AS4134/AS4847 - Appear to be hijacking some ip space.
Howdy gentle folks: It looks like AS4847 - "China Networks Inter-Exchange" Is taking some time to announce reachability for at least: 136.38.33.0/24 which they ought not, given that this /24 is part of a /11 assigned to AS16591 (google fiber)... Looking at routeviews data, I see the following as-paths for this one /24: $ grep -A1 Refresh /tmp/x | grep 4847 1239 174 4134 4847 3549 3356 174 4134 4847 701 174 4134 4847 4901 6079 3257 4134 4847 20912 174 4134 4847 1221 4637 4134 4847 1351 11164 4134 4847 6079 1299 4134 4847 6079 3257 4134 4847 7018 4134 4847 6939 1299 4134 4847 3561 209 4134 4847 3303 4134 4847 3277 39710 9002 4134 4847 2497 4134 4847 4826 1299 4134 4847 54728 20130 23352 2914 4134 4847 19214 3257 4134 4847 101 101 11164 4134 4847 1403 6453 4134 4847 852 6453 4134 4847 1403 6453 4134 4847 286 4134 4847 3333 1273 4134 4847 57866 3491 4134 4847 3267 1299 4134 4847 49788 174 4134 4847 53767 3257 4134 4847 53364 3257 4134 4847 8283 57866 3491 4134 4847 7660 2516 4134 4847
From that I think the following AS should have filtered this prefix and are not: $ grep -A1 Refresh /tmp/x | grep 4847 | sed 's/ 4134 4847//' | awk '{print $NF}' | sort -n | uniq
174 - Cogent 209 - Qwest 286 - KPN 1273 - Vodafone 1299 - Telia 2497 - IIJ 2516 - KDDI 2914 - NTT 3257 - GTT 3303 - Swisscom 3491 - PCCW 4637 - Telstra 6453 - TATA 7018 - ATT 9002 - RETN 11164 - Internet2 It'd be great if the listed folk could filter AS4134 :) -Chris
Hi Chris, It would be great if the Google Fiber / AS16591 folks could publish a ROA in ARIN's hosted RPKI authorizing exactly 136.32.0.0/11 to be originated only in AS16591. That ROA would have addressed this matter from AS7018's point of view. In the interim, I have added a temporary whitelist (slurm) entry into our RPKI caches, causing the AS7018 network to disregard the more-specific /24s under 136.32.0.0/11. Good luck. Jay B. Christopher Morrow writes:
Howdy gentle folks:
It looks like AS4847 - "China Networks Inter-Exchange"
Is taking some time to announce reachability for at least: 136.38.33.0/24
which they ought not, given that this /24 is part of a /11 assigned to AS16591 (google fiber)... Looking at routeviews data, I see the following as-paths for this one /24: $ grep -A1 Refresh /tmp/x | grep 4847 1239 174 4134 4847 3549 3356 174 4134 4847 701 174 4134 4847 4901 6079 3257 4134 4847 20912 174 4134 4847 1221 4637 4134 4847 1351 11164 4134 4847 6079 1299 4134 4847 6079 3257 4134 4847 7018 4134 4847 6939 1299 4134 4847 3561 209 4134 4847 3303 4134 4847 3277 39710 9002 4134 4847 2497 4134 4847 4826 1299 4134 4847 54728 20130 23352 2914 4134 4847 19214 3257 4134 4847 101 101 11164 4134 4847 1403 6453 4134 4847 852 6453 4134 4847 1403 6453 4134 4847 286 4134 4847 3333 1273 4134 4847 57866 3491 4134 4847 3267 1299 4134 4847 49788 174 4134 4847 53767 3257 4134 4847 53364 3257 4134 4847 8283 57866 3491 4134 4847 7660 2516 4134 4847
From that I think the following AS should have filtered this prefix and are not: $ grep -A1 Refresh /tmp/x | grep 4847 | sed 's/ 4134 4847//' | awk '{print $NF}' | sort -n | uniq
174 - Cogent 209 - Qwest 286 - KPN 1273 - Vodafone 1299 - Telia 2497 - IIJ 2516 - KDDI 2914 - NTT 3257 - GTT 3303 - Swisscom 3491 - PCCW 4637 - Telstra 6453 - TATA 7018 - ATT 9002 - RETN 11164 - Internet2
It'd be great if the listed folk could filter AS4134 :)
-Chris
On Fri, Apr 5, 2019 at 12:29 PM Jay Borkenhagen <jayb@att.com> wrote:
Hi Chris,
yes!
It would be great if the Google Fiber / AS16591 folks could publish a ROA in ARIN's hosted RPKI authorizing exactly 136.32.0.0/11 to be originated only in AS16591. That ROA would have addressed this matter from AS7018's point of view.
ok, cool. This is sort of on my plate, at least from the internal viz/evangelizing perspective, and I'll go spend time chatting up the folk in fiber-land. having a: "See, doing this would prevent this" is helpful.
In the interim, I have added a temporary whitelist (slurm) entry into our RPKI caches, causing the AS7018 network to disregard the more-specific /24s under 136.32.0.0/11.
thanks!
Good luck. Jay B.
Christopher Morrow writes:
Howdy gentle folks:
It looks like AS4847 - "China Networks Inter-Exchange"
Is taking some time to announce reachability for at least: 136.38.33.0/24
which they ought not, given that this /24 is part of a /11 assigned to AS16591 (google fiber)... Looking at routeviews data, I see the following as-paths for this one /24: $ grep -A1 Refresh /tmp/x | grep 4847 1239 174 4134 4847 3549 3356 174 4134 4847 701 174 4134 4847 4901 6079 3257 4134 4847 20912 174 4134 4847 1221 4637 4134 4847 1351 11164 4134 4847 6079 1299 4134 4847 6079 3257 4134 4847 7018 4134 4847 6939 1299 4134 4847 3561 209 4134 4847 3303 4134 4847 3277 39710 9002 4134 4847 2497 4134 4847 4826 1299 4134 4847 54728 20130 23352 2914 4134 4847 19214 3257 4134 4847 101 101 11164 4134 4847 1403 6453 4134 4847 852 6453 4134 4847 1403 6453 4134 4847 286 4134 4847 3333 1273 4134 4847 57866 3491 4134 4847 3267 1299 4134 4847 49788 174 4134 4847 53767 3257 4134 4847 53364 3257 4134 4847 8283 57866 3491 4134 4847 7660 2516 4134 4847
From that I think the following AS should have filtered this prefix and are not: $ grep -A1 Refresh /tmp/x | grep 4847 | sed 's/ 4134 4847//' | awk '{print $NF}' | sort -n | uniq
174 - Cogent 209 - Qwest 286 - KPN 1273 - Vodafone 1299 - Telia 2497 - IIJ 2516 - KDDI 2914 - NTT 3257 - GTT 3303 - Swisscom 3491 - PCCW 4637 - Telstra 6453 - TATA 7018 - ATT 9002 - RETN 11164 - Internet2
It'd be great if the listed folk could filter AS4134 :)
-Chris
Hey folks, I'm on it for solving both immediate issue and long term "fix". Louie -- Louie Lee, 李景雲 Peering Coordinator (AS16591 <https://as16591.peeringdb.com/>) Network Capacity Manager IP Numbers Administrator Google Fiber louiel@google.com (650) 253-2847 *There are 10 types of people in the world: Those who understand binary, and those who don't.* On Fri, Apr 5, 2019 at 11:17 AM Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Fri, Apr 5, 2019 at 12:29 PM Jay Borkenhagen <jayb@att.com> wrote:
Hi Chris,
yes!
It would be great if the Google Fiber / AS16591 folks could publish a ROA in ARIN's hosted RPKI authorizing exactly 136.32.0.0/11 to be originated only in AS16591. That ROA would have addressed this matter from AS7018's point of view.
ok, cool. This is sort of on my plate, at least from the internal viz/evangelizing perspective, and I'll go spend time chatting up the folk in fiber-land. having a: "See, doing this would prevent this" is helpful.
In the interim, I have added a temporary whitelist (slurm) entry into our RPKI caches, causing the AS7018 network to disregard the more-specific /24s under 136.32.0.0/11.
thanks!
Good luck. Jay B.
Christopher Morrow writes:
Howdy gentle folks:
It looks like AS4847 - "China Networks Inter-Exchange"
Is taking some time to announce reachability for at least: 136.38.33.0/24
which they ought not, given that this /24 is part of a /11 assigned to AS16591 (google fiber)... Looking at routeviews data, I see the following as-paths for this one /24: $ grep -A1 Refresh /tmp/x | grep 4847 1239 174 4134 4847 3549 3356 174 4134 4847 701 174 4134 4847 4901 6079 3257 4134 4847 20912 174 4134 4847 1221 4637 4134 4847 1351 11164 4134 4847 6079 1299 4134 4847 6079 3257 4134 4847 7018 4134 4847 6939 1299 4134 4847 3561 209 4134 4847 3303 4134 4847 3277 39710 9002 4134 4847 2497 4134 4847 4826 1299 4134 4847 54728 20130 23352 2914 4134 4847 19214 3257 4134 4847 101 101 11164 4134 4847 1403 6453 4134 4847 852 6453 4134 4847 1403 6453 4134 4847 286 4134 4847 3333 1273 4134 4847 57866 3491 4134 4847 3267 1299 4134 4847 49788 174 4134 4847 53767 3257 4134 4847 53364 3257 4134 4847 8283 57866 3491 4134 4847 7660 2516 4134 4847
From that I think the following AS should have filtered this prefix and are not: $ grep -A1 Refresh /tmp/x | grep 4847 | sed 's/ 4134 4847//' | awk '{print $NF}' | sort -n | uniq
174 - Cogent 209 - Qwest 286 - KPN 1273 - Vodafone 1299 - Telia 2497 - IIJ 2516 - KDDI 2914 - NTT 3257 - GTT 3303 - Swisscom 3491 - PCCW 4637 - Telstra 6453 - TATA 7018 - ATT 9002 - RETN 11164 - Internet2
It'd be great if the listed folk could filter AS4134 :)
-Chris
Looks like they stopped already, I'm not seeing this on 3491 nor on routeviews anymore. Pf
"Christopher" == Christopher Morrow <morrowc.lists@gmail.com> writes:
Christopher> Howdy gentle folks: Christopher> It looks like AS4847 - "China Networks Inter-Exchange" Christopher> Is taking some time to announce reachability for at least: Christopher> 136.38.33.0/24 Christopher> which they ought not, given that this /24 is part of a /11 assigned to Christopher> AS16591 (google fiber)... Looking at routeviews data, I see the Christopher> following as-paths for this one /24: Christopher> $ grep -A1 Refresh /tmp/x | grep 4847 Christopher> 1239 174 4134 4847 Christopher> 3549 3356 174 4134 4847 Christopher> 701 174 4134 4847 Christopher> 4901 6079 3257 4134 4847 Christopher> 20912 174 4134 4847 Christopher> 1221 4637 4134 4847 Christopher> 1351 11164 4134 4847 Christopher> 6079 1299 4134 4847 Christopher> 6079 3257 4134 4847 Christopher> 7018 4134 4847 Christopher> 6939 1299 4134 4847 Christopher> 3561 209 4134 4847 Christopher> 3303 4134 4847 Christopher> 3277 39710 9002 4134 4847 Christopher> 2497 4134 4847 Christopher> 4826 1299 4134 4847 Christopher> 54728 20130 23352 2914 4134 4847 Christopher> 19214 3257 4134 4847 Christopher> 101 101 11164 4134 4847 Christopher> 1403 6453 4134 4847 Christopher> 852 6453 4134 4847 Christopher> 1403 6453 4134 4847 Christopher> 286 4134 4847 Christopher> 3333 1273 4134 4847 Christopher> 57866 3491 4134 4847 Christopher> 3267 1299 4134 4847 Christopher> 49788 174 4134 4847 Christopher> 53767 3257 4134 4847 Christopher> 53364 3257 4134 4847 Christopher> 8283 57866 3491 4134 4847 Christopher> 7660 2516 4134 4847 Christopher> From that I think the following AS should have filtered this prefix and are not: Christopher> $ grep -A1 Refresh /tmp/x | grep 4847 | sed 's/ 4134 4847//' | awk Christopher> '{print $NF}' | sort -n | uniq Christopher> 174 - Cogent Christopher> 209 - Qwest Christopher> 286 - KPN Christopher> 1273 - Vodafone Christopher> 1299 - Telia Christopher> 2497 - IIJ Christopher> 2516 - KDDI Christopher> 2914 - NTT Christopher> 3257 - GTT Christopher> 3303 - Swisscom Christopher> 3491 - PCCW Christopher> 4637 - Telstra Christopher> 6453 - TATA Christopher> 7018 - ATT Christopher> 9002 - RETN Christopher> 11164 - Internet2 Christopher> It'd be great if the listed folk could filter AS4134 :) Christopher> -Chris -- Pierfrancesco Caci, ik5pvx
participants (4)
-
Christopher Morrow -
Jay Borkenhagen -
Louie Lee -
Pierfrancesco Caci