Sorry, there is a typo, 263:666 should be 2603:666.
-----Original Message-----
From: Idr [mailto:[email protected]] On Behalf Of Zhuangshunwan
Sent: Tuesday, August 10, 2021 9:57 AM
To: Sriram, Kotikalapudi (Fed) <[email protected]>
Cc: IDR <[email protected]>; GROW WG <[email protected]>
Subject: Re: [Idr] some questions from {RC, LC, EC} analysis presentation in
GROW
Hi Sriram,
Thanks for your great job! Your work has given me a very in-depth understanding
of the propagation behavior of BGP community attributes on the Internet.
Regarding " Total # Unique {Prefix, RC = 3356:9999} ; 28", why is the number
only 28? It may be that the mask of black hole routes is usually greater than
24 (for IPv4 prefixes), preventing such routes from spreading widely on the
Internet?
If the answer to the above question is "yes", then if other communities
"ASN:666" are widespread in the wild, then such "ASN:666" may not be a black
hole community attribute too? As far as I know, the other two examples are
263:666 and 5511:666.
Regards,
Shunwan
-----Original Message-----
From: Sriram, Kotikalapudi (Fed) [mailto:[email protected]]
Sent: Tuesday, August 10, 2021 1:07 AM
To: Zhuangshunwan <[email protected]>
Cc: Jeffrey Haas <[email protected]>; GROW WG <[email protected]>; IDR <[email protected]>
Subject: Re: some questions from {RC, LC, EC} analysis presentation in GROW
I have heard back from Lumen/Level3 and they have confirmed the following:
remarks: prefix type communities
remarks: --------------------------------------------------------
remarks: 3356:123 - Customer route
remarks: 3356:666 - Peer route
They also stated, “The 123 and 666 communities are announced to our customers
intentionally.”
I think the above info is good from the point of view of our measurements. We
no longer treat 3356:666 as a Blackhole community. So, we separate them from
other ASN:666. We look at the propagation of 3356:666 and 3356:123. Both are
meant to start at AS 3356 and are expected to propagate down the customer cone
(according to the info from Lumen/Level3 above). We do observe very substantial
numbers of 3356:666 and 3356:123:
RIB data (RouteViews3, 2021-07-15.0000):
Total # Unique {Prefix, RC = 3356:666} ; 509900 Total # Unique {Prefix, RC =
3356:123} ; 399567 Total # Unique {Prefix, RC = 3356:9999} ; 28
This is somewhat along the lines of what Jeff was also requesting: measure the
propagation against known applications. So, there are about 510K Unique
{Prefix, RC = 3356:666} and 400K Unique {Prefix, RC = 3356:123}. They are
observed propagating multiple hops starting from AS 3356 (we’ll update the
slides with this distribution). Hopefully, much of this propagation is down the
customer cone as expected. We don't know if some of them are route leaks, but
we can try to check that as part of further investigation.
Any further thoughts/comments?
Sriram
------------------------------------------
________________________________________
From: Sriram, Kotikalapudi (Fed) <[email protected]>
Sent: Wednesday, August 4, 2021 12:58 PM
To: Zhuangshunwan; Sriram, Kotikalapudi (Fed); GROW WG
Cc: IDR
Subject: Re: some questions from {RC, LC, EC} analysis presentation in GROW
Hi Shunwan,
Yes, that is a curious thing ... it seems peculiar and specific to AS 3356.
I have started a discussion on NANOG about 3356:666, 3356:9999, etc.
Please take a look:
https://mailman.nanog.org/pipermail/nanog/2021-August/thread.html#214447
Only AS 3356 may be an outlier. Most other AS operators use ASN:666 or WKC
65535:666 for Blackhole Community:
https://www.google.com/search?q=BGP+community+%3A666&rlz=1C1GCEV_enUS847US847&oq=BGP+community+%3A666&aqs=chrome..69i57j69i64.9798j1j15&sourceid=chrome&ie=UTF-8&safe=active&ssui=on
Also, we'll check -- on slide 12 of my GROW presentation -- out of the roughly
265K count of unique {Prefix, AS Path, RC = Any:666}, how many are with
3356:666. I will let you know.
Sriram
________________________________________
From: GROW <[email protected]> on behalf of Zhuangshunwan
<[email protected]>
Sent: Tuesday, August 3, 2021 10:37 PM
To: Sriram, Kotikalapudi (Fed); GROW WG
Cc: IDR
Subject: Re: [GROW] some questions from {RC, LC, EC} analysis presentation in
GROW
Hi Sriram,
The community attribute example 3356:666 on page 10 may not match the actual
function.
"
Example: AS path = 25160 3356 12956 6147 and RC = 3356:666 This means that
the client is at AS 6147 (origin AS) and AS 3356 is the RTBH provider AS
Distance to RTBH provider = 2 Propagation (#hops): The Blackhole Community
propagated 3 hops in this case (AS 6147 to AS 25160) "
According to https://onestep.net/communities/as3356/
...
--------------------------------------------------------
prefix type communities
--------------------------------------------------------
3356:123 - Customer route
3356:666 - Peer route
--------------------------------------------------------
...
--------------------------------------------------------
customer traffic engineering communities - Blackhole
--------------------------------------------------------
3356:9999 - blackhole (discard) traffic
Traffic destined for any prefixes tagged with this community will be discarded
at ingress to the Level 3 network. The prefix must be one permitted by the
customer's existing ingress BGP filter.
For some router vendors the peering
must be changed to an eBGP multihop session on the Level
3 side of the connection.
...
Regards,
Shunwan
_______________________________________________
Idr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/idr
_______________________________________________
GROW mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/grow
