[179058] in North American Network Operators' Group
RE: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795
daemon@ATHENA.MIT.EDU (Nick Rose)
Thu Mar 26 18:21:06 2015
X-Original-To: nanog@nanog.org
From: Nick Rose <nick.rose@enzu.com>
To: Nick Rose <nick.rose@enzu.com>, "amps@djlab.com" <amps@djlab.com>, "Peter
Rocca" <rocca@start.ca>
Date: Thu, 26 Mar 2015 22:20:57 +0000
In-Reply-To: <DM2PR11MB0158347F304756BE58A63C669B080@DM2PR11MB0158.namprd11.prod.outlook.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Several people asked me off list for more details, here is what I have rega=
rding it.
This morning a tier2 isp that connects to our network made an error in thei=
r router configuration causing the route leakage. The issue has been addres=
sed and we will be performing a full post mortem to ensure this does not ha=
ppen again.
While investigating the issue we did find that the noction appliance stoppe=
d advertising the no export community string with its advertisements which =
is why certain prefixes were also seen.
Regards,
Nick Rose
CTO @ Enzu Inc.
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Nick Rose
Sent: Thursday, March 26, 2015 3:49 PM
To: amps@djlab.com; Peter Rocca
Cc: nanog@nanog.org
Subject: RE: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4=
795 / AS4761]
This should be resolved from AS18978. If you experience anything else pleas=
e let me know and I will get it addressed immediately.
Regards,
Nick Rose
CTO @ Enzu Inc.
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Randy
Sent: Thursday, March 26, 2015 12:14 PM
To: Peter Rocca
Cc: nanog@nanog.org
Subject: RE: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4=
795 / AS4761]
On 03/26/2015 9:00 am, Peter Rocca wrote:
> +1
>=20
> The summary below aligns with our analysis as well.
>=20
> We've reached out to AS18978 to determine the status of the leak but=20
> at this time we're not seeing any operational impact.
+2, after the morning coffee sunk in and helpful off list replies I can
finally see it's probably not INDOSAT involved at all.
FYI, the more specifics are still active:
2015-03-26 13:56:11 Update AS4795 ID 198.98.180.0/23 4795 4795 4761=20
9304 40633 18978 6939 29889 Active
2015-03-26 13:56:11 Update AS4795 ID 198.98.182.0/23 4795 4795 4761=20
9304 40633 18978 6939 29889 Active
--
~Randy
