Re: How to find all of an ISP's ASNs
On Tue, Oct 25, 2016 at 9:03 PM, Hank Nussbacherwrote: > and if that doesn't work try: > http://bgp.he.net/AS3356#_graph4 > [replace the ASN with the ASN of your choice to see the interconnections.] > Doesn't always work--as it will only show upstream ASNs. For example, Comcast's backbone AS interconnects their regional ASNs. However, the regionals don't show up on http://bgp.he.net/AS7922#_graph4 so you'd need to find all of them first...with something like http://bgp.he.net/search?search[search]=Comcast and/or consult your favorite route server. Also Gary, keep in mind these aren't static. I.e. new AS are added/removed over time. And inferred policy (i.e. hub/spoke) could change too. But I'm still curious...how to you propose to filter by AS? And what if your neighbor (inside one of those permitted AS) is compromised? You've just re-exposed your IoT devices' soft white underbelly again. :-( ../C
Re: BGPMON Alert Questions
On Wed, Apr 2, 2014 at 1:24 PM, Blake Dunlap iki...@gmail.com wrote: Is this malicious or did someone redistribute all of bgp with bad upstream filtering? They perfectly re-advertized all mine. Loos like a huge mistake. And still ongoing. Although this was nice to see: RPKI Validation Failed (Code: 9) Your prefix: 199.47.80.0/21: Prefix Description: NET-199-47-80-0-1 Update time: 2014-04-02 20:29 (UTC) Detected by #peers: 1 Detected prefix: 199.47.80.0/21 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 38794 4651 4761 RPKI Status: ROA validation failed: Invalid Origin ASN, expected 46851 Albeit ineffective. ../C
Re: BGP multihoming with two address spaces
According to telnet://route-server.twtelecom.net and http://lookingglass.level3.net/bgp/lg_bgp_main.php BGP is working as designed. Your single prepend on one prefix with TWTC causes a slight preference for LVL3. Add another prepend if you want to further balance your ingress load away from TWTC. Or for more coarse adjustment, use the TWTC feature communities to reduce their local preference below that of customer default (115 for TWTC). Use 4323:100 for transit default. ../C On Wed, Jan 29, 2014 at 3:32 AM, Joseph Jenkins j...@breathe-underwater.comwrote: I am seeking some feedback/help with my BGP configuration. I am peering with two providers level3 and tw. Unfortunately all of my address spaces are preferring the route over tw rather than level3. I have tried Prepending my AS and the carriers AS to the path on the tw side and I see those update being accepted by internet routers, but everyone is still preferring to install the tw routes rather than level3. I was trying to advertise each provider's address space out their connections and then use the other for backup. Now however everything is coming in through tw and no one seems to like level3. Thanks in advance for any guidance or assistance. Joe
Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds
On Thu, Jan 16, 2014 at 11:04 AM, John Levine jo...@iecc.com wrote: If you're a tiny little network, you can use the public DNS servers for the BL lookups, and you can FTP the text version of DROP and turn in into firewall rules or whatever. That's what I do (hack perl scripts available on request.) Here's working Bash script to sync the freely available DROP/EDROP lists into a quagga/linux route server. https://gist.github.com/dotysan/8463112 I ran that awhile back without issue. But not anymore. Last year I added the $250/yr BOTNETCC list which is BGP-only. And it was too convenient to move the DROP/EDROP lists into BGP for an additional $250. It works as advertized. The BOTNETCC list is only v4/32s and more dynamic than the other lists. It's up to you to set it up correctly so an accident doesn't blackhole your own prefixes...or favorite offshore gambling site. :-p ../C