Apologies for a post of an operational nature, but is anyone else seeing problems with AT&Ts 12/8 block? From a New York router connected to Global Crossing and Peer 1: border-1.nycmny> sh ip bgp 12.xxx.xxx.xxx BGP routing table entry for 12.0.0.0/8, version 86901457 Paths: (2 available, best #1) Not advertised to any peer 3549 12956 26210 64.213.176.97 from 64.213.176.97 (208.50.59.1) Origin incomplete, metric 2602, localpref 100, valid, external, best, ref 2 Community: 232589665 232618104 13768 12956 26210, (received-only) 64.34.84.117 from 64.34.84.117 (216.187.124.10) Origin incomplete, localpref 100, external, ref 2 Route views is showing a 12/8 with a fair amount of dampening/flap penalties in the last 10-12 minutes. -- Drew Linsalata The Gotham Bus Company, Inc. Dedicated Servers and Colocation Solutions Long Island, New York http://www.gothambus.com
On Fri, Sep 09, 2005 at 11:12:25AM -0400, Drew Linsalata wrote:
Apologies for a post of an operational nature, but is anyone else seeing problems with AT&Ts 12/8 block?
From a New York router connected to Global Crossing and Peer 1:
border-1.nycmny> sh ip bgp 12.xxx.xxx.xxx
BGP routing table entry for 12.0.0.0/8, version 86901457 Paths: (2 available, best #1) Not advertised to any peer 3549 12956 26210 64.213.176.97 from 64.213.176.97 (208.50.59.1) Origin incomplete, metric 2602, localpref 100, valid, external, best, ref 2 Community: 232589665 232618104 13768 12956 26210, (received-only) 64.34.84.117 from 64.34.84.117 (216.187.124.10) Origin incomplete, localpref 100, external, ref 2
Route views is showing a 12/8 with a fair amount of dampening/flap penalties in the last 10-12 minutes.
Looks like 12956 is announcing some /8s to every peer and transit. Worse still, Sprint and GX are propagating it. This is not the first time that Telefonica has leaked a lot of garbage routes with serious network impact as a result (nor is it the second or third, actually). 12.0.0.0/8 64.0.0.0/8 65.0.0.0/8 I'd say both GX and Sprint have a lot to answer for right about now. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
On Fri, 9 Sep 2005, Richard A Steenbergen wrote:
On Fri, Sep 09, 2005 at 11:12:25AM -0400, Drew Linsalata wrote:
Apologies for a post of an operational nature, but is anyone else seeing problems with AT&Ts 12/8 block?
From a New York router connected to Global Crossing and Peer 1:
border-1.nycmny> sh ip bgp 12.xxx.xxx.xxx
BGP routing table entry for 12.0.0.0/8, version 86901457 Paths: (2 available, best #1) Not advertised to any peer 3549 12956 26210 64.213.176.97 from 64.213.176.97 (208.50.59.1) Origin incomplete, metric 2602, localpref 100, valid, external, best, ref 2 Community: 232589665 232618104 13768 12956 26210, (received-only) 64.34.84.117 from 64.34.84.117 (216.187.124.10) Origin incomplete, localpref 100, external, ref 2
Route views is showing a 12/8 with a fair amount of dampening/flap penalties in the last 10-12 minutes.
Looks like 12956 is announcing some /8s to every peer and transit
It looks like 12956 is propagating announcements from their customer 26210 of these /8 routes. It looks like 12956 does not have correct policies in place to block such announcements from their customers as many of the large ISPs in US do (mostly by requiring customers to pre-authorize and give list of blocks that they would be announcing) and that is why from time-time things like this leak out (which they deal with each time after the fact). It does seem appropriate that if 12956 is unable to put appropriate policies in place to make sure things like this do not happen, then all its announcements will have to be double-checked and pre-authorized by its transits i.e. GBLX and Sprint. --- William Leibzon Elan Networks william@elan.net
On Fri, Sep 09, 2005 at 11:25:25AM -0400, Richard A Steenbergen wrote:
Looks like 12956 is announcing some /8s to every peer and transit. Worse still, Sprint and GX are propagating it. This is not the first time that Telefonica has leaked a lot of garbage routes with serious network impact as a result (nor is it the second or third, actually).
12.0.0.0/8 64.0.0.0/8 65.0.0.0/8
I'd say both GX and Sprint have a lot to answer for right about now.
Minor apologies to GX, it looks like Telefonica isn't a customer any more, just a direct peer. I'm still annoyed from the last outage caused when Telefonica leaked routes to GX as a transit customer. Sprint on the other hand propagated this as full transit. I'm glad to see no one has learned from AS7007. :) As for how to prevent this from happening again... I know many people who aren't able to implement full peer filtering are at least enforcing simple as-path checks on the largest ASNs (making sure that customers and peers don't reannounce paths which have 7018 in them, for example), but it doesn't look like anyone is trying to filter things on a largest prefix basis. When AS26210 decides to start originating the prefixes themselves instead of just leaking it from 7018, boom. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Richard A Steenbergen wrote:
Looks like 12956 is announcing some /8s to every peer and transit. Worse still, Sprint and GX are propagating it. This is not the first time that Telefonica has leaked a lot of garbage routes with serious network impact as a result (nor is it the second or third, actually).
12.0.0.0/8 64.0.0.0/8 65.0.0.0/8
I'd say both GX and Sprint have a lot to answer for right about now.
Looks like 26210 is originating the prefixes and Telefonica is happily passing them along to the world, at least some portion of which is glad to go along for the ride. Q. How does the Internet work? A. Spit and glue. -- Drew Linsalata The Gotham Bus Company, Inc. Dedicated Servers and Colocation Solutions Long Island, New York http://www.gothambus.com
On Fri, Sep 09, 2005 at 11:44:05AM -0400, Drew Linsalata wrote:
Looks like 26210 is originating the prefixes and Telefonica is happily passing them along to the world, at least some portion of which is glad to go along for the ride.
Q. How does the Internet work? A. Spit and glue.
$10 says someone forgot "ip classless". $20 says this devolves into a discussion about pgp key signed bgp announcements or some other impractical soapbox within less than 10 emails. :) Now if only they made "no ip clueless". -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Richard A Steenbergen wrote:
$10 says someone forgot "ip classless".
Is there a valid argument for making "ip classless" the default in the IOS? Seems to me that it would only solve problems, but I don't profess to be a routing guru, especially in comparison to folks in this forum. -- Drew Linsalata The Gotham Bus Company, Inc. Dedicated Servers and Colocation Solutions Long Island, New York http://www.gothambus.com
Drew Linsalata wrote:
Richard A Steenbergen wrote:
$10 says someone forgot "ip classless".
Is there a valid argument for making "ip classless" the default in the IOS? Seems to me that it would only solve problems, but I don't profess to be a routing guru, especially in comparison to folks in this forum.
It has been that way for a while now? Pete
FYI, happened again this morning for (at least) 12/8 duration approx 30 minutes starting at 5:45 AM PDT.
On Sat, Sep 10, 2005 at 06:15:38AM -0700, Eric Louie wrote:
FYI, happened again this morning for (at least) 12/8 duration approx 30 minutes starting at 5:45 AM PDT.
Notice that AT&T is no longer taking chances, and is announcing 2 /9s. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
participants (5)
-
Drew Linsalata
-
Eric Louie
-
Petri Helenius
-
Richard A Steenbergen
-
william(at)elan.net