[Outages-discussion] RPKI invalid 209.58.46.0/24 widely accepted (was: [outages] [23E-270B4044-0002] TATA issues in Los Angeles)

Jared Geiger jared at compuwizz.net
Mon Oct 5 15:22:29 EDT 2020


It seems TATA has stopped announcing the /24. NTT and Cogent now see the
209.58.0.0/17 and traceroutes aren't taking the scenic route anymore. Thank
you everyone that helped!

On Mon, Oct 5, 2020 at 12:08 PM Job Snijders <job at ntt.net> wrote:

> Dear all,
>
> From the website:
>
> Q: Why does AS 2914 still propagate some RPKI Invalid routes?
>
> A: On March 25th, 2020, the Global IP Network division of NTT Ltd. has
> completed a very important milestone in the deployment of RPKI
> throughout its network to date. Through this effort, AS 2914 no longer
> propagates a majority of RPKI invalid BGP routes that can potentially be
> received through the global Internet routing system.
>
> Currently, a number of technical caveats affects our ability for a 100%
> deployment. A limited number of RPKI invalid route announcements are
> still propagated to EBGP peers, at the moment of writing this the number
> is approximately 650 routes. We are developing technical workarounds and
> engaging vendors in order to enable us to gradually decrease this number
> in the coming months. We remain committed to global RPKI deployment, and
> we will provide updates on our progress from time to time as we work to
> reduce this number to zero.
>
> More information:
> https://www.gin.ntt.net/support-center/policies-procedures/routing-registry/
>
> We've reached out to tata, they are aware and working on it.
>
> Kind regards,
>
> Job
>
> On Mon, Oct 05, 2020 at 08:33:28PM +0200, Lukas Tribus wrote:
> > Hello,
> >
> >
> > On Mon, 5 Oct 2020 at 19:35, Jared Geiger via Outages
> > <outages at outages.org> wrote:
> > >
> > > If anyone at TATA 6453 is watching, you're announcing 209.58.46.0/24
> to NTT 2914 in Sydney causing traffic to your North American VOIP network
> to go through Australia. The rest of your announcements to your peers are
> for 209.58.0.0/17 which correctly keeps the traffic in North America.
> Filtering the /24 out of NTT's BGP feed fixed my latency and packet loss
> problem. NTT contacted the TATA NOC on my behalf but no one has fixed it
> yet.
> >
> >
> > Moving to outages-discussion@
> >
> > This is a RPKI invalid prefix, the ROA 209.58.0.0/17 has maxlength /17
> > with a creation date back in August. Unless there was a parallel /24
> > ROA just a few minutes ago, I don't get it why 174, 2914 and other
> > networks would carry this prefix in their table:
> >
> > http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=209.58.46.0/24
> >
> >
> https://rpki.cloudflare.com/?view=validator&validateRoute=6453_209.58.46.0%2F24
> >
> >
> > Looks like 6453 is originating a number of invalids actually, but I
> > would expect the ROV enabled networks to drop those prefixes:
> > https://bgp.he.net/AS6453#_prefixes
> >
> >
> > Thoughts?
> >
> >
> >
> > Lukas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20201005/de3406bd/attachment.htm>


More information about the Outages-discussion mailing list