As part of BGP scaling and convergence testing I do, I essentially simulate the entire public internet, with all usable IPv4 space as part of it. I perform those tests in an airgapped lab environment with no possible way for those announcements to leak out into production networks or beyond. Even if someone broke the airgap, it would take multiple config changes at multiple layers with specific intent for anything to leak out. Not every network is so careful about this. 2. Does the fact that the leaked prefixes included specific, sensitive
Chinese carrier space (e.g., China Telecom's 125.104.0.0/13) change anything about how this "experiment" should be viewed?
If you are implying that someone 'targeted' CT/CU space with this, I highly doubt it. 1. As stated, these announcements never actually went anywhere. 2. Many software test packages start creating IP pools at 100.0.0.0/24. One of them, by default, increases the first octet by 1 for each new /24, making it easy to get into CT/CU space. "Never attribute to malice that which is adequately explained by stupidity. On Fri, May 22, 2026 at 1:05 PM me via NANOG <nanog@lists.nanog.org> wrote:
Yanzheng,
Thank you for this clarification. This is the missing piece I've been trying to find.
So, to restate what you're saying, the 3,948 bogon routes were real (AS202734 did import them into its BGP table), but they were only leaked to HE's collector(s) and not propagated to the global DFZ. This explains the discrepancy between HE and RIPE RIS data perfectly.
This also answers Charlie's question about "propagation" — it wasn't global, but it was targeted (at route collectors).
I have a few follow-up questions, purely for my own technical understanding:
1. How common is it for an ASN to use a route collector session (like HE's) for "internal routing experiments" without proper outbound filters? Is this considered a best practice, or a known risk?
2. Does the fact that the leaked prefixes included specific, sensitive Chinese carrier space (e.g., China Telecom's 125.104.0.0/13) change anything about how this "experiment" should be viewed?
3. How can the community (or HE) prevent similar "collector-only leaks" from being used to generate misleading bogon alerts in the future?
Again, thank you for helping me understand the operational reality behind the data.
me _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/PXWXVJAS...