China prefix hijack

jul jul_bsd at
Thu Apr 8 15:57:31 CDT 2010

I also see some of this from France.

On this incident/error, even if tools like BGPMon, and
others exactly did their roles, I asking myself if there are some other
public tools which can help.

CIDR returns Chinanet as the biggest announcer (but could be the case
97074688  	 Largest address span announced by an AS (/32s)
 	AS4134: CHINANET-BACKBONE No.31,Jin-rong Street
Same stats from
I'm not sure either of them is real-time.

There is also a "hole" in

So, how each one has assess the impact of this on his network ? How
could we check where route's propagation stop(ed) ?
Thanks to Renesys and Team Cymru for the stats of how many
prefixes/countries where affected.

I hope most Tier1 operators have rules to filter too big announces
changes to avoid the Youtube/Pakistan Telecom effect or i-root as said

Best regards,


Grzegorz Janoszka wrote on 08/04/10 18:33:
> Just half an hour ago China Telecom hijacked one of our prefixes:
> Your prefix:          X.Y.Z.0/19:
> Prefix Description:   NETNAME
> Update time:          2010-04-08 15:58 (UTC)
> Detected by #peers:   1
> Detected prefix:      X.Y.Z.0/19
> Announced by:         AS23724 (CHINANET-IDC-BJ-AP IDC, China
> Telecommunications Corporation)
> Upstream AS:          AS4134 (CHINANET-BACKBONE No.31,Jin-rong Street)
> ASpath:               39792 4134 23724 23724
> Luckily it had to be limited as only one BGPmon peer saw it. Anyone else
> noticed it?

More information about the NANOG mailing list