nanog mailing list archives

Re: What's going on with AS147028?

From: SteveYi Yo <jackcooku () steveyi net>
Date: Wed, 13 Jul 2022 06:42:31 +0800

No reason to feed fake routes to route collectors.

Some BGP players (ASN Operator) like that, and make the AS number one in
stats.

[image: image.png]

Maybe someone knows bgp.tools, they also run route collectors but rejected
AS Number which joined LL-IX <https://www.peeringdb.com/ix/2343>.
(This IXP removes the as-path and feeds to their rs client.)

I'm not targeting anyone, but feed fake route has no benefit, just vanity ;(

Best,
SteveYi Yo

Email: jackcooku () steveyi net
PGP: 114A A514 776D BEAF
<https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xdc0fd24ff11880af>


On Wed, Jul 13, 2022 at 6:22 AM Mike Leber via NANOG <nanog () nanog org>
wrote:

This kind of thing is a problem from time to time with the data we get
from route collectors.

When we see it we have to add the culprit ASN to a filter list we keep
in bgp.he.net.

It tends to be a repeat problem with some collectors and some ASNs.

We haven't really figured out why people send junk routes to route
collectors.

The things we've seen aren't just route leaks.  We've seen a variety of
AS path spoofing.

We've already added this specific ASN to the filter list and pushed an
update for bgp.he.net.

Note, this email is specifically talking about routes received from
route collectors and not routes operationally received by he.net via BGP
sessions with actual networks.

Mike.

On 7/12/22 12:49 PM, Eric Dugas via NANOG wrote:

A friend of mine mentioned that both our Canadian ASNs were listed in
AS147028's peer list on https://bgp.he.net/AS147028 but we have no
adjacency to this network.

Their peer count jumped from 1 in May 2022 to 1,800 and just a few
days ago jumped to 8,800. Beside NL-IX, all the IX they are listed on
are virtual IX with a few dozen "hobby networks".

The only lead I have is they use HE as transit and they're pumping
back BGP feed to route collectors like RIPE RIS or Route Views with
routes stripped of HE's ASN.

Eric

Current thread:

What's going on with AS147028? Eric Dugas via NANOG (Jul 12)
- Re: What's going on with AS147028? August Yang via NANOG (Jul 12)
- Re: What's going on with AS147028? Mike Leber via NANOG (Jul 12)
  - Re: What's going on with AS147028? August Yang via NANOG (Jul 13)
  - Re: What's going on with AS147028? SteveYi Yo (Jul 13)
  - Re: What's going on with AS147028? Ben Cox via NANOG (Jul 13)
- <Possible follow-ups>
- Re: What's going on with AS147028? noc (Jul 16)
  - Re: What's going on with AS147028? noc (Jul 16)