Rogue BGP Routes

Mark Tinka mark.tinka at seacom.mu
Fri May 15 19:27:58 UTC 2020


On 15/May/20 21:14, Gary Godard wrote:
> We had an eBGP session with them at that time but it was very
> problematic. It is strange that the IP blocks that had the issue were
> the same blocks that we advertised with them and the ones that we were
> using with Level 3 at the time were unaffected.

My suspicion is that those 2 prefixes you highlight were being
originated from behind their AS, for some reason or other. It is quite
possible that between leaving that contract and people moving on, that
origination stayed in place. It's not the first time I or Philip (Smith)
have seen many cases of these, that pop up years later, only to find
that someone forgot about a static route or an on-behalf origination
from years back after all manner of staff shuffled through both companies.

Of course, very possible this is - as Randy would say - conjecturbation,
on my part; but it's what stands out to me most, at the moment.


>
> Once this message posted to the group, I got responses from Charter
> almost immediately from the group. So if I had been a member of the
> group yesterday morning when the problem was discovered I could have
> had a much faster resolution.

More pressure is better than less :-).

Mark.



More information about the NANOG mailing list