Seven years ago, the RIPE NCC, which serves Europe, the middle east and the former Soviet Union, was no longer able to give out IPv4 address space to ISPs and other networks as needed. From that point on, the "last /8" policy came into effect, which meant that each "RIPE member" or local internet registry (LIR) could get one last IPv4 /22 (block of 1024 addresses). It very much looks like that last bit of IPv4 address space will run out before the end of the year.
Right before the final /8 policy came into effect, the RIPE NCC was giving out about a million IPv4 addresses per week. In 2019, they gave out a million IPv4 addresses every three months in the form of those final /22s. And now it's a million IPv4 addresses every six weeks, with two million left to go. Apparently, many new LIRs are set up to get one of those /22s while they last.
latest version of this image on the RIPE website
So in all likelihood RIPE will move from the final /8 policy to a new policy, where LIRs are put on a waiting list and get a /24 as those become available, before the end of 2019.
Permalink - posted 2019-09-09
▼
Last week, I suggested it's time fix those BGP route leaks. I live by the words everybody complains about the weather, but nobody does anything about it, so as such I wrote an Internet-Draft with the protocol changes necessary:
draft-van-beijnum-sidrops-pathrpki-00
I think we can stop these route leaks with a relatively modest change to RPKI: by combining the ASes the origin trusts and the ASes the operator of an RPKI relying party server trusts, we have a list of all the ASes that may legitimately appear in the AS path as seen from this particular vantage point.
I believe deployment will be relatively easy, as it works for the two ASes at both ends even if ASes in the middle don't participate.
There is path filter example code in the appendix to show that this part is easy. 😀
You can see that filter code in action here:
http://bgpexpert.com/pathrpki/
I'm looking forward to hearing feedback. I've started discussions on the RIPE routing-wg mailinglist and the IETF sidrops working group mailinglist. Also feel free to mail me directly or talk to me on Twitter.
Permalink - posted 2019-06-20
This Thursday I'll be at the NL-ix BGP security update event in Copenhagen, talking about BGP security topics, especially RPKI and BGPsec. I remember the first time I went to the IETF in 2002, where I heard about S-BGP and soBGP. And now last September that finally resulted in the publication of the BGPsec RFC (RFC 8205).
It's not too late to register, so I hope to see you there! Be sure to come say hi.
Permalink - posted 2018-04-15
When I lost my previous server, I recreated my websites from a backup on a virtual machine running on an old laptop at home. After ironing out issues with the different software versions that worked well, but obviously this is not a great solution.
So as a permanent solution, I got a virtual private server over at transip. They're cheap and highly automated, so setting up and managing virtual server is really easy. I guess the fact that everything runs of off SSDs helps a lot, because my websites have never been faster.
Permalink - posted 2017-05-07
I'm not sure when exactly it happened, but a week or two ago my server that hosts this site as well as bgpexpert.com and skatekalender.com went offline. This server has been running since 2005, so I wasn't too surprised. I assumed that either the server itself or the drive had finally given the ghost. So my plan was to collect it from the datacenter and see if could get the latest data from the drive.
Turns out, the people at Leaseweb removed and subsequently destroyed the server by accident.
So I took the long weekend to rebuild everything from backups. As is always the case, the backups turned out to be less comprehensive than expected, so I did lose some data, especially images. I'll be restoring some of those by hand, in some cases with lower resolution versions.
Everything is up and running on a temporary server now, but I want to find a good place to host a virtual server and then migrate everything there.
Permalink - posted 2017-04-17
If you tried to visit one of my websites yesterday or earlier today (5 and 6 august 2016), like muada.com, bgpexpert.com or skatekalender.com, the site didn't load. That was because my hosting company was doing maintenance so the server had to be shut down. The maintenance took a lot longer than expected, hence the significant downtime.
If you tried to send me mail on friday and you got an error, please try sending it again.
My apologies for the inconvenience.
Permalink - posted 2016-08-06
older posts
- newer posts