August 2010 - Test - lists.nanog.org

Re: Did your BGP crash today?
by Deepak Jain 29 Aug '10

29 Aug '10

On BB, so top posting. Apologies. It seems that creating a worst case BGP test suite for all kinds of nastiness (in light of the recent RIPE thing) might not be a bad idea - so that we can all test the implementation ourselves before we deploy new code. Like all funky attributes, all funky AS SETs... With knobs for 1 to mem exhaust (for long data sets, etc). Unless BGP is massively more complicated than I remember, its not a very advanced CS grad project. I'm thinking a quagga or perl BGP talker would be a good place to start. Deepak ----- Original Message ----- From: Christopher Morrow <morrowc.lists(a)gmail.com> To: Florian Weimer <fw(a)deneb.enyo.de> Cc: nanog(a)nanog.org <nanog(a)nanog.org> Sent: Sun Aug 29 01:12:00 2010 Subject: Re: Did your BGP crash today? On Sat, Aug 28, 2010 at 6:14 AM, Florian Weimer <fw(a)deneb.enyo.de> wrote: > * Christopher Morrow: > >> (you are asking your vendors to run full bit sweeps of each protocol >> in a regimented manner checking for all possible edge cases and >> properly handling them, right?) > > The real issue is that both spec and current practice say you need to > drop the session as soon as you encounter any unexpected data. That's sorry, I conflated two things... or didn't mean to but did anyway. 1) users of gear that does BGP really need to ask loudly and longly (and then go test for themselves) that their BGP speakers do the 'right thing' when faced with oddball scenarios. If someone sends you a previously unknown attribute... don't corrupt it and pass it on, pass if transitive, drop if not. 2) some thought and writing and code-changes need to go into how the bgp-speakers of the world deal with bad-behaving bgp speakers. Is 'send notify and reset' the right answer? is there one 'right answer' ? Should some classes of fugly exchange end with a 'dropped that update, moved along' and some end with 'pull eject handle!' ? it's doubtful that 2 can get solved here (nanog, though certainly some operational thought on the right thing would be great as guidance). i would hope that 1 can get some traction here (via folks going back to their vendors and asking: "Did you run the Mu-security/Oolu-univ/etc fuzzing test suites against this code? can I see the results? I hope they match the results I'm going to be getting from my folks in ~2wks... or we'll be having a much more structured/loud conversation..." another poster had a great point about 'all the world can screw with you, you have no protections other than trust that the next guy won't screw you over (inadvertently)'. There are no protections available to you if someone sets (example) bit 77 in an ipv4 update message to 1 when it should by all accounts be 0. Or (apparently) if they send a previously unknown attribute on a route :( You can put in max-prefix limits, as-path limits (length and content), prefix-filters.. but internal-message-content you are stuck hoping the vendors all followed the same playbook. With everyone saying together: "Please appropriately test your implementation for all boundary cases" maybe we can get to where these happen less often (or nearly never) - every 3 months is a little tedious. -chris

2 1

Hyperchip (was Re: PacketShader)
by nanogf . 28 Aug '10

28 Aug '10

http://docs.google.com/viewer?url=http://www.hyperchip.com/H40GPresentation… --- oberman(a)es.net wrote: From: "Kevin Oberman" <oberman(a)es.net> To: nanog(a)shankland.org Cc: nanog(a)nanog.org Subject: Re: PacketShader Date: Mon, 23 Aug 2010 11:56:29 -0700 > Date: Mon, 23 Aug 2010 06:27:00 -0700 > From: Jim Shankland <nanog(a)shankland.org> > > Mark Smith wrote: > > On Mon, 23 Aug 2010 05:59:43 -0400 > > Valdis.Kletnieks(a)vt.edu wrote: > > > > I missed that, and that answers the "was it a GigaBytes verses Gigabits > > error" question. Nothing new here by the looks of it - people in this > > thread were getting those sorts of speeds a year ago out of PC hardware > > under Linux - > > > > http://lkml.org/lkml/2009/7/15/234 > > > > "I have achieved a collective throughput of 66.25 Gbit/s." > > > > "We've achieved 70 Gbps aggregate unidirectional TCP performance from > > one P6T6 based system to another." > > Very nice, but doing this with 1514-byte packets is the low-hanging > fruit. (9K packets? That's the fruit that falls off the tree and > into your basket while you're napping :-).) The more interesting limit: > how many 40-byte packets per second can you shovel into this system > and still have all of them come out the other end? Seems reasonable, but in our testing of 100G Ethernet capable routers we found one that handled 8000 bytes just fine, but could only run 9000 byte packets at about 90G. Just a bit unexpected. Really, in this day and age, a chassis throughput of 100G is pretty trivial. When you start getting up to the Tbps range on a system using "standard components", then I'll be really interested. We do have a network of many end systems attached with 10Gbps Ethernet cards. I'm sure that we are not unique, though probably unusual. We are achieving stable disk to disk transfer rates of well over 3G between the US and Australia. I don't think that PacketShader would handle the load too well. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman(a)es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 _____________________________________________________________ Get your own *free* email address like this one from www.OwnEmail.com

1 0

Re: Looking for Fiber Plant Management software
by Frank A. Coluccio 28 Aug '10

28 Aug '10

CableProject USA offers a free trial and a YT demo video. I can't vouch for it, never having witnessed it in operation personally, but it looks interesting. [1]http://www.cableprojectusa.com/ Cable Management Software runs the full gamut, from simplistic to near-ERP in scope, while others (e.g., VPI) also perform autoconfiguration and coordinated, parametric link designs for specific types of hardware (WDM, Switches/Routers, ROADMs, etc.). One can spend anywhere from free to $29.99 to tens of thousands of dollars, so decide carefully what you need, know specifically what you're looking for, and most of all, caveat emptor. --- francois(a)menards.ca wrote: From: Francois Menard <francois(a)menards.ca> To: Jim Devane <jdevane(a)switchnap.com> Cc: Jason Lixfeld <jason(a)lixfeld.ca>, "nanog(a)nanog.org" <nanog(a)nanog.org> Subject: Re: Looking for Fiber Plant Management software Date: Sat, 28 Aug 2010 00:53:04 -0400 We use Fiberworks from Enghouse. Its built atop ArcObjects and all data is stored in an ARCGIS geodatabase, providing good flexibility to get the data brought up on ArcGIS Server (Web) for web-based editing. The good thing about this system is that it can also be used for design of FTTH as well, and makes it possible to produce for-construction as well as as-built drawings (with cut sheets & etc.) http://www.enghouse.com/amd/products/fiberworks.html Our sister company (Xit telecom) which does OSP engineering/consulting/GIS can help implement this system. Regards, -=Francois=- -- Francois D. Menard Director of technology Xittel telecommunications inc. 1350 Royale #800 Trois-Rivieres, QC, G9A 4J4 Canada Tel: +1 819 601-6633 Fax: +1 819 374-0395 fmenard(a)xittel.net On 2010-08-27, at 5:31 PM, Jim Devane wrote: > OSP Insight. Pricey but an excellent tool for OSP documentation. > > > -----Original Message----- > From: khatfield(a)socllc.net [mailto:khatfield@socllc.net] > Sent: Friday, August 27, 2010 2:24 PM > To: Jason Lixfeld; Jeff Saxe > Cc: nanog(a)nanog.org > Subject: Re: Looking for Fiber Plant Management software > > Most of the ones I have seen (2 out of 3) were inhouse/home-grown solutions. > > I believe the other was provided by SA (Scientific Atlanta). I tried to do a quick search on it and it appears that product may now be provided by Cisco in partnership with SA. > > Best of luck > -----Original Message----- > From: Jason Lixfeld <jason(a)lixfeld.ca> > Date: Fri, 27 Aug 2010 12:13:35 > To: Jeff Saxe<JSaxe(a)briworks.com> > Cc: <nanog(a)nanog.org> > Subject: Re: Looking for Fiber Plant Management software > > I've got a client who uses AutoCAD. They use it exclusively and have a pretty big fibre network for someone who's not an ILEC, so I guess it works fairly well. > > On 2010-08-27, at 11:39 AM, Jeff Saxe wrote: > >> Good morning, NANOGers. My colleague at work wonders if anyone has suggestions for software to database all our fiber plant that we're constructing. We started out with paper, then Excel spreadsheets in a folder and on paper in a book, but clearly as our plant grows and we do more splicing this is not going to scale. We have started a MySQL database with a few tables, but wonder if someone has already invented this wheel. >> >> What do the "big boys" use? Homegrown solutions developed in-house and jealously guarded? Something standard? Expensive or cheap? Free open-source? He'd like to see... >> >> outside plan facilities: cables, fibers, splice points, poles; copper and fiber, preferably, but fiber is more important >> "circuit" or "DLR" that knows what elements are involved in a circuit >> GIS integration so that cables can be drawn on a map automagically >> low cost, of course >> >> Thanks in advance, everyone. >> >> -- Jeff Saxe, Network Engineer >> Blue Ridge InternetWorks, Charlottesville, VA >> 434-817-0707 ext. 2024 / JSaxe(a)briworks.com >> >> >> >> > > > References 1. http://www.cableprojectusa.com/

1 0

Looking for Fiber Plant Management software
by Jeff Saxe 28 Aug '10

28 Aug '10

Good morning, NANOGers. My colleague at work wonders if anyone has suggestions for software to database all our fiber plant that we're constructing. We started out with paper, then Excel spreadsheets in a folder and on paper in a book, but clearly as our plant grows and we do more splicing this is not going to scale. We have started a MySQL database with a few tables, but wonder if someone has already invented this wheel. What do the "big boys" use? Homegrown solutions developed in-house and jealously guarded? Something standard? Expensive or cheap? Free open- source? He'd like to see... outside plan facilities: cables, fibers, splice points, poles; copper and fiber, preferably, but fiber is more important "circuit" or "DLR" that knows what elements are involved in a circuit GIS integration so that cables can be drawn on a map automagically low cost, of course Thanks in advance, everyone. -- Jeff Saxe, Network Engineer Blue Ridge InternetWorks, Charlottesville, VA 434-817-0707 ext. 2024 / JSaxe(a)briworks.com

5 4

Idea's for donating/recycling server hardware [Off-Topic]
by Wil Schultz 28 Aug '10

28 Aug '10

I apologize for being somewhat off topic... I've got a fair amount of SPARC hardware (v210 through v490) and 32bit HP DL360-380 hardware that I'm looking for creative ways to dispose of or to donate. It seems like a waste to send it to metal scrap, if anyone has a more creative way of disposal please contact me off list. Local to San Francisco. *disclaimer, contributions cannot go to religious or political organizations per corp policy* Thanks! -wil

7 7

Did your BGP crash today?
by Atticus 28 Aug '10

28 Aug '10

One of the affected platforms. I think it has info on IOS patches for it. I didn't read all of it as I don't have any Cisco products. ---------- Forwarded message ---------- From: Cisco Systems Product Security Incident Response Team <psirt(a)cisco.com > Date: Fri, Aug 27, 2010 at 8:00 PM Subject: Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability To: nanog(a)merit.edu Cc: psirt(a)cisco.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability Advisory ID: cisco-sa-20100827-bgp Revision 1.0 For Public Release 2010 August 27 2200 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session. Affected devices running Cisco IOS XR Software corrupt the unrecognized attribute before sending to neighboring devices, but neighboring devices may be running operating systems other than Cisco IOS XR Software and may still reset the BGP peering session after receiving the corrupted update. This is per standards defining the operation of BGP. Cisco developed a fix that addresses this vulnerability and will be releasing free software maintenance upgrades (SMU) progressively starting 28 August 2010. This advisory will be updated accordingly as fixes become available. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml Affected Products ================= This vulnerability affects all Cisco IOS XR Software devices configured with BGP routing. Vulnerable Products +------------------ To determine the Cisco IOS XR Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS XR Software by displaying text similar to "Cisco IOS XR Software". The software version is displayed after the text "Cisco IOS XR Software". The following example identifies a Cisco CRS-1 that is running Cisco IOS XR Software Release 3.6.2: RP/0/RP0/CPU0:CRS#show version Tue Aug 18 14:25:17.407 AEST Cisco IOS XR Software, Version 3.6.2[00] Copyright (c) 2008 by Cisco Systems, Inc. ROM: System Bootstrap, Version 1.49(20080319:195807) [CRS-1 ROMMON], CRS uptime is 4 weeks, 4 days, 1 minute System image file is "disk0:hfr-os-mbi-3.6.2/mbihfr-rp.vm" cisco CRS-8/S (7457) processor with 4194304K bytes of memory. 7457 processor at 1197Mhz, Revision 1.2 17 Packet over SONET/SDH network interface(s) 1 DWDM controller(s) 17 SONET/SDH Port controller(s) 8 TenGigabitEthernet/IEEE 802.3 interface(s) 2 Ethernet/IEEE 802.3 interface(s) 1019k bytes of non-volatile configuration memory. 38079M bytes of hard disk. 981440k bytes of ATA PCMCIA card at disk 0 (Sector size 512 bytes). Configuration register on node 0/0/CPU0 is 0x102 Boot device on node 0/0/CPU0 is mem: !--- output truncated The following example identifies a Cisco 12404 router that is running Cisco IOS XR Software Release 3.7.1: RP/0/0/CPU0:GSR#show version Cisco IOS XR Software, Version 3.7.1[00] Copyright (c) 2008 by Cisco Systems, Inc. ROM: System Bootstrap, Version 12.0(20051020:160303) SOFTWARE Copyright (c) 1994-2005 by cisco Systems, Inc. GSR uptime is 3 weeks, 6 days, 3 hours, 20 minutes System image file is "disk0:c12k-os-mbi-3.7.1/mbiprp-rp.vm" cisco 12404/PRP (7457) processor with 2097152K bytes of memory. 7457 processor at 1266Mhz, Revision 1.2 1 Cisco 12000 Series Performance Route Processor 1 Cisco 12000 Series - Multi-Service Blade Controller 1 1 Port ISE Packet Over SONET OC-48c/STM-16 Controller (1 POS) 1 Cisco 12000 Series SPA Interface Processor-601/501/401 3 Ethernet/IEEE 802.3 interface(s) 1 SONET/SDH Port controller(s) 1 Packet over SONET/SDH network interface(s) 4 PLIM QoS controller(s) 8 FastEthernet/IEEE 802.3 interface(s) 1016k bytes of non-volatile configuration memory. 1000496k bytes of disk0: (Sector size 512 bytes). 65536k bytes of Flash internal SIMM (Sector size 256k). Configuration register on node 0/0/CPU0 is 0x2102 Boot device on node 0/0/CPU0 is disk0: !--- output truncated Additional information about Cisco IOS XR Software release naming conventions is available in the "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/web/about/security/intelligence/ios-ref.html#9 Additional information about Cisco IOS XR Software time-based release model is available in the "White Paper: Guidelines for Cisco IOS XR Software" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8803/ps5845/product_b… BGP is configured in Cisco IOS XR Software with the configuration command "router bgp [AS Number]" or "router bgp [X.Y]". The device is vulnerable if it is running an affected Cisco IOS XR Software version and has BGP configured. The following example shows a Cisco IOS XR Software device configured with BGP: RP/0/0/CPU0:GSR#show running-config | begin router bgp Building configuration... router bgp 65535 bgp router-id 192.168.0.1 address-family ipv4 unicast network 192.168.1.1/32 ! address-family vpnv4 unicast ! neighbor 192.168.2.1 remote-as 65534 update-source Loopback0 address-family ipv4 unicast ! !--- output truncated Products Confirmed Not Vulnerable +-------------------------------- The following Cisco products are confirmed not vulnerable: * Cisco IOS Software * Cisco IOS XR Software not configured for BGP routing No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= This vulnerability affects Cisco IOS XR devices running affected software versions and configured with the BGP routing feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session. Affected devices running Cisco IOS XR Software corrupt the unrecognized attribute before sending to neighboring devices, but neighboring devices may be running operating systems other than Cisco IOS XR Software and may still reset the BGP peering session after receiving the corrupted update. This is per RFC 4271 that defines the operation of BGP. After an affected device running Cisco IOS XR Software sends a corrupted update, it will receive a notification from the neighboring router and will create a log message like the following example: bgp[122]: %ROUTING-BGP-5-ADJCHANGE : neighbor 172.16.1.251 Down - BGP Notification received: update malformed This vulnerability is documented in Cisco Bug ID CSCti62211 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-3035. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCti62211 - BGP flaps due to unknown attribute CVSS Base Score - 5 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Partial CVSS Temporal Score - 4.8 Exploitability - Functional Remediation Level - Unavailable Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities may result in the continuous resetting of BGP peering sessions. This may lead to routing inconsistencies and a denial of service for those affected networks. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +-------------------------------------------------------------------+ | Cisco IOS XR | SMU ID | SMU | Requires | | Version | | Name | Reload | |---------------+------------------------------+-------+------------| | 3.4.0 | Vulnerable; Migrate to 3.4.3 | | | | | and apply a SMU | | | |---------------+------------------------------+-------+------------| | 3.4.1 | SMU will be available on | | | | | 2010-Sep-9 | | | |---------------+------------------------------+-------+------------| | 3.4.2 | SMU will be available on | | | | | 2010-Sep-9 | | | |---------------+------------------------------+-------+------------| | 3.4.3 | SMU will be available on | | | | | 2010-Sep-5 | | | |---------------+------------------------------+-------+------------| | 3.5.2 | SMU will be available on | | | | | 2010-Sep-5 | | | |---------------+------------------------------+-------+------------| | 3.5.3 | SMU will be available on | | | | | 2010-Sep-9 | | | |---------------+------------------------------+-------+------------| | 3.5.4 | SMU will be available on | | | | | 2010-Sep-5 | | | |---------------+------------------------------+-------+------------| | 3.6.0 | SMU will be available on | | | | | 2010-Sep-9 | | | |---------------+------------------------------+-------+------------| | 3.6.1 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.6.2 | SMU will be available on | | | | | 2010-Aug-30 | | | |---------------+------------------------------+-------+------------| | 3.6.3 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.7.0 | SMU will be available on | | | | | 2010-Sep-9 | | | |---------------+------------------------------+-------+------------| | 3.7.1 | SMU will be available on | | | | | 2010-Sep-1 | | | |---------------+------------------------------+-------+------------| | 3.7.2 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.7.3 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.8.0 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.8.1 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.8.2 | SMU will be available on | | | | | 2010-Aug-30 | | | |---------------+------------------------------+-------+------------| | 3.8.3 | SMU will be available on | | | | | 2010-Sep-1 | | | |---------------+------------------------------+-------+------------| | 3.8.4 | SMU will be available on | | | | | 2010-Aug-28 | | | |---------------+------------------------------+-------+------------| | 3.9.0 | SMU will be available on | | | | | 2010-Sep-1 | | | |---------------+------------------------------+-------+------------| | 3.9.1 | SMU will be available on | | | | | 2010-Aug-28 | | | +-------------------------------------------------------------------+ Workarounds =========== There are no workarounds to proactively mitigate this vulnerability. If a route flap is observed, the prefix with the unrecognized attribute can be filtered. For further information on filtering on Cisco IOS XR Software, please consult the document "Implementing Routing Policy on Cisco IOS XR Software" at the following link: http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.0/routing/configuration/… Obtaining Fixed Software ======================== Cisco is releasing free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at: http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac(a)cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== An advertisement of an unrecognized but valid BGP attribute resulted in resetting of several BGP neighbors on 27 August 2010. This advertisement was not malicious but inadvertently triggered this vulnerability. The Cisco PSIRT is not aware of malicious use of the vulnerability described in this advisory. Status of this Notice: INTERIM ============================== THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce(a)cisco.com * first-bulletins(a)lists.first.org * bugtraq(a)securityfocus.com * vulnwatch(a)vulnwatch.org * cisco(a)spot.colorado.edu * cisco-nsp(a)puck.nether.net * full-disclosure(a)lists.grok.org.uk * comp.dcom.sys.cisco(a)newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2010-August-27 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.… This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFMeEy786n/Gc8U/uARAqyeAJ9HEbSnJ9yCTiKU6HxbWnuEL1wicQCfRKdZ kv4pt8GHYDABNcIjbvGHYso= =mbwY -----END PGP SIGNATURE----- -- Byron Grobe

1 0

Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability
by Cisco Systems Product Security Incident Response Team 28 Aug '10

28 Aug '10

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability Advisory ID: cisco-sa-20100827-bgp Revision 1.0 For Public Release 2010 August 27 2200 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session. Affected devices running Cisco IOS XR Software corrupt the unrecognized attribute before sending to neighboring devices, but neighboring devices may be running operating systems other than Cisco IOS XR Software and may still reset the BGP peering session after receiving the corrupted update. This is per standards defining the operation of BGP. Cisco developed a fix that addresses this vulnerability and will be releasing free software maintenance upgrades (SMU) progressively starting 28 August 2010. This advisory will be updated accordingly as fixes become available. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml Affected Products ================= This vulnerability affects all Cisco IOS XR Software devices configured with BGP routing. Vulnerable Products +------------------ To determine the Cisco IOS XR Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS XR Software by displaying text similar to "Cisco IOS XR Software". The software version is displayed after the text "Cisco IOS XR Software". The following example identifies a Cisco CRS-1 that is running Cisco IOS XR Software Release 3.6.2: RP/0/RP0/CPU0:CRS#show version Tue Aug 18 14:25:17.407 AEST Cisco IOS XR Software, Version 3.6.2[00] Copyright (c) 2008 by Cisco Systems, Inc. ROM: System Bootstrap, Version 1.49(20080319:195807) [CRS-1 ROMMON], CRS uptime is 4 weeks, 4 days, 1 minute System image file is "disk0:hfr-os-mbi-3.6.2/mbihfr-rp.vm" cisco CRS-8/S (7457) processor with 4194304K bytes of memory. 7457 processor at 1197Mhz, Revision 1.2 17 Packet over SONET/SDH network interface(s) 1 DWDM controller(s) 17 SONET/SDH Port controller(s) 8 TenGigabitEthernet/IEEE 802.3 interface(s) 2 Ethernet/IEEE 802.3 interface(s) 1019k bytes of non-volatile configuration memory. 38079M bytes of hard disk. 981440k bytes of ATA PCMCIA card at disk 0 (Sector size 512 bytes). Configuration register on node 0/0/CPU0 is 0x102 Boot device on node 0/0/CPU0 is mem: !--- output truncated The following example identifies a Cisco 12404 router that is running Cisco IOS XR Software Release 3.7.1: RP/0/0/CPU0:GSR#show version Cisco IOS XR Software, Version 3.7.1[00] Copyright (c) 2008 by Cisco Systems, Inc. ROM: System Bootstrap, Version 12.0(20051020:160303) SOFTWARE Copyright (c) 1994-2005 by cisco Systems, Inc. GSR uptime is 3 weeks, 6 days, 3 hours, 20 minutes System image file is "disk0:c12k-os-mbi-3.7.1/mbiprp-rp.vm" cisco 12404/PRP (7457) processor with 2097152K bytes of memory. 7457 processor at 1266Mhz, Revision 1.2 1 Cisco 12000 Series Performance Route Processor 1 Cisco 12000 Series - Multi-Service Blade Controller 1 1 Port ISE Packet Over SONET OC-48c/STM-16 Controller (1 POS) 1 Cisco 12000 Series SPA Interface Processor-601/501/401 3 Ethernet/IEEE 802.3 interface(s) 1 SONET/SDH Port controller(s) 1 Packet over SONET/SDH network interface(s) 4 PLIM QoS controller(s) 8 FastEthernet/IEEE 802.3 interface(s) 1016k bytes of non-volatile configuration memory. 1000496k bytes of disk0: (Sector size 512 bytes). 65536k bytes of Flash internal SIMM (Sector size 256k). Configuration register on node 0/0/CPU0 is 0x2102 Boot device on node 0/0/CPU0 is disk0: !--- output truncated Additional information about Cisco IOS XR Software release naming conventions is available in the "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/web/about/security/intelligence/ios-ref.html#9 Additional information about Cisco IOS XR Software time-based release model is available in the "White Paper: Guidelines for Cisco IOS XR Software" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8803/ps5845/product_b… BGP is configured in Cisco IOS XR Software with the configuration command "router bgp [AS Number]" or "router bgp [X.Y]". The device is vulnerable if it is running an affected Cisco IOS XR Software version and has BGP configured. The following example shows a Cisco IOS XR Software device configured with BGP: RP/0/0/CPU0:GSR#show running-config | begin router bgp Building configuration... router bgp 65535 bgp router-id 192.168.0.1 address-family ipv4 unicast network 192.168.1.1/32 ! address-family vpnv4 unicast ! neighbor 192.168.2.1 remote-as 65534 update-source Loopback0 address-family ipv4 unicast ! !--- output truncated Products Confirmed Not Vulnerable +-------------------------------- The following Cisco products are confirmed not vulnerable: * Cisco IOS Software * Cisco IOS XR Software not configured for BGP routing No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= This vulnerability affects Cisco IOS XR devices running affected software versions and configured with the BGP routing feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session. Affected devices running Cisco IOS XR Software corrupt the unrecognized attribute before sending to neighboring devices, but neighboring devices may be running operating systems other than Cisco IOS XR Software and may still reset the BGP peering session after receiving the corrupted update. This is per RFC 4271 that defines the operation of BGP. After an affected device running Cisco IOS XR Software sends a corrupted update, it will receive a notification from the neighboring router and will create a log message like the following example: bgp[122]: %ROUTING-BGP-5-ADJCHANGE : neighbor 172.16.1.251 Down - BGP Notification received: update malformed This vulnerability is documented in Cisco Bug ID CSCti62211 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-3035. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCti62211 - BGP flaps due to unknown attribute CVSS Base Score - 5 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Partial CVSS Temporal Score - 4.8 Exploitability - Functional Remediation Level - Unavailable Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities may result in the continuous resetting of BGP peering sessions. This may lead to routing inconsistencies and a denial of service for those affected networks. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +-------------------------------------------------------------------+ | Cisco IOS XR | SMU ID | SMU | Requires | | Version | | Name | Reload | |---------------+------------------------------+-------+------------| | 3.4.0 | Vulnerable; Migrate to 3.4.3 | | | | | and apply a SMU | | | |---------------+------------------------------+-------+------------| | 3.4.1 | SMU will be available on | | | | | 2010-Sep-9 | | | |---------------+------------------------------+-------+------------| | 3.4.2 | SMU will be available on | | | | | 2010-Sep-9 | | | |---------------+------------------------------+-------+------------| | 3.4.3 | SMU will be available on | | | | | 2010-Sep-5 | | | |---------------+------------------------------+-------+------------| | 3.5.2 | SMU will be available on | | | | | 2010-Sep-5 | | | |---------------+------------------------------+-------+------------| | 3.5.3 | SMU will be available on | | | | | 2010-Sep-9 | | | |---------------+------------------------------+-------+------------| | 3.5.4 | SMU will be available on | | | | | 2010-Sep-5 | | | |---------------+------------------------------+-------+------------| | 3.6.0 | SMU will be available on | | | | | 2010-Sep-9 | | | |---------------+------------------------------+-------+------------| | 3.6.1 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.6.2 | SMU will be available on | | | | | 2010-Aug-30 | | | |---------------+------------------------------+-------+------------| | 3.6.3 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.7.0 | SMU will be available on | | | | | 2010-Sep-9 | | | |---------------+------------------------------+-------+------------| | 3.7.1 | SMU will be available on | | | | | 2010-Sep-1 | | | |---------------+------------------------------+-------+------------| | 3.7.2 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.7.3 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.8.0 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.8.1 | SMU will be available on | | | | | 2010-Sep-3 | | | |---------------+------------------------------+-------+------------| | 3.8.2 | SMU will be available on | | | | | 2010-Aug-30 | | | |---------------+------------------------------+-------+------------| | 3.8.3 | SMU will be available on | | | | | 2010-Sep-1 | | | |---------------+------------------------------+-------+------------| | 3.8.4 | SMU will be available on | | | | | 2010-Aug-28 | | | |---------------+------------------------------+-------+------------| | 3.9.0 | SMU will be available on | | | | | 2010-Sep-1 | | | |---------------+------------------------------+-------+------------| | 3.9.1 | SMU will be available on | | | | | 2010-Aug-28 | | | +-------------------------------------------------------------------+ Workarounds =========== There are no workarounds to proactively mitigate this vulnerability. If a route flap is observed, the prefix with the unrecognized attribute can be filtered. For further information on filtering on Cisco IOS XR Software, please consult the document "Implementing Routing Policy on Cisco IOS XR Software" at the following link: http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.0/routing/configuration/… Obtaining Fixed Software ======================== Cisco is releasing free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at: http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac(a)cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== An advertisement of an unrecognized but valid BGP attribute resulted in resetting of several BGP neighbors on 27 August 2010. This advertisement was not malicious but inadvertently triggered this vulnerability. The Cisco PSIRT is not aware of malicious use of the vulnerability described in this advisory. Status of this Notice: INTERIM ============================== THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce(a)cisco.com * first-bulletins(a)lists.first.org * bugtraq(a)securityfocus.com * vulnwatch(a)vulnwatch.org * cisco(a)spot.colorado.edu * cisco-nsp(a)puck.nether.net * full-disclosure(a)lists.grok.org.uk * comp.dcom.sys.cisco(a)newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2010-August-27 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.… This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFMeEy786n/Gc8U/uARAqyeAJ9HEbSnJ9yCTiKU6HxbWnuEL1wicQCfRKdZ kv4pt8GHYDABNcIjbvGHYso= =mbwY -----END PGP SIGNATURE-----

1 0

BGP Update Report
by cidr-report＠potaroo.net 27 Aug '10

27 Aug '10

BGP Update Report Interval: 19-Aug-10 -to- 26-Aug-10 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASN Upds % Upds/Pfx AS-Name 1 - AS5416 63690 4.3% 513.6 -- BATELCO-BH 2 - AS3464 25712 1.7% 1836.6 -- ASC-NET - Alabama Supercomputer Network 3 - AS32528 18622 1.3% 4655.5 -- ABBOTT Abbot Labs 4 - AS28573 17201 1.2% 16.8 -- NET Servicos de Comunicao S.A. 5 - AS35931 14837 1.0% 2472.8 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 6 - AS5536 14735 1.0% 136.4 -- Internet-Egypt 7 - AS16814 14708 1.0% 21.6 -- NSS S.A. 8 - AS9829 12047 0.8% 51.7 -- BSNL-NIB National Internet Backbone 9 - AS7552 11561 0.8% 13.3 -- VIETEL-AS-AP Vietel Corporation 10 - AS11351 11536 0.8% 36.0 -- RR-NYSREGION-ASN-01 - Road Runner HoldCo LLC 11 - AS13880 11319 0.8% 1617.0 -- ACI-AS - american century investments 12 - AS5800 11102 0.8% 59.1 -- DNIC-ASBLK-05800-06055 - DoD Network Information Center 13 - AS8151 10794 0.7% 15.2 -- Uninet S.A. de C.V. 14 - AS35567 10169 0.7% 95.9 -- DASTO-BOSNIA-AS DASTO semtel d.o.o. 15 - AS10474 9991 0.7% 525.8 -- NETACTIVE 16 - AS14420 9788 0.7% 17.7 -- CORPORACION NACIONAL DE TELECOMUNICACIONES - CNT EP 17 - AS45464 8824 0.6% 245.1 -- NEXTWEB-AS-AP Room 201, TGU Bldg 18 - AS21017 7692 0.5% 769.2 -- VSI-AS VSI AS 19 - AS34984 7533 0.5% 26.3 -- TELLCOM-AS Tellcom Iletisim Hizmetleri 20 - AS3816 7497 0.5% 28.4 -- COLOMBIA TELECOMUNICACIONES S.A. ESP TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASN Upds % Upds/Pfx AS-Name 1 - AS32528 18622 1.3% 4655.5 -- ABBOTT Abbot Labs 2 - AS35931 14837 1.0% 2472.8 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 3 - AS3464 25712 1.7% 1836.6 -- ASC-NET - Alabama Supercomputer Network 4 - AS13880 11319 0.8% 1617.0 -- ACI-AS - american century investments 5 - AS53532 1270 0.1% 1270.0 -- KINGMETALS - King Architectural Metals 6 - AS48565 926 0.1% 926.0 -- POCZTAPOLSKA-AS Poczta Polska Spolka Akcyjna 7 - AS27027 882 0.1% 882.0 -- ANBELL ASN-ANBELL 8 - AS21017 7692 0.5% 769.2 -- VSI-AS VSI AS 9 - AS11613 710 0.1% 710.0 -- U-SAVE - U-Save Auto Rental of America, Inc. 10 - AS45542 1401 0.1% 700.5 -- VNU-AS-VN VietNam National University Ha Noi 11 - AS50010 1980 0.1% 660.0 -- NAWRAS-AS Omani Qatari Telecommunications Company SAOC 12 - AS10474 9991 0.7% 525.8 -- NETACTIVE 13 - AS5416 63690 4.3% 513.6 -- BATELCO-BH 14 - AS16861 460 0.0% 460.0 -- REVELEX - Revelex.com 15 - AS16718 4511 0.3% 451.1 -- EMBARQ-HMBL - Embarq Corporation 16 - AS15984 439 0.0% 439.0 -- The Joint-Stock Commercial Bank CentroCredit. 17 - AS49493 423 0.0% 423.0 -- SVT-AS SVT-Proveedor de Servicios de Internet 18 - AS20817 423 0.0% 423.0 -- DELTANET-AS Deltanet Autonomous System 19 - AS22580 370 0.0% 370.0 -- GUARD - GUARD INSURANCE GROUP 20 - AS43055 1793 0.1% 358.6 -- KATRINA-AS CJSC Katrina TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 129.66.128.0/17 12834 0.8% AS3464 -- ASC-NET - Alabama Supercomputer Network 2 - 129.66.0.0/17 12825 0.8% AS3464 -- ASC-NET - Alabama Supercomputer Network 3 - 196.2.16.0/24 9859 0.6% AS10474 -- NETACTIVE 4 - 130.36.34.0/24 9262 0.6% AS32528 -- ABBOTT Abbot Labs 5 - 130.36.35.0/24 9262 0.6% AS32528 -- ABBOTT Abbot Labs 6 - 63.211.68.0/22 8599 0.6% AS35931 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 7 - 148.204.141.0/24 6213 0.4% AS8151 -- Uninet S.A. de C.V. 8 - 198.140.43.0/24 6188 0.4% AS35931 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 9 - 190.65.228.0/22 5779 0.4% AS3816 -- COLOMBIA TELECOMUNICACIONES S.A. ESP 10 - 216.126.136.0/22 4947 0.3% AS6316 -- AS-PAETEC-NET - PaeTec Communications, Inc. 11 - 84.255.152.0/24 4090 0.3% AS5416 -- BATELCO-BH 12 - 84.255.146.0/24 4082 0.3% AS5416 -- BATELCO-BH 13 - 84.255.145.0/24 4082 0.3% AS5416 -- BATELCO-BH 14 - 84.255.147.0/24 4082 0.3% AS5416 -- BATELCO-BH 15 - 95.32.128.0/18 3851 0.2% AS21017 -- VSI-AS VSI AS 16 - 95.32.192.0/18 3659 0.2% AS21017 -- VSI-AS VSI AS 17 - 206.184.16.0/24 3066 0.2% AS174 -- COGENT Cogent/PSI 18 - 77.69.143.0/24 2932 0.2% AS5416 -- BATELCO-BH 19 - 77.69.190.0/24 2932 0.2% AS5416 -- BATELCO-BH 20 - 77.69.142.0/24 2932 0.2% AS5416 -- BATELCO-BH Details at http://bgpupdates.potaroo.net ------------------------------------ Copies of this report are mailed to: nanog(a)merit.edu eof-list(a)ripe.net apops(a)apops.net routing-wg(a)ripe.net afnog(a)afnog.org

1 0

The Cidr Report
by cidr-report＠potaroo.net 27 Aug '10

27 Aug '10

This report has been generated at Fri Aug 27 21:12:04 2010 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date Prefixes CIDR Agg 20-08-10 333340 205848 21-08-10 332999 206105 22-08-10 333406 206219 23-08-10 333522 206203 24-08-10 333578 206571 25-08-10 333874 206667 26-08-10 333708 206713 27-08-10 333965 206728 AS Summary 35248 Number of ASes in routing system 14995 Number of ASes announcing only one prefix 4451 Largest number of prefixes announced by an AS AS4323 : TWTC - tw telecom holdings, inc. 97263040 Largest address span announced by an AS (/32s) AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 27Aug10 --- ASnum NetsNow NetsAggr NetGain % Gain Description Table 334389 206722 127667 38.2% All ASes AS6389 3843 282 3561 92.7% BELLSOUTH-NET-BLK - BellSouth.net Inc. AS4323 4451 1872 2579 57.9% TWTC - tw telecom holdings, inc. AS19262 1802 276 1526 84.7% VZGNI-TRANSIT - Verizon Online LLC AS4766 1866 512 1354 72.6% KIXS-AS-KR Korea Telecom AS22773 1180 66 1114 94.4% ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. AS4755 1482 431 1051 70.9% TATACOMM-AS TATA Communications formerly VSNL is Leading ISP AS5668 1131 89 1042 92.1% AS-5668 - CenturyTel Internet Holdings, Inc. AS17488 1342 302 1040 77.5% HATHWAY-NET-AP Hathway IP Over Cable Internet AS18566 1087 63 1024 94.2% COVAD - Covad Communications Co. AS6478 1308 372 936 71.6% ATT-INTERNET3 - AT&T WorldNet Services AS8151 1526 635 891 58.4% Uninet S.A. de C.V. AS1785 1791 960 831 46.4% AS-PAETEC-NET - PaeTec Communications, Inc. AS10620 1102 290 812 73.7% Telmex Colombia S.A. AS8452 1147 425 722 62.9% TEDATA TEDATA AS7545 1407 721 686 48.8% TPG-INTERNET-AP TPG Internet Pty Ltd AS7303 791 115 676 85.5% Telecom Argentina S.A. AS4808 917 290 627 68.4% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network AS13343 977 357 620 63.5% SCRR-13343 - Road Runner HoldCo LLC AS4804 678 73 605 89.2% MPX-AS Microplex PTY LTD AS7552 654 114 540 82.6% VIETEL-AS-AP Vietel Corporation AS17676 605 77 528 87.3% GIGAINFRA Softbank BB Corp. AS4780 685 161 524 76.5% SEEDNET Digital United Inc. AS7018 1470 953 517 35.2% ATT-INTERNET4 - AT&T WorldNet Services AS7011 1136 659 477 42.0% FRONTIER-AND-CITIZENS - Frontier Communications of America, Inc. AS24560 1002 525 477 47.6% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services AS14420 553 78 475 85.9% CORPORACION NACIONAL DE TELECOMUNICACIONES - CNT EP AS22047 551 78 473 85.8% VTR BANDA ANCHA S.A. AS3356 1145 675 470 41.0% LEVEL3 Level 3 Communications AS28573 1025 566 459 44.8% NET Servicos de Comunicao S.A. AS36992 661 211 450 68.1% ETISALAT-MISR Total 39315 12228 27087 68.9% Top 30 total Possible Bogus Routes 31.0.0.0/16 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 31.1.0.0/21 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 31.1.24.0/24 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 41.222.79.0/24 AS36938 AMSCOTELECOMS Amsco Telecommunications Nigeria Limited 41.223.92.0/22 AS36936 CELTEL-GABON Celtel Gabon Internet Service 41.223.189.0/24 AS6453 GLOBEINTERNET TATA Communications 41.223.196.0/24 AS36990 41.223.197.0/24 AS36990 41.223.198.0/24 AS36990 41.223.199.0/24 AS36990 46.44.128.0/18 AS28685 ASN-ROUTIT Routit BV EDE The Netherlands 49.0.0.0/8 AS38639 HANABI NTT Communications Corporation 62.61.220.0/24 AS24974 TACHYON-EU Tachyon Europe BV 62.61.221.0/24 AS24974 TACHYON-EU Tachyon Europe BV 64.20.80.0/20 AS40028 SPD-NETWORK-1 - SPD NETWORK 64.21.192.0/20 AS11610 INETNEBR-1 - Internet Nebraska Corporation 64.21.212.0/22 AS11610 INETNEBR-1 - Internet Nebraska Corporation 64.21.216.0/21 AS11610 INETNEBR-1 - Internet Nebraska Corporation 64.82.128.0/19 AS16617 COMMUNITYISP - CISP 64.82.160.0/19 AS16617 COMMUNITYISP - CISP 66.180.239.0/24 AS35888 VIGNETTE - VIGNETTE CORPORATION 66.206.32.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.33.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.34.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.35.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.47.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 66.207.32.0/20 AS23011 66.230.240.0/20 AS27286 66.245.176.0/20 AS19318 NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC 69.6.80.0/24 AS13442 69.6.81.0/24 AS13442 71.19.134.0/23 AS3313 INET-AS I.NET S.p.A. 71.19.160.0/23 AS4648 NZIX-2 Netgate 72.22.32.0/19 AS33150 72.22.61.0/24 AS33150 72.22.62.0/24 AS33150 76.77.32.0/19 AS2828 XO-AS15 - XO Communications 80.88.10.0/24 AS33774 DJAWEB 80.88.12.0/24 AS33779 wataniya-telecom-as 101.0.0.0/8 AS38639 HANABI NTT Communications Corporation 110.34.44.0/22 AS12653 COMTONET KB Impuls Hellas 110.173.64.0/19 AS37963 CNNIC-ALIBABA-CN-NET-AP Alibaba (China) Technology Co., Ltd. 116.68.136.0/21 AS28045 Pantel Communications 117.120.56.0/21 AS4755 TATACOMM-AS TATA Communications formerly VSNL is Leading ISP 121.46.0.0/16 AS4134 CHINANET-BACKBONE No.31,Jin-rong Street 121.50.168.0/21 AS9931 CAT-AP The Communication Authoity of Thailand, CAT 158.222.70.0/23 AS6137 SISNA - SISNA, Inc. 158.222.72.0/23 AS6137 SISNA - SISNA, Inc. 158.222.224.0/20 AS19864 O1COMM - O1 COMMUNICATIONS 158.222.224.0/22 AS19864 O1COMM - O1 COMMUNICATIONS 158.222.229.0/24 AS19864 O1COMM - O1 COMMUNICATIONS 176.0.0.0/16 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 176.1.0.0/21 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 176.1.24.0/24 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 177.0.0.0/16 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 177.1.0.0/21 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 177.1.8.0/24 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 181.0.0.0/16 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 181.1.0.0/21 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 181.1.8.0/24 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 190.102.32.0/20 AS30058 ACTIVO-SYSTEMS-AS30058 ACTIVO-SYSTEMS-AS30058 190.104.32.0/21 AS27882 Telefónica Celular de Bolivia S.A. 192.9.0.0/16 AS11479 BRM-SUN-AS - Sun Microsystems, Inc 192.64.85.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.69.108.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.101.46.0/24 AS6503 Axtel, S.A.B. de C. V. 192.101.64.0/21 AS702 AS702 Verizon Business EMEA - Commercial IP service provider in Europe 192.101.70.0/24 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 192.101.71.0/24 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 192.101.72.0/24 AS702 AS702 Verizon Business EMEA - Commercial IP service provider in Europe 192.101.74.0/24 AS1239 SPRINTLINK - Sprint 192.124.252.0/22 AS680 DFN-IP service X-WiN 192.131.233.0/24 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 192.154.32.0/19 AS81 NCREN - MCNC 192.154.64.0/19 AS81 NCREN - MCNC 192.188.208.0/20 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 196.2.224.0/22 AS24863 LINKdotNET-AS 196.6.108.0/24 AS5713 SAIX-NET 196.13.201.0/24 AS2018 TENET-1 196.13.202.0/24 AS2018 TENET-1 196.13.203.0/24 AS2018 TENET-1 196.13.204.0/24 AS2018 TENET-1 196.110.105.0/24 AS8513 SKYVISION SkyVision Network Services 196.201.248.0/24 AS30991 SAHANNET Sahannet AS Network 196.201.249.0/24 AS30991 SAHANNET Sahannet AS Network 196.201.250.0/24 AS30991 SAHANNET Sahannet AS Network 196.201.251.0/24 AS30991 SAHANNET Sahannet AS Network 196.201.253.0/24 AS30991 SAHANNET Sahannet AS Network 196.201.255.0/24 AS30991 SAHANNET Sahannet AS Network 196.202.224.0/21 AS8818 TELE Greenland Autonomous System 198.1.2.0/24 AS4761 INDOSAT-INP-AP INDOSAT Internet Network Provider 198.23.26.0/24 AS4390 BELLATLANTIC-COM - Bell Atlantic, Inc. 198.51.100.0/24 AS16953 ASCENT-MEDIA-GROUP-LLC - Ascent Media Group, LLC 198.73.210.0/24 AS21570 ACI-1 - Accelerated Connections Inc. 198.74.38.0/24 AS16966 SBCIDC-LSAN03 - AT&T Internet Services 198.74.39.0/24 AS16966 SBCIDC-LSAN03 - AT&T Internet Services 198.74.40.0/24 AS16966 SBCIDC-LSAN03 - AT&T Internet Services 198.97.72.0/21 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 198.97.96.0/19 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 198.97.240.0/20 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 198.99.241.0/24 AS11797 AC-NIELSEN-AS AC NIELSEN 198.135.236.0/24 AS4358 XNET - XNet Information Systems, Inc. 198.161.87.0/24 AS6539 GT-BELL - Bell Canada 198.163.214.0/24 AS21804 ACCESS-SK - Access Communications Co-operative Limited 198.167.0.0/16 AS7456 INTERHOP - Interhop Network SERVICES Inc. 198.168.0.0/16 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 198.169.0.0/16 AS803 SASKTEL - Saskatchewan Telecommunications 198.180.198.0/24 AS23715 SEOUL-INTGW-GXS-AP Global Exchange Services 198.182.235.0/24 AS3356 LEVEL3 Level 3 Communications 199.10.0.0/16 AS721 DNIC-ASBLK-00721-00726 - DoD Network Information Center 199.16.32.0/19 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 199.121.0.0/16 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.123.16.0/20 AS27064 DNIC-ASBLK-27032-27159 - DoD Network Information Center 199.185.130.0/23 AS19662 UNISERVE-ONLINE - Uniserve On Line 199.202.0.0/16 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 199.202.216.0/21 AS577 BACOM - Bell Canada 199.233.92.0/24 AS26896 D102-ITC - Data 102, LLC 199.246.116.0/24 AS813 UUNET-CANADA - MCI Communications Services, Inc. d/b/a Verizon Business 200.24.73.0/24 AS26061 Equant Colombia 200.24.78.0/26 AS3549 GBLX Global Crossing Ltd. 200.24.78.64/26 AS3549 GBLX Global Crossing Ltd. 202.9.55.0/24 AS2764 AAPT AAPT Limited 202.9.57.0/24 AS2764 AAPT AAPT Limited 202.38.63.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 202.58.113.0/24 AS19161 202.61.75.0/24 AS9927 PHILCOMNET-PH A Multihomed ISP Company 202.66.128.0/18 AS9584 GENESIS-AP Diyixian.com Limited 202.66.160.0/19 AS9584 GENESIS-AP Diyixian.com Limited 202.66.160.0/20 AS9584 GENESIS-AP Diyixian.com Limited 202.66.176.0/20 AS9584 GENESIS-AP Diyixian.com Limited 202.66.184.0/24 AS9584 GENESIS-AP Diyixian.com Limited 202.66.186.0/24 AS9584 GENESIS-AP Diyixian.com Limited 202.66.188.0/24 AS9584 GENESIS-AP Diyixian.com Limited 202.66.189.0/24 AS9584 GENESIS-AP Diyixian.com Limited 202.66.190.0/24 AS9584 GENESIS-AP Diyixian.com Limited 202.73.144.0/20 AS4788 TMNET-AS-AP TM Net, Internet Service Provider 202.80.192.0/20 AS2706 PI-HK Pacnet Internet (Hong Kong) Limited 202.86.252.0/22 AS4748 RESOLINK-AS-AP Resources Link Network Limited 202.86.252.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.253.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.254.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.255.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.94.1.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.133.37.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 202.133.70.0/24 AS38616 WORLDCALL-AS-KHI Worldcall Telecom Limited 202.133.73.0/24 AS38616 WORLDCALL-AS-KHI Worldcall Telecom Limited 202.136.254.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.136.255.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.150.227.0/24 AS17727 NAPINFO-AS-AP PT. NAP Info Lintas Nusa 202.174.70.0/24 AS21175 WIS WIS S.A. : WIND International Services 202.174.125.0/24 AS9498 BBIL-AP BHARTI Airtel Ltd. 202.176.1.0/24 AS9942 COMINDICO-AP SOUL Converged Communications Australia 202.179.130.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 202.179.131.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 202.179.133.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 202.179.134.0/24 AS23966 LDN-AS-PK LINKdotNET Telecom Limited 202.179.144.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 202.179.149.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 202.179.150.0/24 AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited 202.181.32.0/24 AS4645 ASN-HKNET-AP HKNet Co. Ltd 203.12.45.0/24 AS4854 NETSPACE-AS-AP Netspace Online Systems 203.62.0.0/17 AS7575 AARNET-AS-AP Australian Academic and Reasearch Network (AARNet) 203.78.48.0/20 AS9299 IPG-AS-AP Philippine Long Distance Telephone Company 203.80.136.0/21 AS4759 EVOSERVE-AS-AP EvoServe is a content and online access Internet provider company 203.112.111.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.113.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.114.0/24 AS4802 ASN-IINET iiNet Limited 203.112.116.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.117.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.118.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.119.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.120.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.121.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.127.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.128.128.0/24 AS23849 CNNIC-NET263-AP Beijing Capital-online science development Co.,Ltd. 203.142.219.0/24 AS45149 204.9.216.0/23 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 204.10.232.0/21 AS33150 204.19.14.0/23 AS577 BACOM - Bell Canada 204.28.104.0/21 AS25973 MZIMA - Mzima Networks, Inc. 204.197.0.0/16 AS3356 LEVEL3 Level 3 Communications 204.209.114.0/24 AS13768 PEER1 - Peer 1 Network Inc. 204.238.70.0/24 AS36826 205.150.0.0/15 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 205.189.134.0/24 AS11814 DISTRIBUTEL-AS11814 - DISTRIBUTEL COMMUNICATIONS LTD. 205.196.24.0/22 AS33724 BIZNESSHOSTING - VOLICO 205.210.145.0/24 AS11814 DISTRIBUTEL-AS11814 - DISTRIBUTEL COMMUNICATIONS LTD. 206.72.192.0/23 AS27375 IDS-TELECOM - IDS Telecom 206.72.194.0/23 AS27375 IDS-TELECOM - IDS Telecom 206.72.196.0/23 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 206.72.208.0/24 AS16526 BIRCH-TELECOM - Birch Telecom, Inc. 206.72.209.0/24 AS16526 BIRCH-TELECOM - Birch Telecom, Inc. 206.123.129.0/24 AS10790 INREACH-AS - InReach Internet 206.180.240.0/20 AS12083 KNOLOGY-NET - Knology Holdings 206.197.184.0/24 AS23304 DATOTEL-STL-AS - Datotel LLC, a NetLabs LLC Company 207.174.131.0/24 AS26116 INDRA - Indra's Net Inc. 207.174.132.0/23 AS26116 INDRA - Indra's Net Inc. 207.174.152.0/23 AS26116 INDRA - Indra's Net Inc. 207.174.154.0/24 AS26116 INDRA - Indra's Net Inc. 207.174.155.0/24 AS26116 INDRA - Indra's Net Inc. 207.174.188.0/24 AS26116 INDRA - Indra's Net Inc. 207.174.189.0/24 AS26116 INDRA - Indra's Net Inc. 207.174.190.0/24 AS26116 INDRA - Indra's Net Inc. 207.174.191.0/24 AS26116 INDRA - Indra's Net Inc. 207.174.200.0/24 AS22658 EARTHNET - Earthnet, Inc. 207.174.248.0/21 AS6653 PRIVATEI - privateI, LLC 207.231.96.0/19 AS11194 NUNETPA - NuNet Inc. 208.73.4.0/22 AS27630 PREMIER - Premier Innovations, LLC 208.78.164.0/24 AS16565 208.78.165.0/24 AS16565 208.78.167.0/24 AS16565 208.84.76.0/22 AS18561 208.92.196.0/22 AS10929 NETELLIGENT - Netelligent Hosting Services Inc. 208.92.199.0/24 AS26198 3MENATWORK - 3Men@Work Integrated Networks, Inc. 209.54.123.0/24 AS6062 NETPLEX - NETPLEX 209.105.224.0/19 AS20074 209.165.239.0/24 AS209 ASN-QWEST - Qwest Communications Company, LLC 209.213.0.0/20 AS33005 ELTOPIA - Eltopia.com, LLC 209.213.1.0/24 AS7849 CROCKERCOM - CROCKER COMMUNICATIONS 209.213.4.0/24 AS7849 CROCKERCOM - CROCKER COMMUNICATIONS 210.5.128.0/20 AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone 210.56.150.0/23 AS38138 INTECH-TRANSIT-BD InTech Online Limited, INTERNET SERVICE LIMITED 210.247.224.0/19 AS7496 WEBCENTRAL-AS WebCentral 216.21.196.0/24 AS12251 INVISION - Invision.com, Inc. 216.21.201.0/24 AS12251 INVISION - Invision.com, Inc. 216.21.202.0/24 AS12251 INVISION - Invision.com, Inc. 216.21.206.0/23 AS12251 INVISION - Invision.com, Inc. 216.58.192.0/24 AS22702 X5SOLUTIONS - X5 Solutions, Inc. 216.58.197.0/24 AS22702 X5SOLUTIONS - X5 Solutions, Inc. 216.58.200.0/24 AS18530 ISOMEDIA-1 - Isomedia Inc. 216.172.198.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 216.172.199.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 216.250.112.0/20 AS7296 ALCHEMYNET - Alchemy Communications, Inc. 216.250.116.0/24 AS36066 UNI-MARKETING-ALLIANCE - Webhost4life.com Please see http://www.cidr-report.org for the full report ------------------------------------ Copies of this report are mailed to: nanog(a)merit.edu eof-list(a)ripe.net apops(a)apops.net routing-wg(a)ripe.net afnog(a)afnog.org

1 0

Re: sort by agony
by Johnny Eriksson 27 Aug '10

27 Aug '10

Marshall Eubanks <tme(a)americafree.tv> wrote: > A _really_ intelligent airline scheduling system would (IMHO) be > able to offer you options like > > "there is a direct flight Pittsburgh -> Kansas City, and from there it > is a 2 hour drive to Columbia, so that will save you 5 hours travel time" That's not an airline scheduling system. That's a travel scheduling system. Different beast. > Regards > Marshall --Johnny

1 0