Re: Big day for IPv6 - 1% native penetration

2012-11-27 Thread Alex
You can look back on Nanog56 and watch Liviu's presentation regarding implementation in the RCS-RDS network. Why, you ask? Because they/we can do it. IPv4 exhaustion is upon us. CGN will break some of the fuctionality of current day networks or rather APPs running on those networks. Because y

Re: Cloudflare is down

2013-03-03 Thread Alex
dual businesses as to why their service went down, but I wasn't able to find the "big list". I'd appreciate it a lot if anyone could point me in the right direction. Thanks, Alex. On 03/03/2013 10:02 PM, Nick Hilliard wrote: On 03/03/2013 10:46, Arthur Wist

Re: Verizon DSL moving to CGN

2013-04-07 Thread Alex
Well if the RFCs would just be set in stone already like Moses's 10 commandments and if the programmers would actually start writing code for v6 and if the web site hosting servers would at least have dual stack enabled on them it would be great. But till then we just change a RFC here, band-a

Re: Whats so difficult about ISSU

2012-11-12 Thread Alex
http://www.juniper.net/techpubs/en_US/junos/topics/concept/issu-oveview.html The Juniper ISSU guide. You need two things: 1. Separation of the control plane and forwarding plane 2. 2 routing engines in the same chassis -- the non active RE upgrades first, then when its up and running the acti

Re: Eaton 9130 UPS feedback

2012-11-13 Thread Alex
We have quite alot of Eaton UPS's in our network, all sorts of models. There have been no problems from what I've seen, except when you add water from a broken pipe or bad roof. We've had the once in a blue moon management card reset as Adrian said but it didn't interrupt our equipment. On 1

Re: MPLS acceptable latency?

2012-11-15 Thread Alex
Perhaps the network is "oldish" and there are BW bottlenecks that lead to queues on the switches/routers that results in higher latency. This would depend alot on the internal QoS strategy used by AT&T, the type of equipment used and the load in different parts of the network. The only way to k

Re: Adding GPS location to IPv6 header

2012-11-25 Thread Alex
While most of the people are trying to save the internet from any form of "goverment" and let it be free, this would be like shooting yourself in the foot. This would be great for troubleshooting things...I agree, but other than that it would create a whole new plethora of privacy concerns. We

Re: How big is the Internet?

2013-08-14 Thread Alex
Current size is HUGE and growing at a phenomenal speed. Public IP networks...just look at ARIN, RIPE,etc and see how many IPs there are left. Private networks and private IPs...well that is anyone's guess. There are no estimates because everything changes rather fast and noone can keep up with

Re: Broadband routers and botnets - being proactive

2007-05-15 Thread alex
jobs done. And I think its the way things should be. > What's pathetic is that these same large networks usually can't be > bothered to do much (or anything) to eliminate the environment which > provides work opportunities for security consultants. Do I smell a "final ultimate solution" somewhere? :) [note the cc to nanog-futures - please strip cc to nanog-l from the replies to this email. meta-discussions belong on -futures] alex [speaking for myself only]

Re: Implementing Decentralized RPKI with Blockchain Technology

2024-11-15 Thread Alex
Haven't we seen this pattern enough times? 1. some organization maintains some database with some data 2. someone asks what if the government forces it to falsify/censor data 3. someone says it would ruin trust and nobody would use the database any more 4. government forces organization to fals

Re: Implementing Decentralized RPKI with Blockchain Technology

2024-11-15 Thread Alex
One country whose internet resources are nominally controlled by a RIR that's located in an enemy jurisdiction is Russia. The Netherlands could not physically invade Russia to disconnect its servers or routers, but it could easily require the invalidation of Russian internet resources since RIPE

Re: plea for comcast/sprint handoff debug help

2020-10-29 Thread Alex Band
ack to rsync when RRDP is unavailable is not a requirement specified in any RFC, as the paper seems to suggest. In fact, we argue that it's actually a bad idea to do so: https://blog.nlnetlabs.nl/why-routinator-doesnt-fall-back-to-rsync/ We're interested to hear views on this from both an operational and security perspective. -Alex

Re: plea for comcast/sprint handoff debug help

2020-10-30 Thread Alex Band
the core values that make it possible for a not-for-profit foundation like ours to make free, liberally licensed open source software. We’re proud of what we’ve been able to achieve and look forward to a continued open discussion with the community. Respectfully, Alex

Re: plea for comcast/sprint handoff debug help

2020-10-31 Thread Alex Band
r find out if it actually does in a time of crisis. Kind regards, -Alex > On 31 Oct 2020, at 07:17, Tony Tauber wrote: > > As I've pointed out to Randy and others and I'll share here. > We planned, but hadn't yet upgraded our Routinator RP (Relying Party) > s

Re: IP reputation lookup (prefix not single IP)

2021-03-25 Thread Alex Wacker
If you are willing to pay, hetrixtools is an option. On Thu, Mar 25, 2021 at 12:26 PM vom513 wrote: > Hello all, > > I’ve seen other folks asking the same/similar question in the past, but I > don’t recall seeing more than a few options out there to *try* to suss this > out. Use case is someone

Re: Can somebody explain these ransomwear attacks?

2021-06-28 Thread Alex K.
es. But I don't want to get cocky. We got SDN :-) Alex. בתאריך יום ה׳, 24 ביוני 2021, 17:44, מאת Michael Thomas ‏: > > Not exactly network but maybe, but certainly operational. Shouldn't this > just be handled like disaster recovery? I haven't looked into this much, >

RPKI validation, BGP/allocation lookup UI and API

2021-07-12 Thread Alex Band
/issues Cheers, Alex [1] https://rpki-validator.ripe.net/bgp-preview

Re: Where to get IPv4 block these day

2021-08-04 Thread Alex Wacker
Ipv4.global is very reliable. I’ve sold blocks there On Thu, Aug 5, 2021 at 1:28 AM james jones wrote: > hey everyone, > > Been a while since I had to deal with NetOps stuff. Was wondering, where > do you go these days to get IPv4 blocks? It seems like getting assignments > is hard due to exhaus

Re: Has Anyone managed to get Delegated RPKI working with ARIN

2020-02-13 Thread Alex Band
re to include in our future RPKI improvements”? In the mean time I have added a warning to the documentation: https://rpki.readthedocs.io/en/latest/krill/manage-cas.html#step-1-get-the-request-xml-file Thanks! -Alex > On 5 Feb 2020, at 16:48, Tim Bruijnzeels wrote: > > Hi, > > Ev

Re: Has Anyone managed to get Delegated RPKI working with ARIN

2020-02-25 Thread Alex Band
works with every RIR implementation. Looking forward to your feedback on this release. Cheers, Alex > On 13 Feb 2020, at 09:48, Alex Band wrote: > > Hi there! > > There is also this somewhat hacky SED command to transform the Request XML > into the format that ARIN accepts, in

Re: Learning Resource for IRR to RPKI

2020-03-04 Thread Alex Band
Hi Eric, I try to cover every aspect of RPKI on https://rpki.readthedocs.io. It also covers the basics of IP address allocation, how IRR fits into the ecosystem and provides an overview of all the tooling that is available for RPKI. Cheers, Alex > On 5 Mar 2020, at 02:21, Eric C. Mil

Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies

2020-03-26 Thread Alex Band
flipped. While invalids are now being dropped more and more, ROA coverage is currently only at 7% in the US and 2.5% in Canada. Accuracy is at around 95%, so that’s great. https://www.nlnetlabs.nl/projects/rpki/rpki-analytics/ Please create ROAs! -Alex > On 26 Mar 2020, at 01:50, Job Snijd

Re: Has Anyone managed to get Delegated RPKI working with ARIN

2020-04-02 Thread Alex Band
rsion 0.6, due next week. -Alex > On 25 Feb 2020, at 13:40, Alex Band wrote: > > An update: > > The setup process with ARIN has now been fixed in Krill 0.5.0, which was just > released: > https://www.nlnetlabs.nl/news/2020/Feb/25/krill.0.5.0-released/ > > We

Re: "Is BGP safe yet?" test

2020-04-20 Thread Alex Band
nt in setting up filters if there’s no data to filter on. One could argue that with filtering an incentive arises to create ROAs, but this is not how things have evolved elsewhere in the world. -Alex [1] https://nlnetlabs.nl/projects/rpki/rpki-analytics/

Re: "Is BGP safe yet?" test

2020-04-21 Thread Alex Band
use it’s not on their systems. Evil RIR could only revoke a prefix from your certificate or your entire certificate, but again, your BGP announcements would fall back to NotFound and would be accepted. -Alex

Re: Survey on the use of IP blacklists for threat mitigation

2020-06-16 Thread Alex Conner
If we want to go down that rabbit trail, then aren’t we talking about Reputation lists? On Tue, Jun 16, 2020 at 3:44 PM Harald Koch wrote: > On Tue, Jun 16, 2020, at 15:08, J. Hellenthal via NANOG wrote: > > blacklists are not always deny/block/disallow and conformed of things that > allow you t

Ensuring RPKI ROAs match your routing intent

2020-06-25 Thread Alex Band
best practices and lessons learned over the last 10 years and monitor them in ways never before possible, such as through Prometheus. Blog post with details: http://link.medium.com/1SsTJSAvB7 All the best, Alex

Re: Ensuring RPKI ROAs match your routing intent

2020-06-26 Thread Alex Band
published elsewhere. Perhaps BGP Alerter is a solution for you: https://github.com/nttgin/BGPalerter Cheers, Alex > -Adam > > Adam Thompson > Consultant, Infrastructure Services > > 100 - 135 Innovation Drive > Winnipeg, MB, R3T 6A8 > (204) 977-6824 or 1-800-430-6

Re: RPKI TAs

2020-08-03 Thread Alex Band
-NCC/rpki-validator-3/pull/215 RPA grief aside, ARIN seems to be the only RIR that publishes the latest version of their TAL clearly and correctly: https://www.arin.net/resources/manage/rpki/tal/ -Alex > On 2 Aug 2020, at 20:52, Randy Bush wrote: > > so i was trying to ensure i had

Re: BGP route hijack by AS10990

2020-08-03 Thread Alex Band
sions or any details you > can share please, According to the information I received from the community[1], you should read PR1461602 and PR1309944 before deploying. -Alex [1] https://rpki.readthedocs.io/en/latest/rpki/router-support.html

Re: RPKI chain of trust

2020-08-26 Thread Alex Band
Perhaps this clarifies things: https://rpki.readthedocs.io/en/latest/rpki/introduction.html#mapping-the-resource-allocation-hierarchy-into-the-rpki As well as this section: https://rpki.readthedocs.io/en/latest/rpki/securing-bgp.html Cheers, Alex > On 26 Aug 2020, at 10:25, Fabi

Re: RPKI chain of trust

2020-08-26 Thread Alex Band
Hi Fabiano, > On 26 Aug 2020, at 11:03, Fabiano D'Agostino > wrote: > > Hi Alex, > thank you. I read that documentation and I was reading this one from page 201: > https://www.ripe.net/support/training/material/bgp-operations-and-security-training-course/BGP-Slides-

Re: A way that ARIN can help encourage RPKI adoption

2022-04-13 Thread Alex Band
, without having access to any other options. -Alex > On 13 Apr 2022, at 06:56, John Curran wrote: > >> >> On 12 Apr 2022, at 11:38 PM, Doug Barton wrote: >> >> On 4/6/22 10:55 AM, John Curran wrote: >>> Interesting philosophy - historically ARIN customer

Re: A way that ARIN can help encourage RPKI adoption

2022-04-13 Thread Alex Band
> On 13 Apr 2022, at 13:47, John Curran wrote: > >> >> On 13 Apr 2022, at 5:16 AM, Alex Band wrote: >> >> In case people would like to compare notes to the way this is arranged in >> the RIPE NCC service region, here is the Resource Certification for n

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 20

2022-09-16 Thread Alex Band
. Regards, -Alex > On 16 Sep 2022, at 17:53, John Curran wrote: > > Tom - > > It’s an artifact of our formation that we are presently providing services to > any customers absent any agreement > and while ARIN continues to do so (by providing basic services to legacy &

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 20

2022-09-18 Thread Alex Band
ips-and-asns/resource-management/rpki/resource-certification-rpki-for-provider-independent-end-users -Alex > > Owen > > >> On Sep 15, 2022, at 15:55 , Rubens Kuhl wrote: >> >> You could try suggesting IANA/PTI/ICANN to have a different RPKI trust >>

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 20

2022-09-18 Thread Alex Band
t/benefit of doing RPKI in the ARIN region compared to the rest of the world, e.g. ticketed requests to set it up, no indication of what the effect of your ROA is going to be before you publish, handling ROA expiry manually, etc. In other regions using RPKI is orders of magnitude simpler to set up and maintain, and a lot less error prone. They provide alerting when your ROA do not seem to match what is seen in BGP, create matching route: objects, etc. To illustrate, here’s a video of the RIPE NCC management UI from 2015 (!): https://youtu.be/gLwHp12wOGw (And no, the nonrepudiation requirement in ARIN is not an excuse) -Alex > > YMMV > > Owen >

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 20

2022-09-18 Thread Alex Band
wonder why it’s not better. There is plenty of inspiration to take from the other RIRs. -Alex > > >> On Sep 18, 2022, at 11:38 , Alex Band wrote: >> >> >> >>> On 18 Sep 2022, at 20:17, Owen DeLong via NANOG wrote: >>> >>> >>>

Re: ARIN RPA updated (again) to address TAL distribution (Re: ARIN RPKI services terms/conditions - Change to Management of the Trust Anchor Locator for ARIN’s RPKI Service)

2022-10-17 Thread Alex Band
) https://routinator--796.org.readthedocs.build/en/796/configuration.html (documentation) We hope ARIN will be able to clarify the current RPA text to address your third paragraph, so that we are in a position to release Routinator with one fewer hurdle to adoption. Kind regards, Alex [1

Re: Understanding impact of RPKI and ROA on existing advertisements

2022-11-01 Thread Alex Band
Creating ROAs for *all* the announcements that are done with your prefixes, both on your own AS and the ones announced by AWS, is probably the best way forward from both a routing security and ease-of-management perspective. -Alex > On 28 Oct 2022, at 17:00, Samuel Jackson wrote: > &

Re: ARIN RPA updated (again) to address TAL distribution (Re: ARIN RPKI services terms/conditions - Change to Management of the Trust Anchor Locator for ARIN’s RPKI Service)

2022-11-02 Thread Alex Band
0-rc1/ Kind regards, Alex > On 17 Oct 2022, at 10:26, Alex Band wrote: > > Thanks a lot for your overview Christopher. We’re very happy that ARIN is > working to address the concerns expressed by the community about the Relying > Party Agreement and TAL distribution. &

Open-source software vs. the proposed Cyber Resilience Act

2022-11-14 Thread Alex Band
oduct' and a 'commercial activity' is key for this discussion. Please get in touch with us if you have concerns or this affects you. Maarten Aertsen is spearheading this initiative. Kind regards, Alex Band NLnet Labs

Re: ROAs Expire

2023-01-04 Thread Alex Band
up with Krill: https://blog.nlnetlabs.nl/running-krill-under-arin/ RIPE NCC and APNIC offer RPKI publication services as well, and there are similar guides for these RIRs: https://blog.nlnetlabs.nl/running-krill-under-ripe-ncc/ https://blog.nlnetlabs.nl/running-krill-under-apnic/ Cheers, Alex

Ticketmaster contact

2023-01-13 Thread Alex Buie
ave any tips, or recognize what WAF/engine they're using from the page layout with UUID at the bottom to help me identify who else I might try contacting to see about getting recategorized, I would really appreciate hearing from you. Thanks a bunch! Alex Buie Senior Cloud Operations Engineer 450 Century Pkwy # 100 Allen, TX 75013 D: 469-884-0225 | www.cytracom.com

Re: Ticketmaster contact

2023-01-15 Thread Alex Buie
Thank you for the tips so far. It was mentioned to me off-list this might be more helpful with our AS and relevant ranges, so including them here in case that's helpful. Sorry for not including them originally! AS: 396163 69.194.4.0/23 104.225.212.0/23 *Alex Buie*Senior Cloud Opera

Re: afrinic rpki issue

2023-06-14 Thread Alex Band
ere: https://routinator.do.nlnetlabs.nl/log It all still works without any extra configuration in Routinator. Cheers, Alex > On 14 Jun 2023, at 15:15, Carlos Friaças via NANOG wrote: > > > Hi All, > > Did this issue resurface some days ago...? > I had nearly 6000 ROAs on June 1st.

Re: afrinic rpki issue

2023-06-14 Thread Alex Band
keep it updated. Cheers, Alex [1] https://rpki.readthedocs.io/en/latest/ops/tools.html#relying-party-software > On 14 Jun 2023, at 18:43, Carlos Friaças wrote: > > > Greetings, > > My issue seems to be solved. > > It seems the Afrinic glitch is incompatible with the

Re: Cellular backup connections

2019-06-24 Thread Alex Buie
We deploy routers with Verizon LTE failover - for full functionality, make sure your MTU is 1428 or less, per their specifications. Here's an example doc from Spirent that talks about it. https://support.spirent.com/SC_KnowledgeView?Id=FAQ14556 Alex On Mon, Jun 24, 2019, 7:51 AM Dovid B

Re: BGP filtering study resources (Was: CloudFlare issues?)

2019-06-25 Thread Alex Band
For further community-driven RPKI information there is: https://rpki.readthedocs.io/ Along with an FAQ: https://rpki.readthedocs.io/en/latest/about/faq.html Cheers, -Alex > On 25 Jun 2019, at 17:55, BATTLES, TIM wrote: > > https://www.nccoe.nist.gov/projects/building-blocks/sec

Internap (AS 12178) Contact

2019-07-01 Thread Alex Lembesis
Wondering if anyone knows of a contact @ Internap that can reach out to me off-list. We're only receiving a default route from them now, when we should be receiving the full table. Any help is much appreciated. Thanks! This message is intended solely for the designated recipient(s). It may c

RE: Internap (AS 12178) Contact

2019-07-01 Thread Alex Lembesis
Was able to get in touch with someone. Thank you guys! From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Alex Lembesis (External) Sent: Monday, July 01, 2019 4:52 PM To: nanog@nanog.org Subject: Internap (AS 12178) Contact Wondering if anyone knows of a contact @ Internap that can

Re: report domains found in malware distrabution

2019-08-25 Thread Alex Brooks
hat they actually do with them though. Alex

RE: Internap (AS 12178) Contact

2019-12-13 Thread Alex Lembesis
Hi Tomas, Last time I spoke with them, I just contacted their NOC. They were pretty responsive. n...@inap.com<mailto:n...@inap.com> [cid:image001.png@01D5B19F.475C37C0] Alex Lembesis Sr. Network Engineer – Global ITO Tel: +1 (267) 468-4230 Cell: +1 (215) 272-6638 alex

Re: A new open source RPKI CA solution: NLnet Labs' Krill

2019-12-18 Thread Alex Band
to see how this evolves over the next few months, as it changes the mostly Hosted RPKI landscape we’ve seen over the last 8 years. -Alex > On 3 Dec 2019, at 17:08, Job Snijders wrote: > > Dear fellow network operators, > > It appears Santa brought presents early this year! I

Re: GPS Sync Outage

2020-01-06 Thread Alex Bradley
Yes, lots of our key wireless network timing elements reported GPS timing sync failure during the past two hours. Appears to be resolving now, within the past few minutes. On 12/31/2019 02:08 PM, Matt Hoppes wrote: Is anyone else seeing GPS timing source outages across the U. S. In the last

Re: Netflix VPN detection - actual engineer needed

2016-06-03 Thread Alex Buie
This is not a zero sum solution. Fallback to IP geolocation if more precise location detection is not available, but if it is, use that. You could even have a "location score" composite index composed of all the different locale and historical session data you've accumulated. (cf things like cloudf

Re: Netflix VPN detection - actual engineer needed

2016-06-03 Thread Alex Buie
Agreed. I find it silly that as a US citizen on my US-bank-paid-for Netflix account with US physical address information suddenly cannot watch things when travelling I legally could if I were standing in another place. On Fri, Jun 3, 2016 at 4:09 PM, Cryptographrix wrote: > I have a VPN connecti

Re: Verizon Wireless 4G Voice/Data

2016-06-14 Thread Alex Buie
right now, wish me luck! Time to jump into the sharks. Haha. Alex (VZW tech) All statements and opinions are my own and do not reflect that of Verizon Wireless or its subsidiaries. On Jun 14, 2016 6:35 PM, "Kraig Beahn" wrote: Looks like Verizon Wireless 4G voice, intermittent data se

Re: Verizon Wireless 4G Voice/Data

2016-06-14 Thread Alex Buie
Issue is supposedly resolved. Please test :) On Jun 14, 2016 7:33 PM, "Kraig Beahn" wrote: > Thanks Alex and Allen, > > All of the devices tested on our side have Florida NPA/NXX's, including > data only devices, which is more than likely the reason we are seeing &g

Re: Handling of Abuse Complaints

2016-08-30 Thread Alex Brooks
s a lot of stuff about email and email spam (including a whole page on FBLs at https://www.m3aawg.org/fbl-resources), but there is some stuff there on abuse in other domains as well. It's well worth a gander. HTH, Alex

Google Apps Contact

2016-09-08 Thread Alex Wacker
Would appreciate if someone who manages or provides support for google apps could contact me off list.  --  Alex Wacker

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-23 Thread Alex Wacker
To be fair, he was getting the service for free. I wouldn’t really call that a paying customer. Still not great from a PR standpoint though. -- Alex Wacker On September 23, 2016 at 2:00:10 PM, Grant Ridder (shortdudey...@gmail.com) wrote: Didn't realize Akamai kicked out or disabled cust

Re: Favorite Speed Test Systems

2016-12-06 Thread Alex Moura
There is also http://speedof.me/ tool around for a while as well as: https://sourceforge.net/speedtest/ http://www.bandwidthplace.com/ http://testmy.net/ I've got a good result of 880Mbps[1] from fast.com from 6 hops away (~9ms)[2]: [1] http://pasteboard.co/6xAnRRa6F.png [2] http://pasteboard.c

Internap Contact (Market St. Philadelphia)

2018-05-02 Thread Alex Lembesis
Does anyone have a contact @ Internap that could help me off list? Our peering with them is down. Any help is appreciated, thanks! This message is intended solely for the designated recipient(s). It may contain confidential or proprietary information and may be subject to attorney-client priv

Re: 3rd party QSFP-100G-LR4-S for Cisco

2018-06-07 Thread Alex S.
Axiom Used variety of their sfps, twinax cables etc. Been rock solid On Tue, Jun 5, 2018 at 14:42 Ryugo Kikuchi wrote: > Hey all, > > Does anyone have a recommended model of 3rd party's "QSFP-100G-LR4-S" for > Cisco ASR and Nexus? > > Cisco's original 100G SFP costs us an arm and a leg, so we w

Re: What are people using for IPAM these days?

2018-06-10 Thread Alex Brooks
aw off the floor after they tell you the price. Alex

Re: What are people using for IPAM these days?

2018-06-11 Thread Alex S.
Solarwinds IPAM is our choice primarily since we use their other suites/modules already On Sun, Jun 10, 2018 at 16:50 Mike Lyon wrote: > Title says it all... Currently using IPPlan, but it is kinda antiquated.. > > Thanks, > Mike > > -- > Mike Lyon > mike.l...@gmail.com > http://www.linkedin.com

Re: deploying RPKI based Origin Validation

2018-07-27 Thread Alex Band
offer a toolset that on par with our other projects such as NSD and Unbound, in terms of quality, feature set and update frequency. We’re looking forward to your feedback; in the mean time we’re getting started with the CA and Publication Server. Cheers, Alex

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

2018-09-19 Thread Alex Band
this process shouldn’t have to take several tickets and several days. Be that as it may, we fully intend to build a Delegated CA that is on par with RIPE’s user experience so that operators can run RPKI themselves in a usable way. Alex Band NLnet Labs

Re: Towards an RPKI-rich Internet (and the appropriate allocation of responsibility in the event an RIR RPKI CA outage)

2018-10-01 Thread Alex Band
be aware of the impact of such an outage when considering questions of liability. Kind regards, Alex Band NLnet Labs > On 1 Oct 2018, at 01:21, John Curran wrote: > > Folks - > > Perhaps it would be helpful to confirm that we have common goals in the > network operator c

Routinator 3000 and the RPKI project

2018-11-07 Thread Alex Band
environments. Going forward, we’ll be focussing on monitoring for the next release. You can find the source code and further details on Github: https://github.com/NLnetLabs/routinator Cheers, Alex Band NLnet Labs

Escalation point at Google

2018-11-12 Thread Alex Osipov
+ enterprise users in the financial space and have tried everything but all roads lead to automated systems. Can anyone please reach out with a contact if you have one? Sorry to spam this list if this is inappropriate content. Very desperate here. Thank you, Alex Osipov / CTO

Community-driven FAQ for RPKI

2018-11-16 Thread Alex Band
for getting this off the ground. Cheers, Alex

Re: RPKI publication

2018-11-23 Thread Alex Band
ch as NSD and Unbound. Happy to keep you updated on the progress. Cheers, Alex Band NLnet Labs > On 23 Nov 2018, at 18:51, Jeff McAdams wrote: > > OK, I'm trying to do the responsible thing and further the progress and > deployment of RPKI. I feel like I have a pretty

RPKI Documentation as an open source project

2019-02-01 Thread Alex Band
Sphinx documentation tooling, we welcome corrections, additions, readability improvements and even translations. Feel free to create an issue or pull request on GitHub. Hope this is useful! See y’all in S.F. Cheers, Martin, Tim & Alex The NLnet Labs RPKI Team [0] https://github.com/NLnet

Re: AT&T/as7018 now drops invalid prefixes from peers

2019-02-12 Thread Alex Band
lizing > ARIN's hosted model, but down the road ARIN's delegated model will be > in our future. > > https://www.arin.net/resources/rpki/using_rpki.html What are your main drivers for wanting to move to the delegated model? Cheers! -Alex

Arista “IP-SLA” / Active Probing

2023-12-20 Thread Alex Buie
monitoring for protecting against this sort of failure. Thanks in advance for any insight and time. *Alex Buie*Senior Cloud Operations Engineer 450 Century Pkwy # 100 Allen, TX 75013 <https://maps.google.com/?q=450+Century+Pkwy+STE+100+%7C+Allen,+TX+%7C+75013&entry=gmail&source=g> D

Re: Upcoming LACNIC RPKI Migration

2024-04-16 Thread Alex Band
– and for ironing out a small bump yesterday together with NIC.br after the switch-over. Cheers, Alex > On 15 Apr 2024, at 16:24, Carlos Martinez-Cagnazzo > wrote: > > Hi all, it's me again. > > The switch is complete. Thank you all for your patience. > > /Car

West Coast Peering / Packet Loss issues between AS7018 (AT&T) and AS6461

2024-06-05 Thread Alex Buie
d or seen this? We're working through our channels with the carrier but the latency profile is such that it seems likely it may be affecting others as well and I wanted to ask the group. Any incidents that anyone is aware of which may be related? Thanks, *Alex Buie*Senior Cloud Operations Engi

Re: RPKI coverage statistics

2017-02-20 Thread Alex Band
Hi Nagarjun, You can find some statistics on adoption, coverage and quality here: http://certification-stats.ripe.net https://lirportal.ripe.net/certification/content/static/statistics/world-roas.html http://rpki.surfnet.nl All the best, Alex Band > On 20 Feb 2017, at 06:52, Nagar

Re: Software for network modelling / documentation / GIS

2017-02-24 Thread Alex Moura
There is the Giiro: http://pop-ba.rnp.br/GTGIIRO Despite the content is in Brazilian Portuguese, it may work well to use Google Translator to read the overview. The software developed was funded by the Brazilian NREN. The software is maintained by a team of research and development. Alex

Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

2017-03-17 Thread Alex Band
You can find a detailed announcement from the RIPE NCC here: https://www.ripe.net/ripe/mail/archives/dns-wg/2017-March/003394.html <https://www.ripe.net/ripe/mail/archives/dns-wg/2017-March/003394.html> -Alex Band > On 17 Mar 2017, at 12:31, John Curran wrote: > > Eygene - >

Looking for a L2/L3 managed switch with OpenFlow support

2018-02-15 Thread Alex Moura
pport for SNMP Traps • Support for port mirroring • Configuration rollback feature is desirable • POE (IEEE 802.3af) is desirable, but not mandatory. Thanks, Alex

RE: Spiffy Netflow tools?

2018-03-16 Thread Alex Lembesis
Netflow Auditor In-house solution. The interface takes some getting used to, but you can pull a-n-y-t-h-i-n-g from it. Easy setup, great support, highly scalable, priced well. Best regards, -Alex -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of

RE: How are you configuring BFD timers?

2018-03-21 Thread Alex Lembesis
Using 250ms x 3 on fiber connecting Pennsylvania to Florida... Best regards, Alex -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jason Lixfeld (External) Sent: Wednesday, March 21, 2018 9:10 AM To: NANOG Subject: How are you configuring BFD timers? Hey

RE: How are you configuring BFD timers?

2018-03-21 Thread Alex Lembesis
To speed up BGP routing convergence. The (2x) dark fiber links from PA to FL are being used as Layer3 datacenter interconnects, where each datacenter has its own AS. The DF is also carrying FCIP traffic, so we need failover to be as fast as possible. Best regards, Alex -Original

RE: How are you configuring BFD timers?

2018-03-21 Thread Alex Lembesis
Correct, Luke. Best regards, Alex -Original Message- From: Luke Guillory (External) [mailto:lguill...@reservetele.com] Sent: Wednesday, March 21, 2018 12:37 PM To: Alex Lembesis; Job Snijders (External); Youssef Bengelloun-Zahr Cc: NANOG Subject: RE: How are you configuring BFD

Re: RPKI Resource Certification: building features

2010-10-04 Thread Alex Band
t the resource holder should be the ONLY holder of the private key for their resources. Owen If you're saying that ISPs can only participate in an RPKI scheme if they run their own Certificate Authority, then I think that would practically ruin the chances of Certification actually ever

Re: RPKI Resource Certification: building features

2010-10-04 Thread Alex Band
y' and the security structure of the [ripe part of the] rpki is a broken. randy I'll go a step further and say that the resource holder should be the ONLY holder of the private key for their resources. Owen On 3 Oct 2010, at 19:06, Alex Band wrote: Most of the discussions

Re: [ncc-services-wg] RPKI Resource Certification: building features

2010-10-04 Thread Alex Band
erate decision. > I'll go a step further and say that the resource holder should be > the ONLY holder of the private key for their resources. > > Owen If you're saying that ISPs can only participate in an RPKI scheme if they run their own Certificate Authority, then I think that would practically ruin the chances of Certification actually ever taking off on a large scale. -Alex

Re: [ncc-services-wg] RPKI Resource Certification: building features

2010-10-05 Thread Alex Band
import system as a value-added tool to help a network operator get started making ROAs. That's a pretty good starting point. Where do you suggest we go from here? Of course I appreciate everyone else's response to this thread as well! :) Cheers, -Alex

Tools for teaching users online safety

2010-10-25 Thread Alex Thurlow
, or is there anyone out there interested in helping to build a unified list of instructions, videos, etc. for all this? -- Alex Thurlow Blastro Networks http://www.blastro.com http://www.roxwel.com http://www.yallwire.com

Re: OT: VM slicing and dicing

2010-11-15 Thread Alex Kamiru
Brandon, It really depends on the hypervisor in operation. You can take a look at vCloud Director (http://www.vmware.com/products/vcloud-director/) and BMC (http://www.bmc.com/products/product-listing/bmc-cloud-lifecycle-management.html) -Original Message- From: Brandon Kim To: nanog gro

RE: wikileaks unreachable

2010-11-28 Thread Alex Rubenstein
Uh... huh? > Just so we are all straight and clear - wikileaks hit is not a > 'Distributed' DoS, its a simple DoS - I dont use intermediaries or > botnets. Sun Nov 16 - 15:28 EST That would be just about 2 weeks ago.

RE: Want to move to all 208V for server racks

2010-12-02 Thread Alex Rubenstein
> I really want to move all newly installed internal and customer racks over to > all 208v power instead of 120v. As far as I can remember, I can't remember > any server/switch/router or any other equipment that didn't run on 208v AC. > (Other than you may need a different cable) Anyone have any e

RE: Want to move to all 208V for server racks

2010-12-02 Thread Alex Rubenstein
> > you mean 240V AC 50HZ and move from 120V 60Hz? (or also 50Hz) > > In US, I think everything is 60Hz. But I mean 208v single phase. > (Which is what you get when you combine two 120v single phase legs out of > three phase, I believe. I am not an expert on AC...) That would be considered a 2

RE: Want to move to all 208V for server racks

2010-12-02 Thread Alex Rubenstein
> On 12/2/10 9:20 AM, Mark Kent wrote: > > "Why do we install 120v instead of 208v?" was asked over a year ago > > either here or on cisco-nsp. It generated a long discussion, but it > > should have been cut short as early in the thread someone said all > > that had to be said: "because we are idi

RE: The scale of streaming video on the Internet.

2010-12-02 Thread Alex Rubenstein
> *Way* more power than the equivalent transmitters and TV sets. Even if > you add in the cable headends, I suspect. Yeah, but... This is really not comparable. Transmitters and TV sets require that everyone watch what is being transmitted. People (myself included) don't like, or don't want th

RE: Want to move to all 208V for server racks

2010-12-02 Thread Alex Rubenstein
> GFCI breakers are very common, the slightly less common version are arc > fault breakers which are starting to show up more as well. Partly because of a code requirement. Houses burning down, etc. Somehow, we all survived for a long time without them, but now there is a huge requirement. Perha

RE: Want to move to all 208V for server racks

2010-12-03 Thread Alex Rubenstein
> Also note that *your* electrical engineer may de-rate the circuits capacity > due to the fact that switching power supplies generate numerous artifacts on > the lines. These are all advanced (electrical) engineering topics. >From a practical, real-world standpoint, these are not concerns today.

  1   2   3   4   5   >