Send sanog mailing list submissions to
sanog@sanog.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sanog.org/mailman/listinfo/sanog
or, via email, send a message with subject or body 'help' to
sanog-requ...@sanog.org
You can reach the person managing the list at
sanog-ow...@sanog.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sanog digest..."
Today's Topics:
1. Re: How to get off the Bogon IP list or get an incorrectly
advertised BGP announcement fixed (Tarun Dua)
2. Re: How to get off the Bogon IP list or get an incorrectly
advertised BGP announcement fixed (Tarun Dua)
3. Re: How to get off the Bogon IP list or get an incorrectly
advertised BGP announcement fixed (Suresh Ramasubramanian)
4. Re: How to get off the Bogon IP list or get an incorrectly
advertised BGP announcement fixed (Anurag Bhatia)
5. Re: How to get off the Bogon IP list or get an incorrectly
advertised BGP announcement fixed
(=?utf-8?B?U3VyZXNoIFJhbWFzdWJyYW1hbmlhbg==?=)
----------------------------------------------------------------------
Message: 1
Date: Mon, 17 Feb 2014 22:49:26 +0530
From: Tarun Dua <li...@tarundua.net>
To: sanog@sanog.org
Subject: Re: [SANOG] How to get off the Bogon IP list or get an
incorrectly advertised BGP announcement fixed
Message-ID:
<caajbweq0w+u+_0j0r12whr81xdwqjfkdhbzgq9klakvcdyr...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Thank you everyone for the suggestions. Let me try Anurag's suggestions
first if that doesn't work perhaps someone on nanog would point me to the
best contacts at cogent.
Regards
Tarun
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.sanog.org/pipermail/sanog/attachments/20140217/2983873e/attachment-0001.html>
------------------------------
Message: 2
Date: Mon, 17 Feb 2014 23:13:51 +0530
From: Tarun Dua <li...@tarundua.net>
To: sanog@sanog.org
Subject: Re: [SANOG] How to get off the Bogon IP list or get an
incorrectly advertised BGP announcement fixed
Message-ID:
<caajbwep8-gfktkje2xjt_fq5hztkeabfgb8c11fnhobiwum...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
The prefix in question is 205.147.96.0/21
Regards
-Tarun
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.sanog.org/pipermail/sanog/attachments/20140217/8500c579/attachment-0001.html>
------------------------------
Message: 3
Date: Mon, 17 Feb 2014 12:21:43 -0600
From: Suresh Ramasubramanian <sur...@hserus.net>
To: Tarun Dua <li...@tarundua.net>
Cc: sanog@sanog.org
Subject: Re: [SANOG] How to get off the Bogon IP list or get an
incorrectly advertised BGP announcement fixed
Message-ID: <20140217182143.ga21...@hserus.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Tarun Dua [17/02/14 23:13 +0530]:
>The prefix in question is 205.147.96.0/21
Cogent seems to think - and whois too - that it is split into /23s
See the routeviews entries as well below
http://www.onesc.net/communities/as174/ says
174:21001 Route is NA internal or customer route.
by the way. And there's rr.arin.net / radb.net route registry entries for
the covering /20 assigned to a legacy provider. Looks like that IP space
was reclaimed by arin and allocated to apnic.
suresh@samwise 12:17:34 <~> $ whois -h rr.arin.net 205.147.96.0/21
% This is the ARIN Routing Registry.
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '205.147.96.0/20AS18999'
route: 205.147.96.0/20
descr: Poplar Bluff Internet, Inc.
P.O. Box 190
Poplar Bluff, MO 63902
US
origin: AS18999
mnt-by: MNT-POPL
source: ARIN # Filtered
suresh@samwise 12:17:38 <~> $ whois -h whois.radb.net 205.147.96.0/21
route: 205.147.96.0/20
descr: Forced Object Correction
origin: AS18999
mnt-by: MAINT-AS7132
changed: backb...@sbis.sbc.com 20060607
source: RADB
route: 205.147.96.0/20
descr: Poplar Bluff Internet, Inc.
P.O. Box 190
Poplar Bluff, MO 63902
US
origin: AS18999
mnt-by: MNT-POPL
changed: ja...@semo.net 20051003
source: ARIN
routeviews lookups -
BGP routing table entry for 205.147.96.0/21, version 436273
Paths: (31 available, best #30, table Default-IP-Routing-Table)
Not advertised to any peer
5459 174
195.66.232.239 from 195.66.232.239 (195.66.232.239)
Origin IGP, localpref 100, valid, external
Community: 174:21001 174:22013 5459:1 5459:60
3356 174
4.69.184.193 from 4.69.184.193 (4.69.184.193)
Origin IGP, metric 0, localpref 100, valid, external
Community: 3356:3 3356:22 3356:86 3356:575 3356:666 3356:2012
2914 174
129.250.0.11 from 129.250.0.11 (129.250.0.12)
Origin IGP, metric 7, localpref 100, valid, external
Community: 2914:420 2914:1008 2914:2000 2914:3000 65504:174
6939 1299 174
216.218.252.164 from 216.218.252.164 (216.218.252.164)
Using cogent's looking glass
http://www.cogentco.com/en/network/looking-glass
I just get an entry for the /23 and then for another /23 but not a covering
/21
BGP routing table entry for 205.147.96.0/23, version 2088153801
Paths: (1 available, best #1, table Default-IP-Routing-Table)
9498 17439 2.1348
38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76)
Origin IGP, localpref 130, valid, internal, best
Community: 174:981 174:10017 174:20999 174:21001 174:22013
Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69,
66.28.1.89, 66.28.1.68
BGP routing table entry for 205.147.98.0/23, version 2088153802
Paths: (1 available, best #1, table Default-IP-Routing-Table)
9498 17439 2.1348
38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76)
Origin IGP, localpref 130, valid, internal, best
Community: 174:981 174:10017 174:20999 174:21001 174:22013
Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69,
66.28.1.89, 66.28.1.68
------------------------------
Message: 4
Date: Tue, 18 Feb 2014 00:01:52 +0530
From: Anurag Bhatia <m...@anuragbhatia.com>
To: Suresh Ramasubramanian <sur...@hserus.net>
Cc: sanog@sanog.org
Subject: Re: [SANOG] How to get off the Bogon IP list or get an
incorrectly advertised BGP announcement fixed
Message-ID:
<caj0+axbraer2+0xdpy7zsqoxfnqkyg8fdtepane-mgritsa...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Nice find Suresh!
Btw this brings to me to slightly unrelated issues of wrong RADB entries
for all such prefixes. The ISP which I represent has some prefix with RADB
entries from ISP which (I guess) had prefix years back before APNIC
re-allocated them. Isn't this very common? In traceroute with "-A" argument
we see multiple ASNs so many times (since -A is based on RADB data rather
than actual routing data).
On Mon, Feb 17, 2014 at 11:51 PM, Suresh Ramasubramanian
<sur...@hserus.net>wrote:
> Tarun Dua [17/02/14 23:13 +0530]:
>
> The prefix in question is 205.147.96.0/21
>>
>
> Cogent seems to think - and whois too - that it is split into /23s
> See the routeviews entries as well below
>
> http://www.onesc.net/communities/as174/ says 174:21001 Route is NA
> internal or customer route.
>
> by the way. And there's rr.arin.net / radb.net route registry entries for
> the covering /20 assigned to a legacy provider. Looks like that IP space
> was reclaimed by arin and allocated to apnic.
>
> suresh@samwise 12:17:34 <~> $ whois -h rr.arin.net 205.147.96.0/21
> % This is the ARIN Routing Registry.
>
> % Note: this output has been filtered.
> % To receive output for a database update, use the "-B" flag.
>
> % Information related to '205.147.96.0/20AS18999'
>
> route: 205.147.96.0/20
> descr: Poplar Bluff Internet, Inc.
> P.O. Box 190
> Poplar Bluff, MO 63902
> US
> origin: AS18999
> mnt-by: MNT-POPL
> source: ARIN # Filtered
>
>
> suresh@samwise 12:17:38 <~> $ whois -h whois.radb.net 205.147.96.0/21
> route: 205.147.96.0/20
> descr: Forced Object Correction
> origin: AS18999
> mnt-by: MAINT-AS7132
> changed: backb...@sbis.sbc.com 20060607
> source: RADB
>
> route: 205.147.96.0/20
> descr: Poplar Bluff Internet, Inc.
> P.O. Box 190
> Poplar Bluff, MO 63902
> US
> origin: AS18999
> mnt-by: MNT-POPL
> changed: ja...@semo.net 20051003
> source: ARIN
>
> routeviews lookups -
>
> BGP routing table entry for 205.147.96.0/21, version 436273
> Paths: (31 available, best #30, table Default-IP-Routing-Table)
> Not advertised to any peer
> 5459 174
> 195.66.232.239 from 195.66.232.239 (195.66.232.239)
> Origin IGP, localpref 100, valid, external
> Community: 174:21001 174:22013 5459:1 5459:60
> 3356 174
> 4.69.184.193 from 4.69.184.193 (4.69.184.193)
> Origin IGP, metric 0, localpref 100, valid, external
> Community: 3356:3 3356:22 3356:86 3356:575 3356:666 3356:2012
> 2914 174
> 129.250.0.11 from 129.250.0.11 (129.250.0.12)
> Origin IGP, metric 7, localpref 100, valid, external
> Community: 2914:420 2914:1008 2914:2000 2914:3000 65504:174
> 6939 1299 174
> 216.218.252.164 from 216.218.252.164 (216.218.252.164)
>
> Using cogent's looking glass
> http://www.cogentco.com/en/network/looking-glass
>
> I just get an entry for the /23 and then for another /23 but not a covering
> /21
>
> BGP routing table entry for 205.147.96.0/23, version 2088153801
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
> 9498 17439 2.1348
> 38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76)
> Origin IGP, localpref 130, valid, internal, best
> Community: 174:981 174:10017 174:20999 174:21001 174:22013
> Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69,
> 66.28.1.89, 66.28.1.68
>
> BGP routing table entry for 205.147.98.0/23, version 2088153802
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
> 9498 17439 2.1348
> 38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76)
> Origin IGP, localpref 130, valid, internal, best
> Community: 174:981 174:10017 174:20999 174:21001 174:22013
> Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69,
> 66.28.1.89, 66.28.1.68
>
>
> _______________________________________________
> sanog mailing list
> sanog@sanog.org
> https://lists.sanog.org/mailman/listinfo/sanog
>
--
Anurag Bhatia
anuragbhatia.com
Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
Twitter<https://twitter.com/anurag_bhatia>
Skype: anuragbhatia.com
PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.sanog.org/pipermail/sanog/attachments/20140218/178e6c1d/attachment-0001.html>
------------------------------
Message: 5
Date: Mon, 17 Feb 2014 10:37:48 -0800
From: "=?utf-8?B?U3VyZXNoIFJhbWFzdWJyYW1hbmlhbg==?="
<sur...@hserus.net>
To: "=?utf-8?B?QW51cmFnIEJoYXRpYQ==?=" <m...@anuragbhatia.com>
Cc: mail=sanog@sanog. org <sanog@sanog.org>
Subject: Re: [SANOG] How to get off the Bogon IP list or get an
incorrectly advertised BGP announcement fixed
Message-ID: <e1wft4h-0006dw...@samwise.hserus.net>
Content-Type: text/plain; charset="utf-8"
This has bitten me at least once in the past so it is not something I would
forget in a hurry :)
--srs (htc one x)
----- Reply message -----
From: "Anurag Bhatia" <m...@anuragbhatia.com>
To: "Suresh Ramasubramanian" <sur...@hserus.net>
Cc: "Tarun Dua" <li...@tarundua.net>, <sanog@sanog.org>
Subject: [SANOG] How to get off the Bogon IP list or get an incorrectly
advertised BGP announcement fixed
Date: Mon, Feb 17, 2014 10:31 AM
Nice find Suresh!
Btw this brings to me to slightly unrelated issues of wrong RADB entries
for all such prefixes. The ISP which I represent has some prefix with RADB
entries from ISP which (I guess) had prefix years back before APNIC
re-allocated them. Isn't this very common? In traceroute with "-A" argument
we see multiple ASNs so many times (since -A is based on RADB data rather
than actual routing data).
On Mon, Feb 17, 2014 at 11:51 PM, Suresh Ramasubramanian
<sur...@hserus.net>wrote:
> Tarun Dua [17/02/14 23:13 +0530]:
>
> The prefix in question is 205.147.96.0/21
>>
>
> Cogent seems to think - and whois too - that it is split into /23s
> See the routeviews entries as well below
>
> http://www.onesc.net/communities/as174/ says 174:21001 Route is NA
> internal or customer route.
>
> by the way. And there's rr.arin.net / radb.net route registry entries for
> the covering /20 assigned to a legacy provider. Looks like that IP space
> was reclaimed by arin and allocated to apnic.
>
> suresh@samwise 12:17:34 <~> $ whois -h rr.arin.net 205.147.96.0/21
> % This is the ARIN Routing Registry.
>
> % Note: this output has been filtered.
> % To receive output for a database update, use the "-B" flag.
>
> % Information related to '205.147.96.0/20AS18999'
>
> route: 205.147.96.0/20
> descr: Poplar Bluff Internet, Inc.
> P.O. Box 190
> Poplar Bluff, MO 63902
> US
> origin: AS18999
> mnt-by: MNT-POPL
> source: ARIN # Filtered
>
>
> suresh@samwise 12:17:38 <~> $ whois -h whois.radb.net 205.147.96.0/21
> route: 205.147.96.0/20
> descr: Forced Object Correction
> origin: AS18999
> mnt-by: MAINT-AS7132
> changed: backb...@sbis.sbc.com 20060607
> source: RADB
>
> route: 205.147.96.0/20
> descr: Poplar Bluff Internet, Inc.
> P.O. Box 190
> Poplar Bluff, MO 63902
> US
> origin: AS18999
> mnt-by: MNT-POPL
> changed: ja...@semo.net 20051003
> source: ARIN
>
> routeviews lookups -
>
> BGP routing table entry for 205.147.96.0/21, version 436273
> Paths: (31 available, best #30, table Default-IP-Routing-Table)
> Not advertised to any peer
> 5459 174
> 195.66.232.239 from 195.66.232.239 (195.66.232.239)
> Origin IGP, localpref 100, valid, external
> Community: 174:21001 174:22013 5459:1 5459:60
> 3356 174
> 4.69.184.193 from 4.69.184.193 (4.69.184.193)
> Origin IGP, metric 0, localpref 100, valid, external
> Community: 3356:3 3356:22 3356:86 3356:575 3356:666 3356:2012
> 2914 174
> 129.250.0.11 from 129.250.0.11 (129.250.0.12)
> Origin IGP, metric 7, localpref 100, valid, external
> Community: 2914:420 2914:1008 2914:2000 2914:3000 65504:174
> 6939 1299 174
> 216.218.252.164 from 216.218.252.164 (216.218.252.164)
>
> Using cogent's looking glass
> http://www.cogentco.com/en/network/looking-glass
>
> I just get an entry for the /23 and then for another /23 but not a covering
> /21
>
> BGP routing table entry for 205.147.96.0/23, version 2088153801
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
> 9498 17439 2.1348
> 38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76)
> Origin IGP, localpref 130, valid, internal, best
> Community: 174:981 174:10017 174:20999 174:21001 174:22013
> Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69,
> 66.28.1.89, 66.28.1.68
>
> BGP routing table entry for 205.147.98.0/23, version 2088153802
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
> 9498 17439 2.1348
> 38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76)
> Origin IGP, localpref 130, valid, internal, best
> Community: 174:981 174:10017 174:20999 174:21001 174:22013
> Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69,
> 66.28.1.89, 66.28.1.68
>
>
> _______________________________________________
> sanog mailing list
> sanog@sanog.org
> https://lists.sanog.org/mailman/listinfo/sanog
>
--
Anurag Bhatia
anuragbhatia.com
Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
Twitter<https://twitter.com/anurag_bhatia>
Skype: anuragbhatia.com
PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.sanog.org/pipermail/sanog/attachments/20140217/e1650038/attachment.html>
------------------------------
_______________________________________________
sanog mailing list
sanog@sanog.org
https://lists.sanog.org/mailman/listinfo/sanog
End of sanog Digest, Vol 25, Issue 6
************************************
