Send sanog mailing list submissions to sanog@sanog.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.sanog.org/mailman/listinfo/sanog or, via email, send a message with subject or body 'help' to sanog-requ...@sanog.org
You can reach the person managing the list at sanog-ow...@sanog.org When replying, please edit your Subject line so it is more specific than "Re: Contents of sanog digest..." Today's Topics: 1. Re: How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed (Tarun Dua) 2. Re: How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed (Tarun Dua) 3. Re: How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed (Suresh Ramasubramanian) 4. Re: How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed (Anurag Bhatia) 5. Re: How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed (=?utf-8?B?U3VyZXNoIFJhbWFzdWJyYW1hbmlhbg==?=) ---------------------------------------------------------------------- Message: 1 Date: Mon, 17 Feb 2014 22:49:26 +0530 From: Tarun Dua <li...@tarundua.net> To: sanog@sanog.org Subject: Re: [SANOG] How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed Message-ID: <caajbweq0w+u+_0j0r12whr81xdwqjfkdhbzgq9klakvcdyr...@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Thank you everyone for the suggestions. Let me try Anurag's suggestions first if that doesn't work perhaps someone on nanog would point me to the best contacts at cogent. Regards Tarun -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.sanog.org/pipermail/sanog/attachments/20140217/2983873e/attachment-0001.html> ------------------------------ Message: 2 Date: Mon, 17 Feb 2014 23:13:51 +0530 From: Tarun Dua <li...@tarundua.net> To: sanog@sanog.org Subject: Re: [SANOG] How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed Message-ID: <caajbwep8-gfktkje2xjt_fq5hztkeabfgb8c11fnhobiwum...@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" The prefix in question is 205.147.96.0/21 Regards -Tarun -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.sanog.org/pipermail/sanog/attachments/20140217/8500c579/attachment-0001.html> ------------------------------ Message: 3 Date: Mon, 17 Feb 2014 12:21:43 -0600 From: Suresh Ramasubramanian <sur...@hserus.net> To: Tarun Dua <li...@tarundua.net> Cc: sanog@sanog.org Subject: Re: [SANOG] How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed Message-ID: <20140217182143.ga21...@hserus.net> Content-Type: text/plain; charset=us-ascii; format=flowed Tarun Dua [17/02/14 23:13 +0530]: >The prefix in question is 205.147.96.0/21 Cogent seems to think - and whois too - that it is split into /23s See the routeviews entries as well below http://www.onesc.net/communities/as174/ says 174:21001 Route is NA internal or customer route. by the way. And there's rr.arin.net / radb.net route registry entries for the covering /20 assigned to a legacy provider. Looks like that IP space was reclaimed by arin and allocated to apnic. suresh@samwise 12:17:34 <~> $ whois -h rr.arin.net 205.147.96.0/21 % This is the ARIN Routing Registry. % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '205.147.96.0/20AS18999' route: 205.147.96.0/20 descr: Poplar Bluff Internet, Inc. P.O. Box 190 Poplar Bluff, MO 63902 US origin: AS18999 mnt-by: MNT-POPL source: ARIN # Filtered suresh@samwise 12:17:38 <~> $ whois -h whois.radb.net 205.147.96.0/21 route: 205.147.96.0/20 descr: Forced Object Correction origin: AS18999 mnt-by: MAINT-AS7132 changed: backb...@sbis.sbc.com 20060607 source: RADB route: 205.147.96.0/20 descr: Poplar Bluff Internet, Inc. P.O. Box 190 Poplar Bluff, MO 63902 US origin: AS18999 mnt-by: MNT-POPL changed: ja...@semo.net 20051003 source: ARIN routeviews lookups - BGP routing table entry for 205.147.96.0/21, version 436273 Paths: (31 available, best #30, table Default-IP-Routing-Table) Not advertised to any peer 5459 174 195.66.232.239 from 195.66.232.239 (195.66.232.239) Origin IGP, localpref 100, valid, external Community: 174:21001 174:22013 5459:1 5459:60 3356 174 4.69.184.193 from 4.69.184.193 (4.69.184.193) Origin IGP, metric 0, localpref 100, valid, external Community: 3356:3 3356:22 3356:86 3356:575 3356:666 3356:2012 2914 174 129.250.0.11 from 129.250.0.11 (129.250.0.12) Origin IGP, metric 7, localpref 100, valid, external Community: 2914:420 2914:1008 2914:2000 2914:3000 65504:174 6939 1299 174 216.218.252.164 from 216.218.252.164 (216.218.252.164) Using cogent's looking glass http://www.cogentco.com/en/network/looking-glass I just get an entry for the /23 and then for another /23 but not a covering /21 BGP routing table entry for 205.147.96.0/23, version 2088153801 Paths: (1 available, best #1, table Default-IP-Routing-Table) 9498 17439 2.1348 38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76) Origin IGP, localpref 130, valid, internal, best Community: 174:981 174:10017 174:20999 174:21001 174:22013 Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69, 66.28.1.89, 66.28.1.68 BGP routing table entry for 205.147.98.0/23, version 2088153802 Paths: (1 available, best #1, table Default-IP-Routing-Table) 9498 17439 2.1348 38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76) Origin IGP, localpref 130, valid, internal, best Community: 174:981 174:10017 174:20999 174:21001 174:22013 Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69, 66.28.1.89, 66.28.1.68 ------------------------------ Message: 4 Date: Tue, 18 Feb 2014 00:01:52 +0530 From: Anurag Bhatia <m...@anuragbhatia.com> To: Suresh Ramasubramanian <sur...@hserus.net> Cc: sanog@sanog.org Subject: Re: [SANOG] How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed Message-ID: <caj0+axbraer2+0xdpy7zsqoxfnqkyg8fdtepane-mgritsa...@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Nice find Suresh! Btw this brings to me to slightly unrelated issues of wrong RADB entries for all such prefixes. The ISP which I represent has some prefix with RADB entries from ISP which (I guess) had prefix years back before APNIC re-allocated them. Isn't this very common? In traceroute with "-A" argument we see multiple ASNs so many times (since -A is based on RADB data rather than actual routing data). On Mon, Feb 17, 2014 at 11:51 PM, Suresh Ramasubramanian <sur...@hserus.net>wrote: > Tarun Dua [17/02/14 23:13 +0530]: > > The prefix in question is 205.147.96.0/21 >> > > Cogent seems to think - and whois too - that it is split into /23s > See the routeviews entries as well below > > http://www.onesc.net/communities/as174/ says 174:21001 Route is NA > internal or customer route. > > by the way. And there's rr.arin.net / radb.net route registry entries for > the covering /20 assigned to a legacy provider. Looks like that IP space > was reclaimed by arin and allocated to apnic. > > suresh@samwise 12:17:34 <~> $ whois -h rr.arin.net 205.147.96.0/21 > % This is the ARIN Routing Registry. > > % Note: this output has been filtered. > % To receive output for a database update, use the "-B" flag. > > % Information related to '205.147.96.0/20AS18999' > > route: 205.147.96.0/20 > descr: Poplar Bluff Internet, Inc. > P.O. Box 190 > Poplar Bluff, MO 63902 > US > origin: AS18999 > mnt-by: MNT-POPL > source: ARIN # Filtered > > > suresh@samwise 12:17:38 <~> $ whois -h whois.radb.net 205.147.96.0/21 > route: 205.147.96.0/20 > descr: Forced Object Correction > origin: AS18999 > mnt-by: MAINT-AS7132 > changed: backb...@sbis.sbc.com 20060607 > source: RADB > > route: 205.147.96.0/20 > descr: Poplar Bluff Internet, Inc. > P.O. Box 190 > Poplar Bluff, MO 63902 > US > origin: AS18999 > mnt-by: MNT-POPL > changed: ja...@semo.net 20051003 > source: ARIN > > routeviews lookups - > > BGP routing table entry for 205.147.96.0/21, version 436273 > Paths: (31 available, best #30, table Default-IP-Routing-Table) > Not advertised to any peer > 5459 174 > 195.66.232.239 from 195.66.232.239 (195.66.232.239) > Origin IGP, localpref 100, valid, external > Community: 174:21001 174:22013 5459:1 5459:60 > 3356 174 > 4.69.184.193 from 4.69.184.193 (4.69.184.193) > Origin IGP, metric 0, localpref 100, valid, external > Community: 3356:3 3356:22 3356:86 3356:575 3356:666 3356:2012 > 2914 174 > 129.250.0.11 from 129.250.0.11 (129.250.0.12) > Origin IGP, metric 7, localpref 100, valid, external > Community: 2914:420 2914:1008 2914:2000 2914:3000 65504:174 > 6939 1299 174 > 216.218.252.164 from 216.218.252.164 (216.218.252.164) > > Using cogent's looking glass > http://www.cogentco.com/en/network/looking-glass > > I just get an entry for the /23 and then for another /23 but not a covering > /21 > > BGP routing table entry for 205.147.96.0/23, version 2088153801 > Paths: (1 available, best #1, table Default-IP-Routing-Table) > 9498 17439 2.1348 > 38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76) > Origin IGP, localpref 130, valid, internal, best > Community: 174:981 174:10017 174:20999 174:21001 174:22013 > Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69, > 66.28.1.89, 66.28.1.68 > > BGP routing table entry for 205.147.98.0/23, version 2088153802 > Paths: (1 available, best #1, table Default-IP-Routing-Table) > 9498 17439 2.1348 > 38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76) > Origin IGP, localpref 130, valid, internal, best > Community: 174:981 174:10017 174:20999 174:21001 174:22013 > Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69, > 66.28.1.89, 66.28.1.68 > > > _______________________________________________ > sanog mailing list > sanog@sanog.org > https://lists.sanog.org/mailman/listinfo/sanog > -- Anurag Bhatia anuragbhatia.com Linkedin <http://in.linkedin.com/in/anuragbhatia21> | Twitter<https://twitter.com/anurag_bhatia> Skype: anuragbhatia.com PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.sanog.org/pipermail/sanog/attachments/20140218/178e6c1d/attachment-0001.html> ------------------------------ Message: 5 Date: Mon, 17 Feb 2014 10:37:48 -0800 From: "=?utf-8?B?U3VyZXNoIFJhbWFzdWJyYW1hbmlhbg==?=" <sur...@hserus.net> To: "=?utf-8?B?QW51cmFnIEJoYXRpYQ==?=" <m...@anuragbhatia.com> Cc: mail=sanog@sanog. org <sanog@sanog.org> Subject: Re: [SANOG] How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed Message-ID: <e1wft4h-0006dw...@samwise.hserus.net> Content-Type: text/plain; charset="utf-8" This has bitten me at least once in the past so it is not something I would forget in a hurry :) --srs (htc one x) ----- Reply message ----- From: "Anurag Bhatia" <m...@anuragbhatia.com> To: "Suresh Ramasubramanian" <sur...@hserus.net> Cc: "Tarun Dua" <li...@tarundua.net>, <sanog@sanog.org> Subject: [SANOG] How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed Date: Mon, Feb 17, 2014 10:31 AM Nice find Suresh! Btw this brings to me to slightly unrelated issues of wrong RADB entries for all such prefixes. The ISP which I represent has some prefix with RADB entries from ISP which (I guess) had prefix years back before APNIC re-allocated them. Isn't this very common? In traceroute with "-A" argument we see multiple ASNs so many times (since -A is based on RADB data rather than actual routing data). On Mon, Feb 17, 2014 at 11:51 PM, Suresh Ramasubramanian <sur...@hserus.net>wrote: > Tarun Dua [17/02/14 23:13 +0530]: > > The prefix in question is 205.147.96.0/21 >> > > Cogent seems to think - and whois too - that it is split into /23s > See the routeviews entries as well below > > http://www.onesc.net/communities/as174/ says 174:21001 Route is NA > internal or customer route. > > by the way. And there's rr.arin.net / radb.net route registry entries for > the covering /20 assigned to a legacy provider. Looks like that IP space > was reclaimed by arin and allocated to apnic. > > suresh@samwise 12:17:34 <~> $ whois -h rr.arin.net 205.147.96.0/21 > % This is the ARIN Routing Registry. > > % Note: this output has been filtered. > % To receive output for a database update, use the "-B" flag. > > % Information related to '205.147.96.0/20AS18999' > > route: 205.147.96.0/20 > descr: Poplar Bluff Internet, Inc. > P.O. Box 190 > Poplar Bluff, MO 63902 > US > origin: AS18999 > mnt-by: MNT-POPL > source: ARIN # Filtered > > > suresh@samwise 12:17:38 <~> $ whois -h whois.radb.net 205.147.96.0/21 > route: 205.147.96.0/20 > descr: Forced Object Correction > origin: AS18999 > mnt-by: MAINT-AS7132 > changed: backb...@sbis.sbc.com 20060607 > source: RADB > > route: 205.147.96.0/20 > descr: Poplar Bluff Internet, Inc. > P.O. Box 190 > Poplar Bluff, MO 63902 > US > origin: AS18999 > mnt-by: MNT-POPL > changed: ja...@semo.net 20051003 > source: ARIN > > routeviews lookups - > > BGP routing table entry for 205.147.96.0/21, version 436273 > Paths: (31 available, best #30, table Default-IP-Routing-Table) > Not advertised to any peer > 5459 174 > 195.66.232.239 from 195.66.232.239 (195.66.232.239) > Origin IGP, localpref 100, valid, external > Community: 174:21001 174:22013 5459:1 5459:60 > 3356 174 > 4.69.184.193 from 4.69.184.193 (4.69.184.193) > Origin IGP, metric 0, localpref 100, valid, external > Community: 3356:3 3356:22 3356:86 3356:575 3356:666 3356:2012 > 2914 174 > 129.250.0.11 from 129.250.0.11 (129.250.0.12) > Origin IGP, metric 7, localpref 100, valid, external > Community: 2914:420 2914:1008 2914:2000 2914:3000 65504:174 > 6939 1299 174 > 216.218.252.164 from 216.218.252.164 (216.218.252.164) > > Using cogent's looking glass > http://www.cogentco.com/en/network/looking-glass > > I just get an entry for the /23 and then for another /23 but not a covering > /21 > > BGP routing table entry for 205.147.96.0/23, version 2088153801 > Paths: (1 available, best #1, table Default-IP-Routing-Table) > 9498 17439 2.1348 > 38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76) > Origin IGP, localpref 130, valid, internal, best > Community: 174:981 174:10017 174:20999 174:21001 174:22013 > Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69, > 66.28.1.89, 66.28.1.68 > > BGP routing table entry for 205.147.98.0/23, version 2088153802 > Paths: (1 available, best #1, table Default-IP-Routing-Table) > 9498 17439 2.1348 > 38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76) > Origin IGP, localpref 130, valid, internal, best > Community: 174:981 174:10017 174:20999 174:21001 174:22013 > Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69, > 66.28.1.89, 66.28.1.68 > > > _______________________________________________ > sanog mailing list > sanog@sanog.org > https://lists.sanog.org/mailman/listinfo/sanog > -- Anurag Bhatia anuragbhatia.com Linkedin <http://in.linkedin.com/in/anuragbhatia21> | Twitter<https://twitter.com/anurag_bhatia> Skype: anuragbhatia.com PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.sanog.org/pipermail/sanog/attachments/20140217/e1650038/attachment.html> ------------------------------ _______________________________________________ sanog mailing list sanog@sanog.org https://lists.sanog.org/mailman/listinfo/sanog End of sanog Digest, Vol 25, Issue 6 ************************************