Operators Penalized? (was Re: Kenyan Route Hijack)

• Previous message (by thread): Operators Penalized? (was Re: Kenyan Route Hijack)
• Next message (by thread): Operators Penalized? (was Re: Kenyan Route Hijack)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 17, 2008 at 8:48 PM, Larry J. Blunk <ljb at merit.edu> wrote:
>    RFC2827 is about source address filtering which
>  is not really the same as BGP route announcement
>  filtering.  Unfortunately, I have not come across

Yup, radb etc for that. Not fully awake when I wrote that, and hit
send too soon.

The PTCL thing was deliberate origination of a bogus prefix, meant for
consumption by Pakistani ISPs .  Abovenet too - they surely intended
SOMETHING (no idea what) -  announcements dont come tagged with
communities (and communities with maybe 130 odd prefixes out of the
huge number that abovenet advertises) simply by accident.    Leaking
that prefix out might be accidental - or it was not leaked at all,
abovenet is massive, lots of transit customers.

PTCL leaking youtube prefixes out to the world rather than pakistani
ISPs was an accident.  And their upstream PCCW not filtering weird and
wonderful route advertisements from downstream customers was .. well,
a decision that PCCW took (or rather, chose not to take)

That wasnt the first bogus announcement PTCL made .. about a day or so
after l'affaire youtube, I looked up PTCL's AS17557 on cidr-report,
which also lists allocations announced and withdrawn in the past week.
 One interesting allocation ..

          22.22.22.0/24                 22.0.0.0/8

      Prefixes added and withdrawn by this origin AS in the past 7 days.

          - 22.22.22.0/24               Withdrawn

That's nic.mil IP space - and that sounds a lot like someone with
enable at PTCL probably meant 202 or something similar, but is in the
habit of typing new routes directly into production routers, rather
than pasting it into a text editor and doing some syntax checking
first, using cvs or svn for routes etc.

There are enough calls for sBGP and such - but a lot can be
accomplished before then simply by doing all the mom and apple pie
best practice stuff (and by carrot-and-sticking other SPs into doing
them, more importantly - especially any that fit the "large carrier
upstream of multiple smaller ISPs with less than clued admins" type
places.     http://www.apnic.net/meetings/22/docs/tut-routing-pres-bgp-bcp.pdf
for example.

srs

• Previous message (by thread): Operators Penalized? (was Re: Kenyan Route Hijack)
• Next message (by thread): Operators Penalized? (was Re: Kenyan Route Hijack)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]