Anyone notice strange announcements for 126.96.36.199/24
Patrick W. Gilmore
patrick at ianai.net
Tue Jan 13 17:31:12 UTC 2009
On Jan 13, 2009, at 11:53 AM, David Barak wrote:
> --- On Tue, 1/13/09, Jared Mauch <jared at puck.nether.net> wrote:
>> No, they are both victims. If I inject a path that
>> there is an edge between two networks which are engaged in
>> a bitter
>> dispute, (i'll use cogent & sprint as an example) -
>> _1239_174_ that may
>> create a situation where someone asserts that their routes
>> being filtered when infact no connectivity exists.
> That's a theoretical possibility, but who would be the one doing the
> asserting? I would argue that it would either be the owner of the
> announced space or someone trying to reach it. In this case, nobody
> was trying to reach the /24 in question, and the owner was the one
> doing the experiment. Victimless crime, at most.
Interesting. You think it is OK to use my my ASN for things as long
as no one is trying to do those things?
>> Does that mean that I hijacked their identiy and forged
>> it? What level of trust do you place in the AS_PATH for your
>> routing, debugging and
>> decision making process?
> AS_PATH != identity, and I would not recommend loading the latter
> onto the former.
We disagree. When I am researching something, I frequently look at
ASNs in the path to figure out not just where but who controls the path.
>> Personally, I would be upset if someone injected a route
>> with my ASN in the AS_PATH without my permission.
> Why? Is this a theoretical "because it's ugly" complaint, or is
> there a reason why manipulating this particular BGP attribute in
> this particular way is so bad? Organizations do filtering and
> routing manipulation all over the place. Is there something worse
> about doing it this way than others?
Filtering and other manipulation happened on your router, prepending
my ASN is putting that information into every router. That seems to
be a serious qualitative difference to me. Do you disagree?
This thread has been interesting & educational. So many people seem
to be happy to explain why they should be allowed to use globally
unique identifiers they do not own in ways which were not intended,
then explain to the people who do own those identifiers how they
should react, which alarms should go off, and even which priority the
alarms should have.
As I have repeated probably hundreds of times: Your network, your
decision. I have yet to hear a credible argument against that
stance. What you do _inside_ your network is _your_ decision. When
it leaves your network, however, things change.
Announcing an ASN which is not yours to eBGP peers means it is leaving
your network, which means it is not just your business. Doing so and
then telling the ASN owner that they should not worry about it
afterwards - and in fact arguing when the owner repeatedly tells you
this caused them problems - does not seem to be the proper course of
I mentioned earlier in the thread if Cogent prepending Sprint's ASN to
Verio, people would react differently. Randy said tools can be used
for good or bad, obviously implying he's the good guy. He is not the
good guy. He used someone else's resources without their permission
and without even notifying them, costing them time & effort. Randy
doesn't get to decide if the ASN owner should have alerted or
investigated or whatever, and neither do any of you unless it is your
How can anyone seriously argue the ASN owner is somehow wrong and keep
a straight face? How can anyone else who actually runs a network not
see that as ridiculous?
More information about the NANOG