i did not think i was special, and assumed everybody is getting them.
but i figured that if i kept one or three people from falling for the
trap it was worth the pollution.
randy
> We are seeing some weird routing from them, and the AS2 they are
> attached to (University of Delaware) seems odd.
classic microtik prepend syntax confusion?
randy
raph below is one way to visualize ix connectivity, the op's question.
randy
w is one way to visualize ix connectivity, the op's
> question.
i guess the list does not like graphs. decline of net predicted; news
at eleven. if you care, unicast.
randy
is a massive route leak not even menntioned when it is only ipv6?
the guess i heard was it looked like a classic config reorigination
disaster.
randy
route origin validation.
randy
and i just have to wonder about sending passords over the net in
cleartext in 2023. really?
randy
> Mail in transit is mostly TLS transport these days,
yep. mostly. opsec folk are not fond of 'mostly.'
> BUT mail in storage and idle state isn't always secured. I'm sure
> that most any of us could find a public s3 bucket with an mbox file on
> it if we cared to look.
sigh
randy
> *READ MORE
> <https://www.google.com/url?q=https://nanog.us20.list-manage.com/track/click?u%3D4d708401d0e69d9dc73d1c204%26id%3Dd77e95d2fb%26e%3De429f79d5a&source=gmail&ust=1694187666719000&usg=AOvVaw3Cfz_DNu6fUMvOglI_i3nd>Last
can we please get URLs without all the invasive tracking?
randy
s by default, too:
>
> https://mailchimp.com/help/about-open-tracking/
as usual, the problem is not technical. there is no need for mailchump
at all.
nanog management has made a very intentional decision to sell my
privacy. nanog has come a long way, not all of it good.
randy
i am going to be foolish and comment, as i have not seen this raised
if i am running a lag, i can not resist adding a bit of resilience by
having it spread across line cards.
surprise! line cards from vendor do not have uniform hashing
or rotating algorithms.
randy
perhaps this is not a nanog operational topic
one *years* without
being complete. There are also currently some
breaking-the-entire-regional-network sorts of outages going on currently. I am
guessing what clued employees they still have are quite tied up.
-Randy
- On Sep 18, 2023, at 7:06 PM, JASON BOTHE via NANOG nanog@nanog.org wrot
; and, if not, then how frequently is the OAS of the less specific route
> a transit provider of the OAS of the Invalid route?
> We plan to update the results periodically.
Daniele Iamartino, Cristel Pelsser, Randy Bush. "Measuring BGP Route
Origin Registration and Validatio
ace kumari did some ROV traffic measurements on the ietf meeting network
for a few meetings before we turned dropping on
randy
a bit of research has led us to wonder about some (non-hostile or
worrisome) net activity of criterio autonomous systems. do any friends
of the family know these folk and could introduce me so i can try to
learn a bit of ground truth?
thanks.
randy
in our
area.
-Randy
> On Mar 31, 2019, at 16:32, David Hubbard
> wrote:
>
> Things are no better in Spectrum land; gotta love the innovation in monopoly
> markets…. I ask every year and expect it in perhaps thirty.
>
> From: NANOG on behalf of "Aaron C. de Bruyn
> Are you saying that they refused to peer - and then failed at refusing? :)
luckily, none of the rest of us have bugs. whew!
> If you want NANOG to devolve into a morass of political claptrap
you mean it could improve?
> you've seen TR-069 right?
that was 2004, security had not been invented yet. oh wait.
yes, i paid.
would be a bummer. was useful.
randy
er (54)
rsync error: error in socket IO (code 10) at io.c(785) [Receiver=3.1.3]
randy
so is there a recipe for re-enabling the add-ons? otherwise, one is
running pretty nekkid.
randy
>> so is there a recipe for re-enabling the add-ons? otherwise, one is
>> running pretty nekkid.
>
>> From
>> https://discourse.mozilla.org/t/certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047:
>
> 12:50 p.m. UTC / 03:50 a.m. PDT: We rolled-out a fix for release, beta
> a
dio
- wait until `about:studies` shows you got the two updates
- allow sessions to restart
randy
sorry, that was the start of public route collection. nothing earlier.
randy
i am wondering if there is an archive of whatevertheheckweusedtocallthem
before they were swips. began with r i think. what curtis processed
every wednesday.
randy
can be
a flag of parochialism.
randy
sburgh, Pennsylvania, USA},
pages = {133--145},
numpages = {13},
url = {http://doi.acm.org/10.1145/633025.633039},
doi = {10.1145/633025.633039},
acmid = {633039},
publisher = {ACM},
address = {New York, NY, USA},
}
randy
> This Gem is fantastic by the way,
> https://nsrc.org/workshops/2015/apricot2015/raw-attachment/wiki/Track1Agenda/01-ISP-Network-Design.pdf
philip smith
, lorenzo's thesis.
randy
> OpenVPN in pfSense?
yep
> We run tons of these around the world.
i only do 0.5kg
wireguard, https://www.wireguard.com/, is simpler (always a good thing
with security), and has had code looked at by some credible experts.
randy
ee patching spread and
trying to make a conext paper dreadline this week or infocom next month.
hard to tell the sheep from the goats and the wolf from the sheep. i
get the appended. sheep or wholf? i sure do not claim to be smart
enough to know. but i sure am glad others are .
randy
---
t regular for you. :-).
never seen such a thing :)
amidst all this conjecturbation and blame casting, have any of the
parties *directly* involved, i.e. 701 and their customer, issued any
sort of post mortem from which we might learn?
randy
perhaps the good side of this saga is that it may be an inflection point
randy
that ball and tim cook spiked it. and it is
getting more and more air time.
randy
> um, blaring someone's personal email address to 10,000 people for a
> work related thing?
+20
with africa is sad.
randy
do folk use `netstat -s` to help diagnose on routers/switches?
randy
> Ideally folks should be subshells (unless you're on a strange system or
> legacy system).
>
> netstat is now mostly obsolete.
> Replacement for netstat is ss.
> Replacement for netstat -r is ip route.
> Replacement for netstat -i is ip -s link.
> Replacement for netstat -g is ip maddr.
on s
> Why do you want to know?
why do you want to know why i want to know? :)
my deep sympathies go out to those folk with real work to do whose mail
user agents do not have a `delete thread` key sequence.
something is broken on the nanog list. usually we have this discussion
twice a year. this time it may have been a couple of years gap. what
broke?
randy
they had a redundant version.
Is price your only concern with the MX204? You might not need the full blown -R
or -IR version, so the list price would only be ~$45K.
I'm not too familiar with other vendors, so I'll leave that to others.
thanks,
-Randy
- On Aug 7, 2019, at 11
~$45k is the US list price... typical discount applies :-)
thanks,
-Randy
- On Aug 8, 2019, at 2:33 AM, Baldur Norddahl
wrote:
> 45k? No no, the mx204 with enough license to do BGP is more like 20k - 25k or
> less. It is actually quite cheap, so I doubt the OP will find anythin
hi. i would love to chat (email) with someone in gtt (AS3257) who
has bgp fu. doing some bgp measurements, we see something we do not
understand and would love a clue. thanks.
randy
d to think ipv6 parity is a good
thing.
randy
>>> 1. Sprint peering battle. Google it
>>> 2. He.net peering battle. Google it.
>>> 3. Google IPv6 peering battle. Google it.
>>>
>>> All of which point to them being pompous assholes.
>>
>> or point to them treating ipv6 the same as ipv4 when it comes to
>> peering, tech, ... we are supposed to
> And why are they not on any public peering exchange? Why only private?
the deeper question is why do they only use green ether cables
when they should use magenta?
tier ones do not push a lot over public ixen. their choice.
welcome to the realities of the internet. glad you found us.
randy
> The defamatory and invective words, the mudslinging and slander of my
> name, by Ronald Guilmette
is he a cogent sales rep? that would explain a lot!
(53), 1 packet
some days, we see a *lot* of this. anyone else seeing similar?
randy
it's a dos on my logs. and i do not want to turn hairpin detection off,
as there could be interesting things. sigh. :(
randy
adly trying to shovel
kitty litter over it.
the high risk is putting stockholders and profit before public safety
and service.
randy
> So you are left with your regular inbound influence bag of tricks,
> e.g. prepending towards Shaw.
the primary inbound steering tool is selective advertisement of
sub-prefixes
i was shocked that the prepending presentation at ripe79 was blind to
this
randy
s
btw the ripe79 preso,
https://ripe79.ripe.net/wp-content/uploads/presentations/64-prepending_madory2.pdf,
did a good job of showing how prepending presents an attack surface.
randy
abha ahuja died this day in 2001. we miss her.
randy
http://www.neebu.net/~khuon/abha/
would appreciate unicast contact with someone withq 70x deep routing clue.
researchers want to confirm possible causes of some phemnomona we think
we see. thanks.
randy
thanks. constructive folk reached out.
randy
> there ARE problems with tcp-md5... some are "because we collectively
> didnt' squeak enough to get key-tables"
i believe many vendors implement key scheduling. no one uses it, and i
do not suggest they do.
randy
>> There's a fairly famous animal behavior experiment where rats are
>> allowed to multiply in a room-sized cage without control, food and
>> water and basic sanitation are provided.
>>
>> When the cage becomes extremely crowded rats are observed gnawing on
>> each other's tails.
>
> Are any of the
> IPv6 support by disney(using AWS) would obviate this issue.
ok. i give. exactly how? i mean technically.
randy
> RFC 7094 (https://tools.ietf.org/html/rfc7094) describes the pitfalls
> & risks of using TCP with an anycast address.
and two decades of operational experience are that prudent deployments
just work.
randy
>>> RFC 7094 (https://tools.ietf.org/html/rfc7094) describes the pitfalls
>>> & risks of using TCP with an anycast address.
>>
>> and two decades of operational experience are that prudent deployments
>> just work.
>
> I agree with Bill/Randy here..
dear lazynet. is there a list, irc, slack, ... for ops in the southern
bay area? need to find/discuss colo, hands, brains, ... thanks.
randy
> dear lazynet. is there a list, irc, slack, ... for ops in the
> southern bay area? need to find/discuss colo, hands, brains, ...
fwiw, in seattle, the SIX chatter list would be a good example.
randy
make
it to their destination, the return packets do not. On or off list is
OK.
--
~Randy
> Why does a new organisation need to have any global IPv4 addresses of
> their own at all?
if all folk saying such things would make their in- and out-bound mail
servers v6-only, it would reduce confusion in this area.
randy
> This may be a good moment to mention that the excellent people at the
> NTT NOC are always available at n...@ntt.net, or the phone numbers
> listed in PeeringDB. :-)
just to say that they are awesome
>> just to say that they are awesome
> so, uh, you don't recommend them to your competitors then?
no way. my competitors should buy from comcast, he, ...
network are IP prefixes that is currnetly not
> used
them it should be pretty easy for your upstreams to filter without
doing damage to goodput.
randy
mark,
> Just to let this group know that we've started the process of
> activating the dropping of Invalids for all our eBGP customers.
cool. any stats and lessons appreciated.
randy
is anyone aware of any conference other than nanog which does
Online Reservations: (Open exclusively to NANOG Members only from
December 2 - December 16)
randy
so, how? seems a useful question.
irr acls scale poorly in routers. but mark said customer-facing, which
could be reasonable depending on the platform. e.g. ntt uses irr-based
acls toward customers.
but i am cheered if mark is dropping rpki-based origin validation
invalids. it's a big step.
randy
; - ASR1006's, also primarily used in the data centre for non-Ethernet
> customers (waning, over time).
> - ASR920's, used in the Metro.
> - MX204's, used in the Metro.
so junos and xr support rov sufficiently for production. cool!
randy
>> so junos and xr support rov sufficiently for production. cool!
> And IOS XE too...
and how does that work out at scale when roa changes need previous bgp
to be run against them?
randy
nfs0.dfw.rg.net:/root# ping 128.223.51.20
PING 128.223.51.20 (128.223.51.20) 56(84) bytes of data.
From 4.69.145.11 icmp_seq=1 Time to live exceeded
From 4.69.145.11 icmp_seq=2 Time to live exceeded
^C
--- 128.223.51.20 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet l
144.539 ms 145.096 ms
but my smtp-out is trying to get there from ashburn to L(3). so someone
else might tell john kemp to call L(3).
randy
> That's the normal Monday morning maint window
> for UO, when they all too frequently make us
> disappear... :(
as there, barbers here are also closed on mondays.
thanks for clue
?
it is a common TE use case. but folk watching the water rise
are starting to ask why the whole world should pay for A's TE.
randy
ely?" with what probability? any measurement cite please. nothing
exact; something rough would be fine.
randy
see, four I
> have a hard time seeing.
i was hoping for measurements, not seems unlikely.
as you know, i am sceptical about our internet topology intuitions and
modeling given how good bgp is at hiding information and how poor our
vantage points are. ripe atlas, caida, etc. give us some view, but
views with inconsistencies and contradictions. we could write a paper
on the hazards of as topology. oh, we did. :)
randy
excuse puking on list but the path to nanog admin action seems dead
Date: Sun, 01 May 2016 13:48:10 +0900
From: Randy Bush
To: action
Subject: hotel
hi,
sorry to bother, but
fairmont chicago block supposedly good to 22 may. tried to book just
now, arriving 11th leaving 16th. got told &qu
> To: action
clue: this address is inactive sincs AMSL left the building
( thanks michael )
randy
> I tried booking earlier today, had the same issue and called in. I was
> told they were now full, and only non-block rooms were available (@ >
> $500/night).
find a non-exhorbitant fall-back?
randy
at least
on some models.
is anyone seeing the dreaded rfc1812 behavior in a citable fashion? how
common is it?
randy
ress or the source interface?
the source address
> I'm not sure if you mean that, if sent through C it should have the
> source addres of A, or that it should actually be sent through A
> regardless of the routing table (which sounds better to me).
not to me. i have kinda grown used to fibs
randy
i just want my mtv. and the normal commercials are bad enough.
-vyatta-router.conf
>
> # Send ICMP responses with primary address of exiting interface
> net.ipv4.icmp_errors_use_inbound_ifaddr=1
>
>
> So someone in Vyatta decided to explictly set this to be enabled.
so one win and one loss
randy
> I'm assuming you'd like this behavior on EdgeOS changed?
no, the opposite. j & c got it right. microtik did not. vyatta seems
to have.
randy
>> The average consumer wants a "internet connection".
> And sadly, they haven't a clue what that means.
no; happily. this is not 1904 where you have to be a mechanic to drive
a car. i just want my mtv; shut up and make it work.
>> zero interoperability, and no viable migration paths, it's a Forklift
>> Upgrade(tm).
>
> You say that with such confidence! Doesn't make it true.
https://archive.psg.com/120206.nanog-v4-life-extension.pdf
randy, who works for the first isp to deploy ipv6 to customers
> Also, the Randy who closed the ngtrans working group "declar[ing] victory"
> yet having produced nothing.
in the ietf, that is a victory indeed! :) from slide 9, "430 transition
mechanisms." the problem is they were and are a mess. so the iesg
decided to stop t
>> One thing we do to reduce opportunistically hazardous vectors is to not
>> learn customer paths via peers.
> so I can't be a customer of you and a network you peer with?
> (I'm sure I got your meaning wrong)
sure you can. just don't expect packets from job's cone when your link
to him is dow
screaming at netflix may be cathartic, but it ain't gonna get you or
anyone else anywhere. but i guess nanog needs the message traffic.
randy
>> Is Wednesday night the only social?
> Yes.
damn! if i had known there was a chance of folk acting more like sober
adults than the usual frat boys i might have scheduled chicago.
randy
This may surprise some, but social != frat boys.
randy, on a phone
> On Jun 12, 2016, at 15:08, Todd Underwood wrote:
>
> surely this is not the same randy bush that loves to point out that
> humans are social animals!
>
> t
>
> On Sun, Jun 12, 2016 at 2:31 PM, Ra
> I don't see any violation of the presentation guidelines. Also, the
> day we decide to censor ourselves to avoid offending vendors is the
> end of my involvement in NANOG - and I suspect that is the case for
> many others.
thanks for speaking up with a clear voice
randy, who g
ed underperforming crap and we are
cornered by infrastructure providers (e.g. ixps) who run us over time
and again if it makes an extra penny.
if you tell the vendors the truth, the real vendor engineers can go home
and explain why they need management support to fix things. the truth
makes us all free.
randy
> I am not at NANOG67 and am following this issue remotely. Excuse me
> if I am getting this all wrong. Dave shows a slide that LINX made
> $2.3M profit and AMS-IX made $4.1M last year and Randy states "that
> the IXPs run us over to make an extra penny"?
confusing coinci
> Perhaps Dave was advocating the SIX model
that is where the big euro exchanges started. then they got equinix
envy and colonialism. let's see (and help) the six avoid these diseases
over the next years.
randy
401 - 500 of 2576 matches
Mail list logo
