Re: Indonesian ISP Moratel announces Google's prefixes

["Patrick W. Gilmore" <patrick () ianai net>]

On Nov 07, 2012, at 00:21 , Jian Gu <guxiaojian () gmail com> wrote:

> I don't know what Google and Moratel's peering agreement, but "leak"?
> educate me, Google is announcing /24 for all of their 4 NS prefix and
> 8.8.8.0/24 for their public DNS server, how did Moratel leak those routes
> to Internet?

Downthread, someone said what is typical with peering prefixes, i.e. announce to customers, not to peers or upstreams.  
How do you think peering works?

However, I place most of the blame on PCCW for crappy filtering of their customers.  And I'm a little surprised to see 
nLayer in the path.  Shame on them!  (Does that have any effect any more? :)

Oh, and we are still waiting for an answer: Which attribute do you think Google could have used to stop this?

-- 
TTFN,
patrick


> On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore <patrick () ianai net>wrote:
>
> > On Nov 07, 2012, at 00:07 , Jian Gu <guxiaojian () gmail com> wrote:
> >
> > > Where did you get the idea that a Moratel customer announced a
> > google-owned
> > > prefix to Moratel and Moratel did not have the proper filters in place?
> > > according to the blog, all google's 4 authoritative DNS server networks
> > and
> > > 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for a
> > > Moratel customers announce all those prefixes?
> >
> > Ah, right, they just leaked Google's prefix.  I thought a customer
> > originated the prefix.
> >
> > Original question still stands.  Which attribute do you expect Google to
> > set to stop this?
> >
> > Hint: Don't say No-Advertise, unless you want peers to only talk to the
> > adjacent AS, not their customers or their customers' customers, etc.
> >
> > Looking forward to your answer.
> >
> > --
> > TTFN,
> > patrick
> >
> >
> > > On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore <patrick () ianai net
> > > wrote:
> > >
> > > > On Nov 06, 2012, at 23:48 , Jian Gu <guxiaojian () gmail com> wrote:
> > > >
> > > > > What do you mean hijack? Google is peering with Moratel, if Google does
> > > > not
> > > > > want Moratel to advertise its routes to Moratel's peers/upstreams, then
> > > > > Google should've set the correct BGP attributes in the first place.
> > > >
> > > > That doesn't make the slightest bit of sense.
> > > >
> > > > If a Moratel customer announced a Google-owned prefix to Moratel, and
> > > > Moratel did not have the proper filters in place, there is nothing
> > Google
> > > > could do to stop the hijack from happening.
> > > >
> > > > Exactly what attribute do you think would stop this?
> > > >
> > > > --
> > > > TTFN,
> > > > patrick
> > > >
> > > >
> > > > > On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia <me () anuragbhatia com>
> > > > wrote:
> > > > > > Another case of route hijack -
> > http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about
> > > > > > I am curious if big networks have any pre-defined filters for big
> > > > content
> > > > > > providers like Google to avoid these? I am sure internet community
> > > > would be
> > > > > > working in direction to somehow prevent these issues. Curious to know
> > > > > > developments so far.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > > Anurag Bhatia
> > > > > > anuragbhatia.com
> > > > > >
> > > > > > Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
> > > > > > Twitter<https://twitter.com/anurag_bhatia>|
> > > > > > Google+ <https://plus.google.com/118280168625121532854>