that
this is not a very good idea :-)
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen
sort of does the job for all ASes that
I have created ROAs for (so, if I maintain my customer ROAs, I would see
them) but I cannot query an arbitrary AS, or "the whole customer cone".
(I expected RIPE Stats to have something like this in the BGP widget, but
to my surprise, no...)
Gert Do
//github.com/RIPE-NCC/rpki-validator-3/wiki/RIPE-NCC-RPKI-Validator-3-beta-tester-page
Not promising anything right now, a bit busy... but thanks for the link.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vors
see... too much "N". The only "I" is something I was
aware but had forgotten about ;-) - a sink-a-more-specific-/24 test that
nicely exposes the problem of "strict /22" ROAs.
thanks!
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
Spac
Hi,
On Wed, May 02, 2018 at 06:11:23PM +, Job Snijders wrote:
> On Wed, May 02, 2018 at 08:07:16PM +0200, Gert Doering wrote:
> > The information I was looking for is nicely visible, though... and
> > what I was afraid I'd see... too much "N". The only "
ll the help desk if they enable 6to4 on customer routers or in their
own network, instead of deploying proper IPv6.
(Note that 6rd is not "anycast 6to4" and as thus not subject to this
rant)
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG
ng ROA is detected, but I see no incentive to force-delete
these objects.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsrat
Yet network operators occasionally report issues where routers maintain
> routes to IP prefixes withdrawn by their origin network - BGP zombies.
These are "ghosts", not zombies :-)
https://www.sixxs.net/tools/grh/
Gert Doering
-- NetMaster
--
have you enabled IPv6 on somethi
mented term
(though, back then, when I was young and thought I found something new
in IPv6 BGP, Randy Bush told me that this was something long known in
the IPv4 world...)
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vors
ers"
- and something goes wrong if that list of peers is not reflecting the
real set of peers, possibly due to "BGP internal state not fully in
sync between 'export policy is changed' and 'withdraw comes in'", so
R1 is no longer aware that one of his n
oute would be gone. A downstream router R2 would have seen the
initial UPDATE, but never received a withdraw - so R2 would claim "I have
it, and I have it from R1!" while R1 would claim "no such prefix".
So, no contradiction.
Gert Doering
-- NetMaster
--
have y
Hi,
On Wed, Oct 02, 2019 at 08:40:25AM +0200, Paul Hoogsteder wrote:
> I want to let you know that I'm available for the position as co-chair of
> the Routing WG if you wish me to do so.
Sounds like a plan :-) - support!
Gert Doering
-- NetMaster
--
have you enabled IPv6 o
o me what the benefit is
> to have a ROA covering it when it is not yet assigned/allocated.
It does stop people from announcing unassigned space and spam from it
(because the announcement would be "invalid" and no longer "unknown").
Gert Doering
-- NetMaster
--
RPKI? Only classic "prefix hijacking"
(announcing space that is formally delegated somewhere) or other misuses
of BGP, like "announce unallocated space, use that for spamming or other
sorts of network attacks, withdraw announcement before people can track
things b
tunate. But indeed, it would make this change far less
effective for the cases I had in mind.
So I am reconsidering and joining the "it might be somewhat beneficial,
but there are more important RPKI things to fix" camp.
Gert Doering
-- NetMaster
--
have you enab
Hi,
On Sun, Nov 03, 2019 at 03:04:06PM -0800, Randy Bush wrote:
> > "it might be somewhat beneficial, but there are more important RPKI
> > things to fix"
> e.g.?
Nothing "in RPKI itself" (or if there is, I wouldn't be the one to
understand the fine details), more in the processes @ NCC (and inte
Hi,
On Wed, Feb 26, 2020 at 08:47:31AM +0100, JORDI PALET MARTINEZ via routing-wg
wrote:
> I can see also people in favor and I understand, as we usually do in any
> proposal discussion, that non-objection is consent.
This assertion is not correct per RIPE PDP rules, except in last call.
is beyond repair - it is too complex to correctly
parse, and at the same time not expressive enough to describe policy
precisely enough ("export to AS X as peer, no further upstreaming permitted"
vs. "export to AS Y as upstream, further distribution expected").
Gert Doering
want to go with RPSL?" - or maybe even push it
to IETF.
But I have no hopes for IETF, so maybe not.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14
gt; full bgp dump and to compare the prospective new ROA to that dump.
This sounds like a good plan to avoid both types of mistakes.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael E
airs take that decisions (even if the
> PDP allows it), in the sense that it is a non-sense. Chairs take that
> decision, and same authors or someone else, resend it and we never end.
Chairs are free to not accept the proposal if it's being re-sent again
and again with no materi
mit to, and the PDO asks the
WG chairs if that is OK.
An update to write that down sounds like a reasonable plan.
(And it very obviously must be that way, otherwise a frustrated proposer
can easily DoS a working group - which must be preventable)
Gert Doering
-- NetMaster
--
Hi,
On Thu, Jul 09, 2020 at 03:59:10PM +0200, JORDI PALET MARTINEZ via routing-wg
wrote:
> Following the RIPE-710, this right CAN'T BE DENIED, as Gert has confirmed
> yesterday.
This is not what I said.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on some
chairs to reject a
> proposal.
Again, this is not what I said.
Jordi, if you had too much sun, please get some shadow, and do not try
to make this into a "I CAN FLOOD THE PDP WITH AS MANY PROPOSALS AS I CAN
WRITE!" contest. You can't. Even if it's not explitely written
proposal ad nauseam in the hope that it gets more
traction the second time, or that people will tire of repeating their
counterarguments again and again is misuse of the PDP.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG
x27;t
worry too much about that situation.
Maybe the portal can have a double check added ("you connect from
IP 2001:db8::1234, AS 65003, do you really really want to add a ROA
for this network and AS 12345? It will kick you out of the portal!").
Gert Doering
-- NetMaster
--
the RIPE NCC needs to concern themselves
over - but the case above is something that needs consideration and then
a well-communicated decision.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael
generally not a nice approach for
network-relevant services...
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grund
make a security comparison, if this is really a necessary feature?
So where exactly is the *security* drawback of permitting ICMP echo?
But yes, of course, we can all do tcpping instead - which is much
more likely to have an adverse effect on the actual service...
Gert Doering
-- NetMaster
, even better.
(I've dealt with MIT and GPLv3 source in the past, and contributed to
projects under various licenses, and the only ones that always create
friction is the GPL camp. Like "no, you cannot link your GPLv3 program
with a library that is Apache licensed")
Gert Doering
and monitoring).
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055
ichaelson is from APNIC, so "they are aware", and I'm
fairly sure the other RIRs are being informed.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AGVorstand: Sebastian v. Bomhard
Joseph-Dollinger-
nd?
The requirements are clear:
- permit documentation of legitimate use of out-of-region resources
- stop people from adding route: objects for which they are not authorized
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG
routing policy if out-of-region networks are involved.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AGVorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen
ution and are not acknowledging
that the problem even exists. So please go out of the way and let the
people that are interested in solving network hijacking do their work.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AGV
prefix/AS pair basis, so it effectively does not matter *which*
AS is referenced, as *all* origin ASes are checked, not "just yours").
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AGVorstand: Sebastian v. Bomhard
Joseph-
he published transfer statistics would clarify
this), but when that happened, the route: objects were not removed -
so, even when that network was no longer with Netserv, their route:
objects were still there.
This should not happen, of course, but it's not a technical weakn
in May 2014, netblock transferred in October 2014).
So I'll call this "operator error". Plus maybe "bad advice by the
broker coaching the transfer"...
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG
Hi,
On Mon, Nov 17, 2014 at 01:16:08PM -0800, Ronald F. Guilmette wrote:
> In message <20141117084633.ga20...@space.net>,
> Gert Doering wrote:
>
> >MCCI should really, really clean up all route objects that cover parts
> >of their address space but point to other
unfortunately, not all large transit providers do that, some just
take the money and look the other way)
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AGVorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14
thentication. If we can solve the short-term issue quickly, we can
build something good, in the time scales it takes if 5 RIRs are involved,
one of them having too many lawyers and being not really trusted by its own
members.
Gert Doering
-- network operator
--
have you ena
;Document everything one AS originates in a single database" is the
primary motivation here (so upstreams/peers can go to a single source
to build filters, and that single source must not be RADB).
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG
ctly clear from comparison with the mirrored RIPE objects that
it was bogus).
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AGVorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culema
S for all stub
> networks connected to this transit.
This is good. A transit ISP stupid enough to make such mistakes need
to pay in blood and money.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AGVorstand: Sebastian
Hi,
On Sun, Jun 19, 2016 at 11:37:41AM +1000, Joshua D'Alton wrote:
> I do, useful to see who is causing route churning and such.
While I also like my weekly 5 minutes of despair - unless someone is
actually *acting* on these information, it's just wasting time.
45 matches
Mail list logo
