BGP Hijack/Sickness with AS4637
Tom Paseka
tom at cloudflare.com
Fri May 25 22:00:55 UTC 2018
This looks like a route that has been cached by some ISPs/routers even
though a withdrawal has actually happened.
If you actually forward packets a long the path, you'll see its not
following the AS Path suggested, instead the real route that it should be.
Bouncing your session with 4637 would likely clear this.
-Tom
On Fri, May 25, 2018 at 11:59 AM, Nikolas Geyer <nik at neko.id.au> wrote:
> Greetings!
>
> Actually, what you have provided below shows the exact opposite. It shows
> ColoAU have received the route from 4637 who have received it from 3257 who
> have received it from 29909 who have received it from 16532 who originated
> it. It infers nothing about who 16532 found the route to come from.
>
> It is evident that GTT are advertising that route to Telstra Global :)
>
> Regards,
> Nik.
>
> >
> > And I'm pretty sure AS3257 (GTT ) is in the same boat as us, as
> they're not the one advertising those routes to AS4637
> >
> > AS16532 found it to come from AS4637 as you can see from this ColoAU
> LG output below
> >
> >
> > ----- https://lg.coloau.com.au/
> >
> > vrf-international.inet.0: 696533 destinations, 2248101 routes (696249
> active, 0 holddown, 103835 hidden)
> > + = Active Route, - = Last Active, * = Both
> >
> > 18.29.238.0/23 *[BGP/170] 1d 19:57:28, localpref 90, from
> 103.97.52.2
> > AS path: 4637 3257 29909 16532 16532 16532 16532
> I, validation-state: unverified
> >
> > --
> > -----
> > Alain Hebert ahebert at pubnix.net
> > PubNIX Inc.
> > 50 boul. St-Charles
> > P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
> > Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
> >
>
More information about the NANOG
mailing list