nanog mailing list archives
Re: NANOG Digest, Vol 145, Issue 5
From: Chris Orsman <chris () ctl-alt-del net>
Date: Wed, 5 Feb 2020 13:06:21 +0000
Hi, First submission so be nice :-) Ex. CenturyLink'er here so happy to share my knowledge of their network based solution if anyone is interested. Cheers Chris On Wed, 5 Feb 2020, 12:00 , <nanog-request () nanog org> wrote:
Send NANOG mailing list submissions to nanog () nanog org To subscribe or unsubscribe via the World Wide Web, visit https://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-request () nanog org You can reach the person managing the list at nanog-owner () nanog org When replying, please edit your Subject line so it is more specific than "Re: Contents of NANOG digest..." Today's Topics: 1. Re: Recommended DDoS mitigation appliance? (Colton Conor) 2. RE: Recommended DDoS mitigation appliance? (Phil Lavin) 3. RE: Recommended DDoS mitigation appliance? (Kushal R.) 4. Re: Recommended DDoS mitigation appliance? (J. Hellenthal) 5. Re: Recommended DDoS mitigation appliance? (Colton Conor) 6. RE: Recommended DDoS mitigation appliance? (Phil Lavin) 7. Re: Jenkins amplification (Daryl) 8. Re: Jenkins amplification (Mike Meredith) 9. Re: EVPN multicast route (multi home case ) implementation / deployment information (Andrey Kostin) 10. WTR: 1-2RU @ Equinix Ashburn (Jason Lixfeld) 11. Help with survey on enterprise network challenges? (Joseph Severini) 12. Re: Jenkins amplification (Christopher Morrow) 13. Re: Has Anyone managed to get Delegated RPKI working with ARIN (Cynthia Revström) 14. Re: Has Anyone managed to get Delegated RPKI working with ARIN (Randy Bush) ---------------------------------------------------------------------- Message: 1 Date: Tue, 4 Feb 2020 07:40:18 -0600 From: Colton Conor <colton.conor () gmail com> To: Javier Juan <javier.juan () gmail com> Cc: Rabbi Rob Thomas <robt () cymru com>, NANOG <nanog () nanog org> Subject: Re: Recommended DDoS mitigation appliance? Message-ID: < CAMDdSzN0vhwK70Gd0EnNPRvP9QAfqoXZ_GUZiaVtgzcWgwN_GQ () mail gmail com> Content-Type: text/plain; charset="utf-8" Javier, So is Imperva similar to how Kentik operates? What was it priced liked? I like the Kentik solution, but their per router per month pricing is too expensive even for a small network. On Mon, Feb 3, 2020 at 11:01 AM Javier Juan <javier.juan () gmail com> wrote:Hi ! I was looking around (a couple years ago) for mitigation appliances (Riorey, Arbor, F5 and so on).... but the best and almost affordable solution I found was Incapsula/Imperva.https://docs.imperva.com/bundle/cloud-application-security/page/introducing/network-ddos-monitoring.htmBasically, You send your flows to Imperva on cloud for analysis. As soon as they find DDoS attack , they activate mitigation. It´s some kind of elegant-hybrid solution without on-premise appliances . Just check itout :)Regards, JJ On Sun, Nov 17, 2019 at 11:20 PM Rabbi Rob Thomas <robt () cymru com>wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, NANOG! I'm in the midst of rebuilding/upgrading our backbone and peering - sessions cheerfully accepted :) - and am curious what folks recommend in the DDoS mitigation appliance realm? Ideally it would be capable of 10Gbps and circa 14Mpps rate of mitigation. If you have a recommendation, I'd love to hear it and the reasons for it. If you have an alternative to an appliance that has worked well for you (we're a mix of Cisco and Juniper), I'm all ears. Private responses are fine, and I'm happy to summarize back to the list if there is interest. Thank you! Rob. - -- Rabbi Rob Thomas Team Cymru "It is easy to believe in freedom of speech for those with whom we agree." - Leo McKern -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDcVjavXj08cL/QwdQ+hhYvqF8o0FAl3Rx08ACgkQQ+hhYvqF 8o0snw/8CxTOujcodNh/huMXZaUNlMNoNRz3IoPqBiAP9BZomMz9xqlpDW/qvWBF xhoJ07C0O0mo5ilNjnPR308uifIBu6ylw02PshOCU06dV0afgtndxGg5AoG9npUV 7uCi2afWaf22dq5TwKLut8QPNNQJTRzndX88xJw9MzzoBTemxRtM7ft4H3UhJ0hv oKo83FCNZQt36I+GZA9GBJeXM+o0f5h0w6fhRqARzttf6brJZdXgROyIQ7jptGuZ N3Yrjk/8RM4XKMnYbtIwl8NS3c0nEGN3ndn+Bz7p2FE7QJrZKonk/o03dvr2kU0Y 7gUQliOOzV9EsptVGyLCVyDJSElvXTBaps0giEVZhdmEIDJPWvBc+93j1g7xbmti 27lT6+5qBmEN0oKJWxXgtw9/n1yX9vsc7tXlgYDoXGhIlszdB3baRao1tYEp8BBQ hTGAULRfHe94tRzvOOQUQIuhzNcK1Q4E2jU6kzBB1wJsBD4zuHk+QIJLSHBmmnka VNKlQ+5zP8dmSMBp6k4feqAtt3hy0Bj+34FbdQZYPutIe3VXHEjpWI3jI9vKjhtC g7U/9CQIjVUl2APn1IllArpUpETBlNq7dSeJNUN/4Xh+eHglUnEn/m2kFG5mizmP d0YvLEVe0/+WzDUz+y3KxDVP5tdJT1VM46FHIgeiB4KrWNGRPUo= =uuel -----END PGP SIGNATURE------------------- next part -------------- An HTML attachment was scrubbed... URL: < http://mailman.nanog.org/pipermail/nanog/attachments/20200204/f146a39e/attachment-0001.html------------------------------ Message: 2 Date: Tue, 4 Feb 2020 13:50:07 +0000 From: Phil Lavin <phil.lavin () cloudcall com> To: Colton Conor <colton.conor () gmail com>, Javier Juan <javier.juan () gmail com> Cc: NANOG <nanog () nanog org> Subject: RE: Recommended DDoS mitigation appliance? Message-ID: < DB6PR0301MB2533F880B73AEE1AA43C483089030 () DB6PR0301MB2533 eurprd03 prod outlook comContent-Type: text/plain; charset="utf-8"So is Imperva similar to how Kentik operates? What was it priced liked?It is a nice model as you don't need additional hardware or virtual appliances on-prem, which cuts down on the CAPEX cost. Like everyone else, they price the scrubbing based on your clean traffic levels. Price I have is circa $73,000 a year for 250mbit clean traffic and circa $94,000 a year for 500mbit clean traffic. Reasonably good value if you get attacked a lot - a very expensive insurance policy if not. Yearly pricing is broadly on par with Radware, Arbor and A10 (Verisign). ------------------------------ Message: 3 Date: Tue, 4 Feb 2020 19:27:13 +0530 From: "Kushal R." <kushal.r () h4g co> To: Colton Conor <colton.conor () gmail com>, Javier Juan <javier.juan () gmail com>, Phil Lavin <phil.lavin () cloudcall com> Cc: NANOG <nanog () nanog org> Subject: RE: Recommended DDoS mitigation appliance? Message-ID: <8dfb7e0c-f61b-45eb-bd75-f93a3ec92277@Spark> Content-Type: text/plain; charset="utf-8" If you are looking for remote scrubbing, I can high recommend DDoS-Guard ( ddos-guard.com), they do not have any “limits” on the size or the number of attacks, the billing is simply based on the clean bandwidth. The highest they have mitigated for us is about 40G. You can either have it in an always on mode, with all incoming traffic coming via their 4 POPs (Los Angeles, Amsterdam, Hong Kong or Almaty) or you can use something like FastNetMon or DDoS-Guard’s own application that runs on any hardware and use eBGP to route the victim /24 over DDG’s network. -- Kushal R. | Management Office: +1-8557374335 (Global) | +91-8080807931 (India) WhatsApp: +1-3104050010 (Global) | +91-9834801976 (India) host4geeks.com host4geeks.in On 4 Feb 2020, 7:22 PM +0530, Phil Lavin <phil.lavin () cloudcall com>, wrote:So is Imperva similar to how Kentik operates? What was it priced liked?It is a nice model as you don't need additional hardware or virtualappliances on-prem, which cuts down on the CAPEX cost. Like everyone else, they price the scrubbing based on your clean traffic levels. Price I have is circa $73,000 a year for 250mbit clean traffic and circa $94,000 a year for 500mbit clean traffic. Reasonably good value if you get attacked a lot - a very expensive insurance policy if not. Yearly pricing is broadly on par with Radware, Arbor and A10 (Verisign). -------------- next part -------------- An HTML attachment was scrubbed... URL: < http://mailman.nanog.org/pipermail/nanog/attachments/20200204/021b4821/attachment-0001.html------------------------------ Message: 4 Date: Tue, 4 Feb 2020 08:04:30 -0600 From: "J. Hellenthal" <jhellenthal () dataix net> To: Javier Juan <javier.juan () gmail com> Cc: Rabbi Rob Thomas <robt () cymru com>, nanog () nanog org Subject: Re: Recommended DDoS mitigation appliance? Message-ID: <654D5FD3-7D9D-423A-B2A9-817CC443A54E () dataix net> Content-Type: text/plain; charset="utf-8" Hopefully you would be sending those flows out a different circuit than the one that’s going to get swamped with a DDoS otherwise... it might just take a while to mitigate that ;-) depending on the type obviously. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.On Feb 3, 2020, at 11:01, Javier Juan <javier.juan () gmail com> wrote: Hi ! I was looking around (a couple years ago) for mitigation appliances(Riorey, Arbor, F5 and so on).... but the best and almost affordable solution I found was Incapsula/Imperva.https://docs.imperva.com/bundle/cloud-application-security/page/introducing/network-ddos-monitoring.htmBasically, You send your flows to Imperva on cloud for analysis. As soonas they find DDoS attack , they activate mitigation. It´s some kind of elegant-hybrid solution without on-premise appliances . Just check it out :)Regards, JJOn Sun, Nov 17, 2019 at 11:20 PM Rabbi Rob Thomas <robt () cymru com>wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, NANOG! I'm in the midst of rebuilding/upgrading our backbone and peering - sessions cheerfully accepted :) - and am curious what folks recommend in the DDoS mitigation appliance realm? Ideally it would be capable of 10Gbps and circa 14Mpps rate of mitigation. If you have a recommendation, I'd love to hear it and the reasons for it. If you have an alternative to an appliance that has worked well for you (we're a mix of Cisco and Juniper), I'm all ears. Private responses are fine, and I'm happy to summarize back to the list if there is interest. Thank you! Rob. - -- Rabbi Rob Thomas Team Cymru "It is easy to believe in freedom of speech for those with whom we agree." - Leo McKern -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDcVjavXj08cL/QwdQ+hhYvqF8o0FAl3Rx08ACgkQQ+hhYvqF 8o0snw/8CxTOujcodNh/huMXZaUNlMNoNRz3IoPqBiAP9BZomMz9xqlpDW/qvWBF xhoJ07C0O0mo5ilNjnPR308uifIBu6ylw02PshOCU06dV0afgtndxGg5AoG9npUV 7uCi2afWaf22dq5TwKLut8QPNNQJTRzndX88xJw9MzzoBTemxRtM7ft4H3UhJ0hv oKo83FCNZQt36I+GZA9GBJeXM+o0f5h0w6fhRqARzttf6brJZdXgROyIQ7jptGuZ N3Yrjk/8RM4XKMnYbtIwl8NS3c0nEGN3ndn+Bz7p2FE7QJrZKonk/o03dvr2kU0Y 7gUQliOOzV9EsptVGyLCVyDJSElvXTBaps0giEVZhdmEIDJPWvBc+93j1g7xbmti 27lT6+5qBmEN0oKJWxXgtw9/n1yX9vsc7tXlgYDoXGhIlszdB3baRao1tYEp8BBQ hTGAULRfHe94tRzvOOQUQIuhzNcK1Q4E2jU6kzBB1wJsBD4zuHk+QIJLSHBmmnka VNKlQ+5zP8dmSMBp6k4feqAtt3hy0Bj+34FbdQZYPutIe3VXHEjpWI3jI9vKjhtC g7U/9CQIjVUl2APn1IllArpUpETBlNq7dSeJNUN/4Xh+eHglUnEn/m2kFG5mizmP d0YvLEVe0/+WzDUz+y3KxDVP5tdJT1VM46FHIgeiB4KrWNGRPUo= =uuel -----END PGP SIGNATURE------------------- next part -------------- An HTML attachment was scrubbed... URL: < http://mailman.nanog.org/pipermail/nanog/attachments/20200204/a0d80487/attachment-0001.html-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3944 bytes Desc: not available URL: < http://mailman.nanog.org/pipermail/nanog/attachments/20200204/a0d80487/attachment-0001.bin------------------------------ Message: 5 Date: Tue, 4 Feb 2020 08:25:21 -0600 From: Colton Conor <colton.conor () gmail com> To: Phil Lavin <phil.lavin () cloudcall com> Cc: Javier Juan <javier.juan () gmail com>, NANOG <nanog () nanog org> Subject: Re: Recommended DDoS mitigation appliance? Message-ID: < CAMDdSzONkYYT4AeMGLm7iOHYPhZbB7NKbU_rSR+Y6_GAbAN+sw () mail gmail com> Content-Type: text/plain; charset="utf-8" Phil, This sounds like a different model to me. Kentik I think averages out around $500 per 10G per month. Kentik doesn't do any scrubbing however. Does anyone have guide to DDoS services? Seems like there is a wide array of pricing and technology options. On Tue, Feb 4, 2020 at 7:50 AM Phil Lavin <phil.lavin () cloudcall com> wrote:So is Imperva similar to how Kentik operates? What was it priced liked?It is a nice model as you don't need additional hardware or virtual appliances on-prem, which cuts down on the CAPEX cost. Like everyoneelse,they price the scrubbing based on your clean traffic levels. Price I have is circa $73,000 a year for 250mbit clean traffic and circa $94,000 ayearfor 500mbit clean traffic. Reasonably good value if you get attacked alot- a very expensive insurance policy if not. Yearly pricing is broadly on par with Radware, Arbor and A10 (Verisign).-------------- next part -------------- An HTML attachment was scrubbed... URL: < http://mailman.nanog.org/pipermail/nanog/attachments/20200204/64450404/attachment-0001.html------------------------------ Message: 6 Date: Tue, 4 Feb 2020 14:27:33 +0000 From: Phil Lavin <phil.lavin () cloudcall com> To: Colton Conor <colton.conor () gmail com> Cc: Javier Juan <javier.juan () gmail com>, NANOG <nanog () nanog org> Subject: RE: Recommended DDoS mitigation appliance? Message-ID: < DB6PR0301MB2533333514B0C540168E7B6189030 () DB6PR0301MB2533 eurprd03 prod outlook comContent-Type: text/plain; charset="utf-8"This sounds like a different model to me. Kentik I think averages outaround $500 per 10G per month I was talking about Imperva ------------------------------ Message: 7 Date: Mon, 3 Feb 2020 13:39:10 -0600 From: Daryl <lists@soldmydata.online> To: nanog () nanog org Subject: Re: Jenkins amplification Message-ID: <20200203133910.2dfb5f5c@mail> Content-Type: text/plain; charset=US-ASCII On Mon, 3 Feb 2020 10:55:35 -0800 (PST) Sabri Berisha <sabri () cluecentral net> wrote:----- On Feb 3, 2020, at 10:35 AM, Christopher Morrow morrowc.lists () gmail com wrote:On Mon, Feb 3, 2020 at 1:26 PM William Herrin <bill () herrin us> wrote:VPN.I love it when my home network gets full access to the corporate network!Most places I've worked at issue company controlled laptops with company controlled VPN software which will disable all local access and even disconnect if you dare to manually change the routing table to access the printer in your home office. In fact, a too tightly controlled VPN contributed to a 7 figure loss during an outage at a company which name shall not be mentioned. Your home network should have no access to the corp network. Your company issued laptop should. Thanks, SabriThat's how our company operates. I went a step further and put all company issued equipment on it's own vlan at home. ------------------------------ Message: 8 Date: Tue, 4 Feb 2020 16:12:45 +0000 From: Mike Meredith <mike.meredith () port ac uk> To: nanog () nanog org Subject: Re: Jenkins amplification Message-ID: <20200204161245.10aac79f () scrofula eps is port ac uk> Content-Type: text/plain; charset="utf-8" On Mon, 3 Feb 2020 16:13:34 -0500, Christopher Morrow <morrowc.lists () gmail com> may have written:My experience, and granted it's fairly scoped, is that this sort of thing works fine for a relatively small set of 'persons' and 'resources'.Seeing as managing this sort of thing is my primary job these days ...it ends up being about the cross-product of #users * #resources.That's the interesting part of the job - coalescing rules in a way that minimises the security impact but maximises the decrease of complexity. If you don't, you get an explosion of complexity that results in a set of rules (I know of an equivalent organisation that has over 1,000 firewall rules) that becomes insanely complex to manage.certainly a more holistic version of the story is correct. the relatively flippant answer way-back-up-list of: "vpn"I think that "vpn" is the right answer - it's preferrable to publishing services to the entire world that only need to be used by empoyees. But it's not cheap or easy. -- Mike Meredith, University of Portsmouth Hostmaster, Security, and Chief Systems Engineer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: < http://mailman.nanog.org/pipermail/nanog/attachments/20200204/51fff1b7/attachment-0001.sig------------------------------ Message: 9 Date: Tue, 04 Feb 2020 11:59:13 -0500 From: Andrey Kostin <ankost () podolsk ru> To: "Mankamana Mishra (mankamis)" <mankamis () cisco com> Cc: nanog () nanog org Subject: Re: EVPN multicast route (multi home case ) implementation / deployment information Message-ID: <af953fad372932f55b167921bd415962 () podolsk ru> Content-Type: text/plain; charset=UTF-8; format=flowed Hi Mankamana, For Juniper: Starting in Junos OS 18.4R1, devices with IGMP snooping enabled use selective multicast forwarding in a centrally routed EVPN-VXLAN network to replicate and forward multicast traffic. As before, IGMP snooping allows the leaf device to send multicast traffic only to the access interface with an interested receiver. But now, when IGMP snooping is enabled, the leaf device selectively sends multicast traffic to only the leaf devices in the core that have expressed an interest in that multicast group. In selective multicast forwarding, leaf devices always send multicast traffic to the spine device so that it can route inter-VLAN multicast traffic through its IRB interface. https://www.juniper.net/documentation/en_US/junos/topics/concept/evpn-selective-multicast-forwarding.html Kind regards, Andrey Mankamana Mishra (mankamis) via NANOG писал 2020-02-03 18:34:Folks Wondering if there is any known implementation of EVPN multihome multicast routes which are defined in https://tools.ietf.org/html/draft-ietf-bess-evpn-igmp-mld-proxy-04 there is some change planned in NLRI , we want to make sure to have solution which does work well with existing implementation. NOTE: Discussion INVOLVES NOKIA, JUNIPER, CISCO, ARISTA ALREADY. SO LOOKING FOR ANY OTHER VENDOR WHO HAVE IMPLEMENTATION. Mankamana------------------------------ Message: 10 Date: Tue, 4 Feb 2020 12:10:00 -0500 From: Jason Lixfeld <jason+nanog () lixfeld ca> To: NANOG mailing list <nanog () nanog org> Subject: WTR: 1-2RU @ Equinix Ashburn Message-ID: <7BC7D4A3-5691-45D8-9C27-D8A21CD0BDB4 () lixfeld ca> Content-Type: text/plain; charset=utf-8 Hi, I’m wondering if anyone is looking to subsidize their Equinix Ashburn colo costs by way of carving out 1-2 RU to a friendly for a low density networking application. If so, I’d love to hear from you! Thanks in advance! ------------------------------ Message: 11 Date: Tue, 4 Feb 2020 13:04:19 -0500 From: Joseph Severini <jseverin () andrew cmu edu> To: nanog () nanog org Subject: Help with survey on enterprise network challenges? Message-ID: <CAGBamiMrvAk599A0_fAW= sdmxjOHR8MVe9j9yXmHq+r52PjZGQ () mail gmail com> Content-Type: text/plain; charset="UTF-8" Hi, My name is Joseph Severini, and I am a PhD student in the Computer Science Department at Carnegie Mellon University. I’m working on a research project to identify common operational challenges in modern enterprise computer networks. I’ve put together a survey to identify these challenges by analyzing some operational problems found in the Network Engineering Stack Exchange open-source dataset. You’ll be given a problem from the dataset and asked some questions about it. I would appreciate it if you would consider taking this survey, which can be found at the link below: http://cmu.ca1.qualtrics.com/jfe/form/SV_dm6i9znuPWlLDN3 The survey should take ~15 minutes. Participation is voluntary, with no compensation, and all responses are anonymous. You must be at least 18 years old to complete the survey. Thanks, Joseph Severini PhD Student CMU Computer Science Department ------------------------------ Message: 12 Date: Tue, 4 Feb 2020 15:59:37 -0500 From: Christopher Morrow <morrowc.lists () gmail com> To: Mike Meredith <mike.meredith () port ac uk> Cc: nanog list <nanog () nanog org> Subject: Re: Jenkins amplification Message-ID: <CAL9jLaaiiLsOqShddYcdn_HYO0aeY+skF+XDefK3Uhvm+= A6cw () mail gmail com> Content-Type: text/plain; charset="UTF-8" On Tue, Feb 4, 2020 at 11:15 AM Mike Meredith <mike.meredith () port ac uk> wrote:On Mon, 3 Feb 2020 16:13:34 -0500, Christopher Morrow <morrowc.lists () gmail com> may have written:My experience, and granted it's fairly scoped, is that this sort ofthingworks fine for a relatively small set of 'persons' and 'resources'.Seeing as managing this sort of thing is my primary job these days ...<beer, you probably deserve one> :)it ends up being about the cross-product of #users * #resources.That's the interesting part of the job - coalescing rules in a way that minimises the security impact but maximises the decrease of complexity.Ifyou don't, you get an explosion of complexity that results in a set of rules (I know of an equivalent organisation that has over 1,000 firewall rules) that becomes insanely complex to manage.I think the fact that it's hard to keep all of this going and to contain the natural spread of destruction (that it takes someone with a pretty singular foc us) makes my point.certainly a more holistic version of the story is correct. the relatively flippant answer way-back-up-list of: "vpn"I think that "vpn" is the right answer - it's preferrable to publishing services to the entire world that only need to be used by empoyees. But it's not cheap or easy.Weighing the cost/benefit is certainly each org's decision. having lived without vpn for a long while and under the regime of authen/author for users with proper token/etc access... I'd not want my internal network opened to the wilds of vpn users :( (I actively discourage this at work because there are vanishingly small reasons why a full network connection is really required by a user at this point). anyway, good luck! ------------------------------ Message: 13 Date: Wed, 5 Feb 2020 10:56:51 +0100 From: Cynthia Revström <me () cynthia re> To: christopher () ve7alb ca Cc: NANOG list <nanog () nanog org> Subject: Re: Has Anyone managed to get Delegated RPKI working with ARIN Message-ID: < CAKw1M3PQTvB6zyJkn5eMdByJTSqXX4seUYFBduf-jQnLWSMJFw () mail gmail com> Content-Type: text/plain; charset="utf-8" (Re-sent as I forgot to include the ML the first time, oops) Hi Chris, I recently figured it out and posted it on the NLNetLabs RPKI mailing list. https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html I hope it helps :) - Cynthia On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin < christopher () ve7alb ca> wrote:Hi Nanog, Posting here since my Google-fu is coming up short. I'm trying to setup delegated RPKI in ARIN using rpki.net's rpkid Python daemon and am running into an issue submitting the identity file to ARIN's controlpanel.The same file submitted to RIPE's test environment at https://localcert.ripe.net/#/rpki works without issue, while submitting to ARIN results in "Invalid Identity.xml file." The guide I'm following is this one:https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial-ca.mdand I'm able to get as far as generating the identity file. Wondering if anyone has gone down this road before and has any helpful hints to make this work? Cheers, Chris-------------- next part -------------- An HTML attachment was scrubbed... URL: < http://mailman.nanog.org/pipermail/nanog/attachments/20200205/49b8cf46/attachment-0001.html------------------------------ Message: 14 Date: Wed, 05 Feb 2020 02:52:08 -0800 From: Randy Bush <randy () psg com> To: "Cynthia Revström" <me () cynthia re> Cc: christopher () ve7alb ca, NANOG list <nanog () nanog org> Subject: Re: Has Anyone managed to get Delegated RPKI working with ARIN Message-ID: <m2o8ud71d3.wl-randy () psg com> Content-Type: text/plain; charset=US-ASCIII recently figured it out and posted it on the NLNetLabs RPKI mailinglist.https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.htmlnice. thank you. randy End of NANOG Digest, Vol 145, Issue 5 *************************************
Current thread:
- Re: NANOG Digest, Vol 145, Issue 5 Chris Orsman (Feb 05)