US based networks suffering from RPKI misconfigurations

nusenu nusenu-lists at riseup.net
Wed Sep 26 21:29:00 UTC 2018


Hi,

the tables bellow show the number of IPv4 and IPv6 blocks per ASN that are unreachable in an RPKI
route origin validating (ROV) environment (this list is filtered for US ASNs based on RIPEstat ASN data).

Affected networks might soon (by the end of the year) loose the ability to talk to
Cloudflare networks since they plan to deploy ROV.

You can use the RPKI validator https://rpki-validator.ripe.net/bgp-preview
or https://bgp.he.net (prefix view) to find the specific affected prefixes
for a given ASN.

Apparently there are many using RIPE IP space, so:
The RIPE RPKI dashboard offers a notification service for these kinds of problems
and every operator should use it to get automatic alerts and avoid reduced reachability.
https://www.ripe.net/manage-ips-and-asns/resource-management/certification/resource-certification-roa-management

If the invalids are expected (i.e. to test ROV)
than you can ignore this email (and maybe drop me an email).

some more context:
https://medium.com/@nusenu/where-are-rpki-unreachable-networks-located-65c7a0bae0f8

kind regards,
nusenu

amount of RPKI INVALID and unreachable /24 blocks per ASN in US:

(data as of 2018-09-26 19:42 UTC)
+----------+----------------------------------------------------------------+------------------------+
| ASN      | AS Name                                                        | unreachable /24 blocks |
+----------+----------------------------------------------------------------+------------------------+
| AS200983 | ABC-HOSTERS-LLC - ABC-HOSTERS LLC                              |                     39 |
| AS6364   | ATLANTIC-NET-1 - Atlantic.net                                  |                     30 |
| AS20473  | AS-CHOOPA - Choopa                                             |                     27 |
| AS36351  | SOFTLAYER - SoftLayer Technologies Inc.                        |                     26 |
| AS63267  | FAYETTEVILLEPUBLICUTILITIES-TN - Fayetteville Public Utilities |                     16 |
| AS21769  | AS-COLOAM - Colocation America Corporation                     |                     13 |
| AS14935  | MONTICELLO - Monticello Networks                               |                     13 |
| AS395378 | CASCADEDIVIDE-DC - Cascade Divide Colo                         |                     11 |
| AS6165   | UPTILT-ASN - Lyris Technology Inc.                             |                     11 |
| AS40676  | AS40676 - Psychz Networks                                      |                     10 |
| AS10753  | LVLT-10753 - Level 3 Parent                                    |                      9 |
| AS32181  | ASN-GIGENET - GigeNET                                          |                      9 |
| AS54825  | PACKET - Packet Host                                           |                      7 |
| AS36352  | AS-COLOCROSSING - ColoCrossing                                 |                      7 |
| AS55079  | STELLANET - Third Gear Networks                                |                      7 |
| AS8100   | ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC               |                      7 |
| AS17216  | DC74-AS - DC74 LLC                                             |                      5 |
| AS53429  | FREEDOMVOICE - FreedomVOICE Systems                            |                      5 |
| AS395970 | IONSWITCH - IonSwitch                                          |                      5 |
| AS53889  | MICFO - Micfo                                                  |                      4 |
| AS29757  | WEBLINE19 - Webline Services Inc                               |                      4 |
| AS3549   | LVLT-3549 - Level 3 Parent                                     |                      4 |
| AS19437  | SS-ASH - SECURED SERVERS LLC                                   |                      4 |
| AS15003  | NOBIS-TECH - Nobis Technology Group                            |                      4 |
| AS46573  | GLOBAL-FRAG-NETWORKS - Global Frag Networks                    |                      4 |
| AS63018  | USDEDICATED - US Dedicated                                     |                      4 |
| AS10991  | CAPGE-HOSTING-MRO - Capgemini U.S. LLC                         |                      3 |
| AS396194 | WISEDFW - WISE ISP                                             |                      3 |
| AS20454  | SSASN2 - SECURED SERVERS LLC                                   |                      2 |
| AS62541  | VSH-ASN - Vishay Intertechnology                               |                      2 |
| AS46186  | GILD-SCI - Gilead Sciences                                     |                      2 |
| AS26938  | COMPUSOURCE - CompuSOURCE Communications Corp.                 |                      2 |
| AS33060  | SFPCU-AS-SF-POLICE-CREDIT-UNION - SFPCU                        |                      2 |
| AS11492  | CABLEONE - CABLE ONE                                           |                      1 |
| AS13428  | SURFAIRWIRELESS-IN-02 - Surf Air Wireless                      |                      1 |
| AS393398 | ASN-DIS - Dallas Infrastructure Services                       |                      1 |
| AS6453   | AS6453 - TATA COMMUNICATIONS (AMERICA) INC                     |                      1 |
| AS5      | SYMBOLICS - Symbolics                                          |                      1 |
| AS30542  | MOVI-R-TECH-SOLUTIONS - MOVI-R                                 |                      1 |
| AS32780  | HOSTINGSERVICES-INC - Hosting Services                         |                      1 |
| AS30167  | XCNETWORKS-30167 - XC Networks                                 |                      1 |
| AS46636  | NATCOWEB - NatCoWeb Corp.                                      |                      1 |
| AS55097  | MICROOFFICE - Micro Office Solutions                           |                      1 |
| AS26827  | EPBTELECOM - EPB Fiber Optics                                  |                      1 |
| AS17090  | DATABASEBYDESIGNLLC - Database by Design                       |                      1 |
| AS395734 | YLINX - YLINX                                                  |                      1 |
| AS40244  | TURNKEY-INTERNET - Turnkey Internet Inc.                       |                      1 |
| AS17139  | NETRANGE - Corporate Colocation Inc.                           |                      1 |
| AS1280   | ISC-AS-1280 - Internet Systems Consortium                      |                      1 |
| AS31863  | DACEN-2 - Centrilogic                                          |                      1 |
| AS29854  | WESTHOST - WestHost                                            |                      1 |
| AS54500  | 18779 - EGIHosting                                             |                      1 |
| AS393451 | ONLIGHTAURORA - On Light Aurora                                |                      1 |
| AS14237  | BEAMSPEED1 - Beamspeed LLC                                     |                      1 |
| AS29713  | ELIA-60 - Reliable Hosting Services                            |                      1 |
+----------+----------------------------------------------------------------+------------------------+

for IPv6:
+----------+--------------------------------------------------------------------+------------------------+
| ASN      | AS Name                                                            | unreachable /24 blocks |
+----------+--------------------------------------------------------------------+------------------------+
| AS200775 | DATAPROM-LLC - Joao Carlos de Almeida Silveira trading as Bitcanal |                 524288 |  "Bitcanal" ;)
| AS36351  | SOFTLAYER - SoftLayer Technologies Inc.                            |                   4096 |
| AS394497 | TF-178-ASH - Ting Fiber Inc.                                       |                      4 |
| AS55079  | STELLANET - Third Gear Networks                                    |                      3 |
| AS46407  | AS-CHOOPA3 - Choopa                                                |                      2 |
| AS55097  | MICROOFFICE - Micro Office Solutions                               |                      1 |
| AS394644 | TF-178-ASH1 - Ting Fiber Inc.                                      |                      1 |
| AS60188  | HOSTKER-LLC - Hostker LLC                                          |                      1 |
| AS3549   | LVLT-3549 - Level 3 Parent                                         |                      1 |
| AS394308 | TING-FIBER - Ting Fiber Inc.                                       |                      1 |
| AS46573  | GLOBAL-FRAG-NETWORKS - Global Frag Networks                        |                      1 |
+----------+--------------------------------------------------------------------+------------------------+


-- 
https://twitter.com/nusenu_




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180926/1d3927ab/attachment.sig>


More information about the NANOG mailing list