Oddities in a bad route announcement
At first I thought this was just another Bay router causing Warwick Online (ASN11606) to leak routes between UUNET and Sprint. But when I looked into it, I found a few oddities. Unlike most bad route incidents, this seems to hijack a route for very specific site. Usually bad routes blackhole in the provider, so suffer so much congestion it is quickly noticed. In addition, usually a more specific announcement caused the problem. You could still find the "correct" route somewhere. In this case, I can't find the real 192.104.54.0/24 announcement on route-server.cerf.net, digex looking glass, or my own bgp sessions. Yes, I've already reported this to the providers involved. But in the more general sense, anyone have a hypothesis why this would happened? The blockage of the real announcement from the direct upstream provider seems very strange. traceroute to infoserver.FCC.gov (192.104.54.3), 30 hops max, 38 byte packets 1 StLouis22-fe6-0-0.dra.net (192.65.218.2) 10 ms 0 ms 10 ms 2 sl-gw2-kc-3-7.sprintlink.net (144.232.129.97) 10 ms 10 ms 10 ms 3 sl-bb2-kc-12-0.sprintlink.net (144.224.20.2) 10 ms 10 ms 10 ms 4 sl-bb10-kc-1-1.sprintlink.net (144.232.2.21) 10 ms 10 ms 10 ms 5 sl-bb11-chi-4-0.sprintlink.net (144.232.9.118) 20 ms 20 ms 20 ms 6 sl-bb5-chi-0-0-0.sprintlink.net (144.232.0.170) 20 ms 20 ms 20 ms 7 sl-bb7-pen-5-0-0.sprintlink.net (144.228.10.37) 40 ms 40 ms 30 ms 8 sl-bb11-pen-1-3.sprintlink.net (144.232.5.57) 30 ms 40 ms 40 ms 9 sl-gw24-pen-4-0-0.sprintlink.net (144.232.5.182) 40 ms 50 ms 40 ms 10 sl-warwick-3-0-0.sprintlink.net (144.232.188.214) 40 ms 70 ms 60 ms 11 208.228.101.2 (208.228.101.2) 50 ms 50 ms 50 ms 12 905.Hssi2-0.GW3.NYC1.ALTER.NET (157.130.6.237) 50 ms 50 ms 50 ms 13 104.ATM3-0.XR1.NYC1.ALTER.NET (146.188.177.138) 60 ms 50 ms 60 ms 14 195.ATM3-0.TR1.NYC1.ALTER.NET (146.188.178.182) 60 ms 50 ms 50 ms 15 104.ATM5-0.TR1.DCA1.ALTER.NET (146.188.136.213) 60 ms 50 ms 50 ms 16 199.ATM6-0.XR1.DCA1.ALTER.NET (146.188.161.129) 50 ms 50 ms 50 ms 17 195.ATM9-0-0.GW2.DCA3.ALTER.NET (146.188.163.185) 50 ms 50 ms 50 ms 18 fcc.gov-gw.customer.alter.net (157.130.39.150) 60 ms 50 ms 60 ms 19 infoserver.fcc.gov (192.104.54.3) 50 ms * 50 ms -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
Sean- It looks OK from here right now: traceroute to infoserver.fcc.gov (192.104.54.3), 30 hops max, 40 byte packets 1 ShaysNet-gw.shaysnet.com (199.170.68.2) 3 ms 3 ms 3 ms 2 Loopback0.GW2.BOS1.Alter.Net (137.39.2.208) 9 ms 9 ms 9 ms 3 124.ATM2-0.XR1.BOS1.ALTER.NET (146.188.176.242) 8 ms 9 ms 8 ms 4 291.ATM2-0.TR1.NYC1.ALTER.NET (146.188.179.90) 14 ms 13 ms 14 ms 5 104.ATM7-0.TR1.DCA8.ALTER.NET (146.188.138.117) 21 ms 20 ms 20 ms 6 152.63.32.165 (152.63.32.165) 20 ms 19 ms 20 ms 7 195.ATM9-0-0.GW2.DCA3.ALTER.NET (146.188.163.185) 21 ms 21 ms 24 ms 8 fcc.gov-gw.customer.alter.net (157.130.39.150) 21 ms 22 ms 22 ms 9 infoserver.fcc.gov (192.104.54.3) 26 ms * 24 ms But (IIRC) Warwick Online hosed UUNet a few months back by injecting BGP bogons into their backbone. It appeared to be a router misconfiguration at the time. Maybe this was just another typo (JAT). Regards, David Leonard ShaysNet
participants (2)
-
M. David Leonard
-
Sean Donelan