Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] [NTAC] R&E Routes Leaked to Commodity Internet

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] [NTAC] R&E Routes Leaked to Commodity Internet


Chronological Thread 
  • From: Bill Owens <>
  • To: David Farmer <>, NTAC <>, "" <>, "" <>
  • Subject: Re: [Security-WG] [NTAC] R&E Routes Leaked to Commodity Internet
  • Date: Tue, 31 Dec 2019 13:39:24 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nysernet.org; dmarc=pass action=none header.from=nysernet.org; dkim=pass header.d=nysernet.org; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e+IyQaNri+eQjFq8jytZmr7l04F/MuCpsAZpvMLWVpQ=; b=U2YTvSPhi5iZJbLhww5Q/Ve8z3Q8b8vO13m3CdNQIp/72s3m5budfjNNDOsB0OkKm1LyyPrgeTDmXmWh7c4GCMx7iix1eyStCNLLviZi33IaMqeZ0BxbfrbwVzoLBYPnMjnc9QfeeDfhLITLyDZYHicM0p989M+vYHb5Ng0qvz+RFVGvDI3TfXO+uJvNFyibLAS2yZKH5vtcg55qPAEe6rLdcP6ItDItbsMqeixOMKWtb5b19F0LxDSahDgkp6oBQxdvWcUEMzsvowDbpL/CBBT8srx3VJxBGf24Kb7u/tcmel4SebCL4nmpPoWMxQ/se9UcUJcWEqpy/im22Uf2Qw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kg2BA50DFFZq5tunMg6tsMY2Je4qU+Nf1BQzEMXyp5x73y7/ouAiiqc8Gd5fLcl7/ilmw8hvz1SZzKUx2VGdVKxkaWfG3G+SPnCwchpbKfaq+i528QFftmOTiGAcCTI5LC7KDlyYACbZzSKBQG5YhEKUJ/fHMj0vQveHxv53zhipsqp3SE//Fjo6spOKBx3gpgDWcXg4Xsnc6QRkyuOuHBoiqAprCn7AY+Ka+RADU9qzOnClWkevXkPpd+IqDzrnDdDNqZXQiLJguwDfM6DsbbRQF+lArZppQxffxdTceHPdX22jwPrCouO4KEaaN9/pKHxrOVotmJV/3V3o92qS9w==

We have two campuses participating in PEERING, and every now and then I come across the routes, am shocked, and then remember they’re supposed to be weird. Then again, I wonder if that dilutes some of the value of their research – they wouldn’t be allowed to make some of the advertisements that they’re doing, if they weren’t given exceptions to the usual rules. I’ll have to ask them one of these days.

 

Bill.

 

From: <> on behalf of David Farmer <>
Reply-To: David Farmer <>
Date: Monday, December 30, 2019 at 7:13 PM
To: NTAC <>, "" <>, "" <>
Subject: [NTAC] R&E Routes Leaked to Commodity Internet

 

I decided to look the other way around, that is to look for Internet2 R&E (AS11537) in commodity Internet paths, and after excluding some routes originated by Internet2 for Internet2 infrastructure prefixes, I get the following;

*  128.23.0.0/17      146.57.255.243                130      0 11164 6461 81 11537 2721 13429 i
*                     184.105.19.9          2095    100      0 6939 6461 81 11537 2721 13429 i
*>                    206.108.255.75           0    130      0 6461 81 11537 2721 13429 i
*> 130.127.0.0/16     206.108.255.75           0    130      0 6461 81 11537 2721 2722 12148 i
*  184.164.228.0/24   208.116.156.129        110    100      0 3257 174 5719 3754 11537 22388 24489 24489 24489 24489 24490 24490 24490 24490 24490 7575 47065 i
*  184.164.229.0/24   208.116.156.129        110    100      0 3257 174 5719 3754 11537 22388 24489 24489 24489 24489 24490 24490 24490 24490 24490 7575 47065 i
*> 198.21.128.0/17    206.108.255.75           0    130      0 6461 81 11537 2721 2722 12148 i
*> 205.186.32.0/19    206.108.255.75           0    130      0 6461 81 11537 2721 2722 i

*> 2610:d0::/32       2001:504:27::193d:0:1
                                               0    130      0 6461 6057 1797 27750 11537 20965 24490 24287 7660 3943 i
*                     2607:ea00:0:26::2
                                             751    130      0 11164 6461 6057 1797 27750 11537 20965 24490 24287 7660 3943 i

184.164.228.0/19 is a peering research prefix, so maybe those are intentional, not sure;

 

At least there is an IPv6 route on this list. 😀 

I think it is a Cisco IPv6 LISP experiment. However, given that the path has Uruguay, RedClara, Internet2, GEANT, TEIN2, and Japan all in the path I'm not sure its a good idea for this route to be leaked, let alone even to be in the Internt2 R&E route table in the first place. I have a number of better routes for this prefix from the commodity Internet.

 

Thanks

 

--

===============================================
David Farmer              
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota  
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================




Archive powered by MHonArc 2.6.19.

Top of Page