[66740] in North American Network Operators' Group
AT&T carrying rfc1918 on the as7018 backbone?
daemon@ATHENA.MIT.EDU (Brett Watson)
Thu Jan 22 17:21:45 2004
Date: Thu, 22 Jan 2004 15:21:01 -0700
From: Brett Watson <brett@the-watsons.org>
To: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
First, yes I know I should call AT&T but I want to know if anyone else sees
this problem:
I have a customer that is multi-homed to AT&T and WCOM. They accept
"default" via BGP from both providers and announce a handful of prefixes to
both providers.
Given that they receive default, it's just the same as if they had a
*static* default to both providers.
The customer installed a "network mapping tool" today and suddenly
discovered they were seeing RFC1918 addresses in the map (hundreds of them)
that were *not* part of the customer's internal network. It turns out that
from what we can tell, insightbb.com (an AT&T sub or customer) is probably
unintentionally leaking 10/8 and AT&T is propogating that across their
network. Since the customer defaults for any "unknown" destination,
they're crossing the AT&T network.
If my customer had been taking full routing, with appropriate filters of
course, they wouldn't be seeing this. But given that they are taking
default, they see it.
So I just wanted to see if anyone that is defaulting to AT&T is seeing this
same problem just to verify that what we're seeing is correct (for my
customer's edification). Yes, I'm calling AT&T now :)
-b
