https://bgp.he.net/AS2764#_whois
Regards, CH ________________________________ From: AusNOG <[email protected]> on behalf of James Bensley <[email protected]> Sent: Monday, June 6, 2022 11:12 PM To: [email protected] <[email protected]> Subject: [AusNOG] Any AS2764 / AAPT Around? You're leaking bogon ASNs. Any AS2764? No contact details in peeringdb so trying here instead. See this example route in your looking glass with a bogon origin ASN: http://looking-glass.connect.com.au/lg/ Router: AAPT Sydney Command: show ip bgp regex _4294901881_ BGP table version is 645867563, local router ID is 203.63.80.155 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, x best-external Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i59.101.15.0/24 203.131.60.253 0 100 0 65334 4294901881 i *>i 203.131.60.253 0 100 0 65334 4294901881 i This is just one of many bogon ASNs you're leaking. I am parsing data from the RouteViews collector node in the Equinix IX in Sydney. The MRT archives of received BGP UPDATE messages are publically available here: http://archive.routeviews.org/route-views.sydney/bgpdata/2022.06/UPDATES/ You see how most updates are less than 1MB but every 2 hours on the round 2 hour interval, there is a 30+MB update file? That's (partially) you AS2764! In the smaller files, there are no announcements from AS2764 with bogon ASNs downstream. In the larger update files there are loads of UPDATE messages from AS2764 with bogon downstream ASNs. Here are examples (encoded in JSON): {"as_path": ["63956", "2764", "4294901906"], "comm_set": ["2764:7", "2764:65200", "2764:65211", "2764:65290", "2764:65357", "2764:65408", "2764:65473", "63956:500", "63956:30000", "63956:32000", "63956:32030"] "next_hop": "45.127.172.2", "origin_asns": ["4294901906"], peer_asn": "63956", "prefix": "59.101.10.0/24", "timestamp": "20220524.0603"} "{"as_path": ["63956", "2764", "4294901906"], "comm_set": ["2764:7", "2764:65200", "2764:65211", "2764:65290", "2764:65357", "2764:65408", "2764:65473", "63956:500", "63956:30000", "63956:32000", "63956:32030"] "next_hop": "45.127.172.2", "origin_asns": ["4294901906"], "peer_asn": "63956", "prefix": "59.101.6.0/24", "timestamp": "20220524.0603"} {"as_path": ["63956", "2764", "4294901906"], "comm_set": ["2764:7", "2764:65200", "2764:65211", "2764:65290", "2764:65357", "2764:65408", "2764:65473", "63956:500", "63956:30000", "63956:32000", "63956:32030"] "next_hop": "45.127.172.2", "origin_asns": ["4294901906"], "peer_asn": "63956", "prefix": "59.101.3.0/24", "timestamp": "20220524.0603"} {"as_path": ["63956", "2764", "4294901906"], "comm_set": ["2764:7", "2764:65200", "2764:65211", "2764:65290", "2764:65357", "2764:65408", "2764:65473", "63956:500", "63956:30000", "63956:32000", "63956:32030"] "next_hop": "45.127.172.2", "origin_asns": ["4294901906"], "peer_asn": "63956", "prefix": "59.101.2.0/24", "timestamp": "20220524.0603"} {"as_path": ["63956", "2764", "4294901906"], "comm_set": ["2764:7", "2764:65200", "2764:65211", "2764:65290", "2764:65357", "2764:65408", "2764:65473", "63956:500", "63956:30000", "63956:32000", "63956:32030"] "next_hop": "45.127.172.2", "origin_asns": ["4294901906"], "peer_asn": "63956", "prefix": "59.101.9.0/24", "timestamp": "20220524.0603"} I guess AS2764 announces prefixes with a bogon ASN to AS63956, AS2764 is not striping these outbound and AS63956 is not striping them inbound. I guess that AS63956 then announces them up to the IX. This has been going on for over a month now I think. I only had time to update my code, to start reporting on this, over the weekend gone. The day report is here: https://github.com/DFZ-Name-and-Shame/dnas_stats/blob/eaaefb3426f94ecae530f6c9b2b7af2e826fa6b2/2022/06/05/20220605.txt#L16-L17 Please fix this AS2764. Cheer, James. _______________________________________________ AusNOG mailing list [email protected] https://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________ AusNOG mailing list [email protected] https://lists.ausnog.net/mailman/listinfo/ausnog
