31 Jan
2021
31 Jan
'21
3:03 p.m.
On Sun, Jan 31, 2021 at 2:55 PM G1FEF <chris(a)g1fef.co.uk> wrote:
Why not? what is to hide? hijack discussions happen on other mailing
lists in the public.
So no more comment from yourself as the BGP co-ordinator on the
prefixes in the report?
https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whd…
If you really do have the details on all these prefixes, there should
be no reason you can't provide a statement on each, if it is an
expected announcement, misconfiguration or hijackk
Without you being slightly more forthcoming in public, in my eyes it
puts the whole integrity of co-ordinating AMPRnet BGP announcements in
doubt.
Where is this publicly documented?
Have the ARDC approached each RIR and discussed this?
I'd like to see planning for this taking place in the open, not closed.
Nat,
--
Nat
https://nat.ms
+44 7531 750292
On 31 Jan 2021, at 14:09, Nat Morris
<nat(a)nuqe.net> wrote:
Which blocks did you report?
I don’t really want to go into specific details on an open mailing list. Suffice to say
that keeping an eye on these and responding to problems keeps me busy enough! Any
explanation for these prefixes announced in the UK by AS61337,
along side your portal prefixes, they are not documented at all in the
portal:
Not all allocations appear in the public listing on the portal, for various reasons. Try
the Whois server if you want by check specific prefixes. RADB is ok,
but not sufficient for the future. A better investment
would be for the ARDC to negotiation with one of the 5 RIRs for
prefixes to be registered there, so we could all benefit from use of
their RPKI trust anchors.
I can’t see that happening anytime soon I’m afraid, if ever, unless they drastically
change their terms. We won’t do anything that risks losing our legacy status. Having
prefixes in RADB will not provide
trust anchor functionality.
Agreed, and RPKI is something we understand is desirable, there are several ways it could
be achieved and will be the focus for the TAC at some point in the future.
> Which repo is this development taking place
in?
The development is taking place currently and will be open sourced when it’s ready. In
the meantime, if you want to have input on any features you would like to see, feel free
to contact Rosy and/or myself. I noticed the
github.com AMPRnet Portal repo has been removed.
There was no point in it being there, we tried that route a couple of years ago and
didn’t get anywhere. 
31 Jan
31 Jan
6:05 p.m.
New subject: Concerning over undocumented BGP announcements
Sorry for the top post, I'm on my mobile.
The announcements and RPKI are both things I've looked at once and just
sort of lost much care.. hopefully some people like yourself have submitted
resumes and joined the TAC.
I do believe RIPE has a fair deal that would allow amprnet to stay legacy
and do RPKI for perhaps their standard LIR fees if I'm remembering
correctly.
The announcements for rather selfish reasons after being denied a wider
prefix to announce more-specific as a way to steer traffic to a primary
site in multihome setup (all still just experimental but your list shows
some do get /22 even with experimental in their names). No hard feelings. I
just play my NetOps games elsewhere.
The new portal is probably already in the works. I'd like that it allowed
IRR entries for advanced users or a simple view with just description, AS,
prefix. Our whois server should be registered at ARIN to allow clients to
be referred to it. Our portal records can become IRR at the source..
Regards,
Scott
On Sun, Jan 31, 2021, 10:05 AM Nat Morris via 44Net <44net(a)mailman.ampr.org>
wrote:
On Sun, Jan 31, 2021 at 2:55 PM G1FEF
<chris(a)g1fef.co.uk> wrote:
Suffice
to say that keeping an eye on these and responding to problems
keeps me busy enough!
Why not? what is to hide? hijack discussions happen on other mailing
lists in the public.
So no more comment from yourself as the BGP co-ordinator on the
prefixes in the report?
https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whd…
If you really do have the details on all these prefixes, there should
be no reason you can't provide a statement on each, if it is an
expected announcement, misconfiguration or hijackk
Without you being slightly more forthcoming in public, in my eyes it
puts the whole integrity of co-ordinating AMPRnet BGP announcements in
doubt.
various
reasons. Try the Whois server if you want by check specific
prefixes.
Where is this publicly documented?
drastically change their terms. We won’t do anything that risks losing our
legacy status.
Have the ARDC approached each RIR and discussed this?
several ways
it could be achieved and will be the focus for the TAC at some
point in the future.
it’s
ready. In the meantime, if you want to have input on any features you
would like to see, feel free to contact Rosy and/or myself.
I'd like to see planning for this taking place in the open, not closed.
years ago
and didn’t get anywhere.
Nat,
--
Nat
https://nat.ms
+44 7531 750292
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
On 31 Jan 2021, at 14:09, Nat Morris
<nat(a)nuqe.net> wrote:
Which blocks did you report?
I don’t really want to go into specific details on an open mailing list. Any
explanation for these prefixes announced in the UK by AS61337,
along side your portal prefixes, they are not documented at all in the
portal:
Not all allocations appear in the public listing on the portal, for RADB is
ok, but not sufficient for the future. A better investment
would be for the ARDC to negotiation with one of the 5 RIRs for
prefixes to be registered there, so we could all benefit from use of
their RPKI trust anchors.
I can’t see that happening anytime soon I’m afraid, if ever, unless they Having
prefixes in RADB will not provide
trust anchor functionality.
Agreed, and RPKI is something we understand is desirable, there are > Which repo is this development taking place
in?
The development is taking place currently and will be open sourced when I noticed
the github.com AMPRnet Portal repo has been removed.
There was no point in it being there, we tried that route a couple of 
8:59 p.m.
New subject: Concerning over undocumented BGP announcements
On 31 Jan 2021, at 19:05, Scott Nicholas via 44Net
<44net(a)mailman.ampr.org> wrote:
Sorry for the top post, I'm on my mobile.
The announcements and RPKI are both things I've looked at once and just
sort of lost much care.. hopefully some people like yourself have submitted
resumes and joined the TAC.
I do believe RIPE has a fair deal that would allow amprnet to stay legacy
and do RPKI for perhaps their standard LIR fees if I'm remembering
correctly.
RPKI isn’t really the one and only solution to this problem, but it can certainly help a
lot. It’s just that for various reasons, there’s no RPKI yet on the network. And even if
there was, there are some decisions that could be made on how it’s deployed, that can
affect whether it would work like this or not. IRR and other things can help as well, but
like everything, it relies on people checking it.
A thing that can be done to prevent this retroactively is monitoring. There are some tools
that can help in this, but most are created with the typical network in mind: I have some
prefixes and an ASN (or more), and I want to see if some other AS advertises my IPs. What
44Net has is more like an RIR: I have a very large IP space, I allocate/assign/… parts of
it to various entities that do stuff with it, and I just want to make sure that no
“unallocated” space is being squatted. Of course, in this case, there’s a clear
intervention path for hijackings, etc. but the thread tries to combat squatting: use of
“unallocated” IP space that’s unauthorized.
I did a quick survey of the available tools and whether they can be used for something
like that, despite not being the primary use case, and I even had a quick chat with the
creators of ARTEMIS ( https://bgpartemis.org/ <https://bgpartemis.org/> ) and it
seems that some can be used for things like that: here’s a list of all “allocations”, and
if you see anything else under 44/8 (or 44/9+44.128/10) that’s not in your config file,
please alert me. I’ll also try to reach out to RIRs maybe to see how they all deal with
that problem. It seems that we’re just in the middle so it’s not completely clear what can
be done / it’s not a common problem to have. Maybe if we have some RIR staff here, they
can chime in :)
The new portal is probably already in the works.
I'd like that it allowed
IRR entries for advanced users or a simple view with just description, AS,
prefix. Our whois server should be registered at ARIN to allow clients to
be referred to it. Our portal records can become IRR at the source..
The entire e-mail is my personal opinion, I am speaking on my personal capacity, and I
have to admit that I don’t know anything about the new portal. However, I totally agree
with you that it should be the source of truth for everything, and should be built with
this in mind: route objects, ROAs, whois, squatting monitoring tools, hijacking monitor
tools, … all depend on it for the single source of truth, and all use this, or frequent
data dumps of it, to work.
Of course, things aren’t always that easy, and I understand that some times it can’t be
possible to do this, but in my personal view we should at least try to go towards that
direction.
Thanks,
Antonis
9:46 p.m.
New subject: Concerning over undocumented BGP announcements
> I can’t see that happening anytime soon I’m
afraid, if ever, unless
they drastically change their terms. We won’t do anything
that risks losing
our legacy status.
Have the ARDC approached each RIR and discussed this?
I will just throw this in here and say that the RIPE NCC does allow for
"non-member service contract" which doesn't convert your legacy resources
but does allow you to use RPKI.
https://www.ripe.net/manage-ips-and-asns/legacy-resources/ripe-ncc-services…
I believe you might have to pay the fee though but unlike ARIN it doesn't
scale with size, and it is currently 1400 EUR/year which seems totally
reasonable for the ARDC.
An example of this is RGnet's /16, it is legacy status while being able to
use RIPE NCC's RPKI services.
https://apps.db.ripe.net/db-web-ui/lookup?source=ripe&key=147.28.0.0%20…
-Cynthia
On Sun, Jan 31, 2021 at 4:04 PM Nat Morris via 44Net <44net(a)mailman.ampr.org>
wrote:
> On Sun, Jan 31, 2021 at 2:55 PM G1FEF <chris(a)g1fef.co.uk> wrote:
> >
> >
> > > On 31 Jan 2021, at 14:09, Nat Morris <nat(a)nuqe.net> wrote:
> > >
> > > Which blocks did you report?
> >
> > I don’t really want to go into specific details on an open mailing list.
> Suffice to say that keeping an eye on these and responding to problems
> keeps me busy enough!
>
> Why not? what is to hide? hijack discussions happen on other mailing
> lists in the public.
>
> So no more comment from yourself as the BGP co-ordinator on the
> prefixes in the report?
>
>
>
https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whd…
>
> If you really do have the details on all these prefixes, there should
> be no reason you can't provide a statement on each, if it is an
> expected announcement, misconfiguration or hijackk
>
> Without you being slightly more forthcoming in public, in my eyes it
> puts the whole integrity of co-ordinating AMPRnet BGP announcements in
> doubt.
>
> > > Any explanation for these prefixes announced in the UK by AS61337,
> > > along side your portal prefixes, they are not documented at all in the
> > > portal:
> >
> > Not all allocations appear in the public listing on the portal, for
> various reasons. Try the Whois server if you want by check specific
> prefixes.
>
> Where is this publicly documented?
>
> > > RADB is ok, but not sufficient for the future. A better investment
> > > would be for the ARDC to negotiation with one of the 5 RIRs for
> > > prefixes to be registered there, so we could all benefit from use of
> > > their RPKI trust anchors.
> >
> > I can’t see that happening anytime soon I’m afraid, if ever, unless they
> drastically change their terms. We won’t do anything that risks losing our
> legacy status.
Have the ARDC approached each RIR and discussed this?
>
> > > Having prefixes in RADB will not provide
> > > trust anchor functionality.
> >
> > Agreed, and RPKI is something we understand is desirable, there are
> several ways it could be achieved and will be the focus for the TAC at some
> point in the future.
> >
> > >> Which repo is this development taking place in?
> >
> > The development is taking place currently and will be open sourced when
> it’s ready. In the meantime, if you want to have input on any features you
> would like to see, feel free to contact Rosy and/or myself.
>
> I'd like to see planning for this taking place in the open, not closed.
>
> > > I noticed the github.com AMPRnet Portal repo has been removed.
> >
> > There was no point in it being there, we tried that route a couple of
> years ago and didn’t get anywhere.
>
> Nat,
>
>
>
> --
> Nat
>
> https://nat.ms
> +44 7531 750292
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
>
9:48 p.m.
New subject: Concerning over undocumented BGP announcements
Oh and I forgot to mention this too, Randy Bush (RGnet) also moved to the
RIPE NCC from ARIN for the same reason, and there are slides from a talk
here: https://iepg.org/2016-04-03-ietf95/160403.iepg-transfer.pdf
-Cynthia
On Sun, Jan 31, 2021 at 10:46 PM Cynthia Revström <me(a)cynthia.re> wrote:
> I can’t
see that happening anytime soon I’m afraid, if ever, unless
they drastically change
their terms. We won’t do anything that risks losing
our legacy status.
Have the ARDC approached each RIR and discussed this?
I will just throw this in here and say that the RIPE NCC does allow for
"non-member service contract" which doesn't convert your legacy resources
but does allow you to use RPKI.
https://www.ripe.net/manage-ips-and-asns/legacy-resources/ripe-ncc-services…
I believe you might have to pay the fee though but unlike ARIN it doesn't
scale with size, and it is currently 1400 EUR/year which seems totally
reasonable for the ARDC.
An example of this is RGnet's /16, it is legacy status while being able to
use RIPE NCC's RPKI services.
https://apps.db.ripe.net/db-web-ui/lookup?source=ripe&key=147.28.0.0%20…
-Cynthia
On Sun, Jan 31, 2021 at 4:04 PM Nat Morris via 44Net <
44net(a)mailman.ampr.org> wrote:
On Sun, Jan 31, 2021 at 2:55 PM G1FEF
<chris(a)g1fef.co.uk> wrote:
list. Suffice
to say that keeping an eye on these and responding to
problems keeps me busy enough!
Why not? what is to hide? hijack discussions happen on other mailing
lists in the public.
So no more comment from yourself as the BGP co-ordinator on the
prefixes in the report?
https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whd…
If you really do have the details on all these prefixes, there should
be no reason you can't provide a statement on each, if it is an
expected announcement, misconfiguration or hijackk
Without you being slightly more forthcoming in public, in my eyes it
puts the whole integrity of co-ordinating AMPRnet BGP announcements in
doubt.
various
reasons. Try the Whois server if you want by check specific
prefixes.
Where is this publicly documented?
they
drastically change their terms. We won’t do anything that risks losing
our legacy status.
Have the ARDC approached each RIR and discussed this?
several ways
it could be achieved and will be the focus for the TAC at some
point in the future.
it’s
ready. In the meantime, if you want to have input on any features you
would like to see, feel free to contact Rosy and/or myself.
I'd like to see planning for this taking place in the open, not closed.
years ago
and didn’t get anywhere.
Nat,
--
Nat
https://nat.ms
+44 7531 750292
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
On 31 Jan 2021, at 14:09, Nat Morris
<nat(a)nuqe.net> wrote:
Which blocks did you report?
I don’t really want to go into specific details on an open mailing Any
explanation for these prefixes announced in the UK by AS61337,
along side your portal prefixes, they are not documented at all in the
portal:
Not all allocations appear in the public listing on the portal, for RADB is
ok, but not sufficient for the future. A better investment
would be for the ARDC to negotiation with one of the 5 RIRs for
prefixes to be registered there, so we could all benefit from use of
their RPKI trust anchors.
I can’t see that happening anytime soon I’m afraid, if ever, unless Having
prefixes in RADB will not provide
trust anchor functionality.
Agreed, and RPKI is something we understand is desirable, there are > Which repo is this development taking place
in?
The development is taking place currently and will be open sourced when I noticed
the github.com AMPRnet Portal repo has been removed.
There was no point in it being there, we tried that route a couple of
1188
days inactive
1188
days old
4 comments
4 participants
participants (4)
-
Antonios Chariton (daknob) -
Cynthia Revström -
Nat Morris -
Scott Nicholas