nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Indonesian ISP Moratel announces Google's prefixes

From: Jian Gu <guxiaojian () gmail com>
Date: Tue, 6 Nov 2012 23:30:27 -0800
Dear Mr. Know-Peering,

I came here to learn and I believe I have the right to say what I was
thinking, no matter how ignorant my comment was. I don't have the right to
blame anybody, in fact I don't give a damn whose fault it is, it is not my
business.

I apologize if I offended you when you claimed that it was a hijacking.

On Tue, Nov 6, 2012 at 9:45 PM, Patrick W. Gilmore <patrick () ianai net>wrote:


On Nov 07, 2012, at 00:35 , Jian Gu <guxiaojian () gmail com> wrote:


Hmm, look at this screen shot from the blog, 8.8.8.0/24 was orignated

from

Google.


Everyone who posted in this thread was well aware of that.  (Well, except
me in my first post. :)  Google was still the victim, and it was still not
their fault.

You are showing wide and clear ignorance on the basics of peering.  Which
is fine, the vast majority of the planet hasn't a clue what peering is.
 However, the rest of the people who do not know what they are talking
about have managed to avoid commenting on the subject to 10K+ of their
not-so-closest friends.

To be clear, if you had started with something like: "Why is Google
originating the route?  Doesn't that make it valid?", you would have gotten
a lot of help & support.  But instead you started by claiming it was
Google's fault and they could stop this by setting "the correct BGP
attributes".  I note you still haven't told us what those attributes would
be despite repeated questions.

Perhaps it's time to admit you don't know what attributes, and you need a
little more education on peering in general?

When you find yourself in a hole, stop digging.

--
TTFN,
patrick



tom@edge01.sfo01> show route 8.8.8.8

inet.0: 422196 destinations, 422196 routes (422182 active, 0 holddown,
14 hidden)
+ = Active Route, - = Last Active, * = Both
8.8.8.0/24         *[BGP/170] 00:27:02, MED 18, localpref 100
                     AS path: 4436 3491 23947 15169 I

to 69.22.153.1 via ge-1/0/9.0




On Tue, Nov 6, 2012 at 9:33 PM, Hank Nussbacher <hank () efes iucc ac il
wrote:


At 21:21 06/11/2012 -0800, Jian Gu wrote:

If Google announces 8.8.8.0/24 to you and you in turn start announcing

to

the Internet 8.8.8.0/24 as originating from you, then a certain section
of the Internet will believe your announcement over Google's.    This

has

happened many times before due to improper filters, but this is the

first

time I have seen the victim being blamed.  Interesting concept.

-Hank

I don't know what Google and Moratel's peering agreement, but "leak"?

educate me, Google is announcing /24 for all of their 4 NS prefix and
8.8.8.0/24 for their public DNS server, how did Moratel leak those

routes

to Internet?

On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore <patrick () ianai net

wrote:




On Nov 07, 2012, at 00:07 , Jian Gu <guxiaojian () gmail com> wrote:


Where did you get the idea that a Moratel customer announced a

google-owned

prefix to Moratel and Moratel did not have the proper filters in

place?

according to the blog, all google's 4 authoritative DNS server

networks

and

8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for

a

Moratel customers announce all those prefixes?


Ah, right, they just leaked Google's prefix.  I thought a customer
originated the prefix.

Original question still stands.  Which attribute do you expect Google

to

set to stop this?

Hint: Don't say No-Advertise, unless you want peers to only talk to

the

adjacent AS, not their customers or their customers' customers, etc.

Looking forward to your answer.

--
TTFN,
patrick



On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore <

patrick () ianai net

wrote:


On Nov 06, 2012, at 23:48 , Jian Gu <guxiaojian () gmail com> wrote:


What do you mean hijack? Google is peering with Moratel, if Google

does

not

want Moratel to advertise its routes to Moratel's peers/upstreams,

then

Google should've set the correct BGP attributes in the first place.


That doesn't make the slightest bit of sense.

If a Moratel customer announced a Google-owned prefix to Moratel,

and

Moratel did not have the proper filters in place, there is nothing

Google

could do to stop the hijack from happening.

Exactly what attribute do you think would stop this?

--
TTFN,
patrick



On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia <me () anuragbhatia com



wrote:



Another case of route hijack -




http://blog.cloudflare.com/**why-google-went-offline-today-**

and-a-bit-about<

http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about>




I am curious if big networks have any pre-defined filters for big

content

providers like Google to avoid these? I am sure internet community

would be

working in direction to somehow prevent these issues. Curious to

know

developments so far.




Thanks.


--

Anurag Bhatia
anuragbhatia.com

Linkedin <http://in.linkedin.com/in/**anuragbhatia21<

http://in.linkedin.com/in/anuragbhatia21>>

|

Twitter<https://twitter.com/**anurag_bhatia<

https://twitter.com/anurag_bhatia>

|

Google+ <https://plus.google.com/**118280168625121532854<

https://plus.google.com/118280168625121532854>
Previous By Date Next
Previous By Thread Next

Current thread: