Hi,
On 9/27/18 1:11 AM, nusenu wrote:
Hi,
I came across this particular prefix when going through big RPKI unreachable
blocks.
prefix-routing-consistency [1] says: current origin is AS2200
prefix-overview [2] says: current origin is AS1942 (nlnog's LG agrees)
routing-history [3] says it was announced by AS220 until 2017-06-10 and is
currently announced by AS1942
RPKI validator's BGP Preview (using RIS): says it is announced by AS1942 and is
therefore invalid
(ROA authorizes AS2200 - not AS1942)
So why does [1] say this prefix is announced by AS2200? maybe it is announced
by both?
I do not know what is announced, but RIS observes the prefix with both
origins. As the looking-glass widget states:
"19 RRCs see 202 peers announcing 147.171.0.0/16 originated by 2 ASNs"
https://stat.ripe.net/widget/looking-glass#w.resource=147.171.0.0%2F16
Actually, it is just one single peer on collector rrc04 (Geneva) which
sees AS2200 as origin; that's why prefix-overview and routing-history
do not show the info by default. You have to deselect 'Exclude low
visibiliy' (prefix-overview) and 'No low visibility' (routing-history)
options in the widgets to see it.
RPKI validator's BGP Preview might be using similar logic.
The latest RIS dump, http://ris.ripe.net/dumps/riswhoisdump.IPv4.gz
lists 147.171.0.0/16 with both AS1942 (203 peers) and AS2200 (1 peer)
as origin.
prefix-routing-consistency widget appears to indeed have problems;
at least in this case. It only shows a result for the route observed
by the lowest amount of peers.
-- Rene
btw: AS2200 and AS1942 have the same owner and AS2200 appears to be
the only upstream of AS1942.
[1]
https://stat.ripe.net/widget/prefix-routing-consistency#w.resource=147.171.0.0%2F16
[2] https://stat.ripe.net/widget/prefix-overview#w.resource=147.171.0.0%2F16
[3] https://stat.ripe.net/widget/routing-history#w.resource=147.171.0.0%2F16
