- NZNOG - lists.nznog.org

Submit a paper for APIX30!
by Narelle Clark 29 Jul '24

29 Jul '24

Hi all! APIX#30 is scheduled for Tuesday 3 September 2024 and will be held alongside APNIC58 in Wellington, NZ. APIX is the Asia-Pacific Internet Exchange Association. The APIX Program Committee therefore invites presentations for the upcoming APIX#30 meeting. Suitable topics include:- * Internet Exchange ecosystem: topics related to the technical components of IXPs and their architectures * Internet Exchange operations: adopting new technology, monitoring and management of IXPs * Internet Exchange security: threats, mitigations and use cases in the IXP context * Internet Exchange growth and organisation: attracting new members, onboarding them and keeping them involved * Assessment and analysis of the impact of Internet Exchanges on the Internet ecosystem * Internet landscape generally: what big picture issues affect IXPs or their members * Data centre ecosystem: what trends are we seeing, what features and technology makes a DC a good home for an IXP? * Any other topics related to Internet and IXP operations. Presentations need to be of a practical orientation and directly assist the IXP community in establishing, running and growing IXPs. The intention is knowledge sharing and skill enhancement. Presentations aimed just at trying to sell services will not be accepted. Presentations can be in person or remote, you must tell us your preference. Hope to see you there -- Narelle Clark Chief Executive Officer Internet Association of Australia Ltd [cid:image001.png(a)01DAE1C7.1114FAA0] Suite 1.05, 150 Pacific Highway * North Sydney, NSW 2060 [Smart Phone with solid fill] +61 2 9037 6403 [Receiver outline] 1300 653 132 [Envelope with solid fill] ceo(a)internet.asn.au<mailto:ceo(a)internet.asn.au> [Earth globe: Asia and Australia with solid fill] www.internet.asn.au<http://www.internet.asn.au/> [cid:image006.jpg(a)01DAE1C7.1114FAA0]<https://internet.asn.au/events/nsw-ix-400gbps-ports/>

1 1

AS Number Management Study by TU Delft
by Nachiket Kondhalkar 18 Jul '24

18 Jul '24

Hello NZNOG community, APNIC and RIPE NCC have introduced an annual ASN maintenance fee from January 2025. As part of a research group currently studying AS Number management at TU Delft, we would like to understand the perspectives of network administrators in reference to this change. Your experience and expertise will help us understand and present the consensus of the community through our research. The link for the survey is : https://tudelft.fra1.qualtrics.com/jfe/form/SV_6DzjvsCOXjto8R0 For more information about the study: https://blog.apnic.net/2024/07/16/a-comprehensive-review-of-rir-policies-in… We would be grateful if you could take a few minutes to complete the survey. Your participation will help develop solutions for network operators. Thank you for your time and your input, Nachiket Kondhalkar TU Delft

1 0

nz DNSSEC KSK rollover - Standby Chain
by Josh Simpson 08 Jul '24

08 Jul '24

Kia ora koutou, InternetNZ is beginning its return to routine DNSSEC operations. Starting on 15-07-2024, we will begin our improved process, which incorporates changes from internal and external reviews following the DNSSEC incident in May 2023. This will consist of four short maintenance windows, in which we will pause zone distribution to make changes, perform validation, and resume zone distribution. The status and scheduling will be posted to status.internetnz.nz. To be notified, subscribe to IRS Production > Zone Publish Window 1 We will change the DS TTL in DNSSEC policy for the standby chain of second level domains. This change addresses the issues encountered in May 2023. Window 2 We will perform a KSK rollover on the standby DNSSEC chain for nz, ac.nz, co.nz, net.nz, gen.nz, org.nz, govt.nz, parliament.nz, geek.nz, school.nz, kiwi.nz, iwi.nz, maori.nz, cri.nz, health.nz, and mil.nz This will generate new DNSSEC keys and add them to the standby signing chain. Window 3 We will mark the keys generated in window 2 as active in the standby DNSSEC chain. Window 4 Window 4 will occur after the TTL safety period (2xTLL, 2 Days) has lapsed and DNSSEC RRSET validation is possible via both the old keys and new keys. The DNSSEC policies updated in Window 1 with the correct TTL timing will be enforced, this will result in the safe retirement of the old keys and allow us to remove redundant keys from the zones. The current standby chain key tags for each zone are as follows: nz: 49157, ac.nz: 5938, co.nz: 59176, cri.nz: 19190, geek.nz: 7171, gen.nz: 48574, govt.nz: 18181, health.nz: 33694, iwi.nz: 58454, kiwi.nz: 47464, maori.nz: 21689, mil.nz: 43906, net.nz: 25105, org.nz: 24626, parliament.nz: 49424, school.nz: 27382 We would like to emphasise that if you encounter any DNSSEC issues, please report them to us via registry(a)internetnz.net.nz. We will keep you updated, and provide a summary report at the conclusion of incident-related work. Ngā mihi Josh -- Josh Simpson Product Infrastructure Lead InternetNZ | Ipurangi Aotearoa www.internetnz.nz

1 0

Webinar on LibreQos June 14rh
by Dave Taht 10 Jun '24

10 Jun '24

<blatant advert> We are doing an hour long deep dive webinar on LibreQos June 14th, courtesy of the APNIC Academy, with an astounding 196 signups so far. We are pushing multiple terabits of traffic around the world through it now, not just for ISPs, but for MDUs, post VPN processing, upstream DIY circuits, on everything from DSL to fiber. As an open source, eBPF based transparent bridge, it only takes a few minutes to install in-band, and be able to pull stats about your networks' behaviors that you've never seen before, and then apply the best shaping and bufferbloat-beating code in the world to it. Sign up here: https://academy.apnic.net/en/events?id=a0BOc000000Pgk1MAC - especially if you have been deploying fq_codel or cake, replacing brittle policers, etc, etc. We have a very popular chat too: https://chat.libreqos.io/join/fvu3cerayyaumo377xwvpev6/ PS The upcoming v1.5 release of libreqos is about 30% faster (example: pushing over 60Gbits through a $1500 Ryzen box), which is enough for 10s of thousands of customer networks on the other side of it. We have the ability to model and debloat complicated networks 8 hops deep, or along a troublesome edge, new support for emitting netflow, and quite a few other useful things in that release. and we hope to put it into beta by the end of this month, or earlier. Please come to the webinar to see the latest code, live, in production! https://github.com/LibreQoE/LibreQoS/tree/develop </blatant advert> I am in general deliriously happy with the stability, and performance of this stuff and the growth of uptake worldwide over the last 6 months, (and also watching starlink get thoroughly debloated a few months back was a real high, tho they just used fq and something codel-ly not LibreQos) Y'all are just minutes and minor CAPEX away from a vastly better internet. -- https://www.linkedin.com/feed/update/urn:li:activity:7203400057172180992/ Donations Drive. Dave Täht CSO, LibreQos

1 0

Spoofer Report for NZNOG for May 2024
by CAIDA Spoofer Project 09 Jun '24

09 Jun '24

In response to feedback from operational security communities, CAIDA's source address validation measurement project (https://spoofer.caida.org) is automatically generating monthly reports of ASes originating prefixes in BGP for systems from which we received packets with a spoofed source address. We are publishing these reports to network and security operations lists in order to ensure this information reaches operational contacts in these ASes. This report summarises tests conducted within nzl. Inferred improvements during May 2024: ASN Name Fixed-By 38299 REANNZ-CORP-NZ-AP 2024-05-12 Further information for the inferred remediation is available at: https://spoofer.caida.org/remedy.php Source Address Validation issues inferred during May 2024: none inferred Please send any feedback or suggestions to spoofer-info(a)caida.org

1 0

NZNOG 2024 Post Conference Survey
by Nathan Ward 20 May '24

20 May '24

Apologies if you have received this through other channels. NZNOG 2024 was held in Nelson in April. Each year we produce a survey. This is very useful, for example it helps us to: - Give feedback to speakers - Get feedback ourselves around the conference in general, and programme - Plan future NZNOG conferences Please help us out by completing our survey, at the following URL: https://www.surveymonkey.com/r/B6GS7MT Even if you did not attend, please have a look - you can of course skip the sections about feedback for 2024, and provide feedback to help us plan future conferences. -- Nathan Ward for the NZNOG Trustees

1 0

Spoofer Report for NZNOG for Apr 2024
by CAIDA Spoofer Project 09 May '24

09 May '24

In response to feedback from operational security communities, CAIDA's source address validation measurement project (https://spoofer.caida.org) is automatically generating monthly reports of ASes originating prefixes in BGP for systems from which we received packets with a spoofed source address. We are publishing these reports to network and security operations lists in order to ensure this information reaches operational contacts in these ASes. This report summarises tests conducted within nzl. Inferred improvements during Apr 2024: ASN Name Fixed-By 38299 REANNZ-CORP-NZ-AP 2024-04-14 Further information for the inferred remediation is available at: https://spoofer.caida.org/remedy.php Source Address Validation issues inferred during Apr 2024: ASN Name First-Spoofed Last-Spoofed 38299 REANNZ-CORP-NZ-AP 2024-01-28 2024-04-28 Further information for these tests where we received spoofed packets is available at: https://spoofer.caida.org/recent_tests.php?country_include=nzl&no_block=1 Please send any feedback or suggestions to spoofer-info(a)caida.org

1 0

APNIC 58 Conference - Call for Presentations
by Terry Sweetser 25 Apr '24

25 Apr '24

_____________________________________________________________________ APNIC 58 Conference - Call for Presentations _____________________________________________________________________ The APNIC Program Committee (PC) is seeking presentations for the APNIC 58 conference in Wellington, New Zealand from 30 August to 6 September 2024. The PC is looking for content that would suit technical sessions, tutorials, lightning talks, and panel discussions. Topics for the conference sessions must be relevant to Internet operations and technologies. For possible areas of topics and submission details, please see: https://conference.apnic.net/58/program/callforpresentations/index.html Key dates --------- Call for presentations opens: Wednesday, 24 April 2024 First round acceptance: Monday, 27 May 2024 Final deadline for submissions: Thursday, 27 June 2024 Final round acceptance: Saturday, 27 July 2024 Please take note of the key dates so that the program can be announced early. APNIC 58 conference registration is free for selected speakers, however speakers must fund their own travel if presenting in-person. The PC will give preference to in-person presentations over remote presentations. Prospective presenters should note that the majority of speaking slots will be filled well before the final submission deadline. The PC will retain a limited number of slots up to the final submission deadline for presentations that are exceptionally timely, important, or of critical operational importance. If you have any other ideas or proposals for panel or BoF sessions, please feel free to submit your ideas via the submission system. If you have any questions, please email the PC at: apnic-pc(a)apnic.net For more information about APNIC 58, please see: https://conference.apnic.net/58/index.html Sent on behalf of the APNIC 58 PC ________________________________________________________________________ APNIC Secretariat e: secretariat(a)apnic.net p: +61 7 3858 3100 www.apnic.net ________________________________________________________________________

1 0

Spoofer Report for NZNOG for Mar 2024
by CAIDA Spoofer Project 09 Apr '24

09 Apr '24

In response to feedback from operational security communities, CAIDA's source address validation measurement project (https://spoofer.caida.org) is automatically generating monthly reports of ASes originating prefixes in BGP for systems from which we received packets with a spoofed source address. We are publishing these reports to network and security operations lists in order to ensure this information reaches operational contacts in these ASes. This report summarises tests conducted within nzl. Inferred improvements during Mar 2024: none inferred Source Address Validation issues inferred during Mar 2024: ASN Name First-Spoofed Last-Spoofed 38299 REANNZ-CORP-NZ-AP 2024-01-28 2024-03-31 Further information for these tests where we received spoofed packets is available at: https://spoofer.caida.org/recent_tests.php?country_include=nzl&no_block=1 Please send any feedback or suggestions to spoofer-info(a)caida.org

1 0

NZNOG Conference Talks
by Richard Nelson 02 Apr '24

02 Apr '24

In case anyone is undecided about the conference, most of the talks descriptions are now available on the NZNOG website. I have a draft program. There is still room for one or two more talks if anyone thought they were too late to submit or has a last minute idea. There will be a slot for Lightning talks this year so if you have anything interesting but quick or you want to have a short rant about -work out what you want to say and maybe put together a couple of slides. Richard

1 0