Re: DNS and subdomains

Given "cat.p.dirtside.com", to argue that "p.dirtside.com" is not a domain of which "cat.p.dirtside.com" is a sub-domain, is to claim, that “cat.p” is a single token. This is no more true than claiming a series of words with spaces can be a single word. It doesn’t matter if I think, want or inte

Re: DNS and subdomains

On Fri, Feb 28, 2025 at 3:18 PM, William Herrin wrote: > On Fri, Feb 28, 2025 at 9:11 AM Jay wrote: > > Every subdomain is in fact a domain name. > > Hi Jay, > > Not necessarily. > > Remember my example cat.p.dirtside.com? P.dirtside.com > is a subdomain of dirtside.com.

Re: OT Amazon Delivery

On Fri, Feb 28, 2025 at 6:34 AM Travis Garrison wrote: > Off Topic, can someone from Amazon please update our pin location > on our address or block amazon drivers and use other carriers? > We are located on a rural route and while we do have a 911 address, > amazon says that is not valid either.

Re: DNS and subdomains

On Fri, Feb 28, 2025 at 12:50 PM David Conrad wrote: > On Feb 28, 2025, at 12:18 PM, William Herrin wrote: > > Remember my example cat.p.dirtside.com? P.dirtside.com is a subdomain > > of dirtside.com. It's an administrative grouping of domain names that > > have a particular characteristic. Howe

Re: Traffic Flow Analyzer

Check out FlowViewer: http://flowviewer.net/ On 2/27/2025 9:40 PM, KARIM MEKKAOUI wrote: Hi Nanog Community We’re looking for a (open source, free, cost effective) tool that is able to analyze traffic flow coming from a couple of router interfaces and display capacity utilisation per IP, top

Re: DNS and subdomains

Bill, On Feb 28, 2025, at 12:18 PM, William Herrin wrote: > Remember my example cat.p.dirtside.com? P.dirtside.com is a subdomain > of dirtside.com. It's an administrative grouping of domain names that > have a particular characteristic. However, p.dirtside.com is NOT a > domain name. It has no D

Re: OT Amazon Delivery

Like Josh said, make sure the address locates correctly when using Google Maps, Apple Maps, Waze and any others you can fine, most of them have the ability to report an issue and correct the pin location. Not a guarantee, but just another step you can take. -- Bran

Re: DNS and subdomains

On Fri, Feb 28, 2025 at 9:11 AM Jay wrote: > Every subdomain is in fact a domain name. Hi Jay, Not necessarily. Remember my example cat.p.dirtside.com? P.dirtside.com is a subdomain of dirtside.com. It's an administrative grouping of domain names that have a particular characteristic. However,

Re: DNS and subdomains

On Fri, Feb 28, 2025 at 12:18 PM Harry Hoffman via NANOG wrote: > This is exactly the logic that I was operating under: A.B.EXAMPLE.COM > . is a subdomain, but it should never be > referred to > as a subdomain of EXAMPLE.COM . It is only a > subdom

Re: OT Amazon Delivery

Not an official answer but did you try adding it to Google Maps? This worked for one of our remote locations. On Fri, Feb 28, 2025 at 9:34 AM Travis Garrison wrote: > Off Topic, can someone from Amazon please update our pin location on our > address or block amazon drivers and use other carrier

Re: DNS and subdomains

Heya, Shumon! Great to hear from you and thanks for adjusting my understanding. It's also a good reminder to go read the RFCs so that I can eliminate assumptions :-) Cheers, Harry On Fri, Feb 28, 2025 at 12:29 PM Shumon Huque wrote: > On Fri, Feb 28, 2025 at 12:18 PM Harry Hoffman via NANOG >

Re: DNS and subdomains

This is exactly the logic that I was operating under: A.B.EXAMPLE.COM . is a subdomain, but it should never be referred to as a subdomain of EXAMPLE.COM . It is only a subdomain of B.EXAMPLE.COM . On Fri, Feb 28, 2025 at 12:11

Re: DNS and subdomains

On Fri, Feb 28, 2025 at 10:05 AM Stephane Bortzmeyer via NANOG wrote: > On Tue, Feb 25, 2025 at 07:36:16AM -0500, Yes. I believe the confusion is that some documentation, APIs, or software incorrectly obfuscate the concept of a domain and take that the domain is only the part registered with a d

Re: DNS and subdomains

On Tue, Feb 25, 2025 at 07:36:16AM -0500, Harry Hoffman via NANOG wrote a message of 168 lines which said: > I had a thought similar to what Bill describes, that everywhere there's a > dot (.) there's a subdomain. This is true. But a sub-domain is not always delegated (not every domain is a z

Re: Traffic Flow Analyzer

For my needs, Akvorado used substantially less resources and was ultimately easier to use than ElastiFlow, but yes there was a learning curve to getting Akvorado going/configured initially. I chose to deploy Akvorado using their docker deployment method. Regards, Graham __

Re: Traffic Flow Analyzer

Hi, For those who may still be interested in this topic, we have had very good experiences with elastiflow. The data is delivered from Juniper switches via ipfix and the elastiflow server was simply set up using docker. Two instructions were very helpful here: https://docs.docker.com/engine/

Re: Traffic Flow Analyzer

Hi, We use pmacct + postgres + grafana. This is a more flexible, but also more complex solution. Basically, as always. -- Regards, Aleksey Baluta > On 28 Feb 2025, at 04:43, Christopher Hawker wrote: > > Akvorado is a good flow collector and visualiser, and best of all it’s > open-source

Re: Traffic Flow Analyzer

On Fri, 28 Feb 2025 02:40:38 + KARIM MEKKAOUI wrote: > We're looking for a (open source, free, cost effective) tool that is > able to analyze traffic flow coming from a couple of router > interfaces and display capacity utilisation per IP, top talkers, etc. This topic comes up from time to t

Re: Traffic Flow Analyzer

I've looked at Akvorado and ElastiFlow. I had issues in getting both of them online, but was able to get ElastiFlow past the line first, so that's what I went with. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Me

Re: Traffic Flow Analyzer

Akvorado is a good flow collector and visualiser, and best of all it’s open-source and free. https://github.com/akvorado/akvorado Regards, Christopher Hawker Get Outlook for iOS From: NANOG on behalf of KARIM MEKKAOUI Sent: Friday, 28 F

Re: Traffic Flow Analyzer

Netflow comes to mind without thinking before I push send. On Thu, Feb 27, 2025, 6:41 PM KARIM MEKKAOUI wrote: > Hi Nanog Community > > We’re looking for a (open source, free, cost effective) tool that is able > to analyze traffic flow coming from a couple of router interfaces and > display capa

Re: REMINDER: Scheduled Maintenance: Mailman Upgrade

Good luck and Godspeed. Thanks for the notice! On Thu, Feb 27, 2025 at 10:01 AM Valerie Wittkop wrote: > Friendly reminder the NANOG Mailman instances are undergoing upgrade and > migration tomorrow… > > Full message below > > ~ Valerie > > > On Feb 20, 2025 at 15:29:50, Valerie Wittkop wrote:

Re: Filtering "Illegal" Video

addreses or domains and their protocol endpoints as > suspected IPTV, and taking actions based on a suspected nature of > traffic with certain endpoints, and Are not blocking or allowing > based on anything reliably known or determined. > > Websites of this nature would often move f

Re: DNS and subdomains

Thanks everyone for the wonderful answers! The thoughts in my head were not aligned with reality ;-) I had a thought similar to what Bill describes, that everywhere there's a dot (.) there's a subdomain. I also had the thought/assumption that the data to the left of the leftmost dot (.) was essent

Re: DNS and subdomains

On Mon, Feb 24, 2025 at 08:58:48PM -0500, Harry Hoffman via NANOG wrote a message of 195 lines which said: > Has this become common practice? Is there a definitive way to determine > subdomains? I seem to recall that "older" dns server software wouldn't > allow this but it could be that my mem

Re: South carolina local fiber providers

Segra is likely going to be one of your best bets… Sent from my iPhone > On Feb 24, 2025, at 6:13 PM, Mehmet wrote: > >  > Hello there > > Looking for local fiber providers in South Carolina for a hyperscale DC > project Located between I-26 and I-85 > > Ideallly these providers can build fi

Re: DNS and subdomains

On Mon, Feb 24, 2025 at 5:58 PM Harry Hoffman via NANOG wrote: > In working with several OSINT sources for domain processing it seems like the > way domains and subdomains are processed essentially equates subdomains with > FQDNs. Hi Harry, I don't understand what you mean. Do you mean how do

Re: DNS and subdomains

Every domain is a subdomain of something else other than the root. access.api.bbc.com is a subdomain of api.bbc.com and a subdomain of bbc.com and a subdomain of com and a subdomain of . (the root). All subdomains are domains. All domains can have subdomains except those that are maximal size a

Re: DNS and subdomains

Most security tools, browsers included, use the boundaries from https://publicsuffix.org/ . While DNS could indicate what is a zone cut and what is not, it's not the only feature that indicates a transition between administrations. Rubens On Mon, Feb 24, 2025 at 10:59 PM Harry Hoffman via NANOG

Re: Filtering "Illegal" Video

V, and taking actions based on a suspected nature of traffic with certain endpoints, and Are not blocking or allowing based on anything reliably known or determined. Websites of this nature would often move frequently, and their classification would quickly be out of date. IP addresses and domain n

Re: Discord folks?

-- Forwarded message - > From: Mark Smith > Date: Thu, Feb 13, 2025 at 4:29 PM > Subject: Re: Discord folks? > To: nanog@nanog.org > > > > I pinged someone who knows someone there. They should be reaching out. > > Just to throw this on the list for searc

Re: Filtering "Illegal" Video

I created a company for that in 2008 at the time there were HADOPI discussions in France. Encryption is not the only problem to solve as you may have only egress or ingress traffic on the box, and you may be connected as a tap and need to inject « resets » to terminate « bad sessions ». In 2009

Re: Paging RIT (Rochester Institute of Technology) network/sytems people

Thank you to everyone who responding on- and off-list, I very much appreciate your help. I'm now in contact with someone at RIT (yay!) and hopefully together we'll be able to straighten all of this out. ---rsk

Re: Noisy prefixes in BGP

Hurricane Electric recently (a few months ago) started measuring repeated announcements, repeated withdrawals, in addition to flapping prefixes. https://bgp.he.net/report/netstats#_flap Stats are organized by prefix, ASN, and peer IP relative to flapping prefixes, repeated announcements, and

Re: Filtering "Illegal" Video

This thread wisely points out the technical reasons the request is difficult, but I think the underlying answer is a bit closer to Brian and Joel's response, which is that it's country-specific. In a fair amount of jurisdictions, there's either a centralized list or apparatus to deal with the requi

Re: Filtering "Illegal" Video

More than one vendor has claimed to be able to do this. I have been under the weather the past week, so I haven't been able to have conversations with the rest. However, the one I talked to more or less has a team whose purpose is to search out the content as if you were a user, build a signatu

Re: Filtering "Illegal" Video

> > Are there platforms out there that can accomplish this with any precision? 'With precision' being the operative phrase, then no. Plenty of stuff out there that can do things in this space, but all of it is brute force or kludgy methods. On Mon, Feb 10, 2025 at 4:00 PM Mike Hammett wrote:

Re: Request for Deployment of Google/YouTube Global Cache Servers in Türkiye (Istanbul, Izmir and Ankara of TURKEI)

This mailing list is not the appropriate avenue for such requests. No idea why you would think it was. Google lays out their process here : https://support.google.com/interconnect/answer/9058809?hl=en On Thu, Feb 20, 2025 at 6:33 PM Volkan SALiH wrote: > *Subject:* Request for Deployment of Go

Re: Filtering "Illegal" Video

On Thu, Feb 20, 2025 at 2:45 PM Christopher Morrow wrote: > On Thu, Feb 20, 2025 at 1:21 PM Kevin McCormick wrote: > > Might want to look at Audible Magic. > > They do identification and filtering of copyrighted content. As far as I know the Audible Magic CopySense box does not exist as a produc

Re: Filtering "Illegal" Video

On 2/20/25 13:44, Christopher Morrow wrote: On Thu, Feb 20, 2025 at 1:21 PM Kevin McCormick wrote: Might want to look at Audible Magic. https://www.audiblemagic.com/ They do identification and filtering of copyrighted content. University I worked at had a box that would identify students p

Re: Filtering "Illegal" Video

On Thu, Feb 20, 2025 at 1:21 PM Kevin McCormick wrote: > > Might want to look at Audible Magic. > > https://www.audiblemagic.com/ > > They do identification and filtering of copyrighted content. > > University I worked at had a box that would identify students pirating > content and would then bl

RE: Filtering "Illegal" Video

Might want to look at Audible Magic. https://www.audiblemagic.com/ They do identification and filtering of copyrighted content. University I worked at had a box that would identify students pirating content and would then black hole their IP addresses. Helped the University avoid receiving and

Re: Paging RIT (Rochester Institute of Technology) network/sytems people

Just pinged them on your behalf. I expect someone will reach out directly to you. Cheers, Harry On Thu, Feb 20, 2025 at 9:07 AM Rich Kulawiec wrote: > I filed an abuse report 11 days ago (Feb 9) and have received no response. > Attempts to follow up by phone using the contact info in ARIN's rec

Re: Noisy prefixes in BGP

sday, February 19, 2025 02:13 To: Geoff Huston Cc: [IIJ] Fontugne Romain; NANOG Subject: Re: Noisy prefixes in BGP On Sun, Feb 09, 2025 at 04:41:05PM +1100, Geoff Huston wrote: >Hi Romain > > We are seeing in RIS data a constant flow of update messages from a few > ASes

RE: Arista filesystem rewinding back 3 years

James wrote: >We've had several SSD failures in Arista devices, I can only assume a bad >batch of SSDs because they were all in a batch of routers ordered and >delivered together. >For us the SSDs dropped into RO mode. >When this happens there are syslog messages to let you know, and if you drop

Re: Arista filesystem rewinding back 3 years

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tuesday, February 18th, 2025 at 21:16, Drew Weaver wrote: > ...I’ve run into quite a strange situation where what shows up in flash: > isn’t the same as what is actually in /mnt/flash on an Arista switch. > > I found out that this was an issu

RE: Arista filesystem rewinding back 3 years

William Herrin wrote: >>I've seen this before with MicroSD cards in a Raspberry Pi. The card stops >>accepting writes but continues to report write success to the OS. On the Pi, >>this eventually shows up as seeming filesystem corruption when blocks are >>flushed and >>then reloaded to the disk

Re: Arista filesystem rewinding back 3 years

On Tue, Feb 18, 2025 at 4:05 PM, William Herrin wrote: > On Tue, Feb 18, 2025 at 12:16 PM Drew Weaver > wrote: > > I found out that this was an issue when I reloaded the switch and the > filesystem looks like it rewound itself to 2022 in Aboot. > > I've seen this before with MicroSD cards in a R

Re: Arista filesystem rewinding back 3 years

On Tue, Feb 18, 2025 at 12:16 PM Drew Weaver wrote: > I found out that this was an issue when I reloaded the switch and the > filesystem looks like it rewound itself to 2022 in Aboot. I've seen this before with MicroSD cards in a Raspberry Pi. The card stops accepting writes but continues to rep

Re: Noisy prefixes in BGP

On Sun, Feb 09, 2025 at 04:41:05PM +1100, Geoff Huston wrote: >Hi Romain > > We are seeing in RIS data a constant flow of update messages from a few > ASes, here is the list of the top prefixes: > > ┌─┬┬──┐ > │ prefix

Re: ICANN verification

On Fri, Feb 14, 2025 at 12:09 PM Warren Kumari wrote: > If you let people know the domain name, you might have more luck — e.g > someone who works at the registrar may look into it, etc. > Also, it seems surprising that this would be an **ICANN** verification > message… Domain providers often

Re: ICANN verification

Because this is mandated by an ICANN policy, a number of registrars send messages with such labels. Notably the wholesale registrars, which have to send those messages but are not the point of sale of the domain. https://lookup.icann.org/ will probably have clues for the original poster to figure

Re: ICANN verification

On Fri, Feb 14, 2025 at 8:26 AM Marco Belmonte via NANOG wrote: > The company I work for owns a domain that was registered by an employee > that no longer works for us and we have been unable to track them down. > 48 hours ago the website at the domain was replaced by an ICANN > verification messa

Re: ICANN verification

If you let people know the domain name, you might have more luck — e.g someone who works at the registrar may look into it, etc. Also, it seems surprising that this would be an **ICANN** verification message… W On Fri, Feb 14, 2025 at 8:48 AM, Marco Belmonte wrote: > The company I work for own

Re: Discord folks?

> I pinged someone who knows someone there. They should be reaching out. Just to throw this on the list for searchability -- I run infrastructure at Discord. I have our traffic team taking a look now and we're corroborating that 304s have increased, but aren't sure yet. Happy to have folks reac

Re: Question about DNS naming conventions

on Wed, Feb 12, 2025 at 08:29:30AM -0500, nanog--- via NANOG wrote: > Please tell the guy whose website says "Internet security & > antispam” to fix HTTPS/TLS on his site: My bad, I dropped support for SSL while waiting for a certificate upgrade and forgot to remove the ssl.conf from sites-enabled

Re: Discord folks?

On 2/13/25 12:17, Drew Weaver wrote: Just replying to myself. I figured out why nobody can get to it. If I go tohttps://discord.com it returns a 304 not modified [guessing a problem with their cloudflare that they are unaware of] but if I go tohttps://discord.com/login? redirect_to=%2Fchannels%2

Re: Question about DNS naming conventions

on Tue, Feb 11, 2025 at 08:30:47PM -0500, John Levine wrote: > There is a great deal of variation in the details of the names beyond the fact > that they embed all or part of the IP address. I know a guy who has collected > a lot of regular expressions to match them. See http://enemieslist.com F

RE: Discord folks?

nanog@nanog.org' Subject: RE: Discord folks? Sorry, I am trying to find someone at the company Discord as nobody on our entire ASN can connect to the web version of their product anymore. Thanks, -Drew From: Ryan Hamel mailto:r...@rkhtech.org>> Sent: Wednesday, February 12, 20

RE: Discord folks?

Sorry, I am trying to find someone at the company Discord as nobody on our entire ASN can connect to the web version of their product anymore. Thanks, -Drew From: Ryan Hamel Sent: Wednesday, February 12, 2025 3:32 PM To: Drew Weaver ; nanog@nanog.org Subject: Re: Discord folks? Hey Drew, To

Re: Question about DNS naming conventions

On Wed, Feb 12, 2025 at 7:53 PM Jack Bates wrote: > Most users don't have any idea and would allow an attacker to compromise > their bank connection if given the choice. The defaults are designed to > protect the majority? I see no issue with the server user deciding that it won't converse with a

Re: Question about DNS naming conventions

On 2/12/2025 2:34 PM, William Herrin wrote: On Wed, Feb 12, 2025 at 9:58 AM Jack Bates wrote: The software has no concept of what the data is Which is why the software shouldn't be making a hard decision about appropriate cryptography. The users on the two ends, the folks who do know what the

Re: Question about DNS naming conventions

On Wed, Feb 12, 2025 at 9:58 AM Jack Bates wrote: > The software has no concept of what the data is Which is why the software shouldn't be making a hard decision about appropriate cryptography. The users on the two ends, the folks who do know what the data is, should have the final say. The softw

Re: Discord folks?

Hey Drew, To clarify, are you referring to NANOG Discord folks, or Discord Inc? Kind regards, Ryan Hamel From: NANOG on behalf of Drew Weaver Sent: Wednesday, February 12, 2025 5:31:04 AM To: nanog@nanog.org Subject: Discord folks? Caution: This is an extern

Re: Question about DNS naming conventions

On 2/12/2025 8:15 AM, William Herrin wrote: And then of course there's the completely fair question of whether it's sensible to forcibly deprecate older security protocols when accessing information that's also offered over fully unencrypted channels. Confidentiality, Integrity AND Availability.

Re: Question about DNS naming conventions

On Wed, Feb 12, 2025 at 5:29 AM nanog--- via NANOG wrote: > Please tell the guy whose website says "Internet security & antispam” to fix > HTTPS/TLS on his site: > > On Feb 12, 2025, at 07:00, nanog-requ...@nanog.org wrote: > > See http://enemieslist.com You were told to use http. It's your own

Re: Question about DNS naming conventions

318 ms 36 signed.bad.horse (162.252.205.157) 311.141 ms 330.010 ms 419.000 ms -T > On Feb 12, 2025, at 07:00, nanog-requ...@nanog.org wrote: > > Message: 6 > Date: 11 Feb 2025 20:30:47 -0500 > From: "John Levine" > To: nanog@nanog.org > Subject: Re: Question about DNS naming c

Re: Question about DNS naming conventions

Am 12.02.25 um 11:24 schrieb Mark Tinka: On 2/12/25 10:32, Thomas Mieslinger via NANOG wrote: "Just" using IATA 3 letter airport codes is not good enough in my opinion because you usally have multiple datacenters/CoLos/PoPs around a bigger airport like MCI or FRA This. We use the IATA 3-lette

Re: Question about DNS naming conventions

On 2/12/25 10:32, Thomas Mieslinger via NANOG wrote: "Just" using IATA 3 letter airport codes is not good enough in my opinion because you usally have multiple datacenters/CoLos/PoPs around a bigger airport like MCI or FRA This. We use the IATA 3-letter city codes, but then also create a

Re: Question about DNS naming conventions

To the best of my knowledge there are two types of PTR/A Records. For dailup prefixes, IPs used for DSL,Cable, etc PTR should be generated and contain the IP to make it easier to block emails from that ranges. For v6 prefixes you will probably want to do this programmatically with e.g. powerdns

Re: Question about DNS naming conventions

It appears that William Herrin said: >On Tue, Feb 11, 2025 at 9:13 AM Joel Sommers wrote: >> What are some of the key use cases for having an A record (or for that >> matter) in which part or all of the address is embedded >in the name? > >server = real DNS name >random end user = DNS name

Re: Noisy prefixes in BGP

Hello, I've been following this thread, and I find it quite interesting. I’m curious if there is an official definition for "noisy prefix" (or perhaps "noisy AS"). Thank you, On 9/2/25 1:01 AM, Romain Fontugne via NANOG wrote: Hi, We are seeing in RIS data a constant flow of update mess

Re: Question about DNS naming conventions

On Tue, Feb 11, 2025 at 9:13 AM Joel Sommers wrote: > What are some of the key use cases for having an A record (or for that > matter) in which part or all of the address is embedded in the name? server = real DNS name random end user = DNS name which embeds the IP address The A record is

Re: Filtering "Illegal" Video

Hi Mike, Although I have never actually tried it, Sandvine does market a piracy solution service. They presented it to me about 2 years ago. Here in Italy the government has "piracy shield" , a platform donated by the A series soccer federation so no conflict of interest at all , to combat piracy

Re: Filtering "Illegal" Video

ay" To: "Mike Hammett" Cc: "NANOG" Sent: Monday, February 10, 2025 5:38:10 PM Subject: Re: Filtering "Illegal" Video On Mon, Feb 10, 2025 at 4:14 PM Mike Hammett wrote: .. > Are there platforms out there that can accomplish this with any precision? the Snort IDS

Re: Filtering "Illegal" Video

On Mon, Feb 10, 2025 at 4:14 PM Mike Hammett wrote: .. > Are there platforms out there that can accomplish this with any precision? the Snort IDS? Any product capable of deep packet inspection that can be plugged into a Tap or SPAN port. Many network-based IDS would allow you to write custom

Re: Filtering "Illegal" Video

All of this communication typically takes place over encrypted TLS. I don't see how you can determine what is "illegal" or what is not illegal without some sort of TLS intercept going on, which no one is going to stand for. Identifying content without introspection is just going to not work at all

Re: Noisy prefixes in BGP

On 2025-02-09 07:43, James Bensley wrote: * There are no knobs in existing BGP implementations to detect and limit this behaviour in anyway. 100% agreed. Looked into this a couple weeks ago on our $VENDOR_C gear, and we saw the prefixes Romain mentioned as well as many others in Geoff's repo

Re: Noisy prefixes in BGP

I'm escalating this internally. I hope to have this resolved asap. - Jared On Sun, Feb 09, 2025 at 04:41:05PM +1100, Geoff Huston wrote: >Hi Romain > > We are seeing in RIS data a constant flow of update messages from a few > ASes, here is the list of the top prefi

Re: Noisy prefixes in BGP

half of Philip Smith Date: Monday, 10 February 2025 at 6:32 AM To: James Bensley Cc: NANOG Subject: Re: Noisy prefixes in BGP I guess all we can do is keep highlighting the problem (I highlight Geoff's BGP Update report almost every BGP Best Practice training I run here in AsiaPac, for e

RE: Noisy prefixes in BGP

riginal Message- From: NANOG On Behalf Of Romain Fontugne via NANOG Sent: Sunday, February 9, 2025 22:15 To: James Bensley ; NANOG ; Geoff Huston Subject: Re: Noisy prefixes in BGP Thanks James, great tool, I have bookmarked that. It has amazing examples of how absurd announcements

Re: Noisy prefixes in BGP

Date: Monday, 10 February 2025 at 6:32 AM To: James Bensley Cc: NANOG Subject: Re: Noisy prefixes in BGP I guess all we can do is keep highlighting the problem (I highlight Geoff's BGP Update report almost every BGP Best Practice training I run here in AsiaPac, for example) - but how to make

Re: Noisy prefixes in BGP

ge of reasons like a flapping link, or a redistribution issue. * Sometimes there is a software bug in BGP which re-transmits the update as fast as TCP allows. Here is an example prefix in a daily report, which was present in 4M updates, from a single peer of a single route collector: https://githu

Re: Noisy prefixes in BGP

hi james > I recall there was a conversation either here on NANOG or maybe it was > at the IETF, within the last few years, about different NOSes that > were / were not correctly identifying route updates received with no > changes to the existing RIB entry, and [not] forwarding the update > onwar

Re: [nanog] Noisy prefixes in BGP

AS36183 I > guess it is something worth looking at. > > Romain > > > From: Geoff Huston > Sent: Sunday, February 9, 2025 14:41 > To: [IIJ] Fontugne Romain > Cc: NANOG > Subject: Re: Noisy prefixes in BGP > > Hi Romain > > > We are s

Re: Noisy prefixes in BGP

reasons like a flapping link, or a redistribution issue. * Sometimes there is a software bug in BGP which re-transmits the update as fast as TCP allows. Here is an example prefix in a daily report, which was present in 4M updates, from a single peer of a single route collector: https://github.com/DFZ

Re: [nanog] Noisy prefixes in BGP

Thanks Aaron! Romain From: Block, Aaron Sent: Monday, February 10, 2025 03:58 To: [IIJ] Fontugne Romain Cc: Geoff Huston; NANOG Subject: Re: [nanog] Noisy prefixes in BGP Hello, We are looking into this issue. Thank you, Aaron Block --- Aaron

Re: Noisy prefixes in BGP

Thanks James, great tool, I have bookmarked that. It has amazing examples of how absurd announcements can be sometimes. Romain From: James Bensley Sent: Sunday, February 9, 2025 22:43 To: NANOG; [IIJ] Fontugne Romain; Geoff Huston Subject: Re: Noisy

Re: Noisy prefixes in BGP

y, February 9, 2025 14:41 To: [IIJ] Fontugne Romain Cc: NANOG Subject: Re: Noisy prefixes in BGP Hi Romain We are seeing in RIS data a constant flow of update messages from a few ASes, here is the list of the top prefixes: ┌─┬┬──┐ │

Re: Noisy prefixes in BGP

Hi Romain > > We are seeing in RIS data a constant flow of update messages from a few ASes, > here is the list of the top prefixes: > > ┌─┬┬──┐ > │ prefix│ origin_asn │ num_announce │ > │ varchar │ varchar │int64 │

Re: Reliable GeoIP database

Sometimes it just because they have to announce to another region without changing IRR. They are a lot of geolocation database, but only ipip and ipinfo can correct the geolocation based on BGP routing information. I'm assuming ipinfo is doing some scan, if the subnet have too many open 22 or 443

Re: Use of NPTv6 in a mobile service provider network

On Feb 4, 2025, at 12:26, Amos Rosenboim wrote: What other problems do you anticipate ? All the issues mentioned earlier in this thread. There are multiple techniques available to ameliorate the side-effects of aggressive scanning in a network using NAT64/DNS64 with 464XLAT.

Re: Use of NPTv6 in a mobile service provider network

t many times, over the years. Networks which were suboptimally designed in this fashion were either completely re-designed in order to be scalable and resilient, removing unnecessary and harmful state; were acquired and their brittle, fragile, non-scalable state-ridden infrastructure was decom

Re: Use of NPTv6 in a mobile service provider network

On 2/3/25 15:14, Amos Rosenboim via NANOG wrote: Even with IPv6, many of the operators I know of do not allow internet initiated traffic towards their subscribers. Address translation is not required for this function. A stateless ACL can do a lot to limit it especially combined with assignin

Re: Use of NPTv6 in a mobile service provider network

My CGNat domains for resi bb (dsl, cm, ftth) for IPv4 were created years ago as MPLS-based L3VPN's.  I've tested and proven an architecture where by which, I advertise another BGP RT and allow the IPv6 dual stacked portion to "flow around" the CGNat boundary and naturally route out to the Inter

Re: Use of NPTv6 in a mobile service provider network

as played out many times, over the years.  Networks which were suboptimally designed in this fashion were either completely re-designed in order to be scalable and resilient, removing unnecessary and harmful state; were acquired and their brittle, fragile, non-scalable state-ridden infrastructure was

Re: Use of NPTv6 in a mobile service provider network

On Feb 4, 2025, at 03:14, Amos Rosenboim wrote: As much as I love to be a network purist who hates state maintenance in the core of the network, the sad reality is that these devices are there and will remain there for the foreseeable future. Not on reliable, resilient networks of any signifi

Re: Use of NPTv6 in a mobile service provider network

walls in front of a population of Internet > broadband clients is a Very Bad Idea. DDoS attacks are attacks agains > capacity and/or state; and outbound/crossbound attacks can be just as > disruptive as inbound attacks. > > This precise scenario has played out many times, over t

Re: Use of NPTv6 in a mobile service provider network

which were suboptimally designed in this fashion were either completely re-designed in order to be scalable and resilient, removing unnecessary and harmful state; were acquired and their brittle, fragile, non-scalable state-ridden infrastructure was decommissioned; or went out of business. The

Re: Reliable GeoIP database

On Mon, 3 Feb 2025, Scott Q. wrote: What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences. For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https

  1   2   3   4   5   6   7   8   9   10   >