Re: China prefix hijack

[jul <jul_bsd () yahoo fr>]

I also see some of this from France.

On this incident/error, even if tools like BGPMon, watchmy.net and
others exactly did their roles, I asking myself if there are some other
public tools which can help.

CIDR returns Chinanet as the biggest announcer (but could be the case
previously)
97074688         Largest address span announced by an AS (/32s)
        AS4134: CHINANET-BACKBONE No.31,Jin-rong Street
on http://www.cidr-report.org/as2.0/
Same stats from http://www.ris.ripe.net/dashboard/4134
I'm not sure either of them is real-time.

There is also a "hole" in
http://www.cymru.com/BGP/bgp_prefixes.html


So, how each one has assess the impact of this on his network ? How
could we check where route's propagation stop(ed) ?
Thanks to Renesys and Team Cymru for the stats of how many
prefixes/countries where affected.

I hope most Tier1 operators have rules to filter too big announces
changes to avoid the Youtube/Pakistan Telecom effect or i-root as said
previously.

thanks
Best regards,

        Jul


Grzegorz Janoszka wrote on 08/04/10 18:33:
> Just half an hour ago China Telecom hijacked one of our prefixes:
>
> Your prefix:          X.Y.Z.0/19:
> Prefix Description:   NETNAME
> Update time:          2010-04-08 15:58 (UTC)
> Detected by #peers:   1
> Detected prefix:      X.Y.Z.0/19
> Announced by:         AS23724 (CHINANET-IDC-BJ-AP IDC, China
> Telecommunications Corporation)
> Upstream AS:          AS4134 (CHINANET-BACKBONE No.31,Jin-rong Street)
> ASpath:               39792 4134 23724 23724
>
> Luckily it had to be limited as only one BGPmon peer saw it. Anyone else
> noticed it?