AS3356 Announcing 2000::/12
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 25%) of the IPv6 DFZ. Prayers for anyone impacted, the team announcing it, and the team resolving the issue. Ryan Hamel
On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel <administrator@rkhtech.org> wrote:
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
interesting that this is leaking outside supposed RPKI OV boundaries as well. For example: 6762 3356 2914 3356 174 3356 (apologies to 174, I forget if they signed up to the 'doin ov now' plan)
These as well: 3257 3356 3491 3356 They probably leaked a hold down route. Ryan Hamel -----Original Message----- From: Christopher Morrow <morrowc.lists@gmail.com> Sent: Wednesday, December 7, 2022 8:48 PM To: ryan@rkhtech.org Cc: nanog@nanog.org Subject: Re: AS3356 Announcing 2000::/12 On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel <administrator@rkhtech.org> wrote:
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
interesting that this is leaking outside supposed RPKI OV boundaries as well. For example: 6762 3356 2914 3356 174 3356 (apologies to 174, I forget if they signed up to the 'doin ov now' plan)
How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12, what would 6762|2914|174|* invalidate against? Until a future where everything is 'valid', RPKI is unable to pare out less-specific conflicts. It does look like 3356 pulled the announcement, which is good. On Thu, Dec 8, 2022 at 4:48 AM Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel <administrator@rkhtech.org> wrote:
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate
covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
interesting that this is leaking outside supposed RPKI OV boundaries as well. For example: 6762 3356 2914 3356 174 3356 (apologies to 174, I forget if they signed up to the 'doin ov now' plan)
On Thu, Dec 8, 2022 at 1:45 AM Heasley <heas@shrubbery.net> wrote:
Am 12/7/22 um 22:25 schrieb Don Beal <don@depref.net>:
How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12,
If all ASes participated, no „unknowns“, unknowns could be dropped, ….
yea that might be a tad dangerous today :( and don's right :( unknown is hard today :( (darn you don for being practical! :) ) crud.. but iRR filters! :)
what would 6762|2914|174|* invalidate against? Until a future where everything is 'valid', RPKI is unable to pare out less-specific conflicts.
It does look like 3356 pulled the announcement, which is good.
On Thu, Dec 8, 2022 at 4:48 AM Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel <administrator@rkhtech.org> wrote:
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
interesting that this is leaking outside supposed RPKI OV boundaries as well. For example: 6762 3356 2914 3356 174 3356 (apologies to 174, I forget if they signed up to the 'doin ov now' plan)
That would be a nice start :-) On Thu, Dec 8, 2022 at 6:45 AM Heasley <heas@shrubbery.net> wrote:
Am 12/7/22 um 22:25 schrieb Don Beal <don@depref.net>:
How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12,
If all ASes participated, no „unknowns“, unknowns could be dropped, ….
while i think the announcement is, shall we say, embarrassing, i do not see how it would be damaging. real/correct announcements would be for longer prefixes, yes? randy
On Thu, Dec 8, 2022 at 9:35 AM Randy Bush <randy@psg.com> wrote:
while i think the announcement is, shall we say, embarrassing, i do not see how it would be damaging. real/correct announcements would be for longer prefixes, yes?
randy
Putting on a probably-overly-paranoid hat for a moment... If I announce 2000::/12, seemingly as an innocent error, it won't break most people's routing, and is likely to be simply chalked up as a copy-paste error, or other human "oops". But if I happen to be running a promiscuous packet capture on a box that the "erroneous" routing table entry ultimately resolves to, I warrant there's a certain amount of legitimate packet streams I could collect here and there, any time a router processes a WITHDRAW update message for a more specific prefix within the range, before a new ANNOUNCE update message is processed. I'm not going to get a great deal of information, as most simple prefix updates happen within the same update message; but during periods of higher internal churn in a network, you may have brief periods during which the more specific route is withdrawn before being re-announced, during which I'd be able to harvest packets destined for other networks. As I said--I'm probably being overly paranoid, but I can't help but wonder what packets such a collector might see, if left to run for a week or two... ^_^; Thanks! Matt
On 10 Dec 2022, at 11:24 am, Matthew Petach <mpetach@netflight.com> wrote:
As I said--I'm probably being overly paranoid, but I can't help but wonder what packets such a collector might see, if left to run for a week or two... ^_^;
A decade ago it looked like this… https://www.potaroo.net/presentations/2012-05-15-ipv6-background-radiation.p... Geoff
The Internet delivers when we need it the most! :-) https://is2000slash12announcedagain.com/ Props to Ben Cartwright-Cox
Hi all, On Wed, Dec 07, 2022 at 08:24:54PM -0800, Ryan Hamel wrote:
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
A few months ago I wrote: "Frequently Asked Questions about 2000::/12 and related routing errors": https://www.ripe.net/ripe/mail/archives/routing-wg/2022-July/004588.html Kind regards, Job
On Thu, Dec 8 2022 at 12:38 PM, Job Snijders <nanog@nanog.org> wrote: Hi all,
On Wed, Dec 07, 2022 at 08:24:54PM -0800, Ryan Hamel wrote:
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
A few months ago I wrote: "Frequently Asked Questions about 2000::/12 and related routing errors":
https://www.ripe.net/ripe/mail/archives/routing-wg/2022-July/004588.html
Oh, that's a nice write-up. I must admit that it didn't occur to me that e.g 2000::/12 was likely something much more specific, but that someone missed the (probably) 6, 7, or 8 at the end, even though I've done this a few times myself… W
Kind regards,
Job
I know of a few people in a Discord that filter out anything bigger than /16 routes, would this be wise to implement as a best practice? From: Warren Kumari <warren@kumari.net> Sent: Friday, December 9, 2022 9:13 AM To: Job Snijders <job@fastly.com> Cc: ryan@rkhtech.org; North American Network Operators' Group <nanog@nanog.org> Subject: Re: AS3356 Announcing 2000::/12 On Thu, Dec 8 2022 at 12:38 PM, Job Snijders <nanog@nanog.org <mailto:nanog@nanog.org> > wrote: Hi all, On Wed, Dec 07, 2022 at 08:24:54PM -0800, Ryan Hamel wrote: AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 25%) of the IPv6 DFZ. A few months ago I wrote: "Frequently Asked Questions about 2000::/12 and related routing errors": https://www.ripe.net/ripe/mail/archives/routing-wg/2022-July/004588.html Oh, that's a nice write-up. I must admit that it didn't occur to me that e.g 2000::/12 was likely something much more specific, but that someone missed the (probably) 6, 7, or 8 at the end, even though I've done this a few times myself… W Kind regards, Job
I know of a few people in a Discord that filter out anything bigger than /16 routes, would this be wise to implement as a best practice?
once upon a time, a very large provider took two /8s and announced as a /7. a vendor who thought a /8 was as short as they would ever see had routers fall over in a receiving large provider. do not hard code social theories. remember 640k. randy
participants (9)
-
Christopher Morrow
-
Don Beal
-
Geoff Huston
-
Heasley
-
Job Snijders
-
Matthew Petach
-
Randy Bush
-
Ryan Hamel
-
Warren Kumari