Slight recurring Packet Loss at Equinix Ashburn

Hi everyone, Apologies for the noise and feel-free to reply off-list. We have a transit link to Equinix Ashburn where we see regular 12-20% packet loss on "some" of the peers there. We are working with the transit partner and Equinix NOC for the past few days. I can provide graph and IPs off-

Re: Follow up to "has virtualization become obsolete in 5G"?

The amount of buzzwords in that page is quite incredible. I'm also unsure where it mentions that virtualization is now obsolete. NFV solutions are moving to VM based deployments as a stop-gap and for the future, towards micro-services built in containers. On Fri, Jan 15, 2021 at 6:38 AM Etienne-V

Do you care about "gray" failures? Can we (network academics) help? A 10-min survey

you don't like a question or don't know the answer, just skip it. Thank you so much in advance, and we look forward to read your responses! Laurent Vanbever, ETH Zurich PS: Of course, we would be extremely grateful if you could forward this email to any operator you might know who may not read NANOG ( assuming those even exist? :-) )!

Re: Do you care about "gray" failures? Can we (network academics) help? A 10-min survey

> On 8 Jul 2021, at 14:29, Saku Ytti wrote: > > On Thu, 8 Jul 2021 at 15:00, Vanbever Laurent wrote: > >> Detecting whole-link and node failures is relatively easy nowadays (e.g., >> using BFD). But what about detecting gray failures that only affect a >> *

Re: Do you care about "gray" failures? Can we (network academics) help? A 10-min survey

nuals :-). Interesting. I can see how hard this one is to debug as even a relatively small of traffic pointing at the static route would be enough to make the CPU spikes. > Like Saku says, there's always something, and attention to it will be granted > depending on how much visible pain it causes. Yep. Makes absolute sense. Best, Laurent

Re: Do you care about "gray" failures? Can we (network academics) help? A 10-min survey

rhaps is your probing traffic already high priority? Best, Laurent > On 8 Jul 2021, at 15:58, Jörg Kost wrote: > > We have a similar gray issue, where switches in a virtual chassis > configuration with layer3-configuration seem to lose transit ICMP messages > like echo or echo-

Re: Do you care about "gray" failures? Can we (network academics) help? A 10-min survey

> One method is collecting lookup exceptions. We scrape these: > > npu_triton_trapstats.py:command = "start shell sh command \"for > fpc in $(cli -c 'show chassis fpc' | grep Online | awk '{print $1;}'); > do echo FPC$fpc; vty -c 'show cda trapstats' fpc$fpc; done\"" > ptx1k_trapstats.py:c

Re: Centurylink Boise Networking Oddness

100ms to twitch for continental USA seems a bit absurd! On Fri, Oct 9, 2020 at 10:56 AM Brielle wrote: > > Im on a CenturyLink fiber connection in Boise. What is the problem you > are seeing exactly? Traceroute doesn’t look odd really. > > > Sent from my iPhone > > On Oct 9, 2020, at 8:40 AM,

Re: 10 Do's + Don'ts for Visiting Québec + Register Now for N85!

As a Quebecer, I think it's my duty to say that good Poutine *is *good. There are plenty of bad poutine (like any other food) in Montreal but definitely something to try for anyone here for NANOG. For a portuguese style poutine : http://mapoulemouillee.ca/ And for something a bit more mass-market

Re: Comcast storing WiFi passwords in cleartext?

It's not exactly clear from the StackExchange post but if the end-user is also using Comcast as an ISP, then I guess the modem simply re-registered under the new customer and is happily providing the visibility to Comcast? On Tue, Apr 23, 2019 at 8:34 PM Töma Gavrichenkov wrote: > On Wed, Apr 24

Re: ASR-9K CPU troubleshooting

It coincides with nothing else? More traffic? CPU increasing at regular intervals every day without any obvious reasons is probably something worth looking into! On 4/18/2016 2:14 PM, Scott Weeks wrote: --- rege...@gmail.com wrote: From: Rukka Pal How do you guys troubleshoot high CPU utili

CDN, Steam, Origin and NAT.

on the matter! Thanks Laurent

Re: NIST NTP servers

thing business critical on a RP2. https://coldnorthadmin.com/raspberry-pi-2-ntp-server-stratum-1/ Cheers, Laurent On 5/11/2016 6:47 AM, Dovid Bender wrote: What about something like this? http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html Has anyone used a Pi to create their own server? On Wed, M

Re: Recent NTP pool traffic increase

quick dump and in 60 seconds I was hit by slightly over 190K IPs http://i.imgur.com/mygYINk.png Weird stuff Laurent On 12/17/2016 10:25 PM, Gary E. Miller wrote: Yo All! On Sat, 17 Dec 2016 17:54:55 -0800 "Gary E. Miller" wrote: # tcpdump -nvvi eth0 port 123 |grep "O

Re: Recent NTP pool traffic increase

If anything comes from this, I'd love to hear about it. As a student in the field, this is the kind of stuff I live for! ;) Pretty awesome to see the chain of events after seeing a post on the [pool] list! Laurent On 12/19/2016 05:12 PM, Justin Paine via NANOG wrote: replying off

Re: Recent NTP pool traffic increase

I do think that the point of the Pool network is to be used by both consumers and vendors. And as mentioned before, there is a process if you are a vendor and want to use the pool within a commercial product. I have 3 NTP servers running and I don't really care who is using it. That said, sett

Re: Recent NTP pool traffic increase

#x27;m just a bit puzzled that this entire mixup actually happened with the modern internet. Laurent On 12/22/2016 08:05 PM, Harlan Stenn wrote: On 12/22/16 4:11 PM, Ask Bjørn Hansen wrote: On Dec 20, 2016, at 8:02 PM, Harlan Stenn wrote: On 12/20/16 7:27 PM, Laurent Dumont wrote: To be hon

Soliciting your opinions on Internet routing: A survey on BGP convergence

aggregate results will be published as a part of a scientific article later this year. Thank you so much in advance, and we look forward to read your responses! Laurent Vanbever (ETH Zürich, Switzerland) PS: It goes without saying that we would be also extremely grateful if you could forwa

Re: Soliciting your opinions on Internet routing: A survey on BGP convergence

ommunity?), you could completely avoid a disruption. This would go into the direction of minimizing the amount of WITHDRAWs in favor of UPDATEs. But, of course, this would only work in the case of planned maintenance. We would definitely welcome more input on the convergence issue you face! Best, Laurent

Re: Soliciting your opinions on Internet routing: A survey on BGP convergence

Hi Joel, > On 10 Jan 2017, at 06:51, joel jaeggli wrote: > > On 1/9/17 2:56 PM, Laurent Vanbever wrote: >> Hi NANOG, >> >> We often read that the Internet (i.e. BGP) is "slow to converge". But how >> slow >> is it really? Do you care anyway?

GTT IPVPN - Vienna - Circuit offline since maintenance.

Hi everyone, We've have a IP-VPN circuit that has been down for the past 15 hours or so in Vienna. We are receiving the routes from the GTT BGP but we cant reach the equipment itself. GTT have confirmed a backbone issue but they have been unresponsive since. Anyone is aware of issues? Anyone from

GTT Woes

d greatly appreciate it. I can provide ticket numbers and circuit ID at any time. Have a latency free weekend! Thanks -- *Laurent Dumont* *Spécialiste réseau / Network specialist* *Fibrenoire* - www.fibrenoire.ca A: 550 , avenue Beaumont, bureau 320, Montréal (Québec) H3N 1V1 T. 514 907-3002

Your opinion on network analysis in the presence of uncertain events

rvey URL: https://goo.gl/forms/HdYNp3DkKkeEcexs2 Thanks much! Laurent Vanbever, ETH Zürich PS: It goes without saying that we would also be extremely grateful if you could forward this email to any operator you know and who may not read NANOG.

Re: Your opinion on network analysis in the presence of uncertain events

c behaviors that people care about (if any). All the best, Laurent

Re: Your opinion on network analysis in the presence of uncertain events

predictions (i.e. unlike in weather or markets prediction tools where the datasets (or search space -as not all attributes are equally relevant) is virtually endless). I’m with you. I also believe that better (even programmable) telemetry will unlock powerful analysis tools. Best, Laurent PS

Re: Quick Script to check the uptime of ASR920's

It's worth mentioning that's it's not limited to just the cosmetic issue of interface counters/snmp counters. - I've had multiple instances of 920 interfaces getting stuck in their previous operational state. Unplugging-replugging/shut/no-shut doesn't change anything. - The 920 fails to process tr

Re: Purchased IPv4 Woes

Out of curiosity, who were the previous owner(s), it seems that ARIN only shows the current owner with any history? If it was a Chinese/Russian block, you might be out of luck. On 03/10/2017 12:00 PM, Pete Baldwin wrote: Hi All, Hopefully this is not taken in bad taste. Our organizatio

Re: BCP 38 coverage if top x providers ...

Wouldn't you want BCP38 policies to be as close as possible to the traffic sources? Instead of creating more "fake" traffic? And at the same time, partial filtering doesn't seem as a very effective way to fight spoofed traffic on a large scale. On 03/24/2017 11:07 AM, Florian Weimer wrote: *

Re: Anyone here from Netflix? | VPN Detection Problem

Hey Jason, We've had good luck contacting geosupp...@netflix.com when we had issues with subnets being flagged as either VPS providers. They have been very responsive in the few indidents we had. On 9/8/2017 3:30 PM, Jason Canady wrote: Hello, We have IP add

XO - Memphis/Nasville - Circuit down 24 hours

Hi everyone, This is a first for me but we have a circuit down for the past 24 hours in Memphis. We've escalated the issue as far as we could on the XO side but we've been stonewalled at every turn. I don't have anything agaisn't 3-6 hours outages as those have to be expected from time to time but

Re: peering, derivatives, and big brother

x27;m pretty sure electricity and bandwidth share some patterns. Now who wants to be the Enron of the bandwidth market? :) Sincerely, Laurent http://guerby.org/blog

Re: Some truth about Comcast - WikiLeaks style

g their own customer base. According to: http://en.wikipedia.org/wiki/Comcast "Comcast has 15.930 million high-speed internet customers" If a 10G port for transit is paid by comcast $30/Mbit/s monthly that's 0.19 cent/internet customer/month for a new 10G port to properly desaturate this particular link. Did I compute something wrong? Laurent

RE: Some truth about Comcast - WikiLeaks style

On Wed, 2010-12-15 at 05:31 -0500, Randy Epstein wrote: > Laurent, > > >If a 10G port for transit is paid by comcast $30/Mbit/s monthly > >that's 0.19 cent/internet customer/month for a new 10G port > >to properly desaturate this particular link. > > >Did I

Re: Some truth about Comcast - WikiLeaks style

egulators and the public need data for proper regulation and future changes in regulation, and the issue is the same everywhere :). Sincerely, Laurent PS: sorry for my miscalculation AMSIX 1.2Tbit/s cost is $2.25 per month per Comcast subscriber assuming 16 millions customers and $30/Mbit/s/month

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

ll be available, > but they are talking about it (in this case at the last CEBIT in March). > > People are building some very big systems for example with lots and lots > of virtual machines. On dell.com you can buy a PowerEdge R910 with 1TB RAM for around $80k. Laurent

Cisco warranty

th it ? Thanks Laurent

Re: Cisco warranty

On 04/04/2014 01:51, Jimmy Hess wrote: On Thu, Apr 3, 2014 at 1:46 PM, Brandon Ewing wrote: On Thu, Apr 03, 2014 at 01:26:58PM -0400, Michael Brown wrote: Did you purchase SMARTnet when you bought the device? If you didn't, you're probably SOL. This is not true. Cisco provides a limited lif

Re: EIGRP support !Cisco

more or go further with this migration. Cheers, — Laurent On Jan 24, 2014, at 8:04 AM, Jimmy Hess wrote: > On Fri, Jan 10, 2014 at 9:57 AM, Christopher Morrow > wrote: > >> On Fri, Jan 10, 2014 at 10:54 AM, Nick Hilliard wrote: >>> On 08/01/2014 18:14, Christopher Mor

Re: The 100 Gbit/s problem in your network

y of those already. > > That said provide compelling numbers and I'll change my mind. The "problem" with increasing capacity is that it opens up captive eyeballs to innovative services from "outside": monopoly operators will prefer to deal with CDN providers & the like and keep control. Sincerely, Laurent

Re: High throughput bgp links using gentoo + stipped kernel

z/ It uses less than 100MB of RAM per IPv4 DFZ, we run around 100 BGP sessions in 350M of RAM (process virtual). Looking glass developper by our members: http://lg.tetaneutral.net/prefix_bgpmap/gw+h3/ipv4?q=meh.net.nz http://lg.tetaneutral.net/summary/gw+h3/ipv4 Sincerely, Laurent http://tetaneutral.net http://as197422.peeringdb.com

Re: High throughput bgp links using gentoo + stipped kernel

On Mon, 2013-05-20 at 10:35 +0200, Laurent GUERBY wrote: > On Mon, 2013-05-20 at 11:23 +1200, Ben wrote: > > With regards to security of OpenBSD versus Linux, you shouldn't be exposing > > any > > services to the world with either. And it's more stability/configu

Re: IX in France

s about those? Hi, We're connected to both (and to a smaller third one named FR-IX), it's not that expensive and adds redundancy to join many peers. Sincerely, Laurent

Re: Most energy efficient (home) setup

rinceton.edu/~sudhakar/papers/memerr-slashdot-commentary.html Thanks in advance, Sincerely, Laurent

Re: using "reserved" IPv6 space

;IP", it's nice to have more than one /64 around for some uses. Is there any "mass" hoster around that does provide by default a pefix larger than /64 and that does route it to the user? It's quite simple to do in IPv6 and we have the address space for it. Sincerely, Laurent

Re: using "reserved" IPv6 space

users. The /56 subnets we give are for single machine in a rack, virtual machine in a cluster or home router. http://www.tunnelbroker.net/ gives by default /64 to a home router and /48 on request we just decided to give /56 by default and /48 on request. Sorry if I wasn't clear in my first message. Is there an agreed upon definition of "end site"? Sincerely, Laurent

Re: Bird vs Quagga revisited

On Wed, 2012-08-29 at 16:39 +0100, Edward J. Dore wrote: > MikroTik RouterOS is indeed based on Linux, however I believe they rolled > their own MPLS stack. Hi, Does Mikrotik publish their modified Linux kernel source? Might be interesting to look at it. Laurent > Last time I lo

Level3 (AS3549) BGP contact off-list

Hi, Currently experiencing trouble with BGP session between 49463 and 3549. Relevant router: cdg2.gblx.net Can you please contact me off-list for resolution ? Thanks

Re: How our young colleagues are being educated....

The Cisco "Networking Academy" program was used throughout my "CEGEP"(End of high-school/first college year equivalent in the US) education in Quebec. There was no deviation from the course work and the aim was to get the student CCNA certified at the end. On 12/25/2014 7:21 PM, Miles Fidelman

Re: How our young colleagues are being educated....

Merry Christmas! (Even if slightly late...) I absolutely agree. The certification by itself doesn't prove much beyond a passing interest in networking and an ability to retain a fair amount of information. I suspect it's mostly a question of creating some kind of standard to judge applicants.

Questions regarding equipment for a large LAN event

nothing extraordinary but we would like to use this opportunity in order to try new equipment and technologies that are usually only seem within ISP and large networks. I appreciate any input on the matter! Thank you -- Laurent Dumont https://coldnorthadmin.com

Twitch contact

Long shot, but if anyone from Twitch could poke me offlist for a few questions regarding it's policy with multiple streamers per IP address (if it's even something we need to consider) We are running a large-ish LAN event and are slightly worried about that. Thanks!

IPV6 planning

xpect when running dual-stack on a large-ish network? Thanks! Laurent

Re: Open source alternatives to UNINETT Stager for visual netflow peering analysis

td.com <mailto:pkr...@unwiredltd.com> -- Laurent Dumont coldnorthadmin.com

Re: Multiple vendors' IPv6 issues (ping google flash use)

7;t work on my Google Nexus 4 and my flash-less chrome/chromium desktops :). Sincerely, Laurent

Re: Attending NANOG65 question

I can confirm that. I had a few questions about attending NANOG65 as a student (also my first!) and they are still working on the registration process for this year On 7/5/2015 12:58 PM, Mehmet Akcin wrote: Looks like registration for this event is not open yet. There is still a lot of time.

Re: Quakecon: Network Operations Center tour

I recently wrapped up a 1300 players with gigabit connections where we had a single 5gig link. We never saturated the link and peaked at 3.92Gbps for a new minutes. Bandwidth usage peaks on the first day and settles down after that (the event was during an entire weekend starting on friday). If

Re: The Making of a Router

guration, not waste any IPv4 and avoid all issues with shared L2 (rogue RA/ARP spoofing/whatever) since there's no shared L2 anymore between user VM. It also allows us to not pre split our IPv4 space in a fixed scheme, we manage only /32 so no waste at all. Of course you still have work to do on PP

Re: gmail.com - 550 error for ipv6/PTR ?

and it worked so probably transient. Laurent host gmail-smtp-in.l.google.com[2a00:1450:400c:c05::1a] said: 550-5.7.1 [2a01:6600:80xxx] Our system has detected that this message 550-5.7.1 does not meet IPv6 sending guidelines regarding PTR records and 550-5.7.1 authentication. Please

Is 213.215.28.0/23 (AS 49463) announced through AS 12670 and AS 13193

Hi, I did set-up this netblock behind two pipes. One on AS13193 (which is working flawlessy), and ahother on AS12670 (which I doubt of). Can please any of you tell me if from your location 213.215.28.0 is reachable through AS12670 ? Thanks Laurent

Re: Is 213.215.28.0/23 (AS 49463) announced through AS 12670 and AS 13193

r upstream router. If their upstream router actually forwards it to its neighbors is another question...which I can't unfortunately not answer. But I guess the announce is not propagated outside of their network... Thanks for your help. Laurent

Re: hi, a question related to AS 49463

DEFFAYET lose the reachability to AS 49463? Hi, Since i do have direct connectivity to 13193 and 12670, if my prefix is correctly announced through both ISP, the failure of 1 ISP should allow me to still be reachable and reach the outside world. Laurent

Re: Is 213.215.28.0/23 (AS 49463) announced through AS 12670 and AS 13193

On Sat, Sep 05, 2009 at 04:04:33PM +0200, Laurent CARON wrote: > Hi, > > I did set-up this netblock behind two pipes. > > One on AS13193 (which is working flawlessy), and ahother on AS12670 > (which I doubt of). > > Can please any of you tell me if from your

Re: Is 213.215.28.0/23 (AS 49463) announced through AS 12670 and AS 13193

On 07/09/2009 19:01, Suresh Ramasubramanian wrote: Yup. Compare this current radb lookup - sur...@frodo 09:53:21 :~$ whois -h whois.radb.net 213.215.28.0/23 route: 213.215.28.0/23 descr: LNC-1 origin: AS49463 mnt-by: NERIM-MNT changed:boua...@nerim.net 2

Re: FOSS WAN Acceleration Software

interested in the offerings of Cisco (WAAS) or Riverbed (StealHead) or any other appliance based solution. Thank-you in advance for any and all replies. Hi, Should you use an IPSec implementation like Free/Open Swan between your sites, you can try to enable compression on your tunnels. Laurent

Unable to reach security.debian.org through an HurricaneElectric IPv6 pipe

Hi, I'm currently unable to reach security.debian.org (2001:8d8:2:1:6564:a62:0:2) through IPv6. donald:~# traceroute -M tcpconn -p 80 wieck.debian.org -n -6 traceroute to wieck.debian.org (2001:8d8:2:1:6564:a62:0:2), 30 hops max, 80 byte packets 1 2001:7a8:820:1::1 0.170 ms 0.151 ms 0.126 m

Re: Unable to reach security.debian.org through an HurricaneElectric IPv6 pipe

On 29/10/2009 12:20, William F. Maton Sotomayor wrote: On Thu, 29 Oct 2009, Laurent CARON wrote: I'm currently unable to reach security.debian.org (2001:8d8:2:1:6564:a62:0:2) through IPv6. Judging from the traceroute, it seems that Hurricane Electric and OneAndOne are peering, but pe

Re: Unable to reach security.debian.org through an HurricaneElectric IPv6 pipe

On Thu, Oct 29, 2009 at 12:52:07PM +0100, Florian Weimer wrote: > It helps if you mention your own IP address. Using 2001:7a8:820:1::1 > instead, I get this in the reverse direction (from wieck): My desktop's IP: 2001:7a8:820:1::31 > traceroute to 2001:7a8:820:1::1 (2001:7a8:820:1::1), 30 hops

Re: need your suggestion about switch

On 07/11/2009 18:21, Deric Kwok wrote: Hi I am requested to get not brand list switch how can I test it? any software or methods eg: reliable speed or any need Thank you so much Hi, Can you please make sentences that make sense ? Are you seeking for advice or help ? I think yes. So the l

Re: IPv6 mistakes, was: Re: Looking for an IPv6 naysayer...

?id=3389 and comment and > try and drive the IPv6 support for mobile into Android. Looks like cyanogenmod supports ipv6: http://forum.cyanogenmod.com/topic/1286-ipv6-on-cm-508-ds/ Laurent

RE: Ingress filtering on transits, peers, and IX ports

. I’m curious to hear/read which uRPF would you recommend for this particular case. Thanks Jean St-Laurent From: NANOG On Behalf Of Mel Beckman Sent: Tuesday, October 13, 2020 6:22 PM To: Brian Knight Cc: nanog@nanog.org Subject: Re: Ingress filtering on transits, peers, and IX ports

RE: Ingress filtering on transits, peers, and IX ports

Hi Brian, "However, I recognized a SP-specific case where we could receive legitimate traffic sourcing from our own IP blocks: customers running multi-homed BGP where we have assigned PA space to them. So I added "permit" statements for traffic sourcing from these blocks." If your customers a

RE: Linux router network cards

Chelsio cards are probably what you are looking for. https://www.chelsio.com/terminator-6-asic/ It's closer to an asic than a traditional nic as the router/firewall rules are pushed directly into the hardware. I don't know how good they are with linux and they seem to be compatible. https://www.

RE: Linux router network cards

n E5-2600v3/4 or newer and faster the clocks, the better. Similar CPU core allocations if you choose TNSR. On Thu, Oct 22, 2020 at 3:21 PM Jean St-Laurent via NANOG mailto:nanog@nanog.org> > wrote: Chelsio cards are probably what you are looking for. https://www.chelsio.com/termin

Nice work Ron

https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occ upied-by-parler/ <https://www.engardesecurite.ca/wp-content/uploads/2018/11/main1-1-214x300.g if> Jean St-Laurent CISSP #634103 ddosTest me security inc tel:438 806-9800 site:

RE: Nice work Ron

On Behalf Of Jean St-Laurent via NANOG Sent: January 21, 2021 12:17 PM To: 'NANOG' Subject: Nice work Ron https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occ upied-by-parler/ Jean St-Laurent CISSP #634103 ddosTest me security inc tel:43

RE: MIB Browser Recommendation

Wasn't there a nice one called Luna or something like that? After Net-SNMP, it was my favorite. I can't find it anymore though. Jean -Original Message- From: NANOG On Behalf Of Wes Hardaker Sent: January 27, 2021 3:12 PM To: Graham Johnston Cc: nanog@nanog.org Subject: Re: MIB Browser

RE: DDOS-Guard [was: Parler]

This one ended up in Junk. I guess you pasted too much domain names with "Junk" behaviours. 😉 I removed the domain names from this reply. Interesting list though. Thanks for sharing. Any others got that in their junk? Jean St-Laurent CISSP #634103 ddosTest me security inc si

RE: RTBH and Flowspec Measurements - Stop guessing when the attack will over

20.4R1-EVO, and all subsequent releases. It has a cvss score of 10.0 which is the highest. Is Juniper still vulnerable or not? Thanks <https://www.engardesecurite.ca/wp-content/uploads/2018/11/main1-1-214x300.gif> Jean St-Laurent CISSP #634103 ddosTest me securit

RE: Suspicious IP reporting

/infrastructure/googles-dunant-subsea-cable-is-now-ready-for-service Kill this link and I guess the industry will listen to you. Good luck with your ip in China. Jean St-Laurent From: NANOG On Behalf Of JoeSox Sent: February 4, 2021 6:06 PM To: Tom Beecher Cc: NANOG Subject: Re

RE: Suspicious IP reporting

I do not know Tom personally, but I’ve been following his comments, hindsight and shared experience. Tom seems to be a bigger player than you on this mailing list. Joe, you are only penalizing yourself by banning him. I would personally not ban him. J From: Jean St-Laurent Sent

RE: Suspicious IP reporting

Hi Joe & Joe, I’m not sure which Joe is the original Joe anymore, but I like this reply better than the previous one. It feels more informative and more useful to the community. I just stumbled on this article. https://www.zdnet.com/article/google-chrome-syncing-features-can-be-abused-f

RE: Retalitory DDoS

Nice report, If you would have to pick up just one vector out of this “multi-vector” attack, which one seems to be the one that had the bigger effect on your network or service? Was it degraded or total service interruption? Jean From: NANOG On Behalf Of Mike Hammett Sent: Februa

RE: Retalitory DDoS

You got RTBH? From: Mike Hammett Sent: February 8, 2021 12:50 PM To: Jean St-Laurent Cc: NANOG list Subject: Re: Retalitory DDoS In my case, it was against a server not on my own network, so my impact was a blackhole for an hour at 4 AM local time. I likely wouldn't have even no

RE: Retalitory DDoS

. Peace Jean From: Mike Hammett Sent: February 8, 2021 12:56 PM To: Jean St-Laurent Cc: NANOG list Subject: Re: Retalitory DDoS I don't have RTBH, no. It's just a web server. Now how my hosting provider handled it, I'm not sure. I don't know if they just dropp

RE: [EXTERNAL] Re: Retalitory DDoS

Slabbert Sent: February 8, 2021 2:19 PM To: Compton, Rich A Cc: Mike Hammett ; Jean St-Laurent ; NANOG list Subject: Re: [EXTERNAL] Re: Retalitory DDoS Was gonna come to add that. That and maybe some UDP frags. You may want to have your hosting provider block all inbound traffic from

RE: wow, lots of akamai

I remembered working for a big ISP in Europe offering cable tv + internet with +20M subscribers Every time there was a huge power outage in major cities, all tv`s would go off at the same time. I don`t have stats on power grid stability in Europe Vs N/A. The problem, was when the power was comi

RE: wow, lots of akamai

No I didn't suggest that. -Original Message- From: NANOG On Behalf Of Niels Bakker Sent: April 1, 2021 3:21 PM To: nanog@nanog.org Subject: Re: wow, lots of akamai * nanog@nanog.org (Jean St-Laurent via NANOG) [Thu 01 Apr 2021, 21:03 CEST]: >An artificial roll out penalty

RE: wow, lots of akamai

@nanog.org Subject: Re: wow, lots of akamai On Thu, Apr 1, 2021 at 12:23 Niels Bakker mailto:na...@bakker.net> > wrote: * nanog@nanog.org <mailto:nanog@nanog.org> (Jean St-Laurent via NANOG) [Thu 01 Apr 2021, 21:03 CEST]: >An artificial roll out penalty somehow? Probably not at

RE: wow, lots of akamai

April 1, 2021 2:21:24 PM Subject: Re: wow, lots of akamai * nanog@nanog.org <mailto:nanog@nanog.org> (Jean St-Laurent via NANOG) [Thu 01 Apr 2021, 21:03 CEST]: >An artificial roll out penalty somehow? Probably not at the ISP >level, but more at the game level. Well, ISP could also ha

RE: wow, lots of akamai

in about it. On Thu, Apr 1, 2021 at 1:21 PM Niels Bakker mailto:na...@bakker.net> > wrote: * nanog@nanog.org <mailto:nanog@nanog.org> (Jean St-Laurent via NANOG) [Thu 01 Apr 2021, 21:03 CEST]: >An artificial roll out penalty somehow? Probably not at the ISP >level, but more at

RE: wow, lots of akamai

y to complain about it. On Thu, Apr 1, 2021 at 1:21 PM Niels Bakker mailto:na...@bakker.net> > wrote: * nanog@nanog.org <mailto:nanog@nanog.org> (Jean St-Laurent via NANOG) [Thu 01 Apr 2021, 21:03 CEST]: >An artificial roll out penalty somehow? Probably not at the ISP >lev

RE: Google IP Geolocation

I was not sure what a TI-99/4a is. I thought it's a new kind of phone. Lol You got me! Jean -Original Message- From: NANOG On Behalf Of Jared Mauch Sent: April 10, 2021 7:10 PM To: Laura Smith Cc: nanog@nanog.org Subject: Re: Google IP Geolocation I've had a similar issue in the past

BGP and The zero window edge

Nice article explaining a specific BGP corner case not removing routes when TCP window reaches 0. https://blog.benjojo.co.uk/post/bgp-stuck-routes-tcp-zero-window The proposed solution is a new RFC for BGP with the suggestion to introduce a new timer. Fascinating! Jean St-Laurent /CISSP

RE: DoD IP Space

This is true and very interesting, but the opposite is also true. They are now reachable from probably nearly anywhere and therefore open for business. 😊 Let's see what will slowly appear in shodan.io and shadowserver.org Jean -Original Message- From: NANOG On Behalf Of William Her

RE: DoD IP Space

I’d be interested in an objective recap of this thread. It seems like we could do a Netflix series for networkers about it. 😉 Anyone would like to give it a try to summarize the story back from the 80’s till today and explain what is at stake here? Thanks Jean From: NANOG On Beh

RE: EMail server gets blocked by Microsoft

I just unlocked ddostest.me with this tool for outlook.com, Hotmail.com, msn.com and maybe all the O365 suite. It was fix in less than 24 hours. Thanks for the tip Jean From: NANOG On Behalf Of Mike Hammett Sent: April 28, 2021 7:52 AM To: Michael Fallen Cc: nanog@nanog.org Subject:

RE: Juniper hardware recommendation

Good monitoring softwares allow to do "preprocessing" before storing the monitored data in database. Saku's formula should work well in this case. I use Zabbix for monitoring big infrastructure. It has many advantages like: - Push or pull metrics (dmz friendly) - Can use many proxies (scale wel

RE: DDoS attack with blackmail

I also recommend book Art of War from Sun Tzu. All the answers to your questions are in that book. Jean From: NANOG On Behalf Of Lady Benjamin Cannon of Glencoe, ASCE Sent: May 20, 2021 7:18 PM To: Baldur Norddahl Cc: NANOG Operators' Group Subject: Re: DDoS attack with blackmail

RE: DDoS attack with blackmail

. @Baldur: do you care to share some metrics? Jean From: NANOG On Behalf Of Jean St-Laurent via NANOG Sent: May 21, 2021 10:52 AM To: 'Lady Benjamin Cannon of Glencoe, ASCE' ; 'Baldur Norddahl' Cc: 'NANOG Operators' Group' Subject: RE: DDoS attack with blackma

RE: DDoS attack with blackmail

Sent: May 24, 2021 12:38 PM To: Jean St-Laurent Cc: NANOG Operators' Group Subject: Re: DDoS attack with blackmail While I have no design to engage in over email argument over how much latency people can actually tolerate, I will simply state that most people have a very poor understa

  1   2   >