Skip to Content.
Sympa Menu

ntacpeering - Re: R&E route policy with other NRENs

Subject: NTAC Peering Working Group

List archive

Re: R&E route policy with other NRENs


Chronological Thread 
  • From: Michael H Lambert <>
  • To:
  • Subject: Re: R&E route policy with other NRENs
  • Date: Sat, 7 Apr 2018 11:30:30 -0400
  • Dkim-filter: OpenDKIM Filter v2.11.0 mailer2.psc.edu w37FUW5F001018
  • Ironport-phdr: 9a23:wBUVYxbKHFjY45++3oDJ387/LSx+4OfEezUN459isYplN5qZrsW9bnLW6fgltlLVR4KTs6sC17KN9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCazbL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjmk8qxlSgLniD0fOjAk7m/XhMx+gqFVrh2vqBNwwZLbbo6OOfpifK7QZ88WSXZPU8tTUSFKH4Oyb5EID+oEJetWqIj9qEcOrRSkGwasAP7kxD1VjXHwx6I61v8uHh/c3Aw8AtkDt3DUo8/wNKgJT++11rXIwC7bb/NNxTjx8pbHfQ08ofyVW797bMTfyU4qFwzfj1WQr5ToMy2I2ukMqWSX8eRtWOK1h2I5tQ18oyKjyts0hoXUmo4YxUrI+Tt3zYs3P9G0VUp2bcO+HJdMry2XOJV6TtkhTmxmoio217MLtJyhcCQW0Jgn3wDQZOKdc4iJ5BLjW/ueLixiiH15f7K/gg6+8Uenyu37Wcm01EhFojBZndnLs3ABzxPe5tadRvZ+8EqtwyuD2g7Q5+1ePUw4jbTXJ4M9zrIqiJYfq0vOEjXqlEnukaObckop9vK25+noY7jqvJuROo5uhg3iKqgih9KzDOQiPgQQQ2SW+v6w2bLt8EHjXLlGluA6nrfZvZzAO8gXuq20DxVa34ss8RqzEzGr28kbk3kfNF9JZQyLgovzN13TI/30E+2zjlawnDtx2vzKIrzsDo3MI3XBirvtYLVw5k9GxAYuyd1T/Y9YB7UPLf/1R0T/rsbXDgUjPAyx2+vnCMty1ocZWW+XB6+WKqLSsVuW6eI1PeWAfpcVuC3hJPQ/+fHhkGI5lUccfamvw5QXdGi1Eul4L0iae3bgn9QMHXkQsgc8UODmkkCOXSJSanqqWqIz/DA7CIaoDYfZQYCthaSM3COhEZ1TfW9JFEqMEWvzeoWcQPcDdDieLdF8nTwZTbShUZMu1QmytA/mzLpqNuzU+jECup3/zNh6+fPclQsz9TxyAMSQyGWNT2BvnmMUXD86wrpzoU17ylefz6d4mfpYGsJP5/9XSAs1K4PTz/EpQ+z1DwTdd9yRRVu8Q9OpKTA3Ut8rxdISOQBwF8jxoArE2n+PArQVnrGPTLx81qvZ1XXrO44pz3/D3qQ7k3E+WcAJOGG70P0svzPPDpLExh3K352hcr4RiXbA

In the same vein, I noticed last week that CUDI was leaking PNWGP and CENIC routes (and perhaps others) into the R&E network. The result was a likely violation of Internet2 AUPs and not just bad routing practices. The Internet2 NOC put a filter in at least for those ASNs and was reaching out to CUDI. This was probably the result of broken configuration because the AS paths were "11537 CUDI X Y CUDI Z".

Michael

David Farmer wrote:
FYI, I just sent the following note the Internet2 NOC. I think we need a set of ASNs that should not be accepted from other NRENs, This should include things like GGC nodes, DNS Root Server anycast nodes, AS112 nodes, global transit providers, etc...

There are several HE(AS6939) routes being leaked into the R&E route table.

*> 42.83.137.0/24 <http://42.83.137.0/24> 146.57.255.241 2735 202 0 11537 22388 7660 4641 4641 6939 24785 8763 8763 8763 8763 24151 i
*> 42.83.138.0/24 <http://42.83.138.0/24> 146.57.255.241 2735 202 0 11537 22388 7660 4641 4641 6939 28917 39134 15835 24406 i
*> 125.208.43.0/24 <http://125.208.43.0/24> 146.57.255.241 2735 202 0 11537 22388 7660 4641 4641 6939 28917 39134 15835 24406 i
*> 125.208.44.0/24 <http://125.208.44.0/24> 146.57.255.241 2735 202 0 11537 22388 7660 4641 4641 6939 28917 39134 15835 24406 i
*> 194.246.96.0/24 <http://194.246.96.0/24> 146.57.255.241 2735 202 0 11537 22388 7660 4641 4641 6939 24785 8763 31529 i
*> 210.2.4.0/24 <http://210.2.4.0/24> 146.57.255.241 2735 202 0 11537 22388 7660 4641 4641 6939 28917 39134 15835 24406 i
*> 216.235.226.0/24 <http://216.235.226.0/24> 146.57.255.241 2142 202 0 11537 40220 11164 6939 26202 i

Thanks

---------- Forwarded message ----------
From: *David Farmer*
<

<mailto:>>
Date: Sat, Apr 7, 2018 at 9:54 AM
Subject: RENU advertising GGC node
To: Internet2 NOC
<

<mailto:>>


RENU is advertising a GGC node via UBUNTU into the Internet2 R&E route table. Please stop accepting these routes from them. As these routes are in the R&E route table they were overriding at least one route (104.237.191.0/24 <http://104.237.191.0/24>) I learn from a GGC node in Minneapolis. I have dealt with this in my local route policy, but I suspect others may have an issue too.

Note AS36040 is the ASN Google uses for GGC nodes;
https://peeringdb.com/net/4319
https://peering.google.com/#/options/peering

*> 104.237.175.0/24 <http://104.237.175.0/24> 146.57.255.241 2749 202 0 11537 36944 327687 36040 i
*> 104.237.191.0/24 <http://104.237.191.0/24> 146.57.255.241 2749 202 0 11537 36944 327687 36040 i

Thanks.

--

--
===============================================
David Farmer
Email:

<mailto:Email%>
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================



--
Michael H Lambert, GigaPoP Manager Phone: +1 412 268-4960
Pittsburgh Supercomputing Center/3ROX FAX: +1 412 268-5832
300 S Craig St, Pittsburgh, PA 15213 USA





Archive powered by MHonArc 2.6.19.

Top of Page