[SANOG] How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed

Suresh Ramasubramanian suresh at hserus.net
Mon Feb 17 18:37:48 UTC 2014 

This has bitten me at least once in the past so it is not something I would forget in a hurry :) 

--srs (htc one x)

----- Reply message -----
From: "Anurag Bhatia" <me at anuragbhatia.com>
To: "Suresh Ramasubramanian" <suresh at hserus.net>
Cc: "Tarun Dua" <lists at tarundua.net>, <sanog at sanog.org>
Subject: [SANOG] How to get off the Bogon IP list or get an incorrectly advertised BGP announcement fixed
Date: Mon, Feb 17, 2014 10:31 AM

Nice find Suresh!


Btw this brings to me to slightly unrelated issues of wrong RADB entries
for all such prefixes. The ISP which I represent has some prefix with RADB
entries from ISP which (I guess) had prefix years back before APNIC
re-allocated them. Isn't this very common? In traceroute with "-A" argument
we see multiple ASNs so many times (since -A is based on RADB data rather
than actual routing data).





On Mon, Feb 17, 2014 at 11:51 PM, Suresh Ramasubramanian
<suresh at hserus.net>wrote:

> Tarun Dua [17/02/14 23:13 +0530]:
>
>  The prefix in question is 205.147.96.0/21
>>
>
> Cogent seems to think - and whois too - that it is split into /23s
> See the routeviews entries as well below
>
> http://www.onesc.net/communities/as174/ says 174:21001  Route is NA
> internal or customer route.
>
> by the way. And there's rr.arin.net / radb.net route registry entries for
> the covering /20 assigned to a legacy provider. Looks like that IP space
> was reclaimed by arin and allocated to apnic.
>
> suresh at samwise 12:17:34 <~> $ whois -h rr.arin.net 205.147.96.0/21
> % This is the ARIN Routing Registry.
>
> % Note: this output has been filtered.
> %       To receive output for a database update, use the "-B" flag.
>
> % Information related to '205.147.96.0/20AS18999'
>
> route:          205.147.96.0/20
> descr:          Poplar Bluff Internet, Inc.
>                 P.O. Box 190
>                 Poplar Bluff, MO  63902
>                 US
> origin:         AS18999
> mnt-by:         MNT-POPL
> source:         ARIN # Filtered
>
>
> suresh at samwise 12:17:38 <~> $ whois -h whois.radb.net 205.147.96.0/21
> route:      205.147.96.0/20
> descr:      Forced Object Correction
> origin:     AS18999
> mnt-by:     MAINT-AS7132
> changed:    backbone at sbis.sbc.com 20060607
> source:     RADB
>
> route:          205.147.96.0/20
> descr:          Poplar Bluff Internet, Inc.
>                 P.O. Box 190
>                 Poplar Bluff, MO  63902
>                 US
> origin:         AS18999
> mnt-by:         MNT-POPL
> changed:        james at semo.net 20051003
> source:         ARIN
>
> routeviews lookups -
>
> BGP routing table entry for 205.147.96.0/21, version 436273
> Paths: (31 available, best #30, table Default-IP-Routing-Table)
>   Not advertised to any peer
>   5459 174
>     195.66.232.239 from 195.66.232.239 (195.66.232.239)
>       Origin IGP, localpref 100, valid, external
>       Community: 174:21001 174:22013 5459:1 5459:60
>   3356 174
>     4.69.184.193 from 4.69.184.193 (4.69.184.193)
>       Origin IGP, metric 0, localpref 100, valid, external
>       Community: 3356:3 3356:22 3356:86 3356:575 3356:666 3356:2012
>   2914 174
>     129.250.0.11 from 129.250.0.11 (129.250.0.12)
>       Origin IGP, metric 7, localpref 100, valid, external
>       Community: 2914:420 2914:1008 2914:2000 2914:3000 65504:174
>   6939 1299 174
>     216.218.252.164 from 216.218.252.164 (216.218.252.164)
>
> Using cogent's looking glass
> http://www.cogentco.com/en/network/looking-glass
>
> I just get an entry for the /23 and then for another /23 but not a covering
> /21
>
> BGP routing table entry for 205.147.96.0/23, version 2088153801
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>   9498 17439 2.1348
>     38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76)
>       Origin IGP, localpref 130, valid, internal, best
>       Community: 174:981 174:10017 174:20999 174:21001 174:22013
>       Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69,
> 66.28.1.89, 66.28.1.68
>
> BGP routing table entry for 205.147.98.0/23, version 2088153802
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>   9498 17439 2.1348
>     38.122.147.122 (metric 10166061) from 154.54.66.76 (154.54.66.76)
>       Origin IGP, localpref 130, valid, internal, best
>       Community: 174:981 174:10017 174:20999 174:21001 174:22013
>       Originator: 66.28.1.39, Cluster list: 154.54.66.76, 66.28.1.69,
> 66.28.1.89, 66.28.1.68
>
>
> _______________________________________________
> sanog mailing list
> sanog at sanog.org
> https://lists.sanog.org/mailman/listinfo/sanog
>



-- 


Anurag Bhatia
anuragbhatia.com

Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
Twitter<https://twitter.com/anurag_bhatia>
Skype: anuragbhatia.com

PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sanog.org/pipermail/sanog/attachments/20140217/e1650038/attachment-0001.html>

More information about the sanog mailing list