[No attempts at 01-April humor will be attempted in this message.] Seeking help from routing engineers around the 'net: ARIN documents that 192.139.135.0/24 has been allocated to Metro Wireless International: https://whois.arin.net/rest/net/NET-192-139-135-0-1 Further, the party to whom 192.139.135.0/24 has been allocated has published a ROA in ARIN's hosted RPKI asserting that bgp announcements for that prefix are valid only when originating in AS63251. To view this, go to your favorite RPKI vantage point that uses ARIN's TAL. If you don't yet have a favorite, feel free to telnet to route-server.ip.att.net and run: show validation database record 192.139.135.0/24 Unfortunately, as may be seen at route-views, etc, most of the Internet now prefers an invalid path that's mis-originated in as4808: Network Next Hop Path * 192.139.135.0 208.51.134.254 3549 3356 4837 4808 i * 194.85.40.15 3267 3356 4837 4808 i * 193.0.0.56 3333 1273 4837 4808 i * 37.139.139.0 57866 6762 4837 4808 i * 12.0.1.63 7018 1299 53292 63251 ? * 140.192.8.16 54728 20130 6939 4837 4808 i * 91.218.184.60 49788 1299 53292 63251 ? * 203.181.248.168 7660 2516 4837 4808 i * 154.11.12.212 852 4837 4808 i * 134.222.87.1 286 1299 53292 63251 ? * 209.124.176.223 101 101 3356 4837 4808 i * 137.39.3.55 701 4837 4808 i * 94.142.247.3 8283 1239 4837 4808 i * 162.251.163.2 53767 3257 1299 53292 63251 ? * 212.66.96.126 20912 1267 3356 4837 4808 i * 198.58.198.255 1403 6461 4837 4808 i * 198.58.198.254 1403 6461 4837 4808 i *> 202.232.0.2 2497 4837 4808 i * 203.62.252.83 1221 4637 4837 4808 i * 132.198.255.253 1351 6939 4837 4808 i * 206.24.210.80 3561 209 4837 4808 i * 195.208.112.161 3277 39710 9002 3356 4837 4808 i * 217.192.89.50 3303 4837 4808 i * 173.205.57.234 53364 3257 1299 53292 63251 ? * 207.172.6.20 6079 3356 4837 4808 i * 207.172.6.1 6079 3356 4837 4808 i * 208.74.64.40 19214 174 4837 4837 4808 i * 144.228.241.130 1239 4837 4808 i * 162.250.137.254 4901 6079 3356 4837 4808 i * 114.31.199.1 4826 1299 53292 63251 i * 64.71.137.241 6939 4837 4808 i Please help the Metro Wireless International folks get this cleared up so their 192.139.135.0/24 can once again be usable. In particular, help is sought from 4837 and their transit providers: 1239 701 3356 (Yes, I am trying to reach folks at those networks in other ways, too.) Thanks. Jay B.
(from offline chat and pokery) It looks like 701/1239/3356 are permitting 4837 to announce this prefix because: $ whois -h whois.radb.net 192.139.135.0 route: 192.139.135.0/24 descr: managedway company origin: AS53292 mnt-by: MAINT-AS53292 changed: rsanders@managedway.com 20181128 #23:11:53Z source: RADB route: 192.139.135.0/24 descr: GLENQCY1 origin: AS271 mnt-by: BELL-RC changed: config@in.bell.ca 19930820 source: BELL route: 192.139.135.0/24 descr: CMI IP Transit origin: AS4808 admin-c: MAINT-CMI-INT-HK tech-c: MAINT-CMI-INT-HK mnt-by: MAINT-CMI-INT-HK changed: qas_support@cmi.chinamobile.com 20160525 source: NTTCOM mntner: MAINT-CMI-INT-HK descr: China Mobile International Limited country: HK admin-c: CMIL1-AP upd-to: qas_support@cmi.chinamobile.com auth: # Filtered mnt-by: MAINT-CMI-INT-HK referral-by: APNIC-HM last-modified: 2017-11-22T09:00:43Z source: APNIC There is some less-than-great management of the associated IRR data. It'd be in the best interest of <someone> (Metro Wireless) to start asking the various IRR's: bell - config@in.bell.ca ? radb - nttcom - job? apnic - to remove the objects in question. I'm curious why NTT's still holding this record since there's a competing ROA? On Mon, Apr 1, 2019 at 1:27 PM Jay Borkenhagen <jayb@braeburn.org> wrote:
[No attempts at 01-April humor will be attempted in this message.]
Seeking help from routing engineers around the 'net:
ARIN documents that 192.139.135.0/24 has been allocated to Metro Wireless International:
https://whois.arin.net/rest/net/NET-192-139-135-0-1
Further, the party to whom 192.139.135.0/24 has been allocated has published a ROA in ARIN's hosted RPKI asserting that bgp announcements for that prefix are valid only when originating in AS63251. To view this, go to your favorite RPKI vantage point that uses ARIN's TAL. If you don't yet have a favorite, feel free to telnet to route-server.ip.att.net and run:
show validation database record 192.139.135.0/24
Unfortunately, as may be seen at route-views, etc, most of the Internet now prefers an invalid path that's mis-originated in as4808:
Network Next Hop Path * 192.139.135.0 208.51.134.254 3549 3356 4837 4808 i * 194.85.40.15 3267 3356 4837 4808 i * 193.0.0.56 3333 1273 4837 4808 i * 37.139.139.0 57866 6762 4837 4808 i * 12.0.1.63 7018 1299 53292 63251 ? * 140.192.8.16 54728 20130 6939 4837 4808 i * 91.218.184.60 49788 1299 53292 63251 ? * 203.181.248.168 7660 2516 4837 4808 i * 154.11.12.212 852 4837 4808 i * 134.222.87.1 286 1299 53292 63251 ? * 209.124.176.223 101 101 3356 4837 4808 i * 137.39.3.55 701 4837 4808 i * 94.142.247.3 8283 1239 4837 4808 i * 162.251.163.2 53767 3257 1299 53292 63251 ? * 212.66.96.126 20912 1267 3356 4837 4808 i * 198.58.198.255 1403 6461 4837 4808 i * 198.58.198.254 1403 6461 4837 4808 i *> 202.232.0.2 2497 4837 4808 i * 203.62.252.83 1221 4637 4837 4808 i * 132.198.255.253 1351 6939 4837 4808 i * 206.24.210.80 3561 209 4837 4808 i * 195.208.112.161 3277 39710 9002 3356 4837 4808 i * 217.192.89.50 3303 4837 4808 i * 173.205.57.234 53364 3257 1299 53292 63251 ? * 207.172.6.20 6079 3356 4837 4808 i * 207.172.6.1 6079 3356 4837 4808 i * 208.74.64.40 19214 174 4837 4837 4808 i * 144.228.241.130 1239 4837 4808 i * 162.250.137.254 4901 6079 3356 4837 4808 i * 114.31.199.1 4826 1299 53292 63251 i * 64.71.137.241 6939 4837 4808 i
Please help the Metro Wireless International folks get this cleared up so their 192.139.135.0/24 can once again be usable. In particular, help is sought from 4837 and their transit providers:
1239 701 3356
(Yes, I am trying to reach folks at those networks in other ways, too.)
Thanks.
Jay B.
Ack for NTT On Mon, Apr 1, 2019 at 21:36 Christopher Morrow <morrowc.lists@gmail.com> wrote:
(from offline chat and pokery)
It looks like 701/1239/3356 are permitting 4837 to announce this prefix because: $ whois -h whois.radb.net 192.139.135.0 route: 192.139.135.0/24 descr: managedway company origin: AS53292 mnt-by: MAINT-AS53292 changed: rsanders@managedway.com 20181128 #23:11:53Z source: RADB
route: 192.139.135.0/24 descr: GLENQCY1 origin: AS271 mnt-by: BELL-RC changed: config@in.bell.ca 19930820 source: BELL
route: 192.139.135.0/24 descr: CMI IP Transit origin: AS4808 admin-c: MAINT-CMI-INT-HK tech-c: MAINT-CMI-INT-HK mnt-by: MAINT-CMI-INT-HK changed: qas_support@cmi.chinamobile.com 20160525 source: NTTCOM
mntner: MAINT-CMI-INT-HK descr: China Mobile International Limited country: HK admin-c: CMIL1-AP upd-to: qas_support@cmi.chinamobile.com auth: # Filtered mnt-by: MAINT-CMI-INT-HK referral-by: APNIC-HM last-modified: 2017-11-22T09:00:43Z source: APNIC
There is some less-than-great management of the associated IRR data. It'd be in the best interest of <someone> (Metro Wireless) to start asking the various IRR's: bell - config@in.bell.ca ? radb - nttcom - job? apnic -
to remove the objects in question. I'm curious why NTT's still holding this record since there's a competing ROA?
On Mon, Apr 1, 2019 at 1:27 PM Jay Borkenhagen <jayb@braeburn.org> wrote:
[No attempts at 01-April humor will be attempted in this message.]
Seeking help from routing engineers around the 'net:
ARIN documents that 192.139.135.0/24 has been allocated to Metro Wireless International:
https://whois.arin.net/rest/net/NET-192-139-135-0-1
Further, the party to whom 192.139.135.0/24 has been allocated has published a ROA in ARIN's hosted RPKI asserting that bgp announcements for that prefix are valid only when originating in AS63251. To view this, go to your favorite RPKI vantage point that uses ARIN's TAL. If you don't yet have a favorite, feel free to telnet to route-server.ip.att.net and run:
show validation database record 192.139.135.0/24
Unfortunately, as may be seen at route-views, etc, most of the Internet now prefers an invalid path that's mis-originated in as4808:
Network Next Hop Path * 192.139.135.0 208.51.134.254 3549 3356 4837 4808 i * 194.85.40.15 3267 3356 4837 4808 i * 193.0.0.56 3333 1273 4837 4808 i * 37.139.139.0 57866 6762 4837 4808 i * 12.0.1.63 7018 1299 53292 63251 ? * 140.192.8.16 54728 20130 6939 4837 4808 i * 91.218.184.60 49788 1299 53292 63251 ? * 203.181.248.168 7660 2516 4837 4808 i * 154.11.12.212 852 4837 4808 i * 134.222.87.1 286 1299 53292 63251 ? * 209.124.176.223 101 101 3356 4837 4808 i * 137.39.3.55 701 4837 4808 i * 94.142.247.3 8283 1239 4837 4808 i * 162.251.163.2 53767 3257 1299 53292 63251 ? * 212.66.96.126 20912 1267 3356 4837 4808 i * 198.58.198.255 1403 6461 4837 4808 i * 198.58.198.254 1403 6461 4837 4808 i *> 202.232.0.2 2497 4837 4808 i * 203.62.252.83 1221 4637 4837 4808 i * 132.198.255.253 1351 6939 4837 4808 i * 206.24.210.80 3561 209 4837 4808 i * 195.208.112.161 3277 39710 9002 3356 4837 4808 i * 217.192.89.50 3303 4837 4808 i * 173.205.57.234 53364 3257 1299 53292 63251 ? * 207.172.6.20 6079 3356 4837 4808 i * 207.172.6.1 6079 3356 4837 4808 i * 208.74.64.40 19214 174 4837 4837 4808 i * 144.228.241.130 1239 4837 4808 i * 162.250.137.254 4901 6079 3356 4837 4808 i * 114.31.199.1 4826 1299 53292 63251 i * 64.71.137.241 6939 4837 4808 i
Please help the Metro Wireless International folks get this cleared up so their 192.139.135.0/24 can once again be usable. In particular, help is sought from 4837 and their transit providers:
1239 701 3356
(Yes, I am trying to reach folks at those networks in other ways, too.)
Thanks.
Jay B.
Any luck reaching AS4837? route-views>show ip bgp 192.139.135.0/24 longer-prefixes BGP table version is 103101215, local router ID is 128.223.51.103 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path * 192.139.135.0 208.51.134.254 0 0 3549 3356 4837 4808 i * 194.85.40.15 0 0 3267 3356 4837 4808 i * 193.0.0.56 0 3333 1273 4837 4808 i * 37.139.139.0 0 57866 6762 4837 4808 i * 12.0.1.63 0 7018 1299 53292 63251 ? * 140.192.8.16 0 54728 20130 6939 4837 4808 i * 91.218.184.60 0 49788 1299 53292 63251 ? * 203.181.248.168 0 7660 2516 4837 4808 i * 154.11.12.212 0 0 852 4837 4808 i * 134.222.87.1 700 0 286 1299 53292 63251 ? * 209.124.176.223 0 101 101 3356 4837 4808 i * 137.39.3.55 0 701 3356 4837 4808 i * 94.142.247.3 0 0 8283 1299 53292 63251 ? * 162.251.163.2 0 53767 3257 1299 53292 63251 ? * 212.66.96.126 0 20912 1267 3356 4837 4808 i * 198.58.198.255 0 1403 6461 4837 4808 i * 198.58.198.254 0 1403 6461 4837 4808 i *> 202.232.0.2 0 2497 4837 4808 i * 203.62.252.83 0 1221 4637 4837 4808 i * 132.198.255.253 0 1351 6939 4837 4808 i * 206.24.210.80 0 3561 209 4837 4808 i * 195.208.112.161 0 3277 39710 9002 3356 4837 4808 i * 217.192.89.50 0 3303 4837 4808 i * 173.205.57.234 0 53364 3257 1299 53292 63251 ? * 207.172.6.20 0 0 6079 3356 4837 4808 i * 207.172.6.1 0 0 6079 3356 4837 4808 i * 208.74.64.40 0 19214 174 3356 4837 4808 i * 144.228.241.130 240 0 1239 4837 4808 i * 162.250.137.254 0 4901 6079 3356 4837 4808 i * 114.31.199.1 0 4826 1299 53292 63251 i * 64.71.137.241 0 6939 4837 4808 i route-views> On 4/1/19, 1:30 PM, "NANOG on behalf of Jay Borkenhagen" <nanog-bounces@nanog.org on behalf of jayb@braeburn.org> wrote: [No attempts at 01-April humor will be attempted in this message.] Seeking help from routing engineers around the 'net: ARIN documents that 192.139.135.0/24 has been allocated to Metro Wireless International: https://whois.arin.net/rest/net/NET-192-139-135-0-1 Further, the party to whom 192.139.135.0/24 has been allocated has published a ROA in ARIN's hosted RPKI asserting that bgp announcements for that prefix are valid only when originating in AS63251. To view this, go to your favorite RPKI vantage point that uses ARIN's TAL. If you don't yet have a favorite, feel free to telnet to route-server.ip.att.net and run: show validation database record 192.139.135.0/24 Unfortunately, as may be seen at route-views, etc, most of the Internet now prefers an invalid path that's mis-originated in as4808: Network Next Hop Path * 192.139.135.0 208.51.134.254 3549 3356 4837 4808 i * 194.85.40.15 3267 3356 4837 4808 i * 193.0.0.56 3333 1273 4837 4808 i * 37.139.139.0 57866 6762 4837 4808 i * 12.0.1.63 7018 1299 53292 63251 ? * 140.192.8.16 54728 20130 6939 4837 4808 i * 91.218.184.60 49788 1299 53292 63251 ? * 203.181.248.168 7660 2516 4837 4808 i * 154.11.12.212 852 4837 4808 i * 134.222.87.1 286 1299 53292 63251 ? * 209.124.176.223 101 101 3356 4837 4808 i * 137.39.3.55 701 4837 4808 i * 94.142.247.3 8283 1239 4837 4808 i * 162.251.163.2 53767 3257 1299 53292 63251 ? * 212.66.96.126 20912 1267 3356 4837 4808 i * 198.58.198.255 1403 6461 4837 4808 i * 198.58.198.254 1403 6461 4837 4808 i *> 202.232.0.2 2497 4837 4808 i * 203.62.252.83 1221 4637 4837 4808 i * 132.198.255.253 1351 6939 4837 4808 i * 206.24.210.80 3561 209 4837 4808 i * 195.208.112.161 3277 39710 9002 3356 4837 4808 i * 217.192.89.50 3303 4837 4808 i * 173.205.57.234 53364 3257 1299 53292 63251 ? * 207.172.6.20 6079 3356 4837 4808 i * 207.172.6.1 6079 3356 4837 4808 i * 208.74.64.40 19214 174 4837 4837 4808 i * 144.228.241.130 1239 4837 4808 i * 162.250.137.254 4901 6079 3356 4837 4808 i * 114.31.199.1 4826 1299 53292 63251 i * 64.71.137.241 6939 4837 4808 i Please help the Metro Wireless International folks get this cleared up so their 192.139.135.0/24 can once again be usable. In particular, help is sought from 4837 and their transit providers: 1239 701 3356 (Yes, I am trying to reach folks at those networks in other ways, too.) Thanks. Jay B.
Hi nanog, With help from China Unicom (as4837) and from folks in other key places around the 'net, I am happy to report that this route mis-origination has now been successfully resolved. Thanks, all! I urge folks facing similar problems to publish RPKI ROAs for their IP resources. I started on this mission after I noticed a discrepancy regarding the validation state of this prefix in the as7018 network. Someday when more networks perform RPKI route origin validation more broadly this kind of issue will be addressed automatically, but even prior to that happening, the verifiable statements in RPKI ROAs can be attributed to you as the actual resource holder, thus helping folks base their response actions on your intent. If you are not facing similar problems today, you could be tomorrow: so publish your ROAs now! Thanks. Jay B. Smith, Courtney writes:
Any luck reaching AS4837?
route-views>show ip bgp 192.139.135.0/24 longer-prefixes BGP table version is 103101215, local router ID is 128.223.51.103 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path * 192.139.135.0 208.51.134.254 0 0 3549 3356 4837 4808 i * 194.85.40.15 0 0 3267 3356 4837 4808 i * 193.0.0.56 0 3333 1273 4837 4808 i * 37.139.139.0 0 57866 6762 4837 4808 i * 12.0.1.63 0 7018 1299 53292 63251 ? * 140.192.8.16 0 54728 20130 6939 4837 4808 i * 91.218.184.60 0 49788 1299 53292 63251 ? * 203.181.248.168 0 7660 2516 4837 4808 i * 154.11.12.212 0 0 852 4837 4808 i * 134.222.87.1 700 0 286 1299 53292 63251 ? * 209.124.176.223 0 101 101 3356 4837 4808 i * 137.39.3.55 0 701 3356 4837 4808 i * 94.142.247.3 0 0 8283 1299 53292 63251 ? * 162.251.163.2 0 53767 3257 1299 53292 63251 ? * 212.66.96.126 0 20912 1267 3356 4837 4808 i * 198.58.198.255 0 1403 6461 4837 4808 i * 198.58.198.254 0 1403 6461 4837 4808 i *> 202.232.0.2 0 2497 4837 4808 i * 203.62.252.83 0 1221 4637 4837 4808 i * 132.198.255.253 0 1351 6939 4837 4808 i * 206.24.210.80 0 3561 209 4837 4808 i * 195.208.112.161 0 3277 39710 9002 3356 4837 4808 i * 217.192.89.50 0 3303 4837 4808 i * 173.205.57.234 0 53364 3257 1299 53292 63251 ? * 207.172.6.20 0 0 6079 3356 4837 4808 i * 207.172.6.1 0 0 6079 3356 4837 4808 i * 208.74.64.40 0 19214 174 3356 4837 4808 i * 144.228.241.130 240 0 1239 4837 4808 i * 162.250.137.254 0 4901 6079 3356 4837 4808 i * 114.31.199.1 0 4826 1299 53292 63251 i * 64.71.137.241 0 6939 4837 4808 i route-views>
On 4/1/19, 1:30 PM, "NANOG on behalf of Jay Borkenhagen" <nanog-bounces@nanog.org on behalf of jayb@braeburn.org> wrote:
[No attempts at 01-April humor will be attempted in this message.]
Seeking help from routing engineers around the 'net:
ARIN documents that 192.139.135.0/24 has been allocated to Metro Wireless International:
https://whois.arin.net/rest/net/NET-192-139-135-0-1
Further, the party to whom 192.139.135.0/24 has been allocated has published a ROA in ARIN's hosted RPKI asserting that bgp announcements for that prefix are valid only when originating in AS63251. To view this, go to your favorite RPKI vantage point that uses ARIN's TAL. If you don't yet have a favorite, feel free to telnet to route-server.ip.att.net and run:
show validation database record 192.139.135.0/24
Unfortunately, as may be seen at route-views, etc, most of the Internet now prefers an invalid path that's mis-originated in as4808:
Network Next Hop Path * 192.139.135.0 208.51.134.254 3549 3356 4837 4808 i * 194.85.40.15 3267 3356 4837 4808 i * 193.0.0.56 3333 1273 4837 4808 i * 37.139.139.0 57866 6762 4837 4808 i * 12.0.1.63 7018 1299 53292 63251 ? * 140.192.8.16 54728 20130 6939 4837 4808 i * 91.218.184.60 49788 1299 53292 63251 ? * 203.181.248.168 7660 2516 4837 4808 i * 154.11.12.212 852 4837 4808 i * 134.222.87.1 286 1299 53292 63251 ? * 209.124.176.223 101 101 3356 4837 4808 i * 137.39.3.55 701 4837 4808 i * 94.142.247.3 8283 1239 4837 4808 i * 162.251.163.2 53767 3257 1299 53292 63251 ? * 212.66.96.126 20912 1267 3356 4837 4808 i * 198.58.198.255 1403 6461 4837 4808 i * 198.58.198.254 1403 6461 4837 4808 i *> 202.232.0.2 2497 4837 4808 i * 203.62.252.83 1221 4637 4837 4808 i * 132.198.255.253 1351 6939 4837 4808 i * 206.24.210.80 3561 209 4837 4808 i * 195.208.112.161 3277 39710 9002 3356 4837 4808 i * 217.192.89.50 3303 4837 4808 i * 173.205.57.234 53364 3257 1299 53292 63251 ? * 207.172.6.20 6079 3356 4837 4808 i * 207.172.6.1 6079 3356 4837 4808 i * 208.74.64.40 19214 174 4837 4837 4808 i * 144.228.241.130 1239 4837 4808 i * 162.250.137.254 4901 6079 3356 4837 4808 i * 114.31.199.1 4826 1299 53292 63251 i * 64.71.137.241 6939 4837 4808 i
Please help the Metro Wireless International folks get this cleared up so their 192.139.135.0/24 can once again be usable. In particular, help is sought from 4837 and their transit providers:
1239 701 3356
(Yes, I am trying to reach folks at those networks in other ways, too.)
Thanks.
Jay B.
Hi all, On Wed, Apr 03, 2019 at 10:59:18AM -0400, Jay Borkenhagen wrote:
I urge folks facing similar problems to publish RPKI ROAs for their IP resources. [snip] the verifiable statements in RPKI ROAs can be attributed to you as the actual resource holder, thus helping folks base their response actions on your intent.
If you are not facing similar problems today, you could be tomorrow: so publish your ROAs now!
Jay is touching upon a very important aspect here: without the RPKI ROA it would've taken NTT significantly more effort to decide whether removal of the erroneous IRR route object would've been appropriate or not. We consider RPKI ROAs a higher source of truth, so drawing conclusions when faced with unvalidated IRR data is a breeze. RPKI ROAs can be instrumental in resolving issues of administrative nature. Keep in mind that ROAs are not just for BGP Origin Validation but serve other useful purposes too. Publish your ROAs today! Kind regards, Job ps. Usual caveats apply to IP resources managed through ARIN; the ARIN TAL is not as well distributed as RPKI TALs from other RIRs; this essentially has lead to a degradation of the quality of ARIN's RPKI service. This policy proposal may help address operational issues: https://www.arin.net/participate/policy/drafts/2019_4/
participants (4)
-
Christopher Morrow -
Jay Borkenhagen -
Job Snijders -
Smith, Courtney