Issues with prefix / help needed

Kevin McCormick kmccormick at mdtc.net
Mon Mar 27 14:02:37 UTC 2023 

IRR Explorer is showing RPKI-Invalid. Maybe RPKI is causing the issue or there is an issue with IRR Explorer?

https://irrexplorer.nlnog.net/prefix/86.104.228.0/24

I do see RIPE and Cloudflare are showing RPKI as valid.

https://rpki-validator.ripe.net/ui/86.104.228.0%2F24/45021?include=related_alloc

https://rpki.cloudflare.com/?view=validator&validateRoute=45021_86.104.228.0%2F24

Curious why IRR Explorer is showing invalid.

Thank you,

Kevin McCormick


-----Original Message-----
From: NANOG <nanog-bounces+kmccormick=mdtc.net at nanog.org> On Behalf Of ic
Sent: Saturday, March 25, 2023 3:55 AM
To: nanog at nanog.org
Subject: Issues with prefix / help needed

CAUTION: This email originated from outside your organization. Exercise caution when opening attachments or clicking links, especially from unknown senders.

Hi there,

I’m contacting you because after spending 2 days troubleshooting I can’t seem to find a solution to the following.

We (AS45021) bought/transffered the 86.104.228.0/24 prefix a few months back because we couldn’t wait longer on the RIPE waiting list.

Before you ask, yes, AS45021 is currently single homed, this will change in a week (it requires travelling a few hundred miles and I couldn’t do it before).

Since we started announcing this prefix, things have been spotty, at best. While it seems visible in all the looking glasses I tried, it spends sometimes hours, sometimes days, being unreachable (you can try for ex. 86.104.228.1 or 86.104.228.26).

I have full access (up to packet capture) on the AS and its upstream. When I ping one of the IPs from various ISPs, I see the ICMP Echo Request and Reply on the wire, going where it’s supposed to go, but it doesn’t reach the pinging host. Pinging any IP of the upstream (AS42275 / 85.208.69.0/24 in this location) works.

ROAs and RPKI seem fine to me.

I’m starting to suspect that maybe the previous user of the prefix is still announcing it somewhere and “shouting louder” than me. It seems when I clear sessions, it immediately works for a while, then stops.

Do you all have any idea what I should check / try next?

BR, Michel

More information about the NANOG mailing list