Re: [swinog] Announcement of 'china government' routes 125.208.4[567].0/24 forbidden?
On 2020-08-27 17:16, Benoit Panizzon wrote: Hi List A customer complained, he cannot reach the website of chinese embassy in Switzerland. CH.CHINA-EMBASSY.ORG The DNS Servers are hosted under 125.208.4[567].0/24 and none of our peers do announce those routes to us. The all, according to the looking glasses, seem to get those routes announced from AS24406 CNNIC but do not redistribute them. https://stat.ripe.net/125.208.46.1#tabId=at-a-glance "125.208.46.0/24 is visible by 99% of 322 IPv4 RIS full peers." Seems many get it. Greets, Jeroen Pudding: Telia has a route amongst others: traceroute to 125.208.46.1 (125.208.46.1), 30 hops max, 60 byte packets 1 r2win7.core.init7.net (213.144.131.49) 0.399 ms 0.300 ms 0.298 ms 2 r1win6.core.init7.net (77.109.140.194) 0.345 ms 0.303 ms 8.952 ms 3 r1zrh6.core.init7.net (82.197.168.101) 3.714 ms 7.947 ms 3.632 ms 4 r1glb1.core.init7.net (82.197.168.223) 0.696 ms 0.662 ms 0.774 ms 5 r1zrh2.core.init7.net (77.109.128.237) 0.949 ms 0.917 ms 0.872 ms 6 zch-b2-link.telia.net (62.115.148.48) 6.748 ms 6.817 ms 7.364 ms 7 prs-bb4-link.telia.net (62.115.135.128) 154.649 ms 153.825 ms 153.758 ms 8 ldn-bb3-link.telia.net (62.115.123.68) 157.327 ms ldn-bb3-link.telia.net (62.115.134.93) 156.875 ms ldn-bb3-link.telia.net (62.115.123.68) 156.408 ms 9 * * * 10 * chi-b23-link.telia.net (62.115.137.59) 113.334 ms * 11 sea-b2-link.telia.net (62.115.117.48) 155.829 ms 155.826 ms 155.446 ms 12 chinamobile-ic-342124-sea-b2.c.telia.net (62.115.171.221) 155.576 ms * 157.235 ms 13 223.120.6.53 (223.120.6.53) 169.313 ms * * 14 223.120.12.34 (223.120.12.34) 354.228 ms chinamobile-ic-342124-sea-b2.c.telia.net (62.115.171.221) 166.138 ms 223.120.12.34 (223.120.12.34) 354.171 ms 15 221.183.55.110 (221.183.55.110) 366.540 ms 366.853 ms * 16 * *^C $ dig +trace CH.CHINA-EMBASSY.ORG ; <<>> DiG 9.16.3 <<>> +trace CH.CHINA-EMBASSY.ORG ;; global options: +cmd . 204425 IN NS h.root-servers.net. . 204425 IN NS m.root-servers.net. . 204425 IN NS k.root-servers.net. . 204425 IN NS g.root-servers.net. . 204425 IN NS b.root-servers.net. . 204425 IN NS i.root-servers.net. . 204425 IN NS d.root-servers.net. . 204425 IN NS l.root-servers.net. . 204425 IN NS a.root-servers.net. . 204425 IN NS f.root-servers.net. . 204425 IN NS c.root-servers.net. . 204425 IN NS j.root-servers.net. . 204425 IN NS e.root-servers.net. . 289637 IN RRSIG NS 8 0 518400 2020090617 2020082416 46594 . t6M8J6ex2mlP8Tn+WIlrNB7SAYPv+6+uWn6Ppeu1+IyRhHDYMfdBjG9n QoNUHv6tfhhAPoR4G1zbzRsH3JPciZMwiBJpHcp0Uz9wVQgJBl9PDQ1c fu8iA/7lXo8kCpB0/cgBjvfHfGXF+Gwsvrvve/A8zhxKbiRtgoDNRDe1 /3vkZzLJUODOqlXiIfm2qudMz/y01+siFYM/pgLk5zJbn/4BnAe/9kUc MbqGi7wD5SdlloJ0UYtu5q0LTVu5EQ6JC7s/qgxGAvEiBCRqlo1CKIP/ /bzs4+Krxu01pvGmlsnmOqOCff13EvKPaQt1yuzCO7VzYDXchOfazHnX n/mGJg== ;; Received 1125 bytes from 8.8.8.8#53(8.8.8.8) in 1 ms org.172800 IN NS b0.org.afilias-nst.org. org.172800 IN NS a0.org.afilias-nst.info. org.172800 IN NS b2.org.afilias-nst.org. org.172800 IN NS a2.org.afilias-nst.info. org.172800 IN NS d0.org.afilias-nst.org. org.172800 IN NS c0.org.afilias-nst.info. org.86400 IN DS 17883 7 1 38C5CF93B369C7557E0515FAAA57060F1BFB12C1 org. 86400 IN DS 17883 7 2 D889CAD790F01979E860D6627B58F85AB554E0E491FE06515F35548D 1EB4E6EE org. 86400 IN RRSIG DS 8 1 86400 2020090905 2020082704 46594 . DUBoJT8syNiDGXHXEivBinzu4dFrqKrNSL2Ppwx05Ze+ktzNjSMaBEdm qsWfpBJhgeafBORxwVaq2/4HtZUztd1syWETyBzz6/DjuMCej+vsj5W0 3dX2IfLQCbgL+15N3OsWsIdA87OADUUKFAP6Y18vhvAwMLxC8BuszBcF 8xEYSGGkEKV+rJTHsp1/aNBl0ovKuViB4Ja1cn8u3VQelhfM1IT6SvlB RH3AjpRGUhmuR4kkjKdHADX273nt7TIboLYaM8OPSC8fqjQRkOY5hvk/ h9UNfO0w6ms9MbURoKL7WFhk0glzLtAPcxjHPdkX1qM2U4OCv30kU17T eH2Xuw== ;; Received 853 bytes from 2001:500:200::b#53(b.root-servers.net) in 139 ms china-embassy.org. 86400 IN NS ns.fmprc.gov.cn. china-embassy.org. 86400 IN NS ns3.fmprc.gov.cn. h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB H9P94CHNCUOADBOKM57JBRIMA2O6J0IQ NS SOA RRSIG DNSKEY NSEC3PARAM h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400 20200917154745 20200827144745 21869 org. hVuKf+InL1VJg6zZWYfHiE/KWQTurhYGL1ZAm01XldC7qCkh0HvUPXJf YOfsh9ce6SW+SARSOcKDWY87geZn3iqfQ60aBYtVuz/paw+ShjTlO4pq Pk7xSFRqxXdwiz
Re: [swinog] Announcement of 'china government' routes 125.208.4[567].0/24 forbidden?
"Not Advertised to any peer" means that the Looking Glass itself is not re-distributing/Announcing it to another peer. This is perfectly normal, we keep our internal RR split from the RR that does the route collection and then has a looking glass. The Looking glass then has a clear "import only, export nothing" policy so yes this would also be "not advertised to any peer" with your look up on the looking glass, you are looking at the view of this one BGP table, you're not seeing what the actual border routers are doing. This only tells you the presence of a route, not the actual redistribution At least this is my understanding here ;) Silvan - Ursprüngliche Mail - Von: "Benoit Panizzon" An: "Nico Schottelius" CC: "swinog" Gesendet: Donnerstag, 27. August 2020 15:33:53 Betreff: Re: [swinog] Announcement of 'china government' routes 125.208.4[567].0/24 forbidden? Well, when I use the Sunrise LG: BGP routing table entry for 125.208.47.0/24, version 252176985 Paths: (4 available, best #1, table default) Not advertised to any peer ^-- see! 4134 24151 193.192.254.35 from 193.192.254.35 (212.161.178.83) Origin incomplete, metric 20, localpref 80, valid, internal, best Community: 6730:6200 6730:6222 4134 24151 193.192.254.34 from 193.192.254.34 (212.161.178.93) Origin incomplete, metric 20, localpref 80, valid, internal Community: 6730:6200 6730:6223 4134 24151 212.161.178.83 from 212.161.174.11 (212.161.174.11) Origin incomplete, metric 20, localpref 80, valid, internal Community: 6730:6200 6730:6222 Originator: 212.161.178.83, Cluster list: 0.0.3.120 4134 24151 212.161.178.83 from 212.161.174.10 (212.161.174.10) Origin incomplete, metric 20, localpref 80, valid, internal Community: 6730:6200 6730:6222 Originator: 212.161.178.83, Cluster list: 0.0.3.120 We don't get them! Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Announcement of 'china government' routes 125.208.4[567].0/24 forbidden?
Hi Benoit, from sunrise FTTH in Pfaeffikon/sz it looks "not too bad": $ traceroute 125.208.4.1 traceroute to 125.208.4.1 (125.208.4.1), 30 hops max, 60 byte packets 1 fritz.box (192.168.1.1) 0.647 ms 0.637 ms 0.715 ms 2 xdsl-31-165-201-1.adslplus.ch (31.165.201.1) 6.064 ms 5.898 ms 5.808 ms 3 oer02pe10.ge2-1-13.bb.sunrise.net (195.141.216.166) 6.476 ms rap31pe02.ge3-0-9.bb.sunrise.net (195.141.216.154) 5.718 ms 6.239 ms 4 * * * 5 zur01pe20.100ge-2-0-0.bb.sunrise.net (212.161.247.129) 5.636 ms 5.473 ms oer02pe20.100ge-2-0-0.bb.sunrise.net (212.161.247.133) 6.098 ms 6 et-0-0-17.bar1.Zurich3.Level3.net (213.242.67.149) 5.936 ms 2.198 ms 2.496 ms 7 ae-2-52.ear1.LosAngeles6.Level3.net (4.69.210.97) 154.041 ms 153.142 ms 153.365 ms 8 ffm-b1-link.telia.net (62.115.141.241) 18.508 ms CHINA-NETCO.ear1.LosAngeles6.Level3.net (4.26.2.166) 165.020 ms ffm-b1-link.telia.net (62.115.141.239) 18.399 ms 9 219.158.117.13 (219.158.117.13) 361.929 ms 361.874 ms 219.158.45.29 (219.158.45.29) 265.678 ms 10 219.158.3.133 (219.158.3.133) 368.084 ms 368.033 ms 360.478 ms 11 * 219.158.3.133 (219.158.3.133) 232.447 ms * 12 219.158.8.121 (219.158.8.121) 297.611 ms 286.350 ms * 13 219.158.7.225 (219.158.7.225) 299.828 ms 125.33.185.226 (125.33.185.226) 383.848 ms 124.65.194.22 (124.65.194.22) 246.454 ms 14 61.148.157.110 (61.148.157.110) 250.196 ms 124.65.194.78 (124.65.194.78) 289.955 ms 61.48.75.178 (61.48.75.178) 397.433 ms 15 61.148.157.110 (61.148.157.110) 302.523 ms * * 16 125.208.16.238 (125.208.16.238) 383.800 ms * * 17 125.208.16.218 (125.208.16.218) 243.419 ms 125.208.16.238 (125.208.16.238) 256.912 ms 257.021 ms 18 125.208.15.82 (125.208.15.82) 267.987 ms 125.208.4.1 (125.208.4.1) 387.041 ms 387.076 ms cheers Ralph - Am 27. Aug 2020 um 17:33 schrieb Benoit Panizzon benoit.paniz...@imp.ch: > Well, when I use the Sunrise LG: > > BGP routing table entry for 125.208.47.0/24, version 252176985 > Paths: (4 available, best #1, table default) > > Not advertised to any peer > ^-- see! > > 4134 24151 >193.192.254.35 from 193.192.254.35 (212.161.178.83) > Origin incomplete, metric 20, localpref 80, valid, internal, best > Community: 6730:6200 6730:6222 > 4134 24151 >193.192.254.34 from 193.192.254.34 (212.161.178.93) > Origin incomplete, metric 20, localpref 80, valid, internal > Community: 6730:6200 6730:6223 > 4134 24151 >212.161.178.83 from 212.161.174.11 (212.161.174.11) > Origin incomplete, metric 20, localpref 80, valid, internal > Community: 6730:6200 6730:6222 > Originator: 212.161.178.83, Cluster list: 0.0.3.120 > 4134 24151 >212.161.178.83 from 212.161.174.10 (212.161.174.10) > Origin incomplete, metric 20, localpref 80, valid, internal > Community: 6730:6200 6730:6222 > Originator: 212.161.178.83, Cluster list: 0.0.3.120 > > We don't get them! > > Mit freundlichen Grüssen > > -Benoît Panizzon- > -- > I m p r o W a r e A G-Leiter Commerce Kunden > __ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 PrattelnFax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > __ > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Announcement of 'china government' routes 125.208.4[567].0/24 forbidden?
Well, when I use the Sunrise LG: BGP routing table entry for 125.208.47.0/24, version 252176985 Paths: (4 available, best #1, table default) Not advertised to any peer ^-- see! 4134 24151 193.192.254.35 from 193.192.254.35 (212.161.178.83) Origin incomplete, metric 20, localpref 80, valid, internal, best Community: 6730:6200 6730:6222 4134 24151 193.192.254.34 from 193.192.254.34 (212.161.178.93) Origin incomplete, metric 20, localpref 80, valid, internal Community: 6730:6200 6730:6223 4134 24151 212.161.178.83 from 212.161.174.11 (212.161.174.11) Origin incomplete, metric 20, localpref 80, valid, internal Community: 6730:6200 6730:6222 Originator: 212.161.178.83, Cluster list: 0.0.3.120 4134 24151 212.161.178.83 from 212.161.174.10 (212.161.174.10) Origin incomplete, metric 20, localpref 80, valid, internal Community: 6730:6200 6730:6222 Originator: 212.161.178.83, Cluster list: 0.0.3.120 We don't get them! Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Announcement of 'china government' routes 125.208.4[567].0/24 forbidden?
Hi Benoit Both DNS servers (NS.FMPRC.GOV.CN (125.208.45.1)) and NS3.FMPRC.GOV.CN (125.208.46.1) are slow, but working for me. m@SRV-EXT01:~# dig +short A @NS.FMPRC.GOV.CN CH.CHINA-EMBASSY.ORG ch.china-embassy.org.whecloud.com. m@SRV-EXT01:~# dig +short A @NS3.FMPRC.GOV.CN CH.CHINA-EMBASSY.ORG ch.china-embassy.org.whecloud.com. Freundliche Grüsse Matias Meier -Ursprüngliche Nachricht- Von: swinog-boun...@lists.swinog.ch [mailto:swinog-boun...@lists.swinog.ch] Im Auftrag von Benoit Panizzon Gesendet: Donnerstag, 27. August 2020 17:16 An: swinog@lists.swinog.ch Betreff: [swinog] Announcement of 'china government' routes 125.208.4[567].0/24 forbidden? Hi List A customer complained, he cannot reach the website of chinese embassy in Switzerland. CH.CHINA-EMBASSY.ORG The DNS Servers are hosted under 125.208.4[567].0/24 and none of our peers do announce those routes to us. The all, according to the looking glasses, seem to get those routes announced from AS24406 CNNIC but do not redistribute them. Do others also see this issue? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Announcement of 'china government' routes 125.208.4[567].0/24 forbidden?
Hey Benoit, we get them both via Netstream and Sunrise: [17:29] router1.place5:~# birdc show route 125.208.45.0/24 BIRD 2.0.7 ready. Table master4: 125.208.45.0/24 unicast [sunrise_1_v4 12:29:14.872] * (100) [AS24151?] via 193.192.225.72 on bond0.101 unicast [router1_place6_ungleich_ch_v4 2020-07-05] (100) [AS24151?] via 147.78.195.251 on bond0.8 unicast [router2_place6_ungleich_ch_v4 2020-07-05] (100) [AS24151?] via 147.78.195.252 on bond0.8 [17:29] router1.place5:~# HTH, Nico Benoit Panizzon writes: > Hi List > > A customer complained, he cannot reach the website of chinese embassy in > Switzerland. > > CH.CHINA-EMBASSY.ORG > > The DNS Servers are hosted under 125.208.4[567].0/24 and none of our > peers do announce those routes to us. > > The all, according to the looking glasses, seem to get those routes > announced from AS24406 CNNIC but do not redistribute them. > > Do others also see this issue? > > Mit freundlichen Grüssen > > -Benoît Panizzon- -- Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Announcement of 'china government' routes 125.208.4[567].0/24 forbidden?
Hi List A customer complained, he cannot reach the website of chinese embassy in Switzerland. CH.CHINA-EMBASSY.ORG The DNS Servers are hosted under 125.208.4[567].0/24 and none of our peers do announce those routes to us. The all, according to the looking glasses, seem to get those routes announced from AS24406 CNNIC but do not redistribute them. Do others also see this issue? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
