SOLVED (was Re: request for help: 192.139.135.0/24)
Jay Borkenhagen
jayb at braeburn.org
Wed Apr 3 14:59:18 UTC 2019
Hi nanog,
With help from China Unicom (as4837) and from folks in other key
places around the 'net, I am happy to report that this route
mis-origination has now been successfully resolved. Thanks, all!
I urge folks facing similar problems to publish RPKI ROAs for their IP
resources. I started on this mission after I noticed a discrepancy
regarding the validation state of this prefix in the as7018 network.
Someday when more networks perform RPKI route origin validation more
broadly this kind of issue will be addressed automatically, but even
prior to that happening, the verifiable statements in RPKI ROAs can be
attributed to you as the actual resource holder, thus helping folks
base their response actions on your intent.
If you are not facing similar problems today, you could be tomorrow:
so publish your ROAs now!
Thanks.
Jay B.
Smith, Courtney writes:
> Any luck reaching AS4837?
>
> route-views>show ip bgp 192.139.135.0/24 longer-prefixes
> BGP table version is 103101215, local router ID is 128.223.51.103
> Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
> r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
> x best-external, a additional-path, c RIB-compressed,
> Origin codes: i - IGP, e - EGP, ? - incomplete
> RPKI validation codes: V valid, I invalid, N Not found
>
> Network Next Hop Metric LocPrf Weight Path
> * 192.139.135.0 208.51.134.254 0 0 3549 3356 4837 4808 i
> * 194.85.40.15 0 0 3267 3356 4837 4808 i
> * 193.0.0.56 0 3333 1273 4837 4808 i
> * 37.139.139.0 0 57866 6762 4837 4808 i
> * 12.0.1.63 0 7018 1299 53292 63251 ?
> * 140.192.8.16 0 54728 20130 6939 4837 4808 i
> * 91.218.184.60 0 49788 1299 53292 63251 ?
> * 203.181.248.168 0 7660 2516 4837 4808 i
> * 154.11.12.212 0 0 852 4837 4808 i
> * 134.222.87.1 700 0 286 1299 53292 63251 ?
> * 209.124.176.223 0 101 101 3356 4837 4808 i
> * 137.39.3.55 0 701 3356 4837 4808 i
> * 94.142.247.3 0 0 8283 1299 53292 63251 ?
> * 162.251.163.2 0 53767 3257 1299 53292 63251 ?
> * 212.66.96.126 0 20912 1267 3356 4837 4808 i
> * 198.58.198.255 0 1403 6461 4837 4808 i
> * 198.58.198.254 0 1403 6461 4837 4808 i
> *> 202.232.0.2 0 2497 4837 4808 i
> * 203.62.252.83 0 1221 4637 4837 4808 i
> * 132.198.255.253 0 1351 6939 4837 4808 i
> * 206.24.210.80 0 3561 209 4837 4808 i
> * 195.208.112.161 0 3277 39710 9002 3356 4837 4808 i
> * 217.192.89.50 0 3303 4837 4808 i
> * 173.205.57.234 0 53364 3257 1299 53292 63251 ?
> * 207.172.6.20 0 0 6079 3356 4837 4808 i
> * 207.172.6.1 0 0 6079 3356 4837 4808 i
> * 208.74.64.40 0 19214 174 3356 4837 4808 i
> * 144.228.241.130 240 0 1239 4837 4808 i
> * 162.250.137.254 0 4901 6079 3356 4837 4808 i
> * 114.31.199.1 0 4826 1299 53292 63251 i
> * 64.71.137.241 0 6939 4837 4808 i
> route-views>
>
> On 4/1/19, 1:30 PM, "NANOG on behalf of Jay Borkenhagen" <nanog-bounces at nanog.org on behalf of jayb at braeburn.org> wrote:
>
> [No attempts at 01-April humor will be attempted in this message.]
>
>
> Seeking help from routing engineers around the 'net:
>
>
> ARIN documents that 192.139.135.0/24 has been allocated to Metro
> Wireless International:
>
> https://whois.arin.net/rest/net/NET-192-139-135-0-1
>
> Further, the party to whom 192.139.135.0/24 has been allocated has
> published a ROA in ARIN's hosted RPKI asserting that bgp announcements
> for that prefix are valid only when originating in AS63251. To view
> this, go to your favorite RPKI vantage point that uses ARIN's TAL. If
> you don't yet have a favorite, feel free to telnet to
> route-server.ip.att.net and run:
>
> show validation database record 192.139.135.0/24
>
>
> Unfortunately, as may be seen at route-views, etc, most of the
> Internet now prefers an invalid path that's mis-originated in as4808:
>
>
> Network Next Hop Path
> * 192.139.135.0 208.51.134.254 3549 3356 4837 4808 i
> * 194.85.40.15 3267 3356 4837 4808 i
> * 193.0.0.56 3333 1273 4837 4808 i
> * 37.139.139.0 57866 6762 4837 4808 i
> * 12.0.1.63 7018 1299 53292 63251 ?
> * 140.192.8.16 54728 20130 6939 4837 4808 i
> * 91.218.184.60 49788 1299 53292 63251 ?
> * 203.181.248.168 7660 2516 4837 4808 i
> * 154.11.12.212 852 4837 4808 i
> * 134.222.87.1 286 1299 53292 63251 ?
> * 209.124.176.223 101 101 3356 4837 4808 i
> * 137.39.3.55 701 4837 4808 i
> * 94.142.247.3 8283 1239 4837 4808 i
> * 162.251.163.2 53767 3257 1299 53292 63251 ?
> * 212.66.96.126 20912 1267 3356 4837 4808 i
> * 198.58.198.255 1403 6461 4837 4808 i
> * 198.58.198.254 1403 6461 4837 4808 i
> *> 202.232.0.2 2497 4837 4808 i
> * 203.62.252.83 1221 4637 4837 4808 i
> * 132.198.255.253 1351 6939 4837 4808 i
> * 206.24.210.80 3561 209 4837 4808 i
> * 195.208.112.161 3277 39710 9002 3356 4837 4808 i
> * 217.192.89.50 3303 4837 4808 i
> * 173.205.57.234 53364 3257 1299 53292 63251 ?
> * 207.172.6.20 6079 3356 4837 4808 i
> * 207.172.6.1 6079 3356 4837 4808 i
> * 208.74.64.40 19214 174 4837 4837 4808 i
> * 144.228.241.130 1239 4837 4808 i
> * 162.250.137.254 4901 6079 3356 4837 4808 i
> * 114.31.199.1 4826 1299 53292 63251 i
> * 64.71.137.241 6939 4837 4808 i
>
>
> Please help the Metro Wireless International folks get this cleared up
> so their 192.139.135.0/24 can once again be usable. In particular,
> help is sought from 4837 and their transit providers:
>
> 1239
> 701
> 3356
>
> (Yes, I am trying to reach folks at those networks in other ways, too.)
>
>
> Thanks.
>
> Jay B.
>
>
>
>
More information about the NANOG
mailing list