[AusNOG] Any AS2764 / AAPT Around? You're leaking bogon ASNs.

Christopher Hawker chris at thesysadmin.dev
Thu Jun 9 08:49:49 AEST 2022


https://bgp.he.net/AS2764#_whois

Regards,
CH
________________________________
From: AusNOG <ausnog-bounces at ausnog.net> on behalf of James Bensley <jwbensley+ausnog at gmail.com>
Sent: Monday, June 6, 2022 11:12 PM
To: ausnog at lists.ausnog.net <ausnog at lists.ausnog.net>
Subject: [AusNOG] Any AS2764 / AAPT Around? You're leaking bogon ASNs.

Any AS2764?

No contact details in peeringdb so trying here instead.

See this example route in your looking glass with a bogon origin ASN:

http://looking-glass.connect.com.au/lg/

Router: AAPT Sydney
Command: show ip bgp regex _4294901881_

BGP table version is 645867563, local router ID is 203.63.80.155
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x
best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
* i59.101.15.0/24   203.131.60.253           0    100      0 65334 4294901881 i
*>i                 203.131.60.253           0    100      0 65334 4294901881 i


This is just one of many bogon ASNs you're leaking.

I am parsing data from the RouteViews collector node in the Equinix IX
in Sydney. The MRT archives of received BGP UPDATE messages are
publically available here:
http://archive.routeviews.org/route-views.sydney/bgpdata/2022.06/UPDATES/

You see how most updates are less than 1MB but every 2 hours on the
round 2 hour interval, there is a 30+MB update file? That's
(partially) you AS2764! In the smaller files, there are no
announcements from AS2764 with bogon ASNs downstream. In the larger
update files there are loads of UPDATE messages from AS2764 with bogon
downstream ASNs.

Here are examples (encoded in JSON):

{"as_path": ["63956", "2764", "4294901906"], "comm_set": ["2764:7",
"2764:65200", "2764:65211", "2764:65290", "2764:65357", "2764:65408",
"2764:65473", "63956:500", "63956:30000", "63956:32000",
"63956:32030"] "next_hop": "45.127.172.2", "origin_asns":
["4294901906"], peer_asn": "63956", "prefix": "59.101.10.0/24",
"timestamp": "20220524.0603"}

"{"as_path": ["63956", "2764", "4294901906"], "comm_set": ["2764:7",
"2764:65200", "2764:65211", "2764:65290", "2764:65357", "2764:65408",
"2764:65473", "63956:500", "63956:30000", "63956:32000",
"63956:32030"] "next_hop": "45.127.172.2", "origin_asns":
["4294901906"], "peer_asn": "63956", "prefix": "59.101.6.0/24",
"timestamp": "20220524.0603"}

{"as_path": ["63956", "2764", "4294901906"], "comm_set": ["2764:7",
"2764:65200", "2764:65211", "2764:65290", "2764:65357", "2764:65408",
"2764:65473", "63956:500", "63956:30000", "63956:32000",
"63956:32030"] "next_hop": "45.127.172.2", "origin_asns":
["4294901906"], "peer_asn": "63956", "prefix": "59.101.3.0/24",
"timestamp": "20220524.0603"}

{"as_path": ["63956", "2764", "4294901906"], "comm_set": ["2764:7",
"2764:65200", "2764:65211", "2764:65290", "2764:65357", "2764:65408",
"2764:65473", "63956:500", "63956:30000", "63956:32000",
"63956:32030"] "next_hop": "45.127.172.2", "origin_asns":
["4294901906"], "peer_asn": "63956", "prefix": "59.101.2.0/24",
"timestamp": "20220524.0603"}

{"as_path": ["63956", "2764", "4294901906"], "comm_set": ["2764:7",
"2764:65200", "2764:65211", "2764:65290", "2764:65357", "2764:65408",
"2764:65473", "63956:500", "63956:30000", "63956:32000",
"63956:32030"] "next_hop": "45.127.172.2", "origin_asns":
["4294901906"], "peer_asn": "63956", "prefix": "59.101.9.0/24",
"timestamp": "20220524.0603"}

I guess AS2764 announces prefixes with a bogon ASN to AS63956, AS2764
is not striping these outbound and AS63956 is not striping them
inbound. I guess that AS63956 then announces them up to the IX.

This has been going on for over a month now I think. I only had time
to update my code, to start reporting on this, over the weekend gone.
The day report is here:
https://github.com/DFZ-Name-and-Shame/dnas_stats/blob/eaaefb3426f94ecae530f6c9b2b7af2e826fa6b2/2022/06/05/20220605.txt#L16-L17

Please fix this AS2764.

Cheer,
James.
_______________________________________________
AusNOG mailing list
AusNOG at ausnog.net
https://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20220608/c00500f1/attachment.htm>


More information about the AusNOG mailing list