Indonesian ISP Moratel announces Google's prefixes

Wed Nov 7 07:30:27 UTC 2012

Dear Mr. Know-Peering,

I came here to learn and I believe I have the right to say what I was
thinking, no matter how ignorant my comment was. I don't have the right to
blame anybody, in fact I don't give a damn whose fault it is, it is not my
business.

I apologize if I offended you when you claimed that it was a hijacking.

On Tue, Nov 6, 2012 at 9:45 PM, Patrick W. Gilmore <patrick at ianai.net>wrote:

> On Nov 07, 2012, at 00:35 , Jian Gu <guxiaojian at gmail.com> wrote:
>
> > Hmm, look at this screen shot from the blog, 8.8.8.0/24 was orignated
> from
> > Google.
>
> Everyone who posted in this thread was well aware of that.  (Well, except
> me in my first post. :)  Google was still the victim, and it was still not
> their fault.
>
> You are showing wide and clear ignorance on the basics of peering.  Which
> is fine, the vast majority of the planet hasn't a clue what peering is.
>  However, the rest of the people who do not know what they are talking
> about have managed to avoid commenting on the subject to 10K+ of their
> not-so-closest friends.
>
> To be clear, if you had started with something like: "Why is Google
> originating the route?  Doesn't that make it valid?", you would have gotten
> a lot of help & support.  But instead you started by claiming it was
> Google's fault and they could stop this by setting "the correct BGP
> attributes".  I note you still haven't told us what those attributes would
> be despite repeated questions.
>
> Perhaps it's time to admit you don't know what attributes, and you need a
> little more education on peering in general?
>
> When you find yourself in a hole, stop digging.
>
> --
> TTFN,
> patrick
>
>
> > tom at edge01.sfo01> show route 8.8.8.8
> >
> > inet.0: 422196 destinations, 422196 routes (422182 active, 0 holddown,
> > 14 hidden)
> > + = Active Route, - = Last Active, * = Both
> > 8.8.8.0/24         *[BGP/170] 00:27:02, MED 18, localpref 100
> >                      AS path: 4436 3491 23947 15169 I
> >> to 69.22.153.1 via ge-1/0/9.0
> >
> >
> >
> > On Tue, Nov 6, 2012 at 9:33 PM, Hank Nussbacher <hank at efes.iucc.ac.il
> >wrote:
> >
> >> At 21:21 06/11/2012 -0800, Jian Gu wrote:
> >>
> >> If Google announces 8.8.8.0/24 to you and you in turn start announcing
> to
> >> the Internet 8.8.8.0/24 as originating from you, then a certain section
> >> of the Internet will believe your announcement over Google's.    This
> has
> >> happened many times before due to improper filters, but this is the
> first
> >> time I have seen the victim being blamed.  Interesting concept.
> >>
> >> -Hank
> >>
> >> I don't know what Google and Moratel's peering agreement, but "leak"?
> >>> educate me, Google is announcing /24 for all of their 4 NS prefix and
> >>> 8.8.8.0/24 for their public DNS server, how did Moratel leak those
> routes
> >>> to Internet?
> >>>
> >>> On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore <patrick at ianai.net
> >>>> wrote:
> >>>
> >>>
> >>>> On Nov 07, 2012, at 00:07 , Jian Gu <guxiaojian at gmail.com> wrote:
> >>>>
> >>>>> Where did you get the idea that a Moratel customer announced a
> >>>> google-owned
> >>>>> prefix to Moratel and Moratel did not have the proper filters in
> >>> place?
> >>>>> according to the blog, all google's 4 authoritative DNS server
> >>> networks
> >>>> and
> >>>>> 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for
> >>> a
> >>>>> Moratel customers announce all those prefixes?
> >>>>
> >>>> Ah, right, they just leaked Google's prefix.  I thought a customer
> >>>> originated the prefix.
> >>>>
> >>>> Original question still stands.  Which attribute do you expect Google
> to
> >>>> set to stop this?
> >>>>
> >>>> Hint: Don't say No-Advertise, unless you want peers to only talk to
> the
> >>>> adjacent AS, not their customers or their customers' customers, etc.
> >>>>
> >>>> Looking forward to your answer.
> >>>>
> >>>> --
> >>>> TTFN,
> >>>> patrick
> >>>>
> >>>>
> >>>>> On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore <
> patrick at ianai.net
> >>>>> wrote:
> >>>>>
> >>>>>> On Nov 06, 2012, at 23:48 , Jian Gu <guxiaojian at gmail.com> wrote:
> >>>>>>
> >>>>>>> What do you mean hijack? Google is peering with Moratel, if Google
> >>> does
> >>>>>> not
> >>>>>>> want Moratel to advertise its routes to Moratel's peers/upstreams,
> >>> then
> >>>>>>> Google should've set the correct BGP attributes in the first place.
> >>>>>>
> >>>>>> That doesn't make the slightest bit of sense.
> >>>>>>
> >>>>>> If a Moratel customer announced a Google-owned prefix to Moratel,
> and
> >>>>>> Moratel did not have the proper filters in place, there is nothing
> >>>> Google
> >>>>>> could do to stop the hijack from happening.
> >>>>>>
> >>>>>> Exactly what attribute do you think would stop this?
> >>>>>>
> >>>>>> --
> >>>>>> TTFN,
> >>>>>> patrick
> >>>>>>
> >>>>>>
> >>>>>>> On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia <me at anuragbhatia.com
> >
> >>>>>> wrote:
> >>>>>>>
> >>>>>>>> Another case of route hijack -
> >>>>>>>>
> >>>>>>
> >>>> http://blog.cloudflare.com/**why-google-went-offline-today-**
> >>> and-a-bit-about<
> http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> I am curious if big networks have any pre-defined filters for big
> >>>>>> content
> >>>>>>>> providers like Google to avoid these? I am sure internet community
> >>>>>> would be
> >>>>>>>> working in direction to somehow prevent these issues. Curious to
> >>> know
> >>>>>>>> developments so far.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Thanks.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>>
> >>>>>>>> Anurag Bhatia
> >>>>>>>> anuragbhatia.com
> >>>>>>>>
> >>>>>>>> Linkedin <http://in.linkedin.com/in/**anuragbhatia21<
> http://in.linkedin.com/in/anuragbhatia21>>
> >>> |
> >>>>>>>> Twitter<https://twitter.com/**anurag_bhatia<
> https://twitter.com/anurag_bhatia>
> >>>> |
> >>>>>>>> Google+ <https://plus.google.com/**118280168625121532854<
> https://plus.google.com/118280168625121532854>
> >>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>
> >>
>
>
>