Re: Broken Netmask?

["Brian" <bri () sonicboom org>]

If they werent there before, it means someone added them, likely the person in charge of bgp rtr config for that as #

    Brian

  ----- Original Message ----- 
  From: Palmer, John 
  To: nanog () merit edu 
  Sent: Wednesday, November 27, 2002 1:06 PM
  Subject: Broken Netmask?


  We have a /23 (199.5.156/23) and seem to be having a problem with our ISP (Network Access Solutions - NAS) .

   

  We do not do our own route advertising - they do it for us and route the block to our connection.

   

  The problem is that the second part of the block (199.5.157.0 - 199.5.157.255) seems to be mis-routed within the 
ISP's network. I think its a netmask problem.

   

  The symptoms are that packets get through from some destinations and not from others. Also, packets sometimes fail 
based on port numbers (ie: if I come from x.y.z.w to 199.5.157.x on port 80, it works but not from x.y.z.w to 
199.5.157.x on port 25) Furthermore, the port and source addresses that have problems changes over time (ie: x.y.z.w to 
port 25 will work tommorrow). We dont block these ports nor do they.

   

  NAS seems to be light on technical talent and can't seem to solve this problem.

   

  Interesting note, if you check 199.5.157.1 bgp from any of the looking glass websites you get multiple occurrences of 
NAS (and other AS numbers): ie: (from AADS)

   

  BGP routing table entry for 199.5.156.0/23, version 6041537

  Paths: (6 available, best #1)

    Advertised to peer-groups:

       AS4544-INTERNAL AS4544-CLIENT AS4544-HOT-ROUTE AS4544-DATA-CENTER

       AS4544-CORE-CUSTOMER-FULL

    16631 16631 16631 13953 13953 13953 13953 13953 13953

      206.220.243.177 from 206.220.243.177 (66.28.1.8)

        Origin IGP, metric 100, localpref 80, valid, external, best

        Community: 4544:300

    16631 16631 16631 13953 13953 13953 13953 13953 13953, (received-only)

      206.220.243.177 from 206.220.243.177 (66.28.1.8)

        Origin IGP, metric 30802, localpref 100, valid, external

    16631 16631 16631 13953 13953 13953 13953 13953 13953, (received & used)

      206.204.251.196 (metric 113851) from 206.204.251.196 (206.204.251.196)

        Origin IGP, metric 100, localpref 80, valid, internal

        Community: 4544:300 4544:5005

    16631 16631 16631 13953 13953 13953 13953 13953 13953, (received & used)

      206.204.251.206 (metric 43484) from 206.204.251.206 (206.204.251.206)

        Origin IGP, metric 100, localpref 80, valid, internal

        Community: 4544:300 4544:5001

    6461 16631 16631 16631 13953 13953 13953 13953 13953 13953

      206.220.243.71 from 206.220.243.71 (207.126.96.35)

        Origin IGP, metric 110, localpref 80, valid, external

        Community: 4544:300

    6461 16631 16631 16631 13953 13953 13953 13953 13953 13953, (received-only)

      206.220.243.71 from 206.220.243.71 (207.126.96.35)

        Origin IGP, metric 1295, localpref 100, valid, external

   

  Notice the multiple occurrences of 16631 and 13953. I know there are valid reasons to add multiple occurrences, but 
can anyone tell if this is broken? These duplicate numbers are new - they were'nt there before (when things worked).

   

  The intermittant failure problem reminds me of a time when someone's IGRP had a bad netmask somwhere. I'm wondering 
if they may have a /24 netmask internally somewhere and not a /23 like they should.

   

  Any help would be appreciated. NAS doesn't seem to have a clue.