Hi, probably this route is wrong, see RFC 6598, as you can see: show route 100.64.0.0/10 inet.0: 563509 destinations, 1528595 routes (561239 active, 0 holddown, 3898 hidden) + = Active Route, - = Last Active, * = Both 100.100.1.0/24 *[BGP/170] 2d 14:46:05, MED 100, localpref 100 AS path: 5580 9498 9730 I, validation-state: unverified > to 78.152.54.166 via ge-2/0/0.0 Do you have some idea ? Ciao, -- Marco Paesani MPAE Srl Skype: mpaesani Mobile: +39 348 6019349 Success depends on the right choice ! Email: marco@paesani.it
On Fri, 2 Oct 2015, Marco Paesani wrote:
Hi, probably this route is wrong, see RFC 6598, as you can see:
show route 100.64.0.0/10
inet.0: 563509 destinations, 1528595 routes (561239 active, 0 holddown, 3898 hidden) + = Active Route, - = Last Active, * = Both
100.100.1.0/24 *[BGP/170] 2d 14:46:05, MED 100, localpref 100 AS path: 5580 9498 9730 I, validation-state: unverified > to 78.152.54.166 via ge-2/0/0.0
My guess is someone leaking an internal route. It's not uncommon to see people using random IPv4 space for internal purposes. Ranges such as 100.100.x.0/24 or 20.20.x.0/24 are often mis-used in this way. It also looks like at least one of their upsteams is not filtering out any advertisements from 100.64/10. jms
Hi Justin, I know that we must filter this type of route, but AS9498 (upstream) MUST accept only correct networks. Or not ? Ciao, Marco 2015-10-02 16:52 GMT+02:00 Justin M. Streiner <streiner@cluebyfour.org>:
On Fri, 2 Oct 2015, Marco Paesani wrote:
Hi,
probably this route is wrong, see RFC 6598, as you can see:
show route 100.64.0.0/10
inet.0: 563509 destinations, 1528595 routes (561239 active, 0 holddown, 3898 hidden) + = Active Route, - = Last Active, * = Both
100.100.1.0/24 *[BGP/170] 2d 14:46:05, MED 100, localpref 100 AS path: 5580 9498 9730 I, validation-state: unverified > to 78.152.54.166 via ge-2/0/0.0
My guess is someone leaking an internal route. It's not uncommon to see people using random IPv4 space for internal purposes. Ranges such as 100.100.x.0/24 or 20.20.x.0/24 are often mis-used in this way.
It also looks like at least one of their upsteams is not filtering out any advertisements from 100.64/10.
jms
-- Marco Paesani MPAE Srl Skype: mpaesani Mobile: +39 348 6019349 Success depends on the right choice ! Email: marco@paesani.it
On 2 October 2015 at 16:10, Marco Paesani <marco@paesani.it> wrote:
Hi Justin, I know that we must filter this type of route, but AS9498 (upstream) MUST accept only correct networks. Or not ? Ciao, Marco
You are correct. AS-9730 shoudn't be advertising this range. AS-9498 shouldn't be accepting this range, and they shouldn't be advertising it on. AS-5580 shouldn't be accepting this range, and they shouldn't be advertising it on. In fact if we look at LINX as an example, many ASNs are accepting this route and advertising it on again. Possibly becasue they use the same filter list for inbound and outbound advertisements so an inbound mistake just gets echo'ed out to everyone else :( route-views.linx.routeviews.org> show ip bgp 100.64.0.0/10 longer-prefixes BGP table version is 0, local router ID is 195.66.225.222 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 100.100.1.0/24 195.66.224.83 0 5511 9498 9730 ? *> 195.66.225.86 0 34288 9498 9730 i * 195.66.224.51 0 6453 5511 9498 9730 i * 195.66.224.53 10 0 8928 5511 9498 9730 ? * 195.66.236.35 0 6067 6453 5511 9498 9730 i * 195.66.225.109 0 41811 9498 9730 ? * 195.66.224.153 100 0 6762 5511 9498 9730 ? * 195.66.224.118 0 14537 9498 9730 ? * 195.66.224.39 0 3561 5511 9498 9730 ? * 195.66.224.233 0 0 19151 9498 9730 ? * 195.66.224.175 1 0 13030 9498 9730 ? * 195.66.236.175 1 0 13030 9498 9730 ? Cheers, James.
On Fri, 2 Oct 2015, Marco Paesani wrote:
I know that we must filter this type of route, but AS9498 (upstream) MUST accept only correct networks. Or not ?
They should filter out routes that are not supposed to be globally routable, but many providers don't do this, unfortunately. jms
2015-10-02 16:52 GMT+02:00 Justin M. Streiner <streiner@cluebyfour.org>:
On Fri, 2 Oct 2015, Marco Paesani wrote:
Hi,
probably this route is wrong, see RFC 6598, as you can see:
show route 100.64.0.0/10
inet.0: 563509 destinations, 1528595 routes (561239 active, 0 holddown, 3898 hidden) + = Active Route, - = Last Active, * = Both
100.100.1.0/24 *[BGP/170] 2d 14:46:05, MED 100, localpref 100 AS path: 5580 9498 9730 I, validation-state: unverified > to 78.152.54.166 via ge-2/0/0.0
My guess is someone leaking an internal route. It's not uncommon to see people using random IPv4 space for internal purposes. Ranges such as 100.100.x.0/24 or 20.20.x.0/24 are often mis-used in this way.
It also looks like at least one of their upsteams is not filtering out any advertisements from 100.64/10.
jms
--
Marco Paesani MPAE Srl
Skype: mpaesani Mobile: +39 348 6019349 Success depends on the right choice ! Email: marco@paesani.it
participants (3)
-
James Bensley
-
Justin M. Streiner
-
Marco Paesani