Thanks for the ideas and the hint. Good read. Will do. PS: Still curious how, beside some RIB/FIB failure, how our AS ended up there. ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 05/31/18 10:15, Job Snijders wrote:
On Thu, May 31, 2018 at 09:49:47AM -0400, Alain Hebert wrote:
Well bad news on the ColoAU front, they refused to cooperate.
We'll pushback thru our GTT accounts... But I'm running out of ideas.
If anyone has any good ideas how to proceed at this point feel free to share =D. This feels like a BGP "optimiser" at work inside AS 4637.
From the https://lg.coloau.com.au/ looking glass:
BGP 'show route' 18.29.238.0/23 *[BGP/170] 1w0d 18:49:44, localpref 90, from 103.97.52.2 AS path: 4637 3257 29909 16532 16532 16532 16532 I, validation-state: unverified
However, a data-plane traceroute:
AS path: 4637 -> 174 -> ...
traceroute to 18.29.238.1 (18.29.238.1), 30 hops max, 40 byte packets 1 103.52.116.49 (103.52.116.49) 114.573 ms 113.965 ms 117.141 ms MPLS Label=691873 CoS=0 TTL=1 S=0 MPLS Label=17 CoS=0 TTL=1 S=1 2 202.127.69.34 (202.127.69.34) 113.768 ms 113.763 ms 113.731 ms 3 202.84.148.113 (202.84.148.113) [AS 4637] 114.759 ms 117.956 ms 115.796 ms 4 202.84.141.13 (202.84.141.13) [AS 4637] 181.873 ms 202.84.141.169 (202.84.141.169) [AS 4637] 181.618 ms 182.688 ms 5 202.84.253.82 (202.84.253.82) [AS 4637] 181.949 ms 202.40.149.226 (202.40.149.226) [AS 4637] 183.194 ms 202.84.253.82 (202.84.253.82) [AS 4637] 201.282 ms 6 154.54.10.133 (154.54.10.133) [AS 174] 181.055 ms 181.100 ms 181.065 ms 7 154.54.27.117 (154.54.27.117) [AS 174] 175.410 ms 182.956 ms 154.54.3.69 (154.54.3.69) [AS 174] 175.176 ms 8 154.54.45.161 (154.54.45.161) [AS 174] 212.531 ms 154.54.44.85 (154.54.44.85) [AS 174] 202.470 ms 187.361 ms 9 154.54.42.78 (154.54.42.78) [AS 174] 195.585 ms 195.812 ms 154.54.42.66 (154.54.42.66) [AS 174] 211.713 ms 10 154.54.30.161 (154.54.30.161) [AS 174] 235.896 ms 216.173 ms 211.246 ms 11 154.54.28.129 (154.54.28.129) [AS 174] 233.516 ms 225.413 ms 225.551 ms 12 154.54.24.221 (154.54.24.221) [AS 174] 236.432 ms 236.701 ms 236.595 ms 13 154.54.40.109 (154.54.40.109) [AS 174] 273.564 ms 279.452 ms 248.212 ms 14 154.54.46.33 (154.54.46.33) [AS 174] 248.098 ms 247.802 ms 248.084 ms 15 * * *
Discongruity between RIB and FIB like this, and the hijack being a more-specific of a /16, is a typical sign of BGP 'optimisers'.
I recommend you reach out to AUSNOG and APOPS and hope someone there knows someone at Telstra Hong Kong.
More thoughts on BGP optimisers: http://seclists.org/nanog/2017/Aug/318
Kind regards,
Job