someone is using my AS number

Job Snijders job at instituut.net
Sat Jun 15 16:21:32 UTC 2019


On Sat, Jun 15, 2019 at 4:45 PM Owen DeLong <owen at delong.com> wrote:
> > On Jun 15, 2019, at 5:43 AM, Job Snijders <job at instituut.net> wrote:
> >> On Sat, Jun 15, 2019 at 2:38 PM Owen DeLong <owen at delong.com> wrote:
> >
owen> >> What I heard you say is: “I’m not going to offer a solution
to your problem, but you shouldn’t use the one you have that currently
works because some things my friends and I are doing react poorly to
it and you may suffer some consequences as a result.”
> >
job> > I have no idea how you would arrive at such a contrived convoluted
job> > interpretation. I'm sorry I can't help further your understanding of
job> > how modern day Internet routing works.

owen> I was pointing out that while you told the guy not to use a tool
that’s been working for him, you didn’t actually answer his question,
nor did you offer any useful alternative.

Your summary of this thread is somewhat incomplete. I'll try myself:

OP started with - "help, my ASN was used without my permission, what
do I do?" - to which NANOG answered "let us know your ASN and we'll
use our rolodex". Awesome, the community tried to help Philip Lavine.

Then in a follow-up (general context) question from Joe Abley: "what
actually can go wrong when the AS_PATH is modified for traffic
engineering purposes?", to which three factually correct answers were
provided:

1/ it may not help you achieve your traffic engineering goal (you
can't know if as-path loop avoidance is enabled or not)
2/ it makes security incident attribution processes harder because
poisoned AS_PATH contain fabricated information
3/ it can lead to hard outages because of interaction with EBGP
routing security filters (such as peer-lock)

Again a productive mail exchange, Joe Abley asked a good question and
the resulting public discussion hopefully helped others learn
something.

Next up: Warren offered in a separate subthread "sometimes it seems
AS_PATH poisoning is the only solution for traffic-engineering, what
else can we do". To which I add: "we should keep in mind that this
'only solution' may result in hard outages", (I assume hard outages
are considered worse than the state of things without traffic
engineering). If BGP communities and telephone requests are not
available, and AS_PATH poisoning seems to be the "only solution",
well, then that is the only "solution" (but poisoning caveats still
apply). There probably is no answer to Warren's question, at least I
couldn't provide one because communities & phone were taken away.

So, you turned something I intended as a simple addition to Warren's
message (a point that hadden't yet been mentioned), into a vague
statement about "Job and his friends". EBGP AS_PATH filters
("peerlock-style") have existed in many forms, since long before I
even had a job in this sector. It is absolutely unclear to me what you
are trying to achieve.

Kind regards,

Job



More information about the NANOG mailing list