On Thu, 18 Dec 2003, Richard A Steenbergen wrote:
* 0.0.0.0 216.218.252.152 0 6939 6461 * 216.218.252.145 0 6939 6461 * 1.0.0.0 64.50.230.1 0 4181 65333
route-views certainly carries some interesting data. :) Hate to follow up to myself, but as someone just pointed out, 65333 is the cymru bogons server. I guess we all have to remember that people contributing to route-views are usually sending "customer" feeds, sometimes with their own internal goo or without stripping things like private ASNs which they would normally do when facing peers or transits.
That brings up a question for me (and possibly others) whi try to use routeviews for research purposes and need to determine if some route is "real" the net (I realize everyone has different view of "real" internet - view being both bgp term and general expression. I prefer widest view, i.e. routes seen by end users at least somewhere) So far I used simple/no algorithm when parsing routeviews data and took all routes from there. Obviously this is not working very well with these kind of private leaks. So, any suggestions, if I should do any of the following: 1. Only routes that appears on routeviews from all peers 2. Only routes that appears from at least two peers in routeviews 3. Only routes that appears from x number of peers, where x is determined as some percentage of peers routeview has in that particular dump What would good percentage be then? 4. Some other way to get rid of leaked default and similar known errors. And I'm curious what others are doing in this regard when using routeviews data. For example when routeviews is providing dns ip->asn resolution, what route(s) are being used there? -- William Leibzon Elan Networks william@elan.net