00:aa:bb:01:23:45

2020-08-20 Thread Baldur Norddahl
Hello By accident I noticed several of my VPLS instances have 00:aa:bb:01:23:45 in the MAC table. We never sent anything just received a little traffic from that. Obviously not a real MAC address so I tried to search Google for it. I find several hits with apparently ADSL users doing pppd (wh

Re: 100g PCS Errors

2020-08-20 Thread Mark Tinka
On 20/Aug/20 08:16, Saku Ytti wrote: > On QSFP28 devices I would recommend always when possible run RS-FEC. > By default LR4 doesn't run it, but the added value is fantastic. You > will immediately during turn-up know if circuit works or not, without > any ping testing or live traffic. You will

RPKI for dummies

2020-08-20 Thread Dovid Bender
Hi, I am sorry for the n00b question. Can someone help point me in the right direction to understand how RPKI works? I understand that from my side that I create a key, submit the public portion to ARIN and then send a signed request to ARIN asking them to publish it. How do ISP's that receive my

Re: RPKI for dummies

2020-08-20 Thread Fabien VINCENT (NaNOG) via NANOG
Hi, In fact, RPKI does nothing about AS Path checks if it's your question. RPKI is based on ROA where signatures are published to guarantee you're the owner of a specific prefix with optionnal different maxLength from your ASN. So if the question is about if RPKI is sufficient to secure the

Re: Boston Telecom Hotels

2020-08-20 Thread Neil Hanlon
I will be there tomorrow afternoon & will see what I can do. On Wed, Aug 19, 2020 at 4:35 PM Jason Kuehl wrote: > One Summer is overdue for its annual fire. > > On Wed, Aug 19, 2020 at 4:14 PM Rod Beck > wrote: > >> Does everyone agree that the 4 most important data centers are 1 Summer, >> Cor

Re: RPKI for dummies

2020-08-20 Thread Dovid Bender
Fabien, Thanks. So to sum it up there is nothing stopping a bad actor from impersonating me as if I am BGP'ing with them. It's to stop any other AS other then mine from advertising my IP space. Is that correct? How is verification done? They connect to the RIR and verify that there is a cert sign

AT&T NOC Contact Info

2020-08-20 Thread Brian Pierce
Hello Everyone, Does anyone have reliable contact info for AT&T DirecTV NOC Support? Everything I'm finding appears to be out of date. Thanks, Brian Pierce Network Technician bpie...@consolidated.coop Consolidated Cooperative consolidated.coop

Re: RPKI for dummies

2020-08-20 Thread Eric Dugas via NANOG
Here's some more literature: https://blog.cloudflare.com/rpki-and-the-rtr-protocol/ Eric On Aug 20 2020, at 10:00 am, Dovid Bender wrote: > Fabien, > > Thanks. So to sum it up there is nothing stopping a bad actor from > impersonating me as if I am BGP'ing with them. It's to stop any other AS

Re: RPKI for dummies

2020-08-20 Thread Fabien VINCENT (NaNOG) via NANOG
If the other AS announce the same resource, AS Path Length should be perhaps longer will prefix length is the same. RPKI is just here to secure resource announcement verification (ROV). Nothing more in my own opinion. You could read this RFC for RPKI OPs : https://tools.ietf.org/html/rfc7115.h

Re: RPKI for dummies

2020-08-20 Thread John Kristoff
On Thu, 20 Aug 2020 13:20:53 + Dovid Bender wrote: > How do ISP's that receive my advertisement (either directly from me, > meaning my upstreams or my upstreams upstream) verify against the > cert that the advertisement is coming from me? Nothing about your BGP announcements needs to change.

Re: RPKI for dummies

2020-08-20 Thread Tom Beecher
ROA = Route Origin Authorization . Origin is the key word. When you create an signed ROA and do all the publishing bits, RPKI validator software will retrieve that , validate the signature, and pass that up to routers, saying "This prefix range that originates from this ASN is valid." Then, any BG