[6bone] SUNET announcing ALL IPv6 routes

Nicolas DEFFAYET nicolas.deffayet@ndsoftware.net
14 Aug 2002 23:28:25 +0200 

On Wed, 2002-08-14 at 22:12, Jørgen Hovland wrote:
> Since SICS have shut down their router now, it might help us to be able to traceback the ASN(s) who are making all the
> zombie-routes. There are still a lot of prefixes in the routing table with origin as1654.
> 
> For i2001:2F8::/35    there must be one of these three 6939 14277 8002
> We know its not 6830, right Roger? And most likely not Edisontel, right Edisontel?
> 
> 6969 HE.NET
> 14277 NOKIA
> 8002 STEALTH
> 
> The other route-paths are long.
> They all end with STEALTH before they reach SICS.
> I dont believe the ones we peer with are generating these routes so I have skipped those (but you never know).
> 
> 33 DEC.com
> 10318 LACNIC.net
> 12199  <- Nonexisting, who is using this?

6bone whois:
----
ipv6-site:    UUNET-US
origin:       AS12199
----

ARIN whois:
----
UUNET Global Research & Development (ASN-UUNET-RD-AS)
   3060 Williams Drive
   Fairfax, VA 22031
   US

   Autonomous System Name: UUNET-RD-AS
   Autonomous System Number: 12199
----

> 145 MCI
> 7580 TRUMPET.com.au
> 10566 Viagenie
> 5408 GRNET.gr
> 2549 LACNIC.net
> 109 CISCO
> 5539 SPACE.net
> 8379 EUROCYBER.net
> 1275 C&W ecrc.de
> 
> Its probably not Viagenie, nor Cisco (god forbid), nor Space, nor MCI, nor Eurocyber?
> DEC, LACNIC, GRNET, C&W, TRUMPET and as12199 is left.
> 
> As you say John, OS and version if you are announcing ghost-routes please.
> 
> 
>    Network          Next Hop            Metric LocPrf Weight Path
> * i2001:2F8::/35    3FFE:82B0:0:1:1::5
>                                                   100      0 6830 6939 14277 8002 1654 i
> *                   2001:750:E::A                          0 15589 6939 14277 8002 1654 i


route-server.ndsoftwarenet.net> show ipv6 bgp 2001:2F8::/35
BGP routing table entry for 2001:2f8::/35
Paths: (2 available, best #2, table Default-IP-Routing-Table)
  Not advertised to any peer
  5408 8002 1654
    3ffe:81f1:0:1::1 from 3ffe:81f1:0:1::1 (213.91.4.3)
      Origin IGP, metric 700, localpref 100, valid, internal
      Community: 65526:502 65526:511 65526:521 65526:900 65526:1000
65526:1500
      Last update: Wed Aug 14 20:45:52 2002

  9044 8002 1654
    3ffe:81f1:0:2::1 from 3ffe:81f1:0:2::1 (62.4.18.114)
    (fe80::260:97ff:fe0c:9803)
      Origin IGP, metric 700, localpref 100, valid, internal, best
      Community: 65526:502 65526:511 65526:521 65526:900 65526:1000
65526:1500
      Last update: Wed Aug 14 20:45:52 2002

route-server.ndsoftwarenet.net>


Best Regards,

Nicolas DEFFAYET

> ----- Original Message -----
> From: "John Fraizer" <tvo@EnterZone.Net>
> To: "Jorgensen, Roger" <RJorgensen@upctechnology.com>
> Cc: "'Gert Doering'" <gert@space.net>; "Jørgen Hovland" <jorgen@hovland.cx>; <6bone@mailman.isi.edu>; <staff@sunet.se>
> Sent: Wednesday, August 14, 2002 10:08 PM
> Subject: RE: [6bone] SUNET announcing ALL IPv6 routes
> 
> 
> >
> > On Wed, 14 Aug 2002, Jorgensen, Roger wrote:
> >
> > > Hi,
> > >
> > > Got some feedback from sunet about this and seems like they've /dev/null'ed
> > > the IPv4 IP for their endpoint as a temporarly workaround for now.
> > > Thanks for the help SUNET!:)
> > >
> > >
> > > Next issue, now I think we have alot of ghost routes to fight...
> > >
> > >
> > > ---
> > > Roger Jorgensen (rjorgensen@upctechnology.com)
> >
> >
> > Cool.  That we can do but, in the process, we need to document what router
> > platform/code version the people sending the ghost routes are
> > running.  This is a very important operational issue, more important that
> > actually getting the original announcements to stop.
> >
> > If you are an operator who peers with someone that is found to be
> > ORIGINATING the ghost routes, please, find out what code they're running
> > and let the list know.  This "bug" has bitten us too many times already
> > and needs to be squashed.
> >
> > If we compile a list of "bad code", folks will know to avoid using that
> > code and/or peering with folks using that code.
> >
> > The root problem will never get fixed until we take measures to document
> > it.
> >
> >
> >
> > ---
> > John Fraizer              | High-Security Datacenter Services |
> > EnterZone, Inc            | Dedicated circuits 64k - 155M OC3 |
> > http://www.enterzone.net/ | Virtual, Dedicated, Colocation    |
> >
> >
> 
> _______________________________________________
> 6bone mailing list
> 6bone@mailman.isi.edu
> http://mailman.isi.edu/mailman/listinfo/6bone