Hey all
A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem.
Does anybody know something?
Cheers
Michele
--------
Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil
Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32
http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch>
--------
****Christmas Dinner****
Dear SwiNOGers,
Let's have our Christmas Dinner with Cheese fondue, Kirsch and beer (if you like) at Rehalp!!!
Place limit 12 for now, may be extended to 15 max.
Upcoming events for 2017 will be announced shortly.
Looking forward seeing you!
Emanuel, Mobile +41 79 382 73 77, Email emanuel(a)vshn.ch
Details for the next event:
-----------------------------------------------
Event: SwiNOG-BE162 - Beer Event 162 - Christmas Dinner
When? Monday, 12th December 2016 18:30
Where? Chässtube Rehalp
Forchstrasse 359, 8008 Zürich, Tel. +41 44 381 01 80
http://www.chaesstube-rehalp.ch
(GoogleMaps Link: http://goo.gl/maps/ur3Lq)
Places avaiable? 12
!! Please sign up if you're really coming - because the seats are limited! !!
-----------------------------------------------
Registration:
Start: Wednesday, 26th October 2016 - 10:00
Stop: Friday, 9th December 2016 - 18:00
Reg-URL: http://swinog.be/
-----------------------------------------------
Since we have to make reservations, I need to know who's coming and who not.
If you can't attend and you're registered please inform me ASAP (+41 79 382 73 77).
greetings
Emanuel Kleindienst
Hi Julien
Yes, we are experiencing the same issues recently with ptr-requests
forwarded to the iana blackhole nameservers.
# dig -x 10.0.0.100 @blackhole-1.iana.org
;; global options: +cmd
;; connection timed out; no servers could be reached
We now configured our nameservers to respond to those requests
immediately without sending the queries to internet servers, which
they shouldn't do anyway for RFC1918 IPs [1][2]
Regards,
Christian
[1] https://deepthought.isc.org/article/AA-00800/0
[2] https://www.iana.org/help/abuse-answers -> Information about
"Blackhole" Servers
2016-10-27 16:13 GMT+02:00 <maj(a)mbuf.net>:
> Hi,
> are there some people experiencing issues on some AS when using
> iana blackhole nameservers for localnets?
>
> I usually meet this response for instance:
> dig 172.16.1.1 @blackhole-1.iana.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34667
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;172.16.1.1. IN A
>
> ;; Query time: 46 msec
> ;; SERVER: 192.175.48.6#53(192.175.48.6)
> ;; WHEN: Thu Oct 27 16:
>
>
> But I don't get any reply packet on AS8220 (COLT).
> dig 172.16.1.1 @blackhole-1.iana.org
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
>
> thank you.
>
> --
> |_|0|_| julien mabillard
> |_|_|0| OpenPGP key fingerprint : F009 EFD0 8060 50FE DE07 4953 0E57 5BB0 8284 EF08
> |0|0|0|
>
>
> _______________________________________________
> swinog mailing list
> swinog(a)lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Hi,
are there some people experiencing issues on some AS when using
iana blackhole nameservers for localnets?
I usually meet this response for instance:
dig 172.16.1.1 @blackhole-1.iana.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34667
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;172.16.1.1. IN A
;; Query time: 46 msec
;; SERVER: 192.175.48.6#53(192.175.48.6)
;; WHEN: Thu Oct 27 16:
But I don't get any reply packet on AS8220 (COLT).
dig 172.16.1.1 @blackhole-1.iana.org
;; global options: +cmd
;; connection timed out; no servers could be reached
thank you.
--
|_|0|_| julien mabillard
|_|_|0| OpenPGP key fingerprint : F009 EFD0 8060 50FE DE07 4953 0E57 5BB0 8284 EF08
|0|0|0|
Hi all,
next week I will be at SWINOG #30, and I will be bringing some RIPE
Atlas Probes.
If you're interested in getting one of them, please send me an email, so
that I can reserve one and have an idea of how many to bring.
If you don't know what RIPE Atlas is, and want to know more, you can
find information at https://atlas.ripe.net.
Ciao!
--
Massimiliano Stucchi
RIPE NCC
mstucchi(a)ripe.net
Follow us on Twitter for the fastest and latest RIPE NCC Training news!
@TrainingRIPENCC
Dear SwiNOGers,
Let's have some Beer & Food at Don Weber!
Upcoming events for rest of 2016:
> SwiNOG-BE161: Mo, 28.11.16
> SwiNOG-BE162: Mo, 12.12.16 (Christmas dinner)
Looking forward seeing you!
Emanuel, Mobile +41 79 382 73 77, Email emanuel(a)vshn.ch
Details for the next event:
-----------------------------------------------
Event: SwiNOG-BE160 - Beer Event 160
When? Monday, 24th October 2016 18:30
Where? Don Weber
Heinrichstrasse 213, 8005 Zürich
http://www.donweber.ch/
(GoogleMaps Link: http://goo.gl/maps/PqOPb)
Places available? 12
!! Please sign up if you're really coming - because the seats are limited! !!
-----------------------------------------------
Registration:
Start: Friday, 20th October 2016 - 16:15
Stop: Monday, 24th August 2016 - 16:30
Reg-URL: http://swinog.be/
-----------------------------------------------
Since we have to make reservations, I need to know who's coming and who's not.
If you can't attend and you're registered please inform me ASAP (+41 79 382 73 77).
Cheers,
Emanuel Kleindienst
Hello PeeringDB users / hello SwiNOG,
the PeeringDB Product Committee (PC, [0]) is charged with steering the
future product development and running the market outreach efforts to
continuously improve the value that PeeringDB delivers to the networks
registered with PeeringDB, and the broader community.
We're looking for feedback and input from the community on our charter
proposal. Please take this short survey [1]. Your input and comments are
appreciated!
[0] http://docs.peeringdb.com/gov/
[1] https://www.surveymonkey.com/r/JN36DT2
Greetings
Arnold
--
Arnold Nipper
email: arnold(a)nipper.de phone: +49 6224 5593407 2
mobile: +49 172 2650958 fax: +49 6224 5593407 9
Hello dear SwiNOG community
We finally have the agenda released for SwiNOG #30 on the Friday 04.11.2015
on top of Gurten.
Please register NOW.
https://register.swinog.ch/
Agenda
http://www.swinog.ch/meetings/swinog30/agenda.asp
IoT Security and the Role of the Thing Manufacturer | Eliot Lear (Cisco
Systems)
While there are predictions of 50bn connected devices by 2020, we do not
know how to count the number of types of things. Mechanisms are needed to
facilitate connectivity of these devices in a safe and secure way. Both
manufacturers and network managers can take steps to see that devices remain
secure. This presentation will discuss those roles and two emerging
concepts: a bootstrapping mechanism called ANIMA, and way to describe what
communications a device is designed to have known as Manufacturer Usage
Descriptions.
StackStrom & ChatOps | David Gee (Brocade)
Thank you to the internet, we have a button that can be used to order
anything from Amazon. Facebook receives millions of pictures a day (mostly
of cats doing things) and Twitter has infiltrated main stream media.
Enterprise IT is falling like an empire once great, almost crumbling within
from the pressure of change.
Simplify the lifecycle of your cloud with Mirantis Cloud Platform (MCP) |
Ivan Ostojic (Juniper)
Mirantis brings their Openstack solution with MCP to a next level. To
dramatically simplify the lifecycle process, MCP introduces containers
orchestrated by Kubernetes. Additionally, a much more scalable SDN
controller was needed whereby MCP replaced OVS Neutron by Juniper
OpenContrail. This session will explain why Mirantis was looking for a new
architecture and covers the details about MCP itself.
Why you should take care of the network(s) around you or DDoS Suckz | Will
van Gulik (IP-Max SA)
Lesson learned from a DDoS at the end of 2015, and best practice to
implement to make internet a better place.
SwissIX Update | Ulf Kieber (SwissIX)
SwissIX Update
Whats new with RRDtool and other stories from Tobi Oetiker GitHub account |
Tobi Oetiker (OETIKER+PARTNER AG)
New tweaks and features of RRDtool and some fancy new tools released on my
GitHub account
Swiss NREN protection with DNS RPZ | Matthias Seitz (SWITCH)
SWITCH has introduced a service based on DNS Response Policy Zone in the
Swiss NREN. DNS RPZ extends the DNS with a firewall function that denies
access to malicious domains. With this function, malware infection on users'
devices and requests for phishing sites will be prevented. In addition,
already infected systems can be detected. Furthermore, the users awareness
is increased through redirecting the user to an information page.
The DNS Toolbox | Jeroen Massar (Farsight Security, Inc.)
Presenting a DNS Toolbox, various techniques to make your network safer for
you and your users and that you likely already have installed:
- RRL: Response Rate Limiting
- RPZ: Response Policy Zones
- dnstap: Tap the DNS
- Passive DNS: View what the Internet has been doing I'll also explain how
Passive DNS does involve minimal PII in the labels, but due to the location
where one dnstaps does not affect privacy.
RFC3021 | Silvan M. Gebhardt (Openfactory)
I would like to share some of my experience with RFC3021 and I would like to
hear a bit from the crowd how they stand to it and why and what they know
about it.
How scary is DNSSEC? | Massimiliano Stucchi (RIPE NCC)
DNSSEC is a set of extensions for DNS to make it more secure.
It involves cryptography, PKI, and a new set of tools to manage it.
This talk tries to demistify all the myths about DNSSEC and show that it
actually is simpler than it sounds by introducing some of the basics and
providing a live example of two key rollovers on a real domain name done on
stage.
How to increase availability using ExaBGP | André Keller & Manuel Schweizer
(VSHN & CloudScale.ch AG)
Social Event | Everyone (SwiNOG Community)
Yeah - you all know this one ;-) never gets boring
Looking so forward to seeing all of you !!!!
Simon
SwiNOG
Hello all,
I'd like to know if anyone else experienced routing problems yesterday on
October 10th 2016 from Swisscom networks to Amazon AWS (Ireland).
We've had our server connections cut between 1400 and 1450. I'm pretty sure
the problem was with NTT, which was the next hop after Swisscom.
At 1450 someone (Swisscom or AWS?) changed the routing and the next hop
after Swisscom changed to DTAG.
Does anyone have more insights who "fixed" it yesterday?
Swisscom only responded to our incident ticket that "Amazon uses
loadbalancers and therefore several destination ip addresses" and
"traceroute has changed since your screenshot" which is not helpful at all.
Thanks in advance for any information.
ck