China prefix hijack

jul jul_bsd at yahoo.fr
Thu Apr 8 15:57:31 CDT 2010



I also see some of this from France.

On this incident/error, even if tools like BGPMon, watchmy.net and
others exactly did their roles, I asking myself if there are some other
public tools which can help.

CIDR returns Chinanet as the biggest announcer (but could be the case
previously)
97074688  	 Largest address span announced by an AS (/32s)
 	AS4134: CHINANET-BACKBONE No.31,Jin-rong Street
on http://www.cidr-report.org/as2.0/
Same stats from http://www.ris.ripe.net/dashboard/4134
I'm not sure either of them is real-time.

There is also a "hole" in
http://www.cymru.com/BGP/bgp_prefixes.html


So, how each one has assess the impact of this on his network ? How
could we check where route's propagation stop(ed) ?
Thanks to Renesys and Team Cymru for the stats of how many
prefixes/countries where affected.

I hope most Tier1 operators have rules to filter too big announces
changes to avoid the Youtube/Pakistan Telecom effect or i-root as said
previously.

thanks
Best regards,

	Jul


Grzegorz Janoszka wrote on 08/04/10 18:33:
> 
> Just half an hour ago China Telecom hijacked one of our prefixes:
> 
> Your prefix:          X.Y.Z.0/19:
> Prefix Description:   NETNAME
> Update time:          2010-04-08 15:58 (UTC)
> Detected by #peers:   1
> Detected prefix:      X.Y.Z.0/19
> Announced by:         AS23724 (CHINANET-IDC-BJ-AP IDC, China
> Telecommunications Corporation)
> Upstream AS:          AS4134 (CHINANET-BACKBONE No.31,Jin-rong Street)
> ASpath:               39792 4134 23724 23724
> 
> Luckily it had to be limited as only one BGPmon peer saw it. Anyone else
> noticed it?
> 





More information about the NANOG mailing list