Indonesian ISP Moratel announces Google's prefixes

Wed Nov 7 05:26:59 UTC 2012

On Nov 07, 2012, at 00:21 , Jian Gu <guxiaojian at gmail.com> wrote:

> I don't know what Google and Moratel's peering agreement, but "leak"?
> educate me, Google is announcing /24 for all of their 4 NS prefix and
> 8.8.8.0/24 for their public DNS server, how did Moratel leak those routes
> to Internet?

Downthread, someone said what is typical with peering prefixes, i.e. announce to customers, not to peers or upstreams.  How do you think peering works?

However, I place most of the blame on PCCW for crappy filtering of their customers.  And I'm a little surprised to see nLayer in the path.  Shame on them!  (Does that have any effect any more? :)

Oh, and we are still waiting for an answer: Which attribute do you think Google could have used to stop this?

-- 
TTFN,
patrick

> On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore <patrick at ianai.net>wrote:
> 
>> On Nov 07, 2012, at 00:07 , Jian Gu <guxiaojian at gmail.com> wrote:
>> 
>>> Where did you get the idea that a Moratel customer announced a
>> google-owned
>>> prefix to Moratel and Moratel did not have the proper filters in place?
>>> according to the blog, all google's 4 authoritative DNS server networks
>> and
>>> 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for a
>>> Moratel customers announce all those prefixes?
>> 
>> Ah, right, they just leaked Google's prefix.  I thought a customer
>> originated the prefix.
>> 
>> Original question still stands.  Which attribute do you expect Google to
>> set to stop this?
>> 
>> Hint: Don't say No-Advertise, unless you want peers to only talk to the
>> adjacent AS, not their customers or their customers' customers, etc.
>> 
>> Looking forward to your answer.
>> 
>> --
>> TTFN,
>> patrick
>> 
>> 
>>> On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore <patrick at ianai.net
>>> wrote:
>>> 
>>>> On Nov 06, 2012, at 23:48 , Jian Gu <guxiaojian at gmail.com> wrote:
>>>> 
>>>>> What do you mean hijack? Google is peering with Moratel, if Google does
>>>> not
>>>>> want Moratel to advertise its routes to Moratel's peers/upstreams, then
>>>>> Google should've set the correct BGP attributes in the first place.
>>>> 
>>>> That doesn't make the slightest bit of sense.
>>>> 
>>>> If a Moratel customer announced a Google-owned prefix to Moratel, and
>>>> Moratel did not have the proper filters in place, there is nothing
>> Google
>>>> could do to stop the hijack from happening.
>>>> 
>>>> Exactly what attribute do you think would stop this?
>>>> 
>>>> --
>>>> TTFN,
>>>> patrick
>>>> 
>>>> 
>>>>> On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia <me at anuragbhatia.com>
>>>> wrote:
>>>>> 
>>>>>> Another case of route hijack -
>>>>>> 
>>>> 
>> http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> I am curious if big networks have any pre-defined filters for big
>>>> content
>>>>>> providers like Google to avoid these? I am sure internet community
>>>> would be
>>>>>> working in direction to somehow prevent these issues. Curious to know
>>>>>> developments so far.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Thanks.
>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> 
>>>>>> Anurag Bhatia
>>>>>> anuragbhatia.com
>>>>>> 
>>>>>> Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
>>>>>> Twitter<https://twitter.com/anurag_bhatia>|
>>>>>> Google+ <https://plus.google.com/118280168625121532854>
>>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> 
>> 
>> 
>> 