[194303] in North American Network Operators' Group
Re: AS9498 Bharti BGP hijacks
daemon@ATHENA.MIT.EDU (netravnen+nanog@gmail.com)
Sun Apr 2 20:24:33 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <88A35AB5-B9BC-47E6-A3A8-AE7604D14C6F@gmail.com>
From: netravnen+nanog@gmail.com
Date: Sun, 2 Apr 2017 00:15:37 +0200
To: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
I would (from a peering perspective) see this as a configuration error
where somebody/someone botched a configuration change in a specific
network router.
Partly because
a) seeing as the reports is sequentially numbered,
b) as - already pointed out - it is either /30 or /29.
c) thou I'm puzzled about the /27 leaked https://bgpstream.com/event/78122
Somebody noticed, somebody or another fixed the error in silence and
said nothing afterwards.
Sadly, No route-maps or the like were in place to prevent the prefix
leaks from happening. That in it-self should be stuff for the people
at Origin ASN 9498 (BHARTI Airtel Ltd.) to think a little "harder"
about in the future. "Routers mostly only fail because of the selected many
people managing them."
Kind regards,
Christoffer,
CH11404-RIPE
On 2 April 2017 at 00:09, Youssef Bengelloun-Zahr <bengelly@gmail.com> wrot=
e:
> Hi,
>
> What's more concerning here is that those prefixes were able to pass thro=
ugh all filters on their way, via their transits and maybe probably via the=
ir peers as well. Haven't we been here before !?!
>
> And here I thought 2017 internet would be a "safer" place. Silly me...
>
> Y.
>
>
>
>> Le 1 avr. 2017 =C3=A0 23:33, Job Snijders <job@instituut.net> a =C3=A9cr=
it :
>>
>> Hi all,
>>
>> Perhaps another explanation is that these are router2router linknets
>> between the involved parties, and all we are seeing is the effect of
>> "redistribute connected". If this is the case, the word "hijack" might b=
e
>> somewhat strong worded.
>>
>> Kind regards,
>>
>> Job
>>
>> On Sat, 1 Apr 2017 at 23:25, Tyler Conrad <tyler@tgconrad.com> wrote:
>>
>> So not only are they hijacking prefixes, they're leaking the /30s to th=
eir
>> peers. Failure through and through.
>>
>> On Saturday, April 1, 2017, George William Herbert <george.herbert@gmail=
.com
>> wrote:
>>
>>>
>>> Hey, Bharti, knock that off.
>>>
>>> http://bgpstream.com/event/78126
>>> http://bgpstream.com/event/78125
>>> http://bgpstream.com/event/78124
>>> http://bgpstream.com/event/78123
>>> http://bgpstream.com/event/78122
>>>
>>>
>>> Sent from my iPhone
>>>
