RE: GTT blocking IPv4 address 128.31.0.39

2023-01-03 Thread Ryan Hamel
Confirmed it with a router at AS8100, static routing 128.31.0.39 towards GTT results in a blackhole and 128.31.0.1 works just fine, which means either the IP address is null routed on GTT's network at the request of MIT (got to give them the benefit of the doubt) or they are knowingly blocking Tor.

GTT blocking IPv4 address 128.31.0.39

2023-01-03 Thread Neel Chauhan
Hi, I am a customer of ReliableSite in their New Jersey location, and RS uses GTT as a transit ISP, along with Tata and Comcast. GTT appears to be blocking the IPv4 address 128.31.0.39, and RS' BGP uses GTT for 128.31.0.39. neel@t1:~ % traceroute 128.31.0.39 traceroute to 128.31.0.39 (128.3

Re: FIDO2/Passkey now supported for 2FA for ARIN Online (was: Fwd: [arin-announce] New Features Added to ARIN Online)

2023-01-03 Thread Justin Krejci
Very interesting news. Improving online security is a win and this sounds promising. Never having used FIDO2 for anything I am left, probably not uniquely, in the dark for hardware device support. The only link I found on the ARIN website for "hardware keys" was a link to another ARIN page, wh

Re: FIDO2/Passkey now supported for 2FA for ARIN Online (was: Fwd: [arin-announce] New Features Added to ARIN Online)

2023-01-03 Thread Royce Williams
On Tue, Jan 3, 2023 at 11:59 AM John Curran wrote: > FYI - ARIN Online now has FIDO2/Passkey as an option for two-factor > authentication (2FA) - this is a noted priority for some organizations. > John - this is a great step forward! Kudos to the tech team who helped make the leap - it can be da

Re: Google Speed Test

2023-01-03 Thread Dave Taht
I maintain a fleet of 15 "flent" servers across the globe, leveraging irtt, iperf, netperf, and a few other tools. I do not have the resources to publish them widely (flent.org's tools are by design, intended more for folk to quickly spin up a server and client for internal tests, because most of t

Re: FIDO2/Passkey now supported for 2FA for ARIN Online (was: Fwd: [arin-announce] New Features Added to ARIN Online)

2023-01-03 Thread John Curran
Job - Yes, we’ve heard that request (support for multiple FIDO2 security keys) and it’s on the list… We’ve got to catch up in some other areas but it won’t be forgotten. Thanks! /John John Curran President and CEO American Registry for Internet Numbers > On Jan 3, 2023, at 4:10 PM, Job S

Re: FIDO2/Passkey now supported for 2FA for ARIN Online (was: Fwd: [arin-announce] New Features Added to ARIN Online)

2023-01-03 Thread Job Snijders via NANOG
Dear John, On Tue, Jan 03, 2023 at 08:57:47PM +, John Curran wrote: > NANOGers - > > FYI - ARIN Online now has FIDO2/Passkey as an option for two-factor > authentication (2FA) - this is a noted priority for some > organizations. Thank you for sharing this wonderful news! I tried the new shin

FIDO2/Passkey now supported for 2FA for ARIN Online (was: Fwd: [arin-announce] New Features Added to ARIN Online)

2023-01-03 Thread John Curran
NANOGers - FYI - ARIN Online now has FIDO2/Passkey as an option for two-factor authentication (2FA) - this is a noted priority for some organizations. FYI, /John John Curran President and CEO American Registry for Internet Numbers Begin forwarded message: From: ARIN Subject: [arin-announce]

Re: Google Speed Test

2023-01-03 Thread Eric Dugas via NANOG
Cloudflare has https://speed.cloudflare.com and Apple has http://test.edge.apple/debug/ too. The Cloudflare speed test usually gives lesser results vs. Ookla while Apple's test URL is only useful to test on which cluster an end-customer ends up. I'll take notes about the "networkQuality" command!

Re: Google Speed Test

2023-01-03 Thread Ask Bjørn Hansen
> On Jan 3, 2023, at 08:24, Mike Hammett wrote: > > I think this is why Netflix came out with fast.com , but > AFAIK, they're the only ones that have their own tool using their own > infrastructure. macOS have a built-in “networkQuality” command line tool (`man networkQuali

Re: SDN Internet Router (sir)

2023-01-03 Thread Michel Blais
If your BGP router supports sflow or netflow and includes ASN in those, you can use akvorado, as-stat, or elastiflow. Le mar. 3 janv. 2023 à 12:16, Peter Phaal a écrit : > https://github.com/sflow-rt/active-routes > > Inspired by SIR, but uses Bird multi-table capability to separate RIB/FIB > ro

Re: SDN Internet Router (sir)

2023-01-03 Thread Mike Hammett
There are likely more networks with 10 gigabit or less total external capacity than there are with more. Creating imaginary lines in the sand doesn't really help anyone. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Me

Re: SDN Internet Router (sir)

2023-01-03 Thread Mike Hammett
The problems of today are the same as the problems of yesterday, just with bigger numbers. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mel Beckman" To: "Mike Hammett" Cc: "NANOG" Sent: Tuesda

Re: SDN Internet Router (sir)

2023-01-03 Thread Peter Phaal
https://github.com/sflow-rt/active-routes Inspired by SIR, but uses Bird multi-table capability to separate RIB/FIB routes. On Tue, Jan 3, 2023 at 7:47 AM Mike Hammett wrote: > https://github.com/dbarrosop/sir > > I came across this over the weekend. Given that the project was abandoned > six y

Re: SDN Internet Router (sir)

2023-01-03 Thread Mel Beckman
It’s not a problem, due to cheap, plentiful high-speed memory and rapid prefix search silicon in backbone routers. The entire Internet routing table consumes at most a few gigabytes when fully structured (and only a few hundred Mbytes stored flat). That’s less memory than your average laptop sp

Re: Google Speed Test

2023-01-03 Thread Mike Hammett
I think this is why Netflix came out with fast.com, but AFAIK, they're the only ones that have their own tool using their own infrastructure. Speedtest.net came out with a test that simulates video streaming and gives a bit more information than a feeling, but it can only go so far, given that

Re: Google Speed Test

2023-01-03 Thread Tom Beecher
Totally see your perspective. I'd say that's pretty unique to your space though, given the majority of (domestic) fixed broadband customers don't have that choice. But completely understand what you are saying. On Tue, Jan 3, 2023 at 11:05 AM Mike Hammett wrote: > SLAs are irrelevant to custome

Re: ROAs Expire

2023-01-03 Thread Christopher Morrow
On Tue, Jan 3, 2023 at 11:07 AM John Curran wrote: > Thank you Chris! > > (I scribed a quick reply where a lengthier one might have been best - I > usually have the opposite problem… ;-) > > hehe :) thanks for the update on the ARIN systems! > Best wishes and Happy Holidays! > you as well! >

Re: ROAs Expire

2023-01-03 Thread John Curran
Thank you Chris! (I scribed a quick reply where a lengthier one might have been best - I usually have the opposite problem… ;-) Best wishes and Happy Holidays! /John > On Jan 3, 2023, at 11:01 AM, Christopher Morrow > wrote: > > > > On Tue, Jan 3, 2023 at 10:53 AM John Curran

Re: Google Speed Test

2023-01-03 Thread Mike Hammett
SLAs are irrelevant to customer perception, only to bean counters. Few to no residential-class services have an SLA whatsoever, yet they'll be the most demanding at any perceived slight. Stand by your SLA all you want, but if a customer's expectations (realistic or not) aren't met, they'll n

Re: ROAs Expire

2023-01-03 Thread Christopher Morrow
On Tue, Jan 3, 2023 at 10:53 AM John Curran wrote: > Mike - > > A friendlier RPKI system would allow you to delegate/authorize the > automatic action of refreshing your RPKI ROA’s when they are close to > expiration. > > ARIN’s current RPKI system does not provide this (we literally cannot > unde

Re: Google Speed Test

2023-01-03 Thread Tom Beecher
Ok. But to the layperson, that is still not a meaningful test of Google's capacity. Say I'm a 'layperson' residential customer of an ISP with 1G service. I run this speedtest, and I only get 500M to Google. 1. That may still be plenty of capacity for what the user WANTS to do, but they're a lay

Re: ROAs Expire

2023-01-03 Thread Christopher Morrow
On Tue, Jan 3, 2023 at 9:58 AM Mike Hammett wrote: > ROAs expire. Creating new ones doesn't seem to be terribly difficult, but > why do they expire in the first place? > > I think this is covered in the overview rpki document (design decisions): https://datatracker.ietf.org/doc/rfc8374/ maybe

Re: ROAs Expire

2023-01-03 Thread John Curran
Mike - A friendlier RPKI system would allow you to delegate/authorize the automatic action of refreshing your RPKI ROA’s when they are close to expiration. ARIN’s current RPKI system does not provide this (we literally cannot under the present schema as we never possess the private key that’s

Re: Google Speed Test

2023-01-03 Thread Jared Mauch
On Tue, Jan 03, 2023 at 09:31:27AM -0600, Mike Hammett wrote: > Is there enough available capacity for {insert whatever the customer is > trying to do here}. > > Can they run 4 YouTubeTV streams or can they run 20? > Can they download a file at 5 megabits/s or 15 gigabits/s? > > > There's no

SDN Internet Router (sir)

2023-01-03 Thread Mike Hammett
https://github.com/dbarrosop/sir I came across this over the weekend. Given that the project was abandoned six years ago, are there any other efforts with a similar goal (more intelligently placing routes into FIBs of low-FIB capacity devices? - Mike Hammett Intelligent Computing So

Re: ROAs Expire

2023-01-03 Thread Mike Hammett
Nothing went south for me, just got an email from ARIN reminding me that they were about to expire. The reasons you stated all make sense. We'll just have to make sure it's easy enough for the less skilled or more busy operators to comply with current best practices, lest they not do it at all

Re: ROAs Expire

2023-01-03 Thread Jared Mauch
On Tue, Jan 03, 2023 at 08:56:28AM -0600, Mike Hammett wrote: > ROAs expire. Creating new ones doesn't seem to be terribly difficult, but why > do they expire in the first place? There's several reasons I can see why one would want this: 1) to ensure that proper care is maintained over

Re: Google Speed Test

2023-01-03 Thread Mike Hammett
Is there enough available capacity for {insert whatever the customer is trying to do here}. Can they run 4 YouTubeTV streams or can they run 20? Can they download a file at 5 megabits/s or 15 gigabits/s? There's not a problem to be solved, but information of a variety of types to be gleaned

Re: Google Speed Test

2023-01-03 Thread Tom Beecher
> > Are you saying that congestion doesn't exist? > Not sure how you took that from what I said. No, I am not. I am saying your request for a 'layperson' to run a speed test doesn't seem particularly useful to identify that anyways. It's not a first order tool. What is the problem you are trying

ROAs Expire

2023-01-03 Thread Mike Hammett
ROAs expire. Creating new ones doesn't seem to be terribly difficult, but why do they expire in the first place? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP

Re: Google Speed Test

2023-01-03 Thread Mike Hammett
Are you saying that congestion doesn't exist? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Tom Beecher" To: "Mike Hammett" Cc: "NANOG" Sent: Tuesday, January 3, 2023 8:50:35 AM Subject: Re: Go

Re: Google Speed Test

2023-01-03 Thread Tom Beecher
> > Does AS15169 have a speed test? It would be nice to gauge the capacity to > a particular network that's something laypeople could do. > 15169 has enough capacity to external networks that a speed test from a random 'layperson' is never going to give you any meaningful information. On Wed, Dec

Re: Google Speed Test

2023-01-03 Thread Livingood, Jason via NANOG
No only that - NDT is not even an actual speed test*. That it continues to show as the top sponsored result for "speed test" searches is a real shame. Jason * It does not test the aggregate throughput of a connection, merely what one TCP connection can achieve. It is actually a diagnostic tool