nanog mailing list archives
Re: Indonesian ISP Moratel announces Google's prefixes
From: Andrew Jones <aj () jonesy com au>
Date: Wed, 07 Nov 2012 16:54:45 +1100
It looks like nLayer have routes learned through Moratel which have local-pref set to anywhere up to 250 (learned from private peers), while the routes learned from direct peering relationships to Google on public peering have a local-pref of 200. This explains why the routes from Moratel would have been preferred during the period when they were being leaked, despite the shorter as-path (but doesn't explain why they weren't being filtered).
On 07.11.2012 16:33, Hank Nussbacher wrote:
At 21:21 06/11/2012 -0800, Jian Gu wrote: If Google announces 8.8.8.0/24 to you and you in turn start announcing to the Internet 8.8.8.0/24 as originating from you, then a certain section of the Internet will believe your announcement over Google's. This has happened many times before due to improper filters, but this is the first time I have seen the victim being blamed. Interesting concept. -HankI don't know what Google and Moratel's peering agreement, but "leak"? educate me, Google is announcing /24 for all of their 4 NS prefix and8.8.8.0/24 for their public DNS server, how did Moratel leak those routesto Internet?On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore <patrick () ianai net>wrote:> On Nov 07, 2012, at 00:07 , Jian Gu <guxiaojian () gmail com> wrote: > > > Where did you get the idea that a Moratel customer announced a > google-owned> > prefix to Moratel and Moratel did not have the proper filters in place? > > according to the blog, all google's 4 authoritative DNS server networks> and> > 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for a> > Moratel customers announce all those prefixes? > > Ah, right, they just leaked Google's prefix. I thought a customer > originated the prefix. >> Original question still stands. Which attribute do you expect Google to> set to stop this? >> Hint: Don't say No-Advertise, unless you want peers to only talk to the > adjacent AS, not their customers or their customers' customers, etc.> > Looking forward to your answer. > > -- > TTFN, > patrick > >> > On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore <patrick () ianai net> >wrote: > >> >> On Nov 06, 2012, at 23:48 , Jian Gu <guxiaojian () gmail com> wrote:> >>> >>> What do you mean hijack? Google is peering with Moratel, if Google does> >> not> >>> want Moratel to advertise its routes to Moratel's peers/upstreams, then > >>> Google should've set the correct BGP attributes in the first place.> >> > >> That doesn't make the slightest bit of sense. > >>> >> If a Moratel customer announced a Google-owned prefix to Moratel, and > >> Moratel did not have the proper filters in place, there is nothing> Google > >> could do to stop the hijack from happening. > >> > >> Exactly what attribute do you think would stop this? > >> > >> -- > >> TTFN, > >> patrick > >> > >>> >>> On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia <me () anuragbhatia com>> >> wrote: > >>> > >>>> Another case of route hijack - > >>>> > >>> http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about> >>>> > >>>> > >>>>> >>>> I am curious if big networks have any pre-defined filters for big> >> content> >>>> providers like Google to avoid these? I am sure internet community> >> would be> >>>> working in direction to somehow prevent these issues. Curious to know> >>>> developments so far. > >>>> > >>>> > >>>> > >>>> > >>>> Thanks. > >>>> > >>>> > >>>> -- > >>>> > >>>> Anurag Bhatia > >>>> anuragbhatia.com > >>>> > >>>> Linkedin <http://in.linkedin.com/in/anuragbhatia21> | > >>>> Twitter<https://twitter.com/anurag_bhatia>| > >>>> Google+ <https://plus.google.com/118280168625121532854> > >>>> > >>> > >> > >> > >> > > >
Current thread:
- Re: Indonesian ISP Moratel announces Google's prefixes, (continued)
- Re: Indonesian ISP Moratel announces Google's prefixes Eric Osterweil (Nov 07)
- Re: Indonesian ISP Moratel announces Google's prefixes Ben Bartsch (Nov 07)
- Re: Indonesian ISP Moratel announces Google's prefixes joel jaeggli (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Anurag Bhatia (Nov 06)
- Message not available
- Re: Indonesian ISP Moratel announces Google's prefixes Anurag Bhatia (Nov 07)
- Re: Indonesian ISP Moratel announces Google's prefixes David Miller (Nov 07)
- Message not available
- Re: Indonesian ISP Moratel announces Google's prefixes Hank Nussbacher (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Jian Gu (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Patrick W. Gilmore (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Jian Gu (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Andrew Jones (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Hank Nussbacher (Nov 06)