Re: IPv4 and IPv6 hijacking by AS 6
On Fri, Apr 13, 2018 at 10:35 PM, Randy Bush wrote: > > I believe we've seen bogus low AS number announcements a few times > > before, and they've usually been caused by attemts to configure > > AS path prepending without understanding and/or reading the docs. > > > > Someone might have wrongly assumed that > > > >set as-path prepend 133711 133711 > > > > could be written shorter like > > > >set as-path prepend 133711 2 > > > > and there you go... > > for someone else's prefix? > Perhaps their policy is something like: "prepend all of transit-provider-1 prefixes by 2, their links are crappy today" followed by output policy: "permit all of my prefixes (matched by as-path-regex) and my customer prefixes (matched by community)" there's probably a bunch of ways this can go sideways, that's just one simple (and seen before) example.
Re: IPv4 and IPv6 hijacking by AS 6
> I believe we've seen bogus low AS number announcements a few times > before, and they've usually been caused by attemts to configure > AS path prepending without understanding and/or reading the docs. > > Someone might have wrongly assumed that > >set as-path prepend 133711 133711 > > could be written shorter like > >set as-path prepend 133711 2 > > and there you go... for someone else's prefix?
Re: IPv4 and IPv6 hijacking by AS 6
Dear Jason, On Fri, Apr 13, 2018 at 02:17:47PM -0400, Jason S. Cash wrote: > Yes, ASN2 sees about 1-4 configuration related "rogue" announcements > per month. What is going on right now does not appear to be a small > misconfiguration. > > The only route we (University of Delaware) are announcing w/ ASN2 is > 128.4.0.0/16. Is this actually causing your organisation issues in terms of reachability, or additional workload for staff, or is it just a strange artifact you've learned to live with? Kind regards, Job
Re: IPv4 and IPv6 hijacking by AS 6
On Fri, 13 Apr 2018, Bjørn Mork wrote: Date: Fri, 13 Apr 2018 10:13:47 +0200 From: Bjørn Mork To: Anurag Bhatia Cc: North American Network Operators' Group Subject: Re: IPv4 and IPv6 hijacking by AS 6 Anurag Bhatia writes: Similar for AS2. I believe we've seen bogus low AS number announcements a few times before, and they've usually been caused by attemts to configure AS path prepending without understanding and/or reading the docs. Someone might have wrongly assumed that set as-path prepend 133711 133711 could be written shorter like set as-path prepend 133711 2 and there you go... Yes, ASN2 sees about 1-4 configuration related "rogue" announcements per month. What is going on right now does not appear to be a small misconfiguration. The only route we (University of Delaware) are announcing w/ ASN2 is 128.4.0.0/16. Jason Jason Cash Deputy CIO University of Delaware c...@udel.edu 302-831-0461
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG, IRNOG and the RIPE Routing WG. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith . Routing Table Report 04:00 +10GMT Sat 14 Apr, 2018 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary BGP routing table entries examined: 694221 Prefixes after maximum aggregation (per Origin AS): 268062 Deaggregation factor: 2.59 Unique aggregates announced (without unneeded subnets): 333993 Total ASes present in the Internet Routing Table: 60376 Prefixes per ASN: 11.50 Origin-only ASes present in the Internet Routing Table: 52151 Origin ASes announcing only one prefix: 22835 Transit ASes present in the Internet Routing Table:8225 Transit-only ASes present in the Internet Routing Table:268 Average AS path length visible in the Internet Routing Table: 4.0 Max AS path length visible: 34 Max AS path prepend of ASN ( 30873) 32 Prefixes from unregistered ASNs in the Routing Table:46 Number of instances of unregistered ASNs:46 Number of 32-bit ASNs allocated by the RIRs: 22190 Number of 32-bit ASNs visible in the Routing Table: 17842 Prefixes from 32-bit ASNs in the Routing Table: 74177 Number of bogon 32-bit ASNs visible in the Routing Table:16 Special use prefixes present in the Routing Table:3 Prefixes being announced from unallocated address space:367 Number of addresses announced to Internet: 2862806274 Equivalent to 170 /8s, 162 /16s and 245 /24s Percentage of available address space announced: 77.3 Percentage of allocated address space announced: 77.3 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 98.9 Total number of prefixes smaller than registry allocations: 231118 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes: 190229 Total APNIC prefixes after maximum aggregation: 53961 APNIC Deaggregation factor:3.53 Prefixes being announced from the APNIC address blocks: 189163 Unique aggregates announced from the APNIC address blocks:77142 APNIC Region origin ASes present in the Internet Routing Table:8713 APNIC Prefixes per ASN: 21.71 APNIC Region origin ASes announcing only one prefix: 2428 APNIC Region transit ASes present in the Internet Routing Table: 1303 Average APNIC Region AS path length visible:4.0 Max APNIC Region AS path length visible: 29 Number of APNIC region 32-bit ASNs visible in the Routing Table: 3675 Number of APNIC addresses announced to Internet: 767084034 Equivalent to 45 /8s, 184 /16s and 198 /24s APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 63488-64098, 64297-64395, 131072-137529 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8, 163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:206423 Total ARIN prefixes after maximum aggregation:98887 ARIN Deaggregation factor: 2.09 Prefixes being announced from the ARIN address blocks: 206893 Unique aggregates announced from the ARIN address blocks: 97703 ARIN Region origin ASes present in the Internet Routing Table:18135 ARIN Prefixes per ASN:11.41 A
Re: IPv4 and IPv6 hijacking by AS 6
Unfortunately, that's how it's done in route policy on XR, so people bouncing between flavors can easily make that mistake. On 4/13/18, 4:15 AM, "NANOG on behalf of Bjørn Mork" wrote: Anurag Bhatia writes: > Similar for AS2. I believe we've seen bogus low AS number announcements a few times before, and they've usually been caused by attemts to configure AS path prepending without understanding and/or reading the docs. Someone might have wrongly assumed that set as-path prepend 133711 133711 could be written shorter like set as-path prepend 133711 2 and there you go... Bjørn
Re: IPv4 and IPv6 hijacking by AS 6
> On Apr 13, 2018, at 12:27 AM, Vincent Bernat wrote: > > Maybe AS6 is used internally by the next AS on the path? I've definitely seen (and sadly, interacted with) operators that solved their "why doesn't non-meshed iBGP do what I'm expecting" problems by simply using different low-numbered ASNs internally (1,2,3... 19) instead of proper private ASNs. Theo
Re: IPv4 and IPv6 hijacking by AS 6
Anurag Bhatia writes: > Similar for AS2. I believe we've seen bogus low AS number announcements a few times before, and they've usually been caused by attemts to configure AS path prepending without understanding and/or reading the docs. Someone might have wrongly assumed that set as-path prepend 133711 133711 could be written shorter like set as-path prepend 133711 2 and there you go... Bjørn