|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Sat, 9 Jun 2001 14:10:08 -0400 (EDT) From: "Richard A. Steenbergen" <ras@e-gerbil.net> To: Philip Smith <pfs@cisco.com> Cc: nanog@merit.edu In-Reply-To: <5.1.0.14.2.20010609220555.03d1dea8@localhost> Message-ID: <Pine.BSF.4.21.0106091351140.29677-100000@overlord.e-gerbil.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Errors-To: owner-nanog-outgoing@merit.edu On Sat, 9 Jun 2001, Philip Smith wrote: > I was working on almost the same thing... :-) As from next Friday, my > routing report will include the top 20 ASes which are announcing > prefixes more specific than the registry minimum allocation (/20), > more specific than a /24 from 192/8 space, more specific than a /16 > from former B space, more specific than a /8 from former A space... I've always been suspicious of using registry allocation boundaries, there are too many legitimate ways to set it off. There are lots of reasons to have some diverse /22 announcements in your network for example. On the other hand, if you have 200 seperate /24s announced from the same /16, with the same aspath, and the origin owns the entire block, there is simply no reason for this. > 11371 307 Rhythms NetConnections > 3491 651 CAIS Internet DSL providers are becoming very bad about this. Someone pointed out to me off list that CAIS had carved up PSI's /8 into over 500 /24s. > 690 502 Merit Network Well at least we don't have to go too far to find the guilty party. :P > 18994 468 Global Crossing > 15870 436 Global Center Frankfurt > 18993 325 Global Crossing Those are the GlobalCenter datacenters being converted into the Exodus network. It looks like they are leaking a sizable number of /32s /30s etc, and since its GBLX space I'm assuming its stuff that used to be aggregated into a single announcement. > There is no attempt to measure aggregation - that's the job of the > CIDR Report. This simply looks at the prefix announced and if it is > outside the above limits, it is counted. Makes very interesting > reading... The one interesting pattern I noticed in the rampant /24 abuse was non- contiguous announcements. It's likely that this kept them off the CIDR Report and any other scans which only looked for contiguous announcements. For example: 1.2.3.0/24 1.2.5.0/24 1.2.7/0.24 -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |