nanog mailing list archives
Re: AS4134/AS4847 - Appear to be hijacking some ip space.
From: Louie Lee via NANOG <nanog () nanog org>
Date: Fri, 5 Apr 2019 11:44:31 -0700
Hey folks, I'm on it for solving both immediate issue and long term "fix". Louie -- Louie Lee, 李景雲 Peering Coordinator (AS16591 <https://as16591.peeringdb.com/>) Network Capacity Manager IP Numbers Administrator Google Fiber louiel () google com (650) 253-2847 *There are 10 types of people in the world: Those who understand binary, and those who don't.* On Fri, Apr 5, 2019 at 11:17 AM Christopher Morrow <morrowc.lists () gmail com> wrote:
On Fri, Apr 5, 2019 at 12:29 PM Jay Borkenhagen <jayb () att com> wrote:Hi Chris,yes!It would be great if the Google Fiber / AS16591 folks could publish a ROA in ARIN's hosted RPKI authorizing exactly 136.32.0.0/11 to be originated only in AS16591. That ROA would have addressed this matter from AS7018's point of view.ok, cool. This is sort of on my plate, at least from the internal viz/evangelizing perspective, and I'll go spend time chatting up the folk in fiber-land. having a: "See, doing this would prevent this" is helpful.In the interim, I have added a temporary whitelist (slurm) entry into our RPKI caches, causing the AS7018 network to disregard the more-specific /24s under 136.32.0.0/11.thanks!Good luck. Jay B. Christopher Morrow writes: > Howdy gentle folks: > > It looks like AS4847 - "China Networks Inter-Exchange" > > Is taking some time to announce reachability for at least: > 136.38.33.0/24 > > which they ought not, given that this /24 is part of a /11 assigned to > AS16591 (google fiber)... Looking at routeviews data, I see the > following as-paths for this one /24: > $ grep -A1 Refresh /tmp/x | grep 4847 > 1239 174 4134 4847 > 3549 3356 174 4134 4847 > 701 174 4134 4847 > 4901 6079 3257 4134 4847 > 20912 174 4134 4847 > 1221 4637 4134 4847 > 1351 11164 4134 4847 > 6079 1299 4134 4847 > 6079 3257 4134 4847 > 7018 4134 4847 > 6939 1299 4134 4847 > 3561 209 4134 4847 > 3303 4134 4847 > 3277 39710 9002 4134 4847 > 2497 4134 4847 > 4826 1299 4134 4847 > 54728 20130 23352 2914 4134 4847 > 19214 3257 4134 4847 > 101 101 11164 4134 4847 > 1403 6453 4134 4847 > 852 6453 4134 4847 > 1403 6453 4134 4847 > 286 4134 4847 > 3333 1273 4134 4847 > 57866 3491 4134 4847 > 3267 1299 4134 4847 > 49788 174 4134 4847 > 53767 3257 4134 4847 > 53364 3257 4134 4847 > 8283 57866 3491 4134 4847 > 7660 2516 4134 4847 > > >From that I think the following AS should have filtered this prefixand are not:> $ grep -A1 Refresh /tmp/x | grep 4847 | sed 's/ 4134 4847//' | awk > '{print $NF}' | sort -n | uniq > > 174 - Cogent > 209 - Qwest > 286 - KPN > 1273 - Vodafone > 1299 - Telia > 2497 - IIJ > 2516 - KDDI > 2914 - NTT > 3257 - GTT > 3303 - Swisscom > 3491 - PCCW > 4637 - Telstra > 6453 - TATA > 7018 - ATT > 9002 - RETN > 11164 - Internet2 > > It'd be great if the listed folk could filter AS4134 :) > > -Chris
Current thread:
- AS4134/AS4847 - Appear to be hijacking some ip space. Christopher Morrow (Apr 05)
- Re: AS4134/AS4847 - Appear to be hijacking some ip space. Jay Borkenhagen (Apr 05)
- Re: AS4134/AS4847 - Appear to be hijacking some ip space. Christopher Morrow (Apr 05)
- Re: AS4134/AS4847 - Appear to be hijacking some ip space. Louie Lee via NANOG (Apr 05)
- Re: AS4134/AS4847 - Appear to be hijacking some ip space. Christopher Morrow (Apr 05)
- Re: AS4134/AS4847 - Appear to be hijacking some ip space. Pierfrancesco Caci (Apr 05)
- Re: AS4134/AS4847 - Appear to be hijacking some ip space. Christopher Morrow (Apr 06)
- Re: AS4134/AS4847 - Appear to be hijacking some ip space. Jay Borkenhagen (Apr 05)