Simon Lockhart wrote:
Has anyone else come up against the problem, and/or have any suggestions on
how best to resolve it?
The best solution is to have a common practice on a set of public
port numbers assigned to a host behind NAT.
For example, with a practice that, if a port in a range betwe
Might help if you indicate type of service as they have lots of services
covered by different groups: IP transit, wave, dark fiber, voip, Colo, etc.
Their Enterprise division does yet other services.
Might also help if you provide at least a general location/region.
-Original Message-
Another aspect, for those users that need to go the PSN network but experience
issues via the CGNAT, an opt-out solution (giving them public IPv4) may should
mitigate the problem, that PSN network does not support IPv6.
After all what percentage of your total subscribers that uses PSN and are
g
Have a turnup we've been working on all day and no luck so far. Now
we're being told that nobody can help outside hours :(
Any help much appreciated.
Thanks
Pat
So the pain has finally flowed down to other parts of the world. (APNIC ran
out of IP's a long time ago, so CGN has been in use here for a lot longer)
This issue is one I have been dealing with for the last four years. Only
with Sony, no other company has caused such a headache in regard to CGNAT.
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG,
SAFNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG.
Daily listings are sent to bgp-st...@lists.apnic.
Doug,
Although RPKI is voluntary and decisions are local, those decisions are also
automated. DNS is voluntary, and decisions are local as well, yet the
government has been able to leverage DNS to unilaterally seize domain names
without due process. Like Maxwell's Demons, it's theoretically pos
On Friday, September 16, 2016, Simon Lockhart wrote:
> All,
>
> We operate an access network with several hundred thousand users.
> Increasingly
> we're putting the users behind CGNAT in order to continue to give them an
> IPv4
> service (we're all dual-stack, so they all get public IPv6 too). Du
Ah, the global system I was referring to was the RPKI as distributed
repository of routing information. With consistent properties (data
formats, security models, data validation techniques, etc) across all 5
RIRs.
What an ISP does with the RPKI data, interns of route filtering, is always
a local
Hi,
as others have said, need to engage with one of their other units to get this
sorted
out - as a network provider, their customers are relying on YOU to access their
service, PSN should
care.
technically, you could start looking at netflows to the PSN and see if anyone
is engaged in DDoS
v
On 16 Sep 2016, at 20:38, Simon Lockhart wrote:
Unless we know what to look for, it's hard to detect and stop it.
It's not just application-layer stuff - they're subject to all sorts of
attacks. Screening out the obvious stuff would certainly help.
The main issue is a dearth of engagemen
On Fri Sep 16, 2016 at 08:32:12PM +0700, Roland Dobbins wrote:
> Another aspect is ensuring that one has the ability to detect, classify,
> traceback, and mitigate outbound badness southbound of the CGN.
Unless PSN can tell us what traffic they consider bad, how can we detect and
classify it? We c
On 16 Sep 2016, at 20:12, Simon Lockhart wrote:
Has anyone else come up against the problem, and/or have any
suggestions on how best to resolve it?
I'm pretty sure that at least part of it has to do with DDoS-related
activity. The best bet is to try and identify and engage with the
relevan
A network that doesn't support IPv6, yet discriminates against CGNAT? That
seems like a promising future.
-
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
- Original Message -
From: "Simon Lockhart"
To: nanog@nanog.org
Sent: Fr
All,
We operate an access network with several hundred thousand users. Increasingly
we're putting the users behind CGNAT in order to continue to give them an IPv4
service (we're all dual-stack, so they all get public IPv6 too). Due to the
demographic of our users, many of them are gamers.
We're h
Mark Andrews wrote:
>
> My bet is the DNS vendor has issued a update already and that it
> hasn't been applied.
$ fpdns sauthns1.qwest.net.
fingerprint (sauthns1.qwest.net., 63.150.72.5): NLnetLabs NSD 3.1.0 -- 3.2.8
[New Rules]
fingerprint (sauthns1.qwest.net., 2001:428:0:0:0:0:0:7): NLnetLabs
16 matches
Mail list logo
