2000::/3 Being Announced and Accepted

• Previous message (by thread): 2000::/3 Being Announced and Accepted
• Next message (by thread): Apple http/https
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Agreed. This is a problem, and it has happened before.  This is not
the first time.

I asked Job Snijders (a maintainer of IRRExplorer) about it, and
here's what he had to say.

I don't think he should set an arbitrary threshold for excluding large
prefixes from IRRExplorer.  I think the prefix probably shouldn't be
being advertised.  But is there a technical distinction between this
/3 and other advertisements aside from the size that could flag it for
ignoring?

---------- Forwarded message ---------
From: Job Snijders <job at instituut.net>
Date: Fri, Oct 4, 2019 at 9:43 PM
Subject: Re: IRR Eplorer weirdness 2000::/3 route?
To: Billy Crook <BCrook at unrealservers.net>


On Fri, Oct 04, 2019 at 12:25:27PM -0500, Billy Crook wrote:
> I'm seeing that all of 2000::/3 is being advertised by 24785.
>
> That can't be right, right?  Maybe they're you're default upstream?  I
> didn't see this route in sprint's v6 looking glass, so I'm assuming
> it's a local anomaly to your system.

Yeah, from time to time people (usually by accident) leak very large
blocks to route collectors. Often these blocks exist internal in
networks as a replacement for default routes and are not meant to leak
to the wider world, but you know how things go.

Here you can see the source of that data:
http://lg.ring.nlnog.net/prefix_detail/lg01/ipv6?q=2000::/3

I could make irrexplorer ignore such large announcements, but where to
draw the line?

On Wed, Nov 13, 2019 at 1:00 PM Douglas Fischer
<fischerdouglas at gmail.com> wrote:
>
> I have been recommending to many friends to check in daily at http://irrexplorer.nlnog.net/ to make sure everything is healthy with their prefixes ...
>
> Today a colleague reported a problem with an AS58299 ad appearing in "their prefixes".
> I went look and was showing up on our ASNs too.
>
> It took me a while (dããã) to understand what was going on ...
> Why was irrexplorer showing that prefix in our query?
>
>
> Could anyone reach somebody from OpenFactory/NetShelter/level66network about this?
>
>
>
> http://lg.ring.nlnog.net/prefix_bgpmap/lg01/ipv6?q=2000::/3
>
> 2000::/3
> [LEVEL66NETWORK1 11:35:27 from 2a09:11c0::1] * (100/-) [AS58299i]
> Type: BGP unicast univ
> BGP.origin: IGP
> BGP.as_path: 209844 49697 58299
> BGP.next_hop: 2a09:11c0::1
> BGP.local_pref: 100
> BGP.community: (49697,1000) (49697,1007) (49697,2302)
> BGP.ext_community: (RPKI Origin Validation State: not-found)
> BGP.large_community: (209844, 100, 13)
>
>
> --
> Douglas Fernando Fischer
> Engº de Controle e Automação

• Previous message (by thread): 2000::/3 Being Announced and Accepted
• Next message (by thread): Apple http/https
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]