Several people asked me off list for more details, here is what I have regarding it.
This morning a tier2 isp that connects to our network made an error in their router configuration causing the route leakage. The issue has been addressed and we will be performing a full post mortem to ensure this does not happen again. While investigating the issue we did find that the noction appliance stopped advertising the no export community string with its advertisements which is why certain prefixes were also seen. Regards, Nick Rose CTO @ Enzu Inc. -----Original Message----- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Nick Rose Sent: Thursday, March 26, 2015 3:49 PM To: a...@djlab.com; Peter Rocca Cc: nanog@nanog.org Subject: RE: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761] This should be resolved from AS18978. If you experience anything else please let me know and I will get it addressed immediately. Regards, Nick Rose CTO @ Enzu Inc. -----Original Message----- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Randy Sent: Thursday, March 26, 2015 12:14 PM To: Peter Rocca Cc: nanog@nanog.org Subject: RE: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761] On 03/26/2015 9:00 am, Peter Rocca wrote: > +1 > > The summary below aligns with our analysis as well. > > We've reached out to AS18978 to determine the status of the leak but > at this time we're not seeing any operational impact. +2, after the morning coffee sunk in and helpful off list replies I can finally see it's probably not INDOSAT involved at all. FYI, the more specifics are still active: 2015-03-26 13:56:11 Update AS4795 ID 198.98.180.0/23 4795 4795 4761 9304 40633 18978 6939 29889 Active 2015-03-26 13:56:11 Update AS4795 ID 198.98.182.0/23 4795 4795 4761 9304 40633 18978 6939 29889 Active -- ~Randy
