NANOG Mailing List

• Current Month
• RSS Feed
• About List
• All Lists

The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

List Archives

• Jan
• Feb
• Mar
• Apr
• May
• Jun
• Jul
• Aug
• Sep
• Oct
• Nov
• Dec
• 2024
• 468
• 367
• 206
• 192
• 149
• –
• –
• –
• –
• –
• –
• –
• 2023
• 234
• 212
• 195
• 173
• 257
• 246
• 144
• 365
• 414
• 474
• 215
• 125
• 2022
• 414
• 370
• 968
• 369
• 302
• 379
• 251
• 338
• 236
• 203
• 235
• 135
• 2021
• 721
• 619
• 528
• 449
• 280
• 447
• 280
• 527
• 651
• 728
• 454
• 239
• 2020
• 659
• 461
• 821
• 544
• 461
• 651
• 449
• 534
• 476
• 473
• 345
• 372
• 2019
• 699
• 447
• 515
• 400
• 536
• 469
• 593
• 503
• 378
• 661
• 497
• 607
• 2018
• 386
• 203
• 397
• 418
• 504
• 423
• 508
• 269
• 373
• 485
• 322
• 620
• 2017
• 278
• 321
• 427
• 166
• 284
• 417
• 168
• 325
• 406
• 366
• 177
• 680
• 2016
• 680
• 515
• 536
• 513
• 499
• 854
• 515
• 388
• 587
• 661
• 338
• 380
• 2015
• 576
• 865
• 540
• 567
• 629
• 1363
• 1083
• 587
• 890
• 1344
• 497
• 618
• 2014
• 692
• 899
• 1041
• 885
• 681
• 540
• 1015
• 518
• 540
• 986
• 714
• 652
• 2013
• 931
• 1007
• 824
• 690
• 546
• 937
• 545
• 595
• 624
• 578
• 509
• 828
• 2012
• 1239
• 1367
• 1178
• 602
• 719
• 1107
• 891
• 774
• 953
• 681
• 879
• 697
• 2011
• 1789
• 2122
• 1029
• 802
• 962
• 1459
• 605
• 887
• 1148
• 802
• 976
• 993
• 2010
• 1136
• 1206
• 1305
• 1611
• 652
• 663
• 813
• 933
• 997
• 1339
• 1081
• 1476
• 2009
• 940
• 1254
• 552
• 1019
• 825
• 627
• 750
• 701
• 646
• 1105
• 884
• 956
• 2008
• 847
• 650
• 605
• 750
• 739
• 812
• 750
• 796
• 1027
• 536
• 628
• 716
• 2007
• 806
• 457
• 505
• 693
• 762
• 652
• 542
• 764
• 572
• 1022
• 355
• 299
• 2006
• 691
• 674
• 660
• 448
• 403
• 552
• 379
• 551
• 630
• 567
• 310
• 327
• 2005
• 824
• 619
• 915
• 1204
• 790
• 632
• 1075
• 1048
• 1085
• 1237
• 769
• 593
• 2004
• 852
• 1004
• 1182
• 891
• 785
• 1220
• 752
• 770
• 848
• 537
• 999
• 768
• 2003
• 1099
• 692
• 986
• 875
• 676
• 683
• 633
• 1529
• 1579
• 1527
• 757
• 675
• 2002
• 468
• 533
• 556
• 737
• 1171
• 979
• 1123
• 1097
• 815
• 714
• 735
• 575
• 2001
• 1088
• 949
• 1052
• 822
• 1145
• 1056
• 800
• 1150
• 1956
• 857
• 518
• 382
• 2000
• 468
• 684
• 338
• 498
• 539
• 617
• 716
• 497
• 634
• 323
• 651
• 550
• 1999
• 436
• 304
• 372
• 340
• 271
• 227
• 244
• 312
• 246
• 447
• 326
• 438
• 1998
• 404
• 633
• 431
• 576
• 862
• 796
• 285
• 629
• 754
• 1063
• 967
• 402
• 1997
• 720
• 507
• 576
• 486
• 796
• 613
• 1120
• 521
• 608
• 589
• 843
• 342
• 1996
• 364
• 213
• 275
• 496
• 290
• 233
• 349
• 333
• 903
• 1099
• 373
• 290
• 1995
• 94
• 74
• 191
• 267
• 171
• 25
• 150
• 253
• 251
• 210
• 391
• 140
• 1994
• –
• –
• –
• 161
• 44
• 59
• 33
• 49
• 116
• 84
• 54
• 52

Latest Posts

Re: who runs the root, Cogent-TATA peering dispute? John R. Levine (May 19)
Good point.

In any event, I think we agree that none of IANA, ICANN, and/or Verisign
has the authority to remove one of the root operators, no matter how much
someone might dislike their peering policies.

R's,
John

PS: Perhaps the GWG will eventually come up with a way to do that but I'm
not holding my breath. It's been six years since RSSAC 037 and 038. I
can't blame them for moving very slowly since it would be all...

Re: Cogent-TATA peering dispute? David Conrad via NANOG (May 19)
Wrong in 2 ways:

1) ICANN runs one of root servers.
2) https://community.icann.org/pages/viewpage.action?pageId=120820189

I doubt even NTIA would _ever_ have said this, and certainly not since the IANA Functions transition. This is simply
not how the relationship between NTIA and ICANN operated (pre-transition, after transition it is even less).

Interesting theory.

Regards,
-drc

Re: who runs the root, Cogent-TATA peering dispute? David Conrad via NANOG (May 19)
John,

Sort of.

Technically, IANA provides database change requests to Verisign. The actual database is maintained by the Root Zone
Maintainer (hence the name).

Err, no. You forgot the little bit about the IANA Functions transition. Specifically:

https://www.icann.org/en/stewardship-implementation/root-zone-maintainer-agreement-rzma

When you say “ICANN” who, exactly, do you mean? ICANN the organization or ICANN the community? If the...

Re: Cogent-TATA peering dispute? Bill Woodcock (May 18)
The topic of the conversation was Cogent, and this question doesn’t apply to them. We have to recognize that there are
a limited number of public-benefit entities with the mission or budget to operate global-scale Internet public
infrastructure, and that’s ok; it is what it is. Different models give us diversity and resilience, and that’s good.
The thought I was expressing was about a moral principle that costs nothing to adhere to,...

Re: Cogent-TATA peering dispute? Bill Woodcock (May 18)
I’m not “calling them out,” I’m merely repeating their own assertion of their status, as they’ve put it on PeeringDB.
They say they have a selective peering policy rather than an open peering policy. The other have open peering
policies. The question was regarding open peering policies, and that’s what I was addressing. It’s not for me to
judge whether organizations policies are what they claim, I’m only addressing the...

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities scott via NANOG (May 18)
-----------------------------------------------------------

While not a Big Guy, Hawaiian Telcom is actively removing all that old
equipment because of energy/maint/personnel/etc costs. It's a lot more
involved and harder to do than most would think. OAEE - Old Ass
Equipment Everywhere (-: stops migration.

With HT being a private company, I would find it hard to imagine the
government saying "Do it now!" without some way of...

RE: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Jason Baugher (May 18)
John Levine said:

STIR/SHAKEN is more complex than it needs to be, sure, but for the time being it's effectively broken anyway. If you're
in an area where you have to connect to an ancient TDM-only LATA tandem, even though you'd like to do STIR/SHAKEN, it
can't be done over an SS7 call. The call gets to the terminating carrier, who decides in their infinite wisdom that
since it's not signed, to tell their customer...

RE: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Jason Baugher (May 18)
I'm not so sure about the FCC or any government agency having technical experts in-house. Possibly they exist, but the
chances of their voices being heard are low. Not only that, but I feel that any time an expert isn't actually working
actively in their field, they quickly stop being an expert.

No, it isn't. And yet, the same old problems seem to persist, primarily caused by the same companies, doing the same
things...

Re: Cogent-TATA peering dispute? Ray Bellis (May 18)
IIUC, most of L-root's systems are hosted within transit networks, and
not at IXPs. As such they have no control over additional peerings.

According to their PeeringDB entry, at all of the 23 IXPs listed they
only peer via route servers and not bilaterally.

As such I don't think it's entirely fair to call them out on this.

Ray

Re: Cogent-TATA peering dispute? Saku Ytti (May 18)
What type of network reach is required? Is single pop enough, that as
long as you have single pop, and open policy to peer with anyone who
wants to connect to your pop, you qualify?

Re: Cogent-TATA peering dispute? Bill Woodcock (May 18)
Well, putting aside Cogent per se, and focusing on this much more interesting issue, I would suggest that this is
already a well-established best practice, and reasonable in principle:

A-root, Verisign, open peering policy: https://www.peeringdb.com/net/873

B-root, USC/ISI, doesn’t really peer, but open in principle: https://b.root-servers.org/statements/response.html

C-root, Cogent, selective, not obviously published?

D-root, UMD, open...

Re: Cogent-TATA peering dispute? Mark Tinka (May 18)
Or to put it another way, if the community thought Cogent was not
providing some value to them, they would no longer be in business.

Mark.

Re: Cogent-TATA peering dispute? Saku Ytti (May 17)
This seems awfully simplistic, 'Cogent at 100% fault, in each case'.
It doesn't match my understanding, and therein lies the problem. In my
understanding of the issues, in a few of them, I would rate 100% fault
at the other side.

What are we asking in terms of your proposed policy change of allowing
host a root DNS? You must peer with everyone and anyone, at any terms?
I think we would struggle to form policy to capture the...

Re: Cogent-TATA peering dispute? Mark Tinka (May 17)
They have a similar problem in Africa with the major African IP Transit
providers; and they are far less deployed in Africa than they are in Asia.

Mark.

Re: who runs the root, Cogent-TATA peering dispute? William Herrin (May 17)
Verisign maintains them under contract to ICANN and NTIA and under
direction from ICANN. If ICANN told Verisign to make a change they
really didn't want to make, Verisign has just enough wiggle room to
delay until the NTIA rep can weigh in. Generally, though, ICANN
administers, Verisign implements and NTIA funds the effort.

This contract is also a part of the story:...

More Lists

Dozens of other network security lists are archived at SecLists.Org.