[140121] in North American Network Operators' Group
Re: Suspecious anycast prefixes
daemon@ATHENA.MIT.EDU (Joe Abley)
Mon May 2 15:35:49 2011
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <BANLkTim9xzaThOSk5t=tigzi8EKZr_0GqQ@mail.gmail.com>
Date: Mon, 2 May 2011 22:35:20 +0300
To: Yaoqing(Joey) Liu <joey.liuyq@gmail.com>
X-SA-Exim-Mail-From: jabley@hopcount.ca
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2011-05-02, at 21:16, Yaoqing(Joey) Liu wrote:
> I found the following prefixes are often originated by many ASNs more =
than
> five, wonder if they provide global anycast service, if so what =
specific
> service they provide?
>=20
> 12.64.255.0/24
CERNET.
> 70.37.135.0/24
Microsoft/Hotmail.
> 198.32.176.0/24
Yahoo!
> 199.7.49.0/24
VeriSign.
> 199.7.80.0/24
VeriSign.
> 199.16.93.0/24
VeriSign.
> 199.16.94.0/24
VeriSign.
> 199.16.95.0/24
VeriSign.
> 206.223.115.0/24
Yahoo!
These to me are all organisations that might reasonably be distributing =
services using anycast. It's difficult to tell whether all the origin =
ASes you see for those prefixes are legitimate, of course.
It's perhaps worth noting that there is work in the IETF to recommend =
that every prefix originated as part of an anycast cloud uses a unique =
origin AS (see =
<http://tools.ietf.org/html/draft-ietf-grow-unique-origin-as-00>). I'm =
not personally convinced of the arguments in the draft, but mentioning =
it in this thread seems reasonable.
Joe=
