[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*Subject*: AS4134/AS4847 - Appear to be hijacking some ip space.*From*: louiel at google.com (Louie Lee)*Date*: Fri, 5 Apr 2019 11:44:31 -0700*In-reply-to*: <CAL9jL[email protected]>*References*: <CA[email protected]> <[email protected]> <CAL9jL[email protected]>

Hey folks, I'm on it for solving both immediate issue and long term "fix". Louie -- Louie Lee, æ??æ?¯é?² Peering Coordinator (AS16591 <https://as16591.peeringdb.com/>) Network Capacity Manager IP Numbers Administrator Google Fiber louiel at google.com (650) 253-2847 *There are 10 types of people in the world: Those who understand binary, and those who don't.* On Fri, Apr 5, 2019 at 11:17 AM Christopher Morrow <morrowc.lists at gmail.com> wrote: > On Fri, Apr 5, 2019 at 12:29 PM Jay Borkenhagen <jayb at att.com> wrote: > > > > Hi Chris, > > yes! > > > It would be great if the Google Fiber / AS16591 folks could publish a > > ROA in ARIN's hosted RPKI authorizing exactly 136.32.0.0/11 to be > > originated only in AS16591. That ROA would have addressed this matter > > from AS7018's point of view. > > > > ok, cool. This is sort of on my plate, at least from the internal > viz/evangelizing perspective, and I'll go spend time chatting up the > folk in fiber-land. > having a: "See, doing this would prevent this" is helpful. > > > In the interim, I have added a temporary whitelist (slurm) entry into > > our RPKI caches, causing the AS7018 network to disregard the > > more-specific /24s under 136.32.0.0/11. > > thanks! > > > Good luck. > > Jay B. > > > > > > Christopher Morrow writes: > > > Howdy gentle folks: > > > > > > It looks like AS4847 - "China Networks Inter-Exchange" > > > > > > Is taking some time to announce reachability for at least: > > > 136.38.33.0/24 > > > > > > which they ought not, given that this /24 is part of a /11 assigned to > > > AS16591 (google fiber)... Looking at routeviews data, I see the > > > following as-paths for this one /24: > > > $ grep -A1 Refresh /tmp/x | grep 4847 > > > 1239 174 4134 4847 > > > 3549 3356 174 4134 4847 > > > 701 174 4134 4847 > > > 4901 6079 3257 4134 4847 > > > 20912 174 4134 4847 > > > 1221 4637 4134 4847 > > > 1351 11164 4134 4847 > > > 6079 1299 4134 4847 > > > 6079 3257 4134 4847 > > > 7018 4134 4847 > > > 6939 1299 4134 4847 > > > 3561 209 4134 4847 > > > 3303 4134 4847 > > > 3277 39710 9002 4134 4847 > > > 2497 4134 4847 > > > 4826 1299 4134 4847 > > > 54728 20130 23352 2914 4134 4847 > > > 19214 3257 4134 4847 > > > 101 101 11164 4134 4847 > > > 1403 6453 4134 4847 > > > 852 6453 4134 4847 > > > 1403 6453 4134 4847 > > > 286 4134 4847 > > > 3333 1273 4134 4847 > > > 57866 3491 4134 4847 > > > 3267 1299 4134 4847 > > > 49788 174 4134 4847 > > > 53767 3257 4134 4847 > > > 53364 3257 4134 4847 > > > 8283 57866 3491 4134 4847 > > > 7660 2516 4134 4847 > > > > > > >From that I think the following AS should have filtered this prefix > and are not: > > > $ grep -A1 Refresh /tmp/x | grep 4847 | sed 's/ 4134 4847//' | awk > > > '{print $NF}' | sort -n | uniq > > > > > > 174 - Cogent > > > 209 - Qwest > > > 286 - KPN > > > 1273 - Vodafone > > > 1299 - Telia > > > 2497 - IIJ > > > 2516 - KDDI > > > 2914 - NTT > > > 3257 - GTT > > > 3303 - Swisscom > > > 3491 - PCCW > > > 4637 - Telstra > > > 6453 - TATA > > > 7018 - ATT > > > 9002 - RETN > > > 11164 - Internet2 > > > > > > It'd be great if the listed folk could filter AS4134 :) > > > > > > -Chris > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190405/5cbead32/attachment.html>

**References**:**AS4134/AS4847 - Appear to be hijacking some ip space.***From:*morrowc.lists at gmail.com (Christopher Morrow)

**AS4134/AS4847 - Appear to be hijacking some ip space.***From:*jayb at att.com (Jay Borkenhagen)

**AS4134/AS4847 - Appear to be hijacking some ip space.***From:*morrowc.lists at gmail.com (Christopher Morrow)

- Prev by Date:
**AS4134/AS4847 - Appear to be hijacking some ip space.** - Next by Date:
**DNS Qtypes and class values are a social construct** - Previous by thread:
**AS4134/AS4847 - Appear to be hijacking some ip space.** - Next by thread:
**AS4134/AS4847 - Appear to be hijacking some ip space.** - Index(es):