Am 30.08.2025 um 13:58:21 Uhr schrieb Pirawat WATANAPONGSE via NANOG:
Radar tool by Qrator [Reference: https://radar.qrator.net ] claims that Zenlayer Inc. [AS4229] is “umbrella-ing” me by announcing ‘2400::/12’ on top of my more-specific address block.
What is your address block? Is it assigned to you and your ASN? I assume the toll doesn't distinguish between whois allocation info and real BGP data.
The tool classifies it as a type of hijacking.
HE shows that 2400::/20 is assigned to KRNIC, but not announced / propagated via BGP. Normal behavior. Whois shows that it is assigned to KRNIC.
[Disclaimer: apologies to Zenlayer if you didn’t do it; but that’s the information I received] My neighboring organization also has a more-specific block that falls under The Umbrella too.
Name it.
However, other tools (https://stat.ripe.net , https://irrexplorer.nlnog.net , https://bgp.he.net , etc.) seem unable to see that particular announcement.
Maybe they drop it.
Questions: 1. Is Qrator claim true? (because I have already tried but cannot verify) 2. If so, should I be concerned?
Check the looking glass of peers. Or ask their netmaster address.
Even though I already ROA-ed *and* IRR-ed my own block, but if “the other end” doesn’t validate, it won’t do any good, correct?
If they accept your route, it will be preferred because it is more specific.
(Oh, yeah, the other end also has to somehow “not see” my longer-prefix. But that can happen as well, no?)
It can, but then communication is not possible anyway. They would receive your traffic and reject it via ICMP route unreachable, as they don't have a more specific route, unless they intentionally want to do nasty things.
3. In that case, what more do I must do?
Ask them not to do so, other options don't really exist. -- Gruß Marco Send unsolicited bulk mail to 1756555101muell@cartoonies.org