Re: BGP route hijack by AS10990

On 30/07/2020 05:46, Clinton Work wrote: See: https://bgpstream.com/event/245264 https://bgpstream.com/event/245265 -Hank Caveat: The views expressed above are solely my own and do not express the views or opinions of my

Re: BGP route hijack by AS10990

On Thu, Jul 30, 2020 at 11:21:04AM +0300, Hank Nussbacher wrote a message of 48 lines which said: >See: And: https://stat.ripe.net/widget/bgp-update-activity#w.starttime=2020-07-16T05%3A00%3A00&w.endtime=2020-07-30T05%3A00%3A00&w.resource=AS10990

BGP unnumbered examples from data center network using RFC 5549 et al. [was: Re: RFC 5549 - IPv4 Routes with IPv6 next-hop - Does it really exists?]

Mark Tinka writes: > On 29/Jul/20 15:51, Simon Leinen wrote: >> >> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down >> State/PfxRcd >> sw-o(swp16)465108 953559 938348000 03w5d00h >> 688 >> sw-m(swp18)465108 885442 938

Looking for 1G / 10G IP Transit LA

Dear NANOG I am looking to add another IP Transit provider to our current mix in LA for AS38880, with services delivered at One Wilshire (Core Site) If you can provide IP transit services (Either a Tier 1 provider or a blended Tier 2 service) then please contact me off list. BGP community supp

Re: Massive Spectrum Outage

There was a train derailment in Tempe, AZ yesterday AM that partially collapsed a bridge that had a bunch of glass running over it. Possibly related. On Wed, Jul 29, 2020 at 10:37 PM Kenneth McRae via NANOG wrote: > Anyone outside of S. California affected? > > >

Re: BGP unnumbered examples from data center network using RFC 5549 et al. [was: Re: RFC 5549 - IPv4 Routes with IPv6 next-hop - Does it really exists?]

On 30/Jul/20 12:00, Simon Leinen wrote: > As Nick mentions, the hostnames are from the BGP hostname extension. > > I should have noticed that, but we use "BGP unnumbered"[1][2], which > uses RAs to discover the peer's IPv6 link-local address, and then builds > an IPv6 BGP session (that uses RFC

Re: BGP route hijack by AS10990

Looks like the real question here is why doesn’t 7219 do a better job of filtering what they accept. Has anyone reached out to them? Owen > On Jul 29, 2020, at 23:31 , Aftab Siddiqui wrote: > > Looks like the list is too long.. none of them have any valid ROAs as well. > > = 104.230.0.0/18

Re: BGP route hijack by AS10990

On Thu, Jul 30, 2020 at 9:37 AM Owen DeLong wrote: > > Looks like the real question here is why doesn’t 7219 do a better job of > filtering what they accept. > > Has anyone reached out to them? You mean 1299? 7219 and 10990 are the same entity.

Re: BGP route hijack by AS10990

Peace, On Thu, Jul 30, 2020, 5:48 AM Clinton Work wrote: > We saw a bunch of our IP blocks hijacked by AS10990 from 19:15 MDT until > 20:23 MDT. Anybody else have problems with that. > Here's what we discovered about the incident. Hope that brings some clarity. https://radar.qrator.net/blog

Re: BGP route hijack by AS10990

so, bgp optimizers... again? -- Patrick Am 30.07.2020 um 18:58 schrieb Töma Gavrichenkov: > Peace, > > On Thu, Jul 30, 2020, 5:48 AM Clinton Work > wrote: > > We saw a bunch of our IP blocks hijacked by AS10990 from 19:15 MDT until > 20:23 MDT.   Anybody else ha

Re: BGP route hijack by AS10990

On Thu, 30 Jul 2020, at 13:09, Patrick Schultz wrote: > so, bgp optimizers... again? > > -- > Patrick More like shame on Telia for not filtering properly. If Tulix used a so called BGP "optimizer" and didn't have a proper export filter in place it is their mistake but as a major transit provid

Re: BGP route hijack by AS10990

Peace, On Thu, Jul 30, 2020, 8:09 PM Patrick Schultz wrote: > so, bgp optimizers... again? > Looks so. Upstream filters are also to blame, though, but BGP optimization is the root of all evil. -- Töma >

Re: BGP route hijack by AS10990

It's not like there are scorecards, but there's a lot of fault to go around. However, again, BGP "Optimizers" are bad. The conditions by which the inadvertent leak occur need to be fixed , no question. But in scenarios like this, as-path length generally limits impact to "Oh crap, I'll fix that, s

Re: BGP route hijack by AS10990

> On Jul 30, 2020, at 09:45 , Yang Yu wrote: > > On Thu, Jul 30, 2020 at 9:37 AM Owen DeLong wrote: >> >> Looks like the real question here is why doesn’t 7219 do a better job of >> filtering what they accept. >> >> Has anyone reached out to them? > > You mean 1299? 7219 and 10990 are the

Re: BGP route hijack by AS10990

On Thu, Jul 30, 2020 at 07:09:07PM +0200, Patrick Schultz wrote: > so, bgp optimizers... again? We should stop calling them 'optimizers'... perhaps "BGP Polluters"? Kind regards, Job

Re: BGP route hijack by AS10990

I'd like to direct you to Job's writeup on this :) https://mailman.nanog.org/pipermail/nanog/2017-August/191897.html While these "optimizers" CAN be beneficial to the individual operator, they're apparently used incorrectly in some instances. Telia should've filtered, that's for sure. But the lea

Re: BGP route hijack by AS10990

Telia implements RPKI filtering so the question is did it work? Were any affected prefixes RPKI signed? Would any prefixes have avoided being hijacked if RPKI signing had been in place? Regards Baldur - who had to turn off RPKI filtering at the request of JTAC to stop our mx204s from crashing :-(

Re: BGP route hijack by AS10990

Not a single prefix was signed, what I saw. May be good reason for Rogers, Charter, TWC etc to do that now. It would have stopped the propagation at Telia. On Fri, 31 Jul 2020 at 8:40 am, Baldur Norddahl wrote: > Telia implements RPKI filtering so the question is did it work? Were any > affected