Mailing List Archive: v6 route mess frm AS266970

v6 route mess frm AS266970

Aug 29, 2023, 8:41 AM

Post #1 of 6 (164 views)

is a massive route leak not even menntioned when it is only ipv6?

the guess i heard was it looked like a classic config reorigination
disaster.

randy

Re: v6 route mess frm AS266970 [ In reply to ]

dkenline at hotmail

Aug 29, 2023, 9:06 AM

Post #2 of 6 (164 views)

i saw a lot of them too in AS1239

doug
________________________________
From: NANOG <nanog-bounces+dkenline=hotmail.com@nanog.org> on behalf of Randy Bush <randy@psg.com>
Sent: Tuesday, August 29, 2023 11:41 AM
To: North American Network Operators' Group <nanog@nanog.org>
Subject: v6 route mess frm AS266970

is a massive route leak not even menntioned when it is only ipv6?

the guess i heard was it looked like a classic config reorigination
disaster.

randy

Re: v6 route mess frm AS266970 [ In reply to ]

tarko at lanparty

Aug 29, 2023, 9:13 AM

Post #3 of 6 (164 views)

hey,

> is a massive route leak not even menntioned when it is only ipv6?

We saw no impact to v6 traffic during the leak (and we have quite a lot
of v6 traffic). I guess testament that RPKI works?

--
tarko

Re: v6 route mess frm AS266970 [ In reply to ]

Aug 29, 2023, 9:37 AM

Post #4 of 6 (164 views)

On 29/08/2023 18:41, Randy Bush wrote:
> is a massive route leak not even menntioned when it is only ipv6?
>
> the guess i heard was it looked like a classic config reorigination
> disaster.
>
> randy

Has the route leak been resolved? BGPstream still shows it as active:

https://bgpstream.crosswork.cisco.com/

RPKI only worked where it is implemented.

I saw one path via Lumen (AS3356) and was disappointed to see it based
on their blog from 2.5 years ago:

https://blog.lumen.com/lumen-enhances-routing-security-with-resource-public-key-infrastructure-rpki/

"Once implemented, Lumen will use RPKI route validation on all BGP
sessions for both customers and peers. Lumen’s RPKI validation servers
download the ROAs, examine them, then send the tables to routers that
can determine the validity of an IP prefix."

MANRS confirms that AS3356 does not do much RPKI (see attachment).

Regards,

Hank

Re: v6 route mess frm AS266970 [ In reply to ]

jlewis at lewis

Aug 29, 2023, 11:24 AM

Post #5 of 6 (164 views)

On Tue, 29 Aug 2023, Randy Bush wrote:

> is a massive route leak not even menntioned when it is only ipv6?
>
> the guess i heard was it looked like a classic config reorigination
> disaster.

It was mentioned earlier today on another list as a presumed route hijack.
I guess those making the hijack accusations aren't familiar with Hanlon's
razor.

----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
StackPath, Sr. Neteng | therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Re: v6 route mess frm AS266970 [ In reply to ]

Aug 29, 2023, 2:56 PM

Post #6 of 6 (164 views)

> We saw no impact to v6 traffic during the leak (and we have quite a
> lot of v6 traffic). I guess testament that RPKI works?

the packetviz (props massimo) reports i received would seem to indicate
that the blast radius was mostly contained to america latina collectors.
yes, likely due to route origin validation.

randy