Currently, one half of our /18 is being erroneously advertised by Sprint (207.228.0.0/19). This, naturally, is causing us no end of trouble. Sprint, meanwhile, blames a third party. This has been going on for over 24 hours. First, if you're reading this and you're the culprit, please stop advertising 207.228.0.0/19. Second, I'm soliciting advice from others who have experienced this. How did you get results from the culprits? Can you recommend an attorney who is familiar with the issues, in case we decide to recover our lost revenue stream? Thanks! -- Bruce Robertson, President/CEO Great Basin Internet Services, Inc. +1-702-348-7299 fax: +1-702-348-9412
I thought all responsible parties (like Sprint) filtered their customer routes. I know I can't advertise or leak out anything to MCI or UUNet that I havn't registered with them. I've heard in the past that Sprints route acceptance policy was a little on the trusting side, but not filtering your customers announcements is just silly. They (sprint) should only allow their customers to advertise their registered IP space and stop things like this from happening. I'm looking at Sprint's BGP policy (http://www.sprint.net/bgppolicy.htm) and it appears that they are way too trusting. They expect their customers to do everything right, and for someone with little or no knowledge of setting up BGP, they could quickly cause havoc for Sprint's or other carriers' networks. This is especially interesting since they offer no BGP help what so ever according to this document. Also according to this document, the customer is responsible for all filtering, which is an extremely poor practice. I wonder how long it will take for a Sprint customer to advertise a default route out and I wonder how many sites it would effectively blackhole. Regards, Joe Shaw - jshaw@insync.net NetAdmin - Insync Internet Services On Tue, 10 Feb 1998, Bruce Robertson wrote:
Currently, one half of our /18 is being erroneously advertised by Sprint (207.228.0.0/19). This, naturally, is causing us no end of trouble. Sprint, meanwhile, blames a third party. This has been going on for over 24 hours.
First, if you're reading this and you're the culprit, please stop advertising 207.228.0.0/19.
Second, I'm soliciting advice from others who have experienced this. How did you get results from the culprits? Can you recommend an attorney who is familiar with the issues, in case we decide to recover our lost revenue stream?
Thanks!
-- Bruce Robertson, President/CEO Great Basin Internet Services, Inc. +1-702-348-7299 fax: +1-702-348-9412
At 12:13 PM -0500 2/11/98, Joe Shaw wrote:
I thought all responsible parties (like Sprint) filtered their customer routes. I know I can't advertise or leak out anything to MCI or UUNet that I havn't registered with them. I've heard in the past that Sprints route acceptance policy was a little on the trusting side, but not filtering your customers announcements is just silly. They (sprint) should only allow their customers to advertise their registered IP space and stop things like this from happening.
No, the oft heard reason for connecting to Sprint is so that you can advertise routes for IP space you don't quite own yet, as when trying to change over a t1 with minimal or no downtime. Security often comes at the expense of response time, unfortunately. Trust is necessary, so it is important for people to be trustworthy, and if they are not trustworthy, then its important that we have crimminal laws to apply to them. I do suggest to the original respondent that he direct his lawyer to look into 18 USC 1030 and in particular to the penalties for unintentional damage to a computer engaged in interstate commerce. If its a mistake, or a hardware failure, there's nothing that can be done. If its a mistake, and you should have known better, you could get in trouble. Not as much, but probably enough to make you want to be careful. If its intentional and malicious, don't be too surprised if they throw the book at you. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
We had this same problem with SprintLink on Friday 2/6. As one of the techs at their NOC put it, they had a `glitch' in one of their cards at sl-bb3-chi at 6 PM. They reset the card, but it was broadcasting bad addresses for our network. At first I figured there was a fiber cut somewhere and that's why our traffic dropped because I could still get to almost all of Sprint's network. But after a few hours when the routes should have already reconverged and we still couldn't get outside Sprint's network, I called them to report the problem (1-800-877-5045). They told me that a tech would get right back to me. Within 15 minutes I had a tech calling me back from the NOC to work out the problem. After spending an hour on the phone proving to him that I couldn't get outside of Sprint's network, he reset the interface on their router that's connected to us. This seemed to clear up the problem so I went to bed, only to be woken up Saturday morning by frantic 1st level techs who said that there were still problems. I called Sprint again and this time it took 3 hours and several phone calls to get a tech to even call me back. Once I had them on the phone again, I spent another 1/2 hour proving that there was a problem with me getting outside of their network. I remembered what had fixed the problem last time so I reset my BGP session with Sprint. This did not fix the problem. They got off the phone and I didn't hear from a tech again until 3 hours later and several phone calls to my Sprint Reps and subsequent supervisors (even to a Vice President). Finally at 3 PM they had mysteriously fixed the problem, but I had to reset my other BGP sessions because somehow my other providers had picked up bad info from Sprint's announcements (I don't even know if that's possible) and still had residual problems for several days with certain sites because of our flapping. Needless to say Sprint was quite apologetic, but our customers were isolated from a majority of the Net for 21 hours, our longest network down time ever. I don't deal directly with our Sprint Rep, but I had heard talk Saturday afternoon about compensation. If you would like more info, contact me privately. -Dean On Tue, 10 Feb 1998, Bruce Robertson wrote:
Currently, one half of our /18 is being erroneously advertised by Sprint (207.228.0.0/19). This, naturally, is causing us no end of trouble. Sprint, meanwhile, blames a third party. This has been going on for over 24 hours.
First, if you're reading this and you're the culprit, please stop advertising 207.228.0.0/19.
Second, I'm soliciting advice from others who have experienced this. How did you get results from the culprits? Can you recommend an attorney who is familiar with the issues, in case we decide to recover our lost revenue stream?
Thanks!
-- Bruce Robertson, President/CEO Great Basin Internet Services, Inc. +1-702-348-7299 fax: +1-702-348-9412
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dean Morstad Spacestar Communications Systems Administrator A Division of Firmware of MN, Inc. dean@spacestar.net 9531 W. 78th St http://www.spacestar.net Eden Prairie, MN 55344 http://www.morstad.org 612.996.0000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I would recommend calling the NOC first. 1-800-232-6895. Widely published number. Someone there can either contact the originator of the bogus announcement, or put in a filter list if absolutely necessary. Alex Sprintlink Network Operations (ebo ebpxryy qvq vg. v'z frevbhf!) On Tue, 10 Feb 1998, Bruce Robertson wrote:
Currently, one half of our /18 is being erroneously advertised by Sprint (207.228.0.0/19). This, naturally, is causing us no end of trouble. Sprint, meanwhile, blames a third party. This has been going on for over 24 hours.
First, if you're reading this and you're the culprit, please stop advertising 207.228.0.0/19.
Second, I'm soliciting advice from others who have experienced this. How did you get results from the culprits? Can you recommend an attorney who is familiar with the issues, in case we decide to recover our lost revenue stream?
Thanks!
-- Bruce Robertson, President/CEO Great Basin Internet Services, Inc. +1-702-348-7299 fax: +1-702-348-9412
From: Bruce Robertson <bruce@greatbasin.net> ... Currently, one half of our /18 is being erroneously advertised by Sprint (207.228.0.0/19). This, naturally, is causing us no end of trouble. Sprint, meanwhile, blames a third party. This has been going on for over 24 hours.
You have to make certain that your upstream provider(s) will accept all more specific routes from you for networks in your CIDR block. That way as soon as you notice a problem such as the one above for example, you could announce 207.228.0.0/20 and 207.228.16.0/20 to the world. Since you are announcing more specific routes you have immediately fixed your routing problem. THEN you beat up on the offender and offender's NSP to fix their announcement. -- Paul. *-----------------------------------------------------------------------* | Paul W. Fakler | Senior Network Engineer | *---------------------------------*-------------------------------------* | Internet : pfakler@mr.net | MRNet | | My Desk : +1 612 362-5818 | Minnesota Regional Network | | Problems : +1 612 362-5800 | 2829 University Ave SE, Suite 200 | | FAX : +1 612 362-5899 | Minneapolis, MN 55414, USA | *---------------------------------*-------------------------------------*
Currently, one half of our /18 is being erroneously advertised by Sprint (207.228.0.0/19). This, naturally, is causing us no end of trouble. Sprint, meanwhile, blames a third party. This has been going on for over 24 hours.
First, if you're reading this and you're the culprit, please stop advertising 207.228.0.0/19.
Second, I'm soliciting advice from others who have experienced this. How did you get results from the culprits? Can you recommend an attorney who is familiar with the issues, in case we decide to recover our lost revenue stream?
Thanks!
-- Bruce Robertson, President/CEO Great Basin Internet Services, Inc. +1-702-348-7299 fax: +1-702-348-9412
Did you try calling the third party? brad reynolds ber@cwru.edu
participants (7)
-
Bradley Reynolds -
Bruce Robertson -
Dean Anderson -
Dean Morstad -
Friskies -
Joe Shaw -
Paul Fakler