It is likely that level3 is aggregating your route, but tw can't. Longest match
wins.
--
Jakob Heitz.
> Date: Wed, 29 Jan 2014 03:32:17 -0800
> From: Joseph Jenkins
>
> I am seeking some feedback/help with my BGP configuration. I am peering with
> two pro
t;
> The main factor for fiber over copper in data centers is all
> about cost.
> Most servers include copper connections and fiber costs
> something extra.
> For switches, the cost of the optics is significant. Fiber does help
> prevent damage due to surges or electrical faults but if these are a
> problem in your datacenter you have bigger fish to fry.
>
> Steven Naslund
--
Jakob Heitz.
That's evil.
Charge what it costs to provide each service.
If and when it costs more to provide IPv4 service (and only then), then charge
more for it.
I imagine in a few years the tradeoff: IPv6 has less connectivity (IPv4 clients
can't reach you), but IPv4 is more expensive (pay for the addres
> Date: Mon, 17 Jun 2013 22:04:52 -0600
> From: Phil Fagan
> ... you could always
> thread the crap out of whatever it is your transactioning across the link
> to make up for TCP's jackknifes...
What is a TCP jackknife?
Cheers.
Jakob.
.1697 | F: 407.284.6681 | frei...@presidio.com
> CCIE 23812, CISSP 107125, HP MASE, TPCSE 2265
>
>
>
>
> On 6/18/13 9:20 AM, "Jakob Heitz" wrote:
>
>>> Date: Mon, 17 Jun 2013 22:04:52 -0600
>>> From: Phil Fagan
>>> ... you could
ding hardware is generally going to be the limit, and
> that's going to be painful enough as we approach a half million
> prefixes.
>
> You couldn't even consider such a thing until after that pain
> point.
>
> --msa
There are techniques to fix that. For example, Simple Virtual Aggregation
http://tools.ietf.org/html/rfc6769
--
Jakob Heitz.
contained just useful stuff.
--
Jakob Heitz.
Date: Sat, 25 Jan 2014 18:37:42 +
From: Nick Hilliard
To: Sebastian Spies , nanog@nanog.org
Subject: Re: Route Server Filters at IXPs and 4-byte ASNs
Message-ID: <52e40476.20...@foobar.org>
Conten
A use case for a longer prefix with the same nexthop:
F
/ \
D E
| |
B C
\ /
A
Suppose A is a customer of B and C.
B has a large address space: 10.1.0.0/16.
B allocates a subset to A: 10.1.1.0/24.
B advertises the longer prefix to its backup provider C.
C propagates it to E and
case, or something else?
Thanks,
Jakob.
> -Original Message-
> From: Russ White [mailto:7ri...@gmail.com]
> Sent: Saturday, April 30, 2016 12:35 PM
> To: Jakob Heitz (jheitz) ; nanog@nanog.org
> Subject: RE: Superfluous advertisement (was: Friday's Random Comment)
>
ASN 0 is used for this purpose.
Look for the word "zero" in
https://tools.ietf.org/html/rfc6907
Thanks,
Jakob.
> Date: Mon, 13 Jun 2016 17:53:45 -0500 (Central Sommerzeit)
> From: Matthias Waehlisch
> To: Theodore Baschak
> Cc: NANOG Operators' Group
> Subject: Re: RPKI and offline routes
>
>
During the RPKI presentation there was a question about
resilience of the router if the RPKI cache loses connectivity.
The IOS-XR implementation allows multiple caches to be configured.
When a cache loses connectivity, the entries from that cache
are purged after a time interval. Default is 60 seco
That is also configurable.
Thanks,
Jakob.
On Jun 16, 2016, at 4:39 AM, Randy Bush wrote:
>> When a cache loses connectivity, the entries from that cache
>> are purged after a time interval. Default is 60 seconds
>
> why not the poll interval for that cache server?
>
> randy
Hi Baldur,
Have you tried graceful shutdown?
You need redundant links, but not to the same transit.
https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut-06
This draft is expired, but it is actually implemented by several vendors.
I implemented this.
http://www.slideshare.net/bduvivie/bgp-gracefu
.
Another alternative is to use BGP add-path (rfc7911) to distribute backup
routes.
This will avoid the MRAI problem, but requires more memory on routers.
This also works for accidental shutdown.
Thanks,
Jakob.
> -Original Message-
> From: Jakob Heitz (jheitz)
> Sent: Tuesday, J
You could optimize the packet hop count by making smaller
but more rings. For example, make one ring with
CORE1, CORE2, PE1, PE2, PE3.
And another ring with
CORE1, CORE2, PE4, PE5.
If you configure "route-reflector-client" on the CORE,
and mesh the clients, then you can additionally configure
"bgp
Many routers do not rehash everything when a link breaks.
Doing so would disturb flows that were not broken, causing possible
misordered packets or jitter.
The flows on the broken link will get rehashed, of course.
Note that even if a hash function can distribute the flows evenly,
you may get some
Nexus supports LDP.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/mpls/configuration/guide/mpls_cg/mp_ldp_overview.html
Regards,
Jakob
1.1.1.1.e.f and 2.2.2.2.e.f both get translated to 192.168.e.f.
Some higher layer protocols embed IP addresses into their data.
These points make changing IP so difficult.
In addition, IPv6 has link local addresses.
This one seemingly insignificant detail causes so much code churn
and is probabl
23456 is AS_TRANS. Either your router does not support 4 byte AS or there is a
bug at AS 12956 or AS 12956 is intentionally prepending 23456.
Thanks,
Jakob.
>
> Date: Tue, 20 Jun 2017 23:12:45 +
> From: James Braunegg
> To: "nanog@nanog.org"
> Subject: Long AS Path
> Message-ID:
> Conte
The reason that a private ASN in the public routing table is an error is that
the AS Path is used to prevent loops. You may have private AS 65000 in your
organization and I may have another private AS 65000 in my organization. If my
ASN 65000 is in the AS path of a route sent to you, then your A
The consequence of keeping a route with a long AS_PATH is that it uses a little
more memory.
Also, if you send it on, you will add one ASN and may exceed the maximum BGP
message size and not be able to send it.
Even that is no reason to drop the incoming route.
The consequence of dropping the rou
IOS-XR does not have a pre-policy prefix limit.
When the limit is reached, the session will not automatically
re-establish. It needs to be manually cleared first.
It has the extra options:
warning-only- does not drop the session.
discard-extra-paths - additionally, drops prefixes after the
Even though the limit is applied before policy, the dropped prefixes don't
count towards the limit. You can have a limit of 100 and receive 1000. If you
drop 901 post policy, it will not kill the session, even when the limit is
applied before policy.
Thanks,
Jakob.
> Date: Sun, 22 Oct 2017 17
If your network is such that only a handful of routers supply redundant paths,
then you can set up iBGP sessions with those directly without going via route
reflectors. You can have most routes going through reflectors and a few through
direct BGP sessions. Not everything needs to go through rou
If the temperature of the floor is below the dew point, then it will sweat.
Maybe there's a cold wind blowing underneath the gap?
--Jakob
> -Original Message-
> Date: Tue, 10 Nov 2015 17:25:04 -0600
> From: "Lorell Hathcock"
>
> It is on the ground floor, but it is in a hut that has a
Then it's mainly TCP slowstart that you're trying to improve?
Thanks,
Jakob.
> -Original Message-
> From: Dale W. Carder [mailto:dwcar...@wisc.edu]
> Sent: Friday, March 18, 2016 3:03 PM
> To: Jakob Heitz (jheitz)
> Cc: nanog@nanog.org
> Subject: Re: Interne
fers.
>
> Tim McKee
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jakob Heitz (jheitz)
> Sent: Friday, March 18, 2016 18:21
> To: Dale W. Carder
> Cc: nanog@nanog.org
> Subject: RE: Internet Exchanges supporting jumbo frames?
>
> Then it
What's driving the desire for larger packets?
A single bit error will drop a whole packet.
Larger packets will cause more loss. Cables will need to be
shorter or bitrates lower to compensate.
Byte overhead of packet headers?
Are we seeing degradation of packets per second in forwarding
due to th
IOS-XR accepts extended communities and large communities by default.
You have to enable to send them, but not receive.
Regards,
Jakob.
-Original Message-
Date: Mon, 12 Oct 2020 15:06:05 +0100
From:
Here's a fun one.
By default Junos accepts extended communities on any BGP session (not
IOS-XR has duplicate update suppression logic for EBGP sessions,
not for IBGP sessions.
If you are using EBGP and seeing a fault in the duplicate update
suppression logic in IOS-XR, please let me know configs and details
of the experiment.
Regards,
Jakob.
-Original Message-
Date: Thu, 15
This feature suppresses outgoing duplicates. Another feature ignores incoming
duplicates from any BGP session.
Regards,
Jakob.
> On Oct 18, 2020, at 1:46 AM, Clemens Mosig wrote:
>
> On 18.10.20 00:59, Jakob Heitz (jheitz) via NANOG wrote:
>> IOS-XR has duplicate update su
3:59 PM, Jakob Heitz (jheitz) via NANOG wrote:
> IOS-XR has duplicate update suppression logic for EBGP sessions,
> not for IBGP sessions.
>
> If you are using EBGP and seeing a fault in the duplicate update
> suppression logic in IOS-XR, please let me know configs and details
>
Jared,
Agreed it's "interesting".
Please configure "as-path-loopcheck out disable" under bgp address family to
make it less interesting.
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r7-1/routing/command/reference/b-routing-cr-asr9000-71x/b-routing-cr-asr9000-71x_chapter_01
I couldn't put down Bill Norton's book.
https://drpeering.net/core/bookOutline.html
When a cheapskate like me pays the $10, it means something.
Regards,
Jakob.
-Original Message-
Date: Tue, 2 Feb 2021 11:35:34 +0100
From: Casey Callendrello
To: nanog@nanog.org
Subject: BGP / routing pape
Ben's blog details an experiment in which he advertises routes and then
withdraws them, but some of them remain stuck for days.
I'd like to get to the bottom of this problem.
Has anyone else seen this before or can provide data to analyze?
On or off list.
Regards,
Jakob.
-Original Message--
d like to get
a good understanding of what actually happened.
TCP zero window is possible, but many other things could
cause it too.
Anyone?
Regards,
Jakob.
-Original Message-
From: Job Snijders
Sent: Wednesday, April 21, 2021 2:11 PM
To: Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject:
In Cisco, MRAI is "advertisement-interval".
MRAI helps to reduce route update multiplication in highly redundant
networks. OTOH, it can increase the time it takes to re-advertise
a complete internet table in some router implementations.
Update multiplication due to redundant network connections cau
Finding vulnerabilities and how to exploit them to run malware
in closed source code is nigh on impossible.
Anyone can read open source code.
What is possible is to analyze patches to figure out what was fixed
and then to attack those that didn't apply the patches.
Even easier is old releases. P
Ytti,
We have introduced the scalable as-set into the XR route policy language.
as-path-set does not scale well with 1000's of ASNs.
Now, you don't need to expand AS-SET into prefix-set, just enter it directly.
Example:
as-set test
2914,
3356,
end-set
!
route-policy sample
if as-path origina
route-policy configuration will be much smaller.
I'm happy to answer more questions or requests for improvement
on or off list.
Regards,
Jakob.
-Original Message-
From: Saku Ytti
Sent: Saturday, August 14, 2021 11:11 PM
To: Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject: Re: &quo
> RPKI validity cover is incomplete.
One way: add your own RTR records. They don't all have to come from
the RPKI.
Another way: Add route-policy to validate the origin-as.
That requires a prefix-set. However, these prefix-sets are much smaller
and the sum of them is smaller than the sum of prefix-s
Oh, and your other issue. IOS-XR has two modes in which you can use
RPKI validity. One is where the router automatically uses the
validity. The other mode is where you use the validity in any
way you want in route-policy.
Regards,
Jakob.
-Original Message-
From: Jakob Heitz (jheitz
Mark,
Thanks for bringing this up again.
I remember this from nearly 3 years ago when Randy brought it up.
A bug was filed, but it disappeared in the woodwork.
I have now given it the high priority tag that it should have had initially.
Sorry about the mess up.
In the meantime, you may be able to
Lukas,
CSCvc84848
Will keep you in the loop too, Lukas.
Regards,
Jakob.
-Original Message-
From: Lukas Tribus
Sent: Monday, February 3, 2020 12:43 AM
To: Mark Tinka ; Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject: Re: Starting to Drop Invalids for Customers
Hello,
On Tue, 14
I can corroborate that. I visited China in August 2019 and had terrible
internet performance to sites outside of China. This was both with mobile and
wifi at the homes of two friends, one in Heilongjiang and the other in Beijing.
When I visited in February 2015, it was much better. Both times, I
My data point:
I'm working from home. My computer is connected through company VPN, over wifi
to Comcast.
Comcast speed test says 18mS.
I use VNC and Webex with voice and video through the computer.
VNC response time and voice delay is not noticeable.
Regards,
Jakob.
-Original Message-
Suppose you had a set of customers than all announced to you a set of routes
and all those routes complete an aggregate
and you announce only the aggregate to those customers
and you include an AS_SET with it
then those customers will drop your aggregate, thinking there is an AS-loop
and those cust
Sorry, I did not intend to imply that you were.
I should have prefaced my post with "to add".
Regards,
Jakob.
From: Matthew Petach
Sent: Wednesday, April 15, 2020 4:29 PM
To: Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject: Re: Route aggregation w/o AS-Sets
I apologize if I wasn&#
From version 6.3.1, IOS XR supports "if community length" in route-policy.
Regards,
Jakob.
-Original Message-
Date: Fri, 17 Apr 2020 12:29:33 +0100
From:
On the point of as-path length limit, Yes I know of at least one tier-1 that
does it and since I left some 8 years back I do it ever
FIB compression comes with some risks.
When routes churn, there are certain cases when you have to decompress the FIB.
Then, the FIB must have the space, or else OOPS.
If a set of compressed routes has to change to decompress some and compress a
different set to improve overall compression, there i
the worst
that can happen if the automatic transmission anticipates
incorrectly is that it hunts.
Regards,
Jakob.
-Original Message-
Date: Mon, 8 Jun 2020 10:14:17 +0200
From: Baldur Norddahl
On 08.06.2020 07.56, Jakob Heitz (jheitz) via NANOG wrote:
> FIB compression comes wi
Don was a great guy. I learnt a few things about Flowspec from him.
Sorry to see him go.
Regards,
Jakob.
-Original Message-
Date: Thu, 23 Jul 2020 23:22:45 +
From: "Dobbins, Roland"
It is with a heavy heart that I must relate the news that Don Smith, formerly
of CenturyLink and mo
CSCdj01351. Fixed in 1997.
Regards,
Jakob.
-Original Message-
Date: Sat, 1 Aug 2020 13:29:59 -0700
From: Ryan Hamel
...
Also, wasn't it you that said Cisco routers had a bug in ignoring NO_EXPORT?
...
I was made aware of another bug in IOS-XR: CSCuv94859. Thanks Job and Ryan.
It caused some routes with NO_EXPORT to sometimes be advertised to EBGP
after an NSR switchover during a software upgrade.
It was fixed in 2015.
Regards,
Jakob.
-Original Message-
From: Jakob Heitz (jheitz)
Sent
It may be possible to create a fake certificate for a fake ROA.
However, to do that requires a lot of steps to go right.
First, the RSA private key needs to be derived from the public key.
The quantum computer physics exists to do it.
However, the known technology is massively behind and may never
To address the risk of somebody exhausting your memory by dumping a ton of
routes on you,
we added two new options to "soft-reconfiguration inbound" in IOS-XR.
RPKI-dropped-only
Saves a copy of only the routes dropped by an RPKI validation-state test in
neighbor-in route-policy.
RPKI-tested-onl
-refreshes described above. It does not prevent all
route-refreshes, but uses significantly less memory than 'RPKI-tested-only'
Regards,
Jakob.
-Original Message-
From: Saku Ytti
Sent: Friday, May 13, 2022 12:36 AM
To: Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject: Re: Newb
022 12:09 AM
To: Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject: Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)
On Sat, 14 May 2022 at 00:17, Jakob Heitz (jheitz) wrote:
Hey Jakob,
> 'RPKI-tested-only' will store all routes that encounter a 'validation-stat
This attack will work very well until the victim starts advertising
its prefix. The victim may not notice the fake advertisement because the fake
advertisement will not reach the victim AS due to AS-path loop checking.
So potential victims must advertise all prefixes that they register in
RPKI or
Here is a reason you might want to keep that /24.
Suppose you are a small ISP and I am your customer.
I also have another larger provider.
That larger provider is also your provider.
I own a /21 and advertise it to my larger provider.
You get that /21 from my larger provider.
I advertise a /24 sub
There are a lot of ROAs out there that make it EASIER to hijack
a route rather than harder.
If you register an ROA for a route and also advertise that route
in BGP, then an attacker who prepends your ASN has to at least
compete with your route with an AS_PATH length and will lose
in most of the In
Sander,
How big? How slow?
You can reply to me off or on list.
About 8 to 10 years ago, we had a large effort to improve this.
Now customers push many megabytes of prefix-sets several times a day and it
works.
I have sent some questions internally to get a better answer.
Related, in 7.2.1, we a
I just checked the Cisco IOS-XR code. It's not vulnerable to any of the 3 flaws
listed in the below linked hackernews article.
Kind Regards,
Jakob
Date: Wed, 3 May 2023 12:52:46 +0300
From: Hank Nussbacher
On 02/05/2023 17:56, Warren Kumari wrote:
For those that like FRR:
https://thehackerne
"prepend as-path" has taken its place.
Kind Regards,
Jakob
Date: Wed, 16 Aug 2023 21:42:22 +0200
From: Mark Tinka
On 8/16/23 16:16, michael brooks - ESC wrote:
> Perhaps (probably) naively, it seems to me that DPA would have been a
> useful BGP attribute. Can anyone shed light on why this RFC
ones get dropped.
route-policy testRP
if as-path length ge 200 then
drop
endif
end-policy
Kind Regards,
Jakob
From: Robert Raszuk
Date: Friday, August 18, 2023 at 12:38 AM
To: Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject: Re: Destination Preference Attribute for BGP
Jakob,
Wi
Perhaps to you Robert.
I work on code and with customer issues that escalate to code.
Kind Regards,
Jakob
From: Robert Raszuk
Date: Friday, August 18, 2023 at 10:59 AM
To: Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject: Re: Destination Preference Attribute for BGP
Hi Jakob,
On Fri, Aug 18
We support platforms of various capacities.
While we would all like to sell the large ones, people buy the cheap ones too.
Kind Regards,
Jakob
From: Robert Raszuk
Date: Friday, August 18, 2023 at 12:55 PM
To: Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject: Re: Destination Preference
Fact remains, operators scrub communities and path-attributes for many reasons.
That's why as-path length is used as a traffic engineering mechanism over
multiple AS hops.
As limited as it is, it's what we have.
Kind Regards,
Jakob
From: Jakob Heitz (jheitz)
Date: Friday, August 18,
The blog was updated. Correct link:
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
The attribute was not malformed.
This is the hex dump of the attribute: “E0 1C 00”
It is described here.
https://www.rfc-editor.org/rfc/rfc6790#section-5.2
This attribute is deprecated, but
#wp3145726977
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r7-8/routing/configuration/guide/b-routing-cg-asr9000-78x/implementing-bgp.html#concept_77EE033C2F0C4BDDB8423C25FA71E3F9
Kind Regards,
Jakob
From: Jakob Heitz (jheitz)
Date: Wednesday, August 30, 2023 at 7:43 AM
Regards,
Jakob
From: Jakob Heitz (jheitz)
Date: Wednesday, August 30, 2023 at 8:15 AM
To: nanog@nanog.org
Subject: Re: JunOS/FRR/Nokia et al BGP critical issue
IOS-XR passes on the attribute by default.
Some other routers incorrectly claim it to be malformed and reset the BGP
session.
IOS-XR has a
If at least one ROA matches a route, then the route is valid.
This is to cover the case when more than one AS is authorized to
originate a particular prefix.
https://tools.ietf.org/html/rfc6811
Page 5:
o NotFound: No VRP Covers the Route Prefix.
o Valid: At least one VRP Matches the Route
Job,
Let me know if you have any issues doing this with IOS-XR.
Regards,
Jakob.
Date: Fri, 7 Jun 2019 17:29:49 +0200
From: Job Snijders
To: Eric Dugas
Cc: NANOG
Subject: Re: Networks enforcing RPKI validation
Message-ID: <20190607152949.gc32...@hanna.meerval.net>
Content-Type: text/plain; cha
The source address in the SYN is spoofed. What if the real owner of the source
address wanted to connect to you? Then your penaltybox would block him. An
attacker could now use your penaltybox to cause a DoS to the real owner of the
IP address.
> Date: Sun, 18 Aug 2019 08:48:08 -0700
> From: Mi
The article linked says no mainstream BGP implementation supports TCP-AO.
IOS-XE and IOS-XR support it.
While I do not represent the Cisco view, personally I like the idea of BGP over
TLS.
Regards,
Jakob.
-Original Message-
Date: Mon, 21 Oct 2019 19:21:03 +1100
From: Julien Goodwin
Another thing to consider is how long it takes to download into forwarding
hardware.
Forwarding hardware is optimized for forwarding, not programming.
The programming has to wait for time slots when forwarding is not using the
memory.
When you do smart aggregation, a single changed route could c
Hey, there's a better way.
Split the movie into segments:
Segment 1: Minute 1.
Segment 2: Minute 2.
Segment 3: Minutes 3,4.
Segment 4: Minutes 5-8.
Segment 5: Minutes 9-16.
etc.
Then send each segment in a loop.
Each receiver receives every loop simultaneously.
Each segment may start receiving part
-
From: Saku Ytti
Sent: Thursday, August 2, 2018 2:42 PM
To: Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject: Re: Confirming source-routed multicast is dead on the public Internet
Hey,
On Fri, 3 Aug 2018 at 00:36, Jakob Heitz (jheitz) via NANOG
wrote:
> Hey, there's a better way.
>
You could put this multicast receiver into the last hop before the customer
and then send unicast to the customer.
Regards,
Jakob.
-Original Message-
From: Saku Ytti
Sent: Thursday, August 2, 2018 2:45 PM
To: Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject: Re: Confirming source
Owen,
You are correct in that RPKI leaves many problems unsolved.
One that it does solve is prefix splitting.
If I issue a ROA for prefix 10.1.2.0/23, any announcement of 10.1.2.0/24
(including mine) will be declared INVALID, because that announcement is covered
by the ROA and the mask length i
It does, Ytti. And not just in testing. In feature development too.
Often in design discussions, someone pipes up: "someone does bla bla,
Let's not break it". One I remember from years ago was setting two
route reflectors as clients of each other and thinking route reflection
wasn't designed for th
Wh! Thanks man!
Jakob.
-Original Message-
Date: Tue, 19 Feb 2019 15:26:38 +
From: Tom Hill
On 18/02/2019 21:50, John Von Essen wrote:
> If anyone on here has experience with the ASR series running the
> RSP440-SE or -TR, please contact me off-list. I'm trying to better
> unders
Each unit of mask length increase doubles the size of the table theoretically.
About 60% of the table is /24 routes.
Just going to /25 will probably double the table size.
Not sure I'd like to extrapolate the estimate out to /27.
Kind Regards,
Jakob
---
Among the issues:
Suppose the FIB has all the /24 components to make a /20, so it programs a /20.
Then one of the /24's changes nexthop. It now has to undo all that compression
by reinstalling some of the routes and figuring out the minimum set of /21,
/22, /23, /24
to make it happen. Then to avoi
Regards,
Jakob
From: William Herrin
Date: Sunday, October 1, 2023 at 6:32 PM
To: Jakob Heitz (jheitz)
Cc: nanog@nanog.org
Subject: Re: maximum ipv4 bgp prefix length of /24 ?
On Sun, Oct 1, 2023 at 5:40 PM Jakob Heitz (jheitz) via NANOG
wrote:
> Among the issues:
> Suppose the FIB has a
On a related note, I'm working on a project to handle FIB overflow in
such a way as to cause the least disruption in the network.
I welcome suggestions either on or off list.
Kind Regards,
Jakob
In bgp_sovc.h, at the top, it says:
BGP Secure Origin Validation Code
Further down in the file, it says:
BGP Secured Origin Validate Cache – SOVC
Basically, the router downloads the VRPs from the RPKI server, using RFC 6810.
Then it uses the downloaded VRPs to validate received routes using RFC 68
Wow!
The reason it’s called generative AI is because it totally made that up.
Kind Regards,
Jakob
Date: Wed, 31 Jan 2024 18:27:24 +
From: "Compton, Rich"
To: Mohammad Khalil , NANOG list
Subject: Re: SOVC - BGp RPKI
Message-ID:
Content-Type: text/plain; charset="utf-8"
ChatGPT
RFC 5736 was obsoleted by RFC 6890.
It says in part:
2.2.1. Information Requirements
The IPv4 and IPv6 Special-Purpose Address Registries maintain the
following information regarding each entry:
…
o Forwardable - A boolean value indicating whether a router may
forward an IP datag
The great innovation of blockchain is that once a Bitcoin is transferred, the
previous owner can’t take it back.
A distinguishing feature of RPKI is that the issuer of the EE certificate can
revoke it to take back ownership of the IP address.
Imagine if stale entries in the IRR could not be clean
Any-to-any connectivity is an O(x^2) (quadratic) problem.
When you build a fabric, you can add new pizza-boxes in a linear fashion as
long as the existing boxes have spare ports to plug in the new boxes.
As soon as the spare ports run out, the quadratic hits.
Then the choices are either:
* Re
91 matches
Mail list logo
