That's something I would do. Announce announce and keep adding ports until I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in a blackhole route for the prefixes. Try to pick blocks that are as geographically located to your peering routers as possible ...IE in Reno pick the blocks that seem to be near by - like Reno, Tahoe, Sacramento ..... when that batch of customers makes their phones ring all night someone will listen. Would be nice if our membership organization ARIN ( that we all pay to keep us somewhat organized) had an ability to do something for you.... I never looked into it...i don't know....maybe it does ? But, in the mean time I am pretty sure you can document this well and prove your announcements of theirs was due to the fact you couldn't get proper technical attention and needed to desperately before your customers cancel after 8 hours of this. Tomorrow call your lawyers and begin to sue that cable company (did I recognize that ASN as cable TV ? ) for damages this must be causing you in ill-will amongst your customer base. I wonder just how you prove the damage...some equation based on customer calls and complaints together with how many years you have been in business as well as the number of contracts that are coming up for renewal. etc etc. Now that would be interesting to see a formula for that if anyone has been through it. Thank You Bob Evans CTO
Start announcing their prefixes?
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sep 28, 2015 11:09 PM, "Seth Mattinen" <sethm@rollernet.us> wrote:
On 9/28/15 18:30, William Herrin wrote:
On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen <sethm@rollernet.us> wrote:
I've got a problem where AS20115 continues to announce prefixes after BGP neighbors were shutdown. They claim it's a wedged BGP process but aren't in any hurry to fix it outside of a maintenance window.
If they weren't lying to you, they'd fix it now. That's not the kind of problem that waits.
Thing is: they lied to you. Long ago they "helpfully" programmed their router to announce your route regardless of whether you sent a route to them. They want to wait for a maintenance window to remove that configuration.
I'm at a loss of what else I can do. They admit the problem but won't take
action saying it needs to wait for a maintenance window. Am I out of line insisting that's an unacceptable response to a problem that results in prefix/traffic hijacking?
Try dropping the link entirely. If they still announce your addresses, bring it back up but report it as emergency down, escalate, and call back every 10 minutes until the junior tech understands that it's time to call and wake up the guy who makes the decision to fix it now.
I'm at the tail end here almost 8 hours later since the hijacking started. Their NOC is just blowing me off now and they're happy to continue the hijacking until it's convenient for them to have a maintenance window. And that's apparently the final decision.
~Seth