Prefix hijacking by AS20115

Paul S. contact at winterei.se
Tue Sep 29 04:54:49 UTC 2015


+1, this is the only sensible advice here.

NSPs actually do seem to care about not letting things like these happen.

On 2015/09/29 01:24 PM, Hank Nussbacher wrote:
> At 23:11 28/09/2015 -0400, Josh Luthman wrote:
>
>> Start announcing their prefixes?
>
> Contact the upstreams of AS20115 - Cogent, Level3, HE and XO.
>
> -Hank
>
>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>> On Sep 28, 2015 11:09 PM, "Seth Mattinen" <sethm at rollernet.us> wrote:
>>
>> > On 9/28/15 18:30, William Herrin wrote:
>> >
>> >> On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen <sethm at rollernet.us>
>> >> wrote:
>> >>
>> >>> I've got a problem where AS20115 continues to announce prefixes 
>> after BGP
>> >>> neighbors were shutdown. They claim it's a wedged BGP process but 
>> aren't
>> >>> in
>> >>> any hurry to fix it outside of a maintenance window.
>> >>>
>> >>
>> >> If they weren't lying to you, they'd fix it now. That's not the kind
>> >> of problem that waits.
>> >>
>> >> Thing is: they lied to you. Long ago they "helpfully" programmed 
>> their
>> >> router to announce your route regardless of whether you sent a route
>> >> to them. They want to wait for a maintenance window to remove that
>> >> configuration.
>> >>
>> >>
>> >> I'm at a loss of what else I can do. They admit the problem but 
>> won't take
>> >>> action saying it needs to wait for a maintenance window. Am I out 
>> of line
>> >>> insisting that's an unacceptable response to a problem that 
>> results in
>> >>> prefix/traffic hijacking?
>> >>>
>> >>
>> >> Try dropping the link entirely. If they still announce your 
>> addresses,
>> >> bring it back up but report it as emergency down, escalate, and call
>> >> back every 10 minutes until the junior tech understands that it's 
>> time
>> >> to call and wake up the guy who makes the decision to fix it now.
>> >>
>> >>
>> >
>> > I'm at the tail end here almost 8 hours later since the hijacking 
>> started.
>> > Their NOC is just blowing me off now and they're happy to continue the
>> > hijacking until it's convenient for them to have a maintenance 
>> window. And
>> > that's apparently the final decision.
>> >
>> > ~Seth
>> >
>




More information about the NANOG mailing list