[AusNOG] International link issue

Andree Toonk andree at bgpmon.net
Fri Feb 24 10:58:48 EST 2012


That would explain why all of Telstra and many other prefixes (~1400)
disappeared from the BGP tables:

http://www.bgpmon.net/telstra-feb23-2012.png
https://twitter.com/#!/bgpmon/status/172608854855647233/photo/1

Though, surely Telstra has more than one international link...

Andree


.-- My secret spy satellite informs me that at 12-02-23 3:30 PM  Will
Tardy wrote:
> Telstra claims they had an international link down:
> 
> http://www.zdnet.com.au/telstra-hit-by-nationwide-data-outage-339332310.htm
> 
> If that happened at the same time as DODO incorrectly sending Telstra
> the full BGP table, could that explain why Telstra black-holed
> all-routes plus pumped all of it's own traffic via dodo?
> 
> On 24 February 2012 10:02, Wade Millican <Wade.Millican at echoent.com.au
> <mailto:Wade.Millican at echoent.com.au>> wrote:
> 
>     Hi All,
> 
>     What I'm yet to understand about this outage is why DODO's AS_PATH
>     was seen as shorter than anything Telstra already had.
> 
>     An earlier posted look at routes(below), thanks Gavin, shows all
>     routes from Telstra taking hops to DODO, then Optus or PIPE before
>     moving to the destination. Surely Telstra would have had better
>     routes than pushing all traffic 2 hops out of it's way.
> 
>     AS_PATH does not explain how Telstra accepted these as the active
>     routes. Even if all routes were accepted, Telstra still has better
>     routes.
> 
>     Can anyone explain what BGP Metric was modified/used that pushed
>     traffic over longer AS_PATHs? 
> 
>     *> 1.22.161.0/24 <http://1.22.161.0/24>    165.228.157.73         100     80      0 1221 38285 7474 7473 55410 45528 i
>     *> 1.22.162.0/24 <http://1.22.162.0/24>    165.228.157.73         100     80      0 1221 38285 7474 7473 55410 45528 i
>     *> 1.22.163.0/24 <http://1.22.163.0/24>    165.228.157.73         100     80      0 1221 38285 7474 7473 55410 45528 i
>     *> 1.22.167.0/24 <http://1.22.167.0/24>    165.228.157.73         100     80      0 1221 38285 7474 7473 6453 4755 45528 i
>     *> 1.22.168.0/24 <http://1.22.168.0/24>    165.228.157.73         100     80      0 1221 38285 7474 7473 6453 4755 45528 i
>     ..
>     *  14.201.64.0/24 <http://14.201.64.0/24>   165.228.157.73         100     80      0 1221 38285 18398 7545 7545 i
> 
> 
>     Thanks,
> 
>     Wade
>     -- 
>     Wade Millican 
>     Technical Consultant Team Lead
>     Hemisphere Infrastructure Support
>     Information Technology
>     *Echo Entertainment Group Limited* 
> 
>     2 Edward St
>     Pyrmont NSW 2009 
> 
>     T: +61 2 9657 7460 <tel:%2B61%202%209657%207460>
>     M: +61 (0) 400 192 485 <tel:%2B61%20%280%29%20400%20192%20485>
>     _wade.millican at echoent.com.au
>     _www.echoentertainment.com.au <http://www.echoentertainment.com.au>
>     From: "Ramsay, Paul" <pramsay at uecomm.com.au
>     <mailto:pramsay at uecomm.com.au>>
>     Date: Wed, 22 Feb 2012 22:20:41 -0800
>     To: "ausnog at ausnog.net <mailto:ausnog at ausnog.net>"
>     <ausnog at ausnog.net <mailto:ausnog at ausnog.net>>
>     Subject: Re: [AusNOG] International link issue
> 
>     Yes, this reinforces the Rule of Trust. Don’t trust your BGP peers
>     and ensure your filters are in place, configured correctly and
>     working, you can’t transfer blame.____
> 
>     It can cost you big $$ and pain if you inadvertently turn yourself
>     into a transit peer because your upstreams may prefer to send
>     traffic where they can make $$ from.____
> 
>     __ __
> 
>     *From:*ausnog-bounces at lists.ausnog.net
>     <mailto:ausnog-bounces at lists.ausnog.net>
>     [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Sean K. Finn
>     *Sent:* Thursday, 23 February 2012 5:09 PM
>     *To:* 'ausnog at ausnog.net <mailto:'ausnog at ausnog.net>'
>     *Subject:* Re: [AusNOG] International link issue____
> 
>     __ __
> 
>     It’s easy to describe for all the media types watching..____
> 
>     (And I’m not sure why its not being put out there in Laymans terms).____
> 
>     __ __
> 
>     From the routes seen at various points, and reported on the WAIX
>     mailing list earlier..____
> 
>     __ __
> 
>     __ __
> 
>     __ __
> 
>     Dodo told Telstra that Dodo was the rest of the Internet.____
> 
>     __ __
> 
>     Telstra Believed Dodo.____
> 
>     __ __
> 
>     Telstra entire system tried to use DODO as their ISP instead of
>     everyone else Telstra is connected to.____
> 
>     __ __
> 
>     Needless to say this didn’t work, the pipes got Jammed.____
> 
>     __ __
> 
>     Telstra should have filtered the announcement from Dodo, butdidn’t.____
> 
>     __ __
> 
>     Filtering is in place as a form of control (which is used instead of
>     trust).____
> 
>     __ __
> 
>     Filtering obviously wasn’t in place, or didn’t work, so anything
>     that Dodo told Telstra about where to find the Internet, Telstra
>     believed.____
> 
>     __ __
> 
>     This happens quite often, I’ve heard of this happening on peering
>     exchanges within Australia, too. Just never at an organizational
>     level as big as Telstra.____
> 
>     __ __
> 
>     Over and Out.____
> 
>     __ __
> 
>     __ __
> 
>     This message and its attachments may contain legally privileged or
>     confidential information. It is for the intended addressee(s) only.____
> 
>     If you are not the intended recipient you must not disclose or use
>     the information contained in it. If you have received this email in
>     error please notify us immediately by return email and delete the
>     document.____
> 
>     Any views expressed in this message are those of the individual
>     sender, except where the sender specifies and with authority, states
>     them to be the views of the Company.____
> 
>     Uecomm accepts no liability for any damage caused by this email or
>     its attachments due to viruses, interference, interception,
>     corruption or unauthorised access.____
> 
>     ------------------------------------------------------------------------
>     This e-mail message has been scanned for Viruses and Content and
>     cleared by *NetIQ MailMarshal *
>     ------------------------------------------------------------------------
> 
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
> 
> 
> 
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog




More information about the AusNOG mailing list