[157766] in North American Network Operators' Group
Re: Indonesian ISP Moratel announces Google's prefixes
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Wed Nov 7 00:27:15 2012
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <CAAxc0wXXZqOWiFeaeEqG3cfkzo2aotoxJdqe8KaYi9-AHEuw7g@mail.gmail.com>
Date: Wed, 7 Nov 2012 00:26:59 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Nov 07, 2012, at 00:21 , Jian Gu <guxiaojian@gmail.com> wrote:
> I don't know what Google and Moratel's peering agreement, but "leak"?
> educate me, Google is announcing /24 for all of their 4 NS prefix and
> 8.8.8.0/24 for their public DNS server, how did Moratel leak those =
routes
> to Internet?
Downthread, someone said what is typical with peering prefixes, i.e. =
announce to customers, not to peers or upstreams. How do you think =
peering works?
However, I place most of the blame on PCCW for crappy filtering of their =
customers. And I'm a little surprised to see nLayer in the path. Shame =
on them! (Does that have any effect any more? :)
Oh, and we are still waiting for an answer: Which attribute do you think =
Google could have used to stop this?
--=20
TTFN,
patrick
> On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore =
<patrick@ianai.net>wrote:
>=20
>> On Nov 07, 2012, at 00:07 , Jian Gu <guxiaojian@gmail.com> wrote:
>>=20
>>> Where did you get the idea that a Moratel customer announced a
>> google-owned
>>> prefix to Moratel and Moratel did not have the proper filters in =
place?
>>> according to the blog, all google's 4 authoritative DNS server =
networks
>> and
>>> 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for =
a
>>> Moratel customers announce all those prefixes?
>>=20
>> Ah, right, they just leaked Google's prefix. I thought a customer
>> originated the prefix.
>>=20
>> Original question still stands. Which attribute do you expect Google =
to
>> set to stop this?
>>=20
>> Hint: Don't say No-Advertise, unless you want peers to only talk to =
the
>> adjacent AS, not their customers or their customers' customers, etc.
>>=20
>> Looking forward to your answer.
>>=20
>> --
>> TTFN,
>> patrick
>>=20
>>=20
>>> On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore =
<patrick@ianai.net
>>> wrote:
>>>=20
>>>> On Nov 06, 2012, at 23:48 , Jian Gu <guxiaojian@gmail.com> wrote:
>>>>=20
>>>>> What do you mean hijack? Google is peering with Moratel, if Google =
does
>>>> not
>>>>> want Moratel to advertise its routes to Moratel's peers/upstreams, =
then
>>>>> Google should've set the correct BGP attributes in the first =
place.
>>>>=20
>>>> That doesn't make the slightest bit of sense.
>>>>=20
>>>> If a Moratel customer announced a Google-owned prefix to Moratel, =
and
>>>> Moratel did not have the proper filters in place, there is nothing
>> Google
>>>> could do to stop the hijack from happening.
>>>>=20
>>>> Exactly what attribute do you think would stop this?
>>>>=20
>>>> --
>>>> TTFN,
>>>> patrick
>>>>=20
>>>>=20
>>>>> On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia =
<me@anuragbhatia.com>
>>>> wrote:
>>>>>=20
>>>>>> Another case of route hijack -
>>>>>>=20
>>>>=20
>> =
http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> I am curious if big networks have any pre-defined filters for big
>>>> content
>>>>>> providers like Google to avoid these? I am sure internet =
community
>>>> would be
>>>>>> working in direction to somehow prevent these issues. Curious to =
know
>>>>>> developments so far.
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Thanks.
>>>>>>=20
>>>>>>=20
>>>>>> --
>>>>>>=20
>>>>>> Anurag Bhatia
>>>>>> anuragbhatia.com
>>>>>>=20
>>>>>> Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
>>>>>> Twitter<https://twitter.com/anurag_bhatia>|
>>>>>> Google+ <https://plus.google.com/118280168625121532854>
>>>>>>=20
>>>>>=20
>>>>=20
>>>>=20
>>>>=20
>>=20
>>=20
>>=20
