Internet Governance Forum DNS
"www.intgovforum.org’s server DNS address could not be found." and http://downforeveryoneorjustme.com/www.intgovforum.org is negative. Any clues as to what's up? -- --- Joly MacFie 218 565 9365 Skype:punkcast -- -
Cogent Router code updates during height of ecommerce season?
Could. https://quickview.cloudapps.cisco.com/quickview/bug/CSCtd35382 https://github.com/Sab0tag3d/SIET
load balancers convergence (Radware)
Hi, Sorry if this is not the right list to post but it's the last resort and any clue would be highly appreciated. I am new to LBs world and have the following active-standby topology (Alteon 5524): Router1Router2 | | | | eBGPeBGP | | | | Alteon1(act)Alteon2(stb) | | |___| | | WEB servers - BGP local-pref is higher on the R1-A1 session. - VRRP priority is higher on Alteon1. - both Lbs advertise the same VIP address in BGP. - NAT is configured for WEB servers IPs. I am using these devices to load balance HTTP traffic and have the following issue: 1. Alteon1 fails and the traffic moves to Alteon2 without problems. 2. After Alteon1 recovers, it becomes the VRRP master due to higher priority, but the BGP session between Alteon1 and Router1 establishes after VRRP preemption (more than 1 minute after A1 becomes master) and the traffic gets dropped. I tried to use the hold-off timer to delay the VRRP preemption to match the BGP session establishment but still have ~30s downtime. Creating a direct link and BGP session between Alteons does not help as the traffic will be asymmetrical and is dropped on Alteon1. Regards
Re: Internet Governance Forum DNS
Joly MacFie wrote: > www.intgovforum.org’s server DNS address could not be found. One of its three name servers doesn't exist. ; <<>> DiG 9.11.0 <<>> +norec ns www.intgovforum.org @a0.org.afilias-nst.info. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53295 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.intgovforum.org. IN NS ;; AUTHORITY SECTION: intgovforum.org.86400 IN NS ns.vervehosting.com. intgovforum.org.86400 IN NS ns2.vervehosting.com. intgovforum.org.86400 IN NS ns1.vervehosting.com. ;; Query time: 251 msec ;; SERVER: 2001:500:e::1#53(2001:500:e::1) ;; WHEN: Fri Dec 09 10:22:00 GMT 2016 ;; MSG SIZE rcvd: 117 ; <<>> DiG 9.11.0 <<>> +norec ns1.vervehosting.com. @ns.vervehosting.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65348 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ns1.vervehosting.com. IN A ;; AUTHORITY SECTION: vervehosting.com. 300 IN SOA ns.vervehosting.com. ccharity.vervehosting.com. 2016061109 14400 7200 1209600 300 ;; Query time: 74 msec ;; SERVER: 108.61.21.139#53(108.61.21.139) ;; WHEN: Fri Dec 09 10:24:29 GMT 2016 ;; MSG SIZE rcvd: 97 Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Malin, Hebrides: Southerly, veering southwesterly, 6 to gale 8, occasionally 5 in southeast Malin. Rough at first, becoming very rough or high, occasionally very high later in west Hebrides. Rain then showers. Good, occasionally poor at first.
Re: Internet Governance Forum DNS
On Thu, Dec 08, 2016 at 03:36:03AM -0500, Joly MacFie wrote a message of 13 lines which said: > "www.intgovforum.org’s server DNS address could not be found." Welcome to the UN... Updated Date: 2016-12-08T14:33:28Z It expired and was renewed yesterday (source: Internet governance civil society mailing list). But the negative TTL of .org is 24 hours...
Re: Internet Governance Forum DNS
Thanks. My post got moderated and thus was delayed.. The site came back up about 9:30am ET on Thursday. Just in time for day 3 of the IGF in Guadalajara. I'm guessing some strings may have been pulled. j On Fri, Dec 9, 2016 at 5:37 AM, Stephane Bortzmeyer wrote: > On Thu, Dec 08, 2016 at 03:36:03AM -0500, > Joly MacFie wrote > a message of 13 lines which said: > > > "www.intgovforum.org’s server DNS address could not be found." > > Welcome to the UN... > > Updated Date: 2016-12-08T14:33:28Z > > It expired and was renewed yesterday (source: Internet governance > civil society mailing list). But the negative TTL of .org is 24 > hours... > -- --- Joly MacFie 218 565 9365 Skype:punkcast -- -
Canadian Legacy Subnets & ARIN - Looking for feedback
Hi, How easy is it to resolve? We have 4-5 subnets which where erroneously assigned to our customers when ARIN took over all the NA smaller registries like UToronto. All the paperwork refer to US legalese, which we have some difficulties meshing with Canadian resources at our disposal. ( And some level of form-phobia from my part =D ) Beside that, good friday. -- - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443
Re: Canadian Legacy Subnets & ARIN - Looking for feedback
> On Dec 9, 2016, at 8:32 AM, Alain Hebert wrote: >We have 4-5 subnets which where erroneously assigned to our > customers when ARIN took over all the NA smaller registries like UToronto. >All the paperwork refer to US legalese, which we have some > difficulties meshing with Canadian resources at our disposal. I’ve referred this to the appropriate people at ARIN. You should receive a reply shortly. -Bill (with ARIN trustee hat on)
Re: Canadian Legacy Subnets & ARIN - Looking for feedback
Alain - It shouldn't be difficult to resolve, presuming that changes were made in error. Are you the best person to work with on this, or someone else in your organization? /John John Curran President and CEO ARIN > On Dec 9, 2016, at 11:32 AM, Alain Hebert wrote: > >Hi, > >How easy is it to resolve? > >We have 4-5 subnets which where erroneously assigned to our > customers when ARIN took over all the NA smaller registries like UToronto. > >All the paperwork refer to US legalese, which we have some > difficulties meshing with Canadian resources at our disposal. > >( And some level of form-phobia from my part =D ) > >Beside that, good friday. > > -- > - > Alain Hebertaheb...@pubnix.net > PubNIX Inc. > 50 boul. St-Charles > P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 > Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 >
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, SAFNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith . Routing Table Report 04:00 +10GMT Sat 10 Dec, 2016 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary BGP routing table entries examined: 625744 Prefixes after maximum aggregation (per Origin AS): 221145 Deaggregation factor: 2.83 Unique aggregates announced (without unneeded subnets): 303392 Total ASes present in the Internet Routing Table: 55416 Prefixes per ASN: 11.29 Origin-only ASes present in the Internet Routing Table: 36308 Origin ASes announcing only one prefix: 15268 Transit ASes present in the Internet Routing Table:6548 Transit-only ASes present in the Internet Routing Table:168 Average AS path length visible in the Internet Routing Table: 4.3 Max AS path length visible: 40 Max AS path prepend of ASN ( 55644) 36 Prefixes from unregistered ASNs in the Routing Table:66 Unregistered ASNs in the Routing Table: 20 Number of 32-bit ASNs allocated by the RIRs: 16498 Number of 32-bit ASNs visible in the Routing Table: 12560 Prefixes from 32-bit ASNs in the Routing Table: 51171 Number of bogon 32-bit ASNs visible in the Routing Table: 531 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:420 Number of addresses announced to Internet: 2832567524 Equivalent to 168 /8s, 213 /16s and 140 /24s Percentage of available address space announced: 76.5 Percentage of allocated address space announced: 76.5 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 98.4 Total number of prefixes smaller than registry allocations: 207007 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes: 156955 Total APNIC prefixes after maximum aggregation: 43049 APNIC Deaggregation factor:3.65 Prefixes being announced from the APNIC address blocks: 171305 Unique aggregates announced from the APNIC address blocks:70384 APNIC Region origin ASes present in the Internet Routing Table:5185 APNIC Prefixes per ASN: 33.04 APNIC Region origin ASes announcing only one prefix: 1139 APNIC Region transit ASes present in the Internet Routing Table:938 Average APNIC Region AS path length visible:4.2 Max APNIC Region AS path length visible: 40 Number of APNIC region 32-bit ASNs visible in the Routing Table: 2545 Number of APNIC addresses announced to Internet: 761026948 Equivalent to 45 /8s, 92 /16s and 89 /24s APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 63488-64098, 64297-64395, 131072-137529 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8, 163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:188525 Total ARIN prefixes after maximum aggregation:89408 ARIN Deaggregation factor: 2.11 Prefixes being announced from the ARIN address blocks: 195025 Unique aggregates announced from the ARIN address blocks: 89499 ARIN Region origin ASes present in the Internet Routing Table:16118 ARIN Prefixes per ASN:12.10 ARIN Region origin A
SNMP syslocation field for GPS coordinates, and use with automation tools
Hello list, I'm wondering if anyone out there has been doing something like this, and what the results were like... Assuming a network with routed carrier-class CPEs for singlehomed last mile business customers, or carrier-ethernet L2 transport services for the same sort of customers. Each CPE has a full set of SNMP monitoring features and the standard syslocation field where many ISPs put the street address of the device. Has anyone out there standardized on putting GPS coordinates in this field, in decimal degrees, such as this example: 45.563694,-122.528015 (a randomly chosen location in Portland OR) Using this, it seems that one could use automation tools and scripting to populate CPE statuses and locations on a huge map, or feed into a GIS system backend (ESRI or Autodesk), which would in turn feed an interactive mapping display. Has anyone used a system such as this for NOCs to quickly identify county-sized power outages or other anomalies that affect CPEs together in specific geographic regions? Or any other examples of the use of live SNMP location data on a large scale with thousands of CPEs.
Re: Cogent Router code updates during height of ecommerce season?
Are they not doing these during maintenance windows? Anytime we get a notice from Cogent, Level3, Att they are always during a maintenance window at least a week ahead of time. We have yet to see any maintenance window notifications from Hurricane Electric. Maybe our circuit has never had to have one in a few years. Or maybe they have so much redundancy it doesn’t matter and we never see the maintenance. Justin Wilson j...@mtin.net --- http://www.mtin.net Owner/CEO xISP Solutions- Consulting – Data Centers - Bandwidth http://www.midwest-ix.com COO/Chairman Internet Exchange - Peering - Distributed Fabric > On Dec 8, 2016, at 11:09 AM, Drew Weaver wrote: > > Hello, > > Over the last several days we have had interruptions at multiple times in our > service with Cogent due to them performing router code updates on multiple > nodes. I know that some companies put these sorts of updates on hold during > the holiday season but I was wondering if anyone has heard of any unannounced > security flaws that only larger companies such as Cogent would be privy to? > > I am certain that if you have heard of these flaws you cannot post the > details but a simple yes or no about the existence of such a thing is plenty > for me. > > Happy Holidays > > Thanks, > -Drew >
Re: Cogent Router code updates during height of ecommerce season?
On 12/9/16 11:30 AM, Justin Wilson wrote: > Are they not doing these during maintenance windows? Anytime we get a notice > from Cogent, Level3, Att they are always during a maintenance window at least > a week ahead of time. We have yet to see any maintenance window > notifications from Hurricane Electric. Maybe our circuit has never had to > have one in a few years. Or maybe they have so much redundancy it doesn’t > matter and we never see the maintenance. FWIW I have a few Cogent circuits, The maintenance look normalish and are all scheduled per their normal process, I aware of at least one cisco bug related to source mac usage they had that was annoying if not catastrophic since it was visible on our ports. > > Justin Wilson > j...@mtin.net > > --- > http://www.mtin.net Owner/CEO > xISP Solutions- Consulting – Data Centers - Bandwidth > > http://www.midwest-ix.com COO/Chairman > Internet Exchange - Peering - Distributed Fabric > >> On Dec 8, 2016, at 11:09 AM, Drew Weaver wrote: >> >> Hello, >> >> Over the last several days we have had interruptions at multiple times in >> our service with Cogent due to them performing router code updates on >> multiple nodes. I know that some companies put these sorts of updates on >> hold during the holiday season but I was wondering if anyone has heard of >> any unannounced security flaws that only larger companies such as Cogent >> would be privy to? >> >> I am certain that if you have heard of these flaws you cannot post the >> details but a simple yes or no about the existence of such a thing is plenty >> for me. >> >> Happy Holidays >> >> Thanks, >> -Drew >> > signature.asc Description: OpenPGP digital signature
Re: Avalanche botnet takedown
In message <20161201201124.982f2...@m0086238.ppops.net>, sur...@mauigateway.com wrote: >In message <20161201124527.9be45...@m0087798.ppops.net>, >sur...@mauigateway.com wrote: > >>What is your suggestion to keep the sky from falling? > >My full answer, if fully elaborated, would bore you and >everybody else to tears, so I'll try to give you an >abbreviated version. > >It seems to be that it comes down to three things... >acceptance, leadership, and new thinking. >-- > >In acceptance you seem to want various laws made to >control it. Yes. >In leadership you seem to want the masses to uprise against >the "tier 1" folks and force it there. Actually, I'm not 100% sure even that would do it. Look at the banks, who are now widley loathed, and yet they still continue to get away with massive crimes and nobody is seriously punished. But wider public awarness of jsut what the problems are, and just who can and should be working to correct them would be helpful. >In new thinking you seem to want various governments to >band together to form a "law of cyber" coalition Yes. >and for a "you must be this tall to ride the internet" measurement. No, I never said that. I don't care how tall you are, or how young or how old or how whatever you are. You should be able to use the Internet. But with privledges should come some accountability, and that is entirely lacking at present. >You also mention "When is the industry going to start >admitting to itself that individual end-lusers can be >dangerous, sometimes even to the tune of $tens of millions >of dollars? In short, when is this industry going to start >vetting people..." > >I believe 'this industry' does recognize it and no one can >get a list of everyone on this planet that is allowed to >'play' on the internet. Correct. And that is a major part of the problem. >Did I get the gist of your response correct? Partially. See above. Regards, rfg
Re: Canadian Legacy Subnets & ARIN - Looking for feedback
Hi, Yes that is the harder part, and that they date back from the UToronto days (93-96 or about). I do not think any of those faxes survived (or someone bothered archiving them on micro fiche) =D In any case, thx for the follow up. - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 On 12/09/16 12:31, John Curran wrote: > Alain - > > It shouldn't be difficult to resolve, presuming that changes were > made in error. > > Are you the best person to work with on this, or someone else in > your organization? > > /John > > John Curran > President and CEO > ARIN > >> On Dec 9, 2016, at 11:32 AM, Alain Hebert wrote: >> >>Hi, >> >>How easy is it to resolve? >> >>We have 4-5 subnets which where erroneously assigned to our >> customers when ARIN took over all the NA smaller registries like UToronto. >> >>All the paperwork refer to US legalese, which we have some >> difficulties meshing with Canadian resources at our disposal. >> >>( And some level of form-phobia from my part =D ) >> >>Beside that, good friday. >> >> -- >> - >> Alain Hebertaheb...@pubnix.net >> PubNIX Inc. >> 50 boul. St-Charles >> P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 >> Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 >>
RE: SNMP syslocation field for GPS coordinates, and use with automation tools
Yes. But don’t just put in coordinates... Put in other details and use a standard separator 😊 alan
Re: Canadian Legacy Subnets & ARIN - Looking for feedback
On Fri, Dec 09, 2016 at 03:23:54PM -0500, Alain Hebert wrote: > Yes that is the harder part, and that they date back from the > UToronto days (93-96 or about). > > I do not think any of those faxes survived (or someone bothered > archiving them on micro fiche) =D open a dialogue with the folks at ARIN. my guess is they have a cache of documents that were forwarded to them by the likes of herb kugel and others, when the transition happened. they may not be complete, but they will likely have enough info to get you authorized to fix things up. when it comes to the legacy stuff, i've found ARIN to be fair, but thorough. --jim > > In any case, thx for the follow up. > > - > Alain Hebertaheb...@pubnix.net > PubNIX Inc. > 50 boul. St-Charles > P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 > Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 > > On 12/09/16 12:31, John Curran wrote: > > Alain - > > > > It shouldn't be difficult to resolve, presuming that changes were > > made in error. > > > > Are you the best person to work with on this, or someone else in > > your organization? > > > > /John > > > > John Curran > > President and CEO > > ARIN > > > >> On Dec 9, 2016, at 11:32 AM, Alain Hebert wrote: > >> > >>Hi, > >> > >>How easy is it to resolve? > >> > >>We have 4-5 subnets which where erroneously assigned to our > >> customers when ARIN took over all the NA smaller registries like UToronto. > >> > >>All the paperwork refer to US legalese, which we have some > >> difficulties meshing with Canadian resources at our disposal. > >> > >>( And some level of form-phobia from my part =D ) > >> > >>Beside that, good friday. > >> > >> -- > >> - > >> Alain Hebertaheb...@pubnix.net > >> PubNIX Inc. > >> 50 boul. St-Charles > >> P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 > >> Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 > >> -- Jim Mercer Reptilian Research j...@reptiles.org+1 416 410-5633 Life should not be a journey to the grave with the intention of arriving safely in a pretty and well preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming "Wow! What a Ride!" -- Hunter S. Thompson
Re: SNMP syslocation field for GPS coordinates, and use with automation tools
Yes, that's along the lines of what I was thinking. Pre-define a certain number of columns of data that will fit in the snmp syslocation field in most devices (some vendors have surprisingly short string length limits, grr). And use something like a pipe delimited CSV format in that field, so it has the comma separated decimal degrees lat/long in one column, and human readable street address in another. Also worth noting that many recent SNMP-enabled, high capacity point to point microwave radios have built in GPS receivers for timing and location purposes, which gather elevation data (in meters above MSL usually). Perhaps a column for elevation in meters MSL. The sort of data that is useful for a mobile network operator with thousands of point to point RF links on rooftops and towers, for auditing and compliance purposes. On Fri, Dec 9, 2016 at 2:09 PM, Alan Buxey wrote: > Yes. But don’t just put in coordinates... Put in other details and use a > standard separator 😊 > > > > > > alan >
Re: SNMP syslocation field for GPS coordinates, and use with automation tools
On Fri, 09 Dec 2016 22:09:40 +, Alan Buxey said: > Yes. But donât just put in coordinates... Put in other details and use a > standard separator You want to tell that to the creator of some software I recently encountered that used a non-breaking space rather than a tab, or comma, or other sane values? :) pgp3t1j08U2qZ.pgp Description: PGP signature
Re: SNMP syslocation field for GPS coordinates, and use with automation tools
If you think that's bad, the public copy of the entire Industry Canada licensed frequency database (for every type of radio system, nationwide) comes in a giant space delimited text file with many database fields truncated when they export it from whatever ancient database system they're using. Nevermind that the owner/control entity fields and many other fields also contain spaces. The FCC version which is much more sane and usable is a pipe delimited CSV format file with no fields cut off. On Fri, Dec 9, 2016 at 2:40 PM, wrote: > On Fri, 09 Dec 2016 22:09:40 +, Alan Buxey said: > > Yes. But don’t just put in coordinates... Put in other details and use > a > > standard separator > > You want to tell that to the creator of some software I recently > encountered > that used a non-breaking space rather than a tab, or comma, or other sane > values? :) > >
Re: Avalanche botnet takedown
I did some snippage, but I believe I kept to the idea. :: you seem to want various laws made to control it. > Yes. It's a global network. I want to say what country's laws, but see below. Also, if you want something to be broken beyond recognition get a government to regulate it. It'll be a major FAIL. :: you seem to want the masses to uprise against the :: "tier 1" folks and force it there. > Actually, I'm not 100% sure even that would do it. One the masses of the world will not rise up together for anything, much less that this. :: you seem to want various governments to band :: together to form a "law of cyber" coalition > Yes. This will never happen. Even if some did band together others will not and that would create a haven for the bad people. :: and for a "you must be this tall to ride the internet" :: measurement. > No, I never said that. I don't care how tall you are, > or how young or how old or how whatever you are. You > should be able to use the Internet. I should've been more clear. You didn't understand what I meant. > But with privledges should come some accountability, > and that is entirely lacking at present. How will you get a two year kid in Kaaawa, Oahu to obtain accountability before 'riding' the internet. :: no one can get a list of everyone on this planet that :: is allowed to 'play' on the internet. > Correct. And that is a major part of the problem. indeed...
