Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

:) probably the longest prepend in the world. A thought though, is it breaking any standard or best practice procedures? Regards Paschal Masha | Engineering Skype ID: paschal.masha - Original Message - From: "Erik Sundberg" To: "nanog" Sent: Friday, March 25, 2022 6:43:38 AM Subject:

Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

Paschal Masha writes: > :) probably the longest prepend in the world. > > A thought though, is it breaking any standard or best practice procedures? Don't think so. But there is this draft suggesting max 5: https://datatracker.ietf.org/doc/draft-ietf-grow-as-path-prepending/ Bjørn

Cogent pulled out of Russia based on risk analysis

Confirmation from their CEO that Cogent shut down service in Russia due to increased use of the connections for cyberattacks, and because only $10m in rev came from Russia. Cogent had no equipment in Russia. Details: https://youtu.be/l_x2LQZOzF8 Ms. Lady Benjamin PD Cannon of Glencoe, ASCE 6x7

Re: Cogent pulled out of Russia based on risk analysis

Timestamp? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Lady Benjamin Cannon of Glencoe, ASCE" To: "NANOG Group" Sent: Friday, March 25, 2022 7:37:22 AM Subject: Cogent pulled out

Re: Cogent pulled out of Russia based on risk analysis

https://www.youtube.com/watch?v=l_x2LQZOzF8&t=500s Rubens On Fri, Mar 25, 2022 at 9:51 AM Mike Hammett wrote: > > Timestamp? > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > > Fr

Re: Cogent pulled out of Russia based on risk analysis

Yesterday. Video of CEO is in my OP. -LB Ms. Lady Benjamin PD Cannon of Glencoe, ASCE 6x7 Networks & 6x7 Telecom, LLC CEO b...@6by7.net "The only fully end-to-end encrypted global telecommunications company in the world.” ANNOUNCING: 6x7 GLOBAL MARITIME

Re: V6 still not supported

Owen DeLong via NANOG wrote: > When your ISP starts charging $X/Month for legacy protocol support Out of interest, how would this come about? - Jared

MAP-T (was: Re: V6 still not supported)

Most IPv6 transition mechanisms involve some form of (CG)NAT. After watching a NANOG presentation on MAP-T, I have a question regarding this. Why isn't MAP-T more prevalent, given that it is (almost) stateless on the provider side? Is it CPE support, the headache of moving state to the CPE, ven

Re: IPv6 "bloat" history

On 3/23/22 2:25 AM, Masataka Ohta wrote: William Allen Simpson wrote:   6) The Paul Francis (the originator of NAT) Polymorphic Internet Protocol (PIP) had some overlapping features, so we also asked them to merge with us (July 1993).  More complexity in the protocol header chaining.

Re: Cogent pulled out of Russia based on risk analysis

8m20s. On Fri, Mar 25, 2022 at 8:54 AM Mike Hammett wrote: > Timestamp? > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > -- > *From: *"Lady Benjamin Cannon of Glencoe, ASCE" > *To:

IPvB translation header

This was the IPvB (nee original IPv6) *translation* header. Note that it was cleverly designed to translate from IPv4. Most of the fields are in exactly the same place. Especially, the 32-bit Source IP address is in exactly the same place, hoping that filters could operate on both stacks. We we

Re: ISP data collection from home routers

That link is more reflective of the FCC circa 2011. More recent actions taken by the FCC under Pai had weakened consumer protections for data collected by ISPs and was reflected in multiple news articles from 2017-2019. https://en.wikipedia.org/wiki/2017_Broadband_Consumer_Privacy_Proposal_repea

Re: ISP data collection from home routers

I think that if the end user at signed contract agreed with this data collecting and also if there's a mechanism that the same user could deny the data collection, its look fine to me, there's compliant here in Brazil with LGPD (our variant from GDPR) and i think that users could see it as a "p

Re: ISP data collection from home routers

Hi Giovane On 24.03.22 11:43, Giovane C. M. Moura via NANOG wrote: Hello there, Several years ago, a friend of mine was working for a large telco and his job was to detect which clients had the worst networking experience. To do that, the telco had this hadoop cluster, where it collected _to

Re: ISP data collection from home routers

You're statement seems to imply that if someone publicizes certain personal data on Facebook that they shouldn't care about any other data being collected any other entity, do I have that right? While I agree that many consumers don't place much value on their own data, resulting in them not pa

Re: ISP data collection from home routers

On 2022-03-24 10:04 a.m., Giovane C. M. Moura via NANOG wrote: They can easily profile you and know when you're at home, and when you're gone. Some people may find this interesting... To have a really meaningful discuss on the privacy implications, we would need to see the data model, and the

Re: V6 still not supported

This huge conversation has been fun to follow. I like my IPv6 transition plan: Instead of moving the mountains and breaking my back to migrate (by myself) my ENTIRE not-so-small organization to IPv6, I keep things going on IPv4 relatively burden-less to my organization till I retire. Then th

RE: MAP-T (was: Re: V6 still not supported)

Hi Jared, Theoretically, MAP is better. But 1. Nobody has implemented it for the router. The code for the CGNAT engine gives the same cost/performance. No promised advantage from potentially stateless protocol. 2.MAP needs much bigger address space (not everybody has) because: a) powered-off sub

IPvB performance header

This was the IPvB (nee original IPv6) *performance* header. We required that each IP variant have its own link layer designation. Therefore, the IP version number wasn't needed. We could simply set two upper bits to a value (0) that would distinguish it from every extant IP version. Also, many

Re: ISP data collection from home routers

Most end users (at least in the US) don't have a choice as many jurisdictions have sold a franchise (monopoly) to one provider. Either they sign or they don't get internet. Perhaps 5G will broaden the number of providers end users can choose from, and not be forced into this kind of contract.

Re: ISP data collection from home routers

Not sure why they are different; most ISPs are not a pure play and can use that data for other aspects of their business that you may not have agreed to (e.g. Verizon FiOS feeding to Verizon Wireless). Comcast/NBC, etc. pj capelli pjcape...@pm.me No one can build you the bridge on which you, a

Re: IPv6 "bloat" history

On 3/23/22 2:25 AM, Masataka Ohta wrote: William Allen Simpson wrote: Neighbor Discovery is/was agnostic to NBMA.  Putting all the old ARP and DHCP and other cruft into the IP-layer was my goal, so that it would be forever link agnostic. To make "IP uber alles", link-dependent adaptation mec

Let's Focus on Moving Forward Re: V6 still not supported

Dear Owen: 0)    You rapid fired a few posts in succession yesterday. Some are interesting and crucial views that I would like to follow-up on. I will start from quoting the earlier ones. I hope that I am picking up the correct leads. 1)    " ... 240/4 is way more effort than its proponents

Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

On Fri, Mar 25, 2022 at 11:08:01AM +0300, Paschal Masha wrote: > :) probably the longest prepend in the world. > > A thought though, is it breaking any standard or best practice procedures? Many popular BGP implementations have historically had weaknesses with excessively long AS-paths. Best pra

Re: Let's Focus on Moving Forward Re: V6 still not supported

1) please join the list properly and stop replying to the digests. (note there have been many folks asking you to do this, disconnected message/new-threads are super super super annoying and remove the parts of the discussion from a coherent thread) On Fri, Mar 25, 2022 at 12:25 PM Abraham Y. Chen

Weekly Global IPv4 Routing Table Report

This is an automated weekly mailing describing the state of the Global IPv4 Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG. Daily listings are sent to bgp-st...

Re: WP: Russian military behind hack of satellite communication devices

Point to multipoint / TDMA contended access VSAT hub and CPE networks are well known for not having much security. In many setups the remote CPE modems, which are built from a fairly cheap BOM of hardware, implicitly trust the hub linecard. Have seen this with 3 different vendors' platforms. I'd b

Re: A straightforward transition plan (was: Re: V6 still not supported)

On 25 Mar 2022, at 2:27 PM, Philip Homburg wrote: > >> If by ?straightforward transition plan? one means a clear and rational set >> of >> options that allows networks to plan their own migration from IPv4-only to >> IPv >> 6, while maintaining connectivity to IPv4-only hosts and with a level

Re: WP: Russian military behind hack of satellite communication devices

On Fri, 25 Mar 2022, Eric Kuhnke wrote: I'd be willing to bet that this was either a malicious firmware push that was applied to the CPEs without proper authentication methods being in place, such as CPEs being able to verify a crypto key signed firmware signature, or a configuration file pushed

Re: V6 still not supported

Hello Phil The only far ressemblance with 6to4 is the thing that was actually nice in the design, the automatic word in automatic tunnel. Which for the rest of us means stateless. Compared to CGNATs that is huge. Beyond that the proposal is not a tunnel and more akin to a nat64 since it allows

Re: ISP data collection from home routers

On 3/24/22 12:53 PM, Tom Beecher wrote: You don't even have to use their equipment. My provider at home is Charter / Spectrum. I own my own cable modem  / router ,they have no equipment in my home. Their privacy policy is pretty standard. Essentially : - Anything they can see that I transmit

Re: V6 still not supported

On Fri, Mar 25, 2022 at 02:30:26PM +0100, Jared Brown wrote: > Owen DeLong via NANOG wrote: > > When your ISP starts charging $X/Month for legacy protocol support > > Out of interest, how would this come about? It already happens, more along the lines of "Business Class" vs. "Residential Class".

Re: ISP data collection from home routers

Sounds good to me. Solve the end-user problems, since they don't have the ability or care to do it themselves and doing so manually has too much latency and doesn't scale. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com --

Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

On Fri, 25 Mar 2022 at 17:32, Joe Provo wrote: > That said, prepending pretty much anything more than your current view > of the Internet's diameter in ASNs is useless in practice. > That is one way of viewing it. But prepending can also be used for traffic engineering. I could prepend 1 to my f

Re: ISP data collection from home routers

" They can easily profile you and know when you're at home, and when you're gone." And? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Giovane C. M. Moura via NANOG" To: "Josh Luthm

Re: MAP-T (was: Re: V6 still not supported)

The cost of deploying MAP in CPEs is a bit higher than 464XLAT, which is not an issue anyway. There are several open source implementations for both of them. It is true that MAP avoids state in the network, however, it means higher "cost" for users in terms of restrictions of ports. It also mean

Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

The best practice with regards to as_path length is to have an edge filter that dumps any prefix with a length longer than say 10. Depending on the situation, might even be able to go smaller. At a certain point, keeping that route around does nothing for you, just shoot it and ride the 0/0 train.

Re: ISP data collection from home routers

> > Even if you own your modem, the DOCSIS specs require that it be > completely controlled by the MSO, right? > Pretty sure that's correct, yes. On Fri, Mar 25, 2022 at 4:47 PM Michael Thomas wrote: > > On 3/24/22 12:53 PM, Tom Beecher wrote: > > You don't even have to use their equipment. My

Re: ISP data collection from home routers

" Most end users (at least in the US) don't have a choice as many jurisdictions have sold a franchise (monopoly) to one provider. Either they sign or they don't get internet." That's not true. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http:

RE: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

Tom, how exactly does someone “ride the 0/0” train in the DFZ? I’m connected to both commercial internet and NREN, and unfortunately-long paths are not uncommon in this scenario, in order to do traffic steering. If there’s another solution that affects global inbound traffic distributions, I’d

RE: MAP-T (was: Re: V6 still not supported)

The best MAP discussion (really rich in details) is from Richard Patterson. Sky has implemented green field FBB in Italy. He did many presentations in different places. This one should be looked from 00:37 to 1:09 https://www.ripe.net/participate/meetings/open-house/ripe-ncc-open-house-ipv6-only-

Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

Ask your upstream providers for a BGP community tag that lowers localpref below 100 within their network. Set that community tag on any backup routes along with your (moderate) path prepending. The backup upstream will then install that route only if there is no other way to get to your AS. Th

Re: ISP data collection from home routers

yes, because otherwise the contention (it's a shared access media, after all) and RF channel bonding/allocation wouldn't work. Configuration depends on what the exact CMTS configuration is on your last mile coax segment. however it's also possible to have the cable MSO push an update to cablemodem

TIMELY - IMPORTANT NOTICE - Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022

NANOGers - Please take note of the following event that will take place in less than 10 days time - ARIN will shut down the ARIN-NONAUTH IRR database on Monday, 4 April 2022 at 12:00 PM ET Any networks relying on upon routing objects in the ARIN-NONAUTH IRR database should be actively working

Re: V6 still not supported

> On Mar 24, 2022, at 21:18 , James R Cutler > wrote: > > On Mar 24, 2022, at 9:25 PM, Owen DeLong via NANOG > wrote: >> >> I think that we’re still OK on allocation policies. What I’d like to see is >> an end to the IPv4-think in large ISPs, such as Comcast’s contin

Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

On Fri, Mar 25, 2022 at 2:59 PM Adam Thompson wrote: > Tom, how exactly does someone “ride the 0/0” train in the DFZ? > It's not so much "ride the 0/0 train" as much as it is "treat excessive prepends as network-unreachable" Think of prepends beyond say 10 prepends as a way to signal "infinite"

Re: V6 still not supported

> On Mar 25, 2022, at 06:30 , Jared Brown wrote: > > Owen DeLong via NANOG wrote: >> When your ISP starts charging $X/Month for legacy protocol support > > Out of interest, how would this come about? ISPs are facing ever growing costs to continue providing IPv4 services. Likely they will ev

Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

Hi Matthew and NANOG, I don't want to defend prepending 255 times, and can understand filtering of extra-prepended-announcements, but I think Matthew may not be correct here: > Anyone that is prepending to do traffic engineering is > doing *differential* prepending; that is, a longer number > of

Re: Let's Focus on Moving Forward Re: V6 still not supported

**  Resend to go through NANOG ** On 2022-03-25 12:24, Abraham Y. Chen wrote: Dear Owen: 0)    You rapid fired a few posts in succession yesterday. Some are interesting and crucial views that I would like to follow-up on. I will start from quoting the earlier ones. I hope that I am p

Re: Let's Focus on Moving Forward Re: V6 still not supported

* Resend to go through NANOG On 2022-03-25 12:24, Abraham Y. Chen wrote: Dear Owen: 0)    You rapid fired a few posts in succession yesterday. Some are interesting and crucial views that I would like to follow-up on. I will start from quoting the earlier ones. I hope tha

Re: V6 still not supported R: 202203232156.AYC

** Resend to go through NANOG *** On 2022-03-23 23:11, Abraham Y. Chen wrote: Dear Pascal: 1)    "   Did you propose this work at a WG in Vienna this week?  ":    No, but I was invited to be a coauthor of a HuaWei study comparing addressing schemes that was presented there. S

Re: V6 still not supported Re: 202203231017.AYC

*** Resend to go through NANOG On 2022-03-23 11:59, Abraham Y. Chen wrote: Dear Pascal: 0)    So glad to see your recount of the history and the analysis! 1)    We have recently formulated a proposal called EzIP (Phonetic for Easy IPv4) that is very much along the line o

Re: Let's Focus on Moving Forward Re: V6 still not supported

> On Mar 25, 2022, at 18:47 , Abraham Y. Chen wrote: > > ** Resend to go through NANOG ** > > > On 2022-03-25 12:24, Abraham Y. Chen wrote: >> Dear Owen: >> >> 0)You rapid fired a few posts in succession yesterday. Some are >> interesting and crucial views that I would like to

Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

On Fri, Mar 25, 2022 at 6:19 PM Amir Herzberg wrote: > Hi Matthew and NANOG, > > I don't want to defend prepending 255 times, and can understand filtering > of extra-prepended-announcements, but I think Matthew may not be correct > here: > >> Anyone that is prepending to do traffic engineering is