Prefix hijacking by AS20115
Martin Hannigan
hannigan at gmail.com
Tue Sep 29 03:19:29 UTC 2015
Is this related to 104.73.161.0/24? That's ours. :-)
We'll take a look and get back to you. Thanks for caring!
Best,
Marty
> On Sep 28, 2015, at 23:08, Seth Mattinen <sethm at rollernet.us> wrote:
>
>> On 9/28/15 18:30, William Herrin wrote:
>>> On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen <sethm at rollernet.us> wrote:
>>> I've got a problem where AS20115 continues to announce prefixes after BGP
>>> neighbors were shutdown. They claim it's a wedged BGP process but aren't in
>>> any hurry to fix it outside of a maintenance window.
>>
>> If they weren't lying to you, they'd fix it now. That's not the kind
>> of problem that waits.
>>
>> Thing is: they lied to you. Long ago they "helpfully" programmed their
>> router to announce your route regardless of whether you sent a route
>> to them. They want to wait for a maintenance window to remove that
>> configuration.
>>
>>
>>> I'm at a loss of what else I can do. They admit the problem but won't take
>>> action saying it needs to wait for a maintenance window. Am I out of line
>>> insisting that's an unacceptable response to a problem that results in
>>> prefix/traffic hijacking?
>>
>> Try dropping the link entirely. If they still announce your addresses,
>> bring it back up but report it as emergency down, escalate, and call
>> back every 10 minutes until the junior tech understands that it's time
>> to call and wake up the guy who makes the decision to fix it now.
>
>
> I'm at the tail end here almost 8 hours later since the hijacking started. Their NOC is just blowing me off now and they're happy to continue the hijacking until it's convenient for them to have a maintenance window. And that's apparently the final decision.
>
> ~Seth
More information about the NANOG
mailing list