Re: AS3356 Announcing 2000::/12
The Internet delivers when we need it the most! :-) https://is2000slash12announcedagain.com/ Props to Ben Cartwright-Cox
Re: AS3356 Announcing 2000::/12
> On 10 Dec 2022, at 11:24 am, Matthew Petach wrote: > > > > As I said--I'm probably being overly paranoid, but I can't help but > wonder what packets such a collector might see, if left to run for a > week or two... ^_^; > A decade ago it looked like this… https://www.potaroo.net/presentations/2012-05-15-ipv6-background-radiation.pdf Geoff
Re: AS3356 Announcing 2000::/12
On Thu, Dec 8, 2022 at 9:35 AM Randy Bush wrote: > while i think the announcement is, shall we say, embarrassing, i do not > see how it would be damaging. real/correct announcements would be for > longer prefixes, yes? > > randy > Putting on a probably-overly-paranoid hat for a moment... If I announce 2000::/12, seemingly as an innocent error, it won't break most people's routing, and is likely to be simply chalked up as a copy-paste error, or other human "oops". But if I happen to be running a promiscuous packet capture on a box that the "erroneous" routing table entry ultimately resolves to, I warrant there's a certain amount of legitimate packet streams I could collect here and there, any time a router processes a WITHDRAW update message for a more specific prefix within the range, before a new ANNOUNCE update message is processed. I'm not going to get a great deal of information, as most simple prefix updates happen within the same update message; but during periods of higher internal churn in a network, you may have brief periods during which the more specific route is withdrawn before being re-announced, during which I'd be able to harvest packets destined for other networks. As I said--I'm probably being overly paranoid, but I can't help but wonder what packets such a collector might see, if left to run for a week or two... ^_^; Thanks! Matt
Re: AS3356 Announcing 2000::/12
> I know of a few people in a Discord that filter out anything bigger > than /16 routes, would this be wise to implement as a best practice? once upon a time, a very large provider took two /8s and announced as a /7. a vendor who thought a /8 was as short as they would ever see had routers fall over in a receiving large provider. do not hard code social theories. remember 640k. randy
RE: AS3356 Announcing 2000::/12
I know of a few people in a Discord that filter out anything bigger than /16 routes, would this be wise to implement as a best practice? From: Warren Kumari Sent: Friday, December 9, 2022 9:13 AM To: Job Snijders Cc: r...@rkhtech.org; North American Network Operators' Group Subject: Re: AS3356 Announcing 2000::/12 On Thu, Dec 8 2022 at 12:38 PM, Job Snijders mailto:nanog@nanog.org> > wrote: Hi all, On Wed, Dec 07, 2022 at 08:24:54PM -0800, Ryan Hamel wrote: AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 25%) of the IPv6 DFZ. A few months ago I wrote: "Frequently Asked Questions about 2000::/12 and related routing errors": https://www.ripe.net/ripe/mail/archives/routing-wg/2022-July/004588.html Oh, that's a nice write-up. I must admit that it didn't occur to me that e.g 2000::/12 was likely something much more specific, but that someone missed the (probably) 6, 7, or 8 at the end, even though I've done this a few times myself… W Kind regards, Job
Re: AS3356 Announcing 2000::/12
On Thu, Dec 8 2022 at 12:38 PM, Job Snijders wrote: Hi all, > > On Wed, Dec 07, 2022 at 08:24:54PM -0800, Ryan Hamel wrote: > > AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate > covering over 23K prefixes (just over 25%) of the IPv6 DFZ. > > A few months ago I wrote: "Frequently Asked Questions about 2000::/12 and > related routing errors": > > https://www.ripe.net/ripe/mail/archives/routing-wg/2022-July/004588.html > Oh, that's a nice write-up. I must admit that it didn't occur to me that e.g 2000::/12 was likely something much more specific, but that someone missed the (probably) 6, 7, or 8 at the end, even though I've done this a few times myself… W > Kind regards, > > Job >
Re: AS3356 Announcing 2000::/12
Hi all, On Wed, Dec 07, 2022 at 08:24:54PM -0800, Ryan Hamel wrote: > AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate > covering over 23K prefixes (just over 25%) of the IPv6 DFZ. A few months ago I wrote: "Frequently Asked Questions about 2000::/12 and related routing errors": https://www.ripe.net/ripe/mail/archives/routing-wg/2022-July/004588.html Kind regards, Job
Re: AS3356 Announcing 2000::/12
while i think the announcement is, shall we say, embarrassing, i do not see how it would be damaging. real/correct announcements would be for longer prefixes, yes? randy
Re: AS3356 Announcing 2000::/12
That would be a nice start :-) On Thu, Dec 8, 2022 at 6:45 AM Heasley wrote: > > > Am 12/7/22 um 22:25 schrieb Don Beal : > > > How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12, > > > If all ASes participated, no „unknowns“, unknowns could be dropped, …. >
Re: AS3356 Announcing 2000::/12
On Thu, Dec 8, 2022 at 1:45 AM Heasley wrote: > > > > Am 12/7/22 um 22:25 schrieb Don Beal : > > > How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12, > > > If all ASes participated, no „unknowns“, unknowns could be dropped, …. > yea that might be a tad dangerous today :( and don's right :( unknown is hard today :( (darn you don for being practical! :) ) crud.. but iRR filters! :) > what would 6762|2914|174|* invalidate against? Until a future where > everything is 'valid', RPKI is unable to pare out less-specific conflicts. > > It does look like 3356 pulled the announcement, which is good. > > > On Thu, Dec 8, 2022 at 4:48 AM Christopher Morrow > wrote: >> >> On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel wrote: >> > >> > AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate >> > covering over 23K prefixes (just over 25%) of the IPv6 DFZ. >> > >> > >> >> interesting that this is leaking outside supposed RPKI OV boundaries as well. >> For example: >> 6762 3356 >> 2914 3356 >> 174 3356 (apologies to 174, I forget if they signed up to the 'doin >> ov now' plan)
Re: AS3356 Announcing 2000::/12
Am 12/7/22 um 22:25 schrieb Don Beal :How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12,If all ASes participated, no „unknowns“, unknowns could be dropped, …. what would 6762|2914|174|* invalidate against? Until a future where everything is 'valid', RPKI is unable to pare out less-specific conflicts.It does look like 3356 pulled the announcement, which is good.On Thu, Dec 8, 2022 at 4:48 AM Christopher Morrowwrote:On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel wrote: > > AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 25%) of the IPv6 DFZ. > > interesting that this is leaking outside supposed RPKI OV boundaries as well. For example: 6762 3356 2914 3356 174 3356 (apologies to 174, I forget if they signed up to the 'doin ov now' plan)
Re: AS3356 Announcing 2000::/12
How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12, what would 6762|2914|174|* invalidate against? Until a future where everything is 'valid', RPKI is unable to pare out less-specific conflicts. It does look like 3356 pulled the announcement, which is good. On Thu, Dec 8, 2022 at 4:48 AM Christopher Morrow wrote: > On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel > wrote: > > > > AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate > covering over 23K prefixes (just over 25%) of the IPv6 DFZ. > > > > > > interesting that this is leaking outside supposed RPKI OV boundaries as > well. > For example: > 6762 3356 > 2914 3356 > 174 3356 (apologies to 174, I forget if they signed up to the 'doin > ov now' plan) >
RE: AS3356 Announcing 2000::/12
These as well: 3257 3356 3491 3356 They probably leaked a hold down route. Ryan Hamel -Original Message- From: Christopher Morrow Sent: Wednesday, December 7, 2022 8:48 PM To: r...@rkhtech.org Cc: nanog@nanog.org Subject: Re: AS3356 Announcing 2000::/12 On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel wrote: > > AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate > covering over 23K prefixes (just over 25%) of the IPv6 DFZ. > > interesting that this is leaking outside supposed RPKI OV boundaries as well. For example: 6762 3356 2914 3356 174 3356 (apologies to 174, I forget if they signed up to the 'doin ov now' plan)
Re: AS3356 Announcing 2000::/12
On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel wrote: > > AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate > covering over 23K prefixes (just over 25%) of the IPv6 DFZ. > > interesting that this is leaking outside supposed RPKI OV boundaries as well. For example: 6762 3356 2914 3356 174 3356 (apologies to 174, I forget if they signed up to the 'doin ov now' plan)