Re: RPKI for dummies

2020-08-24 Thread John Kristoff
On Sun, 23 Aug 2020 12:40:19 + Dovid Bender wrote: > Ok. So here is another n00b question. Why don't we have something > where when we advertise IP space we also pass along a cert [...] Take a look at: Stephen Kent, Charles Lynn, and Karen Seo. 2000. Secure border gateway protocol (S-BG

Re: RPKI for dummies

2020-08-24 Thread Robert Raszuk
John, > Two precursors to the system we have today. I would not say that either S-BGP nor so-BGP were precursors to BGP origin validation ( I am assuming this is what you are referring to as "system we have today"). If I recall, securing BGP and validating src ASN were independent projects both

Re: RPKI for dummies

2020-08-24 Thread John Kristoff
On Mon, 24 Aug 2020 13:01:15 + Robert Raszuk wrote: > I would not say that either S-BGP nor so-BGP were precursors to BGP > origin validation ( I am assuming this is what you are referring to > as "system we have today"). I would consider origin validation as just one application of the syst

Re: RPKI for dummies

2020-08-24 Thread Robert Raszuk
Sure thing :) Btw my point was to avoid the potential impression that origin validation brings any real security to bgp. Cheers, R. On Mon, Aug 24, 2020 at 3:12 PM John Kristoff wrote: > On Mon, 24 Aug 2020 13:01:15 + > Robert Raszuk wrote: > > > I would not say that either S-BGP nor so-

Re: RPKI for dummies

2020-08-24 Thread Rayhaan Jaufeerally (NANOG)
[sorry if you're getting this twice, I accidentally sent from the wrong address and it was rejected from the list] Hi Dovid, BGPSEC (as specified in RFC8205 ) is the next level of routing security which provides the kind of in-band guarantees that you describe.

Re: Ipv6 help

2020-08-24 Thread Roman Tatarnikov
I've been looking into implementing 646XLAT, however I found the problem ends up with clients' routers. When you give them Ethernet cable that has internet on it, whatever it gets plugged into must support CLAT in order for 646XLAT to work. I was not able to find any small devices that support

Re: atmark trading

2020-08-24 Thread Positively Optimistic
This thread is equally spammish. No one cares. On Sat, Aug 22, 2020 at 16:54 Bryan Holloway wrote: > It's not sales; it's some dumb mailing list managed by "Soundest", which > > is now owned by "Omnisend", which sounds even less fun than its > predecessor. > > > > Atmark's web-site has no contac

ROA coverage info

2020-08-24 Thread Fabiano D'Agostino
Hi all, I would like to ask you if there is some information about ROA coverage of IPv4/v6 address space in the different RIRs. Thanks in advance. Regards, Fabiano

Re: RPKI for dummies

2020-08-24 Thread Randy Bush
> Some might suggest that a lot of time was spent debating how to do it > with little actual progress or experimentation done. this is the internet. some have suggested pretty much anything. for the historians in the audience, the first s-bgp, what we would now call testathon i guess, was held a

Re: ROA coverage info

2020-08-24 Thread Nathalie Trenaman
Hi Fabiano, Is this what you are looking for? https://stat.ripe.net/widget/rpki-by-trust-anchor Cheers, Nathalie Trenaman RIPE NCC > Op 24 aug. 2020, om 15:21 heeft Fabiano D'Agostino > het volgende geschreven: > > Hi all, > I would like to

Re: ROA coverage info

2020-08-24 Thread Aftab Siddiqui
+1 to RIPE stats. Here is from NLnet labs: https://www.nlnetlabs.nl/projects/rpki/rpki-analytics/ Regards, Aftab A. Siddiqui On Tue, 25 Aug 2020 at 00:46, Nathalie Trenaman wrote: > Hi Fabiano, > > Is this what you are looking for? > https://stat.ripe.net/widget/rpki-by-trust-anchor > > Chee

Re: ROA coverage info

2020-08-24 Thread Di Ma
FYI https://www.nro.net/wp-content/uploads/rpki-uploads/rir-adoption.txt Di > 2020年8月24日 21:21,Fabiano D'Agostino 写道: > > Hi all, > I would like to ask you if there is some information about ROA coverage of > IPv4/v6 address space in the different RIRs. > > Thanks in advance. > > Regards,

Re: ROA coverage info

2020-08-24 Thread Rayhaan Jaufeerally (NANOG)
There's also this site run by NIST: https://rpki-monitor.antd.nist.gov/ which contains further breakdowns On Mon, Aug 24, 2020 at 4:46 PM Nathalie Trenaman wrote: > Hi Fabiano, > > Is this what you are looking for? > https://stat.ripe.net/widget/rpki-by-trust-anchor > > Cheers, > Nathalie Trenam

Re: 00:aa:bb:01:23:45

2020-08-24 Thread Tom Hill
On 20/08/2020 09:53, Baldur Norddahl wrote: > > By accident I noticed several of my VPLS instances have > 00:aa:bb:01:23:45 in the MAC table. We never sent anything just received > a little traffic from that. Obviously not a real MAC address so I tried > to search Google for it. I find several hit

Re: Ipv6 help

2020-08-24 Thread JORDI PALET MARTINEZ via NANOG
You probably mean 464XLAT Ask you vendors. They should support it. Ask for RFC8585 support, even better. If they don't do, is because they are interested only in selling new boxes ... just something to think in the future about those vendors. I can tell you that many vendors now support or

Get ready to hack!

2020-08-24 Thread NANOG News
Join many of the brightest minds in our community at the NANOG 80 Virtual Hackathon. Our first all-virtual hackathon kicks off Saturday, October 17 at 1:00 pm EDT — the weekend before the NANOG 80 conference. As always, participation is free, and open to a

Mail rejected at secureserver.net/godaddy any contacts over there?

2020-08-24 Thread Drew Weaver
I've attempted to contact them using their form but I feel as though I am stuck in a loop with their diligent and no doubt hard working staff they have manning that post. Can anyone put me into contact with someone that can answer a few questions? Thanks, -Drew

Re: Mail rejected at secureserver.net/godaddy any contacts over there?

2020-08-24 Thread Miles Fidelman
I've found that GoDaddy tech support is amazingly good, and responsive.  If you're a customer, of course (and it's kind of hard not to be these days).  Maybe just call their 800 number. Miles Fidelman On 8/24/20 12:57 PM, Drew Weaver wrote: I’ve attempted to contact them using their form but

Orange : Propagating Bogus Saudi Telecom Announcement

2020-08-24 Thread Tom Beecher
Saudi Telecom ( AS 39386 ) is currently announcing Equinix NY9's IX prefix, and Orange is gladly sharing that for the world to see. Zayo : You might want to not be using that either when you're directly connected to that exchange. :) *Router:* New York, NY *Command:* show route protocol bgp table

Re: Orange : Propagating Bogus Saudi Telecom Announcement

2020-08-24 Thread John Von Essen
Nice find Tom… > On Aug 24, 2020, at 3:11 PM, Tom Beecher wrote: > > Saudi Telecom ( AS 39386 ) is currently announcing Equinix NY9's IX prefix, > and Orange is gladly sharing that for the world to see. > > Zayo : You might want to not be using that either when you're directly > connected t

Re: Orange : Propagating Bogus Saudi Telecom Announcement

2020-08-24 Thread Richard Porter
https://twitter.com/millionaire_xrp/status/1297952306357567488?s=10 Related? reports of outages at Chase? On Mon, Aug 24, 2020 at 2:13 PM Tom Beecher wrote: > Saudi Telecom ( AS 39386 ) is currently announcing Equinix NY9's IX > prefix, and Orange is gladly sharing that for the world to see. >

Re: Orange : Propagating Bogus Saudi Telecom Announcement

2020-08-24 Thread Tom Beecher
Maybe. Would be for someone at Zayo to comment on. Looks like 39386 has been ( and still is ) announcing the NY9 prefix since early June. ( Fix your filters, please. ) Not sure if Zayo is having an issue by which they would have started using the route via ST all of a sudden. In any event, Orang