March 2020 - Test - lists.nanog.org

NANOG 79 Call For Presentations
by Vincent Celindro 03 Mar '20

03 Mar '20

Vincent Celindro <vcelindro(a)nanog.org> Thu, Nov 21, 2019, 5:57 PM to NANOG-announce, nanog Dear NANOG Community, In NANOG tradition - The NANOG Program Committee (PC) is excited to announce that we are accepting proposals for all sessions at NANOG 79 in Boston, Massachusetts, June 1st - 3rd, 2020. As mentioned during the community meeting at NANOG 78 in San Francisco, the Call For Presentations, CFP, is now open all year round, for current and future meetings. Below is a summary of key details and dates for the CFP, which can also be found at https://www.nanog.org/meetings/nanog-79/submit-presentation/ Given by many of the industry’s top minds, presentations at NANOG meetings are meant to spark the imagination, encourage dialog, and drive new solutions to our greatest networking challenges. The PC is currently seeking proposals, and also welcomes suggestions for speakers and topics. Presentations may cover current technologies, soon-to-be deployed technologies, and industry innovation. Vendors are welcome to submit talks which cover relevant technologies and capabilities, but presentations should not be promotional, or discuss proprietary solutions. We understand you may have concerns regarding the COVID 19 coronavirus. To date, the areas of the world most impacted by the virus are outside the North American region, which NANOG serves. The NANOG Board of Directors and executive team are closely watching the latest news reports as information about the virus rapidly changes, and how this may or may not impact the upcoming conference. There is no information at this time that suggests we should cancel NANOG 79, but we assure you we'll keep the entire NANOG community up to date as information changes, and we learn more. The primary speaker, moderator, or author should submit a presentation proposal and abstract via the Program Committee Tool at: https://www.nanog.org/meetings/submit-presentation/ - Sign in with your Profile Account - Select the type of talk you propose to present, and complete the title and abstract Timeline for submission and proposal review: - Submitter enters abstract (and draft slides if possible) in Program Committee Tool prior to the deadline for slide submission. - PC performs initial review and assigns a “shepherd” to help develop the submission — within 2 weeks. - Submitter develops draft slides of talk if not already submitted with the initial proposal. Please submit initial draft slides early — the PC does not evaluate submissions until draft slides are available for review. A NANOG slide template as well as presentation guidelines are available here. https://www.nanog.org/participate/presentation-guidelines/ - Panel and Track submissions should provide a topic list and intended/confirmed participants in the abstract. - PC reviews the slides and continues to work with Submitter as needed to develop the topic. - Draft presentation slides should be submitted prior to the published deadline for slides (April 13th, 2020). - PC evaluates submissions to determine presentations for the agenda (posted by May 18th, 2020). - Agenda assembled and posted. - Submitters notified. - Final presentation slides must be submitted prior to the published deadline for slides (May 25th, 2020). If you think you have an interesting topic but want feedback or suggestions for developing an idea into a presentation, please email the PC ( nanogpc(a)nanog.org) and a representative will respond to you in a timely manner. Otherwise, submit your talk, keynote, track, or panel proposal to the Program Committee Tool at your earliest convenience. We look forward to reviewing your submission! Key dates for NANOG 79: Date Event/Deadline March 2, 2020 CFP Opens March 30, 2020 Standard Registration Begins April 13, 2020 CFP Deadline: Presentation Slides Due May 4, 2020 CFP Topic List & NANOG Meeting HIghlights Page posted May 11, 2020 Late Registration Begins May 18, 2020 NANOG 78 Agenda Posted May 25, 2020 Speaker FINAL presentations DUE (NO CHANGES accepted after this date) May 31, 2020 Lightning Talk Submissions Open, Onsite Registration Begins Final slides must be submitted by Monday, May 25th, 2020, and no changes will be accepted between that date and the conference. Materials received after that date may be updated on the website after the completion of the conference. We look forward to seeing you in Boston in June! Sincerely, Vincent Celindro - PC Chair On behalf of the NANOG Program Committee

1 0

Equinix IX Dallas Legacy Route Servers Decommissioning - Subnet Expansion
by David Miller 03 Mar '20

03 Mar '20

PSA: For anyone on the Equinix IX in Dallas who may have missed the announcements - The subnet in Dallas was expanded to a /23 and there are new MLPE route servers. The old route servers will be decommissioned this week. >From Equinix: "IBX(s): DA1,DA10,DA2,DA3,DA4,DA6,DA7,DA9,DA99 DESCRIPTION:NOTICE: THE LEGACY MLPE AND ROUTE COLLECTOR SERVERS WILL BE DECOMMISSIONED 5-MAR-2020 Equinix expanded the DA IX subnet from a /24 to a /23 on 25-JUN-2019. Equinix engineers also updated the MLPE and Route Collector IPs and subnet mask from /24 to /23. Customers that have not already done so, will need to update their subnet mask and peering IP address for the MLPE/RC servers to reflect the newly expanded subnet of 206.223.118.NNN/23. BGP Sessions are preconfigured for all MLPE/RC participants on the new servers, but if you have issues bringing up your sessions please contact us. A Status page is published at the following link https://ix.equinix.com/home/ip-migration/da/ " -- ______________________ David Miller dmiller(a)tiggee.com

1 0

Take-Two Interactive Software NOC Contact
by Tim Nowaczyk 03 Mar '20

03 Mar '20

Network Engineer for a small ISP here. Our customers seem to be having connectivity issues with Take-Two Software, specifically NBA 2k20. Traceroute makes it to Akamai Prolexic before being dropped. Does anyone have contact info for someone at Take-Two? Thanks, Tim Nowaczyk -- Timothy Nowaczyk | Senior Network Manager office 703.554.6622 <tel:703.554.6622> | mobile 571.318.9434 <tel:571.318.9434> <http://www.allpointsbroadband.com/>

2 1

Legacy Concentric/XO Web Services Blocking?
by James Breeden 03 Mar '20

03 Mar '20

NANOG, Looking for anyone from XO or Legacy Concentric web hosting services (now VDMS). I have a mutual customer that is getting caught at some form of Web App firewall coming from a specific IP range. Thank you! James W. Breeden Managing Partner [logo_transparent_background] Arenal Group: Arenal Consulting Group | Atheral | Ceteris Coin | Acilis Telecom | Pines Events and Media | BlueNinja Corporate: PO Box 1063 | Smithville, TX 78957 Email: james(a)arenalgroup.co<mailto:james@arenalgroup.co> | office 512.360.0000 | www.arenalgroup.co<http://www.arenalgroup.co/>

1 0

Re: China’s Slow Transnational Network
by Scott Weeks 02 Mar '20

02 Mar '20

In fact, Great Canon (GC) [55] is such an in-path system. But it is known for intercepting a subset of traffic (based on protocol type) only. What’s more, GC has been activated only twice in history (the last one in 2015 [55]). ----------------------------------- AT&T security says otherwise: https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been… The Great Cannon is a distributed denial of service tool (“DDoS”) that operates by injecting malicious Javascript into pages served from behind the Great Firewall." "The Great Cannon was the subject of intense research after it was used to disrupt access to the website Github.com in 2015. Little has been seen of the Great Cannon since 2015. However, we’ve recently observed new attacks..." "On August 31, 2019, the Great Cannon initiated an attack against a website (lihkg.com) used by members of the Hong Kong democracy movement to plan protests." scott

1 0

Re: China’s Slow Transnational Network
by Pengxiong Zhu 02 Mar '20

02 Mar '20

In fact, the three large carriers provide 98.5% of China’s total transnational bandwidth. We observe this across all the three large carriers, as well as one smaller carrier, CERNET(China Education and Research Network). Best, Pengxiong Zhu Department of Computer Science and Engineering University of California, Riverside On Mon, Mar 2, 2020 at 12:12 PM Ben Cannon <ben(a)6by7.net> wrote: > > On Mar 2, 2020, at 11:38 AM, Pengxiong Zhu <pzhu011(a)ucr.edu> wrote: > > Those are good insights. Our first guess is censorship too, and we > discussed the possibilities of censorship side effects in Section 5.1 > *Censorship*. > > It’s the Government doing mandatory content filtering at the border. >> Their hardware is either deliberately or accidentally poor-performing. >> > > However, GFW operates as an on-path system [72], which only processes > copies of existing packets without the ability to discard existing packets. > Evidently, prior work has shown that GFW fails to inject RST packets during > busy hours while the packets containing sensitive keywords are still > delivered successfully [34]. However, we are unable to rule out the > possibility that GFW has evolved to acquire the capability to discard > packets. > > Maybe... I dunno.... get rid of the Great Firewall of China? > > > We designed a small experiment to locate the hops with GFW presence, and > then try to match them with the bottleneck hops. We found only in 34.45% of > the cases, the GFW hops match the bottleneck hops. > > My guess is that it’s all the DDoS traffic coming from China saturating >> the links. >> > > In fact, Great Canon (GC) [55] is such an in-path system. But it is known > for intercepting a subset of traffic (based on protocol type) only. What’s > more, GC has been activated only twice in history (the last one in 2015 > [55]). However, it might be the case that the in-path capability is > re-purposed to perform general traffic throttling. If that is the case, > they have done a good job because the throttling resembles natural > congestion from the loss rate and latency point of view. > > > I believe this is what’s happening, and I believe they are rate-limiting > and causing actual congestion, as opposed to simulating it. The losses > would be real, actual saturation, on simply rate-limited flows. Unclear if > this is being done on a per-flow basis or per-source or what. You might be > able to find out. I’m curious if you see this across all carriers or only > the larger ones? > > -Ben. > > The asymmetric performance between downstream and upstream traffic can be > explained by the natural imbalance of transnational traffic (where the > upstream traffic from China to outside is not significant enough to > throttle). > > > Best, > Pengxiong Zhu > Department of Computer Science and Engineering > University of California, Riverside > > > On Mon, Mar 2, 2020 at 8:11 AM Compton, Rich A <Rich.Compton(a)charter.com> > wrote: > >> My guess is that it’s all the DDoS traffic coming from China saturating >> the links. >> >> >> >> *From: *NANOG Email List <nanog-bounces(a)nanog.org> on behalf of >> Pengxiong Zhu <pzhu011(a)ucr.edu> >> *Date: *Monday, March 2, 2020 at 8:58 AM >> *To: *NANOG list <nanog(a)nanog.org> >> *Cc: *Zhiyun Qian <zhiyunq(a)cs.ucr.edu> >> *Subject: *China’s Slow Transnational Network >> >> >> >> Hi all, >> >> >> >> We are a group of researchers at University of California, Riverside who >> have been working on measuring the transnational network performance (and >> have previously asked questions on the mailing list). Our work has now led >> to a publication in Sigmetrics 2020 and we are eager to share some >> >> interesting findings. >> >> >> >> We find China's transnational networks have extremely poor performance >> when accessing foreign sites, where the throughput is often persistently >> >> low (e.g., for the majority of the daytime). Compared to other countries >> we measured including both developed and developing, China's transnational >> network performance is among the worst (comparable and even worse than some >> African countries). >> >> >> >> Measuring from more than 400 pairs of mainland China and foreign nodes >> over more than 53 days, our result shows when data transferring from >> foreign nodes to China, 79% of measured connections has throughput lower >> than the 1Mbps, sometimes it is even much lower. The slow speed occurs only >> during certain times and forms a diurnal pattern that resembles congestion >> (irrespective of network protocol and content), please see the following >> figure. The diurnal pattern is fairly stable, 80% to 95% of the >> transnational connections have a less than 3 hours standard deviation of >> the slowdown hours each day over the entire duration. However, the speed >> rises up from 1Mbps to 4Mbps in about half an hour. >> >> >> >> [image: blob:null/71cf5a6a-3841-41ce-a1d4-207b59182189] >> >> >> >> We are able to confirm that high packet loss rates and delays are >> incurred in the foreign-to-China direction only. Moreover, the end-to-end >> loss rate could rise up to 40% during the slow period, with ~15% on average. >> >> >> >> There are a few things noteworthy regarding the phenomenon. First of all, >> all traffic types are treated equally, HTTP(S), VPN, etc., which means it >> is discriminating or differentiating any specific kinds of traffic. Second, >> we found for 71% of connections, the bottleneck is located inside China >> (the second hop after entering China or further), which means that it is >> mostly unrelated to the transnational link itself (e.g., submarine cable). >> Yet we never observed any such domestic traffic slowdowns within China. >> >> Assuming this is due to congestion, it is unclear why the infrastructures >> within China that handles transnational traffic is not even capable to >> handle the capacity of transnational links, e.g., submarine cable, which >> maybe the most expensive investment themselves. >> >> >> >> Here is the link to our paper: >> >> https://www.cs.ucr.edu/~zhiyunq/pub/sigmetrics20_slowdown.pdf >> >> >> We appreciate any comments or feedback. >> >> -- >> >> >> Best, >> Pengxiong Zhu >> Department of Computer Science and Engineering >> University of California, Riverside >> The contents of this e-mail message and >> any attachments are intended solely for the >> addressee(s) and may contain confidential >> and/or legally privileged information. If you >> are not the intended recipient of this message >> or if this message has been addressed to you >> in error, please immediately alert the sender >> by reply e-mail and then delete this message >> and any attachments. If you are not the >> intended recipient, you are notified that >> any use, dissemination, distribution, copying, >> or storage of this message or any attachment >> is strictly prohibited. >> > >

1 0

Re: China’s Slow Transnational Network
by Pengxiong Zhu 02 Mar '20

02 Mar '20

Those are good insights. Our first guess is censorship too, and we discussed the possibilities of censorship side effects in Section 5.1 *Censorship*. My guess is that it’s all the DDoS traffic coming from China saturating the > links. > In fact, Great Canon (GC) [55] is such an in-path system. But it is known for intercepting a subset of traffic (based on protocol type) only. What’s more, GC has been activated only twice in history (the last one in 2015 [55]). However, it might be the case that the in-path capability is re-purposed to perform general traffic throttling. If that is the case, they have done a good job because the throttling resembles natural congestion from the loss rate and latency point of view. The asymmetric performance between downstream and upstream traffic can be explained by the natural imbalance of transnational traffic (where the upstream traffic from China to outside is not significant enough to throttle). Maybe... I dunno.... get rid of the Great Firewall of China? > What do you mean? Do you mean the slow traffic is to bypass the GFW or the slow traffic is caused by GFW? Best, Pengxiong Zhu Department of Computer Science and Engineering University of California, Riverside On Mon, Mar 2, 2020 at 11:38 AM Pengxiong Zhu <pzhu011(a)ucr.edu> wrote: > Those are good insights. Our first guess is censorship too, and we > discussed the possibilities of censorship side effects in Section 5.1 > *Censorship*. > > It’s the Government doing mandatory content filtering at the border. >> Their hardware is either deliberately or accidentally poor-performing. >> > > However, GFW operates as an on-path system [72], which only processes > copies of existing packets without the ability to discard existing packets. > Evidently, prior work has shown that GFW fails to inject RST packets during > busy hours while the packets containing sensitive keywords are still > delivered successfully [34]. However, we are unable to rule out the > possibility that GFW has evolved to acquire the capability to discard > packets. > > Maybe... I dunno.... get rid of the Great Firewall of China? > > > We designed a small experiment to locate the hops with GFW presence, and > then try to match them with the bottleneck hops. We found only in 34.45% of > the cases, the GFW hops match the bottleneck hops. > > My guess is that it’s all the DDoS traffic coming from China saturating >> the links. >> > > In fact, Great Canon (GC) [55] is such an in-path system. But it is known > for intercepting a subset of traffic (based on protocol type) only. What’s > more, GC has been activated only twice in history (the last one in 2015 > [55]). However, it might be the case that the in-path capability is > re-purposed to perform general traffic throttling. If that is the case, > they have done a good job because the throttling resembles natural > congestion from the loss rate and latency point of view. The asymmetric > performance between downstream and upstream traffic can be explained by the > natural imbalance of transnational traffic (where the upstream traffic from > China to outside is not significant enough to throttle). > > > Best, > Pengxiong Zhu > Department of Computer Science and Engineering > University of California, Riverside > > > On Mon, Mar 2, 2020 at 8:11 AM Compton, Rich A <Rich.Compton(a)charter.com> > wrote: > >> My guess is that it’s all the DDoS traffic coming from China saturating >> the links. >> >> >> >> *From: *NANOG Email List <nanog-bounces(a)nanog.org> on behalf of >> Pengxiong Zhu <pzhu011(a)ucr.edu> >> *Date: *Monday, March 2, 2020 at 8:58 AM >> *To: *NANOG list <nanog(a)nanog.org> >> *Cc: *Zhiyun Qian <zhiyunq(a)cs.ucr.edu> >> *Subject: *China’s Slow Transnational Network >> >> >> >> Hi all, >> >> >> >> We are a group of researchers at University of California, Riverside who >> have been working on measuring the transnational network performance (and >> have previously asked questions on the mailing list). Our work has now led >> to a publication in Sigmetrics 2020 and we are eager to share some >> >> interesting findings. >> >> >> >> We find China's transnational networks have extremely poor performance >> when accessing foreign sites, where the throughput is often persistently >> >> low (e.g., for the majority of the daytime). Compared to other countries >> we measured including both developed and developing, China's transnational >> network performance is among the worst (comparable and even worse than some >> African countries). >> >> >> >> Measuring from more than 400 pairs of mainland China and foreign nodes >> over more than 53 days, our result shows when data transferring from >> foreign nodes to China, 79% of measured connections has throughput lower >> than the 1Mbps, sometimes it is even much lower. The slow speed occurs only >> during certain times and forms a diurnal pattern that resembles congestion >> (irrespective of network protocol and content), please see the following >> figure. The diurnal pattern is fairly stable, 80% to 95% of the >> transnational connections have a less than 3 hours standard deviation of >> the slowdown hours each day over the entire duration. However, the speed >> rises up from 1Mbps to 4Mbps in about half an hour. >> >> >> >> [image: blob:null/71cf5a6a-3841-41ce-a1d4-207b59182189] >> >> >> >> We are able to confirm that high packet loss rates and delays are >> incurred in the foreign-to-China direction only. Moreover, the end-to-end >> loss rate could rise up to 40% during the slow period, with ~15% on average. >> >> >> >> There are a few things noteworthy regarding the phenomenon. First of all, >> all traffic types are treated equally, HTTP(S), VPN, etc., which means it >> is discriminating or differentiating any specific kinds of traffic. Second, >> we found for 71% of connections, the bottleneck is located inside China >> (the second hop after entering China or further), which means that it is >> mostly unrelated to the transnational link itself (e.g., submarine cable). >> Yet we never observed any such domestic traffic slowdowns within China. >> >> Assuming this is due to congestion, it is unclear why the infrastructures >> within China that handles transnational traffic is not even capable to >> handle the capacity of transnational links, e.g., submarine cable, which >> maybe the most expensive investment themselves. >> >> >> >> Here is the link to our paper: >> >> https://www.cs.ucr.edu/~zhiyunq/pub/sigmetrics20_slowdown.pdf >> >> >> We appreciate any comments or feedback. >> >> -- >> >> >> Best, >> Pengxiong Zhu >> Department of Computer Science and Engineering >> University of California, Riverside >> The contents of this e-mail message and >> any attachments are intended solely for the >> addressee(s) and may contain confidential >> and/or legally privileged information. If you >> are not the intended recipient of this message >> or if this message has been addressed to you >> in error, please immediately alert the sender >> by reply e-mail and then delete this message >> and any attachments. If you are not the >> intended recipient, you are notified that >> any use, dissemination, distribution, copying, >> or storage of this message or any attachment >> is strictly prohibited. >> >

3 2