I forgot my portal login info ... entered my email address into the
password reset and got the link, but it is asking to confirm my email
address by entering my username - holy bazoombas I must have forgotten that
one as well ...
How to find your username? Years ago I deleted the welcome email ...
Thanks
Tracy N4LGH
On Sun, Jan 31, 2021 at 2:55 PM G1FEF <chris(a)g1fef.co.uk> wrote:
>
>
> > On 31 Jan 2021, at 14:09, Nat Morris <nat(a)nuqe.net> wrote:
> >
> > Which blocks did you report?
>
> I don’t really want to go into specific details on an open mailing list. Suffice to say that keeping an eye on these and responding to problems keeps me busy enough!
Why not? what is to hide? hijack discussions happen on other mailing
lists in the public.
So no more comment from yourself as the BGP co-ordinator on the
prefixes in the report?
https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whd…
If you really do have the details on all these prefixes, there should
be no reason you can't provide a statement on each, if it is an
expected announcement, misconfiguration or hijackk
Without you being slightly more forthcoming in public, in my eyes it
puts the whole integrity of co-ordinating AMPRnet BGP announcements in
doubt.
> > Any explanation for these prefixes announced in the UK by AS61337,
> > along side your portal prefixes, they are not documented at all in the
> > portal:
>
> Not all allocations appear in the public listing on the portal, for various reasons. Try the Whois server if you want by check specific prefixes.
Where is this publicly documented?
> > RADB is ok, but not sufficient for the future. A better investment
> > would be for the ARDC to negotiation with one of the 5 RIRs for
> > prefixes to be registered there, so we could all benefit from use of
> > their RPKI trust anchors.
>
> I can’t see that happening anytime soon I’m afraid, if ever, unless they drastically change their terms. We won’t do anything that risks losing our legacy status.
Have the ARDC approached each RIR and discussed this?
> > Having prefixes in RADB will not provide
> > trust anchor functionality.
>
> Agreed, and RPKI is something we understand is desirable, there are several ways it could be achieved and will be the focus for the TAC at some point in the future.
>
> >> Which repo is this development taking place in?
>
> The development is taking place currently and will be open sourced when it’s ready. In the meantime, if you want to have input on any features you would like to see, feel free to contact Rosy and/or myself.
I'd like to see planning for this taking place in the open, not closed.
> > I noticed the github.com AMPRnet Portal repo has been removed.
>
> There was no point in it being there, we tried that route a couple of years ago and didn’t get anywhere.
Nat,
--
Nat
https://nat.ms
+44 7531 750292
Hello all,
Over the last few months I have noticed some odd BGP announcements of
prefixes which have no allocations in the AMPRnet portal. After
spotting 5 or 6 of these it made me wonder how many existed.
This evening I took a snapshot of the RIPE RIS data for announcements
within 44.0.0.0/9 and 44.128.0.0/10, which took place in 2021. Then
scraped the allocations from the AMPRnet portal, compared prefixes
directly and then used a radix tree to find a best match.
The resulting data
https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whd…
At first glance there are some expected entries, for example users
with a /22 or /23 announcing a more specific /24.
What really worries me is the amount of announcements of /24s where
the closest portal documented prefix is a /16. Are these being used
legitimately? do AMPR co-ordinators what details about them? or have
they been hijacked?
Look for example at /24 announcements within country assignments, but
no specific description!
I would like to start a discussion around these specific prefixes.
The scripts I wrote are here https://github.com/natm/amprnet-observer
Kind regards,
Nat.
--
Nat
https://nat.ms
+44 7531 750292
Hello,
I have followed the instructions at
https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or…,
but am encountering an error when running the ampr.sh script.
line 28: /usr/sbin/ampr-ripd: cannot execute binary file
The binary file is executable and I am attempting to run it from root.
Line 28 has not been modified in the script:
ampr-ripd -s -t 44 -i tun44 -m 90
The instructions say only to modify if needed, and based on the info in the
Wiki I did not see a need to modify it, but I may be missing something. Any
ideas?
73,
Lee K5DAT
On or about January 5, 2021 I received an end-user allocation request for a
"direct" /24 allocation "for working with ARDEN and IRLP for VPN and link
setups" which I approved and submitted via portal.ampr.org. It
didn't create the allocation I assigned to the network but was "referred to
BGP coordinator". So far, there has been no action and no response to the
original request nor a follow up to my request via the "contact us" link on
the black hole that is the ampr.org portal. What is the status of the
system and how are coordinators expected to act in this regard? I try to
give my users timely, responsive service but it's very frustrating when I
can't even track a submission or review submission histories. The end user
has informed me that he is still awaiting action on the request.
ke6qh
Confirming that ARIN's web-based IRR system won't allow 44net addresses,
since there's no underlying allocation from one of ARIN's ranges. Your
upstream provider will probably not be able to put in the IRR objects for
you.
For IRR, AltDB doesn't have a simple web interface but it does work
regardless of the RIR (or lack of) that originally allocated the IPs.
I don't think there's a way to use RPKI on the 44net range as of yet,
though - that would likely need either a contract for one of the RIRs to
sign resources or ARDC to set up, maintain, and gain trust for a
certificate authority and handle RPKI requests like the RIRs do. Either of
these is a pretty significant undertaking.
73 de K0BYJ,
--
Jay
On Mon, Dec 14, 2020 at 3:00 PM <44net-request(a)mailman.ampr.org> wrote:
> Send 44Net mailing list submissions to
> 44net(a)mailman.ampr.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mailman.ampr.org/mailman/listinfo/44net
> or, via email, send a message with subject or body 'help' to
> 44net-request(a)mailman.ampr.org
>
> You can reach the person managing the list at
> 44net-owner(a)mailman.ampr.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of 44Net digest..."
> Today's Topics:
>
> 1. Re: 44NET Route Objects IRR (Caleb Pal)
> 2. Re: 44NET Route Objects IRR (G1FEF)
>
>
>
> ---------- Forwarded message ----------
> From: Caleb Pal <cleb(a)defcon-3.net>
> To: James Colderwood via 44Net <44net(a)mailman.ampr.org>
> Cc:
> Bcc:
> Date: Mon, 14 Dec 2020 08:57:53 -0800
> Subject: Re: [44net] 44NET Route Objects IRR
> Hello,
>
> Your upstream providers may be able to put a proxy obj into the ARIN db
> for you. Unfortunately ARIN changed their IRR db in June of this year.
> They added a web based IRR service. According to ARIN, the web based
> service only allows you to add object for resources you own (your
> upstream ISP could not create those proxy objects since they do not own
> the 44net resources). If they still use the ARIN email IRR system, they
> can add proxy objects, they will just appear as ARIN-NOAUTH in the IRR
> db. I don't think NOAUTH is a problem for most providers now, but could
> be down the road if they start filtering/ignoring NOAUTH entries.
>
> Of course altdb, radb and others are options (full list at:
> http://www.irr.net/docs/list.html). Not sure how other RIR's outside the
> US are handling NOAUTH entries.
>
> I assume since AMPR does not have a RSA with ARIN, Chris cannot create
> IRR records for those folks who BGP advertise AMPR resources?
>
> v/r,
>
> Caleb
>
> On 12/13/2020 10:08, James Colderwood via 44Net wrote:
> > Hi Pierre,
> >
> > Thank you for the heads up. I was aware of altdb but it hadn't crossed
> > my mind. Hopefully one of these solutions will work :-).
> >
> > On 2020-12-13 17:32, Pierre Emeriaud wrote:
> >> Le dim. 13 déc. 2020 à 12:04, G1FEF via 44Net
> >> <44net(a)mailman.ampr.org> a écrit :
> >>>
> >>> > On 13 Dec 2020, at 09:54, James Colderwood via 44Net
> >>> <44net(a)mailman.ampr.org> wrote:
> >>> >
> >>> > Hi All,
> >>> >
> >>> > May I wish you all happy holidays!
> >>> >
> >>> > Quick question, I'm working on establising my 3rd upstream but hit
> >>> a snag. The suppliers validation automation prohibits announcing
> >>> AMPR addresses as the system can't qualify validity.
> >>>
> >>> Are you talking about automatically checking entries in an IRR, or
> >>> RPKI?
> >>
> >> For service providers requesting an IRR route object to automate
> >> filter creation I've been using altdb. While it has not a lot of value
> >> in terms of authorization (anyone can create objects about any
> >> resource - a proper LOA has more value here) it is usually enough for
> >> provisioning tools to create appropriate filters / prefix-lists:
> >>
> >> $ whois -h whois.altdb.net 44.151.210.0
> >> route: 44.151.210.0/24
> >> descr: F4INU
> >> origin: AS206155
> >> mnt-by: MAINT-AS206155
> >>
> >> $ bgpq3 -4 -l F4INU as206155
> >> no ip prefix-list F4INU
> >> ip prefix-list F4INU permit 44.151.210.0/24
> >>
> >>
> >> 73 de F4INU
> >> --
> >> pierre
> >
>
>
>
>
> ---------- Forwarded message ----------
> From: G1FEF <chris(a)g1fef.co.uk>
> To: AMPRNet working group <44net(a)mailman.ampr.org>
> Cc:
> Bcc:
> Date: Mon, 14 Dec 2020 17:26:28 +0000
> Subject: Re: [44net] 44NET Route Objects IRR
> > I assume since AMPR does not have a RSA with ARIN, Chris cannot create
> > IRR records for those folks who BGP advertise AMPR resources?
>
> The vast majority of folk advertising their subnet over BGP are using
> altdb with no issues (currently).
>
> IIRC, altdb is run by one person, so if you don’t already have a MNTNER
> object there, it can sometimes take some time to get one.
>
> Chris
>
>
>
> > v/r,
> >
> > Caleb
> >
> > On 12/13/2020 10:08, James Colderwood via 44Net wrote:
> >> Hi Pierre,
> >>
> >> Thank you for the heads up. I was aware of altdb but it hadn't crossed
> >> my mind. Hopefully one of these solutions will work :-).
> >>
> >> On 2020-12-13 17:32, Pierre Emeriaud wrote:
> >>> Le dim. 13 déc. 2020 à 12:04, G1FEF via 44Net
> >>> <44net(a)mailman.ampr.org> a écrit :
> >>>>
> >>>>> On 13 Dec 2020, at 09:54, James Colderwood via 44Net
> >>>> <44net(a)mailman.ampr.org> wrote:
> >>>>>
> >>>>> Hi All,
> >>>>>
> >>>>> May I wish you all happy holidays!
> >>>>>
> >>>>> Quick question, I'm working on establising my 3rd upstream but hit
> >>>> a snag. The suppliers validation automation prohibits announcing
> >>>> AMPR addresses as the system can't qualify validity.
> >>>>
> >>>> Are you talking about automatically checking entries in an IRR, or
> >>>> RPKI?
> >>>
> >>> For service providers requesting an IRR route object to automate
> >>> filter creation I've been using altdb. While it has not a lot of value
> >>> in terms of authorization (anyone can create objects about any
> >>> resource - a proper LOA has more value here) it is usually enough for
> >>> provisioning tools to create appropriate filters / prefix-lists:
> >>>
> >>> $ whois -h whois.altdb.net 44.151.210.0
> >>> route: 44.151.210.0/24
> >>> descr: F4INU
> >>> origin: AS206155
> >>> mnt-by: MAINT-AS206155
> >>>
> >>> $ bgpq3 -4 -l F4INU as206155
> >>> no ip prefix-list F4INU
> >>> ip prefix-list F4INU permit 44.151.210.0/24
> >>>
> >>>
> >>> 73 de F4INU
> >>> --
> >>> pierre
> >>
> > _________________________________________
> > 44Net mailing list
> > 44Net(a)mailman.ampr.org
> > https://mailman.ampr.org/mailman/listinfo/44net
>
>
>
> _______________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
>
Hello all,
Does anyone have up to date setup instructions for Vyos?
I have been able to get ampir-rip installed and it appears to be creating
routes and can receive pings via one of my IPs with a DNS address
configured however pings to that address from a non 44 machine are being
responded to via the wrong interface.
I have so far been unable to ping anything on the 44 side but am not
currently convinced the routing is configured correctly.
Thanks,
Kevin
VA3PSL
I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software
First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon.
this helped me create that information into my bird.conf
------------------------------------------------------------------------------
log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device
{
scan time 60;
}
protocol static
{
route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps
}
protocol bgp vultr
{
local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps
source address xxx.xxx.xxx.xxx;
import none;
export all;
graceful restart on;
next hop self;
multihop 2;
neighbor 169.254.169.254 as 64515;
password "YourSecretPassword" ;
}
------------------------------------------------------------------------------
On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
--------------------------------------------------------------------------
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto ens3
allow-hotplug ens3
iface ens3 inet dhcp
iface ens3 inet static
address 44.135.59.1/32
---------------------------------------------------------------------
the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from
server 10.8.0.0 255.255.255.0
to
server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre
VE2PF
