Did anyone else notice that the path changed from 65332 to 65332 65331 earlier today? We certainly did when we starting advertising all the bogons to our ISP peers. Probably should have had an inbound AS path filter on that cymru peering...
On 16/09/2013 18:01, Ben Bartsch wrote:
We certainly did when we starting advertising all the bogons to our ISP peers. Probably should have had an inbound AS path filter on that cymru peering...
better still, tag them all with a BGP community to make a note that they are bogons from Cymru (i.e. immediately identifiable throughout your network), and also tag them with no-export to ensure that they cannot propagate outside your asn. as-path filters are inefficient from several points of view. Nick
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, NANOGers.
Did anyone else notice that the path changed from 65332 to 65332 65331 earlier today?
My apologies! We had a configuration "oops" during a migration to a new back-end infrastructure. We're working through that now, and I believe we have it sorted. I'll send out a more gory detailed update in a bit.
We certainly did when we starting advertising all the bogons to our ISP peers. Probably should have had an inbound AS path filter on that cymru peering...
Yes, please, great advice from both you and Nick. Our Juniper configuration templates have something along these lines already. I need to add the same to our Cisco configuration snippets. <https://www.team-cymru.org/Services/Bogons/bgp-examples.html> Feedback on the configuration snippets is always welcome! Be the first in your ASN to add your name to the contributor list. :) Again my apologies for any inconvenience or consternation this mishap has caused. Thanks, Rob. - -- Rabbi Rob Thomas Team Cymru https://www.team-cymru.org/ "Does this augment or diminish human liberty?" - William F. Buckley -----BEGIN PGP SIGNATURE----- iQCVAwUBUjc+n1kX3QAo5sgJAQL4EQP+MIuA0TXvDIAXfDa2/0cW0k2pSpQqXuYe 52bYEMMHQDDLY+1XTXYnwrGGE/bcAIjyz6Mj9Kz0eN4FqvwTa2Nt64OjsQe6+drr eJoCp2kxOlYamX+tHX8KSd3Ge/l91LAkBms3GoM0CbL7JtBo+OZoZRUdYPj3PXdq EBH8eDQNboc= =8piW -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi again, NANOGers.
My apologies! We had a configuration "oops" during a migration to a new back-end infrastructure. We're working through that now, and I believe we have it sorted. I'll send out a more gory detailed update in a bit.
We're moving from Cisco gear to bird routing software (http://bird.network.cz) and there was a misconfiguration in one of our route reflectors. We tested this extensively but in a limited Unfortunately we didn't notice it until we brought all of the changes online. Since we've been at this a while, we figured there would be a couple of interesting "features" that arose during the change. :) We sent out an announcement of the change window to our bogon peers. Ben, did we miss you? If so, I apologize and please let me know. We'll ensure you're on the list for the next update. I probably should have sent this along to a few lists such as NANOG. Here's the announcement for the benefit of all: - --- snip snip --- Dear bogon feed subscriber, You are receiving this note because you are peering with one or more of our bogon route servers via BGP. Please be informed that there will be a maintenance window for the bogon route server project on Monday, September 16th from 14:00 to 18:00 GMT. WHAT IS HAPPENING? We will be making some improvements to the code that we use to generate the BGP bogon feeds. These changes are being done to make our service compliant with the new "extended" allocation and assignment reports being offered by the Regional Internet Registries (RIRs). HOW WILL I BE AFFECTED? Your BGP peering session should not flap during this maintenance window. However, you may notice our bogon routes get withdrawn and re-announced several times as a result of internal changes we are making. When the maintenance window is complete the number of routes you receive over your peering session should be as follows: IPv4 Bogons: approximately 3,300 routes IPv6 Bogons: approximately 44,000 routes DO I NEED TO MAKE ANY CHANGES ON MY SIDE? No. None of the parameters for the BGP peering sessions will be changing. The only setting you may need to adjust is if you have configured a prefix limit for the number of routes you'll accept from us. However, since the number of advertised routes is decreasing even this change is likely unnecessary. WHY ARE YOU DOING THIS? The new RIR extended allocation reports make some minor changes to the status definitions for network resources. All IP resources are now defined as one of the following: available allocated assigned reserved The meaning of these definitions can be found here: <https://www.arin.net/knowledge/statistics/nro_extended_stats_format.pdf> We are updating our software to use the new extended reports for tracking RIR allocations. Under the new system, we will only announce prefixes that are marked 'available' as bogons, along with special netblocks that are identified in RFC 3330, RFC 4291 and similar documents. Because this definition is more strict than what we used for the previous report format the overall number of bogon routes will decrease. It will also make the chances of accidentally identifying an allocated prefix as 'bogon' much less likely. WHO DO I CONTACT IF I HAVE QUESTIONS? You can reach us at support@cymru.com or by any of the methods listed at http://www.team-cymru.org/About/contact.html. Thank you for participating in the bogon feed project and for your continued support. Sincerely, Team Cymru - --- snip snip --- We're a bit past our change window, and my apologies for that. We're almost at the finish line, however, so I'll beg your indulgences while we wind it up. Thank you as always for your patience and support! Thanks, Rob. - -- Rabbi Rob Thomas Team Cymru https://www.team-cymru.org/ "Does this augment or diminish human liberty?" - William F. Buckley -----BEGIN PGP SIGNATURE----- iQCVAwUBUjdBF1kX3QAo5sgJAQJa9wQAj/JN/HnWDmKreK28//aXvlrY3Qa4K9G6 VDzfZ+6WE5DHk5BQIpQgBkcTB7DW0/Bu9FEU2loipJAqlcscb6GfOLofgfKJ1YYp cnAcpXQ/q4aZhOXdu4+9Gn7ZYSzNtAGiANIaGbRQLHbwIcwH1/0Nj9ym7sYVLl9D MuZjQ1DXBSs= =xN5l -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, NANOGers.
We're a bit past our change window, and my apologies for that. We're almost at the finish line, however, so I'll beg your indulgences while we wind it up.
We've completed the change and all looks migrated and happy. The change window is now closed. If anyone comes across anything that looks awry, please reach out to us at support@cymru.com and we will address it immediately. Thank you! Rob. - -- Rabbi Rob Thomas Team Cymru https://www.team-cymru.org/ "Does this augment or diminish human liberty?" - William F. Buckley -----BEGIN PGP SIGNATURE----- iQCVAwUBUjdGw1kX3QAo5sgJAQLYbwP+M8CIa/jLE4MKNLCTHVN3+SrGZCMxtLdm mgA/Tmjs+n2xvAW9RscTiDIMR5fazniPZhk/5+o9POIw17EKKWfIAcOF7CT2mxxw hSNmuirFEJ0FWfM3bT4P4TWj0dKjLFlVIJEsByumIn6hgUSPOVyNy1YpU7I/VwE0 2SQLAIek1uA= =El22 -----END PGP SIGNATURE-----
participants (3)
-
Ben Bartsch
-
Nick Hilliard
-
Rabbi Rob Thomas