Re: SOLVED (was Re: request for help: 192.139.135.0/24)
Hi all, On Wed, Apr 03, 2019 at 10:59:18AM -0400, Jay Borkenhagen wrote: > I urge folks facing similar problems to publish RPKI ROAs for their IP > resources. [snip] the verifiable statements in RPKI ROAs can be > attributed to you as the actual resource holder, thus helping folks > base their response actions on your intent. > > If you are not facing similar problems today, you could be tomorrow: > so publish your ROAs now! Jay is touching upon a very important aspect here: without the RPKI ROA it would've taken NTT significantly more effort to decide whether removal of the erroneous IRR route object would've been appropriate or not. We consider RPKI ROAs a higher source of truth, so drawing conclusions when faced with unvalidated IRR data is a breeze. RPKI ROAs can be instrumental in resolving issues of administrative nature. Keep in mind that ROAs are not just for BGP Origin Validation but serve other useful purposes too. Publish your ROAs today! Kind regards, Job ps. Usual caveats apply to IP resources managed through ARIN; the ARIN TAL is not as well distributed as RPKI TALs from other RIRs; this essentially has lead to a degradation of the quality of ARIN's RPKI service. This policy proposal may help address operational issues: https://www.arin.net/participate/policy/drafts/2019_4/
SOLVED (was Re: request for help: 192.139.135.0/24)
Hi nanog, With help from China Unicom (as4837) and from folks in other key places around the 'net, I am happy to report that this route mis-origination has now been successfully resolved. Thanks, all! I urge folks facing similar problems to publish RPKI ROAs for their IP resources. I started on this mission after I noticed a discrepancy regarding the validation state of this prefix in the as7018 network. Someday when more networks perform RPKI route origin validation more broadly this kind of issue will be addressed automatically, but even prior to that happening, the verifiable statements in RPKI ROAs can be attributed to you as the actual resource holder, thus helping folks base their response actions on your intent. If you are not facing similar problems today, you could be tomorrow: so publish your ROAs now! Thanks. Jay B. Smith, Courtney writes: > Any luck reaching AS4837? > > route-views>show ip bgp 192.139.135.0/24 longer-prefixes > BGP table version is 103101215, local router ID is 128.223.51.103 > Status codes: s suppressed, d damped, h history, * valid, > best, i - > internal, > r RIB-failure, S Stale, m multipath, b backup-path, f > RT-Filter, > x best-external, a additional-path, c RIB-compressed, > Origin codes: i - IGP, e - EGP, ? - incomplete > RPKI validation codes: V valid, I invalid, N Not found > > Network Next HopMetric LocPrf Weight Path > * 192.139.135.0208.51.134.254 0 0 3549 3356 > 4837 4808 i > *194.85.40.15 0 0 3267 3356 > 4837 4808 i > *193.0.0.56 0 1273 > 4837 4808 i > *37.139.139.0 0 57866 6762 > 4837 4808 i > *12.0.1.63 0 7018 1299 > 53292 63251 ? > *140.192.8.16 0 54728 20130 > 6939 4837 4808 i > *91.218.184.60 0 49788 1299 > 53292 63251 ? > *203.181.248.1680 7660 2516 > 4837 4808 i > *154.11.12.2120 0 852 4837 4808 > i > *134.222.87.1 700 0 286 1299 > 53292 63251 ? > *209.124.176.2230 101 101 3356 > 4837 4808 i > *137.39.3.550 701 3356 4837 > 4808 i > *94.142.247.3 0 0 8283 1299 > 53292 63251 ? > *162.251.163.2 0 53767 3257 > 1299 53292 63251 ? > *212.66.96.126 0 20912 1267 > 3356 4837 4808 i > *198.58.198.255 0 1403 6461 > 4837 4808 i > *198.58.198.254 0 1403 6461 > 4837 4808 i > *> 202.232.0.20 2497 4837 > 4808 i > *203.62.252.83 0 1221 4637 > 4837 4808 i > *132.198.255.2530 1351 6939 > 4837 4808 i > *206.24.210.80 0 3561 209 4837 > 4808 i > *195.208.112.1610 3277 39710 > 9002 3356 4837 4808 i > *217.192.89.50 0 3303 4837 > 4808 i > *173.205.57.234 0 53364 3257 > 1299 53292 63251 ? > *207.172.6.20 0 0 6079 3356 > 4837 4808 i > *207.172.6.1 0 0 6079 3356 > 4837 4808 i > *208.74.64.40 0 19214 174 > 3356 4837 4808 i > *144.228.241.130240 0 1239 4837 > 4808 i > *162.250.137.2540 4901 6079 > 3356 4837 4808 i > *114.31.199.1 0 4826 1299 > 53292 63251 i > *64.71.137.241 0 6939 4837 > 4808 i > route-views> > > On 4/1/19, 1:30 PM, "NANOG on behalf of Jay Borkenhagen" > wrote: > > [No attempts at 01-April humor will be attempted in this message.] > > > Seeking help from routing engineers around the 'net: > > > ARIN documents that 192.139.135.0/24 has been allocated to Metro > Wireless International: > > https://whois.arin.net/rest/net/NET-192-139-135-0-1 > > Further, the party to whom 192.139.135.0/24 has been allocated has > published a ROA in ARIN's hosted RPKI asserting that bgp announcements >
Re: request for help: 192.139.135.0/24
Ack for NTT On Mon, Apr 1, 2019 at 21:36 Christopher Morrow wrote: > (from offline chat and pokery) > > It looks like 701/1239/3356 are permitting 4837 to announce this prefix > because: > $ whois -h whois.radb.net 192.139.135.0 > route: 192.139.135.0/24 > descr: managedway company > origin: AS53292 > mnt-by: MAINT-AS53292 > changed:rsand...@managedway.com 20181128 #23:11:53Z > source: RADB > > route: 192.139.135.0/24 > descr: GLENQCY1 > origin:AS271 > mnt-by:BELL-RC > changed: con...@in.bell.ca 19930820 > source:BELL > > route: 192.139.135.0/24 > descr: CMI IP Transit > origin: AS4808 > admin-c:MAINT-CMI-INT-HK > tech-c: MAINT-CMI-INT-HK > mnt-by: MAINT-CMI-INT-HK > changed:qas_supp...@cmi.chinamobile.com 20160525 > source: NTTCOM > > mntner: MAINT-CMI-INT-HK > descr: China Mobile International Limited > country:HK > admin-c:CMIL1-AP > upd-to: qas_supp...@cmi.chinamobile.com > auth: # Filtered > mnt-by: MAINT-CMI-INT-HK > referral-by:APNIC-HM > last-modified: 2017-11-22T09:00:43Z > source: APNIC > > > There is some less-than-great management of the associated IRR data. > It'd be in the best interest of (Metro Wireless) to start > asking the various IRR's: > bell - con...@in.bell.ca ? > radb - > nttcom - job? > apnic - > > to remove the objects in question. > I'm curious why NTT's still holding this record since there's a competing > ROA? > > On Mon, Apr 1, 2019 at 1:27 PM Jay Borkenhagen wrote: > > > > [No attempts at 01-April humor will be attempted in this message.] > > > > > > Seeking help from routing engineers around the 'net: > > > > > > ARIN documents that 192.139.135.0/24 has been allocated to Metro > > Wireless International: > > > > https://whois.arin.net/rest/net/NET-192-139-135-0-1 > > > > Further, the party to whom 192.139.135.0/24 has been allocated has > > published a ROA in ARIN's hosted RPKI asserting that bgp announcements > > for that prefix are valid only when originating in AS63251. To view > > this, go to your favorite RPKI vantage point that uses ARIN's TAL. If > > you don't yet have a favorite, feel free to telnet to > > route-server.ip.att.net and run: > > > > show validation database record 192.139.135.0/24 > > > > > > Unfortunately, as may be seen at route-views, etc, most of the > > Internet now prefers an invalid path that's mis-originated in as4808: > > > > > > Network Next Hop Path > > * 192.139.135.0208.51.134.2543549 3356 4837 4808 i > > *194.85.40.15 3267 3356 4837 4808 i > > *193.0.0.56 1273 4837 4808 i > > *37.139.139.0 57866 6762 4837 4808 i > > *12.0.1.63 7018 1299 53292 63251 ? > > *140.192.8.16 54728 20130 6939 4837 4808 i > > *91.218.184.60 49788 1299 53292 63251 ? > > *203.181.248.168 7660 2516 4837 4808 i > > *154.11.12.212 852 4837 4808 i > > *134.222.87.1 286 1299 53292 63251 ? > > *209.124.176.223 101 101 3356 4837 4808 i > > *137.39.3.55 701 4837 4808 i > > *94.142.247.3 8283 1239 4837 4808 i > > *162.251.163.2 53767 3257 1299 53292 63251 ? > > *212.66.96.126 20912 1267 3356 4837 4808 i > > *198.58.198.2551403 6461 4837 4808 i > > *198.58.198.2541403 6461 4837 4808 i > > *> 202.232.0.2 2497 4837 4808 i > > *203.62.252.83 1221 4637 4837 4808 i > > *132.198.255.253 1351 6939 4837 4808 i > > *206.24.210.80 3561 209 4837 4808 i > > *195.208.112.161 3277 39710 9002 3356 4837 4808 i > > *217.192.89.50 3303 4837 4808 i > > *173.205.57.23453364 3257 1299 53292 63251 ? > > *207.172.6.20 6079 3356 4837 4808 i > > *207.172.6.1 6079 3356 4837 4808 i > > *208.74.64.40 19214 174 4837 4837 4808 i > > *144.228.241.130 1239 4837 4808 i > > *162.250.137.254 4901 6079 3356 4837 4808 i > > *114.31.199.1 4826 1299 53292 63251 i > > *64.71.137.241 6939 4837 4808 i > > > > > > Please help the Metro Wireless International folks get this cleared up > > so their 192.139.135.0/24 can once again be usable. In particular, > > help is sought from 4837 and their transit providers: > > > > 1239 > > 701 > > 3356 > > > > (Yes, I am trying to reach folks at those networks in other ways, too.) > > > > > > Thanks. > >
Re: request for help: 192.139.135.0/24
Any luck reaching AS4837? route-views>show ip bgp 192.139.135.0/24 longer-prefixes BGP table version is 103101215, local router ID is 128.223.51.103 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next HopMetric LocPrf Weight Path * 192.139.135.0208.51.134.254 0 0 3549 3356 4837 4808 i *194.85.40.15 0 0 3267 3356 4837 4808 i *193.0.0.56 0 1273 4837 4808 i *37.139.139.0 0 57866 6762 4837 4808 i *12.0.1.63 0 7018 1299 53292 63251 ? *140.192.8.16 0 54728 20130 6939 4837 4808 i *91.218.184.60 0 49788 1299 53292 63251 ? *203.181.248.1680 7660 2516 4837 4808 i *154.11.12.2120 0 852 4837 4808 i *134.222.87.1 700 0 286 1299 53292 63251 ? *209.124.176.2230 101 101 3356 4837 4808 i *137.39.3.550 701 3356 4837 4808 i *94.142.247.3 0 0 8283 1299 53292 63251 ? *162.251.163.2 0 53767 3257 1299 53292 63251 ? *212.66.96.126 0 20912 1267 3356 4837 4808 i *198.58.198.255 0 1403 6461 4837 4808 i *198.58.198.254 0 1403 6461 4837 4808 i *> 202.232.0.20 2497 4837 4808 i *203.62.252.83 0 1221 4637 4837 4808 i *132.198.255.2530 1351 6939 4837 4808 i *206.24.210.80 0 3561 209 4837 4808 i *195.208.112.1610 3277 39710 9002 3356 4837 4808 i *217.192.89.50 0 3303 4837 4808 i *173.205.57.234 0 53364 3257 1299 53292 63251 ? *207.172.6.20 0 0 6079 3356 4837 4808 i *207.172.6.1 0 0 6079 3356 4837 4808 i *208.74.64.40 0 19214 174 3356 4837 4808 i *144.228.241.130240 0 1239 4837 4808 i *162.250.137.2540 4901 6079 3356 4837 4808 i *114.31.199.1 0 4826 1299 53292 63251 i *64.71.137.241 0 6939 4837 4808 i route-views> On 4/1/19, 1:30 PM, "NANOG on behalf of Jay Borkenhagen" wrote: [No attempts at 01-April humor will be attempted in this message.] Seeking help from routing engineers around the 'net: ARIN documents that 192.139.135.0/24 has been allocated to Metro Wireless International: https://whois.arin.net/rest/net/NET-192-139-135-0-1 Further, the party to whom 192.139.135.0/24 has been allocated has published a ROA in ARIN's hosted RPKI asserting that bgp announcements for that prefix are valid only when originating in AS63251. To view this, go to your favorite RPKI vantage point that uses ARIN's TAL. If you don't yet have a favorite, feel free to telnet to route-server.ip.att.net and run: show validation database record 192.139.135.0/24 Unfortunately, as may be seen at route-views, etc, most of the Internet now prefers an invalid path that's mis-originated in as4808: Network Next Hop Path * 192.139.135.0208.51.134.2543549 3356 4837 4808 i *194.85.40.15 3267 3356 4837 4808 i *193.0.0.56 1273 4837 4808 i *37.139.139.0 57866 6762 4837 4808 i *12.0.1.63 7018 1299 53292 63251 ? *140.192.8.16 54728 20130 6939 4837 4808 i *91.218.184.60 49788 1299 53292 63251 ? *203.181.248.168 7660 2516 4837 4808 i *154.11.12.212 852 4837 4808 i *134.222.87.1 286 1299 53292 63251 ? *
Re: request for help: 192.139.135.0/24
(from offline chat and pokery) It looks like 701/1239/3356 are permitting 4837 to announce this prefix because: $ whois -h whois.radb.net 192.139.135.0 route: 192.139.135.0/24 descr: managedway company origin: AS53292 mnt-by: MAINT-AS53292 changed:rsand...@managedway.com 20181128 #23:11:53Z source: RADB route: 192.139.135.0/24 descr: GLENQCY1 origin:AS271 mnt-by:BELL-RC changed: con...@in.bell.ca 19930820 source:BELL route: 192.139.135.0/24 descr: CMI IP Transit origin: AS4808 admin-c:MAINT-CMI-INT-HK tech-c: MAINT-CMI-INT-HK mnt-by: MAINT-CMI-INT-HK changed:qas_supp...@cmi.chinamobile.com 20160525 source: NTTCOM mntner: MAINT-CMI-INT-HK descr: China Mobile International Limited country:HK admin-c:CMIL1-AP upd-to: qas_supp...@cmi.chinamobile.com auth: # Filtered mnt-by: MAINT-CMI-INT-HK referral-by:APNIC-HM last-modified: 2017-11-22T09:00:43Z source: APNIC There is some less-than-great management of the associated IRR data. It'd be in the best interest of (Metro Wireless) to start asking the various IRR's: bell - con...@in.bell.ca ? radb - nttcom - job? apnic - to remove the objects in question. I'm curious why NTT's still holding this record since there's a competing ROA? On Mon, Apr 1, 2019 at 1:27 PM Jay Borkenhagen wrote: > > [No attempts at 01-April humor will be attempted in this message.] > > > Seeking help from routing engineers around the 'net: > > > ARIN documents that 192.139.135.0/24 has been allocated to Metro > Wireless International: > > https://whois.arin.net/rest/net/NET-192-139-135-0-1 > > Further, the party to whom 192.139.135.0/24 has been allocated has > published a ROA in ARIN's hosted RPKI asserting that bgp announcements > for that prefix are valid only when originating in AS63251. To view > this, go to your favorite RPKI vantage point that uses ARIN's TAL. If > you don't yet have a favorite, feel free to telnet to > route-server.ip.att.net and run: > > show validation database record 192.139.135.0/24 > > > Unfortunately, as may be seen at route-views, etc, most of the > Internet now prefers an invalid path that's mis-originated in as4808: > > > Network Next Hop Path > * 192.139.135.0208.51.134.2543549 3356 4837 4808 i > *194.85.40.15 3267 3356 4837 4808 i > *193.0.0.56 1273 4837 4808 i > *37.139.139.0 57866 6762 4837 4808 i > *12.0.1.63 7018 1299 53292 63251 ? > *140.192.8.16 54728 20130 6939 4837 4808 i > *91.218.184.60 49788 1299 53292 63251 ? > *203.181.248.168 7660 2516 4837 4808 i > *154.11.12.212 852 4837 4808 i > *134.222.87.1 286 1299 53292 63251 ? > *209.124.176.223 101 101 3356 4837 4808 i > *137.39.3.55 701 4837 4808 i > *94.142.247.3 8283 1239 4837 4808 i > *162.251.163.2 53767 3257 1299 53292 63251 ? > *212.66.96.126 20912 1267 3356 4837 4808 i > *198.58.198.2551403 6461 4837 4808 i > *198.58.198.2541403 6461 4837 4808 i > *> 202.232.0.2 2497 4837 4808 i > *203.62.252.83 1221 4637 4837 4808 i > *132.198.255.253 1351 6939 4837 4808 i > *206.24.210.80 3561 209 4837 4808 i > *195.208.112.161 3277 39710 9002 3356 4837 4808 i > *217.192.89.50 3303 4837 4808 i > *173.205.57.23453364 3257 1299 53292 63251 ? > *207.172.6.20 6079 3356 4837 4808 i > *207.172.6.1 6079 3356 4837 4808 i > *208.74.64.40 19214 174 4837 4837 4808 i > *144.228.241.130 1239 4837 4808 i > *162.250.137.254 4901 6079 3356 4837 4808 i > *114.31.199.1 4826 1299 53292 63251 i > *64.71.137.241 6939 4837 4808 i > > > Please help the Metro Wireless International folks get this cleared up > so their 192.139.135.0/24 can once again be usable. In particular, > help is sought from 4837 and their transit providers: > > 1239 > 701 > 3356 > > (Yes, I am trying to reach folks at those networks in other ways, too.) > > > Thanks. > > Jay B. > > >
request for help: 192.139.135.0/24
[No attempts at 01-April humor will be attempted in this message.] Seeking help from routing engineers around the 'net: ARIN documents that 192.139.135.0/24 has been allocated to Metro Wireless International: https://whois.arin.net/rest/net/NET-192-139-135-0-1 Further, the party to whom 192.139.135.0/24 has been allocated has published a ROA in ARIN's hosted RPKI asserting that bgp announcements for that prefix are valid only when originating in AS63251. To view this, go to your favorite RPKI vantage point that uses ARIN's TAL. If you don't yet have a favorite, feel free to telnet to route-server.ip.att.net and run: show validation database record 192.139.135.0/24 Unfortunately, as may be seen at route-views, etc, most of the Internet now prefers an invalid path that's mis-originated in as4808: Network Next Hop Path * 192.139.135.0208.51.134.2543549 3356 4837 4808 i *194.85.40.15 3267 3356 4837 4808 i *193.0.0.56 1273 4837 4808 i *37.139.139.0 57866 6762 4837 4808 i *12.0.1.63 7018 1299 53292 63251 ? *140.192.8.16 54728 20130 6939 4837 4808 i *91.218.184.60 49788 1299 53292 63251 ? *203.181.248.168 7660 2516 4837 4808 i *154.11.12.212 852 4837 4808 i *134.222.87.1 286 1299 53292 63251 ? *209.124.176.223 101 101 3356 4837 4808 i *137.39.3.55 701 4837 4808 i *94.142.247.3 8283 1239 4837 4808 i *162.251.163.2 53767 3257 1299 53292 63251 ? *212.66.96.126 20912 1267 3356 4837 4808 i *198.58.198.2551403 6461 4837 4808 i *198.58.198.2541403 6461 4837 4808 i *> 202.232.0.2 2497 4837 4808 i *203.62.252.83 1221 4637 4837 4808 i *132.198.255.253 1351 6939 4837 4808 i *206.24.210.80 3561 209 4837 4808 i *195.208.112.161 3277 39710 9002 3356 4837 4808 i *217.192.89.50 3303 4837 4808 i *173.205.57.23453364 3257 1299 53292 63251 ? *207.172.6.20 6079 3356 4837 4808 i *207.172.6.1 6079 3356 4837 4808 i *208.74.64.40 19214 174 4837 4837 4808 i *144.228.241.130 1239 4837 4808 i *162.250.137.254 4901 6079 3356 4837 4808 i *114.31.199.1 4826 1299 53292 63251 i *64.71.137.241 6939 4837 4808 i Please help the Metro Wireless International folks get this cleared up so their 192.139.135.0/24 can once again be usable. In particular, help is sought from 4837 and their transit providers: 1239 701 3356 (Yes, I am trying to reach folks at those networks in other ways, too.) Thanks. Jay B.