only WV FIBER now peering with Atrivo / Intercage
Or is it? On Sat, 6 Sep 2008, Gadi Evron wrote:
http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0#AS27595
Gadi.
On Sat, Sep 6, 2008 at 11:31 AM, Gadi Evron <ge@linuxbox.org> wrote:
Or is it?
Looks to not be, so I call BS on your subject line.. however, I do see: * 64.28.176.0/20 71.13.116.101 100 0 20115 19151 26769 27595 i *> 204.11.128.105 100 0 33125 174 3549 27595 i * 67.210.0.0/21 71.13.116.101 100 0 20115 19151 26769 27595 i *> 204.11.128.105 100 0 33125 174 3549 27595 i * 67.210.8.0/22 71.13.116.101 100 0 20115 19151 26769 27595 i 20115 sees 27595 through wv (which peers with bandcon), so it would seem wv shut the edge edge (renesys data also agrees). It's interesting the gx edge is still active. -Tk
On Sat, 6 Sep 2008, Anton Kapela wrote:
On Sat, Sep 6, 2008 at 11:31 AM, Gadi Evron <ge@linuxbox.org> wrote:
Or is it?
Looks to not be, so I call BS on your subject line..
Thanks Anton! I appreciae you looking into it.
however, I do see:
* 64.28.176.0/20 71.13.116.101 100 0 20115 19151 26769 27595 i *> 204.11.128.105 100 0 33125 174 3549 27595 i * 67.210.0.0/21 71.13.116.101 100 0 20115 19151 26769 27595 i *> 204.11.128.105 100 0 33125 174 3549 27595 i * 67.210.8.0/22 71.13.116.101 100 0 20115 19151 26769 27595 i
20115 sees 27595 through wv (which peers with bandcon), so it would seem wv shut the edge edge (renesys data also agrees).
It's interesting the gx edge is still active.
-Tk
Gadi, A quick look at route-views will confirm that Atrivo is multi-homed. And WV Fiber is a transit provider to them, not a peer. As NANOG community members in good standing, I'm sure WV, nLayer, etc would take the appropriate action if you were to contact their respective abuse departments, *privately*, with evidence of active abuse on Atrivo's part. Drive Slow, Paul Wall On Sat, Sep 6, 2008 at 9:47 AM, Gadi Evron <ge@linuxbox.org> wrote:
http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0#AS27595
Gadi.
On Sep 6, 2008, at 1:27 PM, Paul Wall wrote:
A quick look at route-views will confirm that Atrivo is multi-homed. And WV Fiber is a transit provider to them, not a peer.
As NANOG community members in good standing, I'm sure WV, nLayer, etc would take the appropriate action if you were to contact their respective abuse departments, *privately*, with evidence of active abuse on Atrivo's part.
Minor correction to your at least implied statement above: nLayer has no direct connectivity to Atrivo, peering or transit. Personally, I'm fine with anyone providing Atrivo transit being shamed in public, but I understand if others do not want such traffic on the list. Anton's post that GX is still providing them transit is a bit curious, since I was under the impression GX had severed all ties with Atrivo. But the table does not lie, a path of "174 3549 27595" is clearly transit. GX, care to comment? -- TTFN, patrick
On Sat, Sep 6, 2008 at 6:33 PM, Patrick W. Gilmore <patrick@ianai.net> wrote:
Anton's post that GX is still providing them transit is a bit curious, since I was under the impression GX had severed all ties with Atrivo. But the table does not lie, a path of "174 3549 27595" is clearly transit. GX, care to comment?
After poking for a bit, it's unclear what, if anything, GX is or isn't doing here. I tossed a static /24 towards the upstream sending the AS path with GX in it, and traced towards a host in the that /24 - the traceroute output disagrees with the as path, oddly enough. bgp routes, again: r> 58.65.238.0/24 71.13.116.101 100 0 20115 19151 27595 i r 204.11.128.105 100 0 33125 174 3549 27595 i actual path is cogent, (3), wv, intercage, not cogent, gx, intercage: Tracing the route to 58-65-238-1.myrdns.com (58.65.238.1) 1 204.11.128.105 [AS 33125] 0 msec 0 msec 0 msec 2 gi2-15.ccr02.ord03.atlas.cogentco.com (38.104.102.29) [AS 174] 4 msec 4 msec 8 msec 3 te-9-1.car4.Chicago1.Level3.net (4.68.127.129) [AS 3356] 4 msec 8 msec 4 msec 4 ae-32-56.ebr2.Chicago1.Level3.net (4.68.101.190) [AS 3356] 8 msec 20 msec 16 msec 5 ae-5.ebr2.Chicago2.Level3.net (4.69.140.194) [AS 3356] 8 msec 4 msec 8 msec 6 ae-2.ebr2.Washington1.Level3.net (4.69.132.70) [AS 3356] 40 msec 36 msec 36 msec 7 ae-72-72.csw2.Washington1.Level3.net (4.69.134.150) [AS 3356] 36 msec ae-82-82.csw3.Washington1.Level3.net (4.69.134.154) [AS 3356] 40 msec ae-92-92.csw4.Washington1.Level3.net (4.69.134.158) [AS 3356] 40 msec 8 ae-14-69.car4.Washington1.Level3.net (4.68.17.6) [AS 3356] 28 msec ae-24-79.car4.Washington1.Level3.net (4.68.17.70) [AS 3356] 32 msec ae-34-89.car4.Washington1.Level3.net (4.68.17.134) [AS 3356] 32 msec 9 CWIE-LLC.car4.Washington1.Level3.net (4.79.170.146) [AS 3356] 32 msec 32 msec 28 msec 10 * * * 11 atl-ten3-1-ash-ten3-1.wvfiber.net (66.216.1.157) [AS 19151] [MPLS: Label 120 Exp 0] 216 msec 208 msec 188 msec 12 nsh-ten4-1-atl-ten3-2.wvfiber.net (64.127.130.58) [AS 19151] [MPLS: Label 73 Exp 0] 32 msec 32 msec 32 msec 13 la-ten1-1-nsh-ten4-2.wvfiber.net (66.186.197.109) [AS 19151] [MPLS: Label 113 Exp 0] 80 msec 80 msec 80 msec 14 sjc-ten1-1-la-ten1-2.wvfiber.net (66.186.197.106) [AS 19151] 80 msec 84 msec 80 msec 15 58-65-238-1.myrdns.com (58.65.238.1) 84 msec 132 msec 104 msec question I have for the list is...who's faking the funk? -Tk
On Sat, Sep 6, 2008 at 8:30 PM, Anton Kapela <tkapela@gmail.com> wrote:
On Sat, Sep 6, 2008 at 6:33 PM, Patrick W. Gilmore <patrick@ianai.net> wrote:
Anton's post that GX is still providing them transit is a bit curious, since I was under the impression GX had severed all ties with Atrivo. But the table does not lie, a path of "174 3549 27595" is clearly transit. GX, care to comment?
After poking for a bit, it's unclear what, if anything, GX is or isn't doing here.
I tossed a static /24 towards the upstream sending the AS path with GX in it, and traced towards a host in the that /24 - the traceroute output disagrees with the as path, oddly enough.
bgp routes, again:
r> 58.65.238.0/24 71.13.116.101 100 0 20115 19151 27595 i r 204.11.128.105 100 0 33125 174 3549 27595 i
actual path is cogent, (3), wv, intercage, not cogent, gx, intercage:
Tracing the route to 58-65-238-1.myrdns.com (58.65.238.1)
1 204.11.128.105 [AS 33125] 0 msec 0 msec 0 msec 2 gi2-15.ccr02.ord03.atlas.cogentco.com (38.104.102.29) [AS 174] 4 msec 4 msec 8 msec 3 te-9-1.car4.Chicago1.Level3.net (4.68.127.129) [AS 3356] 4 msec 8 msec 4 msec 4 ae-32-56.ebr2.Chicago1.Level3.net (4.68.101.190) [AS 3356] 8 msec 20 msec 16 msec 5 ae-5.ebr2.Chicago2.Level3.net (4.69.140.194) [AS 3356] 8 msec 4 msec 8 msec 6 ae-2.ebr2.Washington1.Level3.net (4.69.132.70) [AS 3356] 40 msec 36 msec 36 msec 7 ae-72-72.csw2.Washington1.Level3.net (4.69.134.150) [AS 3356] 36 msec ae-82-82.csw3.Washington1.Level3.net (4.69.134.154) [AS 3356] 40 msec ae-92-92.csw4.Washington1.Level3.net (4.69.134.158) [AS 3356] 40 msec 8 ae-14-69.car4.Washington1.Level3.net (4.68.17.6) [AS 3356] 28 msec ae-24-79.car4.Washington1.Level3.net (4.68.17.70) [AS 3356] 32 msec ae-34-89.car4.Washington1.Level3.net (4.68.17.134) [AS 3356] 32 msec 9 CWIE-LLC.car4.Washington1.Level3.net (4.79.170.146) [AS 3356] 32 msec 32 msec 28 msec 10 * * * 11 atl-ten3-1-ash-ten3-1.wvfiber.net (66.216.1.157) [AS 19151] [MPLS: Label 120 Exp 0] 216 msec 208 msec 188 msec 12 nsh-ten4-1-atl-ten3-2.wvfiber.net (64.127.130.58) [AS 19151] [MPLS: Label 73 Exp 0] 32 msec 32 msec 32 msec 13 la-ten1-1-nsh-ten4-2.wvfiber.net (66.186.197.109) [AS 19151] [MPLS: Label 113 Exp 0] 80 msec 80 msec 80 msec 14 sjc-ten1-1-la-ten1-2.wvfiber.net (66.186.197.106) [AS 19151] 80 msec 84 msec 80 msec 15 58-65-238-1.myrdns.com (58.65.238.1) 84 msec 132 msec 104 msec
question I have for the list is...who's faking the funk?
second that... from ripe bgplay view, gx is never seen as an adjacency to 27595, just wv and bandcon, with liteup being brought up later on in the 2 day interval http://www.ris.ripe.net/cgi-bin/bgplay.cgi?prefix=58.65.238.0/24&start=2008-09-05+01:15&end=2008-09-07+01:15
-Tk
-christian
I'm not sure where that 58.65.238.0/24 prefix with AS3549 in the path came from. I *currently* see no BGP RIB entries with AS "3549_27595" (GBLX Intercage) in the path. A query for the past 6 hours yields 32 AS 27595 originated prefixes, here are each with their associated upstream ASN(s) (26769::BANDCON, 19151::WVFIBER-1): 58.65.238.0/24 - 26769 58.65.239.0/24 - 26769 64.28.176.0/20 - 26769,19151 67.210.0.0/21 - 26769,19151 67.210.8.0/22 - 26769,19151 67.210.14.0/23 - 26769,19151 69.22.162.0/23 - 26769,19151 69.22.168.0/21 - 26769,19151 69.22.184.0/22 - 26769,19151 69.31.64.0/20 - 26769,19151 69.50.160.0/19 - 26769,19151 69.50.173.0/24 - 26769,19151 69.50.182.0/23 - 26769,19151 85.255.113.0/24 - 26769,19151 85.255.114.0/23 - 26769,19151 85.255.116.0/22 - 26769,19151 85.255.116.0/23 - 26769,19151 85.255.118.0/24 - 26769,19151 85.255.119.0/24 - 26769,19151 85.255.120.0/23 - 26769,19151 85.255.120.0/24 - 26769,19151 85.255.121.0/24 - 26769,19151 85.255.122.0/24 - 26769,19151 116.50.10.0/24 - 26769,19151 116.50.11.0/24 - 26769,19151 216.255.176.0/20 - 26769,19151 216.255.176.0/21 - 26769,19151 216.255.176.0/22 - 19151 216.255.180.0/22 - 19151 216.255.184.0/21 - 26769,19151 216.255.184.0/22 - 19151 216.255.188.0/22 - 19151 As for which of these prefixes seem to be associated with alleged nefarious activities, I'll leave that as an exercise for the operator. -danny
participants (6)
-
Anton Kapela -
Christian Koch -
Danny McPherson -
Gadi Evron -
Patrick W. Gilmore -
Paul Wall