Oddities in a bad route announcement
Sean Donelan
SEAN at SDG.DRA.COM
Sat May 29 09:52:53 UTC 1999
At first I thought this was just another Bay router causing Warwick
Online (ASN11606) to leak routes between UUNET and Sprint. But when I
looked into it, I found a few oddities. Unlike most bad route incidents,
this seems to hijack a route for very specific site. Usually bad routes
blackhole in the provider, so suffer so much congestion it is quickly noticed.
In addition, usually a more specific announcement caused the problem. You
could still find the "correct" route somewhere. In this case, I can't find
the real 192.104.54.0/24 announcement on route-server.cerf.net, digex
looking glass, or my own bgp sessions.
Yes, I've already reported this to the providers involved. But in the
more general sense, anyone have a hypothesis why this would happened?
The blockage of the real announcement from the direct upstream provider
seems very strange.
traceroute to infoserver.FCC.gov (192.104.54.3), 30 hops max, 38 byte packets
1 StLouis22-fe6-0-0.dra.net (192.65.218.2) 10 ms 0 ms 10 ms
2 sl-gw2-kc-3-7.sprintlink.net (144.232.129.97) 10 ms 10 ms 10 ms
3 sl-bb2-kc-12-0.sprintlink.net (144.224.20.2) 10 ms 10 ms 10 ms
4 sl-bb10-kc-1-1.sprintlink.net (144.232.2.21) 10 ms 10 ms 10 ms
5 sl-bb11-chi-4-0.sprintlink.net (144.232.9.118) 20 ms 20 ms 20 ms
6 sl-bb5-chi-0-0-0.sprintlink.net (144.232.0.170) 20 ms 20 ms 20 ms
7 sl-bb7-pen-5-0-0.sprintlink.net (144.228.10.37) 40 ms 40 ms 30 ms
8 sl-bb11-pen-1-3.sprintlink.net (144.232.5.57) 30 ms 40 ms 40 ms
9 sl-gw24-pen-4-0-0.sprintlink.net (144.232.5.182) 40 ms 50 ms 40 ms
10 sl-warwick-3-0-0.sprintlink.net (144.232.188.214) 40 ms 70 ms 60 ms
11 208.228.101.2 (208.228.101.2) 50 ms 50 ms 50 ms
12 905.Hssi2-0.GW3.NYC1.ALTER.NET (157.130.6.237) 50 ms 50 ms 50 ms
13 104.ATM3-0.XR1.NYC1.ALTER.NET (146.188.177.138) 60 ms 50 ms 60 ms
14 195.ATM3-0.TR1.NYC1.ALTER.NET (146.188.178.182) 60 ms 50 ms 50 ms
15 104.ATM5-0.TR1.DCA1.ALTER.NET (146.188.136.213) 60 ms 50 ms 50 ms
16 199.ATM6-0.XR1.DCA1.ALTER.NET (146.188.161.129) 50 ms 50 ms 50 ms
17 195.ATM9-0-0.GW2.DCA3.ALTER.NET (146.188.163.185) 50 ms 50 ms 50 ms
18 fcc.gov-gw.customer.alter.net (157.130.39.150) 60 ms 50 ms 60 ms
19 infoserver.fcc.gov (192.104.54.3) 50 ms * 50 ms
--
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Affiliation given for identification not representation
More information about the NANOG
mailing list