August 2009 - Test - lists.nanog.org

Weekly Routing Table Report
by Routing Analysis Role Account 22 Aug '09

22 Aug '09

This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to bgp-stats(a)lists.apnic.net For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith <pfs(a)cisco.com>. Routing Table Report 04:00 +10GMT Sat 22 Aug, 2009 Report Website: http://thyme.apnic.net Detailed Analysis: http://thyme.apnic.net/current/ Analysis Summary ---------------- BGP routing table entries examined: 293735 Prefixes after maximum aggregation: 139010 Deaggregation factor: 2.11 Unique aggregates announced to Internet: 146284 Total ASes present in the Internet Routing Table: 31976 Prefixes per ASN: 9.19 Origin-only ASes present in the Internet Routing Table: 27800 Origin ASes announcing only one prefix: 13547 Transit ASes present in the Internet Routing Table: 4176 Transit-only ASes present in the Internet Routing Table: 100 Average AS path length visible in the Internet Routing Table: 3.6 Max AS path length visible: 24 Max AS path prepend of ASN (12026) 22 Prefixes from unregistered ASNs in the Routing Table: 629 Unregistered ASNs in the Routing Table: 167 Number of 32-bit ASNs allocated by the RIRs: 241 Prefixes from 32-bit ASNs in the Routing Table: 92 Special use prefixes present in the Routing Table: 0 Prefixes being announced from unallocated address space: 328 Number of addresses announced to Internet: 2089063616 Equivalent to 124 /8s, 132 /16s and 148 /24s Percentage of available address space announced: 56.4 Percentage of allocated address space announced: 64.5 Percentage of available address space allocated: 87.3 Percentage of address space in use by end-sites: 78.7 Total number of prefixes smaller than registry allocations: 140471 APNIC Region Analysis Summary ----------------------------- Prefixes being announced by APNIC Region ASes: 70153 Total APNIC prefixes after maximum aggregation: 24877 APNIC Deaggregation factor: 2.82 Prefixes being announced from the APNIC address blocks: 69601 Unique aggregates announced from the APNIC address blocks: 31611 APNIC Region origin ASes present in the Internet Routing Table: 3747 APNIC Prefixes per ASN: 18.58 APNIC Region origin ASes announcing only one prefix: 1023 APNIC Region transit ASes present in the Internet Routing Table: 579 Average APNIC Region AS path length visible: 3.6 Max APNIC Region AS path length visible: 18 Number of APNIC addresses announced to Internet: 481521344 Equivalent to 28 /8s, 179 /16s and 110 /24s Percentage of available APNIC address space announced: 82.0 APNIC AS Blocks 4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079 APNIC Address Blocks 43/8, 58/8, 59/8, 60/8, 61/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, ARIN Region Analysis Summary ---------------------------- Prefixes being announced by ARIN Region ASes: 124497 Total ARIN prefixes after maximum aggregation: 66423 ARIN Deaggregation factor: 1.87 Prefixes being announced from the ARIN address blocks: 125109 Unique aggregates announced from the ARIN address blocks: 52466 ARIN Region origin ASes present in the Internet Routing Table: 13183 ARIN Prefixes per ASN: 9.49 ARIN Region origin ASes announcing only one prefix: 5077 ARIN Region transit ASes present in the Internet Routing Table: 1290 Average ARIN Region AS path length visible: 3.3 Max ARIN Region AS path length visible: 24 Number of ARIN addresses announced to Internet: 1012944512 Equivalent to 60 /8s, 96 /16s and 78 /24s Percentage of available ARIN address space announced: 88.8 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647, 29696-30719, 31744-33791 35840-36863, 39936-40959, 46080-47103 53248-55295 ARIN Address Blocks 3/8, 4/8, 6/8, 7/8, 8/8, 9/8, 11/8, 12/8, 13/8, 15/8, 16/8, 17/8, 18/8, 19/8, 20/8, 21/8, 22/8, 24/8, 26/8, 28/8, 29/8, 30/8, 32/8, 33/8, 34/8, 35/8, 38/8, 40/8, 44/8, 45/8, 47/8, 48/8, 52/8, 54/8, 55/8, 56/8, 63/8, 64/8, 65/8, 66/8, 67/8, 68/8, 69/8, 70/8, 71/8, 72/8, 73/8, 74/8, 75/8, 76/8, 96/8, 97/8, 98/8, 99/8, 108/8, 173/8, 174/8, 184/8, 199/8, 204/8, 205/8, 206/8, 207/8, 208/8, 209/8, 214/8, 215/8, 216/8, RIPE Region Analysis Summary ---------------------------- Prefixes being announced by RIPE Region ASes: 67501 Total RIPE prefixes after maximum aggregation: 39779 RIPE Deaggregation factor: 1.70 Prefixes being announced from the RIPE address blocks: 67114 Unique aggregates announced from the RIPE address blocks: 45359 RIPE Region origin ASes present in the Internet Routing Table: 13379 RIPE Prefixes per ASN: 5.02 RIPE Region origin ASes announcing only one prefix: 6987 RIPE Region transit ASes present in the Internet Routing Table: 2000 Average RIPE Region AS path length visible: 4.0 Max RIPE Region AS path length visible: 21 Number of RIPE addresses announced to Internet: 499549376 Equivalent to 29 /8s, 198 /16s and 132 /24s Percentage of available RIPE address space announced: 99.3 RIPE AS Blocks 1877-1901, 2043, 2047, 2107-2136, 2585-2614 (pre-ERX allocations) 2773-2822, 2830-2879, 3154-3353, 5377-5631 6656-6911, 8192-9215, 12288-13311, 15360-16383 20480-21503, 24576-25599, 28672-29695 30720-31743, 33792-35839, 38912-39935 40960-45055, 47104-52223 RIPE Address Blocks 25/8, 51/8, 62/8, 77/8, 78/8, 79/8, 80/8, 81/8, 82/8, 83/8, 84/8, 85/8, 86/8, 87/8, 88/8, 89/8, 90/8, 91/8, 92/8, 93/8, 94/8, 95/8, 109/8, 178/8, 193/8, 194/8, 195/8, 212/8, 213/8, 217/8, LACNIC Region Analysis Summary ------------------------------ Prefixes being announced by LACNIC Region ASes: 24997 Total LACNIC prefixes after maximum aggregation: 6135 LACNIC Deaggregation factor: 4.07 Prefixes being announced from the LACNIC address blocks: 24966 Unique aggregates announced from the LACNIC address blocks: 13957 LACNIC Region origin ASes present in the Internet Routing Table: 1160 LACNIC Prefixes per ASN: 21.52 LACNIC Region origin ASes announcing only one prefix: 375 LACNIC Region transit ASes present in the Internet Routing Table: 188 Average LACNIC Region AS path length visible: 4.1 Max LACNIC Region AS path length visible: 22 Number of LACNIC addresses announced to Internet: 73280448 Equivalent to 4 /8s, 94 /16s and 43 /24s Percentage of available LACNIC address space announced: 72.8 LACNIC AS Blocks 26592-26623, 27648-28671, 52224-53247 plus ERX transfers LACNIC Address Blocks 186/8, 187/8, 189/8, 190/8, 200/8, 201/8, AfriNIC Region Analysis Summary ------------------------------- Prefixes being announced by AfriNIC Region ASes: 6210 Total AfriNIC prefixes after maximum aggregation: 1526 AfriNIC Deaggregation factor: 4.07 Prefixes being announced from the AfriNIC address blocks: 6617 Unique aggregates announced from the AfriNIC address blocks: 2630 AfriNIC Region origin ASes present in the Internet Routing Table: 307 AfriNIC Prefixes per ASN: 21.55 AfriNIC Region origin ASes announcing only one prefix: 85 AfriNIC Region transit ASes present in the Internet Routing Table: 69 Average AfriNIC Region AS path length visible: 3.8 Max AfriNIC Region AS path length visible: 15 Number of AfriNIC addresses announced to Internet: 20242944 Equivalent to 1 /8s, 52 /16s and 226 /24s Percentage of available AfriNIC address space announced: 60.3 AfriNIC AS Blocks 36864-37887 & ERX transfers AfriNIC Address Blocks 41/8, 197/8, APNIC Region per AS prefix count summary ---------------------------------------- ASN No of nets /20 equiv MaxAgg Description 4766 1724 6979 424 Korea Telecom (KIX) 17488 1554 140 103 Hathway IP Over Cable Interne 4755 1227 292 140 TATA Communications formerly 9583 1088 86 530 Sify Limited 4134 998 18167 389 CHINANET-BACKBONE 18101 959 202 32 Reliance Infocom Ltd Internet 7545 819 198 103 TPG Internet Pty Ltd 9829 807 620 16 BSNL National Internet Backbo 23577 787 34 667 Korea Telecom (ATM-MPLS) 4808 762 1533 176 CNCGROUP IP network: China169 Complete listing at http://thyme.apnic.net/current/data-ASnet-APNIC ARIN Region per AS prefix count summary --------------------------------------- ASN No of nets /20 equiv MaxAgg Description 6389 4177 3607 314 bellsouth.net, inc. 4323 1908 1049 390 Time Warner Telecom 1785 1728 714 138 PaeTec Communications, Inc. 7018 1492 5875 1052 AT&T WorldNet Services 20115 1471 1474 674 Charter Communications 6478 1381 282 271 AT&T Worldnet Services 2386 1289 657 937 AT&T Data Communications Serv 3356 1210 10979 438 Level 3 Communications, LLC 11492 1110 208 12 Cable One 22773 1086 2604 66 Cox Communications, Inc. Complete listing at http://thyme.apnic.net/current/data-ASnet-ARIN RIPE Region per AS prefix count summary --------------------------------------- ASN No of nets /20 equiv MaxAgg Description 30890 484 92 197 Evolva Telecom 12479 475 578 6 Uni2 Autonomous System 3292 462 1905 397 TDC Tele Danmark 702 430 1861 346 UUNET - Commercial IP service 35805 380 40 5 United Telecom of Georgia 9198 366 138 12 Kazakhtelecom Data Network Ad 3320 348 7067 301 Deutsche Telekom AG 3215 344 3081 109 France Telecom Transpac 3301 344 1412 308 TeliaNet Sweden 8866 340 109 20 Bulgarian Telecommunication C Complete listing at http://thyme.apnic.net/current/data-ASnet-RIPE LACNIC Region per AS prefix count summary ----------------------------------------- ASN No of nets /20 equiv MaxAgg Description 8151 1475 2882 246 UniNet S.A. de C.V. 10620 990 220 93 TVCABLE BOGOTA 7303 625 332 96 Telecom Argentina Stet-France 28573 619 582 37 NET Servicos de Comunicao S.A 22047 541 302 14 VTR PUNTO NET S.A. 11830 485 308 67 Instituto Costarricense de El 11172 442 99 70 Servicios Alestra S.A de C.V 6471 421 96 31 ENTEL CHILE S.A. 7738 415 858 29 Telecomunicacoes da Bahia S.A 3816 396 191 79 Empresa Nacional de Telecomun Complete listing at http://thyme.apnic.net/current/data-ASnet-LACNIC AfriNIC Region per AS prefix count summary ------------------------------------------ ASN No of nets /20 equiv MaxAgg Description 8452 1002 188 7 TEDATA 24863 917 91 50 LINKdotNET AS number 20858 324 34 6 EgyNet 3741 277 857 237 The Internet Solution 2018 200 180 141 Tertiary Education Network 6713 175 166 16 Itissalat Al-MAGHRIB 33783 152 10 8 EEPAD TISP TELECOM & INTERNET 29571 143 14 6 Ci Telecom Autonomous system 24835 130 46 9 RAYA Telecom - Egypt 5536 122 8 13 Internet Egypt Network Complete listing at http://thyme.apnic.net/current/data-ASnet-AFRINIC Global Per AS prefix count summary ---------------------------------- ASN No of nets /20 equiv MaxAgg Description 6389 4177 3607 314 bellsouth.net, inc. 4323 1908 1049 390 Time Warner Telecom 1785 1728 714 138 PaeTec Communications, Inc. 4766 1724 6979 424 Korea Telecom (KIX) 17488 1554 140 103 Hathway IP Over Cable Interne 7018 1492 5875 1052 AT&T WorldNet Services 8151 1475 2882 246 UniNet S.A. de C.V. 20115 1471 1474 674 Charter Communications 6478 1381 282 271 AT&T Worldnet Services 2386 1289 657 937 AT&T Data Communications Serv Complete listing at http://thyme.apnic.net/current/data-ASnet Global Per AS Maximum Aggr summary ---------------------------------- ASN No of nets Net Savings Description 1785 1728 1590 PaeTec Communications, Inc. 4323 1908 1518 Time Warner Telecom 17488 1554 1451 Hathway IP Over Cable Interne 4766 1724 1300 Korea Telecom (KIX) 8151 1475 1229 UniNet S.A. de C.V. 6478 1381 1110 AT&T Worldnet Services 11492 1110 1098 Cable One 4755 1227 1087 TATA Communications formerly 18566 1062 1052 Covad Communications 22773 1086 1020 Cox Communications, Inc. Complete listing at http://thyme.apnic.net/current/data-CIDRnet List of Unregistered Origin ASNs (Global) ----------------------------------------- Bad AS Designation Network Transit AS Description 16927 UNALLOCATED 12.0.252.0/23 7018 AT&T WorldNet Servic 15132 UNALLOCATED 12.9.150.0/24 7018 AT&T WorldNet Servic 32567 UNALLOCATED 12.14.170.0/24 7018 AT&T WorldNet Servic 13746 UNALLOCATED 12.24.56.0/24 7018 AT&T WorldNet Servic 32567 UNALLOCATED 12.25.107.0/24 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.152.0/24 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.154.0/23 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.159.0/24 7018 AT&T WorldNet Servic 32326 UNALLOCATED 12.40.49.0/24 7018 AT&T WorldNet Servic 25639 UNALLOCATED 12.41.169.0/24 7018 AT&T WorldNet Servic Complete listing at http://thyme.apnic.net/current/data-badAS Advertised Unallocated Addresses -------------------------------- Network Origin AS Description 24.225.128.0/17 36377 PATRIOT MEDIA AND COMMUNICATI 41.223.92.0/22 36936 >>UNKNOWN<< 41.223.176.0/22 36981 >>UNKNOWN<< 41.223.188.0/24 22351 Intelsat 41.223.189.0/24 26452 Local Communications Networks 43.245.0.0/16 7502 Internetwork Kyoto 43.245.96.0/20 7502 Internetwork Kyoto 43.245.112.0/20 7502 Internetwork Kyoto 43.245.192.0/20 7502 Internetwork Kyoto 43.245.208.0/20 7502 Internetwork Kyoto Complete listing at http://thyme.apnic.net/current/data-add-IANA Number of prefixes announced per prefix length (Global) ------------------------------------------------------- /1:0 /2:0 /3:0 /4:0 /5:0 /6:0 /7:0 /8:19 /9:10 /10:24 /11:59 /12:168 /13:351 /14:623 /15:1176 /16:10626 /17:4809 /18:8355 /19:17303 /20:20678 /21:20624 /22:26600 /23:26336 /24:153249 /25:924 /26:1039 /27:585 /28:153 /29:8 /30:7 /31:1 /32:8 Advertised prefixes smaller than registry allocations ----------------------------------------------------- ASN No of nets Total ann. Description 6389 2707 4177 bellsouth.net, inc. 4766 1412 1724 Korea Telecom (KIX) 17488 1300 1554 Hathway IP Over Cable Interne 1785 1199 1728 PaeTec Communications, Inc. 18566 1043 1062 Covad Communications 11492 1037 1110 Cable One 4323 960 1908 Time Warner Telecom 9583 941 1088 Sify Limited 8452 926 1002 TEDATA 10620 896 990 TVCABLE BOGOTA Complete listing at http://thyme.apnic.net/current/data-sXXas-nos Number of /24s announced per /8 block (Global) ---------------------------------------------- 4:14 8:213 12:2138 13:7 15:21 16:3 17:5 20:35 24:1129 32:52 34:2 38:598 40:97 41:1760 43:1 44:2 47:10 52:6 55:2 56:2 57:25 58:621 59:608 60:461 61:973 62:1105 63:2013 64:3624 65:2404 66:3416 67:1740 68:870 69:2729 70:556 71:162 72:1654 73:2 74:1707 75:179 76:314 77:851 78:569 79:372 80:933 81:850 82:598 83:453 84:633 85:1070 86:375 87:674 88:372 89:1462 90:48 91:2499 92:398 93:1114 94:1195 95:1160 96:166 97:264 98:283 99:28 110:185 111:382 112:118 113:152 114:238 115:287 116:1141 117:551 118:330 119:770 120:120 121:651 122:1238 123:755 124:1026 125:1338 128:224 129:219 130:128 131:416 132:75 133:9 134:182 135:43 136:225 137:160 138:170 139:83 140:444 141:123 142:384 143:353 144:388 145:49 146:390 147:156 148:530 149:222 150:208 151:192 152:210 153:148 154:2 155:272 156:167 157:301 158:112 159:344 160:290 161:164 162:269 163:164 164:275 165:529 166:465 167:360 168:701 169:161 170:475 171:41 172:2 173:381 174:316 175:1 178:1 180:7 182:1 186:129 187:164 188:416 189:583 190:2922 192:5784 193:4257 194:3294 195:2689 196:1115 198:3650 199:3364 200:5111 201:1304 202:7744 203:8275 204:3882 205:2166 206:2451 207:2738 208:3929 209:3408 210:2529 211:1103 212:1604 213:1655 214:132 215:30 216:4303 217:1349 218:405 219:415 220:1118 221:461 222:329 End of report

1 0

BGP Update Report
by cidr-report＠potaroo.net 22 Aug '09

22 Aug '09

BGP Update Report Interval: 13-Aug-09 -to- 20-Aug-09 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASN Upds % Upds/Pfx AS-Name 1 - AS4961 516762 6.6% 6379.8 -- DISC-AS-KR Daewoo Information System 2 - AS9767 323141 4.1% 8733.5 -- DONGBUIT-AS-KR Dongbulife Insurance co.,LTD 3 - AS18157 219917 2.8% 8796.7 -- CHUNGJU-AS-KR chungju university 4 - AS9459 204123 2.6% 8874.9 -- ASKONKUK Konkuk University 5 - AS9956 201087 2.6% 8742.9 -- KONGJU-AS kongju national university 6 - AS9686 194396 2.5% 8836.2 -- SKKUNET-AS SungKyunKwan University (SKKU) 7 - AS23716 154216 2.0% 5507.7 -- CHANGWON23716-AS-KR Changwon College 8 - AS10159 149403 1.9% 5976.1 -- HAUNET-AS-KR HANKUK Aviation University 9 - AS9530 135249 1.7% 7118.4 -- SHINSEGAE-AS SHINSEGAE I&C Co., Ltd. 10 - AS9628 122729 1.6% 6459.4 -- SSEM-AS-KR Seoul Education Science Research Institute 11 - AS9868 99583 1.3% 7113.1 -- CUTH-AS Catholic University of DAEGU 12 - AS10088 96758 1.2% 8063.2 -- KWANGWOON-UNIV-AS-AP KWANGWOON University in Seoul, Korea 13 - AS18027 88348 1.1% 8834.8 -- NSU-AS-KR namseoul university 14 - AS18023 87965 1.1% 3518.6 -- KMU-AS-KR Korea Maritime University 15 - AS18026 87648 1.1% 8764.8 -- CHEJU-AS-KR Cheju University 16 - AS17865 87569 1.1% 7960.8 -- SCOURT-AS-KR Supreme Court of Korea 17 - AS10045 80256 1.0% 8917.3 -- TNUTNET-AS HANBAT NATIONAL UNIVERSITY 18 - AS9970 79372 1.0% 8819.1 -- KUT-AS Korea University of Technology and Education 19 - AS10176 79196 1.0% 8799.6 -- TENET-AS Taejon Institute of Education Science 20 - AS7557 79010 1.0% 8778.9 -- KTNET-AS Korea Trade Network TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASN Upds % Upds/Pfx AS-Name 1 - AS9456 8920 0.1% 8920.0 -- POSCO-AS POSCO 2 - AS10045 80256 1.0% 8917.3 -- TNUTNET-AS HANBAT NATIONAL UNIVERSITY 3 - AS9846 8908 0.1% 8908.0 -- FIRSTDATA-AS-KR FDIK 4 - AS17840 8890 0.1% 8890.0 -- KOREACERT-AS-KR KECA, Inc. 5 - AS9571 17776 0.2% 8888.0 -- INICIS-AS INICIS Co., Ltd 6 - AS17600 8883 0.1% 8883.0 -- ENVICO-AS-KR Korea Environment & Resources Corporation 7 - AS10042 17764 0.2% 8882.0 -- DPC-AS-KR DAEGU POLYTECHNIC COLLEGE 8 - AS9459 204123 2.6% 8874.9 -- ASKONKUK Konkuk University 9 - AS10055 35488 0.5% 8872.0 -- KORAIL-AS-KR Korean National Railroad Administration 10 - AS10058 26615 0.3% 8871.7 -- CU-AS-KR NACUFOK 11 - AS23983 26613 0.3% 8871.0 -- DJU-AS-KR Daejeon University 12 - AS23557 8848 0.1% 8848.0 -- YUHWA-AS-KR Yuhwa Securities Co., LTD 13 - AS23573 26532 0.3% 8844.0 -- OCIC-AS-KR OCI Information Communication 14 - AS18324 53042 0.7% 8840.3 -- MASANC-AS-KR Masan College 15 - AS23562 17674 0.2% 8837.0 -- BCRC-AS-KR Busan Cycle Racing Corporation 16 - AS9686 194396 2.5% 8836.2 -- SKKUNET-AS SungKyunKwan University (SKKU) 17 - AS18027 88348 1.1% 8834.8 -- NSU-AS-KR namseoul university 18 - AS17601 17664 0.2% 8832.0 -- KCGF-AS-KR KOREA CREDIT GUARANTEE FUND 19 - AS18319 61824 0.8% 8832.0 -- YJNET-AS-KR Yeungnam College of Science & Technology 20 - AS9452 8829 0.1% 8829.0 -- KUNET-AS Korea University TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 210.90.28.0/24 8941 0.1% AS23568 -- CRA-AS-KR Cycle Racing Association 2 - 163.239.192.0/20 8925 0.1% AS3813 -- SOGANG-AS-KR sogang university 3 - 163.239.208.0/21 8923 0.1% AS3813 -- SOGANG-AS-KR sogang university 4 - 163.239.128.0/18 8923 0.1% AS3813 -- SOGANG-AS-KR sogang university 5 - 163.239.0.0/17 8923 0.1% AS3813 -- SOGANG-AS-KR sogang university 6 - 210.110.248.0/22 8922 0.1% AS10045 -- TNUTNET-AS HANBAT NATIONAL UNIVERSITY 7 - 210.98.40.0/22 8920 0.1% AS10045 -- TNUTNET-AS HANBAT NATIONAL UNIVERSITY 8 - 203.246.186.0/24 8920 0.1% AS9456 -- POSCO-AS POSCO 9 - 210.119.112.0/24 8920 0.1% AS10045 -- TNUTNET-AS HANBAT NATIONAL UNIVERSITY 10 - 203.230.104.0/22 8920 0.1% AS10045 -- TNUTNET-AS HANBAT NATIONAL UNIVERSITY 11 - 203.230.96.0/21 8918 0.1% AS10045 -- TNUTNET-AS HANBAT NATIONAL UNIVERSITY 12 - 202.30.46.0/23 8916 0.1% AS10045 -- TNUTNET-AS HANBAT NATIONAL UNIVERSITY 13 - 220.66.143.0/24 8916 0.1% AS10045 -- TNUTNET-AS HANBAT NATIONAL UNIVERSITY 14 - 220.66.144.0/22 8912 0.1% AS10045 -- TNUTNET-AS HANBAT NATIONAL UNIVERSITY 15 - 220.66.148.0/23 8912 0.1% AS10045 -- TNUTNET-AS HANBAT NATIONAL UNIVERSITY 16 - 210.182.8.0/24 8908 0.1% AS9846 -- FIRSTDATA-AS-KR FDIK 17 - 203.252.168.0/24 8899 0.1% AS9459 -- ASKONKUK Konkuk University 18 - 210.119.217.0/24 8899 0.1% AS9459 -- ASKONKUK Konkuk University 19 - 203.252.166.0/24 8897 0.1% AS9459 -- ASKONKUK Konkuk University 20 - 210.119.219.0/24 8897 0.1% AS9459 -- ASKONKUK Konkuk University Details at http://bgpupdates.potaroo.net ------------------------------------ Copies of this report are mailed to: nanog(a)merit.edu eof-list(a)ripe.net apops(a)apops.net routing-wg(a)ripe.net afnog(a)afnog.org

3 2

The Cidr Report
by cidr-report＠potaroo.net 21 Aug '09

21 Aug '09

This report has been generated at Fri Aug 21 21:11:35 2009 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date Prefixes CIDR Agg 14-08-09 299670 185428 15-08-09 300270 185630 16-08-09 300435 185798 17-08-09 300545 186310 18-08-09 300921 186382 19-08-09 300907 186378 20-08-09 301052 186537 21-08-09 300840 186721 AS Summary 32108 Number of ASes in routing system 13642 Number of ASes announcing only one prefix 4303 Largest number of prefixes announced by an AS AS4323 : TWTC - tw telecom holdings, inc. 89681920 Largest address span announced by an AS (/32s) AS27064: DNIC-ASBLK-27032-27159 - DoD Network Information Center Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 21Aug09 --- ASnum NetsNow NetsAggr NetGain % Gain Description Table 300851 186486 114365 38.0% All ASes AS6389 4181 325 3856 92.2% BELLSOUTH-NET-BLK - BellSouth.net Inc. AS4323 4303 1731 2572 59.8% TWTC - tw telecom holdings, inc. AS4766 1830 540 1290 70.5% KIXS-AS-KR Korea Telecom AS17488 1555 303 1252 80.5% HATHWAY-NET-AP Hathway IP Over Cable Internet AS22773 1086 71 1015 93.5% ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. AS18101 958 37 921 96.1% RIL-IDC Reliance Infocom Ltd Internet Data Centre, AS8151 1482 569 913 61.6% Uninet S.A. de C.V. AS19262 1039 236 803 77.3% VZGNI-TRANSIT - Verizon Internet Services Inc. AS4755 1227 432 795 64.8% TATACOMM-AS TATA Communications formerly VSNL is Leading ISP AS18566 1062 277 785 73.9% COVAD - Covad Communications Co. AS6478 1383 629 754 54.5% ATT-INTERNET3 - AT&T WorldNet Services AS8452 1002 287 715 71.4% TEDATA TEDATA AS10620 983 348 635 64.6% TV Cable S.A. AS1785 1729 1118 611 35.3% AS-PAETEC-NET - PaeTec Communications, Inc. AS4804 686 91 595 86.7% MPX-AS Microplex PTY LTD AS9498 635 64 571 89.9% BBIL-AP BHARTI Airtel Ltd. AS4808 762 211 551 72.3% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network AS7303 627 98 529 84.4% Telecom Argentina S.A. AS22047 541 14 527 97.4% VTR BANDA ANCHA S.A. AS855 618 131 487 78.8% CANET-ASN-4 - Bell Aliant Regional Communications, Inc. AS11492 1110 629 481 43.3% CABLEONE - CABLE ONE, INC. AS4134 998 534 464 46.5% CHINANET-BACKBONE No.31,Jin-rong Street AS3356 1211 754 457 37.7% LEVEL3 Level 3 Communications AS7018 1492 1053 439 29.4% ATT-INTERNET4 - AT&T WorldNet Services AS17676 564 127 437 77.5% GIGAINFRA Softbank BB Corp. AS4780 571 142 429 75.1% SEEDNET Digital United Inc. AS7545 839 413 426 50.8% TPG-INTERNET-AP TPG Internet Pty Ltd AS9443 515 94 421 81.7% INTERNETPRIMUS-AS-AP Primus Telecommunications AS7011 993 573 420 42.3% FRONTIER-AND-CITIZENS - Frontier Communications of America, Inc. AS5668 777 363 414 53.3% AS-5668 - CenturyTel Internet Holdings, Inc. Total 36759 12194 24565 66.8% Top 30 total Possible Bogus Routes 24.225.128.0/17 AS36377 PATRIOT-MEDIA-NJ - Comcast Telecommunications, Inc. 24.245.128.0/17 AS11492 CABLEONE - CABLE ONE, INC. 41.223.92.0/22 AS36936 CELTEL-GABON Celtel Gabon Internet Service 41.223.176.0/22 AS36981 41.223.188.0/24 AS22351 INTELSAT Intelsat Global BGP Routing Policy 41.223.189.0/24 AS26452 BRING-AS - BringCom, Inc. 43.245.0.0/16 AS7502 IP-KYOTO Internetwork Kyoto 43.245.96.0/20 AS7502 IP-KYOTO Internetwork Kyoto 43.245.112.0/20 AS7502 IP-KYOTO Internetwork Kyoto 43.245.192.0/20 AS7502 IP-KYOTO Internetwork Kyoto 43.245.208.0/20 AS7502 IP-KYOTO Internetwork Kyoto 43.245.224.0/20 AS7502 IP-KYOTO Internetwork Kyoto 62.61.220.0/24 AS24974 TACHYON-EU Tachyon Europe BV - Wireless Broadband via Satellite 62.61.221.0/24 AS24974 TACHYON-EU Tachyon Europe BV - Wireless Broadband via Satellite 63.140.213.0/24 AS22555 UTC - Universal Talkware Corporation 63.143.251.0/24 AS22555 UTC - Universal Talkware Corporation 64.31.32.0/19 AS11955 SCRR-11955 - Road Runner HoldCo LLC 64.72.112.0/20 AS19166 64.79.88.0/24 AS26096 LODDEN - Lodden Services 64.79.89.0/24 AS26096 LODDEN - Lodden Services 64.247.160.0/20 AS10937 IIS - Island Internet Services 66.128.38.0/24 AS15246 Telecomunicaciones Satelitales TelesatS.A. 66.180.239.0/24 AS35888 VIGNETTE - VIGNETTE CORPORATION 66.206.32.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.33.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.34.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.35.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.40.0/22 AS174 COGENT Cogent/PSI 66.206.44.0/23 AS174 COGENT Cogent/PSI 66.206.47.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 66.207.32.0/20 AS23011 66.241.112.0/20 AS21547 REVNETS - Revolution Networks 66.245.176.0/20 AS19318 NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC 69.6.80.0/24 AS13442 69.6.81.0/24 AS13442 69.71.192.0/20 AS13818 PHX-INTL-TELEPORT - Phoenix International Teleport 69.80.224.0/19 AS19166 74.120.160.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.161.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.162.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.163.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.164.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.165.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.166.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.167.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.168.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.169.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.170.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.171.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.172.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.173.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.174.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 74.120.175.0/24 AS19262 VZGNI-TRANSIT - Verizon Internet Services Inc. 80.88.10.0/24 AS33774 DJAWEB 80.88.12.0/24 AS33779 wataniya-telecom-as 95.143.64.0/20 AS30781 JAGUAR-AS AS for Jaguar Network 96.8.64.0/18 AS19166 96.8.127.0/24 AS19166 100.100.100.0/30 AS38676 AS33005-AS-KR wizsolution co.,Ltd 116.50.0.0/24 AS17754 EXCELL-AS Excellmedia 117.120.56.0/21 AS4755 TATACOMM-AS TATA Communications formerly VSNL is Leading ISP 121.46.0.0/16 AS4134 CHINANET-BACKBONE No.31,Jin-rong Street 121.50.10.0/24 AS38236 121.50.13.0/24 AS38236 121.50.15.0/24 AS17625 BLAZENET-IN-AP BlazeNet's Network 121.50.168.0/21 AS9931 CAT-AP The Communication Authoity of Thailand, CAT 122.128.120.0/22 AS38456 PACTEL-AS-AP Pacific Teleports. 158.222.5.0/24 AS21580 SIERRA-ADVANTAGE - Sierra Advantage, Inc. 158.222.70.0/23 AS6137 SISNA - SISNA, Inc. 158.222.72.0/23 AS6137 SISNA - SISNA, Inc. 158.222.224.0/20 AS19864 O1COMM - O1 COMMUNICATIONS 158.222.224.0/22 AS19864 O1COMM - O1 COMMUNICATIONS 158.222.229.0/24 AS19864 O1COMM - O1 COMMUNICATIONS 163.142.0.0/16 AS2500 WIDE-BB WIDE Project 172.10.1.0/30 AS18305 POSNET POSDATA Co.,Ltd 178.0.0.0/16 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 178.1.0.0/21 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 178.1.24.0/24 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 192.9.0.0/16 AS11479 BRM-SUN-AS - Sun Microsystems, Inc 192.9.200.0/24 AS3602 AS3602-RTI - Rogers Telecom Inc. 192.64.85.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.69.107.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.69.108.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.69.177.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.70.164.0/24 AS25689 NRCNET-AS - National Research Council of Canada 192.96.37.0/24 AS10474 NETACTIVE 192.96.141.0/24 AS2018 TENET-1 192.96.177.0/24 AS6083 POSIX-AFRICA 192.101.45.0/24 AS2905 TICSA-ASN 192.101.46.0/24 AS6503 Avantel, S.A. 192.101.64.0/21 AS702 AS702 Verizon Business EMEA - Commercial IP service provider in Europe 192.101.70.0/24 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 192.101.71.0/24 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 192.101.72.0/24 AS702 AS702 Verizon Business EMEA - Commercial IP service provider in Europe 192.101.74.0/24 AS1239 SPRINTLINK - Sprint 192.124.248.0/23 AS680 DFN-IP service X-WiN 192.124.252.0/22 AS680 DFN-IP service X-WiN 192.131.233.0/24 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 192.132.58.0/24 AS20141 QUALITYTECH-SUW-300 - Quality Technology Services, LLC. 192.133.6.0/24 AS10282 ORANGE-BUSINESS-SERVICES-CEEUR Orange Business Services (formerly Equant) AS for CEEUR 192.139.3.0/24 AS23184 PERSONA - PERSONA COMMUNICATIONS INC. 192.153.144.0/21 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 192.154.32.0/19 AS81 NCREN - MCNC 192.188.208.0/20 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 193.24.196.0/22 AS6714 ATOMNET ATOM SA 193.33.148.0/23 AS30890 EVOLVA Evolva Telecom / iLink Telecom 195.16.90.0/24 AS34377 BROKER-AS Przedsiebiorstwo Broker Service Sp. Z o.o. 195.225.58.0/24 AS6714 ATOMNET ATOM SA 196.6.108.0/24 AS5713 SAIX-NET 196.202.224.0/21 AS8818 TELE Greenland Autonomous System 198.1.2.0/24 AS4761 INDOSAT-INP-AP INDOSAT Internet Network Provider 198.23.26.0/24 AS4390 BELLATLANTIC-COM - Bell Atlantic, Inc. 198.73.210.0/24 AS21570 ACI-1 - Accelerated Connections Inc. 198.97.72.0/21 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 198.97.96.0/19 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 198.97.240.0/20 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 198.135.236.0/24 AS4358 XNET - XNet Information Systems, Inc. 198.161.87.0/24 AS6539 GT-BELL - Bell Canada 198.161.92.0/24 AS6539 GT-BELL - Bell Canada 198.167.0.0/16 AS7456 INTERHOP - Interhop Network SERVICES Inc. 198.168.0.0/16 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 198.169.0.0/16 AS803 SASKTEL - Saskatchewan Telecommunications 198.180.198.0/24 AS23715 SEOUL-INTGW-GXS-AP Global Exchange Services 199.5.242.0/24 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 199.10.0.0/16 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.16.32.0/19 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 199.114.0.0/21 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.114.128.0/18 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.114.130.0/24 AS6045 DNIC-ASBLK-05800-06055 - DoD Network Information Center 199.114.131.0/24 AS6045 DNIC-ASBLK-05800-06055 - DoD Network Information Center 199.114.132.0/24 AS6045 DNIC-ASBLK-05800-06055 - DoD Network Information Center 199.114.134.0/24 AS3541 ITSDN-U4 - DoD Network Information Center 199.114.136.0/24 AS27044 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.114.138.0/24 AS6045 DNIC-ASBLK-05800-06055 - DoD Network Information Center 199.114.140.0/24 AS3544 ITSDN-U7 - DoD Network Information Center 199.114.142.0/24 AS6045 DNIC-ASBLK-05800-06055 - DoD Network Information Center 199.114.144.0/24 AS6045 DNIC-ASBLK-05800-06055 - DoD Network Information Center 199.114.148.0/24 AS6045 DNIC-ASBLK-05800-06055 - DoD Network Information Center 199.114.150.0/24 AS6045 DNIC-ASBLK-05800-06055 - DoD Network Information Center 199.114.152.0/24 AS27033 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.114.153.0/24 AS27034 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.114.154.0/24 AS1733 CENTAF-SWA - 754th Electronic Systems Group 199.114.156.0/24 AS1733 CENTAF-SWA - 754th Electronic Systems Group 199.114.160.0/24 AS1733 CENTAF-SWA - 754th Electronic Systems Group 199.121.0.0/16 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.123.0.0/18 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.123.16.0/20 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.123.80.0/21 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.189.32.0/19 AS7332 IQUEST-AS - IQuest Internet 199.202.0.0/16 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 199.202.216.0/21 AS577 BACOM - Bell Canada 199.233.92.0/24 AS26896 ITCOMM - IT Communications 199.246.116.0/24 AS813 UUNET-CANADA - MCI Communications Services, Inc. d/b/a Verizon Business 200.9.115.0/24 AS10292 CWJ-1 - Cable & Wireless Jamaica 200.108.176.0/20 AS14551 UUNET-SA - MCI Communications Services, Inc. d/b/a Verizon Business 202.6.176.0/20 AS24316 202.58.113.0/24 AS19161 202.73.144.0/20 AS4788 TMNET-AS-AP TM Net, Internet Service Provider 202.80.192.0/20 AS2706 PI-HK Pacnet Internet (Hong Kong) Limited 202.84.10.0/23 AS9308 CHINA-ABITCOOL Abitcool(China) Inc. 202.86.252.0/22 AS4748 RESOLINK-AS-AP Resources Link Network Limited 202.86.252.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.253.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.254.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.255.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.94.1.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.94.70.0/24 AS2764 AAPT AAPT Limited 202.124.195.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 202.125.113.0/24 AS9541 CYBERNET-AP Cyber Internet Services (Pvt) Ltd. 202.125.114.0/24 AS9541 CYBERNET-AP Cyber Internet Services (Pvt) Ltd. 202.125.115.0/24 AS9541 CYBERNET-AP Cyber Internet Services (Pvt) Ltd. 202.133.37.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 202.133.47.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 202.133.70.0/24 AS38616 WORLDCALL-AS-KHI Worldcall Telecom Limited 202.133.73.0/24 AS38616 WORLDCALL-AS-KHI Worldcall Telecom Limited 202.136.254.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.136.255.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.140.160.0/24 AS4841 202.140.161.0/24 AS4841 202.140.162.0/24 AS4841 202.140.163.0/24 AS4841 202.140.164.0/24 AS4841 202.140.165.0/24 AS4841 202.140.166.0/24 AS4841 202.140.167.0/24 AS4841 202.140.168.0/24 AS4841 202.140.169.0/24 AS4841 202.140.170.0/24 AS4841 202.140.171.0/24 AS4841 202.140.172.0/24 AS4841 202.140.173.0/24 AS4841 202.140.174.0/24 AS4841 202.140.175.0/24 AS4841 202.140.180.0/24 AS7540 HKCIX-AS-AP HongKong Commercial Internet Exchange 202.140.181.0/24 AS7540 HKCIX-AS-AP HongKong Commercial Internet Exchange 202.140.182.0/24 AS7540 HKCIX-AS-AP HongKong Commercial Internet Exchange 202.150.227.0/24 AS17727 NAPINFO-AS-AP PT. NAP Info Lintas Nusa 202.174.70.0/24 AS21175 M-LINK M-Link Teleport s.a. 202.181.32.0/24 AS4645 ASN-HKNET-AP HKNet Co. Ltd 203.12.45.0/24 AS4854 NETSPACE-AS-AP Netspace Online Systems 203.62.0.0/17 AS7575 AARNET-AS-AP Australian Academic and Reasearch Network (AARNet) 203.78.48.0/20 AS9299 IPG-AS-AP Philippine Long Distance Telephone Company 203.80.136.0/21 AS4759 EVOSERVE-AS-AP EvoServe is a content and online access Internet provider company 203.86.96.0/19 AS4755 TATACOMM-AS TATA Communications formerly VSNL is Leading ISP 203.89.139.0/24 AS17911 BRAINPK-AS-AP Brain Telecommunication Ltd. 203.112.111.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.113.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.114.0/24 AS4802 ASN-IINET iiNet Limited 203.112.116.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.117.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.118.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.119.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.120.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.121.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.127.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.128.128.0/24 AS23849 CNNIC-NET263-AP Beijing Capital-online science development Co.,Ltd. 203.142.219.0/24 AS45149 203.189.96.0/20 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 204.9.216.0/23 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 204.9.218.0/23 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 204.19.14.0/23 AS577 BACOM - Bell Canada 204.89.214.0/24 AS4323 TWTC - tw telecom holdings, inc. 204.138.167.0/24 AS18990 AIRBAND-DALLAS - Airband Communications, Inc 204.197.0.0/16 AS3356 LEVEL3 Level 3 Communications 205.150.0.0/15 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 205.189.134.0/24 AS11814 CYBERSURF - Cybersurf Inc. 205.210.145.0/24 AS11814 CYBERSURF - Cybersurf Inc. 206.180.240.0/20 AS12083 KNOLOGY-NET - Knology Holdings 207.166.112.0/20 AS10937 IIS - Island Internet Services 207.174.0.0/16 AS13790 INTERNAP-BLK3 - Internap Network Services Corporation 207.174.131.0/24 AS30715 NETRACK - Netrack, Inc. 207.174.132.0/23 AS30715 NETRACK - Netrack, Inc. 207.174.151.0/24 AS11500 PEAKPEAK - Peak to Peak Internet 207.174.152.0/22 AS30715 NETRACK - Netrack, Inc. 207.174.177.0/24 AS11500 PEAKPEAK - Peak to Peak Internet 207.174.178.0/24 AS11500 PEAKPEAK - Peak to Peak Internet 207.174.182.0/24 AS29831 FONENET - FONE NET, LLC 207.174.188.0/22 AS30715 NETRACK - Netrack, Inc. 207.174.192.0/24 AS29831 FONENET - FONE NET, LLC 207.174.200.0/24 AS22658 EARTHNET - Earthnet, Inc. 207.174.248.0/21 AS6653 PRIVATEI - privateI, LLC 207.231.96.0/19 AS11194 NUNETPA - NuNet Inc. 208.73.88.0/21 AS36835 208.77.224.0/24 AS36835 208.77.225.0/24 AS36835 208.77.226.0/24 AS36835 208.77.227.0/24 AS36835 208.77.228.0/24 AS36835 208.77.229.0/24 AS36835 208.77.230.0/24 AS36835 208.77.231.0/24 AS36835 208.87.152.0/21 AS25973 MZIMA - Mzima Networks, Inc. 209.54.123.0/24 AS6062 NETPLEX - NETPLEX 209.54.240.0/21 AS10887 BPSI-AS - BPSI Internet Services 209.74.96.0/19 AS10912 INTERNAP-BLK - Internap Network Services Corporation 209.140.90.0/24 AS14461 NTSL - NET SOLUTIONS 209.141.48.0/22 AS14461 NTSL - NET SOLUTIONS 209.217.224.0/19 AS6130 AIS-WEST - American Internet Services, LLC. 209.222.5.0/24 AS26699 PSI-CT - Printing For Systems Inc 210.5.128.0/20 AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone 210.247.224.0/19 AS7496 WEBCENTRAL-AS WebCentral 213.181.70.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.80.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.81.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.82.0/23 AS17175 NSS-UK New Skies Satellites UK AS 213.181.82.0/24 AS17175 NSS-UK New Skies Satellites UK AS 213.181.83.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.84.0/22 AS17175 NSS-UK New Skies Satellites UK AS 213.181.84.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.85.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.86.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.87.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.88.0/21 AS17175 NSS-UK New Skies Satellites UK AS 213.181.88.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.89.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.90.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.91.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.92.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.93.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.94.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 213.181.95.0/24 AS16422 NEWSKIES-NETWORKS - New Skies Satellites, Inc. 216.99.20.0/24 AS3356 LEVEL3 Level 3 Communications 216.163.144.0/20 AS35985 ONERINGNET-ATL-1 - One Ring Networks, Inc. 216.172.198.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 216.172.199.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 216.251.207.0/24 AS1239 SPRINTLINK - Sprint 217.78.71.0/24 AS12491 IPPLANET-AS Gilat Satcom 217.78.72.0/24 AS12491 IPPLANET-AS Gilat Satcom 217.78.73.0/24 AS12491 IPPLANET-AS Gilat Satcom Please see http://www.cidr-report.org for the full report ------------------------------------ Copies of this report are mailed to: nanog(a)merit.edu eof-list(a)ripe.net apops(a)apops.net routing-wg(a)ripe.net afnog(a)afnog.org

1 0

Packet Loss on Level3
by Dustin Schuemann 21 Aug '09

21 Aug '09

Is anyone else seeing packet loss on Level3. 6. ge-6-11-137.car2.Detroit1.Level3.net 2.9% 35 372.1 148.6 19.4 704.8 127.4 7. ae-11-11.car1.Detroit1.Level3.net 8.6% 35 268.1 161.5 21.3 691.8 156.0 8. ae-8-8.ebr2.Chicago1.Level3.net 0.0% 35 173.6 142.8 34.5 532.4 117.1 9. ae-21-52.car1.Chicago1.Level3.net 5.7% 35 78.1 210.3 35.7 631.2 157.9

2 1

Redundancy & Summarization
by Gaynor, Jonathan 21 Aug '09

21 Aug '09

My institution has a single /16 spread across 2 sites: the lower /17 is used at site A, the upper /17 at site B. Sites A & B are connected internally. Currently both sites have their own ISPs and only advertise their own /17's. For redundancy we proposed that each site advertise both their own /17 and the whole /16, so that an ISP failure at either site would trigger traffic from both /17s to reconverge towards the unaffected location. My worry/question: will carriers down the line auto-summarize my advertisements into a single /16, resulting in a 'load sharing' while both sites are active? If you're a backbone carrier and you saw x.x/16 and x.x/17 (or x.x/16 and x.x.128/17) being advertised from the same peer would you drop the longer match? Regards and thanks, Jon Gaynor, Senior Network Engineer Fox Chase Cancer Center (215) 214-4267, jonathan.gaynor(a)fccc.edu

4 3

F5/Cisco catalyst configuration question
by Scott Spencer 20 Aug '09

20 Aug '09

Trying to link an F5 Local Traffic Manager with a Cisco Catalyst 6500 , have matched ports (speed,duplex ect..) but no link light at all on the F5. Does link with a Cisco 2950 switch in between but I need a direct connection with the 6500. Any suggestions what to try? Best regards, Scott Spencer Data Center Asset Recovery/Remarketing Manager Duane Whitlow & Co. Inc. Nationwide Toll Free: 800.977.7473. Direct: 972.865.1395 Fax: 972.931.3340 <mailto:scott@dwc-computer.com> scott(a)dwc-computer.com <http://www.dwc-it.com/> www.dwc-it.com Cisco/Juniper/F5/Foundry/Brocade/Sun/IBM/Dell/Liebert and more ~

7 7

IPv6 Addressing Help
by Chris Gotstein 20 Aug '09

20 Aug '09

We are a small ISP that is in the process of setting up IPv6 on our network. We already have the ARIN allocation and i have a couple routers and servers running dual stack. Wondering if someone out there would be willing to give me a few pointers on setting up my addressing scheme? I've been mulling over how to do it, and i think i'm making it more complicated than it needs to be. You can hit me offlist if you wish to help. Thanks. -- Chris Gotstein Sr Network Engineer UP Logon/Computer Connection UP 500 N Stephenson Ave Iron Mountain, MI 49801 Phone: 906-774-4847 Fax: 906-774-0335 chris(a)uplogon.com

26 42

Fwd: [Full-disclosure] Cisco Security Advisory: Firewall Services Module Crafted ICMP Message Vulnerability
by John Kinsella 19 Aug '09

19 Aug '09

FYI...I thought PSIRT sent security notices to nanog? Begin forwarded message: > From: Cisco Systems Product Security Incident Response Team <psirt(a)cisco.com > > > Date: August 19, 2009 10:12:26 AM PDT > To: full-disclosure(a)lists.grok.org.uk > Cc: psirt(a)cisco.com > Subject: [Full-disclosure] Cisco Security Advisory: Firewall > Services Module Crafted ICMP Message Vulnerability > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Cisco Security Advisory: Firewall Services Module Crafted ICMP Message > Vulnerability > > Advisory ID: cisco-sa-20090819-fwsm > > http://www.cisco.com/warp/public/707/cisco-sa-20090819-fwsm.shtml > > Revision 1.0 > > For Public Release 2009 August 19 1600 UTC (GMT) > > Summary > ======= > > A vulnerability exists in the Cisco Firewall Services Module (FWSM) > for > the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The > vulnerability may cause the FWSM to stop forwarding traffic and may be > triggered while processing multiple, crafted ICMP messages. > > There are no known instances of intentional exploitation of this > vulnerability. However, Cisco has observed data streams that appear to > trigger this vulnerability unintentionally. > > Cisco has released free software updates that address this > vulnerability. > > This advisory is posted at > http://www.cisco.com/warp/public/707/cisco-sa-20090819-fwsm.shtml. > > Affected Products > ================= > > Vulnerable Products > - ------------------- > > All non-fixed 2.x, 3.x and 4.x versions of the FWSM software are > affected by this vulnerability. > > To determine the version of the FWSM software that is running, issue > the "show module" command-line interface (CLI) command from Cisco IOS > Software or Cisco Catalyst Operating System Software to identify what > modules and sub-modules are installed in the system. > > The following example shows a system with an FWSM (WS-SVC-FWM-1) > installed in slot 4. > > switch#show module > Mod Ports Card Type Model > Serial No. > --- ----- -------------------------------------- ----------------- > ----------- > 1 48 SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX > SAxxxxxxxxx > 4 6 Firewall Module WS-SVC-FWM-1 > SAxxxxxxxxx > 5 2 Supervisor Engine 720 (Active) WS-SUP720-BASE > SAxxxxxxxxx > 6 2 Supervisor Engine 720 (Hot) WS-SUP720-BASE > SAxxxxxxxxx > > After locating the correct slot, issue the "show module <slot number>" > command to identify the software version that is running. > > switch#show module 4 > Mod Ports Card Type Model > Serial No. > --- ----- -------------------------------------- ----------------- > ----------- > 4 6 Firewall Module WS-SVC-FWM-1 > SAxxxxxxxxx > > Mod MAC addresses Hw Fw > Sw Status > --- --------------------------------- ------ ------------ > ------------ ------- > 4 0003.e4xx.xxxx to 0003.e4xx.xxxx 3.0 7.2(1) > 3.2(3) Ok > > The preceding example shows that the FWSM is running software version > 3.2(3) as indicated by the column under "Sw". > > Note: Recent versions of Cisco IOS Software will show the software > version of each module in the output from the "show module" command; > therefore, executing the "show module <slot number>" command is not > necessary. > > If a Virtual Switching System (VSS) is used to allow two physical > Cisco > Catalyst 6500 Series Switches to operate as a single logical virtual > switch, the "show module switch all" command can display the software > version of all FWSMs that belong to switch 1 and switch 2. The output > from this command will be similar to the output from the "show module > <slot number>" but will include module information for the modules in > each switch in the VSS. > > Alternatively, version information can be obtained directly from the > FWSM through the "show version" command, as shown in the following > example. > > FWSM#show version > FWSM Firewall Version 3.2(3) > > Customers who use the Cisco Adaptive Security Device Manager (ASDM) to > manage their devices can find the version of the software displayed in > the table in the login window or in the upper left corner of the ASDM > window. The version notation is similar to the following example. > > FWSM Version: 3.2(3) > > Products Confirmed Not Vulnerable > - --------------------------------- > > Other Cisco products that offer firewall services, including Cisco IOS > Software, Cisco ASA 5500 Series Adaptive Security Appliances, and > Cisco > PIX Security Appliances, are not affected by this vulnerability. > > No other Cisco products are currently known to be affected by this > vulnerability. > > Details > ======= > > The Cisco FWSM is a high-speed, integrated firewall module for > Catalyst > 6500 Series Switches and Cisco 7600 Series Routers. The FWSM offers > firewall services with stateful packet filtering and deep packet > inspection. > > A vulnerability exists in the Cisco FWSM Software that may cause > the FWSM to stop forwarding traffic between interfaces, or stop > processing traffic that is directed at the FWSM (management traffic) > after multiple, crafted ICMP messages are processed by the FWSM. Any > traffic that transits or is directed towards the FWSM is affected, > regardless of whether ICMP inspection ("inspect icmp" command under > Class configuration mode) is enabled. > > The FWSM stops processing traffic because one of the Network > Processors > (NPs) that is used by the FWSM to handle traffic may use all available > execution threads while handling a specific type of crafted ICMP > messages. This behavior limits the execution threads that are > available > to handle additional traffic. > > Administrators may be able to determine if the FWSM has been affected > by this vulnerability by issuing the "show np 2 stats" command. If > this > command produces output showing various counters and their values, as > shown in the example CLI output that follows, the FWSM has not been > affected by the vulnerability. If the command returns a single line > that > reads "ERROR: np_logger_query request for FP Stats failed", the FWSM > may > have been affected by the vulnerability. > > FWSM#show np 2 stats > - > ------------------------------------------------------------------------------- > Fast Path 64 bit Global Statistics Counters (NP-2) > > - > ------------------------------------------------------------------------------- > PKT_MNG: total packets (dot1q) rcvd : 10565937 > PKT_MNG: total packets (dot1q) sent : 4969517 > PKT_MNG: total packets (dot1q) dropped : 65502 > PKT_MNG: TCP packets received : 0 > PKT_MNG: UDP packets received : 4963509 > PKT_MNG: ICMP packets received : 0 > PKT_MNG: ARP packets received : 2 > PKT_MNG: other protocol pkts received : 0 > PKT_MNG: default (no IP/ARP) dropped : 0 > SESS_MNG: sessions created : 18 > SESS_MNG: sessions embryonic to active : 0 > [...] > > An FWSM that stops processing traffic as a result of this > vulnerability > will need to be reloaded. Administrators can reload the FWSM from the > supervisor of the Catalyst 6500 Series Switch or the Cisco 7600 Series > Router by issuing the command "hw-module module <slot # for FWSM> > reset" > (Cisco IOS Software), or "set module power up| down <module #>" (Cisco > CatOS Software). Note that unless the FWSM software is updated to a > non-vulnerable version, or crafted ICMP messages are blocked (see the > Workarounds section for details), the FWSM can still be subject to > exploitation (intentional or otherwise) after a reload. > > If an FWSM that is configured for failover operation encounters this > issue, the active FWSM may not properly fail over to the standby FWSM. > > IPv6 (in particular ICMPv6) cannot trigger this vulnerability. > > This issue is documented in Cisco Bug ID CSCsz97207 and has been > assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-0638. > > Vulnerability Scoring Details > +---------------------------- > > Cisco has provided scores for the vulnerability in this advisory based > on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in > this Security Advisory is done in accordance with CVSS version 2.0. > > CVSS is a standards-based scoring method that conveys vulnerability > severity and helps determine urgency and priority of response. > > Cisco has provided a base and temporal score. Customers can then > compute environmental scores to assist in determining the impact of > the > vulnerability in individual networks. > > Cisco has provided a FAQ to answer additional questions regarding CVSS > at: > > http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html > > Cisco has also provided a CVSS calculator to help compute the > environmental impact for individual networks at: > > http://intellishield.cisco.com/security/alertmanager/cvss > > > * NP 2 threads lock due to processing crafted ICMP message > (CSCsz97207) > > CVSS Base Score - 7.8 > Access Vector - Network > Access Complexity - Low > Authentication - None > Confidentiality Impact - None > Integrity Impact - None > Availability Impact - Complete > > CVSS Temporal Score - 6.4 > Exploitability - Functional > Remediation Level - Official-Fix > Report Confidence - Confirmed > > > Impact > ====== > > Successful exploitation of the vulnerability may cause the FWSM to > stop forwarding traffic between interfaces (transit traffic), and stop > processing traffic directed at the FWSM (management traffic). If the > FWSM is configured for failover operation, the active FWSM may not > fail > over to the standby FWSM. > > Software Versions and Fixes > =========================== > > When considering software upgrades, also consult > http://www.cisco.com/go/psirt and any subsequent advisories to > determine > exposure and a complete upgrade solution. > > In all cases, customers should exercise caution to be certain the > devices to be upgraded contain sufficient memory and that current > hardware and software configurations will continue to be supported > properly by the new release. If the information is not clear, contact > the Cisco Technical Assistance Center (TAC) or your contracted > maintenance provider for assistance. > > Each row of the FWSM software table below describes a major FWSM > software train and the earliest possible release within that train > that > contains the fix (the "First Fixed Release") and the anticipated > date of > availability (if not currently available) in the "First Fixed Release" > column. A device running a release that is earlier than the release in > a specific column (less than the First Fixed Release) is known to be > vulnerable. The release should be upgraded at least to the indicated > release or a later version (greater than or equal to the First Fixed > Release label). > > +---------------------------------------+ > | Major | First Fixed Release | > | Release | | > |------------+--------------------------| > | 2.x | Vulnerable; migrate to | > | | 3.x or 4.x | > |------------+--------------------------| > | 3.1 | 3.1(16) | > |------------+--------------------------| > | 3.2 | 3.2(13) | > |------------+--------------------------| > | 4.0 | 4.0(6) | > +---------------------------------------+ > > Fixed FWSM software can be downloaded from the Software Center on > cisco.com by visiting http://www.cisco.com/public/sw-center/ > index.shtml > and navigating to "Security" > "Cisco Catalyst 6500 Series Firewall > Services Module" > "Firewall Services Module (FWSM) Software". > > Workarounds > =========== > > There are no workarounds for this vulnerability. Access control lists > (ACLs) that are deployed on the FWSM itself to block through-the- > device > or to-the-device ICMP messages are not effective to prevent this > vulnerability. However, blocking unnecessary ICMP messages on > screening > devices or on devices in the path to the FWSM will prevent the FWSM > from triggering the vulnerability. For example, the following ACL, > when deployed on a Cisco IOS device in front of the FWSM, will prevent > crafted ICMP messages from reaching the FWSM, and thus protect the > FWSM > from triggering the vulnerability: > > access-list 101 permit icmp any any echo > access-list 101 permit icmp any any echo-reply > access-list 101 permit icmp any any traceroute > access-list 101 permit icmp any any packet-too-big > access-list 101 permit icmp any any time-exceeded > access-list 101 permit icmp any any host-unreachable > access-list 101 permit icmp any any unreachable > access-list 101 deny icmp any any > access-list 101 permit ip any any > > This sample ACL is allowing certain ICMP messages that are vital for > network troubleshooting and for proper operation of the network. It is > safe to allow any other ICMP messages for which the Cisco IOS Software > "access-list" command has named ICMP type keywords. ACLs like the one > in the preceding example may also be deployed on non-Cisco IOS > devices, > such as the Cisco PIX and ASA security appliances, although the ACL > syntax on non-Cisco IOS devices may not support all the named ICMP > type > keywords that the Cisco IOS ACL syntax supports. However, on non-Cisco > IOS devices, it is safe to permit all ICMP messages for which there > are > named ICMP type keywords in the ACL syntax. > > As mentioned in the Details section, if the FWSM has stopped > processing > traffic due to this vulnerability, the FWSM will require a reload. > Administrators can reload the FWSM by logging in to the supervisor > of the Catalyst 6500 Series Switch or the Cisco 7600 Series router > and issuing the "hw-module module <slot # for FWSM> reset" (Cisco > IOS Software), or "set module power up|down <module #>" (Cisco CatOS > Software) commands. > > Additional mitigations that can be deployed on Cisco devices within > the > network are available in the Cisco Applied Mitigation Bulletin > companion > document for this advisory, which is available at the following link: > > http://www.cisco.com/warp/public/707/cisco-amb-20090819-fwsm.shtml. > > Obtaining Fixed Software > ======================== > > Cisco has released free software updates that address this > vulnerability. Prior to deploying software, customers should consult > their maintenance provider or check the software for feature set > compatibility and known issues specific to their environment. > > Customers may only install and expect support for the feature > sets they have purchased. By installing, downloading, accessing > or otherwise using such software upgrades, customers agree to be > bound by the terms of Cisco's software license terms found at > http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, > or as otherwise set forth at Cisco.com Downloads at > http://www.cisco.com/public/sw-center/sw-usingswc.shtml. > > Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for > software > upgrades. > > Customers with Service Contracts > - -------------------------------- > > Customers with contracts should obtain upgraded software through their > regular update channels. For most customers, this means that upgrades > should be obtained through the Software Center on Cisco's worldwide > website at http://www.cisco.com. > > Customers using Third Party Support Organizations > - ------------------------------------------------- > > Customers whose Cisco products are provided or maintained through > prior > or existing agreements with third-party support organizations, such > as Cisco Partners, authorized resellers, or service providers should > contact that support organization for guidance and assistance with the > appropriate course of action in regards to this advisory. > > The effectiveness of any workaround or fix is dependent on specific > customer situations, such as product mix, network topology, traffic > behavior, and organizational mission. Due to the variety of affected > products and releases, customers should consult with their service > provider or support organization to ensure any applied workaround or > fix > is the most appropriate for use in the intended network before it is > deployed. > > Customers without Service Contracts > - ----------------------------------- > > Customers who purchase direct from Cisco but do not hold a Cisco > service > contract, and customers who purchase through third-party vendors but > are > unsuccessful in obtaining fixed software through their point of sale > should acquire upgrades by contacting the Cisco Technical Assistance > Center (TAC). TAC contacts are as follows. > > * +1 800 553 2447 (toll free from within North America) > * +1 408 526 7209 (toll call from anywhere in the world) > * e-mail: tac(a)cisco.com > > Customers should have their product serial number available and be > prepared to give the URL of this notice as evidence of entitlement > to a > free upgrade. Free upgrades for non-contract customers must be > requested > through the TAC. > > Refer to > http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html > for additional TAC contact information, including localized telephone > numbers, and instructions and e-mail addresses for use in various > languages. > > Exploitation and Public Announcements > ===================================== > > The Cisco PSIRT is not aware of any public announcements or malicious > use of the vulnerability described in this advisory, but Cisco is > aware > of customers that have encountered this vulnerability during normal > network operation. > > This vulnerability was discovered during the handling of customer > support cases. > > Status of this Notice: FINAL > ============================ > > THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY > ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF > MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE > INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS > AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS > DOCUMENT AT ANY TIME. > > A stand-alone copy or Paraphrase of the text of this document that > omits > the distribution URL in the following section is an uncontrolled copy, > and may lack important information or contain factual errors. > > Distribution > ============ > > This advisory is posted on Cisco's worldwide website at: > > http://www.cisco.com/warp/public/707/cisco-sa-20090819-fwsm.shtml > > In addition to worldwide web posting, a text version of this notice is > clear-signed with the Cisco PSIRT PGP key and is posted to the > following > e-mail and Usenet news recipients. > > * cust-security-announce(a)cisco.com > * first-bulletins(a)lists.first.org > * bugtraq(a)securityfocus.com > * vulnwatch(a)vulnwatch.org > * cisco(a)spot.colorado.edu > * cisco-nsp(a)puck.nether.net > * full-disclosure(a)lists.grok.org.uk > * comp.dcom.sys.cisco(a)newsgate.cisco.com > > Future updates of this advisory, if any, will be placed on Cisco's > worldwide website, but may or may not be actively announced on mailing > lists or newsgroups. Users concerned about this problem are encouraged > to check the above URL for any updates. > > Revision History > ================ > > +------------------------------------------------------------+ > | Revision 1.0 | 2009-August-19 | Initial public release | > +------------------------------------------------------------+ > > Cisco Security Procedures > ========================= > > Complete information on reporting security vulnerabilities > in Cisco products, obtaining assistance with security > incidents, and registering to receive security information > from Cisco, is available on Cisco's worldwide website at > http://www.cisco.com/en/US/products/products_security_vulnerability_policy.… > . > This includes instructions for press inquiries regarding > Cisco security notices. All Cisco security advisories are available at > http://www.cisco.com/go/psirt. > > +-------------------------------------------------------------------- > Copyright 2008-2009 Cisco Systems, Inc. All rights reserved. > +-------------------------------------------------------------------- > > Updated: Aug 19, 2009 Document ID: 110460 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkqMMFYACgkQ86n/Gc8U/uA2jACeLVA38jWbQv4AGpSCvOPVJjgR > NqUAniMoiEUkV/JIDlo1xA0ztaO6jCFR > =2Tm1 > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/

1 0

ALTER.NET Issues in Seattle
by Gary T. Giesen 19 Aug '09

19 Aug '09

Seeing issues with Alter.net in Seattle to a Qwest DSL customer in Portland (and looks like a possible routing loop as well) from Calgary: traceroute 63.227.218.201 Type escape sequence to abort. Tracing the route to 63.227.218.201 1 gw-V4051.bb101-2420-1.cgy.akn.ca (209.90.250.33) 0 msec 0 msec 0 msec 2 maxtnt01-sdf-463.fast.net (204.92.61.209) 0 msec 0 msec 0 msec 3 125.at-6-0-0.XT2.CAL1.ALTER.NET (152.63.138.122) 0 msec 0 msec 0 msec 4 POS5-0.BR1.SEA1.ALTER.NET (152.63.105.85) 224 msec 212 msec 200 msec 5 POS5-0.BR1.SEA1.ALTER.NET (152.63.105.85) 188 msec 184 msec 192 msec 6 204.255.169.30 (204.255.169.30) 192 msec 192 msec 196 msec 7 sea-core-02.inet.qwest.net (205.171.26.85) 200 msec 204 msec 204 msec 8 por-core-01.inet.qwest.net (67.14.1.237) 208 msec 212 msec 224 msec 9 ptld-agw1.inet.qwest.net (205.171.130.26) 240 msec 232 msec 236 msec 10 ptld-dsl-gw34-10.ptld.qwest.net (207.225.86.10) 236 msec 244 msec 236 msec 11 x.x.x.x (x.x.x.x) 296 msec * 252 msec Seeing pings jump from 0 ms to 200+ ms at hop 4 (which also appears as hop 5), and is definitely *not* explained by geographical distance. Traceroute from my Toronto POP are fine: traceroute 63.227.218.201 traceroute to 63.227.218.201 (63.227.218.201), 30 hops max, 60 byte packets 1 ge0-1.cyan.akn.ca (66.135.102.132) 1.506 ms 1.498 ms 1.482 ms 2 ge-0-0-3.V4022.smalt.akn.ca (66.135.108.85) 2.198 ms 2.193 ms 2.180 ms 3 te3-5.1244.ccr02.yyz02.atlas.cogentco.com (38.112.93.49) 1.640 ms 1.634 ms 1.624 ms 4 te3-2.ccr01.ord01.atlas.cogentco.com (66.28.4.213) 16.861 ms 16.884 ms te9-8.ccr01.ord01.atlas.cogentco.com (154.54.27.241) 16.890 ms 5 154.54.29.18 (154.54.29.18) 17.594 ms 17.594 ms 17.582 ms 6 qwest.ord03.atlas.cogentco.com (154.54.10.186) 17.001 ms 16.384 ms qwest.ord03.atlas.cogentco.com (154.54.12.106) 16.435 ms 7 cer-core-01.inet.qwest.net (205.171.139.113) 16.480 ms 16.795 ms 16.802 ms 8 por-core-01.inet.qwest.net (67.14.1.237) 72.435 ms 72.472 ms 72.448 ms 9 ptld-agw1.inet.qwest.net (205.171.130.26) 72.502 ms 72.473 ms 72.473 ms 10 ptld-dsl-gw34-10.ptld.qwest.net (207.225.86.10) 72.985 ms 72.958 ms 72.626 ms 11 x.x.x.x (x.x.x.x) 134.030 ms * * Anyone else seeing the same thing? GG

1 1

Cisco Security Advisory: Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability
by Cisco Systems Product Security Incident Response Team 18 Aug '09

18 Aug '09

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability Advisory ID: cisco-sa-20090818-bgp http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml Revision 1.0 For Public Release 2009 August 18 1500 UTC (GMT) - --------------------------------------------------------------------- Summary ======= Cisco IOS XR will reset a Border Gateway Protocol (BGP) peering session when receiving a specific invalid BGP update. The vulnerability manifests when a BGP peer announces a prefix with a specific invalid attribute. On receipt of this prefix, the Cisco IOS XR device will restart the peering session by sending a notification. The peering session will flap until the sender stops sending the invalid/corrupt update. This is a different vulnerability to what was disclosed in the Cisco Security Advisory "Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities" disclosed on the 2009 July 29 1600 UTC at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Cisco is preparing to release free software maintenance upgrade (SMU) that address this vulnerability. This advisory will be updated once the SMU is available. A workaround that mitigates this vulnerability is available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml Affected Products ================= This vulnerability affects all Cisco IOS XR software devices after and including software release 3.4.0 configured with BGP routing. Vulnerable Products +------------------ To determine the Cisco IOS XR Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS XR Software by displaying text similar to "Cisco IOS XR Software". The software version is displayed after the text "Cisco IOS XR Software". The following example identifies a Cisco CRS-1 that is running Cisco IOS XR Software Release 3.6.2: RP/0/RP0/CPU0:CRS#show version Tue Aug 18 14:25:17.407 AEST Cisco IOS XR Software, Version 3.6.2[00] Copyright (c) 2008 by Cisco Systems, Inc. ROM: System Bootstrap, Version 1.49(20080319:195807) [CRS-1 ROMMON], CRS uptime is 4 weeks, 4 days, 1 minute System image file is "disk0:hfr-os-mbi-3.6.2/mbihfr-rp.vm" cisco CRS-8/S (7457) processor with 4194304K bytes of memory. 7457 processor at 1197Mhz, Revision 1.2 17 Packet over SONET/SDH network interface(s) 1 DWDM controller(s) 17 SONET/SDH Port controller(s) 8 TenGigabitEthernet/IEEE 802.3 interface(s) 2 Ethernet/IEEE 802.3 interface(s) 1019k bytes of non-volatile configuration memory. 38079M bytes of hard disk. 981440k bytes of ATA PCMCIA card at disk 0 (Sector size 512 bytes). Configuration register on node 0/0/CPU0 is 0x102 Boot device on node 0/0/CPU0 is mem: !--- output truncated The following example identifies a Cisco 12404 router that is running Cisco IOS XR Software Release 3.7.1: RP/0/0/CPU0:GSR#show version Cisco IOS XR Software, Version 3.7.1[00] Copyright (c) 2008 by Cisco Systems, Inc. ROM: System Bootstrap, Version 12.0(20051020:160303) SOFTWARE Copyright (c) 1994-2005 by cisco Systems, Inc. GSR uptime is 3 weeks, 6 days, 3 hours, 20 minutes System image file is "disk0:c12k-os-mbi-3.7.1/mbiprp-rp.vm" cisco 12404/PRP (7457) processor with 2097152K bytes of memory. 7457 processor at 1266Mhz, Revision 1.2 1 Cisco 12000 Series Performance Route Processor 1 Cisco 12000 Series - Multi-Service Blade Controller 1 1 Port ISE Packet Over SONET OC-48c/STM-16 Controller (1 POS) 1 Cisco 12000 Series SPA Interface Processor-601/501/401 3 Ethernet/IEEE 802.3 interface(s) 1 SONET/SDH Port controller(s) 1 Packet over SONET/SDH network interface(s) 4 PLIM QoS controller(s) 8 FastEthernet/IEEE 802.3 interface(s) 1016k bytes of non-volatile configuration memory. 1000496k bytes of disk0: (Sector size 512 bytes). 65536k bytes of Flash internal SIMM (Sector size 256k). Configuration register on node 0/0/CPU0 is 0x2102 Boot device on node 0/0/CPU0 is disk0: !--- output truncated Additional information about Cisco IOS XR software release naming conventions is available in the "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html#t6 Additional information about Cisco IOS XR software time-based release model is available in the "White Paper: Guidelines for Cisco IOS XR Software" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8803/ps5845/product_b… BGP is configured in Cisco IOS XR software with the configuration command router bgp [AS Number] or router bgp [X.Y]. The device is vulnerable if it is running affected Cisco IOS XR version and has BGP configured. The following example shows a Cisco IOS XR software device configured with BGP: RP/0/0/CPU0:GSR#show running-config | begin router bgp Building configuration... router bgp 65535 bgp router-id 192.168.0.1 address-family ipv4 unicast network 192.168.1.1/32 ! address-family vpnv4 unicast ! neighbor 192.168.2.1 remote-as 65534 update-source Loopback0 address-family ipv4 unicast ! !--- output truncated Products Confirmed Not Vulnerable +-------------------------------- The following Cisco products are confirmed not vulnerable: * Cisco IOS Software * Cisco IOS XR Software prior to release 3.4.0 * Cisco IOS XR Software not configured for BGP routing No other Cisco products are currently known to be affected by this vulnerability. Details ======= On August 17th, 2009, a widely-distributed Border Gateway Protocol (BGP) route update contained an BGP Update message with a specific invalid attribute. When the invalid BGP Update message was processed by Cisco IOS XR software, it began resetting BGP peering sessions over which the update was received. When receiving the invalid update the receiving Cisco IOS XR software device will display a log message like the following example: RP/0/RP0/CPU0:Aug 17 13:47:05.896 GMT: bgp[122]: %ROUTING-BGP-5-ADJCHANGE : neighbor 192.168.0.1 Down - BGP Notification sent: invalid or corrupt AS path The peering session will flap until the sender stops sending the invalid/corrupt prefix. This vulnerability is documented in Cisco Bug ID CSCtb42995 ( registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2055. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCtb42995 - Cisco IOS XR Software Border Gateway Protocol Vulnerability +----------------------------------------------------- CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Partial CVSS Temporal Score - 3.9 Exploitability - Functional Remediation Level - Unavailable Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may result in BGP peering sessions continuously being reset. This may lead to routing inconsistencies and a denial of service for those affected networks. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +---------------------------------------+ | Cisco IOS XR Version | SMU ID | |----------------------+----------------| | 3.2.X | Not Vulnerable | |----------------------+----------------| | 3.3.X | Not vulnerable | |----------------------+----------------| | 3.4.0 | Pending | |----------------------+----------------| | 3.4.1 | Pending | |----------------------+----------------| | 3.4.2 | Pending | |----------------------+----------------| | 3.4.3 | Pending | |----------------------+----------------| | 3.5.2 | Pending | |----------------------+----------------| | 3.5.3 | Pending | |----------------------+----------------| | 3.5.4 | Pending | |----------------------+----------------| | 3.6.0 | Pending | |----------------------+----------------| | 3.6.1 | Pending | |----------------------+----------------| | 3.6.2 | Pending | |----------------------+----------------| | 3.6.3 | Pending | |----------------------+----------------| | 3.7.0 | Pending | |----------------------+----------------| | 3.7.1 | Pending | |----------------------+----------------| | 3.7.2 | Pending | |----------------------+----------------| | 3.7.3 | Pending | |----------------------+----------------| | 3.8.0 | Pending | |----------------------+----------------| | 3.8.1 | Pending | +---------------------------------------+ Workarounds =========== There are no workarounds on the affected device itself. Co-ordination is required with the peering neighbor support staff to filter the invalid update on their outbound path. The following procedure explains how to help mitigate this vulnerability: Using the peer IP address in the log message that was generated when the Cisco IOS XR software device received the invalid update; capture the notification message hex dump from the CLI command show bgp neighbor and contact the Cisco TAC whom can assist with a decode. Details on how to contact Cisco TAC are contained within the section "Obtaining Fixed Software" of this advisory. The following example show an example generated log message when receiving the invalid update, and the details to be captured to be sent to the Cisco TAC for decoding: Log message generated when receiving invalid update: RP/0/RP0/CPU0:Aug 17 13:47:05.896 GMT: bgp[122]: %ROUTING-BGP-5-ADJCHANGE : neighbor 192.168.0.1 Down - BGP Notification sent: invalid or corrupt AS path Information to capture for decoding by the Cisco TAC, is the output from show bgp neighbors [ip address of neighbor from above log message]. RP/0/RP0/CPU0:CRS#show bgp neighbors 192.168.0.1 <capture output and provide to Cisco TAC> Working with Cisco TAC, the decode of the above will display the AS path in a manner illustrated below. ATTRIBUTE NAME: AS_PATH AS_PATH: Type 2 is AS_SEQUENCE AS_PATH: Segment Length is 4 (0x04) segments long AS_PATH: 65533 65532 65531 65531 Working cooperatively with your peering partner, request that they filter outbound prefix advertisements from the identified source AS (in this example 65531) for your peering session. The filters configuration methods will vary depending on the routing device operating system used. For Cisco IOS XR the filters will be applied using Routing Policy Language (RPL) policies or with Cisco IOS software via applying route-maps that deny advertisements matching that AS in their AS-PATH. Once these policies are applied, the peering session will be re-established. For further information on Cisco IOS XR RPL consult the document "Implementing Routing Policy on Cisco IOS XR Software" at the following link: http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.0/routing/configuration/… For further information on Cisco IOS route maps with BGP, consult the document "Cisco IOS BGP Configuration Guide, Release 12.4T" at the following link: http://www.cisco.com/en/US/docs/ios/12_2sr/12_2srb/feature/guide/tbgp_c.html Obtaining Fixed Software ======================== Cisco will be releasing free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac(a)cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== On August 17, 2009 around 16:30-17:00 UTC several ISP's began experiencing connectivity issues as BGP sessions were being repeatedly reset. Cisco TAC was engaged with a number of customers all seeing similar issues. Stability came a few hours afterward as workarounds were applied. At this time, it is not believed that the connectivity issues were the result of malicious activity. Status of this Notice: INTERIM ============================== THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce(a)cisco.com * first-bulletins(a)lists.first.org * bugtraq(a)securityfocus.com * vulnwatch(a)vulnwatch.org * cisco(a)spot.colorado.edu * cisco-nsp(a)puck.nether.net * full-disclosure(a)lists.grok.org.uk * comp.dcom.sys.cisco(a)newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-August-18 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.… This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKitOJ86n/Gc8U/uARAlpUAJ95EA/XmiFntl4XuXpKTpqeIt5q8gCfdOPV /OmnNTdlD9lueFh99gS6NDM= =dejJ -----END PGP SIGNATURE-----

1 0