Blog post dedicated to my friend M Henri Day from Stockholm, Sweden. Today I learnt that he’s no more and passed away in the first week of December last year. He one of my few good friends from college days. We both were so called “power posters or top contributors” as Google named us in their different forums. I was one of top contributors in Google Apps (Gsuite / Google Workplace) and he was …..well to be honest I don’t even recall that now after 11 years about which specific Google product he was active on. I think it was Google bookmarks, Picasa and few other things. We were super active in those forums for no specific reason but because it was just fun helping people around. Plus that was the time I learnt how DNS works and was very excited to talk about it with everyone. I was out of school and didn’t perform well & got into a college which was ok. To be true college was less fun and life in Radaur was harsh but somehow I developed the taste of the life there. I documented part of that life in some old posts here and here.

Over last couple of years I posted updates on Facebook caching nodes (FNA) deployment across the world. If you would like to read the logic I am using to pull the data, you can check the original post here. While the data is about Facebook FNA, it’s highly likely that networks would have Google GGC nodes alongside (a bit less) Akamai caches.

My last post about it was back in Nov 2019 and it seems just about the time to do a fresh check. So here we go…

Just came across this brilliant talk by my friend Bert Hubert. It covers so nicely about the mad rush to just outsource everything and how innovation is lost. While he mentioned names of EU telcos in examples, unfortunately situation isn’t that different in this side of world either. Operator in South Asia also very much suffer with this problem.

Slides of this presentation are here.

Earlier today I saw twitter feed of bgpstream about Vodafone AS55410 hijacking a prefix from Brazil.

BGP,HJ,hijacked prefix AS270497 24.152.117.0/24, RUTE MARIA DA CUNHA, BR,-,By AS55410 VIL-AS-AP Vodafone Idea Ltd, IN, https://t.co/WvDvQMMDCf

— Cisco BGPStream (@bgpstream) April 16, 2021

Soon my friend Doug Madory tweeted about large scale hijack coming from Vodafone AS55410.

Large BGP routing leak out of India this morning.

AS55410 mistakenly announced over 30,000 BGP prefixes causing a 13x spike in inbound traffic to their network according to @kentikinc netflow data.

(cc: @anurag_bhatia, @aftabsiddiqui, @jaredmauch) pic.twitter.com/PQ4iiTKD2Q

Over two months passed since anti-farm law protests have started. It’s having a major impact across life in Delhi, Haryana and Punjab. This post covers it in detail.

Advanced warning: Very India specific post. Has nothing to do with systems or networks. Do not read if you aren’t interested in Indian farm distress, the way our democracy works and associated issues.

Image source: Firstpost

Background of farming stress

Due to a number of policy decisions, farmers in Punjab and Haryana (and some key areas of UP) got into a vicious cycle of producing wheat & paddy crops in excess. While it was actually a need of the hour when India was in a food crisis decades ago but since the green revolution, it has just continued. A number of expert committees have explored over time to reduce this dependency but lack of political will always come in the way.

Last month I did a short webinar with Indian ISPs talking about DNS servers in detail. The idea of the session was to make network engineers from fellow ISPs familiar with root DNS servers, DNS hierarchy, anycast etc. As we went through slides it was clear from RIPE Atlas data that Indian networks are not reaching local DNS servers due to routing! (Data from RIPE Atlas here).

This may come as a surprise for policymakers (where there seem to be ongoing discussions around how India can have its own root DNS servers even though) we are not hitting existing local root DNS instances. Anyways does that statement of having own root DNS servers even possible?

And a blog post after a while. Last few months went busy with RPKI. After my last post about RPKI and the fact that India was lacking a little bit on RPKI ROA front, we started with a major push by a set of like-minded folks like us. For now, Indian signed table has jumped from 12% since Aug to 32% now in Oct. Detailed graphs and other data can be found here on the public Grafana instance.

So based on my friend - Abdul Awal’s tweet, I started looking at the latest RPKI ROA data for India. His Tweet came when I was in the middle of moving my blog from WordPress running over LXC containers to now WordPress over docker with Bitnami image. Bit of optimisation is still pending.

My routing security project with @nsrcworld & @mozilla started in Oct-19 to improve #RPKI deployment in South Asia+Myanmar. The two graphs show tremendous growth in RPKI and how #INDIA is lagging behind. @anurag_bhatia @RoutingMANRS @routinator3000 @AbuseIp @routingtablepod pic.twitter.com/HAb93XED5C

A friend of mine buzzed me yesterday about his missing route objects. Later multiple other ISPs told the same story which triggered me to put this as a question on INNOG Mailing list. Many folks replied of missing route objects there and it seems to be limited to IRINN members only. I also asked the same question on APNIC mailing list and it was again confirmed about the issue.
Before I proceed further, here’s what it is all about.

Lately, I have been playing with many tools and as one gets into deploying those tools, SSL comes as a pain point. A large number of web-based tools I use are internal and on a private network. VPN (with OSPF running over FRR) takes care of connectivity but still, it’s good to have SSL on these machines. Non-HTTPs websites are getting more & more ugly with browsers and even things like password managers do not fill the passwords anymore on their own for non-HTTPS websites.