Hurricane Electric now uses ASPA to do hop by hop checking of AS paths
when deciding which routes to accept when building prefix filters.
Here is an example of a route failing the ASPA check.
44.31.69.0/24,rejected,AS path 4635 9002 945 7480 38254 38254 38254
38254 38254 ASPA record exists for
Hurricane Electric now supports "Never via route servers" (the peeringdb
flag) as part of our route filtering algorithm.
Using peeringdb, an ASN may indicate that its routes should never be
learned via route servers.
As a simple detection method, currently route servers are detected at
run t
Separate from the goodness that is RFC 9234,
Regarding the comment "HE intentionally propagates some peer routes to
other peers", in all such cases involving Hurricane Electric, one side
or the other is configured as a customer and is receiving some form of
IP Transit from Hurricane Electric.
Here's a related good article:
"Excessive BGP AS-PATH prepending is a self-inflicted vulnerability"
https://blog.apnic.net/2019/07/15/excessive-bgp-as-path-prepending-is-a-self-inflicted-vulnerability/
You probably should not use a limit greater than 50 unless you want to
encourage this behavi
This kind of thing is a problem from time to time with the data we get
from route collectors.
When we see it we have to add the culprit ASN to a filter list we keep
in bgp.he.net.
It tends to be a repeat problem with some collectors and some ASNs.
We haven't really figured out why people sen
I'm pleased to announce Hurricane Electric has completed our RPKI
INVALID filtering project and we now have 0 RPKI INVALIDs in our routing
table.
Hurricane Electric has 29021 BGP sessions with 22109 prefix filters with
7191 networks directly and 8239 networks including Internet exchanges.
We filt
I'm sure if it doesn't do exactly that already, we can add it shortly.
Some of planned functionality for hijack detection is already live.
That's one of the main reasons for creating this service.
Mike.
On 6/16/19 2:48 AM, Brian Kantor wrote:
> On Sun, Jun 16, 2019 at 02:2
On 6/15/19 6:55 PM, TJ Trout wrote:
> Any simple and easy bgpmon alternatives you guys could recommend?
As a beta service you can try out rt-bgp.he.net. This is a real time
bgp monitoring service we are developing.
It's a work in progress so please make sure to send Martin Winter
any feedback o
You are assuming the routing and transit relationships in IPv4 are the
same in IPv6.
IPv4 has many many many suboptimal transit relationships where routing
is purposely suboptimal on the part of the networks in the path due to
competitive reasons. One example of suboptimal routing is traffic not
The routes you see are Cogent using IPv6 leaks.
We chase these down as we see them.
Obviously if Cogent is happy enough to use leaks, we could just give
them our IPv6 customer routes directly. ;)
As a backbone operator, I'd prefer all routing we do (for at least the
first hop leaving our networ
You mean like pulse dialing and stepper relays vs touch tone dialing?
I'm sure there were people that felt the same about that too.
That mindset is simply you already paid for the old stuff, it's working
fine, you would rather not understand or think about the problems the
new tech solves or bene
On 6/30/15 3:02 PM, Tore Anderson wrote:
* Mike Leber
I was thinking that when I posted yesterday.
These were announcements from a peer, not customer routes.
We are lowering our max prefix limits on many peers as a result of this.
We are also going towards more prefix filtering on peers
I was thinking that when I posted yesterday.
These were announcements from a peer, not customer routes.
We are lowering our max prefix limits on many peers as a result of this.
We are also going towards more prefix filtering on peers beyond bogons
and martians.
Mike.
On 6/30/15 2:19 AM, Ran
NTT's customer Sofia Connect leaked our routes to NTT. NTT accepted
these routes instead of properly filtering their customer
announcements. As a network of non-trivial size, announcing over 75,000
customer routes which is nearly 15% of the IPv4 routing table, we'd
expect the common courtesy
Because selling transport is really good revenue for facilities based
carriers everywhere and the revenue per deal is higher than selling the
same amount of Internet access (even if the bits are going to the other
side of the planet).
Consider that 1 Gbps metro ethernet layer 2 transport circu
On 9/5/13 1:47 PM, Theo de Raadt wrote:
The last six months in AlbertaIX saw no discussions (or approval) for
any action plan. Without votes, nothing can be built.
This is probably the key ideological problem and a good example not to
follow if you are trying to start an exchange. Do first,
We saw an increase in IPv6 traffic which correlated time wise with the
onset of this IPv4 incident.
Happy eyeballs in action, automatically shifting what it could.
Mike.
On 11/8/11 2:56 AM, bmann...@vacation.karoshi.com wrote:
how would a sidr-enabled routing infrastructure have fared in ye
On 10/24/11 9:18 AM, Meftah Tayeb wrote:
hello HE.NET
did you drop the 6to4 delegated prefix 192.88.99.0/24 ?
if yes please would you drop it from your BGP routing table anounced ?
thank you
Meftah Tayeb
IT Consulting
Hi!
For issues like this please email i...@he.net or n...@he.net with
On 7/7/11 6:20 AM, Jared Mauch wrote:
On Jul 7, 2011, at 2:14 AM, Mark Andrews wrote:
3) If end-to-end connectivity works,=20
Workarounds:
the IPv4 only P/PE device should have some sort of IPv6 address placed =
on transit interfaces to allow TTL expired to be sourced from something =
capab
On 6/19/11 10:47 PM, Paul Vixie wrote:
Date: Sun, 19 Jun 2011 22:32:59 -0700
From: Doug Barton
... the highly risk-averse folks who won't unconditionally enable IPv6
on their web sites because it will cause problems for 1/2000 of their
customers.
let me just say that if i was making millions
On 1/12/11 11:10 AM, Randy Bush wrote:
the first global-scale trial of IPv6, the long-anticipated upgrade to
the Internet's main communications protocol known as IPv4.
this phrasing is both amusing and deeply sad. amusing because many folk
have been running ipv6 globaly for over a decade. de
On 9/12/10 9:04 AM, todd glassey wrote:
Has anyone run into issues with HE's power and the limitations therein?
For instance they seem to want to sell a second rack of space to get any
reasonable amount of power into their enclosures.
Perhaps that was several years ago when we didn't offer cus
You can get a free IPv6 BGP tunnel from Hurricane Electric at
http://tunnelbroker.net
We have tunnel servers spread through out the world, so typically the
nearest server has reasonably low latency from your location.
Of course our main business is selling wholesale native IPv6 and IPv4
tr
Marty Anstey wrote:
Just wondering if anyone has had any experience with IPv6 training courses.
A quick search turns up a few results on the subject, but it would be
handy to hear if anyone has any firsthand experiences or recommendations.
We're based in western Canada but don't mind traveling
Patrick W. Gilmore wrote:
As for facts, there is lots of basis. HE has run a network for decades
and has never let a v4 bifurcation happen so long. Ever. They've run
v6 for a few years yet it happened.
News flash, IPv6 is new.
News flash, every single IPv6 network that gets configured th
Patrick W. Gilmore wrote:
For the v6 'Net to be used, customers - you know the people who pay for
those router things and that fiber stuff and all our salaries and such -
need to feel some comfort around it actually working. This did not help
that comfort level. And I believe it is valid to
Igor Ybema wrote:
I recently noticed that there seems a peering issue on the ipv6 internet.
As we all know hurricane is currently the largest ipv6 carrier. Other large
carriers are now implementing ipv6 on their networks, like Cogent and Telia.
However, due to some politics it seems that they a
o
you means your peer has to reduce the bandwidth they allocated to
somebody else.
Mike.
--
+ H U R R I C A N E - E L E C T R I C +
| Mike LeberWholesale IPv4 and IPv6 Transit 510 580 4100 |
| Hurricane Electric
m 2001:4068:101:119:1::77
feeder.z74.net 2001:610:637:4::211
news.nask.org.pl 2001:a10:1:::3:c9a2
Mike.
--
+ H U R R I C A N E - E L E C T R I C ----+
| Mike LeberWholesale IPv4 and IPv6 Transit 510 580 4100 |
| Hurricane Electric
ill work from our side to see where the
"interesting" 6to4 gateway is that is affecting your traceroute. We
will probably also need you to have access to the destination side as well.
Mike.
--
+ H U R R I C A N E - E L E C T R I C
<[EMAIL PROTECTED]>
To: Mike Leber <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
On Mon, Aug 11, 2008 at 11:12:35AM -0700, Mike Leber wrote:
Is there any post anywhere that provides more technical detail about how
the PowerDNS cache is not vulnerable?
Mike, very briefly, P
subscription request is awaiting moderator approval, I hope nobody will
> > mind my posting
> > it here)
> >
> > Cheers,
> > -w
>
+- H U R R I C A N E - E L E C T R I C -+
| Mike Leber Wholesale IPv4 and IPv6 Transi
n, or hoarding. Do people do
that?
pps. Of course these are provocative comments for amusement. :)
ppps. Or not if you don't have any kind of IPv6 plan. Sorry, sorry...
+- H U R R I C A N E - E L E C T R I C -----+
| Mike Leber Wholesale IPv4 and IP
9]
6* * !H 12.119.137.54
[EMAIL PROTECTED]>
In the future, please email [EMAIL PROTECTED], we will be happy to help you.
Mike.
+- H U R R I C A N E - E L E C T R I C -+
| Mike Leber Wholesale IPv4 and IPv6 Transit 510
You could imagine it might
even have a little "IPv6 accelerator" icon that shows up in your status
bar when you've switched on the nitro.
(hehehe, shaving off that extra few ms of latency, yo!)
Mike.
+----- H U R R I C A N E - E L E C T R I C -+
| Mike Leb
gestions.
Mike.
+- H U R R I C A N E - E L E C T R I C -----+
| Mike Leber Wholesale IPv4 and IPv6 Transit 510 580 4100 |
| Hurricane Electric Web Hosting Colocation AS6939 |
| [EMAIL PROTECTED] http://he.net |
+---+
ly getting rid of them
didn't cross our mind.
> Of course, Neustar, who are hosting www.ietf.org, might also want to
> look for a couple of extra transit providers who can provide them with
> real connectivity to the rest of the world.
That won't renumber Bill Manning's l
37 matches
Mail list logo
