Indonesian ISP Moratel announces Google's prefixes

Wed Nov 7 05:21:56 UTC 2012

I don't know what Google and Moratel's peering agreement, but "leak"?
educate me, Google is announcing /24 for all of their 4 NS prefix and
8.8.8.0/24 for their public DNS server, how did Moratel leak those routes
to Internet?

On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore <patrick at ianai.net>wrote:

> On Nov 07, 2012, at 00:07 , Jian Gu <guxiaojian at gmail.com> wrote:
>
> > Where did you get the idea that a Moratel customer announced a
> google-owned
> > prefix to Moratel and Moratel did not have the proper filters in place?
> > according to the blog, all google's 4 authoritative DNS server networks
> and
> > 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for a
> > Moratel customers announce all those prefixes?
>
> Ah, right, they just leaked Google's prefix.  I thought a customer
> originated the prefix.
>
> Original question still stands.  Which attribute do you expect Google to
> set to stop this?
>
> Hint: Don't say No-Advertise, unless you want peers to only talk to the
> adjacent AS, not their customers or their customers' customers, etc.
>
> Looking forward to your answer.
>
> --
> TTFN,
> patrick
>
>
> > On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore <patrick at ianai.net
> >wrote:
> >
> >> On Nov 06, 2012, at 23:48 , Jian Gu <guxiaojian at gmail.com> wrote:
> >>
> >>> What do you mean hijack? Google is peering with Moratel, if Google does
> >> not
> >>> want Moratel to advertise its routes to Moratel's peers/upstreams, then
> >>> Google should've set the correct BGP attributes in the first place.
> >>
> >> That doesn't make the slightest bit of sense.
> >>
> >> If a Moratel customer announced a Google-owned prefix to Moratel, and
> >> Moratel did not have the proper filters in place, there is nothing
> Google
> >> could do to stop the hijack from happening.
> >>
> >> Exactly what attribute do you think would stop this?
> >>
> >> --
> >> TTFN,
> >> patrick
> >>
> >>
> >>> On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia <me at anuragbhatia.com>
> >> wrote:
> >>>
> >>>> Another case of route hijack -
> >>>>
> >>
> http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about
> >>>>
> >>>>
> >>>>
> >>>> I am curious if big networks have any pre-defined filters for big
> >> content
> >>>> providers like Google to avoid these? I am sure internet community
> >> would be
> >>>> working in direction to somehow prevent these issues. Curious to know
> >>>> developments so far.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> Thanks.
> >>>>
> >>>>
> >>>> --
> >>>>
> >>>> Anurag Bhatia
> >>>> anuragbhatia.com
> >>>>
> >>>> Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
> >>>> Twitter<https://twitter.com/anurag_bhatia>|
> >>>> Google+ <https://plus.google.com/118280168625121532854>
> >>>>
> >>>
> >>
> >>
> >>
>
>
>