That is about like saying email from you is the authoritative source of truth
about youunless your account is hacked. Sorry but in the real business
world we give long standing customers the benefit of the doubt. We all make
judgments every day in our real lives about who we believe and wh
+1 for ElastiFlow. Couldn't be easier to set up and run. Logstash has
native support for netflow and sflow now via codecs. Kibana is an
easy-to-use dashboard. I trimmed out a bunch of stuff in the ElastiFlow
config that assumed a unidirectional network (like a corporate site).
On Tue, Mar 13, 201
On Tue, Mar 13, 2018 at 1:58 PM, Naslund, Steve wrote:
I would consider that the RIR WHOIS records are currently the network's
authoritative source of truth about IP number management.
For 99% of situations there's no such proper thing as "delaying
addressing abuse"
so someone claims they c
ARIN's fee for a /24 is $250 https://www.arin.net/fees/fee_schedule.html
That's about 1/15th of the price of a /24 on the market.
Of course, they don't have any /24s.
Unless, of course, you're deploying IPv6 and just need the /24 for your
NAT64 box, DS-Lite AFTR, or MAP-T BR.
https://www.arin
On Tue, Mar 13, 2018 at 1:59 PM, Job Snijders wrote:
> Dear Sean,
>
> On Tue, Mar 13, 2018 at 10:38:49AM -0700, Sean Pedersen wrote:
> > This is more or less the situation we're in. We contacted the customer
> > and they informed us the matter is in dispute with the RIR and that
> > their custome
I appreciate everyone's input and will incorporate it into our internal
policies going forward.
I also want to assure everyone who has taken the time to read or respond that
we're going about this methodically; our customer is involved and is responding
promptly and their customer is has opene
Mike,
All of the architecture's listed are pretty good. Nfsen is great if you
have multiple routers exporting various netflow versions with a single
daemon, but its a bit older and not as pretty/quick as something using
elastic.
Team Cymru has a netflow analyzer that matches your netflow data to
Is there a contact at upack.com that can help us? All of our subscribers
receive an error 403 access denied.
Thank you,
Matt Dittmer
AS20298
It might be archaic thinking but back in the day routers were not all that
powerful and table size was a concern so /24 was it. ARIN kind of figured if
you were smaller than a /24 you were not really on their radar and you needed
to talk to an upstream provider. It is a big system to manage an
The fact that it is a newer customer would make me talk to the RIR direct and
verify that a dispute is really in progress. I would also look at some looking
glasses and see if the prefix is being announced elsewhere, if so that might
indicate that your customer is indeed stepping on a legit own
On Tue, Mar 13, 2018 at 2:14 PM, Justin Wilson wrote:
> Even to buy it on the secondary market you have to have justification and
> show usage. So if someone buys a /24 and really only needs a /25 then what?
Hi Justin,
If you can't justify a /24 with a single hypervisor, you aren't being
creat
On Mon, 12 Mar 2018 17:44:47 -, Sam Kretchmer said:
> I am part of a small ISP based in Chicago. We have several clients
> complaining of an inability to hit a couple specific government websites,
> specifically http://tierii.iema.state.il.us/TIER2MANAGER/Account/Login.aspx
> and
> https://ww
Hi,
needing a /24 to participate in BGP has always been sort of a world-wide
standard.
Even before the explosion of the IPv4 BGP full table (which has more
than doubled in the last decade), that was the standard.
Because . if carriers (and ISPs) accepted upstream < /24, then you'd
have
On Tue, Mar 13, 2018 at 1:38 PM, Sean Pedersen
wrote:
> This is more or less the situation we're in. We contacted the customer and
> they informed us the matter is in dispute with the RIR and that their
> customer (the assignee) is in the process of resolving the issue. We have to
> allow them
Even to buy it on the secondary market you have to have justification and show
usage. So if someone buys a /24 and really only needs a /25 then what? It
ARIN, or others for that matter, going to relax those requirements? If I am an
ISP and need to do BGP, maybe because I have a big downstream
Marketplaces - supply and demand and costs to operate as Bill noted (never
thought of that) will settle out the need.
Thank You
Bob Evans
CTO
> I am looking at it from an ARIN justification point. If you are a small
> operator and need a /24 you have justification if you give customerâs
> p
Does anyone have a contact for the SOC at centurylink? I've tried
soc@centurylink and noc@centurylink, with no answer.
For whatever reason, they're mangling IP address in abuse reports, which
requires us to manually review every report. We'd really like them to
stop, and just include the IP
On Mon, Mar 12, 2018, at 10:44 AM, Sam Kretchmer wrote:
> IP's they use, specifically parts of 213.159.132/22. They can surf any
This block appears to have shifted over from RIPE into ARIN space.
I've seen a few firewalls and filtering systems that block countries or block
unallocated/weird/bog
Dear Sean,
On Tue, Mar 13, 2018 at 10:38:49AM -0700, Sean Pedersen wrote:
> This is more or less the situation we're in. We contacted the customer
> and they informed us the matter is in dispute with the RIR and that
> their customer (the assignee) is in the process of resolving the
> issue. We ha
This message has been wrapped due to the DMARC policy setting to
prevent NANOG subscribers from being unsubscribed due to bounces.
--- Begin Message ---
NANOG Community,
The NANOG Program Committee is excited to announce that we are now
accepting proposals for all sessions at NANOG 73 in Denver, C
I am looking at it from an ARIN justification point. If you are a small
operator and need a /24 you have justification if you give customer’s publics,
but is it a great line if you are only giving out publics for people who need
cameras or need to connect in from the outside world. If I need a
On 03/12/2018 10:44 AM, Sam Kretchmer wrote:
specifically http://tierii.iema.state.il.us/TIER2MANAGER/Account/Login.aspx
andhttps://www.deadiversion.usdoj.gov/.
Wireshark? It could be a problem with the sides having an infinite
referral loop. It doesn't necessarily have to be a network pro
This is more or less the situation we're in. We contacted the customer and they
informed us the matter is in dispute with the RIR and that their customer (the
assignee) is in the process of resolving the issue. We have to allow them time
to accomplish this. I've asked for additional information
On Tue, Mar 13, 2018 at 1:19 PM, Justin Wilson wrote:
> I agree that the global routing table is pretty bloated as is. But what kind
> of a solution for providers who need to participate in BGP but only need a
> /25?
Hi Justin,
If you need a /25 and BGP for multihoming or anycasting, get a /2
On Mon, Mar 12, 2018 at 1:44 PM, Sam Kretchmer wrote:
> We have several clients complaining of an inability to hit a couple specific
> government websites,
Hi Sam,
Some basic troubleshooting:
1. traceroute? TCP traceroute?
2. From an affected address, do you get a TCP connect to the site or
n
On the consulting side, I do smaller than /24 blocks to customers over tunnels.
So far this is the only option we have found that works for the smaller ISP.
We all know the routing table is bloated. We all know everyone *should* be
moving toward IPV6. A whole different discussion. But, for no
Not necessarily (only) for *flow, but very nice combo: Luca Deri's
ntopng+nprobe (https://www.ntop.org/products/traffic-analysis/ntop/)
***Stefan
On Mon, Mar 12, 2018, 6:26 PM wrote:
> Howdy!
>
> Checking out various Netflow tools and wanted to see what others are using?
>
> Kentik is cool. Are
Agreed, Reputation is everything. It is why we only work with well known
Legacy IPv4 space at this time (hence, use anywhere statement). Our space
rents for about 4x other space found on other sites. We don't do the
volume business of our competitors. Those businesses with questionable
address spac
There is also https://github.com/robcowart/elastiflow which uses the ELK stack.
Luke Guillory
Vice President – Technology and Innovation
Tel:985.536.1212
Fax:985.536.0300
Email: lguill...@reservetele.com
Reserve Telecommunications
100 RTC Dr
Reserve, LA 70084
__
Plixer is also interesting.
nfdump works great with NetFlow but support for IPFIX is somehow limited
to basics.
--
Babak
On 13 Mar 2018, at 3:20, Fredrik Korsbäck wrote:
On 2018-03-13 00:24, mike.l...@gmail.com wrote:
Howdy!
Checking out various Netflow tools and wanted to see what othe
Nanog,
I am part of a small ISP based in Chicago. We have several clients complaining
of an inability to hit a couple specific government websites, specifically
http://tierii.iema.state.il.us/TIER2MANAGER/Account/Login.aspx and
https://www.deadiversion.usdoj.gov/. It does seem to be related to
On Tue 2018-Mar-13 00:50:26 +0100, Fredrik Korsbäck wrote:
Kentik is probably top of the foodchain right now.
But they are certainly not alone in the biz. Ontop of my head...
* Flowmon
* Talaia
* Arbor Peakflow
* Deepfield
* Pmacct + supporting toolkit
* NFsen/Nfdump/AS-stats
* Put kibana/ES
FlowViewer is a robust user interface complement to Carnegie Mellon's SiLK
netflow capture and analysis tool suite.
FlowViewer provides the user with text/graphical analysis tools, multiple
dashboards, long-term tracking of filtered sets, automatic storage management,
raw netflow packet analysi
Yes, absolutely go with the RIR. Only thing I might adjust it whether I let
the customer launch a dispute with the RIR before or after I make the change
and to me that would depend on the preponderance of the evidence either way. I
might give the long term customer the reasonable doubt. A new
Biggest problems we had as a service provider is that the block is registered
to a corporate entity which is then acquired or dissolves and then you have to
figure out who actually has control. We always tried to push the dispute
process to go between the customer and the RIR when this happens.
On Tue, Mar 13, 2018 at 10:23 AM, Sean Pedersen
wrote:
> In this case we defaulted to trusting our customer and their LOA over a
> stranger on the Internet and asked our customer to review the request.
> Unfortunately, that doesn't necessarily mean a stranger on the Internet isn't
> the actual
I would insist that this customer get with the RIR and resolve ownership of the
account and prove that they did so. I would leave the burden on the RIR to
figure out who is the rightful owner and not make any changes until that is
done.
Do you have a record of what the RIR account contact was
Finally a use for block chain :p
On Mon, Mar 12, 2018 at 7:11 PM, Randy Bush wrote:
> it's a real shame there is no authorative cryptographically verifyable
> attestation of address ownership.
>
Another thing that would affect me as a service provider would be the account
history. I would probably be more skeptical if this was a long term customer
who has been announcing this prefix for a long period of time vs a new customer
that just began announcing it.
i.e. If I just began announ
Yes, exactly right. You would probably have to tunnel the /27 back to where
the >/24 lives. That's the only way I can see of it working "anywhere".
That's a technically valid solution but maybe not so hot if you are looking for
high redundancy/availability since you are dependent on the tunn
On Mon, Mar 12, 2018 at 11:46:31AM -0700, Sean Pedersen wrote:
> We recently received a demand to stop announcing a "fraudulent" prefix. Is
> there an industry best practice when handling these kind of requests? Do you
> have personal or company-specific preferences or requirements? To the best
> o
On Tue, Mar 13, 2018 at 9:23 AM, Sean Pedersen
wrote:
> In this case we defaulted to trusting our customer and their LOA over a
> stranger on the
> Internet and asked our customer to review the request. Unfortunately, that
> doesn't
> necessarily mean a stranger on the Internet isn't the actual
That site you quoted looks like text that I created. For CloudIPv4.com
(part of RentIPv4.com).
To peer most networks require assigned IPv4 space. Most networks do not
want to burn a /24 to peer. The local peering routers will propagate a
/25... /30.. etc. from the peering platform to the rest of
In this case we defaulted to trusting our customer and their LOA over a
stranger on the Internet and asked our customer to review the request.
Unfortunately, that doesn't necessarily mean a stranger on the Internet isn't
the actual assignee. A means to definitively prove "ownership" from a techn
44 matches
Mail list logo
