[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BGP Hijack/Sickness with AS4637
Hello,
Just to clear up a few things. We are not running any route optimization
software (ever). The reason we "refused" to help is because we were not
going to contact our transit providers NOC regarding other parties
routes, even if we did they wouldn't be of assistance.
We are purely passing on the routes we receive from our transit
providers to our customers. We are not modifying the routes in any way
shape or form.
We incest routes from a lot of transit providers and send most of the
data to route views (As do a number of our customers) which is why this
route was seen from us.
I have completed a soft clear on our BGP session towards AS4637 and the
route still exists. Sorry we can't be of assistance in this case but
this is fully out of our control.
xxxx at re0-cr1.ty8.ty.jp> show route 128.10.4.0/24 detail
vrf-international.inet.0: 696465 destinations, 1194388 routes (696461
active, 0 holddown, 4 hidden)
128.10.4.0/24 (1 entry, 1 announced)
       *BGP   Preference: 170/-101
               Next hop type: Router, Next hop index: 790
               Address: 0xff29810
               Next-hop reference count: 1279932
               Source: 202.127.69.33
               Next hop: 202.127.69.33 via ae0.401, selected
               Session Id: 0x181
               State: <Active Ext>
               Peer AS: 4637
               Age: 2w4d 11:08:17
               Validation State: unverified
               Task: BGP_4637.202.127.69.33
               Announcement bits (4): 1-KRT 2-BGP Route Target
5-BGP_RT_Background 6-Resolve tree 6
               AS path: 4637 3257 29909 16532 16532 16532 16532 I
               Communities: 4637:32031 4637:32314 4637:32504 4637:60952
               Accepted
               Localpref: 100
               Router ID: 202.84.219.12
Regards,
Brad
ColoAU (AS63956)
Colocation Australia Pty Ltd <http://coloau.com.au>
Brad Hooper / Network Architect
brad at coloau.com.au <mailto:brad at coloau.com.au>/ +61 7 3106 3810
Colocation Australia Pty Ltd
http://coloau.com.au
Facebook <https://facebook.com/coloau> Twitter
<https://twitter.com/coloau> skype <skype:coloau-brad?call>
On 01/06/18 06:36, Job Snijders wrote:
> On Thu, May 31, 2018 at 02:40:06PM +0000, Job Snijders wrote:
>> Upon further inspection, it seems more likely that the bgp optimiser is
>> in ColoAU's network. Given the scale of AS 4637, if it were deployed
>> inside Telstra I'd expect more problem reports. AS 4637 may actually
>> just be an innocent bystander.
>>
>> It is interesting to note that the /23 only appears on their Sydney
>> based routers on https://lg.coloau.com.au/
>>
>> Is ColoAU's refusal to cooperate a matter of misunderstanding? Perhaps
>> you should just straight up ask whether they use any type of "network
>> optimisation" appliance.
> I found a few more interesting routes inside ColoAU's looking glass:
>
> 128.10.4.0/24 - AS_PATH 63956 4637 3257 29909 16532 16532 16532 16532
> (should be 128.10.0.0/16 originated by AS 17, Purdue
> University)
>
> 192.54.130.0/24 - AS path: 135069 9439
> (does not exist in the DFZ, a peering lan prefix? a typo?)
>
> 67.215.73.0/24 - AS path: 2764 1221 36692
> (does not exist in the DFZ, a peering lan prefix? a typo?)
>
> ColoAU propagated the above routes to their transit customers, so the
> 128.10.4.0/24 and 18.29.238.0/23 announcements definitely count as BGP
> hijacks with fabricated an AS_PATH.
>
> Kind regards,
>
> Job