Re: Juniper hardware recommendation

2021-05-14 Thread Nick Hilliard
Adam Thompson wrote on 14/05/2021 15:44: I did not know such a thing existed! Cool! Holy murdering your port density, though. Ouch$$$. oh the port wastage is completely criminal, but it can be a handy last resort. Nick

Re: Juniper hardware recommendation

2021-05-14 Thread Nick Hilliard
Adam Thompson wrote on 14/05/2021 14:30: However, the MX 10k family still only shows as being compatible with two QSFP cards. And yes, you can get a QSFP-SFP+ breakout cable, but those don't let you use SFP+ CWDM/DWDM transceivers. you can also get QSA adapters to convert from a QSFP form

Re: Letters of Authorization still aren't worth the paper they aren't printed

2021-03-15 Thread Nick Hilliard
Sean Donelan wrote on 15/03/2021 17:46: Its amazing the telecommunications industry still uses or relies on "Letter of Authorization".  Its less secure than faxing a piece of paper on "letterhead." LOAs aren't about authorization. They're about shifting liability and having a paper trail.

Re: DOD prefixes and AS8003 / GRSCORP

2021-03-12 Thread Nick Hilliard
Siyuan Miao wrote on 12/03/2021 11:34: My biggest concern is why the AS8003 was assigned to the company (GLOBAL RESOURCE SYSTEMS, LLC) even before its existence. GRS LLC seems to have been around since 2006. https://opencorporates.com/companies/us_fl/M0601699 AS8003 was registered to

Re: DPDK and energy efficiency

2021-02-23 Thread Nick Hilliard
Shane Ronan wrote on 23/02/2021 16:59: For use cases where DPDK matters, are you really concerned with power consumption? Probably yeah. Have you assessed the lifetime cost of running a multicore CPU at 100% vs at 10%, particularly as you're likely to have multiples of these devices in

Re: DPDK and energy efficiency

2021-02-23 Thread Nick Hilliard
Etienne-Victor Depasquale wrote on 23/02/2021 16:03: "we found that a poll mode driver (PMD) thread accounted for approximately 99.7 percent CPU occupancy (a full core utilization)." interrupt-driven network drivers generally can't compete with polled mode drivers at higher throughputs on

Re: public open resolver list?

2021-02-01 Thread Nick Hilliard
Randy Bush wrote on 01/02/2021 18:16: is there a list of public resolvers? e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8, etc.? https://public-dns.info/ ? Nick

Re: Follow up to "has virtualization become obsolete in 5G"?

2021-01-16 Thread Nick Hilliard
Etienne-Victor Depasquale wrote on 16/01/2021 11:34: The term NFV is a bit of a stretch for what is really network-function-containerization. Like ~ everything else relating to computers, network management and service provisioning functionality boils down to executing CPU instructions on

Re: Parler

2021-01-11 Thread Nick Hilliard
Eric S. Raymond wrote on 11/01/2021 00:00: Yes, it would. This was an astonnishingly stupid move on AWS's part; I'm prett sure their counsel was not conmsulted. this is quite an innovative level of speculation. Care to provide sources? Nick

Re: A letter from the CEO

2020-11-23 Thread Nick Hilliard
Warren Kumari wrote on 23/11/2020 16:05: They are better than terrorbits, which is what happen when anyone in the family says "My Internet is broken, can you fix it?" best to approach incidents like this with gigglebits, e.g. the sort of response that accompanies replies like "you did WHAT??

Re: 100G over 100 km of dark fiber

2020-10-30 Thread Nick Hilliard
Dale W. Carder wrote on 30/10/2020 14:33: You may also find that 100G PAM4 could work. not at 100km. This would be outside the dispersion tolerance limits for pam4. Nick

Re: Ingress filtering on transits, peers, and IX ports

2020-10-15 Thread Nick Hilliard
Saku Ytti wrote on 15/10/2020 15:29: But you have to think about what prefixes a customer has. If BGP you need to generate prefix-list, if static you need to generate a static route. As you already have to know and manage this information, what is the incremental cost to also emit an ACL? the

Re: Ingress filtering on transits, peers, and IX ports

2020-10-14 Thread Nick Hilliard
Brian Knight via NANOG wrote on 13/10/2020 23:49: Strict mode won't work for us, because with our multi-homed transits and IX peers, we will almost certainly drop a legitimate packet because the best route is through another transit. there's no "almost" about it: strict mode is unfeasible for

Re: Hand held copper Ethernet testers

2020-09-30 Thread Nick Hilliard
Chris Boyd wrote on 30/09/2020 21:24: My old Test-Um Lanscaper died, and I was curious what people liked these days. Don’t need throughput testing or anything like that, just basic wire map testing, cable ID, cable length, PoE voltage, and DHCP client. What do y’all like?

Re: BFD for routes learned trough Route-servers in IXPs

2020-09-16 Thread Nick Hilliard
Ryan Hamel wrote on 16/09/2020 03:01: Install a route optimizer that constantly pings next hops or if you want a more reliable IXP experience, don't install a route optimiser and if you do, don't make it ping next-hops. - you're not guaranteed that the icmp reply back to the route optimiser

Re: SRv6

2020-09-15 Thread Nick Hilliard
Saku Ytti wrote on 15/09/2020 18:05: You just move the encapsulation from in-order to inside-ip making everything harder for SW and much harder for HW, the simplicity is a lie. to quantify this, the tunneling header increased in size from a minimum of 4 octets to a minimum of 40 octets. If

Re: SRv6

2020-09-15 Thread Nick Hilliard
Mark Tinka wrote on 15/09/2020 07:04: My head hurts:-)... yep, and you're not alone - the complexity level is pretty high, right from the control plane to the hardware. It's not clear that the modest net gain in functionality is worth it. Nick

Re: SRv6

2020-09-14 Thread Nick Hilliard
aar...@gvtc.com wrote on 14/09/2020 20:03: Thanks Nick, I only see the following layers... I see no extension headers behind the ipv6 header. I sent you the wireshark sniff directly so you can see what I'm seeing. you should see extension headers if you're doing more complex stuff? E.g. if

Re: SRv6

2020-09-14 Thread Nick Hilliard
aar...@gvtc.com wrote on 14/09/2020 18:57: But rather, shows my L3VPN v4 traffic riding v6 and that’s it. that is how SRv6 works. IPv6 + extension headers (+ a bit extra which is incompatible with ipv6). Let me know if I’m seeing an SRH and just don’t know it, LOL. Check out the IPv6

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

2020-09-09 Thread Nick Hilliard via NANOG
Jeff Tantsura via NANOG wrote on 09/09/2020 09:03: De-facto standards are as good as people implementing them, however in order to enforce non ambiguous implementations, it has to be de-jure (e.g. a standard track RFC). While I’m sympathetic to the idea, I’m quite skeptical about its

Re: Centurylink having a bad morning?

2020-09-02 Thread Nick Hilliard
Shawn L via NANOG wrote on 02/09/2020 12:15: We once moved a 3u server 30 miles between data centers this way. Plug redundant psu into a ups and 2 people carried it out and put them in a vehicle. hopefully none of these server moves that people have been talking about involved spinning disks.

Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

2020-08-26 Thread Nick Hilliard
K. Scott Helms wrote on 26/08/2020 13:55: To be clear, UDP port 0 is not and probably shouldn't be blocked because some network gear and reporting tools may mistake a fragmented UDP PDU for port 0. That's an implementation error, but one that may be common enough to create issues for users. do

Re: Bottlenecks and link upgrades

2020-08-13 Thread Nick Hilliard
Mark Tinka wrote on 13/08/2020 11:31: It's great to monitor packet loss, latency, pps, e.t.c. But packet loss at 10% link utilization is not a foreign occurrence. No amount of bandwidth upgrades will fix that. you could easily have 10% utilization and see packet loss due to insufficient

Re: BGP route hijack by AS10990

2020-08-01 Thread Nick Hilliard
Sabri Berisha wrote on 01/08/2020 20:59: My point is that there can be operational reasons to do so, and whatever they wish to do on their network is perfectly fine. As long as they don't bother the rest of the world with it. I get what you're saying, and am a big fan of personal

Re: BGP route hijack by AS10990

2020-08-01 Thread Nick Hilliard
Sabri Berisha wrote on 01/08/2020 20:03: but because Noction's decision to not enable NO_EXPORT by default the primary problem is not this but that Noction reinjects prefixes into the local ibgp mesh with the as-path stripped and then prioritises these prefixes so that they're learned as the

Re: BGP route hijack by AS10990

2020-08-01 Thread Nick Hilliard
Mark Tinka wrote on 01/08/2020 12:20: The difference between us and aviation is that fundamental flaws or mistakes that impact safety are required to be fixed and checked if you want to keep operating in the industry. We don't have that, so... ... so once again, route optimisers were at the

Re: BGP route hijack by AS10990

2020-07-31 Thread Nick Hilliard
Hank Nussbacher wrote on 31/07/2020 08:21: But wait - MANRS indicates that Telia does everything right: Not only that, Telia indicates that Telia does everything right: https://www.teliacarrier.com/our-network/bgp-routing/routing-security-.html "We reject RPKI Invalids on all BGP Sessions;

Re: RFC 5549 - IPv4 Routes with IPv6 next-hop - Does it really exists?

2020-07-29 Thread Nick Hilliard
Mark Tinka wrote on 29/07/2020 17:06: > Meaning the initial setup would still require the use of literal IP > addresses? You can't use hostnames, if that's what you're asking. FRR will also do unnumbered BGP with auto-config. Nick

Re: RFC 5549 - IPv4 Routes with IPv6 next-hop - Does it really exists?

2020-07-29 Thread Nick Hilliard
Mark Tinka wrote on 29/07/2020 15:51: > I'm curious to know if this is after-the-fact, as I can't think of a way > that BGP would find hostnames to setup sessions with, outside of some > kind of upper layer name resolution capability. > > The draft isn't clear on how this happens, if it is,

Re: RFC 5549 - IPv4 Routes with IPv6 next-hop - Does it really exists?

2020-07-29 Thread Nick Hilliard
Mark Tinka wrote on 29/07/2020 15:09: > Are the names based on DNS look-ups, or is there some kind of protocol > association between the device underlay and its hostname, as it pertains > to neighbors? afaik, this is an implementation of draft-walton-bgp-hostname-capability. Nick

Re: cloud backup

2020-07-26 Thread Nick Hilliard
Michael Thomas wrote on 26/07/2020 21:39: AWS S3 infrequent access is $40/month. If it's really archival backup AWS has glacier which is less than $20/month, but it's name gives you an idea of what it is. how much does a full restore cost with these options? Nick

Re: questions asked during network engineer interview

2020-07-21 Thread Nick Hilliard
William Herrin wrote on 21/07/2020 20:21: This is happening a lot in the big shops like Amazon that can afford to employ software developers to write purpose-built network code. IOW, it works if you have a large and homogeneous enough network with a sufficiently narrowly product portfolio

Re: BFD for long haul circuit

2020-07-17 Thread Nick Hilliard
Tom Hill wrote on 17/07/2020 16:06: If you're a service provider, don't buy a consumer product and hope to sell it on at a similar (or higher) SLA rate to other consumers; that way lies ruin. I was going to suggest that there wasn't much in the way of consumer grade international circuits, so

Re: Anyone running C-Data OLTs?

2020-07-13 Thread Nick Hilliard
Mark Tinka wrote on 13/07/2020 16:03: Still don't know what "third world" means (of course I do...), but Obviously he means countries like Sweden, Ireland and Switzerland. https://en.wikipedia.org/wiki/Third_World#/media/File:Cold_War_alliances_mid-1975.svg It's not clear why there's any

Re: SaoPaolo to Frankfurt

2020-07-13 Thread Nick Hilliard
Colin Stanners (lists) wrote on 13/07/2020 14:41: Looking at the Wikipedia article, it claims that  Atlantis-2 “can already be upgraded with current technology to 160Gbit/s”. Would be interesting why that wasn’t already done on this 20-year-old cable – assuming that the underground

Re: why am i in this handbasket? (was Devil's Advocate - Segment Routing, Why?)

2020-06-22 Thread Nick Hilliard
Masataka Ohta wrote on 22/06/2020 13:49: But, it should be noted that a single class B routing table entry "a single class B routing table entry"? Did 1993 just call and ask for its addressing back? :-) But, it should be noted that a single class B routing table entry often serves for an

Re: Hurricane Electric has reached 0 RPKI INVALIDs in our routing table

2020-06-18 Thread Nick Hilliard
Mark Tinka wrote on 18/06/2020 11:56: Invalid routes being dropped creates downtime. People respond to downtime a lot more eagerly. humanity is a crisis-driven species. Nick

Re: Hurricane Electric has reached 0 RPKI INVALIDs in our routing table

2020-06-18 Thread Nick Hilliard
Mark Tinka wrote on 18/06/2020 11:16: On 17/Jun/20 21:16, Tim Warnock wrote: How did you know? Is there some monitoring system available to let you know or do you have your own? The usual way - a customer complained :-). The customer monitoring system is very reliable and often superior to

Re: Mikrotik RPKI Testing

2020-06-18 Thread Nick Hilliard
Musa Stephen Honlue wrote on 18/06/2020 03:38: Did you face any issues with IPv6 on 6.4, I personally have participated in deployment projects on Mikrotik for many large networks. mikrotik ROS6 doesn't support next-hop recursion for ipv6 routes:

Re: Router Suggestions

2020-06-16 Thread Nick Hilliard
Baldur Norddahl wrote on 16/06/2020 07:32: purpose in life is to be a cold spare and a lab router. Why pay someone else for having a cold spare ready for next day replacement when you can have it yourself? e.g. your production deployment might be in another country, and getting equipment in

Re: Router Suggestions

2020-06-15 Thread Nick Hilliard
Patrick Cole wrote on 15/06/2020 14:16: MX204's may have gotten chaper in the last year I don't know. But YMMV. OP needs to check the licensing package for the MX204, and work out the N-year TCO. Nick

Re: [c-nsp] LDPv6 Census Check

2020-06-11 Thread Nick Hilliard
Phil Bedard wrote on 11/06/2020 17:49: Just to clarify the only routers who potentially need to inspect or do anything with those headers are endpoints who require information in the extension header or hops in an explicit path. In the simple example I gave, there are no extension headers at

Re: [c-nsp] LDPv6 Census Check

2020-06-11 Thread Nick Hilliard
Mark Tinka wrote on 11/06/2020 10:48: We are asking for LDP to extended to support IPv6. Really, how hard is that? Nearly impossible, apparently. It would require a change of mindset. Nick

Re: [c-nsp] LDPv6 Census Check

2020-06-11 Thread Nick Hilliard
Saku Ytti wrote on 11/06/2020 05:51: Unfortunately SRv6 is somewhat easy to market with the whole 'it's simple, just IP' spiel. it's not "just IP": it's ipv6 with per-router push / pop operations on ipv6 extension headers, i.e. high touch in areas which are known to be deeply troublesome on

Re: Partial vs Full tables

2020-06-08 Thread Nick Hilliard
William Herrin wrote on 08/06/2020 18:53: 4 gigs and 2 cores is more than sufficient for a 1 gbps router at the current 800k routes 1gbps is residential access speed. Is this still useful in the dfz? Nick

Re: Google peering pains in Dallas

2020-04-30 Thread Nick Hilliard
Jared Mauch wrote on 30/04/2020 19:09: This is why the majority of traffic volume for interconnection has generally been over private peering links (paid, SFI, otherwise). ixps have always been a mid-market phenomenon. They don't deal with the high volume data flows because it never made

Re: Are underground utility markers essential workers?

2020-04-22 Thread Nick Hilliard
Sean Donelan wrote on 21/04/2020 19:57: Utility markers don't get the recognition they deserve.  If they aren't essential workers, they should be and get hazard pay. They help protect everyone's fiber and cables and pipes that go boom. we have a very poorly-defined idea of what

Re: BIRD / BGP-ORR experiences?

2020-04-15 Thread Nick Hilliard
Deepak Jain wrote on 15/04/2020 08:52: Do we even like BGP ORR? yes, but it needs to be planned carefully. Nick

Re: free collaborative tools for low BW and losy connections

2020-03-31 Thread Nick Hilliard
Joe Greco wrote on 31/03/2020 15:55: There's a strange disconnect here. The concept behind Usenet is to have a distributed messaging platform. It isn't clear how this would work without ... well, distribution. The choice is between flood fill and perhaps something a little smarter, for which

Re: free collaborative tools for low BW and losy connections

2020-03-31 Thread Nick Hilliard
Joe Greco wrote on 29/03/2020 23:14: Flood often works fine until you attempt to scale it. Then it breaks, just like Bj??rn admitted. Flooding is inherently problematic at scale. For... what, exactly? General Usenet? yes, this is what we're talking about. It couldn't scale to general

Re: free collaborative tools for low BW and losy connections

2020-03-29 Thread Nick Hilliard
Joe Greco wrote on 29/03/2020 21:46: On Sun, Mar 29, 2020 at 07:46:28PM +0100, Nick Hilliard wrote: That's so hideously wrong. It's like claiming web forums don't work because IP packet delivery isn't reliable. Really, it's nothing like that. Sure it is. At a certain point you can get web

Re: free collaborative tools for low BW and losy connections

2020-03-29 Thread Nick Hilliard
Joe Greco wrote on 29/03/2020 15:56: On Sun, Mar 29, 2020 at 03:01:04PM +0100, Nick Hilliard wrote: because it uses flooding and can't guarantee reliable message distribution, particularly at higher traffic levels. That's so hideously wrong. It's like claiming web forums don't work because

Re: free collaborative tools for low BW and losy connections

2020-03-29 Thread Nick Hilliard
Bjørn Mork wrote on 29/03/2020 13:44: How is nntp non-scalable? because it uses flooding and can't guarantee reliable message distribution, particularly at higher traffic levels. The fact that it ended up having to implement TAKETHIS is only one indication of what a truly awful protocol it

Re: ISC BIND 9 breakage?

2020-03-26 Thread Nick Hilliard
Clayton Zekelman wrote on 26/03/2020 09:49: Was it a "glitch" or someone just plain old forgot to do it? forgot to re-sign the zone on dlv.isc.org or forgot to remove dnssec-lookaside from the config? Not kidding here. People need to take responsibility for their configurations. Nick

Re: free collaborative tools for low BW and losy connections

2020-03-25 Thread Nick Hilliard
Paul Ebersman wrote on 25/03/2020 16:59: And scary as it sounds, UUCP over SLIP/PPP worked remarkably robustly. uucp is a batch oriented protocol so it's pretty decent for situations where there's no permanent connectivity, but uncompelling otherwise. nntp is a non-scalable protocol which

Re: ISC BIND 9 breakage?

2020-03-25 Thread Nick Hilliard
The fix is either to remove "dnssec-lookaside auto;" from the config or else set "dnssec-lookaside no;" and then reload named. Nick Drew Weaver wrote on 25/03/2020 17:18: Did anyone else on CentOS 6 just have some DNS resolvers totally fall over? I noticed that this command: dnssec-lookaside

Re: Sunday traffic curiosity

2020-03-22 Thread Nick Hilliard
Grant Taylor via NANOG wrote on 22/03/2020 19:17: What was wrong with Internet scale multicast?  Why did it get abandoned? there wasn't any problem with inter-domain multicast that couldn't be resolved by handing over to level 3 engineering and the vendor's support escalation team. But

Re: CISA: Guidance on the Essential Critical Infrastructure Workforce

2020-03-19 Thread Nick Hilliard
Sean Donelan wrote on 19/03/2020 21:36: https://www.cisa.gov/publication/guidance-essential-critical-infrastructure -workforce the URL had a line break inserted. This should work better: https://www.cisa.gov/publication/guidance-essential-critical-infrastructure-workforce on cursory skim

Re: Quagga for production?

2020-03-18 Thread Nick Hilliard
Mark Tinka wrote on 18/03/2020 17:02: I prefer to have a number of core systems accessible in the IGP, because BGP can sometimes get hosed for one reason or another. BGP always needs IGP to work. The reverse is not true, and reduces us to absolute basics when it hits the fan (which it has, a

Re: Quagga for production?

2020-03-18 Thread Nick Hilliard
Mark Tinka wrote on 18/03/2020 14:25: At the moment, I run Quagga with OSPF and export that into my IS-IS core to drive Anycast services. I used to use ISIS for this, but more recently moved to ebgp with 1s/3s timers. The convergence characteristics are reasonable and as the only routing

Re: Hi-Rise Building Fiber Suggestions

2020-02-26 Thread Nick Hilliard
Randy Bush wrote on 26/02/2020 16:14: We use plenty of multi-mode, but only in the data centre, between our own kit, for racks within the same cage. so you have to stock both single and multi? hmmm in-cabinet multimode can make sense, as long as you keep the stock types contained, i.e.

Re: akamai yesterday - what in the world was that

2020-01-25 Thread Nick Hilliard
Valdis Klētnieks wrote on 24/01/2020 21:20: I remember when a "gateway" was a Microvax II with an ethernet card and a bisync card I remember the day when the microvax II and all the other vaxes on campus were upgraded from CMU-TEK to the Multinet TCP/IP stack. Gone were the days of maxing

Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

2019-12-31 Thread Nick Hilliard
joel jaeggli wrote on 31/12/2019 18:10: TLS1.0 is genuinely hard to support at this point. Doing so limits the tooling you can use, It limits the CDNs that you can use. It forces you to use obsolete codes bases. not just that, TLS 1.2 has been around since 2008, i.e. 1 month before android

Re: Starting to Drop Invalids for Customers

2019-12-11 Thread Nick Hilliard
Christopher Morrow wrote on 11/12/2019 03:45: On Tue, Dec 10, 2019 at 7:32 PM Rubens Kuhl wrote: Which brings me to my favorite possible RPKI-IRR integration: a ROA that says that IRR objects on IRR source x with maintainer Y are authoritative for a given number resource. Kinda like SPF for

Re: Comcast & NTT packet loss today

2019-12-04 Thread Nick Hilliard
Randy Bush wrote on 04/12/2019 21:05: just to say that they are awesome so, uh, you don't recommend them to your competitors then? Nick

Re: Russian government’s disconnection test

2019-11-02 Thread Nick Hilliard
Sean Donelan wrote on 02/11/2019 19:32: Has anyone compared the network resiliancy and reliability in countries with centralized control with similar situated countries with decentralized networks? US-EU connectivity is curious. E.g. how many active transatlantic EU-US cable systems are

Re: RTG

2019-10-30 Thread Nick Hilliard
Drew Weaver wrote on 30/10/2019 12:25: We’ve been using this product for years and years http://rtg.sourceforge.net/ to collect and store SNMP statistics. It has been working fine for us. I haven’t really been able to find much information about forks, new versions, and development happening

Re: Poor mans TAP

2019-10-07 Thread Nick Hilliard
Dovid Bender wrote on 07/10/2019 18:10: The issue is that the traffic coming in, is coming from a Juniper switch where the traffic has vlan tags on the packets. you might want to disable it on the entire vlan. Nick

Re: IPv6 Thought Experiment

2019-10-02 Thread Nick Hilliard
Antonios Chariton wrote on 02/10/2019 17:33: What if, globally, and starting at January 1st, 2020, someone (imagine a government or similar, but with global reach) imposed an IPv4 tax. For every IPv4 address on the Global Internet Routing Table, you had to pay a tax. Let’s assume that this can

Re: Google DNS Oddity

2019-09-06 Thread Nick Hilliard
Nick Hilliard wrote on 06/09/2019 21:19: Chip Marshall via NANOG wrote on 06/09/2019 20:11: Hello, I'm seeing an oddity when doing DNS lookups for www.google.com from our London datacenter, and I'm curious if other people are seeing the same behavior. I saw a bunch of monitoring systems

Re: Google DNS Oddity

2019-09-06 Thread Nick Hilliard
Chip Marshall via NANOG wrote on 06/09/2019 20:11: Hello, I'm seeing an oddity when doing DNS lookups for www.google.com from our London datacenter, and I'm curious if other people are seeing the same behavior. I saw a bunch of monitoring systems queries for www.google.com/A return back with

Re: Mx204 alternative

2019-09-02 Thread Nick Hilliard
Baldur Norddahl wrote on 02/09/2019 13:52: You can move a lot of traffic even with an old leftover server. Especially if you are not concerned with moving 64 bytes DDoS at line speed, because likely you would be down anyway in that case. indeed, and there are very few problems that might

Re: Weekly Routing Table Report

2019-08-31 Thread Nick Hilliard
Masataka Ohta wrote on 31/08/2019 12:14: Your proposal is almost a text-book case of RFC1925, section 6: FYI, the rfc was published on 1 April. I'm aware of the date that rfc1925 was published and the significance of the date, and also that rfc1925 was intended to take a humorous approach

Re: Weekly Routing Table Report

2019-08-31 Thread Nick Hilliard
Masataka Ohta wrote on 31/08/2019 11:35: If you can't accept the following principle of the End to End argument: The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the end points of the

Re: Weekly Routing Table Report

2019-08-31 Thread Nick Hilliard
Masataka Ohta wrote on 31/08/2019 04:04: The solution is: https://tools.ietf.org/html/draft-ohta-e2e-multihoming-03 but IETF is working on stupid things like LISP only to increase load to the global routing system. nothing comes for free. Pushing the complexity down to the host level is

Re: Performance metrics used in commercial BGP route optimizers

2019-07-16 Thread Nick Hilliard
routes all the way to /32 or /128, for traffic engineering with ease, and/or RTBH. Ryan -Original Message- From: NANOG On Behalf Of Nick Hilliard Sent: Tuesday, July 16, 2019 11:04 AM To: Job Snijders Cc: NANOG Subject: Re: Performance metrics used in commercial BGP route optimizers Jo

Re: Performance metrics used in commercial BGP route optimizers

2019-07-16 Thread Nick Hilliard
Job Snijders wrote on 16/07/2019 18:41: I consider it wholly inappropriate to write-off the countless hours spend dealing with fallout from "BGP optimizers" and the significant financial damages we've sustained as "religious arguments". it would be interesting to see research into the

Re: CloudFlare issues?

2019-07-04 Thread Nick Hilliard
Francois Lecavalier wrote on 04/07/2019 16:22: My assumption is that 1.Accept valid, 2. Accept unknown, 3. Reject invalid shouldn’t break anything. Accepting valid ROAs is a better idea after checking that the source AS is legitimate from the peer. Nick

Re: Anyone from AT/AS7018 available?

2019-06-26 Thread Nick Hilliard
um, blaring someone's personal email address to 10,000 people for a work related thing? Really? Nick TJ Trout wrote on 26/06/2019 19:48: try Jay Borkenhagen On Wed, Jun 26, 2019 at 11:31 AM Christopher Rogers wrote: I'm a customer of 7018 and am currently struggling to get anyone

Re: Power cut if temps are too high

2019-05-28 Thread Nick Hilliard
Warren Kumari wrote on 28/05/2019 14:45: There isn't much point to this story, but I've got a cold, and wanted to share...:-P whoever brought this cold to the RIPE meeting and infected a bunch of us has a lot to answer for, damn them. :-( Nick

Re: EXERCISE: 2019 IAA Planetary Defence Conference - Day 5 Scenario

2019-05-07 Thread Nick Hilliard
Marshall Eubanks wrote on 07/05/2019 21:16: Yes, they kept moving the impact site around all week (both Denver and West Africa were mentioned at times). Some people wiser than I guessed Central Park early on, but I thought that was too obvious. Good thing I didn't make a bet on it. pfft,

Re: Advertisement of Equinix Chicago IX Subnet

2019-03-27 Thread Nick Hilliard
Graham Johnston wrote on 27/03/2019 21:36: What am I doing that isn’t best practices that would have prevented this? you're setting the next-hop of the prefixes learned at the IXP to be your own IP address from the IXP subnet (i.e. 208.115.136.0/23). When your routers learn this address

Re: AT/as7018 now drops invalid prefixes from peers

2019-02-12 Thread Nick Hilliard
Matthew Walster wrote on 12/02/2019 19:27: I'm actually of the opinion that the whole "PKI" part of RPKI is the bit that really needs to die. I'll claim a de-facto godwin if anyone mentions the word "blockchain". Nick

Re: AT/as7018 now drops invalid prefixes from peers

2019-02-12 Thread Nick Hilliard
Matthew Walster wrote on 12/02/2019 14:50: For initial deployment, this can seem attractive, but remember that one of the benefits an ROA gives is specifying the maximum prefix length. This means that someone can't hijack a /23 with a /24. they can if they forge the source ASN. RPKI helps

Re: Calling LinkedIn, Amazon and Akamai @ DE-CIX NY

2019-02-01 Thread Nick Hilliard
Bryan Holloway wrote on 01/02/2019 01:00: What's the next step, if any? use edge ACLs on the IXP infrastructure to block BGP on the old IP address range. You can then use ARP ping to work out who's still got the old IP addresses configured. Nick

Re: RTBH no_export

2019-01-31 Thread Nick Hilliard
Roel Parijs wrote on 31/01/2019 19:28: What is your opinion on this ? you should implement a different community for upstream blackholing. This should be stripped at your upstream links and replaced with the provider's RTBH community. Your provider will then handle export restrictions as

Re: BGP Experiment

2019-01-27 Thread Nick Hilliard
William Allen Simpson wrote on 27/01/2019 18:21: OK, Randy, you peaked my interest: what is a naggumite? http://naggum.no/worse-is-better.html a.k.a. "perfect is the enemy of good enough". Nick

Re: BGP Experiment

2019-01-26 Thread Nick Hilliard
Randy Bush wrote on 26/01/2019 16:15: if you know of an out-of-spec vulnerability or bug in deployed router, switch, server, ... ops and researchers should exploit it as much as possible in order to encourage fixing of the hole. It came out as "please continue", but the sentiment sounded less

Re: BGP Experiment

2019-01-23 Thread Nick Hilliard
Töma Gavrichenkov wrote on 23/01/2019 18:00: What if next time e.g. the bad guys would be doing this? Would you urge them to also get a sandbox? Send them a strongly worded memo. If that doesn't work, threaten to send them a second. Nick

Re: BGP Experiment

2019-01-08 Thread Nick Hilliard
niels=na...@bakker.net wrote on 08/01/2019 16:48: After seeing this initial result I'm wondering why the researchers couldn't set up their own sandbox first before breaking code on the internet.  I believe FRR is a free download and comes with GNU autoconf. the researchers didn't break code -

Re: IGP protocol

2018-11-18 Thread Nick Hilliard
Saku Ytti wrote on 18/11/2018 10:59: AFAIK there are no known attacks against HMAC-MD5. eBGP I don't care about. But for iBGP I consider this a problem: one of the few uses for tcp/md5 protection on bgp sessions can be found at IXPs where if you have an participant leaving the fabric, there

Re: Not announcing (to the greater internet) loopbacks/PTP/infra - how ?

2018-10-04 Thread Nick Hilliard
William Herrin wrote on 04/10/2018 20:53: I wonder if it would be useful to ask the IETF to assign a block of "origination-only" IP addresses... IP addresses which by standard are permitted to be the source of ICMP packets but which should be unreachable by forward routing. no - this would be

Re: Towards an RPKI-rich Internet (and the appropriate allocation of responsibility in the event an RIR RPKI CA outage)

2018-10-01 Thread Nick Hilliard
John Curran wrote on 01/10/2018 00:21: There is likely some on the nanog mailing list who have a view on this matter, so I pose the question of "who should be responsible" for consequences of RPKI RIR CA failure to this list for further discussion. other replies in this thread have assumed

Re: Massive Price Increase for X-conns at Telehouse Chelsea, NYC

2018-09-17 Thread Nick Hilliard
Patrick W. Gilmore wrote on 17/09/2018 22:40: Expecting any for-profit business (all of them, not just REITs) to do less than extract maximum cash is deluding yourself. oh sure, but price gouging is often bad business practice in the long term. Humans evolved a strong sense of injustice and

Re: Rising sea levels are going to mess with the internet

2018-07-23 Thread Nick Hilliard
Matt Harris wrote on 23/07/2018 16:13: I'm not sure exactly what this means, but in general, I think it's fair to say that the US has taken a more market-driven approach that includes working with industry to decrease carbon emissions. During the same time frame the EU, China, and other nations

Re: Rising sea levels are going to mess with the internet

2018-07-23 Thread Nick Hilliard
Rob McEwen wrote on 23/07/2018 11:54: HINT: We won't. For example, look at the blue line at the end of this "scary graph" from a "climage change" site that has your same viewpoint: https://insideclimatenews.org/content/average-global-sea-level-rise-1993-2017 - as scary as that chart looks like

Re: at business ipv6

2018-06-21 Thread Nick Hilliard
Randy Bush wrote on 21/06/2018 16:35: anyone been to this movie and care to divulge the plot? Yes, one particular plotline which can explain why docsis systems do this is that standard residential customers are provisioned using giant broadcast domains directly on the cable, with DHCP

Re: Time to add 2002::/16 to bogon filters?

2018-06-19 Thread Nick Hilliard
Job Snijders wrote on 18/06/2018 22:08: Is there still really any legit reason left to accept, or propagate, 2002::/16 on EBGP sessions in the DFZ? Out of curiosity, I ran a some atlas probe ping tests earlier today to both a 6to4 test host and a separate control host with good quality v6

Re: Application or Software to detect or Block unmanaged swicthes

2018-06-07 Thread Nick Hilliard
segs wrote on 07/06/2018 09:57: Is there a solution that can detect new or unmanaged switches on the network, and block such devices or if there is a solution that block users that connect to unmanaged switches on the network even if those users have domain PCs. this is really an enterprise

Re: Broadcom vs Mellanox based platforms

2018-06-04 Thread Nick Hilliard
Kasper Adel wrote on 04/06/2018 06:41: Assuming these vendors give the same SDK and similar documentation/support, then what would be comparison points to consider, other than the obvious (price, features, bps, pps). power draw. Depending on your hosting costs, the differences in power draw

  1   2   3   4   5   6   7   8   >