v6 route mess frm AS266970
is a massive route leak not even menntioned when it is only ipv6? the guess i heard was it looked like a classic config reorigination disaster. randy
i saw a lot of them too in AS1239 doug ________________________________ From: NANOG <nanog-bounces+dkenline=hotmail.com@nanog.org> on behalf of Randy Bush <randy@psg.com> Sent: Tuesday, August 29, 2023 11:41 AM To: North American Network Operators' Group <nanog@nanog.org> Subject: v6 route mess frm AS266970 is a massive route leak not even menntioned when it is only ipv6? the guess i heard was it looked like a classic config reorigination disaster. randy
We saw no impact to v6 traffic during the leak (and we have quite a lot of v6 traffic). I guess testament that RPKI works?
the packetviz (props massimo) reports i received would seem to indicate that the blast radius was mostly contained to america latina collectors. yes, likely due to route origin validation. randy
On 29/08/2023 18:41, Randy Bush wrote:
is a massive route leak not even menntioned when it is only ipv6?
the guess i heard was it looked like a classic config reorigination disaster.
randy
Has the route leak been resolved? BGPstream still shows it as active: https://bgpstream.crosswork.cisco.com/ RPKI only worked where it is implemented. I saw one path via Lumen (AS3356) and was disappointed to see it based on their blog from 2.5 years ago: https://blog.lumen.com/lumen-enhances-routing-security-with-resource-public-... "Once implemented, Lumen will use RPKI route validation on all BGP sessions for both customers and peers. Lumen’s RPKI validation servers download the ROAs, examine them, then send the tables to routers that can determine the validity of an IP prefix." MANRS confirms that AS3356 does not do much RPKI (see attachment). Regards, Hank
On Tue, 29 Aug 2023, Randy Bush wrote:
is a massive route leak not even menntioned when it is only ipv6?
the guess i heard was it looked like a classic config reorigination disaster.
It was mentioned earlier today on another list as a presumed route hijack. I guess those making the hijack accusations aren't familiar with Hanlon's razor. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
participants (5)
-
Doug Kenline
-
Hank Nussbacher
-
Jon Lewis
-
Randy Bush
-
Tarko Tikan