[157770] in North American Network Operators' Group
Re: Indonesian ISP Moratel announces Google's prefixes
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Wed Nov 7 00:45:30 2012
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <CAAxc0wXxy7C_kkcew3Pi=yWEYLD3am=ASFhhSfgsv9HTGv6oZw@mail.gmail.com>
Date: Wed, 7 Nov 2012 00:45:19 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Nov 07, 2012, at 00:35 , Jian Gu <guxiaojian@gmail.com> wrote:
> Hmm, look at this screen shot from the blog, 8.8.8.0/24 was orignated =
from
> Google.
Everyone who posted in this thread was well aware of that. (Well, =
except me in my first post. :) Google was still the victim, and it was =
still not their fault.
You are showing wide and clear ignorance on the basics of peering. =
Which is fine, the vast majority of the planet hasn't a clue what =
peering is. However, the rest of the people who do not know what they =
are talking about have managed to avoid commenting on the subject to =
10K+ of their not-so-closest friends.
To be clear, if you had started with something like: "Why is Google =
originating the route? Doesn't that make it valid?", you would have =
gotten a lot of help & support. But instead you started by claiming it =
was Google's fault and they could stop this by setting "the correct BGP =
attributes". I note you still haven't told us what those attributes =
would be despite repeated questions.
Perhaps it's time to admit you don't know what attributes, and you need =
a little more education on peering in general?
When you find yourself in a hole, stop digging.
--=20
TTFN,
patrick
> tom@edge01.sfo01> show route 8.8.8.8
>=20
> inet.0: 422196 destinations, 422196 routes (422182 active, 0 holddown,
> 14 hidden)
> + =3D Active Route, - =3D Last Active, * =3D Both
> 8.8.8.0/24 *[BGP/170] 00:27:02, MED 18, localpref 100
> AS path: 4436 3491 23947 15169 I
>> to 69.22.153.1 via ge-1/0/9.0
>=20
>=20
>=20
> On Tue, Nov 6, 2012 at 9:33 PM, Hank Nussbacher =
<hank@efes.iucc.ac.il>wrote:
>=20
>> At 21:21 06/11/2012 -0800, Jian Gu wrote:
>>=20
>> If Google announces 8.8.8.0/24 to you and you in turn start =
announcing to
>> the Internet 8.8.8.0/24 as originating from you, then a certain =
section
>> of the Internet will believe your announcement over Google's. This =
has
>> happened many times before due to improper filters, but this is the =
first
>> time I have seen the victim being blamed. Interesting concept.
>>=20
>> -Hank
>>=20
>> I don't know what Google and Moratel's peering agreement, but "leak"?
>>> educate me, Google is announcing /24 for all of their 4 NS prefix =
and
>>> 8.8.8.0/24 for their public DNS server, how did Moratel leak those =
routes
>>> to Internet?
>>>=20
>>> On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore =
<patrick@ianai.net
>>>> wrote:
>>>=20
>>>=20
>>>> On Nov 07, 2012, at 00:07 , Jian Gu <guxiaojian@gmail.com> wrote:
>>>>=20
>>>>> Where did you get the idea that a Moratel customer announced a
>>>> google-owned
>>>>> prefix to Moratel and Moratel did not have the proper filters in
>>> place?
>>>>> according to the blog, all google's 4 authoritative DNS server
>>> networks
>>>> and
>>>>> 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity =
for
>>> a
>>>>> Moratel customers announce all those prefixes?
>>>>=20
>>>> Ah, right, they just leaked Google's prefix. I thought a customer
>>>> originated the prefix.
>>>>=20
>>>> Original question still stands. Which attribute do you expect =
Google to
>>>> set to stop this?
>>>>=20
>>>> Hint: Don't say No-Advertise, unless you want peers to only talk to =
the
>>>> adjacent AS, not their customers or their customers' customers, =
etc.
>>>>=20
>>>> Looking forward to your answer.
>>>>=20
>>>> --
>>>> TTFN,
>>>> patrick
>>>>=20
>>>>=20
>>>>> On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore =
<patrick@ianai.net
>>>>> wrote:
>>>>>=20
>>>>>> On Nov 06, 2012, at 23:48 , Jian Gu <guxiaojian@gmail.com> wrote:
>>>>>>=20
>>>>>>> What do you mean hijack? Google is peering with Moratel, if =
Google
>>> does
>>>>>> not
>>>>>>> want Moratel to advertise its routes to Moratel's =
peers/upstreams,
>>> then
>>>>>>> Google should've set the correct BGP attributes in the first =
place.
>>>>>>=20
>>>>>> That doesn't make the slightest bit of sense.
>>>>>>=20
>>>>>> If a Moratel customer announced a Google-owned prefix to Moratel, =
and
>>>>>> Moratel did not have the proper filters in place, there is =
nothing
>>>> Google
>>>>>> could do to stop the hijack from happening.
>>>>>>=20
>>>>>> Exactly what attribute do you think would stop this?
>>>>>>=20
>>>>>> --
>>>>>> TTFN,
>>>>>> patrick
>>>>>>=20
>>>>>>=20
>>>>>>> On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia =
<me@anuragbhatia.com>
>>>>>> wrote:
>>>>>>>=20
>>>>>>>> Another case of route hijack -
>>>>>>>>=20
>>>>>>=20
>>>> http://blog.cloudflare.com/**why-google-went-offline-today-**
>>> =
and-a-bit-about<http://blog.cloudflare.com/why-google-went-offline-today-a=
nd-a-bit-about>
>>>>>>>>=20
>>>>>>>>=20
>>>>>>>>=20
>>>>>>>> I am curious if big networks have any pre-defined filters for =
big
>>>>>> content
>>>>>>>> providers like Google to avoid these? I am sure internet =
community
>>>>>> would be
>>>>>>>> working in direction to somehow prevent these issues. Curious =
to
>>> know
>>>>>>>> developments so far.
>>>>>>>>=20
>>>>>>>>=20
>>>>>>>>=20
>>>>>>>>=20
>>>>>>>> Thanks.
>>>>>>>>=20
>>>>>>>>=20
>>>>>>>> --
>>>>>>>>=20
>>>>>>>> Anurag Bhatia
>>>>>>>> anuragbhatia.com
>>>>>>>>=20
>>>>>>>> Linkedin =
<http://in.linkedin.com/in/**anuragbhatia21<http://in.linkedin.com/in/anur=
agbhatia21>>
>>> |
>>>>>>>> =
Twitter<https://twitter.com/**anurag_bhatia<https://twitter.com/anurag_bha=
tia>
>>>> |
>>>>>>>> Google+ =
<https://plus.google.com/**118280168625121532854<https://plus.google.com/1=
18280168625121532854>
>>>>=20
>>>>>>>>=20
>>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>=20
>>>>=20
>>>>=20
>>>=20
>>=20
>>=20
