Re: Muni broadband sucks (was: New minimum speed for US broadband connections)

[Richey Goldberg]

The incumbent operators and cable companies want nothing to do with these 
networks because they already have their own.   I’ve worked with several 
smaller regional providers  and WISPs that would love to have access to muni 
networks but the local network muni either won’t allow the access or they price 
the access at a price point that it’s impossible to be competitive with the 
muni’s retail side of the house.

-richey

From: NANOG  on behalf of 
Mike Hammett 
Date: Wednesday, June 2, 2021 at 4:12 PM
To: Harry McGregor 
Cc: 
Subject: Re: Muni broadband sucks (was: New minimum speed for US broadband 
connections)

 

The government entities that I've known of building middle or last-mile fiber 
infrastructure have reported that none of the incumbent operators wanted 
anything to do with it. Not during planning, construction, post-construction, 
etc.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

 

From: "Harry McGregor" 
To: nanog@nanog.org
Sent: Wednesday, June 2, 2021 2:55:20 PM
Subject: Re: Muni broadband sucks (was: New minimum speed for US broadband 
connections)

Hi,

Glass and Copper (and aluminum) infrastructure is a natural monopoly, similar 
to water service.

It was purely by chance IMHO that we ended up with Cable Co and Tel Co internet 
competing with each other in many locations in the US.

That was aided by the following:
Technology for TV over telephone wire really did not exist at the time
Telcos were not very interested in PayTV at the time
Technology for Telephone over Coax really did not exist at the time
Cable Co's were not very interested in Telephone service at the time
Basically they were viewed as two very different businesses, with very 
different physical plant needs.  Now both of them are primarily fiber based, 
with Coax or Telephone Wire (in many cases you can not even call it twisted 
pair) as the very last interconnect segment.

We can all agree with hind sight (and a lot of us at the time) that the Tel 
Co's made some very stupid decisions. Perfect example being installing remote 
DLC/SLC units when the demand for analog dial tone skyrocketed, along with more 
copper in the ground/on poles in neighborhoods. At first this blocked ADSL 
deployment until remote DSLAMs were installed, then it turns out most were NOT 
close enough to enable VDSL2 or g.FAST for the majority of customers serviced 
by them. They were both "in the way" and "too far away" at the same time. If 
instead of the DLC/SLC units the Tel Cos had instead favored (with the correct 
tariffs) moving any residential customer who requested a second POTS line to 
ISDN BRI, they would have saved all of the physical plant work, which has 
turned out to be a horrible investment.

We learned a long time ago that water lines, sewer lines, and electric lines 
were natural monopolies, and should either have a municipal granted license, or 
should be run by the municipality.

The next generation last mile will almost have to be a similar structure for 
Layer 1 and a form of Layer 2, with Layer 3 and above services being sold by 
anyone who wants to provide the service. This will collapse Cable Co, Tel Co, 
and independent ISPs onto the same physical infrastructure.  This will work 
well for dense locations of course.

Wireless ISPs, and LEO based ISPs will still of course have a major role to 
play for at least several decades if not more.

I also agree entirely that most consumers will "pay the ISP too much" for 
service they "don't need".  I have worked with several people who were paying 
for Gigabit Cable Service, with 30Mbit upload, or in Spectrum territory, they 
had 400Mbit service with 20Mbit upload, and the "downgrade" was 200Mbit service 
with 10Mbit upload. Being as that was a single individual with very low upload 
needs beyond video meetings, I recommended he downgrade to the 200/10 service. 
In all cases, a proper WiFi network and wireless offloading has made far more 
difference vs upping the cable co speeds. My personal sweet spot right now is 
100/20 business cable or 100/100 small business fiber (for the few spots that 
have GPON service in Tucson). The next tier of business cable is 200/20, and I 
find the extra 100Mbit download really does not change much. If it was 200/30 
or 200/40, I would probably consider it.

None of the realities of current "needs" and "wants" really are going to change 
the financial need to consolidate physical networks. Unfortunately instead of 
it being a Layer1/2 provider and L3+ competition, most Internet networks in new 
developments around here are being deployed as physical layer and service 
monopolies. The home builder will make an alliance with Cox, Comcast, or 
CenturyLink, and then the others will not build out physical plant in the 
community.

-Harry

 

On 6/2/21 11:50 AM, William Herrin wrote:
On Wed, Jun 2, 2021 at 9:46 AM Andy Ringsmuth  wrote:
Muni broadband sucks for several reasons but 

Re: Abuse Contact Handling

[richey goldberg]

Is it even worth sending abuse reports anymore?   Currently we just
block bad IPs at our network border and move on but we have seen quite
an uptick lately in attacks and probes from domestic IPs (US) on our
VoIP platforms.Our #1 offender is coming from Microsoft Azure IPs.
  We have talked internally about sending abuse reports to various
networks but I'm wondering if it's even worth the effort.


-richey

On Thu, Aug 5, 2021 at 10:44 PM goemon--- via NANOG  wrote:
>
> On Thu, 5 Aug 2021, Matt Corallo wrote:
> > Thus, lots of the large hosting providers have deemed the cost of
> > actually putting a human on an abuse contact is much too high.
>
> it seems they have decided that ending up on DBL is their abuse 
> monitoring/reporting mechanism.
>
> -Dan

Re: Never push the Big Red Button (New York City subway failure)

[richey goldberg]

I once worked for a provider who had a company next door that ran a small 
datacenter of about a dozen or so racks.They had been sold and all of their 
infrastructure had been virtualized and moved to the new owner’s network.
The last task of the local admin was to just get rid of everything.   They 
didn’t care how just get it gone.So he came over and asked us to come take 
a look and we could have anything we wanted.I picked up a few servers for 
lab a bunch of racks and stuff.

While we were working I asked the guy  “So there is absolutely nothing that’s 
in production in here anymore?”He said “Yep” so I asked “Then if the power 
went off in here it wouldn’t be a big deal”   and he said “Not at all”.Then 
I asked “Can I hit the red button?”He said “Sure, I always wondered what 
happened”. I hit the button and with a loud booming sound the room went 
dead silent and then the UPS started beeping.  It was at that moment 
everyone realized that you just don’t pull the button out to restart the room.  
It took us 20 minutes to figure out how to turn it all back on.

And with that when I got back to our office I made sure someone knew how to 
restart everything if we ever had to hit our red button.


-richey

From: NANOG  on behalf of 
Roy 
Date: Thursday, September 16, 2021 at 12:41 AM
To: nanog 
Subject: Re: Never push the Big Red Button (New York City subway failure)
Miy story in the late 1970s I was working in a large computer facility
with both mainframes and mil-spec 400hz computers.
Management decided that the EPO should be tested.  So we powered down
the disk and tapes.  The electrician pressed
the EPO button and NOTHING.  Everything kept running.

Turns out a wire had come loose and the fuse in the EPO circuit had blown.

Roy

Re: Rack rails on network equipment

[richey goldberg]

30 minutes to pull a switch from the box stick ears on it and mount it in the 
rack seems like a really long time.I think at tops that portion it 
that’s a 5-10 minute job if I unbox it at my desk. I use a drill with the 
correct toque setting  and a magnetic bit to put them on while it boots on my 
desk so I can drop a base config on it.

If you are replacing defective switches often enough that this is another issue 
I think you would have bigger issues than this to address.

Like others said that most switches are in the rack for the very long haul, 
often in excess of 5 years.   The amount of time required to do the initial 
install is insignificant in the grand scheme of things.

-richey

From: NANOG  on behalf of 
Andrey Khomyakov 
Date: Friday, September 24, 2021 at 12:38 PM
To: Nanog 
Subject: Rack rails on network equipment
Hi folks,
Happy Friday!

Would you, please, share your thoughts on the following matter?

Back some 5 years ago we pulled the trigger and started phasing out Cisco and 
Juniper switching products out of our data centers (reasons for that are not 
quite relevant to the topic). We selected Dell switches in part due to Dell 
using "quick rails'' (sometimes known as speed rails or toolless rails).  This 
is where both the switch side rail and the rack side rail just snap in, thus 
not requiring a screwdriver and hands of the size no bigger than a hamster paw 
to hold those stupid proprietary screws (lookin at your, cisco) to attach those 
rails.
We went from taking 16hrs to build a row of compute (from just network 
equipment racking pov) to maybe 1hr... (we estimated that on average it took us 
30 min to rack a switch from cut open the box with Juniper switches to 5 min 
with Dell switches)
Interesting tidbit is that we actually used to manufacture custom rails for our 
Juniper EX4500 switches so the switch can be actually inserted from the back of 
the rack (you know, where most of your server ports are...) and not be blocked 
by the zero-U PDUs and all the cabling in the rack. Stock rails didn't work at 
all for us unless we used wider racks, which then, in turn, reduced floor 
capacity.

As far as I know, Dell is the only switch vendor doing toolless rails so it's a 
bit of a hardware lock-in from that point of view.

So ultimately my question to you all is how much do you care about the speed of 
racking and unracking equipment and do you tell your suppliers that you care? 
How much does the time it takes to install or replace a switch impact you?

I was having a conversation with a vendor and was pushing hard on the fact that 
their switches will end up being actually costlier for me long term just 
because my switch replacement time quadruples at least, thus requiring me to 
staff more remote hands. Am I overthinking this and artificially limiting 
myself by excluding vendors who don't ship with toolless rails (which is all of 
them now except Dell)?

Thanks for your time in advance!
--Andrey

Re: massive facebook outage presently

[richey goldberg]

In other news worker productivity is up 100% today.

-richey

From: NANOG  on behalf of 
Jason Kuehl 
Date: Monday, October 4, 2021 at 12:45 PM
To: Mel Beckman 
Cc: nanog@nanog.org list 
Subject: Re: massive facebook outage presently
Looks like they run there own nameservers and I see the soa records are even 
missing.

On Mon, Oct 4, 2021, 12:23 PM Mel Beckman 
mailto:m...@beckman.org>> wrote:
Here’s a screenshot:

Error! Filename not specified.
 -mel beckman


On Oct 4, 2021, at 9:06 AM, Eric Kuhnke 
mailto:eric.kuh...@gmail.com>> wrote:

https://downdetector.com/status/facebook/

Normally not worth mentioning random $service having an outage here, but this 
will undoubtedly generate a large volume of customer service calls.

Appears to be failure in DNS resolution.

Re: massive facebook outage presently

[richey goldberg]

No evidence that it’s intentional but…..   What’s going to be the big headline 
tonight?A Facebook whistleblower or a global outage that kept everyone from 
arguing all day long?



-richey

From: NANOG  on behalf of 
Jay Hennigan 
Date: Monday, October 4, 2021 at 3:30 PM
To: nanog@nanog.org 
Subject: Re: massive facebook outage presently
On 10/4/21 12:11, b...@theworld.com wrote:
>
> Although I believe it's generally true that if a company appears
> prominently in the news it's liable to be attacked I assume because
> the miscreants sit around thinking "hmm, who shall we attack today oh
> look at that shiny headline!" I'd hate to ascribe any altruistic
> motivation w/o some evidence like even a credible twitter post (maybe
> they posted that on FB? :-)

I personally believe that the outage was caused by human error and not
something malicious. Time will tell.

However, if you missed the 60 Minutes piece, it was a former employee
who spoke out with some rather powerful observations. I don't think that
this type of worldwide outage was caused by an outside bad actor. It is
certainly within the realm of possibility that it was an inside job.

In other news:

https://twitter.com/disclosetv/status/1445100931947892736?s=20

--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

Re: home router battery backup

[richey goldberg]

At my last employer we installed lots of Adtrans at Car Dealerships, Hotels, 
and other SMBs.It was common for them to have a small UPS but 9 times out 
of 10 the UPS 2-3 times older than the life cycle of the battery and no one 
ever knew that you could change the battery in them.So they usually just 
had a heavy power strip that was prone to failing after a power loss.

We did have the option to install a battery back up on the Adtran but it would 
have been useless because most of them didn’t have any kind of backup power for 
their PBXs.


I’m pretty sure that my own power protection on my network gear and theater 
gear far exceeded the average end user’s remote offices.

-richey

From: NANOG  on behalf of 
Andy Ringsmuth 
Date: Wednesday, January 12, 2022 at 1:16 PM
To: Scott T Anderson , Scott T Anderson via NANOG 

Subject: Re: home router battery backup

> On Jan 12, 2022, at 11:35 AM, Scott T Anderson via NANOG  
> wrote:
>
> Hi NANOG mailing list,
>
> I am a graduate student, currently conducting research on how power outages 
> affect home Internet users. I know that the FCC has a regulation since 2015 
> (47 CFR Section 9.20) requiring ISPs to provide an option to voice customers 
> to purchase a battery backup for emergency voice services during power 
> outages. As this is only an option and only applies to customers who 
> subscribe to voice services, I was wondering if anyone had any insights on 
> the prevalence of battery backup for home modem/routers? I.e., what 
> percentage of home users actually install a battery backup in their home 
> modem/router or use an external UPS?
>
> Thanks.
> Scott

Given that most people barely even know what their home router is, I suspect 
the percentage would be somewhere south of 1 percent. Outside of my home, I 
honestly cannot recall EVER seeing someone’s home using a battery backup for 
their internet infrastructure.

I personally do, but of course I (and probably everyone on this list) am by no 
means representative of the population at large in this particular area.


Andy Ringsmuth
5609 Harding Drive
Lincoln, NE 68521-5831
(402) 304-0083
a...@andyring.com

Re: Russian aligned ASNs?

[richey goldberg]

I don’t think that refusing Russian ASNs will do much to stop any kind of 
attacks.   They are going to attack from botnets that are global so that’s not 
going to stop them.If anything blocking Russian ASNs will stop the flow of 
information going into Russia. I think we’re better off doing what we can 
to take down any machines that are participating in attacks if they live on 
machines that are downstream from you.   One of the biggest issues I face in my 
daily tasks is getting other provers to take down machines.   I’m talking to 
you Microsoft, Amazon, Digital Ocean and the likes…..


-richey

From: NANOG  on behalf of 
William Allen Simpson 
Date: Thursday, February 24, 2022 at 7:41 PM
To: North American Network Operators Group 
Subject: Russian aligned ASNs?
There have been reports of DDoS and new targeted malware attacks.

There were questions in the media about cutting off the Internet.

Apparently some Russian government sites have already cut themselves
off, presumably to avoid counterattacks.

Would it improve Internet health to refuse Russian ASN announcements?

What is our community doing to assist Ukraine against these attacks?

Re: Russian aligned ASNs?

[richey goldberg]

They have the skills and the ability to stop it but the people who report the 
traffic represent 0% of their revenue so they could care less.It’s the same 
actors every single day.   Microsoft,  Amazon, Google, Phychz Networks, Digital 
Ocean, etc. that spew garbage from their networks.   For a while we would send 
abuse reports because management felt it would do nothing even though we told 
them it wouldn’t.   Out all of the reports sent I only ever saw one 
response that wasn’t a canned response and it was from Microsoft that basically 
said “Yea, we know it’s an issue but they pay us and you don’t so block it 
yourself”.

Of course it it’s your customer that’s sending them crap traffic they will go 
nuclear if you don’t remove the offending traffic in .1337 seconds.

-richey


From: Mike Hammett 
Date: Monday, February 28, 2022 at 10:43 AM
To: richey goldberg 
Cc: North American Network Operators Group 
Subject: Re: Russian aligned ASNs?
So the providers most likely to have the skills and capabilities to automate 
abuse mitigation are the least likely to do anything about it, even when asked?




-
Mike Hammett
Intelligent Computing Solutions<http://www.ics-il.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/ICSIL>[http://www.ics-il.com/images/googleicon.png]<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/intelligent-computing-solutions>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/ICSIL>
Midwest Internet Exchange<http://www.midwest-ix.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/mdwestix>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/midwest-internet-exchange>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/mdwestix>
The Brothers WISP<http://www.thebrotherswisp.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/thebrotherswisp>[http://www.ics-il.com/images/youtubeicon.png]<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

From: "richey goldberg" 
To: "North American Network Operators Group" 
Sent: Thursday, February 24, 2022 9:16:13 PM
Subject: Re: Russian aligned ASNs?
I don’t think that refusing Russian ASNs will do much to stop any kind of 
attacks.   They are going to attack from botnets that are global so that’s not 
going to stop them.If anything blocking Russian ASNs will stop the flow of 
information going into Russia. I think we’re better off doing what we can 
to take down any machines that are participating in attacks if they live on 
machines that are downstream from you.   One of the biggest issues I face in my 
daily tasks is getting other provers to take down machines.   I’m talking to 
you Microsoft, Amazon, Digital Ocean and the likes…..


-richey

From: NANOG  on behalf of 
William Allen Simpson 
Date: Thursday, February 24, 2022 at 7:41 PM
To: North American Network Operators Group 
Subject: Russian aligned ASNs?
There have been reports of DDoS and new targeted malware attacks.

There were questions in the media about cutting off the Internet.

Apparently some Russian government sites have already cut themselves
off, presumably to avoid counterattacks.

Would it improve Internet health to refuse Russian ASN announcements?

What is our community doing to assist Ukraine against these attacks?

Re: Sigh, friends don't let politicians write tech laws

[richey goldberg]

If heavily left leaning tech companies didn’t monkey with political content 
then they wouldn’t feel a need for such legislation.

-richey

From: NANOG  on behalf of 
Anne Mitchell 
Date: Friday, July 29, 2022 at 5:58 PM
To: nanog@nanog.org 
Subject: Re: Sigh, friends don't let politicians write tech laws


> On Jul 29, 2022, at 3:37 PM, John Levine  wrote:
>
> It appears that Michael Thomas  said:
>> -=-=-=-=-=-
>>
>>
>> https://www.congress.gov/bill/117th-congress/senate-bill/4409/text?r=9&s=1
>>
>> the body of the proposed law:
>
> This bill was filed by a bunch of the usual right wing suspects about
> a month ago.  It was referred to committee, like all filed bills, and
> I very much doubt it will ever emerge.

I'm inclined to agree, except that as we've seen Google has already attempted 
to cave, which means that they (the bills' sponsors) will feel even more 
emboldened, and can point to Google's "pilot program" as evidence that "even 
Google admits there is a problem, so we need the law to make the other big 
providers do it."

I believe we can't rely on it being buried without a little help.  It costs 
nothing to send an email to a representative, so..why not provide that help. ;~)

Anne

--
Anne P. Mitchell, Attorney at Law
CEO Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

Re: Google Abuse

[richey goldberg]

Google is pretty unresponsive when it comes to this stuff.I wasted a lot of 
time trying to report attacks against our networks that turned out to be a 
futile exercise.It’s an issue that’s all too common to the large providers. 
  Microsoft, Digital Ocean, Amazon, etc, all of them make you jump through 
hoops to report issues that are rarely handled. When it’s the other way and 
they are reporting issues with a user on your network they can get pretty 
demanding that you address it right away.

We just have to block and move on if you want anything done in a timely manner.

-richey

From: NANOG  on behalf of 
Cristian Cardoso 
Date: Tuesday, August 16, 2022 at 10:29 AM
To: nanog@nanog.org 
Subject: Google Abuse
Hi

I'm receiving thousands of requests from a Google Clou VM on my network, I've 
already sent reports to Abuse from GCP, but without success, does anyone happen 
to have a Google abuse contact to indicate?

Re: Google Abuse

[richey goldberg]

“thought that google fi was a neutral pipe.”

There is nothing neutral about Google or any of companies that are their 
competitors.They all have some sort of agenda which is to do what’s best 
for them or what they *think* is best for everyone else.  Even if it’s not.

“are google, like fb, recording and retaining direct messages and sms/mms 
contents”

They may tell you they are not but there is no doubt in my mind they are and if 
they got caught their response would be “Oopsie, my bad”.

-richey


From: NANOG  on behalf of 
Mark Seiden 
Date: Tuesday, August 16, 2022 at 3:48 PM
To: Jon Lewis 
Cc: nanog@nanog.org 
Subject: Re: Google Abuse
well, that isn’t exactly true.

ALL of the fraudsters, business email compromisers, spoofing accounts are now 
from gmail and as far as i can tell,
there is no evidence that they do ANYTHING about them.i recently gave a 
talk on fraudulent restaurant reviews
in google maps.  easy for humans to spot.  (hundreds of machine learning 
engineers at google.  what are they doing?)

but here’s a counterexample… not that it serves anyone particularly well:

a colleague of mine (ex googler, superb engineer, with a brother who is a 
current googler) had ALL of his google accounts
deactivated recently.  a google fi customer, he used it to send an mms photo of 
a rash on his toddler’s crotch to his wife,
so she could upload it (using https) to their pediatrician’s portal for 
diagnosis.

a few days later the cops were at the door with a search warrant.  the cops 
agreed it was a false positive, but despite that,
the accounts were deactivated (including gmail), seemingly permanently, despite 
multiple attempts to revive it and attempts
at escalation.

i was actually surprised.  i thought that google fi was a neutral pipe.

who knew that google mines mms images for pink parts?

do the other cell phone companies do the same?  (not that i particularly need 
to test it…)

(is there any transparency here regarding the scanning and retention policy for 
sms and mms contents?)

which raises, in the post-boggs world, another question:

are google, like fb, recording and retaining direct messages and sms/mms 
contents, so they can turn them over
to law enforcement who have become “interested" in who was pregnant and who 
stopped being pregnant?

https://www.vice.com/en/article/n7zevd/this-is-the-data-facebook-gave-police-to-prosecute-a-teenager-for-abortion

(once again, there ain’t no sanity clause.)


> On Aug 16, 2022, at 10:43 AM, Jon Lewis  wrote:
>
> On Tue, 16 Aug 2022, Cristian Cardoso wrote:
>
>> Hi
>> I'm receiving thousands of requests from a Google Clou VM on my network, 
>> I've already sent reports to Abuse from GCP, but without success, does 
>> anyone happen to have a Google abuse
>> contact to indicate?
>
> There is no Google abuse.  It's just traffic you don't want that they don't 
> care about.  Block it at your edge and move on.
>
> --
> Jon Lewis, MCP :)   |  I route
> StackPath, Sr. Neteng   |  therefore you are
> _ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: U.S. Court PACER system overloaded by public interest

[richey goldberg]

You can reproduce the document by taking a blank sheet of paper and a fat
sharpie and coloring it black.  :).

-richey.

On Fri, Aug 26, 2022 at 2:34 PM Anne Mitchell  wrote:

> For anyone wanting the document and unable to get it through Pacer, we
> have it locally and I'm happy to make it available, just let me know.
>
> > On Aug 26, 2022, at 12:07 PM, Sean Donelan  wrote:
> >
> >
> >
> > Having some experience with documents of extreme public interest, and
> web sites getting overloaded (Starr Report on President Clinton, 1998)...
> >
> > its nice to see government web sites still get overloaded several
> decades later.
> >
> > "PACER Service Under Fire After Trump Affidavit Crash Reports"
> >
> > PACER is the electronic document system used by the U.S. Court System.
>
>

Re: any dangers of filtering every /24 on full internet table to preserve FIB space ?

[richey goldberg]

The OP can always take the provider's address space plus their
customer's routes and use a default route to fill in the blanks.I
did this at a provider years ago where the global routing table
outgrew the speed they could spend the money on upgrades and it worked
out well.I think it was two upstreams and a connection into  a TIE
with good peering.


-richey

On Mon, Oct 10, 2022 at 4:11 PM Geoff Huston  wrote:
>
>
>
> > On 11 Oct 2022, at 4:23 am, Tobias Fiebig 
> >  wrote:
> >
> > Heho,
> > Let alone $all the /24 assigned under the RIPE waiting list policy.
> >
> > In the Geoff Huston spirit, I quickly took a look how less specifics for 
> > /24s looks in my table:
> >
> […]
>
> > So it seems like there is a healthy amount (~260k) prefixes which lack a 
> > less specific.
>
>
> I also looked using a slightly different approach - namely looking for /24s 
> where there was no spanning aggregate that matched the /24’s AS Path. In my 
> local table there are 224,580 of them.
>
>
> Geoff
>
>
>

Re: AS8075(Microsoft) Contact

[richey goldberg]

Unless you are mega huge gigantor network they will never respond.  I tried for 
a year doing everything they required when I worked for another provider and 
could never get anywhere with them. It’s kind of like reporting abuse to 
them.   They just don’t seem to care if you are not big enough.

0richey

From: NANOG  on behalf of 
netops Network Operations via NANOG 
Date: Thursday, January 12, 2023 at 8:04 AM
To: nanog list 
Subject: AS8075(Microsoft) Contact
Hi,
Is anybody from AS8075(Microsoft) on the list ?

We are trying to establish BGP Public/Exchange Peering Sessions for almost 3 
months... Multiple emails sent to 
peer...@microsoft.com and 
inte...@microsoft.com, but never heard back.
Later we followed the guide and created all the connections via Azure 
PowerShell and again, it is in PendingApproval State for more then 1 month.
Does everybody has the same experience establishing BGP Peering Sessions with 
Microsoft ?

Re: Aptum refuses to SWIP

[richey goldberg]

The only real reason I can think that you would want space SWIPed to you is if 
you are trying to get an allocation of your own and trying to prove you have 
existing space to renumber out of.

In 25 years of working for ISPs I don’t think I’ve ever worked for one that 
SWIPed IP space of any size to an end user and I don’t think I’ve ever seen a 
request.  Mostly because no one wants to put a list of customers out in the 
public domain.

In the early 2000s I worked for a local provider who had a competing Muni who 
was using whois and rDNS to target all of the local provider’s customers.   I 
overheard two of their sales guys while eating at a local restaurant telling 
each other how they could use that info for leads and which tech was helping 
them get it. I went back to the office that afternoon and sanitized our 
rDNS to put a stop to that.

-richey

From: NANOG  on behalf of 
Forrest Christian (List Account) 
Date: Thursday, May 4, 2023 at 10:09 PM
To: Lyndon Nerenberg (VE7TFX/VE6BBM) 
Cc: nanog list 
Subject: Re: Aptum refuses to SWIP
I can't speak for aptum, but I'm curious as to why this is important to you?   
I'm not trying to discount this at all,  just curious why this matters in the 
internet of 2023.

I went through a couple years back and removed all of our mostly outdated SWIP 
data and replaced it with generic information.  But I run an eyeballs network 
and I don't remember the last time we allocated something shorter than a /28 to 
a customer.

I can think of a couple reasons it might be good for the swip to still reflect 
the actual customer.   But most of the ones I can think of don't apply as much 
anymore.   About the only things I can think about which may matter has to do 
with reverse dns delegation if the parent block is smaller than a /16 and maybe 
having specific contact or address information in specific circumstances.

Mainly I'm asking to update my personal knowledge of how these records are used 
anymore.

On Thu, May 4, 2023, 3:36 PM Lyndon Nerenberg (VE7TFX/VE6BBM) 
mailto:lyn...@orthanc.ca>> wrote:
It seems Aptum has decided they will no longer SWIP any of their
address space.  I've been trying to get a SWIP for a /48 that we
were allocated in 2017, but they refuse.  And I also see they have
pro-actively gone in and un-SWIPed both our /24s.

Since you are ignoring my tickets about this, maybe somebody from
Aptum would care to speak up in public and defend this "policy?"

--lyndon

Re: Aptum refuses to SWIP

[Richey Goldberg]

I wonder.  Has there ever been a case where ARIN took action for a violation of 
this policy?   

Richey 
.

> On May 5, 2023, at 1:08 PM, Blake Hudson  wrote:
> 
>  
> On 5/4/2023 9:09 PM, Forrest Christian (List Account) wrote:
>> I can't speak for aptum, but I'm curious as to why this is important to you? 
> 
> SWIP'ing or delegating address space is a requirement of the contract signed 
> with ARIN when the addresses were granted. If you route a /24 to a customer 
> and you are not keeping WHOIS updated, my understanding is that you are in 
> violation of that agreement which might put your ability to use those 
> addresses in the future in jeopardy.
> 
> 
> https://www.arin.net/participate/policy/nrpm/#4-2-3-7-registration
>> 4.2.3.7. Registration
>> 
>> ISPs are required to demonstrate efficient use of IP address space 
>> allocations by providing appropriate documentation, including but not 
>> limited to assignment histories, showing their efficient use.
>> 
>> 4.2.3.7.1. Reassignment and Reallocation Information
>> 
>> Each IPv4 reassignment or reallocation containing a /29 or more addresses 
>> shall be registered via SWIP or a directory services system which meets the 
>> standards set forth in section 3.2.
>> 
>> Reassignment registrations must include each customer name, except where 
>> specifically exempted by this policy. Reassignment registrations shall only 
>> include point of contact (POC) information if either: (1) requested by the 
>> customer; or (2) the reassigned block is intended to be routed and announced 
>> outside of the provider’s network.
>> 
>> Reallocation registrations must contain the customer’s organization name and 
>> appropriate point of contact (POC) information.
>> 
> 
> https://www.arin.net/participate/policy/nrpm/#6-5-5-registration
>> 6.5.5.1. Reassignment Information
>> 
>> Each static IPv6 reassignment or reallocation containing a /47 or more 
>> addresses, or subdelegation of any size that will be individually announced, 
>> shall be registered in the WHOIS directory via SWIP or a distributed service 
>> which meets the standards set forth in section 3.2. Reassignment and 
>> reallocation registrations shall include each client’s organizational 
>> information, except where specifically exempted by this policy.

Hulu thinks we're a VPN provider.

[richey goldberg]

Our ASN is under one our company names,  VPNtranet which was formed long before 
streaming services and consumer VPNs were a thing.   At no time have we or will 
we ever offer VPN services however we have recently been blocked by Hulu 
because they have assumed we’re a VPN provider. Trying to get to someone at 
Hulu has been challenging because the limited contact we have had with support 
has been a very futile effort.

Does anyone have a contact or know how you can communicate with someone at Hulu 
has a clue?


-richey

Re: Stealthy Overlay Network Re: 202401100645.AYC Re: IPv4 address block

[richey goldberg]

That seems to be what NANOG is good at.  There is always a topic that seems to 
drag on for weeks after all valid points of the discussion have been fully 
discussed.


-richey

From: NANOG  on behalf of 
Christopher Morrow 
Date: Thursday, January 18, 2024 at 11:29 PM
To: Christopher Hawker 
Cc: Abraham Y. Chen , nanog@nanog.org 
Subject: Re: Stealthy Overlay Network Re: 202401100645.AYC Re: IPv4 address 
block
Why is this conversation even still going on?
It's been established ~100 messages ago that the plan here is nonsense.
it's been established ~80 messages ago that the 'lemme swap subjects to confuse 
the issue' is nonsense.

stop feeding the troll.

On Thu, Jan 18, 2024 at 11:20 PM Christopher Hawker 
mailto:ch...@thesysadmin.au>> wrote:
According to the diagram on page 8 of the presentation on your website at 
https://www.avinta.com/phoenix-1/home/EzIPenhancedInternet.pdf, it simply 
identifies 240/4 as CGNAT space. Routing between regional access networks 
typically doesn't take place when using such space on an ISP network, and most 
ISPs (that I know of) will offer public addressing when it is required. 
Further, if you think the need for DHCP will be eliminated through the use of 
your solution, I hate to say it, but ISPs will not statically configure WAN 
addressing on CPE for residential services. It would simply increase the 
workload of their support and provisioning teams. Right now, in cases where 
ISPs use DHCP, they can simply ship a router to an end-user, the user plugs it 
in, turns it on, and away they go. Connectivity to the internet.

If an end-user has a router that does not support OpenWRT, it will require the 
end-user to replace their router with one that does in order to connect to an 
EzIP-enabled network. This is not reasonably practical. This would also require 
router vendors to support connectivity to a proprietary "semi-public router".

Again, for the sake of completeness, this solution is a waste of time and 
resources. A carrier would not have a need for more than ~4.1m devices on a 
single regional access network and some may run more than one in a single 
region, so as not to put all of their proverbial eggs into the same basket.

Regards,
Christopher Hawker

On Fri, 19 Jan 2024 at 14:49, Abraham Y. Chen 
mailto:ayc...@avinta.com>> wrote:
Hi, Christopher:

1)" If "EzIP" is about using 240/4 as CGNAT space, ...   ":

This correlation is just the starting point for EzIP deployment, so that it 
would not be regarded as a base-less crazy dream. Once a 240/4 enabled RAN is 
established as a new network overlaying on the CG-NAT infrastructure, the 
benefits of making use of the 240/4 resources can begin to be considered. For 
example, with sufficient addresses, static address administration can be 
practiced within a RAN which will remove the need for DHCP service. From this, 
related consequences may be discussed.

2)" I don't think you quite grasp the concept that OpenWRT is not 
compatible with devices that do not support it.  it would not be 
appropriate to expect every device vendor to support it.  ...   ":

Perhaps we have some offset about the terminology of "who supports whom?" 
My understanding of the OpenWrt project is that it is an open-source program 
code that supports a long list (but not all) of primarily commercial RGs 
(Residential/Routing Gateways) and WiFi routers that serve / support CPE 
devices (on-premises IoTs). Its basic purpose is to let private network owners 
to replace the firmware code in the RGs with the OpenWrt equivalent so that 
they will have full control of their RGs and then modify them if desired. Thus, 
the basic release of each OpenWrt code maintains most of the original 
functionalities in the OEM device. So, neither the original RG nor any IoT 
manufacturers need be involved with the OpenWrt, let alone supporting it. My 
reference to its V19.07.3 was the version that expanded its usable address pool 
to include 240/4. That was all.

For sure, OpenWrt does not run on all RGs in the field. But, this does not 
restrict an overlay network like RAN from starting to network only those 
premises with RGs that run on OpenWrt (plus those RGs compatible with 240/4 
from the factories). Since the existing CG-NAT is not disturbed and daily 
Internet services are going normally, RAN growth can take its time.
3)" You've provided a link to a D-Link managed switch, not a router. Just 
because it can support L2 routing, doesn't make it a router.   ":

Correct, this is just a basic example for networking the RGs to experiment 
the RAN configuration. It is not intended to be a full-fledged router which 
will have other considerations that are way beyond what EzIP should be involved 
with.


Regards,


Abe (2024-01-18 22:48)


On 2024-01-15 18:33, Christopher Hawker wrote:
If "EzIP" is about using 240/4 as CGNAT space, let's call it what it is, not 
rename something that already exists and attempt to claim it as a new i

Re: The Reg does 240/4

[richey goldberg]

They support /31s and have for some time.   The trick we found is that the 
Mikrotik has to be the higher numbered IP and network address has to be the 
lower

add address=x.x.x.61/31 interface=ether1--dia network=x.x.x.60

Then point your default route at the lower numbered IP in the /31.


-richey


From: NANOG  on behalf of 
Bryan Holloway 
Date: Tuesday, February 13, 2024 at 11:05 AM
To: NANOG list 
Subject: Re: The Reg does 240/4
Let me know when they support /31s.


On 2/13/24 08:07, Dave Taht wrote:
> And routerOS is one of
> the more up to date platforms.