Oddities in a bad route announcement

Sean Donelan SEAN at SDG.DRA.COM
Sat May 29 09:52:53 UTC 1999


At first I thought this was just another Bay router causing Warwick
Online (ASN11606) to leak routes between UUNET and Sprint.  But when I
looked into it, I found a few oddities.  Unlike most bad route incidents,
this seems to hijack a route for very specific site.  Usually bad routes
blackhole in the provider, so suffer so much congestion it is quickly noticed.
In addition, usually a more specific announcement caused the problem.  You
could still find the "correct" route somewhere.  In this case, I can't find
the real 192.104.54.0/24 announcement on route-server.cerf.net, digex
looking glass, or my own bgp sessions.

Yes, I've already reported this to the providers involved.  But in the
more general sense, anyone have a hypothesis why this would happened?
The blockage of the real announcement from the direct upstream provider
seems very strange.

traceroute to infoserver.FCC.gov (192.104.54.3), 30 hops max, 38 byte packets
 1  StLouis22-fe6-0-0.dra.net (192.65.218.2)  10 ms  0 ms  10 ms
 2  sl-gw2-kc-3-7.sprintlink.net (144.232.129.97)  10 ms  10 ms  10 ms
 3  sl-bb2-kc-12-0.sprintlink.net (144.224.20.2)  10 ms  10 ms  10 ms
 4  sl-bb10-kc-1-1.sprintlink.net (144.232.2.21)  10 ms  10 ms  10 ms
 5  sl-bb11-chi-4-0.sprintlink.net (144.232.9.118)  20 ms  20 ms  20 ms
 6  sl-bb5-chi-0-0-0.sprintlink.net (144.232.0.170)  20 ms  20 ms  20 ms
 7  sl-bb7-pen-5-0-0.sprintlink.net (144.228.10.37)  40 ms  40 ms  30 ms
 8  sl-bb11-pen-1-3.sprintlink.net (144.232.5.57)  30 ms  40 ms  40 ms
 9  sl-gw24-pen-4-0-0.sprintlink.net (144.232.5.182)  40 ms  50 ms  40 ms
10  sl-warwick-3-0-0.sprintlink.net (144.232.188.214)  40 ms  70 ms  60 ms
11  208.228.101.2 (208.228.101.2)  50 ms  50 ms  50 ms
12  905.Hssi2-0.GW3.NYC1.ALTER.NET (157.130.6.237)  50 ms  50 ms  50 ms
13  104.ATM3-0.XR1.NYC1.ALTER.NET (146.188.177.138)  60 ms  50 ms  60 ms
14  195.ATM3-0.TR1.NYC1.ALTER.NET (146.188.178.182)  60 ms  50 ms  50 ms
15  104.ATM5-0.TR1.DCA1.ALTER.NET (146.188.136.213)  60 ms  50 ms  50 ms
16  199.ATM6-0.XR1.DCA1.ALTER.NET (146.188.161.129)  50 ms  50 ms  50 ms
17  195.ATM9-0-0.GW2.DCA3.ALTER.NET (146.188.163.185)  50 ms  50 ms  50 ms
18  fcc.gov-gw.customer.alter.net (157.130.39.150)  60 ms  50 ms  60 ms
19  infoserver.fcc.gov (192.104.54.3)  50 ms *  50 ms


-- 
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation




More information about the NANOG mailing list