Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. ipv6
No route to some AS nets from AS3320 (DTAG)
mm at dorfdsl
Apr 19, 2024, 12:39 AM
Post #1 of 7 (40 views)
Permalink
Hello!

During some tests I noticed that some As aren't reachable from AS3320,
but from other AS they are. On the destination AS some systems also
reply and are productive systems.

This affects time.nist.gov - a well-known NTP service.
If affects more, but I will start with that.

2610:20:6f97:97::4
AS49 US National Institute of Standards & Technology

I also did a RIPE atlas measurement that confirmed the destination is
reachable from many other ISPs, but not from AS3320.
https://atlas.ripe.net/measurements/70072736/#probes

When using their looking glass, there is no route to the net
2610:20::/32.

https://lg.telekom.com/?queryTerm=*%2049&queryType=AsPathQuery&selectedVantagePoints=%5B%22Berlin%2C%20Germany%22%5D

HE's BGP toolkit shows that the net isn't listed in IRR nor RPKI signed.
https://bgp.he.net/AS49#_prefixes6

Is that maybe the reason the net isn't in their routing table?

--
kind regards
Marco
Re: No route to some AS nets from AS3320 (DTAG) [ In reply to ]
elmi at 4ever
Apr 19, 2024, 1:36 AM
Post #2 of 7 (40 views)
Permalink
Hi Marco,

I suppose one of the 3320 people will jump in and explain.
To me, it's a big oddity that 2160:2:: would not have an IRR record.
That's become very crucial to running a functioning service; many ISPs
filter on IRR record (presence).

Speculating...
Elmar.

mm@dorfdsl.de (Marco Moock) wrote:

> During some tests I noticed that some As aren't reachable from AS3320,
> but from other AS they are. On the destination AS some systems also
> reply and are productive systems.
>
> This affects time.nist.gov - a well-known NTP service.
> If affects more, but I will start with that.
>
> 2610:20:6f97:97::4
> AS49 US National Institute of Standards & Technology
>
> I also did a RIPE atlas measurement that confirmed the destination is
> reachable from many other ISPs, but not from AS3320.
> https://atlas.ripe.net/measurements/70072736/#probes
>
> When using their looking glass, there is no route to the net
> 2610:20::/32.
>
> https://lg.telekom.com/?queryTerm=*%2049&queryType=AsPathQuery&selectedVantagePoints=%5B%22Berlin%2C%20Germany%22%5D
>
> HE's BGP toolkit shows that the net isn't listed in IRR nor RPKI signed.
> https://bgp.he.net/AS49#_prefixes6
>
> Is that maybe the reason the net isn't in their routing table?
>
> --
> kind regards
> Marco
>
Re: No route to some AS nets from AS3320 (DTAG) [ In reply to ]
mm at dorfdsl
Apr 19, 2024, 1:45 AM
Post #3 of 7 (40 views)
Permalink
Am 19.04.2024 um 09:36:25 Uhr schrieb Elmar K. Bins:

> That's become very crucial to running a functioning service; many ISPs
> filter on IRR record (presence).

The latter sounds reasonable, but according to my measurement this
seems to apply only to very few ISPs. I will continue to do tests,
especially in US where nist resides.


--
Gruß
Marco

Send unsolicited bulk mail to 1713512185muell@cartoonies.org
Re: No route to some AS nets from AS3320 (DTAG) [ In reply to ]
gert at space
Apr 19, 2024, 1:45 AM
Post #4 of 7 (40 views)
Permalink
Hi,

On Fri, Apr 19, 2024 at 09:39:37AM +0200, Marco Moock wrote:
> During some tests I noticed that some As aren't reachable from AS3320,
> but from other AS they are. On the destination AS some systems also
> reply and are productive systems.
>
> This affects time.nist.gov - a well-known NTP service.
> If affects more, but I will start with that.
>
> 2610:20:6f97:97::4
> AS49 US National Institute of Standards & Technology
>
> I also did a RIPE atlas measurement that confirmed the destination is
> reachable from many other ISPs, but not from AS3320.
> https://atlas.ripe.net/measurements/70072736/#probes
>
> When using their looking glass, there is no route to the net
> 2610:20::/32.

We see time.nist.gov as 2610:20:6f97::/48 - and the /32 does not seem
to exist here either. (There is a /37, though, and a route6: entry for
the /37 exists - but the /48 is not part of this /37).

This said, there indeed seems to be no route6: (I could find) for the /48...

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard,
Ingo Lalla, Karin Schuler
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: No route to some AS nets from AS3320 (DTAG) [ In reply to ]
mm at dorfdsl
Apr 19, 2024, 2:05 AM
Post #5 of 7 (40 views)
Permalink
Am 19.04.2024 um 10:45:36 Uhr schrieb Gert Doering:

> On Fri, Apr 19, 2024 at 09:39:37AM +0200, Marco Moock wrote:
> > During some tests I noticed that some As aren't reachable from
> > AS3320, but from other AS they are. On the destination AS some
> > systems also reply and are productive systems.
> >
> > This affects time.nist.gov - a well-known NTP service.
> > If affects more, but I will start with that.
> >
> > 2610:20:6f97:97::4
> > AS49 US National Institute of Standards & Technology
> >
> > I also did a RIPE atlas measurement that confirmed the destination
> > is reachable from many other ISPs, but not from AS3320.
> > https://atlas.ripe.net/measurements/70072736/#probes
> >
> > When using their looking glass, there is no route to the net
> > 2610:20::/32.
>
> We see time.nist.gov as 2610:20:6f97::/48 - and the /32 does not seem
> to exist here either. (There is a /37, though, and a route6: entry
> for the /37 exists - but the /48 is not part of this /37).

32 was a typo by me.

> This said, there indeed seems to be no route6: (I could find) for the
> /48...

Although, via probes in your AS, the destination is reachable.
https://atlas.ripe.net/measurements/70099007/#probes


--
Gruß
Marco

Send unsolicited bulk mail to 1713516336muell@cartoonies.org
Re: No route to some AS nets from AS3320 (DTAG) [ In reply to ]
gert at space
Apr 19, 2024, 2:19 AM
Post #6 of 7 (40 views)
Permalink
Hi,

On Fri, Apr 19, 2024 at 11:05:41AM +0200, Marco Moock wrote:
> > This said, there indeed seems to be no route6: (I could find) for the
> > /48...
>
> Although, via probes in your AS, the destination is reachable.
> https://atlas.ripe.net/measurements/70099007/#probes

We do accept /48s in general, and for practical reasons, we do not apply
strict "no route6: object, drop prefix" filters to our upstreams.

(We would drop the prefix on ROA invalid, but not on ROA unknown).

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard,
Ingo Lalla, Karin Schuler
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: No route to some AS nets from AS3320 (DTAG) [ In reply to ]
mm at dorfdsl
Apr 27, 2024, 12:07 PM
Post #7 of 7 (8 views)
Permalink
Am 19.04.2024 um 09:36:25 Uhr schrieb Elmar K. Bins:

> I suppose one of the 3320 people will jump in and explain.

They did by email via their peering contact info in whois.

|we create IPv6 prefix filters for all bgp sessions on our edge routers,
|also for peers. We learn AS394018 routes via AS6461 and create our
|filters based on the AS6461 AS-Set.

|In this case we have used "RIRS" and not "ARIN" to resolve their
|AS-SET. Now i have added IRR ARIN additional and get the prefix for
|AS394018.

Now routing works fine from AS3320.

--
kind regards
Marco

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal