Hmm.. because it's a Sprint CIDR block? I don't see what's wrong with Sprint announcing an aggregate of its own CIDR block.
Perhaps I'm failing to parse your message.
Sprintlink had assigned us 206.107.208.0/20. We have been trying to figure out why that netblock was having some flap sessions today when we saw Sprint's /14 announcement. So we jumped the gun on them and thought they were the cause :). Apparently, they were dampening the /20 block to the point that they weren't announcing it. We are still trying to determine the cause of the flaps as we had only added the null0 static route for that netblock this morning. And the 5-6 flap sessions today started after we reset the Sprint BGP session. We are a little baffled as we have a static BGP config and are not advertising our IGP routes into our BGP. And we have taken the Null0 static route out for now. On a related note, would it be possible to spoof BGP announcements and deliberately cause the flaps? Coincidentally, one of our customers with a network in that block believed his webserver was attacked earlier today. He didn't have any tools to sniff out the IP information and all he had was his Web access log which registered lots of entries for GIF files without any source addresses. It's a long shot and just a wild guess. Regards, Turnando Fuad NSNet