Re: Issues encountered with assigning .0 and .255 as usable addresses?

2012-10-22 Thread Job Snijders
/news/2012/10/ring-success-the-ipv4-255-problem/ So yes, apparently problems like these still arise once in a while. My recommendation would be to fix the equipment and not blame it on .0 or .255. Kind regards, Job Snijders

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

2012-12-14 Thread Job Snijders
Hi Jean, On Dec 14, 2012, at 9:12 PM, Jean-Francois Mezei jfmezei_na...@vaxination.ca wrote: On 12-12-14 15:13, Jason Castonguay wrote: I've given 3 weeks + 6 months (at least) notice on a service change that will not be noticed by most anyone. Upon hearing your announcement, I went

Re: Simple/best tool to verify PMTUD?

2012-12-19 Thread Job Snijders
Hi, On Dec 18, 2012, at 7:59 PM, Christopher J. Pilkington c...@0x1.net wrote: I'm looking for a simple tool to verify PMTUD is usable along a particular path. Ideally this tool would be cross-platform, or run on Linux or Windows. I've done some testing of my own by hand, but hoping a tool

Re: Need a Yahoo network contact

2012-12-19 Thread Job Snijders
On Dec 19, 2012, at 8:46 PM, Joe Freeman joe.free...@terenine.com wrote: I need a Yahoo contact if anyone is available. I'm having issues with customers on 186.65.92.0/22 (ASN52379) out of Costa Rica being able to reach Yahoo sites (www.yahoo.com/www.flickr.com) with their web browsers, but

State of the RING 2012

2012-12-28 Thread Job Snijders
! Without the continued support from lots of participants the RING would not be where it is today. We are proud to be playing a small role in making the Internet an easier thing to debug and research. Again, thank you! Kind regards, Job Snijders Martin Pels Peter van Dijk Edwin Hermans ringthing

Re: GeekTools Whois Proxy and RIPE/RIPE-NCC

2012-12-31 Thread Job Snijders
Hi Rodney, From the looks of it, this decision was made by the RIPE NCC Executive Board rather than at the General Meeting. Inqueries will have to be made why this was decided, and what the consequences are. But, I don't expect a resolution to be reached in the next 6 hours. In the meantime

Re: Dreamhost hijacking my prefix...

2013-01-11 Thread Job Snijders
Hi all, Atrato / 5580 here. We don't have direct peering with AS26347, although we learn the AS26347 prefixes through the 206.223.143.253 (AS 19996) routeserver in LAX. So in a sense we are peering :-) Kind regards, Job On Jan 11, 2013, at 7:31 PM, Andree Toonk andree+na...@toonk.nl

Re: bgp for ipv6 question

2013-02-14 Thread Job Snijders
Hi, On Feb 14, 2013, at 2:02 PM, Deric Kwok deric.kwok2...@gmail.com wrote: Can I know how many ipv6 full bgp table routes now? Here are various sources to discover the size of the IPv6 internet routing table:

Re: whois.radb.net returning blank results

2013-03-04 Thread Job Snijders
Hi, NRTM still works according to my mirrors. So for up 2 date data, you could use irr.ring.nlnog.net: Alice:~ job$ whois -h irr.ring.nlnog.net 198.41.0.0 | wc -l 437 Alice:~ job$ Kind regards, Job On Mar 4, 2013, at 5:36 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On

Re: Dreamhost/AS26347 unauthorized bgp announcement

2013-03-06 Thread Job Snijders
Hi Mat, I see the same thing, we learn the prefix from the route-server in LAX: tel...@r1.lax1.usshow ip bgp routes detail 90.201.80.0/20 Number of BGP Routes matching display condition : 1 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP

Re: Dreamhost/AS26347 unauthorized bgp announcement

2013-03-06 Thread Job Snijders
to be gone. Can anybody (preferably from Any2 or Dreamhost) shed more light on this matter? Kind regards, Job On Mar 6, 2013, at 2:43 PM, Drew Weaver drew.wea...@thenap.com wrote: They're doing this to our routes in any2 in LA as well. ... -Original Message- From: Job Snijders

Re: Dreamhost/AS26347 unauthorized bgp announcement

2013-03-07 Thread Job Snijders
Hi all, Just a small update. Off-list Andree and me have been working together with Kenneth from dreamhost to try and figure out what exactly happened and which device or party orginated these prefixes. Unfortunately no hard conclusions can be drawn from the data available to us, especially

Re: BGP hijack of Spamhaus?

2013-03-29 Thread Job Snijders
Hi Nicolai, It really happened, here are my notes. http://instituut.net/~job/cb3rob-spamhaus-hijack-21-mar-2013.txt Renesys also confirmed seeing the /32 from that direction, but they could not share the data because of an NDA. Because it was a /32, it was a hyperlocal event, if you

Re: route for linx.net in Level3?

2013-04-03 Thread Job Snijders
Hi John, On Apr 4, 2013, at 12:52 AM, John Kemp k...@network-services.uoregon.edu wrote: Having trouble reaching route-views.linx.routeviews.org from AS3582. I'm assuming that some folks stopped carrying this particular linx.net address prefix as of this morning. ?!? Indeed LINX has

Re: Implementations/suggestions for Multihoming IPv6 for DSL sites

2011-04-08 Thread Job Snijders
and it works fine. I'm multihoming my IPv6 /48 over a v6-only DSL and a v4-only FTTH connection. More information about LISP be found here: http://www.lisp4.net/ Kind regards, Job Snijders

Re: Implementations/suggestions for Multihoming IPv6 for DSL sites

2011-04-09 Thread Job Snijders
Dear All, On 8 Apr 2011, at 19:34, Lori Jakab wrote: On 04/08/2011 06:39 PM, Owen DeLong wrote: LISP can also be a good option. Comes with slightly more overhead in terms of encapsulation/etc. than the GRE tunnels I use and has limited (if any) functionality for IPv4 (which GRE supports

Re: LISP

2011-04-11 Thread Job Snijders
Dear Christina, On 11 Apr 2011, at 16:49, Christina Klam wrote: One of our ISP is planning to do a LISP deployment. (1) Does anyone know if Sprint uses LISP? (2) Does anyone know of any good guides/documentation of LISP? I cannot answer question 1. But I do work for an ISP that's

peeringdb accuracy research

2013-05-23 Thread Job Snijders
this? I will present the findings at the upcoming NANOG meeting in New Orleans [1]. Given that the NANOG meeting is approaching rapidly, I urge you to submit your data sooner rather than later. :-) Kind regards, Job Snijders [1] - CSV format should be formatted like column 1: ASN, column 2: remote IP

Re: Single AS multiple Dirverse Providers

2013-06-10 Thread Job Snijders
Hi, The alternative is to expect networks with 100s or 1000s of locations to burn 100s or 1000s of ASNs. Which I think is a bit silly. Hence my question about possibly changing the rules. I see no issue with that, we have an ASN pool of roughly 4294967280 ASNs. There is no shortage. Also

Re: peeringdb accuracy research

2013-06-13 Thread Job Snijders
://nanog.org/sites/default/files/wed.general.peeringdb.accuracy.snijders.14.pdf Kind regards, Job On May 23, 2013, at 12:28 PM, Job Snijders job.snijd...@atrato.com wrote: Dear fellow networkers, I need your help! For the good of PeeringDB I am researching the accuracy of the current

Re: BGPmon.net /32 hijack alerts

2013-07-26 Thread Job Snijders
On Jul 26, 2013, at 3:09 PM, Grzegorz Janoszka grzeg...@janoszka.pl wrote: On 26-07-13 14:59, NetSecGuy wrote: BGPMon.net has alerted me to /32 hijacks. Does anyone have thoughts on what this might be and if it's malicious or misconfiguration? My first thought is leaked null routes.Is

Re: 32-bit ASN acceptance by ISPs in ARIN region

2013-09-23 Thread Job Snijders
On Mon, Sep 23, 2013 at 11:28:58PM +1000, Geoff Huston wrote: On 23/09/2013, at 8:01 PM, Nick Hilliard n...@foobar.org wrote: I look forward to the day when we have proper 32 bit BGP community support and ASN32s finally become usable on nontrivial networks. Is there some reference

Network configuration archiving

2013-10-24 Thread Job Snijders
Dear all, I am unsure what we as networkers have done in the past, but I am sure we've done our fair share of atonement and don't have to keep using RANCID. Some might say it took ages to get rancid to do kinda what we want!, but not all software ages well. One might work in environments

Re: Network configuration archiving

2013-10-25 Thread Job Snijders
On Fri, Oct 25, 2013 at 12:59:48PM +0100, Matthew Newton wrote: I'll try and post the script (250 lines) somewhere if anyone's interested. It is almost always good to open source your tools, for others to learn and benefit from! :-) Kind regards, Job pgppFb_K8NqR2.pgp Description: PGP

Re: Level3 and ATT Latency

2013-11-06 Thread Job Snijders
On Wed, Nov 06, 2013 at 10:51:08PM +, J.J. Mc Kenna wrote: Comcast to XO due to Comcast's TATA peering issue. Ongoing. I'd love to see verifiable public data to back up that claim. Kind regards, Job pgpkM0i4UwL6b.pgp Description: PGP signature

Re: Route Server Filters at IXPs and 4-byte ASNs

2014-01-25 Thread Job Snijders
Dear Sebastian, On Sat, Jan 25, 2014 at 02:56:16PM +0100, Sebastian Spies wrote: So here's the thing: IXPs usually implement N:M filtering based on standard community strings. As standard BGP communities support only 4 bytes, this only works for IXPs with 2-byte ASNs and peers with 2-byte

Re: Route Server Filters at IXPs and 4-byte ASNs

2014-01-25 Thread Job Snijders
On Sat, Jan 25, 2014 at 10:04:30AM -0500, Bryan Socha wrote: I have over 100,000 servers located in routing diverse datacenters with 4byte ASN numbers and have not had 1 problem or complaint related to the ASN for not able to communicate with the datacenter. The first 1 did make me really

Re: Are specific route objects in RIR databases needed?

2014-01-30 Thread Job Snijders
On Thu, Jan 30, 2014 at 06:51:59PM +0200, Martin T wrote: for example there is a small company with /22 IPv4 allocation from RIPE in European region. This company is dual-homed and would like to announce 4x /24 prefixes to both ISPs. Both ISP's update their prefix-lists automatically based on

Re: While on the subject of IRR and route objects

2014-01-31 Thread Job Snijders
On Fri, Jan 31, 2014 at 08:58:06AM -0500, Alain Hebert wrote: IRRToolset 5.0.1 (rtconfig really) finally gave out on a pretty messy RPSL parse. After a few hours of research, it seems that its dead since 2009 :(. There is some effort at http://irrtoolset.isc.org to reboot

Re: While on the subject of IRR and route objects

2014-01-31 Thread Job Snijders
On Fri, Jan 31, 2014 at 11:32:17AM -0500, Alain Hebert wrote: bgpq3 works great the as-set that was borking rtlookup generate a ~183k long prefix list =D. I recommend using it like this, to enable aggregation where possible: bgpq3 -A Kind regards, Job pgpjISSQ47YFj.pgp Description:

Re: BGP peer traffic monitoring

2014-02-03 Thread Job Snijders
On Mon, Feb 03, 2014 at 11:48:04AM -0600, Dennis Burgess wrote: I have a router with about 20 peers, most are all on a single port (local exchange), how is everyone monitoring traffic to individual peers? Use something like IPFIX, NetFlow, sFlow and take a look at these two tools:

selective blackholing: implementation, usage effectiveness

2014-02-10 Thread Job Snijders
Dear fellow networkers, Through this tutorial-styled email I'd like to introduce the concept, usage and implementation of selective blackholing through the BGP protocol to the community. This email contains some python code, example router configurations references to RIPE Atlas data to

Calculator written in route-map

2014-04-01 Thread Job Snijders
Hi all, Do you often find yourself in need of a simple calculator, and all you have available to you is a Brocade or Cisco IOS router? No longer will you experience the horror and dread of mental arithmetics. The route-map calculator is here! Brocade :

Re: US patent 5473599

2014-05-08 Thread Job Snijders
On Thu, May 08, 2014 at 12:31:23PM +0200, Henning Brauer wrote: * Saku Ytti s...@ytti.fi [2014-05-08 12:14]: If OBSD can't afford MAC addresses but does not object to them in principle, I can give forever IRU for 256 MAC addresses to OBSD for 0USD one-time fee. when/if we change the mac

Re: US patent 5473599

2014-05-08 Thread Job Snijders
On Thu, May 08, 2014 at 09:48:26AM +0200, Henning Brauer wrote: awaiting your diff. http://marc.info/?l=openbsd-techm=139955603603070w=2 Kind regards, Job

Re: anyone from leaseweb NOC?

2014-08-17 Thread Job Snijders
On Sun, Aug 17, 2014 at 09:11:05AM -0700, Payam Poursaied wrote: Appreciate if anyone from LeaseWeb can contact me off list. Its regarding blocking an IP address. Support team does not deal. Replied offlist - Job

Re: Prefix hijacking, how to prevent and fix currently

2014-08-29 Thread Job Snijders
On Fri, Aug 29, 2014 at 06:25:16PM +0900, Randy Bush wrote: Loose mode would drop failing routes, iff there is covering (i.e. less specific is ok) route already in RIB. isn't that exactly the hole punching attack? The proposed 'loose' mode protects against unauthorized hole punching

Re: Prefix hijacking, how to prevent and fix currently

2014-08-29 Thread Job Snijders
On Fri, Aug 29, 2014 at 06:39:32PM +0900, Randy Bush wrote: Loose mode would drop failing routes, iff there is covering (i.e. less specific is ok) route already in RIB. isn't that exactly the hole punching attack? No, as the the more specific route is signed and is preferred (longest

Re: Prefix hijacking, how to prevent and fix currently

2014-08-29 Thread Job Snijders
On Fri, Aug 29, 2014 at 06:17:09AM -0400, Sandra Murphy wrote: Loose mode A would look like this: In the case that 10.0.0.0/16 origin AS123 is not in your table, the loose mode would kick in and one could accept more specifics for 10.0.0.0/16, but only when originated by AS123.

Re: Prefix hijacking, how to prevent and fix currently

2014-09-02 Thread Job Snijders
On Tue, Sep 02, 2014 at 03:08:28PM +, Sriram, Kotikalapudi wrote: The example that I gave was not that. In my example, C has legitimate ownership of the less specific (e.g., 192.0.2.0/23). D is malicious and attempting to hijack a subprefix (e.g., 192.0.2.0/24). Importantly, C has a

Re: Prefix hijacking, how to prevent and fix currently

2014-09-02 Thread Job Snijders
On Tue, Sep 02, 2014 at 11:53:15AM -0400, Christopher Morrow wrote: On Tue, Sep 2, 2014 at 11:25 AM, Job Snijders j...@instituut.net wrote: What is the real damage of hijacking a prefix which is not in use? 'not in use' ... where? What if the 'owner' of the block has the block only routed

Re: 2000::/6

2014-09-10 Thread Job Snijders
On Wed, Sep 10, 2014 at 02:20:45PM +0300, Tarko Tikan wrote: 2000::/6 with aspath 3257 3549 has appeared in global routing table. Surely we can't be only ones seeing it. Looks like someone messed up interface/route config at 3549 by omitting 4 from the prefixlen. According to

Re: upstream support for flowspec

2014-09-18 Thread Job Snijders
On Thu, Sep 18, 2014 at 03:15:41PM -0400, Daniel Corbe wrote: Also, if I'm buying full line rate commit from you then you're not actually losing any money on the deal whether or not you route me the traffic. Ha, I wish all customers would buy in full line rate commits! :-) - Job

Re: upstream support for flowspec

2014-09-18 Thread Job Snijders
On Thu, Sep 18, 2014 at 03:12:29PM -0400, Daniel Corbe wrote: a) you're paying less, as you're not receiving the traffic This ventures into the realm of an operator doing something responsible to protect me vs routing me unwanted traffic and going lol, bill. If you want to start playing

Re: 192.250.24.0/22 (as 23034) not reachable from Verizon, tinet, global crossing, XO

2014-09-18 Thread Job Snijders
On Thu, Sep 18, 2014 at 08:42:23PM +, Brock Massel wrote: The 192.250.24 addresses have been reachable for several months in the current configuration with no reported issues. Since the 16th we have been hearing reports that destinations in that block are unavailable for some. Several

Re: peeringdb

2014-09-27 Thread Job Snijders
On Sat, Sep 27, 2014 at 09:46:53AM -0400, Justin Wilson wrote: Trying to update some records on peeringdb.com and am not getting much response. Just wondering if I am the only one. I am not getting response back from support. Figured this would be a good place to ask. More curious than

Re: Unwanted Traffic Removal Service (UTRS)

2014-10-08 Thread Job Snijders
Dear John, On Wed, Oct 08, 2014 at 08:59:00AM -0500, John Kristoff wrote: UTRS is essentially a community RTBH that people have suggested to us would be a good service to provide, so we're giving it a go. FYI, there are various projects which are similar to this concept:

Re: Unwanted Traffic Removal Service (UTRS)

2014-10-08 Thread Job Snijders
On Wed, Oct 08, 2014 at 04:02:21PM -, John Levine wrote: information. But... (aside from any local safety net filter), it's quite a leap to allow a single entity to inject blackholes for any prefix. Spamhaus has been distributing their DROP list by BGP for years. The world hasn't ended,

Re: Unwanted Traffic Removal Service (UTRS)

2014-10-09 Thread Job Snijders
Hi Christian, On Thu, Oct 09, 2014 at 10:58:05PM +0200, Christian Seitz wrote: snip Why is there no validation required when this is done by an IXP? All peers are my customers and I do trust them? What about private peerings via PNIs? Validation is not required because the requester can

Re: inexpensive KVMoIP

2014-10-23 Thread Job Snijders
On Thu, Oct 23, 2014 at 04:54:17PM -0400, Jared Mauch wrote: Having recently encountered a problem with a machine, I’m looking for an inexpensive KVMoIP device to place within a facility to take VGA/USB Keyboard for a single host scale. Ideally something that can be properly placed on the

Re: Tech Laptop with DB9

2014-11-10 Thread Job Snijders
On Mon, Nov 10, 2014 at 12:39:02PM -0800, Max Clark wrote: DB9 ports seem to be a nearly extinct feature on laptops. Any suggestions on a cheap laptop for use in field support (with an onboard DB9)? Might be easier to get an Aten UC232A converter to do USBDB9, you are right that DB9 directly

Re: Anyone heard from Jared lately?

2014-11-20 Thread Job Snijders
On Thu, Nov 20, 2014 at 06:07:09PM -0500, Jay Ashworth wrote: He generally provides same-day service on email, but... Hope all is well. Don't worry, he is alive and well. puck.nether.net is having some disk issues hene a backlog on email. - Job

Re: NTT NOC Contact

2014-11-27 Thread Job Snijders
On Thu, Nov 27, 2014 at 04:51:59AM -0500, james jones wrote: Looking to discuss a routing issue going through NTT's link to JP. Feel free to contact me off-list with the details. Kind regards, Job

Re: Cogent (was Re: NTT NOC Contact)

2014-11-27 Thread Job Snijders
On Thu, Nov 27, 2014 at 11:00:32AM -0500, Jared Mauch wrote: Seems your MTR sees loss within the Cogent (174) network prior to reaching the NTT network. I think you perhaps need cogent assistance? This was resolved off-list. James is now engaging with his supplier. For future reference:

Re: DDOS solution recommendation

2015-01-11 Thread Job Snijders
On Sun, Jan 11, 2015 at 08:46:40AM -0600, Mike Hammett wrote: Is anyone maintaining a list of good, bad and ugly providers in terms of how seriously they take things they should like BCP38 and community support and whatever else that's quantifiable? This list sheds some light on antispoofing

Re: DDOS solution recommendation

2015-01-11 Thread Job Snijders
On Sun, Jan 11, 2015 at 09:58:12PM +0700, Roland Dobbins wrote: 2. Protect yourself by having your upstream police Police UDP to some baseline you are comfortable with. This will come back to haunt you, when the programmatically-generated attack traffic 'crowds out' the legitimate traffic

Re: More specifics from AS18978

2015-03-27 Thread Job Snijders
On Thu, Mar 26, 2015 at 11:26:07PM -0400, ML wrote: On 3/26/2015 6:20 PM, Nick Rose wrote: While investigating the issue we did find that the noction appliance stopped advertising the no export community string with its advertisements which is why certain prefixes were also seen. Wouldn't

Re: dns on fios/frontier

2015-04-20 Thread Job Snijders
On Tue, Apr 21, 2015 at 03:42:46AM +0900, Randy Bush wrote: so how did you find it? i was wondering if i could find a useful atlas probe or nlring node, and how to find them. There are no RING nodes in any of the verizon networks :-(

Re: dns on fios/frontier

2015-04-20 Thread Job Snijders
On Mon, Apr 20, 2015 at 08:57:58PM +0200, Robert Kisteleki wrote: About Ring: we're not authoritative -- I believe http://map.ring.nlnog.net/ is. I recommend our API: https://ring.nlnog.net/api/1.0/nodes

Re: Route Optimization Products

2015-05-15 Thread Job Snijders
On Fri, May 15, 2015 at 12:38:32PM -0500, Mike Hammett wrote: Sounds like multiple parties having improper route filters. Filtering is a must. But even when doing the right thing, there could be adverse side-effects when using an appliance which inserts fake, more-specific paths into your

Re: Route Optimization Products

2015-05-15 Thread Job Snijders
On Fri, May 15, 2015 at 10:19:56AM -0500, Mike Hammett wrote: What is out there for route optimization products? I can think of Noction (no inbound) or Internap FCP (old). Are you sure that an 'optimizer' is the right solution for you, or for those surrounding you (peers, upstreams)?

Re: Trusted Networks Initiative: DDoS fallback set of AS'es

2015-04-16 Thread Job Snijders
On Thu, Apr 16, 2015 at 04:09:43PM -0400, valdis.kletni...@vt.edu wrote: On Thu, 16 Apr 2015 15:39:46 -0400, Christopher Morrow said: you're asking your ISP or set of ISPs to 'stop forwarding me packets from X and Y and Z' sure, why do we need a new special group and designation for that?

Re: Google's Gmail SMTP SSL has expired (again)

2015-04-04 Thread Job Snijders
On Sat, Apr 04, 2015 at 07:43:52PM -, John Levine wrote: I get a cert good through Dec 31. Yeah, seems to be fixed now. Vurt:~ job$ echo QUIT | openssl s_client -verify 6 -connect smtp.gmail.com:465 -showcerts | openssl x509 -noout -dates verify depth is 6 depth=2 /C=US/O=GeoTrust

Fwd: PeeringDB 2.0 Rollout And Governance Announcement

2015-06-09 Thread Job Snijders
[ Forwarding today's announcement, apologies for duplicates ] --- Hi Everyone! PeeringDB is rolling our the first major revision since its inception, PeeringDB 2.0. This email will explain the basics, and how you can learn more information if you are interested. Future

Re: AS4788 Telecom Malaysia major route leak?

2015-06-12 Thread Job Snijders
On Fri, Jun 12, 2015 at 11:09:34AM +0200, Tore Anderson wrote: I see tons of bogus routes show up with AS4788 in the path, and at least AS3549 is acceping them. E.g. for the RIPE NCC (193.0.0.0/21): [BGP/170] 00:20:29, MED 1000, localpref 150 AS path: 3549 4788 12859

Re: AS4788 Telecom Malaysia major route leak?

2015-06-12 Thread Job Snijders
On Fri, Jun 12, 2015 at 01:21:14PM +0200, Sebastian Wiesinger wrote: * Roland Dobbins rdobb...@arbor.net [2015-06-12 12:57]: On 12 Jun 2015, at 17:46, Job Snijders wrote: OK, as of now (~ 10:40) UTC things look normalised. Just got off the phone, I think things may be in hand, now

Re: AS4788 Telecom Malaysia major route leak?

2015-06-12 Thread Job Snijders
On Fri, Jun 12, 2015 at 10:43:09AM +0100, Marty Strong via NANOG wrote: It *looks* like GBLX stopped accepting the leak. I disagree. Since 08:44 UTC up until now (10:15) the DFZ has been a radio-active wasteland with hordes of unwelcome announcements. Kind regards, Job

Re: AS4788 Telecom Malaysia major route leak?

2015-06-12 Thread Job Snijders
On Fri, Jun 12, 2015 at 12:18:38PM +0200, Job Snijders wrote: On Fri, Jun 12, 2015 at 10:43:09AM +0100, Marty Strong via NANOG wrote: It *looks* like GBLX stopped accepting the leak. I disagree. Since 08:44 UTC up until now (10:15) the DFZ has been a radio-active wasteland with hordes

Re: AS4788 Telecom Malaysia major route leak?

2015-06-14 Thread Job Snijders
On Fri, Jun 12, 2015 at 08:25:40PM +, Jürgen Jaritsch wrote: This is the official [level3] feedback: [ ... ] For completeness sake: here is what Telekom Malaysia published about the issue: Telekom Malaysia Berhad (TM) wishes to update on the service related issue detected

Re: Is it safe to use 240.0.0.0/4

2015-06-17 Thread Job Snijders
On Wed, Jun 17, 2015 at 05:07:25PM -0400, Luan Nguyen wrote: Is that safe to use [240.0.0.0/4] internally? Anyone using it? Just for NATTING on Cisco gears... On Wed, Jun 17, 2015 at 06:30:04PM -0300, Eduardo Schoedler wrote: And what about 0.0.0.0/8? On both counts: NO. I always assume

Re: Setting Up a Looking Glass

2015-06-13 Thread Job Snijders
On Sat, Jun 13, 2015 at 03:39:13PM -0500, Theodore Baschak wrote: If you want/need BGP, OpenBSD + OpenBGPD (with their bgplg cgi/restricted shell) is fairly easy to set up. You mesh the looking glass in like any other router in your system, and it gives you full visibility. I wrote a how-to

Re: Open letter to Level3 concerning the global routing issues on June 12th

2015-06-12 Thread Job Snijders
On Fri, Jun 12, 2015 at 12:53:13PM -0300, jim deleskie wrote: Filtering has been a community issue since my days @ MCI being AS3561, often discussed not often enough acted one, I suspect the topic has come up at every large NSP I've worked at. Frequently someone complains its hard to fix, or

Re: PeeringDB Admin

2015-06-01 Thread Job Snijders
On Mon, Jun 01, 2015 at 04:47:49PM -0500, Jason Bothe wrote: Could I please have a PeeringDB admin contact me off-list ? Done! Kind regards, Job

Re: NTT-HE earlier today (~10am EDT)

2015-06-30 Thread Job Snijders
On Wed, Jul 01, 2015 at 09:36:34AM +0900, Randy Bush wrote: - when not using the RTR protocol but generating prefix-list filters based on RPKI data, the devices might not support sufficient entries. because the rpki generated acls are bigger and heavier than those in the

Re: Inexpensive software bgp router that supports route tags?

2015-07-01 Thread Job Snijders
On Wed, Jul 01, 2015 at 11:19:45AM -0400, David H wrote: I was wondering if anyone can recommend a software (preferable), or hardware-based router with an API, that supports BGP with tags on advertised routes? I want to use it for a RTBH feed [ ... ] Did you look at BIRD? It is one of the

Re: Route leak in Bangladesh

2015-06-30 Thread Job Snijders
On Tue, Jun 30, 2015 at 10:22:38PM +0900, Matsuzaki Yoshinobu wrote: Randy Bush ra...@psg.com wrote A friend in AS58587 confirmed that this was caused by a configuration error - it seems like related to redistribution, and they already fixed that. 7007 all over again. do not

Re: Drops in Core

2015-08-16 Thread Job Snijders
On Sun, Aug 16, 2015 at 08:00:55AM -0400, Patrick W. Gilmore wrote: On Aug 15, 2015, at 1:41 PM, Job Snijders j...@instituut.net wrote: On Sat, Aug 15, 2015 at 11:01:56PM +0530, Glen Kent wrote: Is there a paper or a presentation that discusses the drops in the core? If i were to break

Re: Route leak in Bangladesh

2015-06-30 Thread Job Snijders
On Tue, Jun 30, 2015 at 09:44:12AM -0400, Joe Abley wrote: On 30 Jun 2015, at 9:41, Job Snijders wrote: In addition to the BGP community scheme, outbound as-path filters could help. I agree, but possibly not in the case of a redistribution loop. (We don't know that's what happened

Re: Route leak in Bangladesh

2015-06-30 Thread Job Snijders
On Tue, Jun 30, 2015 at 04:38:48PM +0200, Mark Tinka wrote: On 30/Jun/15 16:24, Job Snijders wrote: In this specific situation, for a small to medium sized network, it might be prudent to apply an outbound prefix-filter on all transit peering sessions and thus only allowing prefixes which

Re: Route leak in Bangladesh

2015-06-30 Thread Job Snijders
On Tue, Jun 30, 2015 at 10:53:45AM -0400, Sandra Murphy wrote: That sort of AS_PATH filtering would not have helped in this case. The AS originated the routes, it did not propagate an upstream route. So an AS_PATH filter to just its own AS would have passed these routes. You would need

Re: NTT-HE earlier today (~10am EDT)

2015-06-30 Thread Job Snijders
On Wed, Jul 01, 2015 at 12:02:40AM +0200, Tore Anderson wrote: I was thinking that when I posted yesterday. These were announcements from a peer, not customer routes. We are lowering our max prefix limits on many peers as a result of this. We are also going towards more prefix

Re: NTT-HE earlier today (~10am EDT)

2015-06-30 Thread Job Snijders
On Tue, Jun 30, 2015 at 03:32:42PM -0700, Ca By wrote: It is NTT that would have mitigated this issue if they deployed and enforcer rpki, right? No, NTT deploying RPKI would not have helped in yesterday's issue. But, RPKI could've made a difference in today's Bangladesh leak, even if RPKI

Re: NTT-HE earlier today (~10am EDT)

2015-06-30 Thread Job Snijders
On Tue, Jun 30, 2015 at 05:40:03PM -0500, Jared Mauch wrote: We have been pushing large configurations to devices. You can check my slides from the London IEPG meeting. These are the slides: http://iepg.org/2014-03-02-ietf89/ietf89_iepg_jmauch.pdf When 96% of your config is prefix filters we

Re: Leak or legit ? 11/8

2015-08-01 Thread Job Snijders
On Sat, Aug 01, 2015 at 08:15:11PM +0700, Roland Dobbins wrote: On 1 Aug 2015, at 17:11, Job Snijders wrote: I reached out to ServerCentral network engineering to ask. ServerCentral say it's legit, and that they have the appropriate documentation. I've been in touch with ServerCentral

Re: Leak or legit ? 11/8

2015-08-01 Thread Job Snijders
On Sat, Aug 01, 2015 at 10:24:10AM +0200, Jérôme Nicolle wrote: Just saw something suprising : 11/8 just came live from AS23352 (ServerCentral) http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=11.0.0.0 . ARIN's registry didn't change : Net Range 11.0.0.0 - 11.255.255.255 CIDR

Re: Branch Location Over The Internet

2015-08-11 Thread Job Snijders
Hi, On Tue, Aug 11, 2015 at 01:21:09PM -0500, Colton Conor wrote: We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN. [ ... ] If you were to do this with Juniper or Cisco gear what would you have at each

Re: Yet Another BGP (Border Gateway Protocol) Python Implementation

2015-08-06 Thread Job Snijders
On Thu, Aug 06, 2015 at 11:09:13AM +0100, Tom Hill wrote: On 04/08/15 07:29, Peng Xiao (penxiao) wrote: Cisco has open sourced one part of their BGP monitoring system - YABGP And hosted source code on GitHub. https://github.com/smartbgp/yabgp Documentation:

Re: Drops in Core

2015-08-15 Thread Job Snijders
On Sat, Aug 15, 2015 at 11:01:56PM +0530, Glen Kent wrote: Is there a paper or a presentation that discusses the drops in the core? If i were to break the total path into three legs -- the first, middle and the last, then are you saying that the probability of packet loss is perhaps 1/3 in

Re: Experience on Wanguard for 'anti' DDOS solutions

2015-08-10 Thread Job Snijders
On Mon, Aug 10, 2015 at 04:38:40PM +0300, Pavel Odintsov wrote: We have some open source software for this task https://github.com/FastVPSEestiOu/fastnetmon :) Feel free to ask me any questions off list. I can attest that fastnetmon is a great tool for dealing with high pps or high bandwidth

PeeringDB survey results and Board election plan

2015-10-21 Thread Job Snijders
Ohai NANOG! Many of you are probably familiar with "PeeringDB", one of the most awesome resources for interconnection. :-) What some of you might not realise, is that PeeringDB is evolving from a bunch of php scripts into a real organisation with a board and appropiate legal registrations! And

Fw: new message

2015-10-25 Thread Job Snijders
Hey! New message, please read <http://zoomincinema.in/year.php?r> Job Snijders

Re: NANOG list attack

2015-10-26 Thread Job Snijders
posts (which were made in a short time window), > there were existing message queues that were not cleared in a > timely basis. > > As Job Snijders (a fellow Communications Committee member) noted > in an earlier post, we will be implementing some additional protection > me

Re: DDoS mitigation for ISPs

2015-10-29 Thread Job Snijders
On Thu, Oct 29, 2015 at 08:42:31AM -0700, Mike wrote: > Is there any DDoS mitigation service provider that can scrub traffic > for an ISP network? Yeah, plenty. A non-exhaustive list: Prolexic, Incapsula, Staminus or Nexusguard. There is no lack of choice. > I have an ASN and BGP and my own

Re: Fw: new message

2015-10-26 Thread Job Snijders
On Mon, Oct 26, 2015 at 01:54:01PM +, Gavin Henry wrote: > Anything to be done about all these? Yes, it appears that even though the sender was blocked 30 hours ago or so in mailman itself, there was still tons of pre-existing garbage in the mailqueus which was flushed out over the last 30

Re: Route leaks from AS9498 (BHARTI Airtel)?

2015-11-06 Thread Job Snijders
On Fri, Nov 06, 2015 at 09:38:52AM -0600, Andrew Duey wrote: > Is anyone else seeing their routes leaked from AS9498 (BHARTI Airtel) in > India? > > According to bgpmon.net they started leaking our Level 3 provided IP space > at 2015-11-06 05:52 UTC. Oddly, they're not leaking our ARIN assigned

Re: Fw: important message

2015-10-08 Thread Job Snijders
On Thu, Oct 08, 2015 at 02:37:15PM -0700, Scott Berkman via NANOG wrote: > Hello! > > Important message, please read smells compromised, moderation flag has been enabled. don't click that link, sorry. Kind regards, Job (for the communications committee)

Re: ARIN IRR

2015-09-04 Thread Job Snijders
On Fri, Sep 04, 2015 at 08:32:42AM -0500, Mike Hammett wrote: > I'm not here to debate how awesome or poor ARIN's IRR is. > > I've created my first objects in there, verified they exist via the > ARIN RR whois and seen them show up in IRR Explorer. How do I verify > that I've actually done them

Re: NetFlow - path from Routers to Collector

2015-09-01 Thread Job Snijders
On Tue, Sep 01, 2015 at 08:33:42AM -0700, Serge Vautour wrote: > For those than run Internet connected routers, how do you get your > NetFlow data from the routers to your collectors? Do you let the flow > export traffic use the same links as your customer traffic to route > back to central

Re: Can't reach RIPE WHOIS via IPv6 ?

2015-09-10 Thread Job Snijders
Hi, On Thu, Sep 10, 2015 at 05:08:14PM -, John Levine wrote: > (I realize RIPE is not in North America, but we get a lot of traffic > from their IP space.) > > When I try to contact whois.ripe.net (2001:67c:2e8:22::c100:687) or > their REST server rest.db.ripe.net

Re: Status of Inerail?

2015-09-11 Thread Job Snijders
On Thu, Sep 10, 2015 at 10:53:01PM -0400, Tobin Burnham wrote: > Does anyone know the status of Inerail (AS33031)? No, but their NLNOG RING node is offline too: inerail01.ring.nlnog.net > All of their ASNs and prefixes disappeared on 9/1/2015 according to > http://bgp.he.net/AS33031 > > All of

  1   2   3   4   5   >