From BWILLIS at neotelecoms.com Thu Apr 3 15:49:22 2014 From: BWILLIS at neotelecoms.com (Blake WILLIS) Date: Thu, 3 Apr 2014 13:49:22 +0000 Subject: [bcop] Indosat (AS4761) BGP Hijack In-Reply-To: References: <69eb28af87834257b2799a69f7ad2ef9@anx-i-dag01.anx.local> Message-ID: <92CEE981-CF03-44B0-890A-14ABD2CE2A26@neotelecoms.com> On 3 Apr 2014, at 1:45 PM, IP TAC wrote: > Dear Partner, > > The problem caused by misconfig by our third-party support. > We already have plan to prevent the problem exist in the future if any misconfig happen again. > We apologize for the inconvenience. Greetings, May I take this opportunity to suggest that you (& anyone else listening that doesn't already have two levels of prevention on their BGP customers) implement a BGP max-prefix setting on your customer peer-groups to prevent this sort of incident in the future (in addition to using per-customer prefix filters)? Plenty of networks are rolling out IPv6; RPKI may take longer... Best regards, --- Blake Willis Consulting Network Architect From benno at NLnetLabs.nl Mon Apr 7 15:12:56 2014 From: benno at NLnetLabs.nl (Benno Overeinder) Date: Mon, 07 Apr 2014 15:12:56 +0200 Subject: [bcop] Indosat (AS4761) BGP Hijack In-Reply-To: <92CEE981-CF03-44B0-890A-14ABD2CE2A26@neotelecoms.com> References: <69eb28af87834257b2799a69f7ad2ef9@anx-i-dag01.anx.local> <92CEE981-CF03-44B0-890A-14ABD2CE2A26@neotelecoms.com> Message-ID: <5342A458.7030901@NLnetLabs.nl> Hi Blake (with cc to BCOP list), On 04/03/2014 03:49 PM, Blake WILLIS wrote: > On 3 Apr 2014, at 1:45 PM, IP TAC wrote: > >> Dear Partner, >> >> The problem caused by misconfig by our third-party support. >> We already have plan to prevent the problem exist in the future if any misconfig happen again. >> We apologize for the inconvenience. > > Greetings, > > May I take this opportunity to suggest that you (& anyone else listening that doesn't already have two levels of prevention on their BGP customers) > implement a BGP max-prefix setting on your customer peer-groups to prevent this sort of incident in the future (in addition to using per-customer prefix filters)? This might (indeed) be an excellent document for a BCOP. If you are in the opportunity to attend the RIPE meeting, you might consider to start working on a BCOP document for (basic) filtering. This can be part of another, more broad defined document on BGP configuration, or more specific on customer peer-group filtering. Please let us know what you think. Best, -- Benno -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/ From benno at NLnetLabs.nl Mon Apr 7 15:33:43 2014 From: benno at NLnetLabs.nl (Benno Overeinder) Date: Mon, 07 Apr 2014 15:33:43 +0200 Subject: [bcop] Call for proposals BCOP task force Message-ID: <5342A937.8010209@NLnetLabs.nl> The RIPE BCOP Task Force proposed charter is now published on the RIPE TF webpage, see http://www.ripe.net/ripe/groups/tf/best-current-operational-practices-task-force. Now we are accepting the proposals for presentations from intended BCOP documents authors for our next RIPE meeting in Warsaw. If you are willing to start working on your own Best Current Operational Practices - BCOP document and talk about that in Warsaw (and maybe get some co-authors), please get in touch with Jan or myself. Best, Jan Zorz and Benno Overeinder -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/ From benno at NLnetLabs.nl Mon Apr 7 16:05:17 2014 From: benno at NLnetLabs.nl (Benno Overeinder) Date: Mon, 07 Apr 2014 16:05:17 +0200 Subject: [bcop] Best Current Operational Practices TF proposed charter published Message-ID: <5342B09D.1010005@NLnetLabs.nl> Hi, The RIPE BCOP Task Force proposed charter is now published on the RIPE TF webpage, see http://www.ripe.net/ripe/groups/tf/best-current-operational-practices-task-force. Comments on proposed charter are welcome on the bcop at ripe.net mailing list and the TF meeting in Warsaw. We intend to get the charter approved at the first TF meeting in Warsaw. Best regards, Jan Zorz & Benno Overeinder -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/ From jan at go6.si Thu Apr 10 12:41:12 2014 From: jan at go6.si (Jan Zorz @ go6.si) Date: Thu, 10 Apr 2014 12:41:12 +0200 Subject: [bcop] BCOP presentation at RIPE meeting in Warsaw Message-ID: <53467548.9050407@go6.si> Dear BCOP group, I would like to get a short slot in BCOP TF meeting in Warsaw, I would like to present the 00 version of a draft "IPv6 troubleshooting for helpdesks" The 00 draft can be found in PDF format here: http://go6.si/ipv6-troubleshooting-for-helpdesks/ (find the link at the end of the text). I would encourage you to read the text and comment in terms if this is something that could be the best current operational practice - and particularly I'm searching for people that would join the working pack and continue the technical IPv6 part in IPv6 WG, where we would like to check for IPv6 technical validity and soundness of the document. Thank you very much, Jan Zorz From matthijs at nlnetlabs.nl Tue Apr 15 10:42:25 2014 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 15 Apr 2014 10:42:25 +0200 Subject: [bcop] BCOP on DNSSEC Message-ID: <534CF0F1.6080007@nlnetlabs.nl> Hi, FYI. Within the IETF, we have two versions of documents describing DNSSEC operational practices for authoritative name servers. These documents are very lengthy because they are considerations and take into account many possibilities. I am now thinking of writing a best current operational practices. To me it makes sense that these can be (at least) two documents, for TLD operators and for hosters of many zones. I hope I can start this activity soon and perhaps I can share some of that work in BCOP at Warsaw. Best regards, Matthijs From cgrundemann at gmail.com Wed Apr 16 16:33:24 2014 From: cgrundemann at gmail.com (Chris Grundemann) Date: Wed, 16 Apr 2014 08:33:24 -0600 Subject: [bcop] BCOP on DNSSEC In-Reply-To: <534CF0F1.6080007@nlnetlabs.nl> References: <534CF0F1.6080007@nlnetlabs.nl> Message-ID: On Tue, Apr 15, 2014 at 2:42 AM, Matthijs Mekking wrote: > Hi, > > FYI. > > Within the IETF, we have two versions of documents describing DNSSEC > operational practices for authoritative name servers. These documents > are very lengthy because they are considerations and take into account > many possibilities. > > I am now thinking of writing a best current operational practices. To me > it makes sense that these can be (at least) two documents, for TLD > operators and for hosters of many zones. > I think that would make for two very useful documents! I encourage others with operational experience deploying DNSSEC to join your effort. > > I hope I can start this activity soon and perhaps I can share some of > that work in BCOP at Warsaw. > I hope so too! Looking forward to it... =) Cheers, ~Chris > > Best regards, > Matthijs > > > > -- @ChrisGrundemann http://chrisgrundemann.com -------------- next part -------------- An HTML attachment was scrubbed... URL: