nanog mailing list archives
Re: Kenyan Route Hijack
From: Jeff Aitken <jaitken () aitken com>
Date: Mon, 17 Mar 2008 12:25:52 +0000
On Sat, Mar 15, 2008 at 11:57:50AM -0600, Danny McPherson wrote:
An interesting bit is that the current announcement on routeviews directly from AS 6461 has Community 6461:5999 attached: ... 6461 64.125.0.137 from 64.125.0.137 (64.125.0.137) Origin IGP, metric 0, localpref 100, valid, external, best Community: 6461:5999 ... According to this, that community is used for "internal prefixes": http://onesc.net/communities/as6461/ "6461:5999 internal prefix" A "sh ip bgp community 6461:5999" currently yields 130 prefixes with Origin AS of 6461 and that community.
Hi Danny, Unless things have changed since I left in '05, 6461:5999 is the outbound community set on internally-originated prefixes. You would expect to see it on prefixes "owned" by AS6461 (such as 216.200/16) as well as address space announced on behalf of customers (i.e., prefixes "belonging" to customers who have no ASN and/or no desire to run BGP). Prefixes learned from another customer would have :5998 and those learned from a peer would have :5997, IIRC. These outbound translations are/were only performed on customer BGP sessions, which makes sense in this case since the session to route-views is/was configured like any other customer session. All it really tells you is that for whatever reason, that prefix was "manually" injected into BGP, most likely as a redist'ed static. Anyway, it's possible that this was intended due to an AUP issue but it's unlikely that they'd intentionally propagate the /24 in that case. At least when I was there, AboveNet had a separate system for injecting routes into BGP (for TE, abuse, etc) that automatically set no-export on those routes. In addition to making the process a lot less error-prone it helped contain any mistakes due to the automatic no-export. The only time you added a static route was when you WANTED to announce it. Beyond that, I have no idea why 6461 would have originated this route. My guess would be that someone who didn't understand the implications of their action added it as a static route for whatever reason, but that's nothing more than a guess. Seems like I've heard Randy voice an opinion on the local/global thing once before. :-) --Jeff
Current thread:
- Routing Loop Felix Bako (Mar 14)
- RE: Routing Loop Darden, Patrick S. (Mar 14)
- Kenyan Route Hijack Danny McPherson (Mar 15)
- Re: Kenyan Route Hijack Danny McPherson (Mar 15)
- Re: Kenyan Route Hijack Glen Kent (Mar 15)
- Re: Kenyan Route Hijack Bill Stewart (Mar 15)
- Re: Kenyan Route Hijack Randy Bush (Mar 15)
- Re: Kenyan Route Hijack Danny McPherson (Mar 15)
- Re: Kenyan Route Hijack Adrian Chadd (Mar 15)
- Re: Kenyan Route Hijack Jeff Aitken (Mar 17)
- <Possible follow-ups>
- Routing Loop Felix Bako (Mar 15)
- Re: Routing Loop Adrian Chadd (Mar 15)
- RE: Routing Loop Frank Bulk (Mar 15)
- RE: Routing Loop Robert D. Scott (Mar 15)
- Re: Routing Loop Felix Bako (Mar 15)
- RE: Routing Loop Robert D. Scott (Mar 15)
- Re: Routing Loop Dominic J. Eidson (Mar 15)
- Re: Routing Loop sthaug (Mar 15)
- Re: Routing Loop Ross Vandegrift (Mar 15)
- Re: Routing Loop Adrian Chadd (Mar 15)