[66741] in North American Network Operators' Group
Re: AT&T carrying rfc1918 on the as7018 backbone?
daemon@ATHENA.MIT.EDU (ken emery)
Thu Jan 22 17:29:22 2004
Date: Thu, 22 Jan 2004 14:28:05 -0800 (PST)
From: ken emery <ken@cnet.com>
To: nanog@merit.edu
In-Reply-To: <BC359ADD.9BFC%brett@the-watsons.org>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 22 Jan 2004, Brett Watson wrote:
>
> First, yes I know I should call AT&T but I want to know if anyone else sees
> this problem:
>
> I have a customer that is multi-homed to AT&T and WCOM. They accept
> "default" via BGP from both providers and announce a handful of prefixes to
> both providers.
>
> Given that they receive default, it's just the same as if they had a
> *static* default to both providers.
>
> The customer installed a "network mapping tool" today and suddenly
> discovered they were seeing RFC1918 addresses in the map (hundreds of them)
> that were *not* part of the customer's internal network. It turns out that
> from what we can tell, insightbb.com (an AT&T sub or customer) is probably
> unintentionally leaking 10/8 and AT&T is propogating that across their
> network. Since the customer defaults for any "unknown" destination,
> they're crossing the AT&T network.
>
> If my customer had been taking full routing, with appropriate filters of
> course, they wouldn't be seeing this. But given that they are taking
> default, they see it.
>
> So I just wanted to see if anyone that is defaulting to AT&T is seeing this
> same problem just to verify that what we're seeing is correct (for my
> customer's edification). Yes, I'm calling AT&T now :)
Yep, they are sending 10.X.X.X routes to customers. From several places
actually, Level3, Comcast (multiple AS's), AT&T, MediaOne, and AccessPoint.
bye,
ken emery
