[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BGP Hijack/Sickness with AS4637 - Case closed
   Hi,
   Looks like it was a RIB<->FIB bug in part.
   How: BGP Optimizator maybe a culprit, but without insights from
ColoAU it is hard to say.
   Thank to Job, Mark, Tracey for their time.
-----
Alain Hebert ahebert at pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
On 05/31/18 14:36, Job Snijders wrote:
> On Thu, May 31, 2018 at 02:40:06PM +0000, Job Snijders wrote:
>> Upon further inspection, it seems more likely that the bgp optimiser is
>> in ColoAU's network. Given the scale of AS 4637, if it were deployed
>> inside Telstra I'd expect more problem reports. AS 4637 may actually
>> just be an innocent bystander.
>>
>> It is interesting to note that the /23 only appears on their Sydney
>> based routers on https://lg.coloau.com.au/
>>
>> Is ColoAU's refusal to cooperate a matter of misunderstanding? Perhaps
>> you should just straight up ask whether they use any type of "network
>> optimisation" appliance.
> I found a few more interesting routes inside ColoAU's looking glass:
>
> 128.10.4.0/24 - AS_PATH 63956 4637 3257 29909 16532 16532 16532 16532
> (should be 128.10.0.0/16 originated by AS 17, Purdue
> University)
>
> 192.54.130.0/24 - AS path: 135069 9439
> (does not exist in the DFZ, a peering lan prefix? a typo?)
>
> 67.215.73.0/24 - AS path: 2764 1221 36692
> (does not exist in the DFZ, a peering lan prefix? a typo?)
>
> ColoAU propagated the above routes to their transit customers, so the
> 128.10.4.0/24 and 18.29.238.0/23 announcements definitely count as BGP
> hijacks with fabricated an AS_PATH.
>
> Kind regards,
>
> Job
>