Re: Kenyan Route Hijack
On Sun, Mar 16, 2008 at 2:07 AM, Glen Kent <[EMAIL PROTECTED]> wrote: > > Paul, > > > > Also: I have seen instances where a static route points to a next > > hop that (inadvertently) may be "redistribute-static" injected into > > BGP. This happens occasionally due to ad hoc configurations, back- > > hole null routing, etc. > > And why would an ISP locally try to blackhole traffic bound to some > other legitimate address space? Wouldnt this result in this service I think it was Abovenet that blackholed a /24 of (I want to say MAPS, but that's not right) an anti-spam-RBL sometime pre-1999? > provider's customers to lose connectivity to whatever websites fall > behind the IP address block in question? Or is that the intention? > perhaps they had a significant number of complaints about the address block and no reaction from the owner(s)? or the address block (or hosts in it) were scanning their infrastucture, or dos'ing it or??? There are a whole host of reasons one might conjecture. In ALL cases you'd never put in a /24 but a pair of /25 so that you didn't become the best path for the rest of the internets... > If its done intentionally then it would only make sense if theres a > DOS attack coming from that address block, or if theres something dos attack mitigation works best on destinations, not sources... urpf-loose aside a filter would have solved that form of problem quicker. > "blasphemous" put up there. If none of these, then why locally > blackhole traffic? > once upon a time we had a noc person null route a 210.x.x.0/24 block because someone used their email address in the 'from' for a spam run... a swift 'discussion' ensued and they learned there was a better solution to their problem. (swift after the owners of the ip space got a little irrate :( ) -Chris
Re: Kenyan Route Hijack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- "Glen Kent" <[EMAIL PROTECTED]> wrote: >If its done intentionally then it would only make sense if theres a >DOS attack coming from that address block, or if theres something >"blasphemous" put up there. If none of these, then why locally >blackhole traffic? > Usually unintentional. See Pakistan Telecom for recent example. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFH3L1Pq1pz9mNUZTMRAr9aAKDWAsFl1x92MHitc3vZ4FLF2oHXzgCg9ykS HMfSKSozgOcWVgAUOV1N8xU= =iNQ9 -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Kenyan Route Hijack
Paul, > Also: I have seen instances where a static route points to a next > hop that (inadvertently) may be "redistribute-static" injected into > BGP. This happens occasionally due to ad hoc configurations, back- > hole null routing, etc. And why would an ISP locally try to blackhole traffic bound to some other legitimate address space? Wouldnt this result in this service provider's customers to lose connectivity to whatever websites fall behind the IP address block in question? Or is that the intention? If its done intentionally then it would only make sense if theres a DOS attack coming from that address block, or if theres something "blasphemous" put up there. If none of these, then why locally blackhole traffic? Thanks, Glen
Re: Kenyan Route Hijack
On Sat, Mar 15, 2008, Danny McPherson wrote: > > > A bit more analysis of this at the moment, and a few recommendations > and related pointers is available here: > > http://tinyurl.com/2nqg2a Its a good writeup. :) It almost sounds like Felix should talk to some friendly SP's and organise /25 origination + tunneling into various places into the US. Or is this concept reminiscent of my exposure to this world circa 1999? :) Adrian
Re: Kenyan Route Hijack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- "Bill Stewart" <[EMAIL PROTECTED]> wrote: >I've seen two popular reasons for doing it accidentally >- Fat fingers when configuring IP addresses by hand >- Using old routing protocols such as IGRP or RIP and autosummarizing >routes, > usually done by a customer of an ISP that doesn't bother filtering > carefully. > This doesn't give you a /24 address by accident, > but it lets you take two /24 subnets of a Class B or Class A > and turn them into an advertisement for the whole network. Also: I have seen instances where a static route points to a next hop that (inadvertently) may be "redistribute-static" injected into BGP. This happens occasionally due to ad hoc configurations, back- hole null routing, etc. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFH3LBoq1pz9mNUZTMRAm8qAJwLWej/LjWQo8svLbgmOhe3kOOMCwCg7XZ/ V8/XCEkVEu0h2MAndAIpZ5g= =jQfu -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Kenyan Route Hijack
> A popular reason from longer ago was enterprises that used > arbitrary addresses for their internal networks, > which was safe because they'd never be connected to the real internet. > RFC1918 has made that problem mostly go away, > but as recently as 1995 I had a customer who was a bank that was > using University of Toronto IP addresses internally. > We were working on their databases, not their networks, > so while we strongly recommended they renumber some time soon, > it wasn't happening during our project. italian isps are notorious for using us military and other non-announced networks for infrastructure. i get a bit of a giggle out of it now. but boy was i shocked when i first did a traceroute from some public network in bologna years back. randy
Re: Kenyan Route Hijack
On Sat, Mar 15, 2008 at 9:09 PM, Glen Kent <[EMAIL PROTECTED]> wrote: > Unlike the Youtube outage where PTA had issued a directive asking all > ISPs to block Youtube - What is the reason most often cited for such > mishaps? The reason i ask this is because the ISPs that > "inadvertently" hijack someone elses IP space, need to explicitly > configure *something* to do this. So, what really are they trying to do > there? I've seen two popular reasons for doing it accidentally - Fat fingers when configuring IP addresses by hand - Using old routing protocols such as IGRP or RIP and autosummarizing routes, usually done by a customer of an ISP that doesn't bother filtering carefully. This doesn't give you a /24 address by accident, but it lets you take two /24 subnets of a Class B or Class A and turn them into an advertisement for the whole network. A popular reason from longer ago was enterprises that used arbitrary addresses for their internal networks, which was safe because they'd never be connected to the real internet. RFC1918 has made that problem mostly go away, but as recently as 1995 I had a customer who was a bank that was using University of Toronto IP addresses internally. We were working on their databases, not their networks, so while we strongly recommended they renumber some time soon, it wasn't happening during our project. -- Thanks; Bill Note that this isn't my regular email account - It's still experimental so far. And Google probably logs and indexes everything you send it.
Re: Routing Loop
Wow! Its close to 20 hours now, and folks have still not fixed the problem! I hope they're not many IPs NATed behind that unfortunate /24 that has been cherry picked by AboveNet. On Sun, Mar 16, 2008 at 9:31 AM, Bill Stewart <[EMAIL PROTECTED]> wrote: > > 7018 is still seeing announcements from 6461, > and the Oregon Routeviews server route-views.routeviews.org also sees > many announcements > from different ISPs seeing it announced from 6461. > > The whois entry for Above.net lists the NOC as >RTechHandle: NOC41-ORG-ARIN >RTechName: AboveNet NOC >RTechPhone: +1-877-479-7378 >RTechEmail: [EMAIL PROTECTED] > > > > On Sat, Mar 15, 2008 at 1:10 AM, Felix Bako <[EMAIL PROTECTED]> > wrote to NANOG > > > > > > Hello, > > Guyz please try to reach my network 194.9.82.0/24 from your networks. > > Am seeeing routing loops from several looking glasses. > > above.net, Alameda.net. but from traceroute.eu. the block comes down ok. > > Kindly anyone assist. > > -- > > > > Best Regards, > > > > Felix Bako > > Network Engineer > > Africa Online, Kenya > > Tel: +254 (20) 27 92 000 > > Fax: +254 (20) 27 100 10 > > Email: [EMAIL PROTECTED] > > Aim:felixbako > > -- > > Thanks; Bill > > Note that this isn't my regular email account - It's still experimental so > far. > And Google probably logs and indexes everything you send it. >
Re: Routing Loop
I see this at 9:10pm PST: traceroute uu-194-009-082-001.uunet.co.ke traceroute to uu-194-009-082-001.uunet.co.ke (194.9.82.1), 64 hops max, 40 byte packets 1 64-192-2-193.static.unwiredbb.com (64.192.2.193) 14 ms 15 ms 14 ms 2 64-192-0-253.static.unwiredbb.com (64.192.0.253) 15 ms 14 ms 14 ms 3 so-5-3.ipcolo1.SanFrancisco1.Level3.net (4.78.240.37) 19 ms 28 ms 25 ms 4 so-6-1-0.mp2.SanFrancisco1.Level3.net (4.68.96.145) 25 ms 20 ms 21 ms 5 as-0-0.bbr1.London1.Level3.net (4.68.128.109) 157 ms 157 ms ae-1-0.bbr2.London1.Level3.net (212.187.128.57) 158 ms 6 * ae-14-55.car3.London1.Level3.net (4.68.116.145) 448 ms 289 ms 7 195.50.113.18 (195.50.113.18) 231 ms 318 ms 231 ms 8 217.194.157.226 (217.194.157.226) 754 ms 753 ms 746 ms 9 217.194.157.225 (217.194.157.225) 755 ms 735 ms 730 ms 10 fe2-0-br.nbo.infinet.co.ke (41.207.64.245) 758 ms 744 ms 792 ms 11 ge0-2-pdsn.nbo.infinet.co.ke (41.207.64.254) 772 ms 764 ms 753 ms 12 ge0-1-br.nbo.infinet.co.ke (41.207.64.253) 736 ms 742 ms 776 ms 13 ge0-2-pdsn.nbo.infinet.co.ke (41.207.64.254) 745 ms 752 ms 747 ms 14 ge0-1-br.nbo.infinet.co.ke (41.207.64.253) 746 ms 735 ms 758 ms 15 ge0-2-pdsn.nbo.infinet.co.ke (41.207.64.254) 749 ms 740 ms 753 ms 16 ge0-1-br.nbo.infinet.co.ke (41.207.64.253) 746 ms 737 ms 757 ms 17 ge0-2-pdsn.nbo.infinet.co.ke (41.207.64.254) 740 ms 741 ms 738 ms 18 ge0-1-br.nbo.infinet.co.ke (41.207.64.253) 746 ms 742 ms 737 ms 19 ge0-2-pdsn.nbo.infinet.co.ke (41.207.64.254) 753 ms 771 ms 744 ms 20 ge0-1-br.nbo.infinet.co.ke (41.207.64.253) 735 ms 763 ms 738 ms 21 ge0-2-pdsn.nbo.infinet.co.ke (41.207.64.254) 779 ms 742 ms 819 ms 22 ge0-1-br.nbo.infinet.co.ke (41.207.64.253) 753 ms 768 ms 738 ms 23 ge0-2-pdsn.nbo.infinet.co.ke (41.207.64.254) 764 ms 749 ms 745 ms 24 ge0-1-br.nbo.infinet.co.ke (41.207.64.253) 766 ms 760 ms 761 ms 25 ge0-2-pdsn.nbo.infinet.co.ke (41.207.64.254) 746 ms 743 ms 808 ms 26 Bill Stewart wroteth on 3/15/2008 9:01 PM: 7018 is still seeing announcements from 6461, and the Oregon Routeviews server route-views.routeviews.org also sees many announcements from different ISPs seeing it announced from 6461. The whois entry for Above.net lists the NOC as RTechHandle: NOC41-ORG-ARIN RTechName: AboveNet NOC RTechPhone: +1-877-479-7378 RTechEmail: [EMAIL PROTECTED] On Sat, Mar 15, 2008 at 1:10 AM, Felix Bako <[EMAIL PROTECTED]> wrote to NANOG Hello, Guyz please try to reach my network 194.9.82.0/24 from your networks. Am seeeing routing loops from several looking glasses. above.net, Alameda.net. but from traceroute.eu. the block comes down ok. Kindly anyone assist. -- Best Regards, Felix Bako Network Engineer Africa Online, Kenya Tel: +254 (20) 27 92 000 Fax: +254 (20) 27 100 10 Email: [EMAIL PROTECTED] Aim:felixbako
Re: Kenyan Route Hijack
Unlike the Youtube outage where PTA had issued a directive asking all ISPs to block Youtube - What is the reason most often cited for such mishaps? The reason i ask this is because the ISPs that "inadvertently" hijack someone elses IP space, need to explicitly configure *something* to do this. So, what really are they trying to do there? Thanks, Glen On Sun, Mar 16, 2008 at 1:36 AM, Danny McPherson <[EMAIL PROTECTED]> wrote: > > > A bit more analysis of this at the moment, and a few recommendations > and related pointers is available here: > > http://tinyurl.com/2nqg2a > > -danny >
Re: Routing Loop
7018 is still seeing announcements from 6461, and the Oregon Routeviews server route-views.routeviews.org also sees many announcements from different ISPs seeing it announced from 6461. The whois entry for Above.net lists the NOC as RTechHandle: NOC41-ORG-ARIN RTechName: AboveNet NOC RTechPhone: +1-877-479-7378 RTechEmail: [EMAIL PROTECTED] On Sat, Mar 15, 2008 at 1:10 AM, Felix Bako <[EMAIL PROTECTED]> wrote to NANOG > > Hello, > Guyz please try to reach my network 194.9.82.0/24 from your networks. > Am seeeing routing loops from several looking glasses. > above.net, Alameda.net. but from traceroute.eu. the block comes down ok. > Kindly anyone assist. > -- > > Best Regards, > > Felix Bako > Network Engineer > Africa Online, Kenya > Tel: +254 (20) 27 92 000 > Fax: +254 (20) 27 100 10 > Email: [EMAIL PROTECTED] > Aim:felixbako -- Thanks; Bill Note that this isn't my regular email account - It's still experimental so far. And Google probably logs and indexes everything you send it.
Re: Routing Loop
On Mar 15, 2008, at 4:49 PM, Florian Weimer wrote: There's also somewhat odd data in RADB (look at the changed: line): route: 194.9.64.0/19 descr: SES-Newskies Customer Prefix origin:AS16422 remarks: SES-Newskies Customer Prefix notify:[EMAIL PROTECTED] mnt-by:MNT-NWSK changed: [EMAIL PROTECTED] 20080314 source:ARIN This is in the middle of RIPE-managed swamp space, a /19 definitely doesn't belong there. Yeah, I saw that a bit earlier and it did seem incredibly suspicious given the timing. Had I seen anything in the routing system itself for that explicit /19 related to this I would mentioned it, but nothing there. Amazingly, a query to the NOC at SES Newskies yielded a near- immediate response, which said they added it a few days back because they were updating some policies and noticed it existed in a prefix list for one of their upstreams, that it appeared to be legacy, and that they'd get it removed. All the more reason RIR allocation authentication used to seed IRR information would be of value for routing policy specification, let alone informational purposes. -danny
Re: Routing Loop
There's also somewhat odd data in RADB (look at the changed: line): route: 194.9.64.0/19 descr: SES-Newskies Customer Prefix origin:AS16422 remarks: SES-Newskies Customer Prefix notify:[EMAIL PROTECTED] mnt-by:MNT-NWSK changed: [EMAIL PROTECTED] 20080314 source:ARIN This is in the middle of RIPE-managed swamp space, a /19 definitely doesn't belong there.
Re: Kenyan Route Hijack
A bit more analysis of this at the moment, and a few recommendations and related pointers is available here: http://tinyurl.com/2nqg2a -danny
Kenyan Route Hijack
[more accurate subject line] On Mar 14, 2008, at 1:33 PM, Felix Bako wrote: Hello, There is a routing loop while accesing my network 194.9.82.0/24 from some networks on the Internet. | This is a test done from lg.above.net looking glass. 1 ten-gige-2-2.mpr2.ams2.nl.above.net (64.125.26.70) 4 msec 0 msec 0 msec 2 ten-gige-2-2.mpr1.ams2.nl.above.net (64.125.26.69) [MPLS: Label 78 Exp 0] 0 msec 0 msec 0 msec 3 ge-1-2-0.mpr1.ams1.nl.above.net (64.125.26.74) 8 msec 8 msec 0 msec 4 ten-gige-1-1.mpr1.ams2.nl.above.net (64.125.26.73) [MPLS: Label 80 Exp 0] 0 msec 4 msec 0 msec 5 ten-gige-2-2.mpr2.ams2.nl.above.net (64.125.26.70) 4 msec 0 msec 0 msec 6 ten-gige-2-2.mpr1.ams2.nl.above.net (64.125.26.69) [MPLS: Label 78 Exp 0] 0 msec 0 msec 4 msec 7 ge-1-2-0.mpr1.ams1.nl.above.net (64.125.26.74) 64 msec 0 msec 4 msec 8 ten-gige-1-1.mpr1.ams2.nl.above.net (64.125.26.73) [MPLS: Label 80 Exp 0] 0 msec 4 msec 0 msec 9 ten-gige-2-2.mpr2.ams2.nl.above.net (64.125.26.70) 4 msec 0 msec 0 msec 10 ten-gige-2-2.mpr1.ams2.nl.above.net (64.125.26.69) [MPLS: Label 78 Exp 0] 0 msec 4 msec 0 msec 11 ge-1-2-0.mpr1.ams1.nl.above.net (64.125.26.74) 4 msec 0 msec 4 msec| According to RIPE BGP play data looks to me like AS 6461 (Abovenet) began announcing 194.9.82.0/24 about 10 hours ago, pulling traffic away from AS 39615 and triggering your reachability problems (Note times are UTC): # 1/361 2008-03-15 03:05:27 Path Change from 29636 6461 2914 8513 25228 36915 rrc01 195.66.224.132 to 29636 2914 6461 # 2/361 2008-03-15 03:05:27 Route Announcement 20485 2914 6461 rrc01 195.66.224.212 About 17 minutes later AS 6461 they withdrew the route announcement: # 41/361 2008-03-15 03:22:56 Route Withdrawal ( 4777 2497 2914 6461 ) rrc06 202.249.2.20 And another 12 minutes or so later they began announcing it again: # 42/361 2008-03-15 03:35:26 Path Change from 29636 6461 2914 8513 25228 36915 rrc01 195.66.224.132 to 29636 2914 6461 ... Seemed to be a bunch more instability with this prefix around 5:53: # 66/361 2008-03-15 05:53:40 Route Announcement 25462 6461 rrc07 194.68.123.157 ... And then some withdraws around 7:43: # 183/361 2008-03-15 07:43:48 Path Change from 8468 6453 6461 rrc01 195.66.224.151 to 8468 3491 25228 25228 25228 25228 25228 36915 ... With considerable oscillation for around 40 minutes between the legit path via AS 36915 and the path via AS 6461. And the latest was this transition from AS 6461 back to the 36915 path about 2 hours ago, but only by a few ASNs, I suspect because those ASNs explicitly modified policy (either preference or filtering) to de_prefer the AS 6461 path. This is illustrated pretty nicely with BGP play: # 335/361 2008-03-15 14:59:43 Route Withdrawal ( 1916 3549 6461 ) rrc15 200.219.130.4 # 361/361 2008-03-15 15:00:27 Path Change from 13645 3356 6461 rrc11 198.32.160.150 to 13645 3491 25228 25228 25228 25228 25228 36915 BGP Play applet here: http://www.ris.ripe.net/bgplay/applet.html? Although most folks are definitely still preferring the AS 6461 path. An interesting bit is that the current announcement on routeviews directly from AS 6461 has Community 6461:5999 attached: ... 6461 64.125.0.137 from 64.125.0.137 (64.125.0.137) Origin IGP, metric 0, localpref 100, valid, external, best Community: 6461:5999 ... According to this, that community is used for "internal prefixes": http://onesc.net/communities/as6461/ "6461:5999 internal prefix" A "sh ip bgp community 6461:5999" currently yields 130 prefixes with Origin AS of 6461 and that community. Nothing more specific than a /24, although many many adjacent prefixes that would presumably be aggregated normally are announced as well. The closest adjacent prefix to 194.9.82/24 they're announcing is 194.9.40/24, which is one of their prefixes: *> 194.9.40.0 64.125.0.137 0 0 6461 i *> 194.9.82.0 64.125.0.137 0 0 6461 i Unfortunately, the AS6461 forwarding loops still exists, and most ASNs still appear to be preferring their path over yours per BGP AS path route selection rules: --- [EMAIL PROTECTED] date Sat Mar 15 11:55:27 MDT 2008 ... 14 ge-1-2-0.mpr1.ams1.nl.above.net (64.125.26.74) 188.278 ms 172.714 ms 174.984 ms 15 ten-gige-1-1.mpr1.ams2.nl.above.net (64.125.26.73) 176.234 ms 174.013 ms 174.109 ms 16 ten-gige-2-2.mpr2.ams2.nl.above.net (64.125.26.70) 173.230 ms 172.892 ms 174.765 ms 17 ten-gige-2-2.mpr1.ams2.nl.above.net (64.125.26.69) 174.721 ms 175.256 ms 174.738 ms 18 ge-1-2-0.mpr1.ams1.nl.above.net (64.125.26.74) 174.437 ms 220.815 ms 180.961 ms 19 ten-gige-1-1.mpr1.ams2.nl.above.net (64.125.26.73) 177.564 ms 181.966 ms 174.771 ms 20 ten-gige-2-2.mpr2.ams2.nl.above.net (64.125.26.70) 176.028 ms 174
Re: Routing Loop
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Felix Bako > Sent: Saturday, March 15, 2008 2:11 AM > To: nanog@merit.edu > Subject: Routing Loop > > Guyz please try to reach my network 194.9.82.0/24 from your networks. > Am seeeing routing loops from several looking glasses. > above.net, Alameda.net. but from traceroute.eu. the block comes down ok. > Kindly anyone assist. Here's what I'm seeing going via my Cogent connection in Denver, CO, US: HOST: smtp1.spameater.net Loss% Snt Last Avg Best Wrst StDev 1. 38.116.133.1 0.0%100.6 0.6 0.4 0.9 0.1 2. 38.112.6.145 0.0%101.1 0.9 0.7 1.1 0.2 3. 66.250.10.217 0.0%101.4 28.9 0.6 133.9 49.1 4. 154.54.5.142 0.0%100.9 1.6 0.7 6.2 1.6 5. 154.54.24.82 0.0%10 12.1 13.2 11.8 23.4 3.6 6. 154.54.7.186 0.0%10 24.2 26.7 23.7 51.7 8.8 7. 154.54.5.18 0.0%10 24.1 24.2 24.1 24.6 0.2 8. 154.54.11.58 0.0%10 23.7 26.3 23.7 42.6 5.8 9. 64.125.30.142 0.0%10 30.0 26.2 24.6 30.0 1.9 10. 64.125.27.34 0.0%10 57.1 63.3 55.7 104.4 15.9 11. 64.125.27.237 0.0%10 56.6 60.8 56.3 85.2 8.8 12. 64.125.27.186 0.0%10 135.5 139.3 134.4 158.3 8.2 13. 64.125.26.73 0.0%10 134.9 135.6 134.9 136.3 0.5 14. 64.125.26.70 0.0%10 134.7 134.7 134.6 135.1 0.1 15. 64.125.26.69 0.0%10 136.4 135.9 134.8 136.4 0.5 16. 64.125.26.74 0.0%10 139.6 142.3 134.8 198.3 19.8 17. 64.125.26.73 0.0%10 138.5 136.5 135.5 138.5 0.8 18. 64.125.26.70 0.0%10 238.3 145.7 135.2 238.3 32.5 19. 64.125.26.69 0.0%10 136.4 136.4 135.3 137.0 0.6 20. 64.125.26.74 0.0%10 135.6 136.1 135.2 141.8 2.0 21. 64.125.26.73 0.0%10 136.9 136.7 135.9 137.5 0.6 22. 64.125.26.70 0.0%10 136.3 136.0 135.7 136.3 0.2 23. 64.125.26.69 0.0%10 137.8 137.5 135.9 139.9 1.1 24. 64.125.26.74 0.0%10 135.9 138.0 135.7 143.9 3.5 25. 64.125.26.73 0.0%10 137.9 137.7 137.3 138.3 0.3 26. 64.125.26.70 0.0%10 136.7 136.7 136.2 139.0 0.8 27. 64.125.26.69 10.0%10 137.9 138.7 136.9 147.2 3.2 28. 64.125.26.74 10.0%10 136.6 137.6 136.3 142.9 2.3 29. 64.125.26.73 10.0%10 138.2 138.1 137.7 138.6 0.3 30. 64.125.26.70 10.0%10 137.1 137.1 136.8 137.3 0.2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFH3AVWnSVip47FEdMRCic1AJ9jH2dbCkutJoslspfm6VIDz7e1eACfUm5H qA3oXDXWZuVCcq9XGm1EXso= =85Yz -END PGP SIGNATURE-
RE: Routing Loop
Felix: There's still a routing look at above.net, as documented by others and the other listserv you posted this on (cisco-nsp?). 1276 ms73 ms79 ms chp-brdr-01.inet.qwest.net [205.171.139.150] 1378 ms77 ms75 ms so-4-1-0.mpr2.ord7.us.above.net [64.125.12.149] 1482 ms83 ms78 ms so-0-1-0.mpr1.ord2.us.above.net [64.125.30.146] 15 102 ms 102 ms 101 ms so-1-1-0.mpr1.lga5.us.above.net [64.125.27.170] 16 185 ms 189 ms 190 ms so-1-0-0.mpr1.ams1.nl.above.net [64.125.27.186] 17 187 ms 187 ms 191 ms ten-gige-1-1.mpr1.ams2.nl.above.net [64.125.26.73] 18 199 ms 214 ms 223 ms ten-gige-2-2.mpr2.ams2.nl.above.net [64.125.26.70] 19 190 ms 187 ms 188 ms ten-gige-2-2.mpr1.ams2.nl.above.net [64.125.26.69] 20 189 ms 191 ms 191 ms ge-1-2-0.mpr1.ams1.nl.above.net [64.125.26.74] 21 185 ms 189 ms 186 ms ten-gige-1-1.mpr1.ams2.nl.above.net [64.125.26.73] 22 188 ms 187 ms 183 ms ten-gige-2-2.mpr2.ams2.nl.above.net [64.125.26.70] 23 186 ms 188 ms 186 ms ten-gige-2-2.mpr1.ams2.nl.above.net [64.125.26.69] 24 186 ms 187 ms 188 ms ge-1-2-0.mpr1.ams1.nl.above.net [64.125.26.74] 25 191 ms 194 ms 190 ms ten-gige-1-1.mpr1.ams2.nl.above.net [64.125.26.73] 26 185 ms 184 ms 189 ms ten-gige-2-2.mpr2.ams2.nl.above.net [64.125.26.70] 27 188 ms 191 ms 187 ms ten-gige-2-2.mpr1.ams2.nl.above.net [64.125.26.69] 28 188 ms 191 ms 187 ms ge-1-2-0.mpr1.ams1.nl.above.net [64.125.26.74] 29 186 ms 192 ms 196 ms ten-gige-1-1.mpr1.ams2.nl.above.net [64.125.26.73] 30 188 ms 187 ms 188 ms ten-gige-2-2.mpr2.ams2.nl.above.net [64.125.26.70] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adrian Chadd Sent: Saturday, March 15, 2008 3:35 AM To: Felix Bako Cc: nanog@merit.edu Subject: Re: Routing Loop On Sat, Mar 15, 2008, Felix Bako wrote: > > Hello, > Guyz please try to reach my network 194.9.82.0/24 from your networks. > Am seeeing routing loops from several looking glasses. > above.net, Alameda.net. but from traceroute.eu. the block comes down ok. > Kindly anyone assist. Uh, still seems to be unhappy. Have you tried poking the above.net NOC? Adrian [EMAIL PROTECTED]:~$ traceroute 194.9.82.1 traceroute to 194.9.82.1 (194.9.82.1), 30 hops max, 40 byte packets 1 192.168.1.1 (192.168.1.1) 1.379 ms 1.332 ms 1.339 ms 2 gw.cacheboy.net (203.56.15.73) 3.883 ms 4.199 ms 3.798 ms 3 green.westnet.net.au (203.56.14.7) 39.615 ms 36.898 ms 36.533 ms 4 rtr-v1-blue-1.westnet.net.au (203.56.14.1) 36.139 ms 44.072 ms 39.037 ms 5 bdr1.perth.westnet.net.au (203.56.14.46) 35.067 ms 36.074 ms 37.672 ms 6 CORE-203-190-192-249.auto.conceptual.net.au (203.190.192.249) 38.465 ms 52 .764 ms 39.663 ms 7 59.154.14.81 (59.154.14.81) 57.525 ms 48.933 ms 40.739 ms 8 203.208.192.241 (203.208.192.241) 257.458 ms 257.153 ms 259.887 ms 9 ge-0-0-0-0.plapx-dr1.ix.singtel.com (203.208.149.1) 263.012 ms 264.251 ms ge-4-0-0-0.plapx-dr1.ix.singtel.com (203.208.149.5) 258.881 ms 10 ge-5-2-1.mpr4.pao1.us.above.net (64.125.13.5) 260.073 ms 261.251 ms 265.6 42 ms 11 so-1-2-2.mpr2.sjc2.us.above.net (64.125.29.126) 260.772 ms 260.820 ms 263 .196 ms 12 so-0-0-0.mpr1.sjc2.us.above.net (64.125.27.245) 267.666 ms 261.984 ms 279 .690 ms 13 so-1-0-0.mpr1.lga5.above.net (64.125.26.230) 337.744 ms 343.318 ms 337.64 6 ms 14 so-1-0-0.mpr1.ams1.nl.above.net (64.125.27.186) 426.055 ms 424.355 ms 440 .676 ms 15 ten-gige-1-1.mpr1.ams2.nl.above.net (64.125.26.73) 427.159 ms 424.206 ms 431.439 ms 16 ten-gige-2-2.mpr2.ams2.nl.above.net (64.125.26.70) 423.779 ms 425.797 ms 428.981 ms 17 pni-verio.ams2.nl.above.net (82.98.247.10) 416.403 ms 415.042 ms 417.738 ms 18 pni-verio.ams2.nl.above.net (82.98.247.9) 428.718 ms 430.827 ms 428.914 m s 19 pni-verio.ams2.nl.above.net (82.98.247.10) 418.211 ms 419.692 ms 417.855 ms 20 pni-verio.ams2.nl.above.net (82.98.247.9) 428.804 ms 432.612 ms 424.800 m s 21 pni-verio.ams2.nl.above.net (82.98.247.10) 418.601 ms 417.696 ms 449.603 ms 22 pni-verio.ams2.nl.above.net (82.98.247.9) 428.716 ms 428.140 ms 428.684 m s 23 pni-verio.ams2.nl.above.net (82.98.247.10) 418.273 ms 418.931 ms 473.879 ms 24 pni-verio.ams2.nl.above.net (82.98.247.9) 554.731 ms 591.014 ms 467.694 m s 25 pni-verio.ams2.nl.above.net (82.98.247.10) 431.515 ms 419.261 ms 431.965 ms 26 pni-verio.ams2.nl.above.net (82.98.247.9) 429.947 ms 433.778 ms 426.749 m s 27 pni-verio.ams2.nl.above.net (82.98.247.10) 419.974 ms 418.109 ms 421.930 ms 28 pni-verio.ams2.nl.above.net (82.98.247.9) 427.184 ms 435.642 ms 430.471 ms 29 pni-verio.ams2.nl.above.net (82.98.247.10) 422.111 ms 420.085 ms 423.038 ms 30 pni-verio.ams2.nl.above.net (82.98.247.9) 426.140 ms 429.449 ms 429.056 ms [EMAIL PROTECTED]:~$
RE: Routing Loop
Seeing slightly different results from here. Aside from the fact the network I'm on is a little slow, Tracing route to uu-194-009-082-001.uunet.co.ke [194.9.82.1] over a maximum of 30 hops: 111 ms 2 ms 1 ms 192.168.15.1 2 *** Request timed out. 321 ms * 16 ms ge-1-19-ur01.burlington.wa.seattle.comcast.net [68.86.99.161] 422 ms * 13 ms te-5-1-ur01.ferndale.wa.seattle.comcast.net [68.86.96.113] 5 ** 17 ms te-5-3-ur02.ferndale.wa.seattle.comcast.net [68.86.96.110] 624 ms15 ms14 ms te [68.86.96.105] 722 ms16 ms16 ms COMCAST-IP.car1.Seattle1.Level3.net [4.79.104.110] 8 419 ms15 ms23 ms te-3-3.car1.Seattle1.Level3.net [4.79.104.109] 933 ms18 ms15 ms ae-31-53.ebr1.Seattle1.Level3.net [4.68.105.94] 1024 ms17 ms19 ms ae-1-100.ebr2.Seattle1.Level3.net [4.69.132.18] 1193 ms88 ms 114 ms ae-2.ebr2.Denver1.Level3.net [4.69.132.54] 12 111 ms 204 ms 101 ms ae-3.ebr3.Chicago1.Level3.net [4.69.132.62] 13 194 ms 106 ms 204 ms ae-68.ebr1.Chicago1.Level3.net [4.69.134.57] 14 201 ms 203 ms 101 ms ae [4.69.132.66] 15 240 ms 203 ms 101 ms ae-72-72.csw2.NewYork1.Level3.net [4.69.134.86] 16 122 ms 204 ms 101 ms ae-71-71.ebr1.NewYork1.Level3.net [4.69.134.69] 17 429 ms 203 ms 408 ms ae-42.ebr2.London1.Level3.net [4.69.137.69] 18 430 ms 203 ms 306 ms ae-24-52.car3.London1.Level3.net [4.68.116.49] 19 477 ms 362 ms 306 ms 195.50.113.18 20 948 ms 817 ms 990 ms 217.194.157.226 21 1016 ms 920 ms 772 ms 217.194.157.225 22 803 ms 1023 ms 920 ms fe2-0-br.nbo.infinet.co.ke [41.207.64.245] 23 845 ms 778 ms 942 ms ge0-2-pdsn.nbo.infinet.co.ke [41.207.64.254] 24 773 ms 866 ms 770 ms ge0-1-br.nbo.infinet.co.ke [41.207.64.253] 25 997 ms 921 ms 920 ms ge0-2-pdsn.nbo.infinet.co.ke [41.207.64.254] 26 839 ms 920 ms 925 ms ge0-1-br.nbo.infinet.co.ke [41.207.64.253] 27 840 ms 920 ms 921 ms ge0-2-pdsn.nbo.infinet.co.ke [41.207.64.254] 28 840 ms 921 ms 920 ms ge0-1-br.nbo.infinet.co.ke [41.207.64.253] 29 839 ms 920 ms 920 ms ge0-2-pdsn.nbo.infinet.co.ke [41.207.64.254] 30 839 ms 920 ms 920 ms ge0-1-br.nbo.infinet.co.ke [41.207.64.253] Trace complete. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felix Bako Sent: Saturday, March 15, 2008 2:11 AM To: nanog@merit.edu Subject: Routing Loop Hello, Guyz please try to reach my network 194.9.82.0/24 from your networks. Am seeeing routing loops from several looking glasses. above.net, Alameda.net. but from traceroute.eu. the block comes down ok. Kindly anyone assist. -- Best Regards, Felix Bako Network Engineer Africa Online, Kenya Tel: +254 (20) 27 92 000 Fax: +254 (20) 27 100 10 Email: [EMAIL PROTECTED] Aim:felixbako * Africa Online Disclaimer and Confidentiality Note * This e-mail, its attachments and any rights attaching hereto are, unless the context clearly indicates otherwise, the property of Africa Online Holdings (Kenya) Limited and / or its subsidiaries ("the Group"). It is confidential and intended for the addressee only. Should you not be the addressee and have received this e-mail by mistake, kindly notify the sender, delete this e-mail immediately and do not disclose or use the same in any manner whatsoever. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of the Group. The Group accepts no liability whatsoever for any loss or damages, however incurred, resulting from the use of this e-mail or its attachments. The Group does not warrant the integrity of this e-mail, nor that it is free of errors, viruses, interception or interference. For more information about Africa Online, please visit our website at http://www.africaonline.com
Re: Routing Loop
On Sat, Mar 15, 2008 at 06:31:40PM +0300, Felix Bako wrote: > Guyz, > Does anyone know what i can do to expediate Above.Net to fix this issue > quickly. > There Noc they said they were checking now for more than 4 hrs I'm seeing an inconsistent origin AS for this /24 from Above.net and PCCW. # show bgp 194.9.82.0/24 [snip] 3491 25228 25228 25228 25228 25228 36915 63.218.31.1 from 67.59.145.6 (192.168.254.6) Origin IGP, metric 0, localpref 100, valid, internal Community: 3491:300 25228:2203 25228:2221 25228:2249 25228:2253 25228:2263 25228:2310 Last update: Sat Mar 15 15:00:08 2008 [snip] 6461 64.124.78.26 from 67.59.145.7 (192.168.254.7) Origin IGP, metric 0, localpref 100, valid, internal, best Community: 6461:5999 Last update: Sat Mar 15 05:53:40 2008 In general, Above.net has been really awesome, but their BGP has been screwing pooch on and off this month. Ross -- Ross Vandegrift [EMAIL PROTECTED] "The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell." --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
Re: Routing Loop
> > Does anyone know what i can do to expediate Above.Net to fix this issue > > quickly. > > There Noc they said they were checking now for more than 4 hrs > > I see it differently from here: >From here (Oslo, Norway, Level3 as one of our transit providers) it works fine - I can even ping 194.9.82.137. traceroute to 194.9.82.137 (194.9.82.137), 64 hops max, 40 byte packets 1 nethelp-gw (195.1.209.46) 1.037 ms 1.136 ms 1.129 ms 2 ge-0-0-0-10.ar1.skoey.no.catchbone.net (81.0.130.190) 41.408 ms 99.281 ms 18.974 ms 3 ge-0-0-2.cr2.osls.no.catchbone.net (217.8.128.125) 14.076 ms 17.252 ms 16.724 ms 4 c10G-ge-6-1-0.br1.osls.no.catchbone.net (81.0.128.82) 16.408 ms 11.944 ms 17.357 ms 5 213.242.110.25 (213.242.110.25) 20.627 ms 24.517 ms 22.185 ms 6 ae-4-4.ebr2.Dusseldorf1.Level3.net (4.69.135.22) 57.604 ms 53.915 ms 53.915 ms 7 ae-2.ebr1.Amsterdam1.Level3.net (4.69.133.89) 49.335 ms 51.415 ms 54.128 ms 8 ae-1-100.ebr2.Amsterdam1.Level3.net (4.69.133.86) 50.000 ms 53.604 ms 54.647 ms 9 ae-2.ebr2.London1.Level3.net (4.69.132.133) 60.138 ms 57.248 ms 55.036 ms 10 ae-24-56.car3.London1.Level3.net (4.68.116.177) 55.117 ms ae-24-52.car3.London1.Level3.net (4.68.116.49) 60.006 ms ae-24-54.car3.London1.Level3.net (4.68.116.113) 62.998 ms 11 195.50.113.18 (195.50.113.18) 116.916 ms 118.000 ms 116.558 ms 12 217.194.157.226 (217.194.157.226) 630.275 ms 658.066 ms 631.207 ms 13 217.194.157.225 (217.194.157.225) 635.765 ms 654.525 ms 648.362 ms 14 fe2-0-br.nbo.infinet.co.ke (41.207.64.245) 622.878 ms 617.356 ms 643.694 ms 15 ge0-2-pdsn.nbo.infinet.co.ke (41.207.64.254) 623.575 ms 620.682 ms 755.128 ms 16 uu-194-009-082-137.uunet.co.ke (194.9.82.137) 703.257 ms 696.020 ms 709.526 ms % ping 194.9.82.137 PING 194.9.82.137 (194.9.82.137): 56 data bytes 64 bytes from 194.9.82.137: icmp_seq=0 ttl=107 time=683.480 ms 64 bytes from 194.9.82.137: icmp_seq=1 ttl=107 time=681.910 ms 64 bytes from 194.9.82.137: icmp_seq=2 ttl=107 time=684.992 ms 64 bytes from 194.9.82.137: icmp_seq=3 ttl=107 time=703.734 ms 64 bytes from 194.9.82.137: icmp_seq=4 ttl=107 time=676.809 ms Steinar Haug, Nethelp consulting, [EMAIL PROTECTED]
Re: Routing Loop
On Sat, 15 Mar 2008, Felix Bako wrote: Guyz, Does anyone know what i can do to expediate Above.Net to fix this issue quickly. There Noc they said they were checking now for more than 4 hrs I see it differently from here: traceroute to 194.9.82.1 (194.9.82.1), 30 hops max, 40 byte packets 1 72.1.130.1 (72.1.130.1) 15.050 ms 14.517 ms 15.313 ms 2 69.17.82.237 (69.17.82.237) 12.836 ms 12.252 ms 12.533 ms 3 * * * 4 217.194.157.226 (217.194.157.226) 716.452 ms 716.280 ms 715.706 ms 5 217.194.157.225 (217.194.157.225) 717.818 ms 716.473 ms 716.547 ms 6 41.207.64.245 (41.207.64.245) 708.166 ms 706.566 ms 732.847 ms 7 41.207.64.254 (41.207.64.254) 731.986 ms 728.693 ms 725.945 ms 8 41.207.64.253 (41.207.64.253) 722.842 ms 718.985 ms 716.708 ms 9 41.207.64.254 (41.207.64.254) 717.871 ms 714.942 ms 714.001 ms 10 41.207.64.253 (41.207.64.253) 712.438 ms 710.607 ms 713.404 ms ... 28 41.207.64.253 (41.207.64.253) 798.511 ms 796.038 ms 792.762 ms 29 41.207.64.254 (41.207.64.254) 794.451 ms 795.007 ms 892.323 ms 30 41.207.64.253 (41.207.64.253) 889.490 ms 885.750 ms 881.745 ms morannon:~>host 41.207.64.253 253.64.207.41.in-addr.arpa domain name pointer ge0-1-br.nbo.infinet.co.ke. morannon:~>host 41.207.64.254 254.64.207.41.in-addr.arpa domain name pointer ge0-2-pdsn.nbo.infinet.co.ke. - d. Regards Felix Robert D. Scott wrote: Tracing route to uu-194-009-082-001.uunet.co.ke [194.9.82.1] over a maximum of 30 hops: 1 8 ms 8 ms 7 ms ssrb230a-vpn-3080-1-e2.ns.ufl.edu [128.227.166.116] 2 8 ms 7 ms 8 ms 128.227.252.109 3 7 ms 7 ms 7 ms ssrb230a-ewan-msfc-1-v704-1.ns.ufl.edu [128.227.252.50] 434 ms37 ms50 ms jax-flrcore-7609-1-te31-1806.net.flrnet.org [198.32.155.93] 533 ms33 ms33 ms te2-1--583.tr01-asbnva01.transitrail.net [137.164.131.165] 632 ms33 ms32 ms abovenet-peer.asbnva01.transitrail.net [137.164.130.50] 733 ms33 ms33 ms ge-3-0-0.mpr2.dca2.above.net [64.125.26.241] 835 ms35 ms35 ms so-0-0-0.mpr1.dca2.us.above.net [64.125.26.1] 9 107 ms 105 ms 105 ms so-6-0-0.cr1.lhr3.uk.above.net [64.125.31.185] 10 120 ms 119 ms 119 ms so-1-0-0.mpr2.ams5.nl.above.net [64.125.27.178] 11 142 ms 141 ms 141 ms ten-gige-1-1.mpr2.ams2.nl.above.net [64.125.26.77] 12 129 ms 127 ms 125 ms pni-verio.ams2.nl.above.net [82.98.247.10] 13 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 14 126 ms 125 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 15 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 16 127 ms 125 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 17 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 18 126 ms 127 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 19 141 ms 142 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 20 127 ms 129 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 21 142 ms 142 ms 143 ms pni-verio.ams2.nl.above.net [82.98.247.9] 22 128 ms ^C Still happening 9:00 AM EDST -4 Robert D. Scott [EMAIL PROTECTED] Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Receptionist University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felix Bako Sent: Saturday, March 15, 2008 4:11 AM To: nanog@merit.edu Subject: Routing Loop Hello, Guyz please try to reach my network 194.9.82.0/24 from your networks. Am seeeing routing loops from several looking glasses. above.net, Alameda.net. but from traceroute.eu. the block comes down ok. Kindly anyone assist. -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli http://www.the-infinite.org/
RE: Routing Loop
Are you talking to them, or your upstream provider? If your provider is not yet engaged do so. Above net is doing something, the loop is bigger now. 11:30 EDST -4 11 156 ms 208 ms 224 ms 64.125.26.77 12 117 ms 116 ms 117 ms 64.125.26.69 13 119 ms 121 ms 125 ms 64.125.26.74 14 146 ms 141 ms 141 ms 64.125.26.73 15 148 ms 159 ms 160 ms 64.125.26.70 16 119 ms 117 ms 117 ms 64.125.26.69 17 121 ms 119 ms 118 ms 64.125.26.74 18 142 ms 142 ms 142 ms 64.125.26.73 19 281 ms 215 ms 222 ms 64.125.26.70 Robert -Original Message- From: Felix Bako [mailto:[EMAIL PROTECTED] Sent: Saturday, March 15, 2008 11:32 AM To: Robert D. Scott Cc: nanog@merit.edu Subject: Re: Routing Loop Guyz, Does anyone know what i can do to expediate Above.Net to fix this issue quickly. There Noc they said they were checking now for more than 4 hrs Regards Felix Robert D. Scott wrote: > Tracing route to uu-194-009-082-001.uunet.co.ke [194.9.82.1] over a maximum > of 30 hops: > > 1 8 ms 8 ms 7 ms ssrb230a-vpn-3080-1-e2.ns.ufl.edu > [128.227.166.116] > 2 8 ms 7 ms 8 ms 128.227.252.109 > 3 7 ms 7 ms 7 ms ssrb230a-ewan-msfc-1-v704-1.ns.ufl.edu > [128.227.252.50] > 434 ms37 ms50 ms jax-flrcore-7609-1-te31-1806.net.flrnet.org > [198.32.155.93] > 533 ms33 ms33 ms te2-1--583.tr01-asbnva01.transitrail.net > [137.164.131.165] > 632 ms33 ms32 ms abovenet-peer.asbnva01.transitrail.net > [137.164.130.50] > 733 ms33 ms33 ms ge-3-0-0.mpr2.dca2.above.net [64.125.26.241] > 835 ms35 ms35 ms so-0-0-0.mpr1.dca2.us.above.net > [64.125.26.1] > 9 107 ms 105 ms 105 ms so-6-0-0.cr1.lhr3.uk.above.net > [64.125.31.185] > 10 120 ms 119 ms 119 ms so-1-0-0.mpr2.ams5.nl.above.net > [64.125.27.178] > 11 142 ms 141 ms 141 ms ten-gige-1-1.mpr2.ams2.nl.above.net > [64.125.26.77] > 12 129 ms 127 ms 125 ms pni-verio.ams2.nl.above.net [82.98.247.10] > 13 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] > 14 126 ms 125 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] > 15 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] > 16 127 ms 125 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] > 17 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] > 18 126 ms 127 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] > 19 141 ms 142 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] > 20 127 ms 129 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] > 21 142 ms 142 ms 143 ms pni-verio.ams2.nl.above.net [82.98.247.9] > 22 128 ms ^C > > > Still happening 9:00 AM EDST -4 > > Robert D. Scott [EMAIL PROTECTED] > Senior Network Engineer 352-273-0113 Phone > CNS - Network Services 352-392-2061 CNS Receptionist > University of Florida 352-392-9440 FAX > Florida Lambda Rail 352-294-3571 FLR NOC > Gainesville, FL 32611 > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Felix Bako > Sent: Saturday, March 15, 2008 4:11 AM > To: nanog@merit.edu > Subject: Routing Loop > > > Hello, > Guyz please try to reach my network 194.9.82.0/24 from your networks. > Am seeeing routing loops from several looking glasses. > above.net, Alameda.net. but from traceroute.eu. the block comes down ok. > Kindly anyone assist. > -- Best Regards, Felix Bako Network Engineer Africa Online, Kenya Tel: +254 (20) 27 92 000 Fax: +254 (20) 27 100 10 Email: [EMAIL PROTECTED] Aim:felixbako * Africa Online Disclaimer and Confidentiality Note * This e-mail, its attachments and any rights attaching hereto are, unless the context clearly indicates otherwise, the property of Africa Online Holdings (Kenya) Limited and / or its subsidiaries ("the Group"). It is confidential and intended for the addressee only. Should you not be the addressee and have received this e-mail by mistake, kindly notify the sender, delete this e-mail immediately and do not disclose or use the same in any manner whatsoever. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of the Group. The Group accepts no liability whatsoever for any loss or damages, however incurred, resulting from the use of this e-mail or its attachments. The Group does not warrant the integrity of this e-mail, nor that it is free of errors, viruses, interception or interference. For more information about Africa Online, please visit our website at http://www.africaonline.com
Re: Routing Loop
Guyz, Does anyone know what i can do to expediate Above.Net to fix this issue quickly. There Noc they said they were checking now for more than 4 hrs Regards Felix Robert D. Scott wrote: Tracing route to uu-194-009-082-001.uunet.co.ke [194.9.82.1] over a maximum of 30 hops: 1 8 ms 8 ms 7 ms ssrb230a-vpn-3080-1-e2.ns.ufl.edu [128.227.166.116] 2 8 ms 7 ms 8 ms 128.227.252.109 3 7 ms 7 ms 7 ms ssrb230a-ewan-msfc-1-v704-1.ns.ufl.edu [128.227.252.50] 434 ms37 ms50 ms jax-flrcore-7609-1-te31-1806.net.flrnet.org [198.32.155.93] 533 ms33 ms33 ms te2-1--583.tr01-asbnva01.transitrail.net [137.164.131.165] 632 ms33 ms32 ms abovenet-peer.asbnva01.transitrail.net [137.164.130.50] 733 ms33 ms33 ms ge-3-0-0.mpr2.dca2.above.net [64.125.26.241] 835 ms35 ms35 ms so-0-0-0.mpr1.dca2.us.above.net [64.125.26.1] 9 107 ms 105 ms 105 ms so-6-0-0.cr1.lhr3.uk.above.net [64.125.31.185] 10 120 ms 119 ms 119 ms so-1-0-0.mpr2.ams5.nl.above.net [64.125.27.178] 11 142 ms 141 ms 141 ms ten-gige-1-1.mpr2.ams2.nl.above.net [64.125.26.77] 12 129 ms 127 ms 125 ms pni-verio.ams2.nl.above.net [82.98.247.10] 13 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 14 126 ms 125 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 15 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 16 127 ms 125 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 17 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 18 126 ms 127 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 19 141 ms 142 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 20 127 ms 129 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 21 142 ms 142 ms 143 ms pni-verio.ams2.nl.above.net [82.98.247.9] 22 128 ms ^C Still happening 9:00 AM EDST -4 Robert D. Scott [EMAIL PROTECTED] Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Receptionist University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felix Bako Sent: Saturday, March 15, 2008 4:11 AM To: nanog@merit.edu Subject: Routing Loop Hello, Guyz please try to reach my network 194.9.82.0/24 from your networks. Am seeeing routing loops from several looking glasses. above.net, Alameda.net. but from traceroute.eu. the block comes down ok. Kindly anyone assist. -- Best Regards, Felix Bako Network Engineer Africa Online, Kenya Tel: +254 (20) 27 92 000 Fax: +254 (20) 27 100 10 Email: [EMAIL PROTECTED] Aim:felixbako * Africa Online Disclaimer and Confidentiality Note * This e-mail, its attachments and any rights attaching hereto are, unless the context clearly indicates otherwise, the property of Africa Online Holdings (Kenya) Limited and / or its subsidiaries ("the Group"). It is confidential and intended for the addressee only. Should you not be the addressee and have received this e-mail by mistake, kindly notify the sender, delete this e-mail immediately and do not disclose or use the same in any manner whatsoever. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of the Group. The Group accepts no liability whatsoever for any loss or damages, however incurred, resulting from the use of this e-mail or its attachments. The Group does not warrant the integrity of this e-mail, nor that it is free of errors, viruses, interception or interference. For more information about Africa Online, please visit our website at http://www.africaonline.com
RE: Routing Loop
Tracing route to uu-194-009-082-001.uunet.co.ke [194.9.82.1] over a maximum of 30 hops: 1 8 ms 8 ms 7 ms ssrb230a-vpn-3080-1-e2.ns.ufl.edu [128.227.166.116] 2 8 ms 7 ms 8 ms 128.227.252.109 3 7 ms 7 ms 7 ms ssrb230a-ewan-msfc-1-v704-1.ns.ufl.edu [128.227.252.50] 434 ms37 ms50 ms jax-flrcore-7609-1-te31-1806.net.flrnet.org [198.32.155.93] 533 ms33 ms33 ms te2-1--583.tr01-asbnva01.transitrail.net [137.164.131.165] 632 ms33 ms32 ms abovenet-peer.asbnva01.transitrail.net [137.164.130.50] 733 ms33 ms33 ms ge-3-0-0.mpr2.dca2.above.net [64.125.26.241] 835 ms35 ms35 ms so-0-0-0.mpr1.dca2.us.above.net [64.125.26.1] 9 107 ms 105 ms 105 ms so-6-0-0.cr1.lhr3.uk.above.net [64.125.31.185] 10 120 ms 119 ms 119 ms so-1-0-0.mpr2.ams5.nl.above.net [64.125.27.178] 11 142 ms 141 ms 141 ms ten-gige-1-1.mpr2.ams2.nl.above.net [64.125.26.77] 12 129 ms 127 ms 125 ms pni-verio.ams2.nl.above.net [82.98.247.10] 13 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 14 126 ms 125 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 15 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 16 127 ms 125 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 17 142 ms 141 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 18 126 ms 127 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 19 141 ms 142 ms 141 ms pni-verio.ams2.nl.above.net [82.98.247.9] 20 127 ms 129 ms 126 ms pni-verio.ams2.nl.above.net [82.98.247.10] 21 142 ms 142 ms 143 ms pni-verio.ams2.nl.above.net [82.98.247.9] 22 128 ms ^C Still happening 9:00 AM EDST -4 Robert D. Scott [EMAIL PROTECTED] Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Receptionist University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felix Bako Sent: Saturday, March 15, 2008 4:11 AM To: nanog@merit.edu Subject: Routing Loop Hello, Guyz please try to reach my network 194.9.82.0/24 from your networks. Am seeeing routing loops from several looking glasses. above.net, Alameda.net. but from traceroute.eu. the block comes down ok. Kindly anyone assist. -- Best Regards, Felix Bako Network Engineer Africa Online, Kenya Tel: +254 (20) 27 92 000 Fax: +254 (20) 27 100 10 Email: [EMAIL PROTECTED] Aim:felixbako * Africa Online Disclaimer and Confidentiality Note * This e-mail, its attachments and any rights attaching hereto are, unless the context clearly indicates otherwise, the property of Africa Online Holdings (Kenya) Limited and / or its subsidiaries ("the Group"). It is confidential and intended for the addressee only. Should you not be the addressee and have received this e-mail by mistake, kindly notify the sender, delete this e-mail immediately and do not disclose or use the same in any manner whatsoever. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of the Group. The Group accepts no liability whatsoever for any loss or damages, however incurred, resulting from the use of this e-mail or its attachments. The Group does not warrant the integrity of this e-mail, nor that it is free of errors, viruses, interception or interference. For more information about Africa Online, please visit our website at http://www.africaonline.com
RE: Transition Planning for IPv6 as mandated by the US Govt
My understanding of the mandate is that they (the Department and Agencies) demonstrate passing IPv6 traffic on their backbone from one system out to their backbone and back to another system. A number of agencies, if I remember the number of about 30 have IPv6 allocations. IRS has demonstrated mandate compliance and several others are in line to also show mandate compliance. Both the Federal CIO Council and the Small CIO council are working with a number of their members to not only obtain compliance with the mandate but examine their processes to see how IPv6 can give them a better method of providing their services to each other and the public. John (ISDN) Lee From: [EMAIL PROTECTED] on behalf of Glen Kent Sent: Sat 3/15/2008 2:19 AM To: NANOG list Subject: Transition Planning for IPv6 as mandated by the US Govt Hi, I was just reading http://www.whitehouse.gov/omb/egov/b-1-information.html#IPV6, released some time back in 2005, and it seems that the US Govt. had set the target date of 30th June 2008 for all federal govt agencies to move their network backbones to IPv6. This deadline is almost here. Are we any close for this transition? I have another related question: Do all ISPs atleast support tunneling the IPv6 pkts to some end point? For example, is there a way for an IPv6 enthusiast to send his IPv6 packet from his laptop to a remote IPv6 server in the current circumstances if his ISP does not actively support native IPv6? Cheers, Glen
Re: Routing Loop
On Sat, Mar 15, 2008, Felix Bako wrote: > > Hello, > Guyz please try to reach my network 194.9.82.0/24 from your networks. > Am seeeing routing loops from several looking glasses. > above.net, Alameda.net. but from traceroute.eu. the block comes down ok. > Kindly anyone assist. Uh, still seems to be unhappy. Have you tried poking the above.net NOC? Adrian [EMAIL PROTECTED]:~$ traceroute 194.9.82.1 traceroute to 194.9.82.1 (194.9.82.1), 30 hops max, 40 byte packets 1 192.168.1.1 (192.168.1.1) 1.379 ms 1.332 ms 1.339 ms 2 gw.cacheboy.net (203.56.15.73) 3.883 ms 4.199 ms 3.798 ms 3 green.westnet.net.au (203.56.14.7) 39.615 ms 36.898 ms 36.533 ms 4 rtr-v1-blue-1.westnet.net.au (203.56.14.1) 36.139 ms 44.072 ms 39.037 ms 5 bdr1.perth.westnet.net.au (203.56.14.46) 35.067 ms 36.074 ms 37.672 ms 6 CORE-203-190-192-249.auto.conceptual.net.au (203.190.192.249) 38.465 ms 52 .764 ms 39.663 ms 7 59.154.14.81 (59.154.14.81) 57.525 ms 48.933 ms 40.739 ms 8 203.208.192.241 (203.208.192.241) 257.458 ms 257.153 ms 259.887 ms 9 ge-0-0-0-0.plapx-dr1.ix.singtel.com (203.208.149.1) 263.012 ms 264.251 ms ge-4-0-0-0.plapx-dr1.ix.singtel.com (203.208.149.5) 258.881 ms 10 ge-5-2-1.mpr4.pao1.us.above.net (64.125.13.5) 260.073 ms 261.251 ms 265.6 42 ms 11 so-1-2-2.mpr2.sjc2.us.above.net (64.125.29.126) 260.772 ms 260.820 ms 263 .196 ms 12 so-0-0-0.mpr1.sjc2.us.above.net (64.125.27.245) 267.666 ms 261.984 ms 279 .690 ms 13 so-1-0-0.mpr1.lga5.above.net (64.125.26.230) 337.744 ms 343.318 ms 337.64 6 ms 14 so-1-0-0.mpr1.ams1.nl.above.net (64.125.27.186) 426.055 ms 424.355 ms 440 .676 ms 15 ten-gige-1-1.mpr1.ams2.nl.above.net (64.125.26.73) 427.159 ms 424.206 ms 431.439 ms 16 ten-gige-2-2.mpr2.ams2.nl.above.net (64.125.26.70) 423.779 ms 425.797 ms 428.981 ms 17 pni-verio.ams2.nl.above.net (82.98.247.10) 416.403 ms 415.042 ms 417.738 ms 18 pni-verio.ams2.nl.above.net (82.98.247.9) 428.718 ms 430.827 ms 428.914 m s 19 pni-verio.ams2.nl.above.net (82.98.247.10) 418.211 ms 419.692 ms 417.855 ms 20 pni-verio.ams2.nl.above.net (82.98.247.9) 428.804 ms 432.612 ms 424.800 m s 21 pni-verio.ams2.nl.above.net (82.98.247.10) 418.601 ms 417.696 ms 449.603 ms 22 pni-verio.ams2.nl.above.net (82.98.247.9) 428.716 ms 428.140 ms 428.684 m s 23 pni-verio.ams2.nl.above.net (82.98.247.10) 418.273 ms 418.931 ms 473.879 ms 24 pni-verio.ams2.nl.above.net (82.98.247.9) 554.731 ms 591.014 ms 467.694 m s 25 pni-verio.ams2.nl.above.net (82.98.247.10) 431.515 ms 419.261 ms 431.965 ms 26 pni-verio.ams2.nl.above.net (82.98.247.9) 429.947 ms 433.778 ms 426.749 m s 27 pni-verio.ams2.nl.above.net (82.98.247.10) 419.974 ms 418.109 ms 421.930 ms 28 pni-verio.ams2.nl.above.net (82.98.247.9) 427.184 ms 435.642 ms 430.471 ms 29 pni-verio.ams2.nl.above.net (82.98.247.10) 422.111 ms 420.085 ms 423.038 ms 30 pni-verio.ams2.nl.above.net (82.98.247.9) 426.140 ms 429.449 ms 429.056 ms [EMAIL PROTECTED]:~$
Routing Loop
Hello, Guyz please try to reach my network 194.9.82.0/24 from your networks. Am seeeing routing loops from several looking glasses. above.net, Alameda.net. but from traceroute.eu. the block comes down ok. Kindly anyone assist. -- Best Regards, Felix Bako Network Engineer Africa Online, Kenya Tel: +254 (20) 27 92 000 Fax: +254 (20) 27 100 10 Email: [EMAIL PROTECTED] Aim:felixbako * Africa Online Disclaimer and Confidentiality Note * This e-mail, its attachments and any rights attaching hereto are, unless the context clearly indicates otherwise, the property of Africa Online Holdings (Kenya) Limited and / or its subsidiaries ("the Group"). It is confidential and intended for the addressee only. Should you not be the addressee and have received this e-mail by mistake, kindly notify the sender, delete this e-mail immediately and do not disclose or use the same in any manner whatsoever. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of the Group. The Group accepts no liability whatsoever for any loss or damages, however incurred, resulting from the use of this e-mail or its attachments. The Group does not warrant the integrity of this e-mail, nor that it is free of errors, viruses, interception or interference. For more information about Africa Online, please visit our website at http://www.africaonline.com
Re: Transition Planning for IPv6 as mandated by the US Govt
On 15/03/2008, at 7:19 PM, Glen Kent wrote: I have another related question: Do all ISPs atleast support tunneling the IPv6 pkts to some end point? For example, is there a way for an IPv6 enthusiast to send his IPv6 packet from his laptop to a remote IPv6 server in the current circumstances if his ISP does not actively support native IPv6? Yes - 6to4 and Teredo. 6to4[1] if your router (or some host with an unfiltered non-RFC1918 address) supports it. Teredo[2] if you're behind NAT or some other filtering. - These are enabled by default in Vista. - Enable them in XP SP2 by typing 'netsh interface ipv6 install'. - Apple Airport Extreme has 6to4 enabled by default if it is your NAT router (stateful firewall, allowing new connections outgoing- only by default) - Cisco supports 6to4 and has for years. - Linux and FreeBSD both support 6to4 (no OpenBSD, can't recall RE. NetBSD). - Teredo support in Linux and *BSD with 'miredo' software - it's in APT and FreeBSD ports. Azureus bittorrent client uses IPv6 for DHT. More DHT IPv6 bidirectional relationships than DHT IPv4 bidirectional relationships. So, it's not just IPv6 "enthusiasts". Numbers here: http://www.ops.ietf.org/lists/v6ops/v6ops.2007/msg00859.html More up to date numbers when I get around to processing them [3]. Upcoming version of uTorrent will enable IPv6 (so, Teredo/6to4) on XP SP2 as part of the install process - currently Azureus only uses it if it's enabled already. If you're providing content or network services on v6 and you don't have both a Teredo and 6to4 relay, you should - there are more v6 users on those two than there are on native v6[1]. Talk to me and I'll give you a pre-built FreeBSD image that does it, boot off compact flash or hard drives. Soekris (~$350USD, incl. power supply and CF card), or regular server/whatever PC. Also, if you want config for 6to4 on Cisco, email me and I'll hook you up so I'm not spamming the list with it, alternatively Google. It's about 10 lines, and requires you to inject an anycast IPv4 /24 and an IPv6 /16 in to your IGP(s). Thanks, -- Nathan Ward [1] RFC3056 [2] RFC4380, see also http://technet.microsoft.com/en-us/library/bb457011.aspx [3] I made this up. But seriously, prove me wrong. Current numbers (well, I got bored of waiting, processing 800MB of PCAP takes a while) are that I've had 1,402,634 unique host addresses talk to one of my test host over IPv6/6to4 - and that's just people running a recent version of Azureus with a public unfiltered IPv4 address, and have 6to4 enabled. Imagine what the numbers are like for Teredo users (ie. no requirement for public unfiltered IPv4 address, works through NAT). Imagine what the numbers are for people not running Azureus. Yeah, you get the idea. I really should get around to writing this stuff up properly.. If there's anyone out there who wants to roll some code to pull some stats out of PCAP files so I don't have to process this stuff with cut sed awk uniq etc. please contact me. Oh also if anyone knows Java and can hack some changes in to Azureus for me that'd be useful - it only seems to want to listen on one IPv6 address, I want it to listen on.. 3.