

2020-08-01 Thread Job Snijders
On Sat, Aug 01, 2020 at 06:50:55AM -0700, Ca By wrote: > I am not normally supporting a heavy hand in regulation, but i think it is > fair to say Noction and similar BGP optimizers are unsafe at any speed and > the FTC or similar should ban them in the USA. They harm consumers and are > a risk to

Re: BGP route hijack by AS10990

2020-07-31 Thread Job Snijders
On Fri, Jul 31, 2020 at 03:34:47PM +0200, Mark Tinka wrote: > On 31/Jul/20 03:57, Aftab Siddiqui wrote: > > Not a single prefix was signed, what I saw. May be good reason for > > Rogers, Charter, TWC etc to do that now. It would have stopped the > > propagation at Telia. > > If none of the

Re: BGP route hijack by AS10990

2020-07-30 Thread Job Snijders
On Thu, Jul 30, 2020 at 07:09:07PM +0200, Patrick Schultz wrote: > so, bgp optimizers... again? We should stop calling them 'optimizers'... perhaps "BGP Polluters"? Kind regards, Job

Re: Hurricane Electric has reached 0 RPKI INVALIDs in our routing table

2020-06-17 Thread Job Snijders
Dear Jon, group, On Wed, Jun 17, 2020 at 10:25:14AM -0400, Jon Lewis wrote: > On Mon, 15 Jun 2020, Mike Leber via NANOG wrote: > > > I'm pleased to announce Hurricane Electric has completed our RPKI > > INVALID filtering project and we now have 0 RPKI INVALIDs in our routing > > table. > > > >

Re: Mikrotik RPKI Testing

2020-06-17 Thread Job Snijders
Dear all, > I noticed that Mikrotik has added RPKI into their very much beta v7 > branch. I would like to ask those of you that know RPKI well to check > it out and offer Mikrotik feedback on what they've done > right\wrong\broken. Our hero Massimiliano Stucchi in Switzerland started doing the

Re: Reactive RPKI ROV (Was: Hurricane Electric has reached 0 RPKI INVALIDs)

2020-06-17 Thread Job Snijders
Dear Baldur, On Wed, Jun 17, 2020 at 01:42:36PM +0200, Baldur Norddahl wrote: > Lets say someone makes an announcement that creates a RPKI invalid and > it is determined to be a mistake. They then go back and add ROA > objects to fix the problem. With this reactive RPKI approach then > continue

Reactive RPKI ROV (Was: Hurricane Electric has reached 0 RPKI INVALIDs)

2020-06-16 Thread Job Snijders
Dear Mike, Ytti, others, First of all and most importantly: congratulations Mike! I thank you and your team for having constructed a great mechanism that helps honor the routing intentions everyone publishes in the RPKI. On Tue, Jun 16, 2020 at 09:08:41AM +0300, Saku Ytti wrote: > On Tue, 16 Jun

academic paper on Peerlock BGP protection mechanism

2020-06-15 Thread Job Snijders
Dear colleagues,

Re: Partial vs Full tables

2020-06-10 Thread Job Snijders
On Tue, Jun 9, 2020, at 08:04, Mark Tinka wrote: > On 5/Jun/20 18:49, Saku Ytti wrote: > > The comparison isn't between full or default, the comparison is > > between static default or dynamic default. Of course with any default > > scenario there are more failure modes you cannot route around.

Re: Update your ARIN IRR data access methods (was: Fwd: [arin-announce] New Internet Routing Registry Release)

2020-06-10 Thread Job Snijders
Dear John, group, On Wed, Jun 10, 2020 at 06:51:53PM +, John Curran wrote: > ARIN has released its updated IRR system - if you are relying on > ARIN’s IRR data, please refer to details below and update access > methods accordingly. Ack - NTT has done so. The 'rr.ntt.net' instance now

Re: "Is BGP safe yet?" test

2020-04-20 Thread Job Snijders
On Mon, Apr 20, 2020, at 21:54, Amir Herzberg wrote: > Randy said, > From a practical standpoint, this doesn't actually tell > the whole truth > > > > indeed. route origin validation, while a good thing, does not make > > bgp safe from attack. this marketing fantasy is being propagated; > > but

RPKI OV implementation in route-map

2020-04-01 Thread Job Snijders
Dear Mark, group, On Tue, Mar 31, 2020 at 03:50:23PM +0200, Mark Tinka wrote: > On 31/Mar/20 15:21, Dorian Kim wrote: > > Unfortunately we don’t have any testing done or experience with RPKI > > on XE or Classic boxes as we don’t have any deployed outside of OOB > > infrastructure. > > Cherish

NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies

2020-03-25 Thread Job Snijders
Dear group, Exciting news! Today NTT's Global IP Network (AS 2914) enabled RPKI based BGP Origin Validation on virtually all EBGP sessions, both customer and peering edge. This change positively impacts the Internet routing system. The use of RPKI technology is a critical component in our

Re: interesting troubleshooting

2020-03-20 Thread Job Snijders
On Fri, Mar 20, 2020 at 05:57:19PM -0400, Jared Mauch wrote: > You also need to watch out to ensure you’re not on some L2VPN type > product that bumps up against a barrier. I know it’s a stressful time > for many networks and systems people as traffic shifts. A few years ago we did a

Re: interesting troubleshooting

2020-03-20 Thread Job Snijders
On Fri, Mar 20, 2020 at 05:33:31PM -0400, Nimrod Levy wrote: > With the increase in remote workers and VPN traffic that won't hash across > multiple paths, I thought this anecdote might help someone else track down > a problem that might not be so obvious. Do we know which specific VPN

Re: Need help removing a old/outdated/incorrect proxy route object

2020-03-17 Thread Job Snijders
I can help! Will follow-up off list. For future reference: db-ad...@rr.ntt.net is also a good place to direct any questions about NTT's IRR service "NTTCOM" Kind regards, Job On Tue, Mar 17, 2020, at 20:54, Sadiq Saif wrote: > Hi all, > > I am looking for help with removal of a

Re: AT is suspending broadband data caps for home internet customers due to coronavirus

2020-03-17 Thread Job Snijders
On Tue, Mar 17, 2020, at 19:38, Dan White wrote: > By "ahead of us", I'm hoping to glean some operational experience from > European, or networks in larger cities with a more impactful lock > down. It is all fairly new here too. Some of the things that have come to mind so far: - the supply

Re: RADB account deletions

2020-03-03 Thread Job Snijders
On Tue, Mar 03, 2020 at 11:22:35AM -0700, Clinton Work wrote: > It looks like the former Allstream RADB account (MAINT-AS15290) and > all associated route objects were removed from RADB today. The > deletion mainly impacts Canadian route objects registered by the > former Allstream (now Zayo).

Re: akamai yesterday - what in the world was that

2020-02-11 Thread Job Snijders
> Any word on what the update was for? It caused quite a jump in traffic on our > network. On twitter "68 GB" was trending https://twitter.com/search?q=%2268%20GB%22=trend_click Kind regards, Job

Re: new tool: rpki-ov-checker

2020-02-06 Thread Job Snijders
Oops, I see a fat typo slipped in - the correct URL is https://github.com/job/rpki-ov-checker :-) Kind regards, Job On Thu, Feb 6, 2020 at 20:35 Job Snijders wrote: > Dear ops, > > I wrote a simple tool to figure out what kind of invalid a rpki invalid > is, this ca

new tool: rpki-ov-checker

2020-02-06 Thread Job Snijders
Dear ops, I wrote a simple tool to figure out what kind of invalid a rpki invalid is, this can aid people in understanding the impact of "invalid == reject" routing policies. Only "invalid_unreachable" routes present an operational issue in my opinion, IP addresses covered by "notfound" or

Re: Microsoft mail delivery issue

2020-01-31 Thread Job Snijders
Dear Paul, I recommend subscribing and reaching out to the “mailop” mailing list. You may not see replies from the big mail operators in the archives, but I suspect a lot of relevant people pay attention to this specific list. https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop Kind

Re: Rogue objects in routing databases

2020-01-24 Thread Job Snijders
Hi! This came up on our radar somewhere in the last 24 hours too. It indeed does look very curious. Thank you for your analysis and report. NTT is taking steps to figure out what is behind this. Our current working theories are that perhaps the IRR maintainer account was compromised, or some

Re: Dual Homed BGP

2020-01-24 Thread Job Snijders
Dear Brian, On Fri, 24 Jan 2020 at 17:40, Brian wrote: > Hello all. I am having a hard time trying to articulate why a Dual Home > ISP should have full tables. My understanding has always been that full > tables when dual homed allow much more control. Especially in helping to > prevent Async

Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

2019-12-31 Thread Job Snijders
On Tue, Dec 31, 2019 at 17:26 Seth Mattinen wrote: > On 12/31/19 8:10 AM, joel jaeggli wrote: > > Argumentation on the basis of a tu quoque fallacy doesn't really add > > much to the dicussion. Depreciating potentialy dangerous and definitely > > obsolete protocols does not make you a hypocrite.

Re: Holiday route leak

2019-12-30 Thread Job Snijders
Dear all, On Fri, Dec 27, 2019 at 04:06:24PM -0500, Christopher Morrow wrote: > If there are AS46844 folk listening around their eggnog ... it'd be > nice if you would stop leaking prefixes: https://imgur.com/a/Js0YvP2 > > this from the current view at: https://bgp.he.net/AS15169#_graph6 > > I

Re: Starting to Drop Invalids for Customers

2019-12-10 Thread Job Snijders
Dear Arturo, group, On Tue, Dec 10, 2019 at 20:51 Arturo Servin wrote: > > Invalid according to RPKI or IRR? Or both? > In this context the use of the word “invalid” refers to the result of validation procedure described in RFC 6811 - which is to match received BGP updates to the RPKI and

Re: Comcast & NTT packet loss today

2019-12-03 Thread Job Snijders
Hi all, We are following up off-list! This may be a good moment to mention that the excellent people at the NTT NOC are always available at n...@ntt.net, or the phone numbers listed in PeeringDB. :-) Kind regards, Job On Tue, Dec 3, 2019 at 23:19 Ben Cannon wrote: > We’re trying to figure

A new open source RPKI CA solution: NLnet Labs' Krill

2019-12-03 Thread Job Snijders
Dear fellow network operators, It appears Santa brought presents early this year! I'd like to draw attention to the below forwarded message and provide my take on it. Some of you represent organisations that interact with multiple RIRs, and have concluded it can be challenging to figure out the

Re: SP 800-189 (Draft), Resilient Interdomain Traffic Exchange

2019-10-28 Thread Job Snijders
Dear Douglas, Thanks for sharing the link. This is an impressive effort! Can you share with the group what the best way is to share feedback to effect changes in the document? Is there a difference between just emailing you or are there official channels to be considered? Kind regards, Job

Re: Anyone from NTT America here?

2019-10-23 Thread Job Snijders
Dear Stephen, I’ll work with you off-list to investigate! :-) Kind regards, Job NTT / AS 2914 On Wed, Oct 23, 2019 at 14:23 Ross Tajvar wrote: > What was the source/destination? > > On Wed, Oct 23, 2019, 2:10 PM Stephen Satchell wrote: > >> Routing loop >> >> > 11.|-- 129.250.24.196

Re: IPv6 Thought Experiment

2019-10-02 Thread Job Snijders
It appears in your thought experiment, a stick is dressed up like a carrot. I’m not a fan of deploying purely punitive strategies to promote adoption; technologies should stand on their own and be able to convince the potential users based on their merit, not based on penalties.

Re: Elad Cohen (was: Re: Cogent sales reps who actually respond)

2019-09-18 Thread Job Snijders
It would be good to see some receipts, offered by the selling party.

Re: new BGP hijack & visibility tool “BGPalerter”

2019-08-15 Thread Job Snijders
Hi Ryan, Alarig, > On 14/08/2019 19:06, Ryan Hamel wrote: > > I appreciate the effort and the intent behind this project, but why > > should the community contribute to an open source project on GitHub > > that is mainly powered by a closed source binary? > On Wed, Aug 14, 2019 at 07:13:47PM

new BGP hijack & visibility tool “BGPalerter”

2019-08-14 Thread Job Snijders
Dear NANOG, Recently NTT investigated how to best monitor the visibility of our own and our subsidiaries’ IP resources in the BGP Default-Free Zone. We were specifically looking how to get near real-time alerts funneled into an actionable pipeline for our NOC & Operations department when BGP

Re: RPKI adoption

2019-08-14 Thread Job Snijders
Dear all, On Wed, Aug 14, 2019 at 10:36:44AM +, John Curran wrote: > On 14 Aug 2019, at 2:26 AM, Matthew Petach wrote: > > ... > > Now, at the risk of bringing down the ire of the community on my > > head...ARIN could consider tying the elements together, at least for > > ARIN members. Add

Re: 44/8

2019-07-18 Thread Job Snijders
On Fri, Jul 19, 2019 at 3:16 AM Adam Korab wrote: > > On 07/18/2019 at 23:08, Job Snijders wrote: > > A potential upside is that hamnet operators maybe have access to some RPKI > > services now! > > OK, I'll bitehow do you mean? Ah, let me clarify, I didn't mean t

Re: 44/8

2019-07-18 Thread Job Snijders
A potential upside is that hamnet operators maybe have access to some RPKI services now!

Re: Performance metrics used in commercial BGP route optimizers

2019-07-16 Thread Job Snijders
On Tue, Jul 16, 2019 at 01:24:11PM -0500, Mike Hammett wrote: > All of the same tragedy can happen without BGP optimizers, and does. I disagree. You are skipping over crucial distinction we should make between common 'route leaks' (incorrect propagation of valid routing information), and the

Re: Performance metrics used in commercial BGP route optimizers

2019-07-16 Thread Job Snijders
On Tue, Jul 16, 2019 at 6:10 PM Ryan Hamel wrote: > > Nowhere near the number as an engineer fat fingering a route. How are you able to make that assertion? > There are ISPs that accept routes all the way to /32 or /128, for traffic > engineering with ease, and/or RTBH. This strikes me as a

Re: Performance metrics used in commercial BGP route optimizers

2019-07-16 Thread Job Snijders
On Tue, Jul 16, 2019 at 3:33 PM Mike Hammett wrote: > More like do whatever you want in your own house as long as you don't > infringe upon others. > That's where the rub is; when using "BGP optimisers" to influence public Internet routing, you cannot guarantee you won't infringe upon others.

Re: Level3/CenturyLink IRR Contact

2019-07-08 Thread Job Snijders
I will ping you off list with contact details. Kind regards, Job On Mon, Jul 8, 2019 at 6:20 PM Joe Nelson wrote: > > Does anyone know who to contact to have old information removed from > Level3/CenturyLink's IRR. My ASN still shows in their registry with stale > information from an old

Re: CloudFlare issues?

2019-07-04 Thread Job Snijders
> Anyway, you can now enjoy https://rpki.net/s/rpki-test even more! :-) my apologies, I fumbled the ball on typing in that URL, I intended to point here: https://www.ripe.net/s/rpki-test

Re: CloudFlare issues?

2019-07-04 Thread Job Snijders
On Thu, Jul 4, 2019 at 8:46 PM Francois Lecavalier wrote: > It's been close to 3 hours now since I dropped them - radio silence. I am going to assume that "radio silence" for you means that your network is fully functional and none of your customers have raised issues! :-) > Whoever fears

Re: CloudFlare issues?

2019-07-04 Thread Job Snijders
Dear Francois, On Thu, Jul 04, 2019 at 03:22:23PM +, Francois Lecavalier wrote: > Following that Verizon debacle I got onboard with ROV, after a couple > research I stopped my choice on the drum roll CloudFlare GoRTR > (https://github.com/cloudflare/gortr). If you trust them enough

BGP filtering study resources (Was: CloudFlare issues?)

2019-06-25 Thread Job Snijders
Dear Stephen, On Tue, Jun 25, 2019 at 07:04:12AM -0700, Stephen Satchell wrote: > On 6/25/19 2:25 AM, Katie Holly wrote: > > Disclaimer: As much as I dislike Cloudflare (I used to complain > > about them a lot on Twitter), this is something I am absolutely > > agreeing with them. Verizon failed

Re: CloudFlare issues?

2019-06-24 Thread Job Snijders
On Mon, Jun 24, 2019 at 08:18:27AM -0400, Tom Paseka via NANOG wrote: > a Verizon downstream BGP customer is leaking the full table, and some more > specific from us and many other providers. It appears that one of the implicated ASNs, AS 33154 "DQE Communications LLC" is listed as customer on

Re: Traffic ratio of an ISP

2019-06-20 Thread Job Snijders
On Thu, Jun 20, 2019 at 4:21 PM Steller, Anthony J wrote: > because it really don’t matter in the whole scheme of things. Indeed, it doesn't matter. The "traffic ratio" field in PeeringDB probably should be deprecated, there is no formal definition nor is are there any operational consequences

Re: provider email maintenance standard

2019-06-17 Thread Job Snijders
Dear Matt, See this URL instead: https://github.com/jda/maintnote-std/blob/master/standard.md NTT / AS 2914’s NOC follows this process to keep customers and partners informed about maintenances. Kind regards, Job On Mon, Jun 17, 2019 at 15:32 Matt Harris wrote: > On Mon, Jun 17, 2019 at

Re: someone is using my AS number

2019-06-15 Thread Job Snijders
On Sat, Jun 15, 2019 at 4:45 PM Owen DeLong wrote: > > On Jun 15, 2019, at 5:43 AM, Job Snijders wrote: > >> On Sat, Jun 15, 2019 at 2:38 PM Owen DeLong wrote: > > owen> >> What I heard you say is: “I’m not going to offer a solution to your problem, but you

Re: someone is using my AS number

2019-06-15 Thread Job Snijders
On Sat, Jun 15, 2019 at 09:31:03AM -0400, Jon Lewis wrote: > On Sat, 15 Jun 2019, Job Snijders wrote: > > There is no signal from the remote ASN (the one that receive the > > route announcement) to the Originator ASN about the remote ASN's > > loop detection policies. Ther

Re: someone is using my AS number

2019-06-15 Thread Job Snijders
On Sat, Jun 15, 2019 at 05:32:21AM -0700, Owen DeLong wrote: > > What is the principal harm of doing this? Honest question. I'm not > > advocating for anything, just curious. > > > > Excellent question. > > > > 1/ We can’t really expect on the loop detection to work that way at > > the “jacked”

Re: someone is using my AS number

2019-06-15 Thread Job Snijders
On Sat, Jun 15, 2019 at 2:38 PM Owen DeLong wrote: > Job, > > Permit me to apply some reflective listening to your statement: > > What I heard you say is: “I’m not going to offer a solution to your problem, > but you shouldn’t use the one you have that currently works because some > things my

Re: someone is using my AS number

2019-06-13 Thread Job Snijders
On Thu, Jun 13, 2019 at 11:18 Warren Kumari wrote: > On Thu, Jun 13, 2019 at 9:59 AM Joe Abley wrote: > > > > Hey Joe, > > > > On 12 Jun 2019, at 12:37, Joe Provo wrote: > > > > > On Wed, Jun 12, 2019 at 04:10:00PM +, David Guo via NANOG wrote: > > >> Send abuse complaint to the upstreams

Re: someone is using my AS number

2019-06-13 Thread Job Snijders
Hi Joe, On Thu, Jun 13, 2019 at 9:59 Joe Abley wrote: > Hey Joe, > > On 12 Jun 2019, at 12:37, Joe Provo wrote: > > > On Wed, Jun 12, 2019 at 04:10:00PM +, David Guo via NANOG wrote: > >> Send abuse complaint to the upstreams > > > > ...and then name & shame publicly. AS-path forgery "for

Re: someone is using my AS number

2019-06-12 Thread Job Snijders
Indeed, I do not see this in the our current version of the Default-Free Zone, so there may not be a problem for us to solve at this moment. I think your reaching out to NANOG or other operator forums is the correct action. Someone is bound to know someone who knows someone who can help. Kind

Re: someone is using my AS number

2019-06-12 Thread Job Snijders
Can you share more details? Perhaps we can put the human social network to good use. Other than that this is annoying - are right now operationally impacted? Kind regards, Job On Wed, Jun 12, 2019 at 12:24 Filip Hruska wrote: > I would contact upstreams of the upstream then. This is quite a

Re: Networks enforcing RPKI validation

2019-06-07 Thread Job Snijders
Dear Eric, If you don't mind me showering you with some study resources... here we go! On Fri, Jun 07, 2019 at 10:58:48AM -0400, Eric Dugas wrote: > I was wondering if there was a list of networks that enforce RPKI > validation and dropping invalids. The last list that was compiled is available

Re: Cisco Crosswork Network Insights - or how to destroy a useful service

2019-05-15 Thread Job Snijders
On Wed, May 15, 2019 at 11:52:16AM +, Mann, Jason via NANOG wrote: > ?Is BGPmon going away? Yes, see https://bgpmon.net/wp-content/uploads/2019/01/BGPMon.net-EOL-EOS-faq.pdf Kind regards, Job

Re: Cisco Crosswork Network Insights - or how to destroy a useful service

2019-05-15 Thread Job Snijders
On Wed, May 15, 2019 at 11:37:57AM +0100, Carlos Friaças wrote: > It relies *exclusively* on "RIPE RIS Live", or does it also use other > sources? The first useful version will rely exclusively on the "RIS Live" interface. In a later stage we can consider adding something like the NLNOG Looking

Re: Cisco Crosswork Network Insights - or how to destroy a useful service

2019-05-15 Thread Job Snijders
Hi, I recognise the issue you describe, and I'd like to share with you that we're going down another road. Nowadays, RIPE NCC offers a streaming API ("RIS Live") which has the data needed to analyse and correlate BGP UPDATES seen in the wild to business rules you as operator define. NTT folks

Re: Seeking Feedback on Mitigation of New BGP-driven Attack

2019-05-10 Thread Job Snijders
Dear Jared, This was a very interesting read. Thank you for sharing it with us. The paper contained new information for me, if I hope I summarize it correctly: by combining AS_PATH poisoning and botnets, the botnet’s firing power can be more precisely aimed at a specific target. Can you clarify

Re: Routing issues to AWS environment.

2019-05-09 Thread Job Snijders
Dear Nick, I sympathize with you plight, network debugging can be quite a test of character at times. I am snipping some text as I can't comment on on specific details in this case, but you do raise two excellent questions which I can maybe help with. On Thu, May 09, 2019 at 03:05:43PM +,

Re: Routing issues to AWS environment.

2019-05-09 Thread Job Snijders
Hi Chuck, On Thu, May 09, 2019 at 06:34:21AM -0400, Chuck Church wrote: > Are you sure the problem isn’t NTT? My buddy’s WISP peers with Spirit > and had a boatload of problems with random packet loss affecting > initially just SIP and RTP (both UDP). Spirit was blaming NTT. > Problems went away

Re: NTP for ASBRs?

2019-05-08 Thread Job Snijders
Dear Lars, On Wed, May 08, 2019 at 09:56:33AM +0200, Lars Prehn wrote: > do you NTP sync your AS boundary routers? yes > If so, what are incentives for doing so? Are there incentives, e.g. > security considerations, not to do it? The major advantage of NTP syncing your routers is that it

Re: NTP question

2019-05-01 Thread Job Snijders
Dear Mehmet, On Wed, May 01, 2019 at 03:22:57PM -0400, Mehmet Akcin wrote: > I am trying to buy a GPS based NTP server like this one > > https://timemachinescorp.com/product/gps-time-server-tm1000a/ > > but I will be placing this inside a data center, do these need an > actual view of a sky to

Re: Packetstream - how does this not violate just about every provider's ToS?

2019-04-24 Thread Job Snijders
Dear Anne, On Wed, Apr 24, 2019 at 11:07:51PM -0600, Anne P. Mitchell, Esq. wrote: > How can this not be a violation of the ToS of just about every major > provider? Can you perhaps cite ToS excerpts from one or more major providers to support your assertion? > Anne P. Mitchell, > Attorney

Re: SOLVED (was Re: request for help: 192.139.135.0/24)

2019-04-03 Thread Job Snijders
Hi all, On Wed, Apr 03, 2019 at 10:59:18AM -0400, Jay Borkenhagen wrote: > I urge folks facing similar problems to publish RPKI ROAs for their IP > resources. [snip] the verifiable statements in RPKI ROAs can be > attributed to you as the actual resource holder, thus helping folks > base their

  1   2   3   4   5   >