Re: 10g residential CPE

> On Dec 25, 2020, at 09:45 , Bryan Fields wrote: > > On 12/25/20 4:52 AM, Mark Tinka wrote: >> For the home, if you're looking at shipping 10Gbps-based CPE's for under >> US$200, I can't think of anything other than the Tik: >> >> https://mikrotik.com/product/rb4011igs_rm > > That has

Re: DoD IP Space

> On Jan 20, 2021, at 07:11 , Brandon Martin wrote: > > On 1/20/21 9:58 AM, j k wrote: >> My question becomes, what level of risk are these companies taking on by >> using the DoD ranges on their internal networks? And have they quantified >> the costs of this outage against moving to IPv6?

Re: DoD IP Space

> And don't get me wrong. I'm not advocating against v6. I'm merely explaining > how > difficult it can be to migrate. In most large companies, the network is like > PG&E (the power utility California). If it works, nobody says well done. But > if > the power is out, everyone gets angry and asks

Re: DoD IP Space

> On Jan 21, 2021, at 14:22 , Randy Bush wrote: > >>> I’m sure we all remember Y2k (well, most of us, there could be some >>> young-uns on the list). That day was happening whether we wanted it to >>> or not. It was an unchangeable, unmovable deadline. >> >> but i thought 3gpp was gong to for

Re: DoD IP Space

At the bottom of that page, there is a question “Was this answer helpful.” I clicked NO. It gave me a free form text box to explain why I felt it was not helpful… Here’s what I typed: The advice is just bad and the facts are incorrect. IPv6 is not blocking the Disney application. Either IPv6 is

Re: DoD IP Space

His example may have included incompetence. However, it takes longer, but it is definitely possible to run out of RFC-1918 space with scale and no incompetence. No rational network will ever be able to put every single /32 endpoint on a host, but I know of several networks that have come darn cl

Re: DoD IP Space

WebOS implemented IPv6 in 3.8 IIRC. Owen > On Jan 22, 2021, at 15:30 , Doug Barton wrote: > > The KB indicates that the problem is with the "LG TV WebOS 3.8 or above." > > Doug > > (not speaking for any employers, current or former) > > > On 1/22/21 12:42 PM, Mark Andrews wrote: >> Disney

Re: DoD IP Space

7PM -0800, Owen DeLong wrote: >> it is definitely possible to run out of RFC-1918 space with scale and no >> incompetence. > > No, it isn't. It's the year 2021. Stop making excuses. > > -- > . ___ ___ . . ___ > . \/ |\ |\ \ > . _\_ /__ |-\ |-\ \__

Re: DoD IP Space

> On Feb 10, 2021, at 04:29 , Valdis Klētnieks wrote: > > On Wed, 10 Feb 2021 04:04:43 -0800, Owen DeLong said: >> Please explain to me how you uniquely number 40M endpoints with RFC-1918 >> without running out of >> addresses and without creating partitioned ne

Re: DoD IP Space

> On Feb 10, 2021, at 06:11 , Bjørn Mork wrote: > > Ca By writes: > >> The 3 cellular networks in the usa, 100m subs each, use ipv6 to uniquely >> address customers. And in the case of ims (telephony on a celluar), it is >> ipv6-only, afaik. > > I certainly agree that this is easier and mak

Re: DoD IP Space

> On Feb 10, 2021, at 09:50 , Doug Barton wrote: > > On 2/10/21 5:56 AM, Ca By wrote> >> The 3 cellular networks in the usa, 100m subs each, use ipv6 to uniquely >> address customers. And in the case of ims (telephony on a celluar), it is >> ipv6-only, afaik. > > So that answers the questio

Re: DoD IP Space

> On Feb 11, 2021, at 05:55 , Izaac wrote: > > On Wed, Feb 10, 2021 at 04:04:43AM -0800, Owen DeLong wrote: >> without creating partitioned networks. > > Ridiculous. Why would you establish such a criteria? The defining > characteristic of rfc1918 networks is t

Re: DoD IP Space

ed ISPs to run out of v4 > private IP space that way. > > > > On Wed, Feb 10, 2021 at 4:05 AM Owen DeLong <mailto:o...@delong.com>> wrote: > Please explain to me how you uniquely number 40M endpoints with RFC-1918 > without running out of > addresses and without

Re: Famous operational issues

Stolen isn’t nearly as exciting as what happens when your (used) 6509 arrives and gets installed and operational before anyone realizes that the conductive packing peanuts that it was packed in have managed to work their way into various midplane connectors. Several hours later someone notices t

Re: Famous operational issues

r maybe it's more mundane and 99% of the reason is people unpack stuff and > don't always clean up properly after themselves. > > On Wed, Feb 17, 2021, 6:21 PM Owen DeLong <mailto:o...@delong.com>> wrote: > Stolen isn’t nearly as exciting as what happens when your

Re: CGNAT

> On Feb 18, 2021, at 8:38 AM, Steve Saner wrote: > > We are starting to look at CGNAT solutions. The primary motivation at the > moment is to extend current IPv4 resources, but IPv6 migration is also a > factor. IPv6 Migration is generally not aided by CGNAT. In general, the economics toda

Re: Famous operational issues

> On Feb 18, 2021, at 9:04 PM, Jen Linkova wrote: > > On Fri, Feb 19, 2021 at 9:40 AM Warren Kumari wrote: >> 4: Not too long after I started doing networking (and for the same small ISP >> in Yonkers), I'm flying off to install a new customer. I (of course) think >> that I'm hot stuff becau

Re: FYI - Suspension of Cogent access to ARIN Whois

ARIN can’t do much about that… Have you contacted RIPE and/or APNIC and asked them to take appropriate action? Owen > On Jan 6, 2020, at 07:58 , David Guo via NANOG wrote: > > Good News! But we still received several spams from Cogent for our RIPE and > APNIC ASNs. > > From: NANOG On Beha

Re: FYI - Suspension of Cogent access to ARIN Whois

I will also say that ARIN does not appear to take suspension like this lightly at all… It has taken many years and I’m betting (at least) scores of complaints about this chronic behavior by Cogent prior to ARIN taking this action. I know that I personally have filed a number of fully documented

Re: Cost Recovery Surcharge & Va Personal Property Tax Recovery for IP Transit

> On Jan 6, 2020, at 07:53 , Christopher Morrow wrote: > > On Mon, Jan 6, 2020 at 10:30 AM William Herrin wrote: > >> If it's not written in to your contract, it's a breach of contract. Either >> way it's a deceitfully imposed surcharge, not a state tax. Virginia does not >> tax the sale o

Re: De-bogonising 2a10::/12

This is why the one and only proposal I’ve seen that provides an actual useful outcome for RPKI is a good idea… RIRs issuing AS0 ROAs for unallocated/unassigned space in their inventories. This way, it is tool-ised and the tool is run by the same organization that’s doing the allocations and re

Re: De-bogonising 2a10::/12

> On Jan 10, 2020, at 13:18 , Brandon Martin wrote: > > On 1/10/20 2:49 PM, Baldur Norddahl wrote: >> The only way for me to send out traffic to bogons is if one my peers >> announces a bogon prefix. Even if I did null route bogons, manually or >> through the use of the Cymru service, a peer

Re: Prominent horse racing identities (was Re: Elad Cohen)

Perhaps nobody should be using NANOG to trade ad hominem attacks in any case. Just my $0.02. Owen > On Jan 27, 2020, at 08:02 , William Herrin wrote: > > On Mon, Jan 27, 2020 at 7:11 AM Large Hadron Collider > wrote: >> As much as Mr Cohen's minor libel of Spamhaus and ARIN exposes him as pe

Re: FYI - Suspension of Cogent access to ARIN Whois

I now longer have a dog in this fight, but “The” peering cake was my project (such as it was)... Cogent has, to the best of my knowledge, always had rather large voids in their IPv6 connectivity. To the best of my knowledge, HE and Google are the most significant of these voids, but I believe t

Re: AFRINIC: The Saga Continues

> On Jan 31, 2020, at 09:38 , David Conrad wrote: > > Ronald, > > Speaking only for myself… > > As I’ve recently seen complaints about RIRs directed to ICANN (in a different > context than the issues at AfriNIC), a bit of clarification may be in order: > >>> What can or should be done when

Re: new tool: rpki-ov-checker

> On Feb 6, 2020, at 03:35 , Job Snijders wrote: > > Dear ops, > > I wrote a simple tool to figure out what kind of invalid a rpki invalid > is, this can aid people in understanding the impact of "invalid == > reject" routing policies. Only "invalid_unreachable" routes present > an operationa

Re: QUIC traffic throttled on AT&T residential

First we moved the entire internet to TCP/443. Now we propose moving it all to UDP/53. What’s next? Why not simply eliminate port numbers altogether in favor of a single 16-bit client-side unique session identifier. Owen > On Feb 21, 2020, at 15:20 , Matthew Petach wrote: > > > > On Fri, F

Re: Google peering in LAX

In part, it might be because people you’re not paying may be less tolerant of anti-social behavior than people you are paying. It does seem rather odd that Google would prefer to receive their traffic over transit, but I’m not going to try and second guess that decision. Owen > On Mar 2, 2020

Re: Google peering in LAX

antisocial behaviour than would be peers (the > people they are not paying). > > On Mon., Mar. 2, 2020, 13:19 Seth Mattinen <mailto:se...@rollernet.us>> wrote: > On 3/2/20 12:44 PM, Owen DeLong wrote: > > In part, it might be because people you’re not paying may be

Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users

For anyone considering enabling DOH, I seriously recommend reviewing Paul Vixie’s keynote at SCaLE 18x Saturday morning. https://www.youtube.com/watch?v=artLJOwToVY It contains a great deal of food for thought on a variety of forms of giving control over to corporations over things you probably

Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users

> On Mar 11, 2020, at 18:31 , Rubens Kuhl wrote: > > > > On Tue, Mar 10, 2020 at 5:30 PM Owen DeLong <mailto:o...@delong.com>> wrote: > For anyone considering enabling DOH, I seriously recommend reviewing Paul > Vixie’s keynote at SCaLE 18x Saturday morning

Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users

> On Mar 11, 2020, at 19:25 , Jan Schaumann wrote: > > Owen DeLong wrote: > >> DOH isn?t inherently bad, but every implementation >> of DOH that I am aware of involves depriving the >> user of choice and/or control > > I don't think that's q

Re: AT&T is suspending broadband data caps for home internet customers due to coronavirus

Does that mean Comcast is going to drop my $30/month surcharge for actual unlimited? Owen > On Mar 13, 2020, at 14:23 , lobna gouda wrote: > > Hey Networkers, > > Seems other companies will imitate ATT, comcast is giving it free and with > the national emergencies universities will work onl

Re: COVID-19 vs. our Networks

My kid has enough homework to reduce her gaming to normal levels. If your kid doesn’t, perhaps you’ll want to supplement it. ;-) Owen > On Mar 13, 2020, at 18:52 , Sabri Berisha wrote: > > Hi, > > I don't know where y'all live, but here in the SF Bay Area, pretty much all > public and priva

Re: COVID-19 vs. our Networks

You don’t have kids, do you… They have the attention span of Koi these days. They’ll play most games for about 15 minutes or so before downloading the next one. (At least that’s been my observation of behavior among my GF’s daughter and her friends). Owen > On Mar 13, 2020, at 20:31 , Darin S

Re: COVID-19 vs. our Networks

> On Mar 15, 2020, at 08:13 , Mark Tinka wrote: > > > > On 15/Mar/20 16:59, Keith Medcalf wrote: >> If it is "critical" you need a dedicated circuit. If it is "meh, who gives >> a shit", then you can go though the Internet. >> >> The root of the issue is that some idiot did a bad Risk Ass

Re: COVID-19 vs. our Networks

> On Mar 16, 2020, at 07:04 , Alexandre Petrescu > wrote: > > > Le 16/03/2020 à 14:58, Mark Tinka a écrit : >> >> On 15/Mar/20 00:12, Eric M. Carroll wrote: >> >> >>> There is good news here. The infrastructure has never been better >>> positioned to support this kind of mass event. We can

Re: COVID-19 vs. our Networks

> On Mar 16, 2020, at 13:15 , Alexandre Petrescu > wrote: > > > > Le 16/03/2020 à 20:08, Owen DeLong a écrit : >> >> >>> On Mar 16, 2020, at 07:04 , Alexandre Petrescu >>> mailto:alexandre.petre...@gmail.com>> wrote: >>> >

Re: COVID-19 vs. our Networks

Owen > > > > > > Le 16/03/2020 à 21:15, Alexandre Petrescu a écrit : >> >> Le 16/03/2020 à 20:08, Owen DeLong a écrit : >>> >>> >>>> On Mar 16, 2020, at 07:04 , Alexandre Petrescu >>>> mailto:alexandre

Re: COVID-19 vs. our Networks

[SNIP] >> Has worked very well for me in Santa Clara County so far. > > How is Santa Clara County informing their citizens? Some website or some SMS > (short text message on cellular)? > > > > My city sent me two paper letters Saturday, but no numbers about cases. I > had to go to pharmac

Re: COVID-19 vs. our Networks

> On Mar 17, 2020, at 02:20 , Mark Tinka wrote: > > > > On 16/Mar/20 16:54, Carsten Bormann wrote: > >> I recently had to reschedule an X-ray because the license manager for the >> X-ray machine was acting up. I don’t think people have a grasp for how much >> of the medical infrastructur

Re: COVID-19 vs. our Networks

> On Mar 17, 2020, at 02:41 , Alexandre Petrescu > wrote: > > >> On 16/Mar/20 21:08, Owen DeLong wrote: >> >>> This simply isn’t true… >>> >>> Listen to qualified medical professionals, especially those who >>> specialize in i

Re: COVID-19 vs. our Networks

> On Mar 17, 2020, at 10:03 , Mike Bolitho wrote: > > >The answer is don't shove application traffic that has tight service level > >requirements onto the public internet at large and expect the same > >performance as private circuits or other SLA protected services. > > I keep seeing this o

Re: COVID-19 vs. our Networks

> On Mar 17, 2020, at 10:43 , Keith Medcalf wrote: > > > On Tuesday, 17 March, 2020 03:31, Mark Tinka wrote: > >> On 16/Mar/20 21:08, Owen DeLong wrote: > >>> For up to date local information, check with the local public health >>> authority

Re: Sunday traffic curiosity

Maybe it’s time to revisit inter-domain multicast? Owen > On Mar 22, 2020, at 11:57 , Andy Ringsmuth wrote: > > Fellow NANOGers, > > Not a big deal by any means, but for those of you who have traffic data, I’m > curious what Sunday morning looked like as compared to other Sundays. Sure, > N

Re: Sunday traffic curiosity

> On Mar 22, 2020, at 13:41 , Alexandre Petrescu > wrote: > > > Le 22/03/2020 à 21:31, Nick Hilliard a écrit : >> Grant Taylor via NANOG wrote on 22/03/2020 19:17: >>> What was wrong with Internet scale multicast? Why did it get abandoned? >> >> there wasn't any problem with inter-domain m

Re: Sunday traffic curiosity

> On Mar 22, 2020, at 15:49 , Mark Tinka wrote: > > > > On 23/Mar/20 00:19, Randy Bush wrote: > >> >> add to that it is the TV model in a VOD world. works for sports, maybe, >> not for netflix > > Agreed - on-demand is the new economy, and sport is the single thing > still propping up th

Re: Sunday traffic curiosity

> On Mar 23, 2020, at 10:14 , Mark Tinka wrote: > > > > On 23/Mar/20 05:51, Owen DeLong wrote: > > >> How do you see that happening? Are people going to stop wanting to watch >> live, >> or are teams going to somehow play asynchronously (e.g. La

Re: South Africa On Lockdown - Coronavirus - Update!

> On Mar 23, 2020, at 16:50 , Warren Kumari wrote: > > On Mon, Mar 23, 2020 at 6:53 PM Sabri Berisha wrote: >> >> Hi, >> >> In my experience, yubikeys are not very secure. I know of someone in my team >> who would generate a few hundred tokens during a meeting and save the output >> in a

Re: South Africa On Lockdown - Coronavirus - Update!

> On Mar 23, 2020, at 17:24 , Warren Kumari wrote: > > On Mon, Mar 23, 2020 at 8:03 PM Owen DeLong <mailto:o...@delong.com>> wrote: >> >> >> >>> On Mar 23, 2020, at 16:50 , Warren Kumari wrote: >>> >>> On Mon, Mar 23, 2020 a

Re: ISC BIND 9 breakage?

Yeah, looks like that comment should have been updated to “harmless until…” Owen > On Mar 25, 2020, at 10:32 , Drew Weaver wrote: > > We just left the dnssec-lookaside auto; configuration in there. Probably > because it specifically says in the documentation from ISC that it won't hurt > any

Re: Sunday traffic curiosity

> On Mar 31, 2020, at 03:47 , Mark Tinka wrote: > > > > On 23/Mar/20 22:54, Owen DeLong wrote: > >> >> That hasn’t been my observation at any of the local sports bars. I >> actually have little to no interest in live sport (except maybe the >> oc

Re: Sunday traffic curiosity

> On Apr 1, 2020, at 04:46 , Mark Tinka wrote: > > > > On 31/Mar/20 23:22, Owen DeLong wrote: > >> From my perspective, anyone born in this century pretty much qualifies as >> a kid at this point. Maybe even the last 3-4 years of the previous one. > >

Re: 24x7 vs 24x7x365 Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

24x7 is way more common, but does leave ambiguity as to holiday coverage. (there are some 24x7 businesses that close for holidays). 24x7x365 is on the rise as a way to specify that you’re open holidays too. End of the day, I’m not sure it matters which one you use. Likely any Google search for

Re: RIPE NCC Executive Board election

More accurately, you clearly don’t understand exactly how IPv4+ doesn’t work. Owen > On May 13, 2020, at 10:30 , Elad Cohen wrote: > > LOL at people that are against anything besides IPv6 when it will take much > much more time until IPv6 will be fully deployed. You clearly didn't > understa

Re: RIPE NCC Executive Board election

> "The Spamhaus Project" is an illegal anonymous organization according to > their own words in their own following presentation: > > https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Violation > >

Re: RIPE NCC Executive Board election

> On May 13, 2020, at 12:36 , Elad Cohen wrote: > > > Do you realise that this means you're requiring changing *every* > socket-speaking application in the world? > > Every internet host that will want to speak IPv4+ , will have an update (for > example through the operating systems

Re: RIPE NCC Executive Board election

I don’t see hate. I see legitimate technical disagreement with your hair-brained schemes. Perhaps, when a large collection of people with actual engineering experience and deep knowledge tell you that you are simply wrong on legitimate technical grounds, it would be wiser to rethink your posit

Operational value and legality of Spamhaus vs. unfounded accusations by Elad Cohen

Subject changed per request from NANOG staff. > On May 13, 2020, at 19:20 , Elad Cohen wrote: > > > This is the second time I’ve seen you make this claim in public. I see > nothing in the slide deck you linked which claims they are illegal. > > According to their private presentation

Re: RIPE NCC Executive Board election

[snip] > Owen DeLong: > "simply wrong on legitimate technical grounds" > > > You are not a bigotry or hatred, you are just an imbecile. > From: Owen DeLong > Sent: Thursday, May 14, 2020 7:04 PM > To: Elad Cohen > Cc: Töma Gavrichenkov ; Shane Ronan > ;

Re: Router Suggestions

> On Jun 16, 2020, at 12:37 AM, Mark Tinka wrote: > > > > On 16/Jun/20 08:32, Baldur Norddahl wrote: > >> >> Why pay someone else for having a cold spare ready for next day >> replacement when you can have it yourself? Having a lab router to test >> config before rollout has really been a

Re: Router Suggestions

> On Jun 16, 2020, at 1:51 PM, Mark Tinka wrote: > > > > On 16/Jun/20 22:43, Owen DeLong wrote: > >> Covering them all under vendor contract doesn’t necessarily guarantee that >> the vendor does, either. In general, if you can cover 10% of your hardware >&

Re: Router Suggestions

> On Jun 17, 2020, at 12:50 AM, Mark Tinka wrote: > > > > On 16/Jun/20 23:26, Owen DeLong wrote: > >> Count your blessings… > > I know that we are lucky that in the markets we operate, local depots > are available. There are other markets in Africa that

Re: Devil's Advocate - Segment Routing, Why?

> On Jun 20, 2020, at 2:27 PM, Mark Tinka wrote: > > > > On 20/Jun/20 00:41, Anoop Ghanwani wrote: > >> One of the advantages cited for SRv6 over MPLS is that the packet contains a >> record of where it has been. > > I can't see how advantageous that is, or how possible it would be to >

Re: why am i in this handbasket? (was Devil's Advocate - Segment Routing, Why?)

> On Jun 23, 2020, at 4:16 AM, Masataka Ohta > wrote: > > Mark Tinka wrote: > >>> But, it should be noted that a single class B... >> CIDR - let's not teach the kids old news :-). > > Saying /16 is ambiguous depends on IP version. Not really… A /16 in IPv6 is a lot more addresses, but it’s

Re: netflix proxy/unblocker false detection

I take his statement more as: “If Netflix wasn’t doing IPv6, they’d be in more of a corner to resolve CGNAT issues. Since they support IPv6, likely their response to CGNAT issues is ``Press your provider to do IPv6, it’s better.’’” Likely, that is true. Support for

Re: netflix proxy/unblocker false detection

> On Jun 25, 2020, at 8:38 AM, Mark Tinka wrote: > > > > On 25/Jun/20 16:45, Christian wrote: >> wow. blaming support for IPv6 rather than using cgnat is a huge >> stretch of credibility > > I have no idea what's going through Netflix's mind - it's all, as my > American friend would say, co

Re: netflix proxy/unblocker false detection

> On Jun 26, 2020, at 12:32 , Grant Taylor via NANOG wrote: > > On 6/26/20 12:08 PM, Brandon Jackson via NANOG wrote: >> Correct they block HE.net's tunnel broker IP's because they practically are >> at least for the sense of geo restrictions "VPN" that can be used to get >> around said geo

Re: netflix proxy/unblocker false detection

> There is nothing to stop Netflix from probing a mixture of IPv4 and IPv6 > during the same video playing session. Thus they could correlate the IPv6 > with the IPv4 which correlates with my CC which correlates with my address on > file. This only works in environments that have both IPv4 and

Anyone running C-Data OLTs?

https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b&bhid=29077120342825113007211255328545&mid=12920625&cid=2211510872

Re: Anyone running C-Data OLTs?

bility if you have a compromised management network, but > anybody who opens CPE up to the Internet is just barking mad :-) > > -mel via cell > >> On Jul 10, 2020, at 10:00 AM, Owen DeLong wrote: >> >>  >> https://www.zdnet.com/article/backdoor-accounts-di

Re: questions asked during network engineer interview

> On Jul 14, 2020, at 10:20 , Michael Thomas wrote: > > > > On 7/13/20 8:16 PM, Greg Skinner via NANOG wrote: >> If you ever decide to revisit this subject, I recall it was covered here in >> this thread started by Bill Herrin >>

Re: questions asked during network engineer interview

> On Jul 21, 2020, at 2:58 PM, Mark Tinka wrote: > > > > On 21/Jul/20 22:20, Nick Hilliard wrote: > >> >> IOW, it works if you have a large and homogeneous enough network with >> a sufficiently narrowly product portfolio that you can justify the >> cost of getting enough programming skill

Re: RFC 5549 - IPv4 Routes with IPv6 next-hop - Does it really exists?

> On Jul 29, 2020, at 02:13 , Saku Ytti wrote: > > On Wed, 29 Jul 2020 at 10:03, Vincent Bernat wrote: > >> This is the solution Cumulus is advocating to its users, so I suppose >> they have some real users behind that. Juniper also supports RFC 5549 >> but, from the documentation, the forwa

Re: RFC 5549 - IPv4 Routes with IPv6 next-hop - Does it really exists?

> On Jul 29, 2020, at 09:43 , Douglas Fischer wrote: > > Does anybody here knows what Gambiarra means? The english translation would be “Jury Rig” or “Hack”. Synonyms include “McGyverism”, “Rube Goldberg”, “Kludge”, etc. Foreign address family as next-hop is definitely in this category. >

Re: BGP route hijack by AS10990

Looks like the real question here is why doesn’t 7219 do a better job of filtering what they accept. Has anyone reached out to them? Owen > On Jul 29, 2020, at 23:31 , Aftab Siddiqui wrote: > > Looks like the list is too long.. none of them have any valid ROAs as well. > > = 104.230.0.0/18

Re: BGP route hijack by AS10990

> On Jul 30, 2020, at 09:45 , Yang Yu wrote: > > On Thu, Jul 30, 2020 at 9:37 AM Owen DeLong wrote: >> >> Looks like the real question here is why doesn’t 7219 do a better job of >> filtering what they accept. >> >> Has anyone reached out to them?

Re: BGP route hijack by AS10990

> On Aug 1, 2020, at 04:20 , Mark Tinka wrote: > > > > On 1/Aug/20 02:17, Sabri Berisha wrote: > >> I'm not sure if you read their entire Mea Culpa, but they did indicate that >> the root cause of this issue was the provisioning of a legacy filter that >> they are no longer using. So effect

Re: BGP route hijack by AS10990

> On Aug 1, 2020, at 09:09 , Mark Tinka wrote: > > > > On 1/Aug/20 17:49, Owen DeLong wrote: > >> Aviation makes a strong effort in this area, perhaps stronger than any other >> human endeavor, especially when you’re talking about the fraction of >> A

Re: BGP route hijack by AS10990

> On Aug 1, 2020, at 11:14 , Hank Nussbacher wrote: > > On 01/08/2020 00:50, Mark Tinka wrote: >> On 31/Jul/20 23:38, Sabri Berisha wrote: >> >>> Kudos to Telia for admitting their mistakes, and fixing their processes. >> Considering Telia's scope and "experience", that is one thing. But for >

Re: BGP route hijack by AS10990

> On Aug 1, 2020, at 12:03 , Sabri Berisha wrote: > > Hi, > > - On Aug 1, 2020, at 8:49 AM, Owen DeLong o...@delong.com wrote: > >> In fact, there are striking parallels between Asiana 214 and this incident. > > Yes. Children of the magenta line. Depend

Re: BGP route hijack by AS10990

> On Aug 1, 2020, at 12:59 PM, Sabri Berisha wrote: > > - On Aug 1, 2020, at 12:50 PM, Nick Hilliard n...@foobar.org wrote: > > Hi, > >> Sabri Berisha wrote on 01/08/2020 20:03: >>> but because Noction's decision to not enable NO_EXPORT by default >> >> the primary problem is not this b

Re: RPKI TAs

> On Aug 3, 2020, at 07:54 , Job Snijders wrote: > > On Mon, Aug 03, 2020 at 08:17:55AM -0500, John Kristoff wrote: >> On Sun, 2 Aug 2020 18:52:11 + >> Randy Bush wrote: >> >>> not to mention the ARIN stupidity >> >> Notwithstanding the RPA, downloading ARIN's TAL is straightforward: >>

Re: Is there *currently* a shortage of IPv4 addresses?

$2/month is one of the more reasonable pricing schemes I’ve seen. Many providers are gouging $5 and in some cases as much as $15/month for static IPv4 addresses. The good news is that IPv6 is still quite inexpensive and works even better. Owen > On Aug 4, 2020, at 2:16 PM, Baldur Norddahl wr

Re: Ipv6 help

Simplest solution that comes to mind is run a GRE/IPv6 tunnel from one end to the other with IPv4 addresses on the tunnel endpoints only. Owen > On Aug 22, 2020, at 6:47 AM, Brian wrote: > > Is there anyway to deploy ipv6 and push ipv4 traffic end to end across the > ipv6 network. With out

Re: Ipv6 help

Another thing worth of consideration is that virtually any box with an OpenWRT image can support CLAT if it has enough resources. Owen > On Aug 24, 2020, at 8:21 AM, JORDI PALET MARTINEZ via NANOG > wrote: > > You probably mean 464XLAT > > Ask you vendors. They should support it. Ask f

Re: Gaming Consoles and IPv4

Your VoIP and Video systems are all getting paid rather well to provide Rendezvous hosts that are capable of forwarding ALL traffic and are not all that sensitive to the additional latency involved in doing so. From some perspectives, this is even considered desirable as it simplifies the proces

Re: Gaming Consoles and IPv4

> On Sep 30, 2020, at 11:41 , Daniel Sterling wrote: > > On Wed, Sep 30, 2020 at 12:47 PM Owen DeLong wrote: >> Games want to go peer-to-peer. > > That was true up until about 2012. > > As Martijn Schmidt noted, Activison contracts out to multiple managed >

Re: Gaming Consoles and IPv4

If you write your code on to be IPv6 compliant, making the code support dual stack is a matter of making sure that the IPv6_V6ONLY socket option is false. Owen > On Sep 30, 2020, at 12:03 , Daniel Sterling wrote: > > On Wed, Sep 30, 2020 at 2:50 PM Josh Luthman > wrote: >> Based on packet

Re: Consolidation of Email Platforms Bad for Email?

> On Sep 8, 2020, at 4:38 AM, Eliot Lear via NANOG wrote: > > I'm sure Dave Crocker has thoughts about this, but it has come up elsewhere. > There are both positives and negatives about having such a consolidation. > The positive is that it a small club can establish ground rules for how th

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

> On Sep 8, 2020, at 9:22 AM, Mark Tinka via NANOG wrote: > > > > On 8/Sep/20 17:55, Douglas Fischer via NANOG wrote: > >> Most of us have already used some BGP community policy to no-export some >> routes to some where. >> >> On the majority of IXPs, and most of the Transit Providers, the

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Yes, but with large communities, that’s called RFC-8092 and in general, RFC-8642 has some good data. There’s also BGP extended communities (RFC-7153 and the IANA registry it creates). Creating an ad hoc BCP vs. using the existing RFC process seems ill-advised. Owen > On Sep 8, 2020, at 11:35

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

> Using 2-byte communities in today's age of explosive "assignment" of > 4-byte ASN's is similar to the price-hike of IPv4 space. In the long > term. Standard BGP communities and IPv4 will not be worth the required > effort/investment (unless you want to "cripple" yourself from the > get-go). And I

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

In my comments, it’s more about avoiding de facto “standards” in favor of having actual “standards” or following existing actual “standards”. There are RFCs that cover what the OP wants. There is an IANA well-known Communities registry that can be expanded to record any additional functionality

Re: BGP Community - AS0 is de-facto "no-export-to" marker - Any ASN reserved to "export-only-to"?'

Sounds like you need a template based configuration management system and better automation more than you need to inflict an ad-hoc standardization of additional communities on the world. Owen > On Sep 9, 2020, at 12:21 AM, Robert Raszuk via NANOG wrote: > > Mark, > > Nope .. it is the othe

Re: Banned by Akamai (or some websites hosted with Akamai)

Akamai will _NOT_ be helpful in this situation. They will tell you that it is their customers who set the policy for their “Web Application Firewall”. In reality, Akamai’s customers set certain things on “autopilot” where Akamai maintains a reputation database for various IP addresses and trigg

Re: Did IPv6 between HE and Google ever get resolved?

Send them another cake… Owen > On Mar 31, 2019, at 18:19 , Mike Leber wrote: > > The routes you see are Cogent using IPv6 leaks. > > We chase these down as we see them. > > Obviously if Cogent is happy enough to use leaks, we could just give > them our IPv6 customer routes directly. ;) > >

Re: Gi Firewall for mobile subscribers

> We have an ongoing discussion about Gi firewall (adding a firewall between > the subscribers and the internet, allowing only subscriber initiated > connections), for the IPv6 traffic. > > > > The firewall is doing very little security, the ruleset is very basic, > allowing anything from s

Re: Gi Firewall for mobile subscribers

> On Apr 10, 2019, at 10:39 PM, Mikael Abrahamsson wrote: > > On Wed, 10 Apr 2019, Jan Chrillesen wrote: > >> Also keep in mind that most GGSN/PGW will assign a /64 (and not a /128) > > All 3GPP devices assign /64 per bearer because that's what's in the 3GPP > spec. I've been told 3GPP went

Re: Gi Firewall for mobile subscribers

d irrevocably disabling end user functionality. Owen > > > Amos > > Sent from my iPhone > > On 10 Apr 2019, at 22:52, Owen DeLong <mailto:o...@delong.com>> wrote: > >> >>> We have an ongoing discussion about Gi firewall (adding a firewall between &g

  1   2   3   4   5   6   7   8   9   10   >