nanog mailing list archives
Re: Indonesian ISP Moratel announces Google's prefixes
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Wed, 7 Nov 2012 00:45:19 -0500
On Nov 07, 2012, at 00:35 , Jian Gu <guxiaojian () gmail com> wrote:
Hmm, look at this screen shot from the blog, 8.8.8.0/24 was orignated from Google.
Everyone who posted in this thread was well aware of that. (Well, except me in my first post. :) Google was still the victim, and it was still not their fault. You are showing wide and clear ignorance on the basics of peering. Which is fine, the vast majority of the planet hasn't a clue what peering is. However, the rest of the people who do not know what they are talking about have managed to avoid commenting on the subject to 10K+ of their not-so-closest friends. To be clear, if you had started with something like: "Why is Google originating the route? Doesn't that make it valid?", you would have gotten a lot of help & support. But instead you started by claiming it was Google's fault and they could stop this by setting "the correct BGP attributes". I note you still haven't told us what those attributes would be despite repeated questions. Perhaps it's time to admit you don't know what attributes, and you need a little more education on peering in general? When you find yourself in a hole, stop digging. -- TTFN, patrick
tom@edge01.sfo01> show route 8.8.8.8 inet.0: 422196 destinations, 422196 routes (422182 active, 0 holddown, 14 hidden) + = Active Route, - = Last Active, * = Both 8.8.8.0/24 *[BGP/170] 00:27:02, MED 18, localpref 100 AS path: 4436 3491 23947 15169 Ito 69.22.153.1 via ge-1/0/9.0On Tue, Nov 6, 2012 at 9:33 PM, Hank Nussbacher <hank () efes iucc ac il>wrote:At 21:21 06/11/2012 -0800, Jian Gu wrote: If Google announces 8.8.8.0/24 to you and you in turn start announcing to the Internet 8.8.8.0/24 as originating from you, then a certain section of the Internet will believe your announcement over Google's. This has happened many times before due to improper filters, but this is the first time I have seen the victim being blamed. Interesting concept. -Hank I don't know what Google and Moratel's peering agreement, but "leak"?educate me, Google is announcing /24 for all of their 4 NS prefix and 8.8.8.0/24 for their public DNS server, how did Moratel leak those routes to Internet? On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore <patrick () ianai netwrote:On Nov 07, 2012, at 00:07 , Jian Gu <guxiaojian () gmail com> wrote:Where did you get the idea that a Moratel customer announced agoogle-ownedprefix to Moratel and Moratel did not have the proper filters inplace?according to the blog, all google's 4 authoritative DNS servernetworksand8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity foraMoratel customers announce all those prefixes?Ah, right, they just leaked Google's prefix. I thought a customer originated the prefix. Original question still stands. Which attribute do you expect Google to set to stop this? Hint: Don't say No-Advertise, unless you want peers to only talk to the adjacent AS, not their customers or their customers' customers, etc. Looking forward to your answer. -- TTFN, patrickOn Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore <patrick () ianai net wrote:On Nov 06, 2012, at 23:48 , Jian Gu <guxiaojian () gmail com> wrote:What do you mean hijack? Google is peering with Moratel, if Googledoesnotwant Moratel to advertise its routes to Moratel's peers/upstreams,thenGoogle should've set the correct BGP attributes in the first place.That doesn't make the slightest bit of sense. If a Moratel customer announced a Google-owned prefix to Moratel, and Moratel did not have the proper filters in place, there is nothingcould do to stop the hijack from happening. Exactly what attribute do you think would stop this? -- TTFN, patrickOn Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia <me () anuragbhatia com>wrote:Another case of route hijack -http://blog.cloudflare.com/**why-google-went-offline-today-**and-a-bit-about<http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about>I am curious if big networks have any pre-defined filters for bigcontentproviders like Google to avoid these? I am sure internet communitywould beworking in direction to somehow prevent these issues. Curious toknowdevelopments so far. Thanks. -- Anurag Bhatia anuragbhatia.com Linkedin <http://in.linkedin.com/in/**anuragbhatia21<http://in.linkedin.com/in/anuragbhatia21>>|Twitter<https://twitter.com/**anurag_bhatia<https://twitter.com/anurag_bhatia>|Google+ <https://plus.google.com/**118280168625121532854<https://plus.google.com/118280168625121532854>
Current thread:
- Re: Indonesian ISP Moratel announces Google's prefixes, (continued)
- Re: Indonesian ISP Moratel announces Google's prefixes Jian Gu (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Patrick W. Gilmore (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Eric Osterweil (Nov 07)
- Re: Indonesian ISP Moratel announces Google's prefixes Ben Bartsch (Nov 07)
- Re: Indonesian ISP Moratel announces Google's prefixes joel jaeggli (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Anurag Bhatia (Nov 06)
- Message not available
- Re: Indonesian ISP Moratel announces Google's prefixes Anurag Bhatia (Nov 07)
- Re: Indonesian ISP Moratel announces Google's prefixes David Miller (Nov 07)
- Message not available
- Re: Indonesian ISP Moratel announces Google's prefixes Hank Nussbacher (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Jian Gu (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Patrick W. Gilmore (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Jian Gu (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Andrew Jones (Nov 06)
- Re: Indonesian ISP Moratel announces Google's prefixes Hank Nussbacher (Nov 06)