Deciding whose network block is whose?
Justin W. Newton
justin at priori.net
Mon Dec 29 17:01:55 UTC 1997
Priori networks requires any customer who wants to announce a route to us
via BGP, or wants us to announce a route via BGP for them to have the
proper contact information available via rwhois at either the internic
(ARIN now I suppose), RIPE, or APNIC. We filter all incoming routing
announcements from customers by prefix. We have not yet had a problem
where someone has called and said we were announcing their block, so I
cannot tell you for certain what the resolution time for such an issue
At 09:17 AM 12/29/97 -0600, Sean Donelan wrote:
>When some random person decides to announce a subnet, what do providers
>accept as proof the person has authority to announce that subnet to the
>global Internet? Or the other side, when some random person calls up
>complaining that someone else is announcing a subnet without authorization
>what do providers accept as proof that the announcement is invalid?
>For example, lets say a difficult to reach ISP on the other side of the
>planet decided to announce a subnet DRA had assigned for use by one of our
>customers. Would major providers take my word a Hong Kong provider was
>wrong? Would major providers accept the registration information in WHOIS
>and/or IRR the network block had been delegated to me, and to no one else.
>Would major providers accept a statement from the APNIC that the HK ISP
>had never been delegated any part of the network block? What do you do
>when a major provider's front-line customer service personnel don't
>understand the problem, but says since the other person is a customer
>they have to believe them? Of course, the major provider can't get a
>hold of the customer either.
>Do providers normally just let customers announce any network, and only
>review things after receiving complaints. If so, how do such providers
>expect people to complain when one of their customers is causing problems.
>How many days, weeks, months is considered normal to reach a competent
>person at a major ISP that has the authority to block such a bogus
>announcement by one of their customers? Since some (one) major provider
>has a policy of not giving trouble ticket numbers when a non-customer
>calls, how much ruckus must be caused to get their management's attention?
>This can cause partial network outages lasting weeks in some cases. I
>hate the idea of needing to resort to things like filing formal criminal
>complaints because of the dumb management policy at a major provider, but
>it has been required in some other industries these providers operate
>in. Slamming is a prohibited practice for long distance carriers, and
>the customer can more or less easily get their phone number switched back
>to their original provider. How does a customer do the same thing when
>their IP network block gets slammed by another provider, or a customer
>of another provider?
>There seem to be major problems with several of the widely referred to
>network registration databases. I see Telstra (AS1221) is once again,
>Dec 29, 1997, announcing 184.108.40.206/24. While its possible that General
>Electric has an office in Australia, it seems an odd announcement. Other
>than Sprint's global default for 0/1 (and then SPRINT has the nerve to
>complain when people point default at them) there is no information in
>the IRR about valid origin ASNs for Net 3/8. Although Mr. Bono spoke
>up about some of GE's activities, other than James C. Shearer, who would
>have authority over subnets from network 3/8? And what to do when the
>listed contact has left, or worse is a generic position name (e.g.
>[email protected] or [email protected]).
>Even going by company names isn't enough, because some companies have
>very similar names, are merged, unmerged, sliced and diced. For example,
>the various companies have "Data Research" in their name, but have
>nothing to do with DRA. Nor is the DRA in the UK isn't affliated with
>the DRA in the USA.
>Network blocks delegated to non-ISPs were fairly easy, because it is
>uncommon to see subdelegations. But if you look at net 12/8 (AT&T),
>customer subnets are appearing in announcements from other providers.
>How do you decide when network blocks can be delegated, or not? In
>net 12/8 case, the WHOIS database lists some delegations, but the IRR
>shows different ones.
>But with CIDR it is even complicated figuring out what type of delegation
>was done for subnets. Take the case of 220.127.116.11 which is from a
>network block delegated to MCS. The history of this block is a bit odd.
>It appears the block 18.104.22.168/16 was first delegated on March 15, 1995
>to NET99. On March 29, 1995 22.214.171.124/18 was delegated to MCS. At
>some point later the delegation for 126.96.36.199/16 was deleted, and AGIS
>was delegated 188.8.131.52/18 and 184.108.40.206/17. Something funny
>happened to the database, because now MCS's registration date is
>March 29, 2019 (a Y2000 problem?). MCS registered a portion of their
>CIDR block in the IRR(MCI), 220.127.116.11/19. Goodnet registered an
>IRR(RADB) entry for 18.104.22.168/18. AGIS and PSI have overlapping
>registrations in the IRR(RADB) for 22.214.171.124/16. And, of course,
>there is the Sprint global default route in the IRR(RADB) for 192/2.
>Karl complained about AGIS announcing 126.96.36.199/24, but not about
>188.8.131.52/24 which is also being announced by AGIS.
>How do you tell the difference between a customer trying to move a
>delegated network address when switching providers, and someone whose
>announcement would cause problems.
>The problem of bogus routing has been getting worse. Is it going to
>take a disaster to get the attention of various provider's management?
>Sean Donelan, Data Research Associates, Inc, St. Louis, MO
> Affiliation given for identification not representation
Justin W. Newton voice: +1-650-482-2840
Senior Network Architect fax: +1-650-482-2844
PRIORI NETWORKS, INC. http://www.priori.net
Legislative and Policy Director, ISP/C http://www.ispc.org
"The People You Know. The People You Trust."
More information about the NANOG