Dear Jack, Many thanks for your quick response. Keep in touch with you for the further information.
best regards Ching-Heng -----Original message----- From:王彥傑<[email protected]> To:chku<[email protected]> Cc:Anurag Bhatia<[email protected]>,郭喜振<[email protected]>,Kenny Huang<[email protected]>,ip<[email protected]>,apnic-talk<[email protected]> Date: Tue, 24 Nov 2020 10:27:54 Subject: Re: [外部郵件]Re: Fwd: [apnic-talk] Major jump in RPKI invalids from Taiwan in last 24hrs Hi Dr.Ku, Thanks for your reminder. We also notified customer to confirm if they have any service impact and get no impact response until now. And we also have no idea why as4809 advertises this prefixes to others because it depends on what connection relationship they are. If we get further information or need further help, we will get back to you. Thanks. Regards, Jack chku <[email protected]> 於 2020年11月24日 09:15 寫道: Dear Mr. Kuo, Please refer the following information. Thanks a lot. Ching-Heng Ku -----Original message----- From:Anurag Bhatia<[email protected]> To:chku<[email protected]> Cc:apnic-talk<[email protected]>,Kenny Huang<[email protected]>,ip<[email protected]> Date: Tue, 24 Nov 2020 01:03:30 Subject: Re: Fwd: [apnic-talk] Major jump in RPKI invalids from Taiwan in last 24hrs Hello Ching-Heng Thanks for looking into this. I am not sure what source RIPE Stat is picking in the link you shared. It might be based on a few RRCs likely. For my data, I am relying on RIPE RIS RRC01 and that clearly has these routes. Surely many of these routes are not visible across large part for the internet but AS36924 - GVA-Canalbox, BJ is feeding these routes to RIPE RIS 01. Out of 539 invalids we see, 496 have a AS_PATH as: 36924 21351 30844 4809 3462_ So routes are learnt from various 25 networks by Hinet AS3462 and next, announced to China Telecom AS4809 which are announced to AS30844 (Liquid Telecom) which announces to AS21351 (CANALPLUSTELECOM) and that is announcing to the AS36924 which is ultimately feeding these in RIPE RIS RRC01. These routes were not visible in 18th, 19th but are visible 20th onwards. I cannot say why RIPE Stat is not showing these. Could be that it ignores routes at the country level when they are visible from just one of few dozen collectors they have. But routes do exists for sure. Here's a check on latest visible RIS RRC01 dump: http://data.ris.ripe.net/rrc01/2020.11/bview.20201123.0800.gz bgpscanner -p "36924 21351 30844 4809 3462" bview.20201123.0800.gz | awk -F '|' '{OFS=" | "; print $2,$3}' 23.11.80.0/20 | 36924 21351 30844 4809 3462 4780 23.11.176.0/20 | 36924 21351 30844 4809 3462 4780 45.127.216.0/24 | 36924 21351 30844 4809 3462 7481 31972 45.127.217.0/24 | 36924 21351 30844 4809 3462 7481 31972 58.86.38.0/24 | 36924 21351 30844 4809 3462 3462 3462 3462 18042 58.86.43.0/24 | 36924 21351 30844 4809 3462 3462 3462 3462 18042 58.86.46.0/24 | 36924 21351 30844 4809 3462 18042 18018 58.86.128.0/24 | 36924 21351 30844 4809 3462 3462 3462 3462 18042 58.114.0.0/17 | 36924 21351 30844 4809 3462 7481 18042 18042 58.114.0.0/18 | 36924 21351 30844 4809 3462 38187 18042 58.114.64.0/18 | 36924 21351 30844 4809 3462 38187 18042 58.114.128.0/18 | 36924 21351 30844 4809 3462 38187 18042 58.114.192.0/18 | 36924 21351 30844 4809 3462 38187 18042 58.115.0.0/18 | 36924 21351 30844 4809 3462 38187 18042 58.115.64.0/18 | 36924 21351 30844 4809 3462 38187 18042 58.115.128.0/18 | 36924 21351 30844 4809 3462 38187 18042 58.115.192.0/18 | 36924 21351 30844 4809 3462 38187 18042 59.105.229.0/24 | 36924 21351 30844 4809 3462 4780 60.198.193.0/24 | 36924 21351 30844 4809 3462 9924 9924 60.198.194.0/24 | 36924 21351 30844 4809 3462 9924 9924 60.198.195.0/24 | 36924 21351 30844 4809 3462 9924 9924 and more. In total: 924 prefixes visible with that AS_PATH. I cannot verify the AS_PATH completely but Liquid Telecom does have a working looking glass and confirms these routes are present in their network. This confirms that China Telecom AS4809 is announcing these routes for sure. I have added as-path in the sheet I shared - https://docs.google.com/spreadsheets/d/1wOHPKFPOQNnVL02SVWGdVfE8sfnawKfqN1p78y3lciQ/edit?usp=sharing <Screenshot_2020-11-23_at_10.25.44_PM.png> This brings me to 2 possibilities in this case: Hinet AS3462 has quite a few more routes which are more specifics and RPKI invalid and are being announced mostly via China telecom AS4809 and they further have limited visibility. Someone in the chain (likely before Liquid Telecom AS30844) is faking the AS_Path. Only Hinet AS3462 or those impacted 24 other ASNs can confirm which one is the case because they are closest to the origin as per as-path. Thanks On Mon, Nov 23, 2020 at 2:56 PM chku <[email protected]> wrote: Dear Anurag, Many thanks for your information. We checked route prefixes from RIPE https://stat.ripe.net/specials/country-comparison?pk_vid=7881ac06f69fb3001606092228e904b5 The number of IPv4 and IPv6 prefixes of Taiwan are as usual. The number of Valid prefixes from Validator are also as usual. The invalid prefixes are related to the routes announced by ISPs. We will continue to observe the changes of valid prefixes. Ching-Heng From: [email protected] <[email protected]> on behalf of Anurag Bhatia <[email protected]> Sent: Saturday, November 21, 2020 6:41:32 AM To: mailman_APNIC-talk <[email protected]> Subject: [apnic-talk] Major jump in RPKI invalids from Taiwan in last 24hrs Hello everyone, Anyone here from Taiwan? There seems to be a major jump in RPKI invalids from Taiwan. My code is tracking invalids in India and nearby on daily basis and data is being published in this public Grafana instance: https://graphs.muc.anuragbhatia.com/d/DPIj_47Mk/rpki?orgId=1&from=now-90d&to=now On 20th - Invalids were 43 and on 21st invalids have jumped to 539. These invalids belong to 25 different ASNs which are: 131597 - NCDTV-TW New Changhua Digital Cable TV CO,.Ltd, TW 131601 - DCT Dynamic Computing Technology, TW 131627 - PEICITY-AS-TW Peicity Digital Cable Television., LTD, TW 131660 - CHTCDN Data Communication Business Group, TW 1659 - ERX-TANET-ASN1 Taiwan Academic Network (TANet) Information Center, TW 17408 - ABOVE-AS-AP AboveNet Communications Taiwan, TW 17711 - NDHU-TW National Dong Hwa University, TW 17712 - CCU-TW National Chung Cheng University, TW 17713 - NSYSU-TW National Sun Yat-sen University, TW 17716 - NTU-TW National Taiwan University, TW 18042 - KBT Koos Broadband Telecom, TW 18046 - DONGFONG-TW DongFong Technology Co. Ltd., TW 18177 - NCKU-TW National Cheng Kung University, TW 24169 - CHUAN-CHAN-NET-A Chuan Chan Co. Ltd., TW 38841 - KBRO-AS-TW kbro CO. Ltd., TW 4780 - SEEDNET Digital United Inc., TW 4845 - SINGTEL-TW Chung Hsiao East Road, TW 7532 - DIGICENTRE-TW DigiCentre Company Limited, TW 7539 - TWAREN-TW National Center for High-performance Computing, TW 9416 - MULTIMEDIA-AS-AP Hoshin Multimedia Center Inc., TW 9916 - NCTU-TW National Chiao Tung University, TW 9919 - NCIC-TW New Century InfoComm Tech Co., Ltd., TW 9922 - NKB-AS-TW New Kaohsiung Broadband LTD., TW I have put a detailed list of invalids with ASNs, AS names etc here: https://docs.google.com/spreadsheets/d/1wOHPKFPOQNnVL02SVWGdVfE8sfnawKfqN1p78y3lciQ/edit?usp=sharing Please help in getting these cleaned up if you know anyone from the above networks. Thanks. -- Anurag Bhatia anuragbhatia.com -- Anurag Bhatia anuragbhatia.com
_______________________________________________ apnic-talk mailing list [email protected] https://mailman.apnic.net/mailman/listinfo/apnic-talk
