[Outages-discussion] [outages] AT&T SFO to Twitter -- possible routing issue or BGP hijack
Jeremy Chadwick
jdc at koitsu.org
Sat Jun 24 03:30:45 EDT 2023
On Sat, Jun 24, 2023 at 06:55:37AM +0000, Job Snijders via Outages wrote:
> On Sat, Jun 24, 2023 at 06:17:12AM +0000, Jeremy Chadwick via Outages wrote:
> > $ telnet route-server.ip.att.net 80
> > Trying 12.0.1.28...
> > telnet: connect to address 12.0.1.28: Connection refused
> > telnet: Unable to connect to remote host
>
> It's a telnet service:
>
> $ telnet route-server.ip.att.net
> Trying 12.0.1.28...
> Connected to route-server.ip.att.net.
> Escape character is '^]'.
> -------------- route-server.ip.att.net ---------------
> --------- AT&T IP Services Route Monitor -----------
(Moving this to outages-discussion to keep from potentially paging
more people. ;) )
Thanks Job! Someone should probably update PeeringDB to not specify
http:// as the URI scheme then, or alternately use telnet://.
Anyway, back to the issue at hand:
Connectivity issue seems to be over, but the suboptimal path remains.
$ telnet www.twitter.com 443
Trying 104.244.42.1...
Connected to twitter.com.
Escape character is '^]'.
^]
telnet> close
Connection closed.
I suspect the "osa" in Bundle-Ether45.br04.osa01.pccwbtn.net likely
stands for Osaka (Japan).
Reviewing the looking glass, we can see that for several locations the
AS path goes 7018 (AT&T) --> 3491 (PCCW Global) --> 13414 (Twitter).
Those locations seem to be:
- 12.122.125.6 / Los Angeles, CA
- 12.122.125.106 / Philadelphia, PA
- 12.122.125.132 / Phoenix, AZ
- 12.122.125.165 / San Diego, CA
- 12.122.126.64 / Washington, DC
- 12.122.126.232 / San Francisco, CA
All other locations have 7018 --> 1299 (Twelve99) --> 13414 (Twitter).
Gut feeling right now says PCCW Global may have some suboptimal routing.
Doesn't seem to make sense why these packets would go all the way to
Osaka. Might be useful to see what PCCW Global is advertising. And
naturally, I can't see what the return path looks like.
$ telnet route-server.ip.att.net
Trying 12.0.1.28...
Connected to route-server.cbbtier3.att.net.
Escape character is '^]'.
...
IPv4: IPv6: City:
12.122.124.12 2001:1890:ff:ffff:12:122:124:12 Atlanta, GA
12.122.124.67 2001:1890:ff:ffff:12:122:124:67 Cambridge, MA
12.122.127.66 2001:1890:ff:ffff:12:122:127:66 Chicago, IL
12.122.124.138 2001:1890:ff:ffff:12:122:124:138 Dallas, TX
12.122.83.238 2001:1890:ff:ffff:12:122:83:238 Denver, CO
12.122.120.7 2001:1890:ff:ffff:12:122:120:7 Fort Lauderdale, FL
12.122.125.6 2001:1890:ff:ffff:12:122:125:6 Los Angeles, CA
12.122.125.44 2001:1890:ff:ffff:12:122:125:44 New York, NY
12.122.125.106 2001:1890:ff:ffff:12:122:125:106 Philadelphia, PA
12.122.125.132 2001:1890:ff:ffff:12:122:125:132 Phoenix, AZ
12.122.125.165 2001:1890:ff:ffff:12:122:125:165 San Diego, CA
12.122.126.232 2001:1890:ff:ffff:12:122:126:232 San Francisco, CA
12.122.159.217 2001:1890:ff:ffff:12:122:159:217 San Juan, PR
12.122.125.224 2001:1890:ff:ffff:12:122:125:224 Seattle, WA
12.122.126.9 2001:1890:ff:ffff:12:122:126:9 St. Louis, MO
12.122.126.64 2001:1890:ff:ffff:12:122:126:64 Washington, DC
...
rviews at route-server.ip.att.net> show route 104.244.42.129
...
104.244.42.0/24 *[BGP/170] 2w2d 23:59:27, localpref 100, from 12.122.83.238
AS path: 7018 1299 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 6w1d 07:39:53, localpref 100, from 12.122.120.7
AS path: 7018 1299 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 4d 23:39:03, localpref 100, from 12.122.124.12
AS path: 7018 1299 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 6d 23:21:06, localpref 100, from 12.122.124.67
AS path: 7018 1299 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 6w2d 06:19:08, localpref 100, from 12.122.124.138
AS path: 7018 1299 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 5w3d 12:40:38, localpref 100, from 12.122.125.6
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 6d 23:21:05, localpref 100, from 12.122.125.44
AS path: 7018 1299 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 6w0d 12:35:07, localpref 100, from 12.122.125.106
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 5w3d 12:40:38, localpref 100, from 12.122.125.132
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 5w3d 12:40:38, localpref 100, from 12.122.125.165
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 1d 02:18:11, localpref 100, from 12.122.125.224
AS path: 7018 1299 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 5w4d 12:20:16, localpref 100, from 12.122.126.9
AS path: 7018 1299 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 6w0d 12:35:07, localpref 100, from 12.122.126.64
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 1w0d 19:30:59, localpref 100, from 12.122.126.232
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 5w4d 12:20:16, localpref 100, from 12.122.127.66
AS path: 7018 1299 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 4d 23:38:30, localpref 100, from 12.122.159.217
AS path: 7018 1299 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
rviews at route-server.ip.att.net> show route 104.244.42.129 aspath-regex ".*3491.*"
inet.0: 910982 destinations, 14573733 routes (910982 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
104.244.42.0/24 [BGP/170] 5w3d 13:03:10, localpref 100, from 12.122.125.6
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 6w0d 12:57:39, localpref 100, from 12.122.125.106
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 5w3d 13:03:10, localpref 100, from 12.122.125.132
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 5w3d 13:03:10, localpref 100, from 12.122.125.165
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 6w0d 12:57:39, localpref 100, from 12.122.126.64
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
[BGP/170] 1w0d 19:53:31, localpref 100, from 12.122.126.232
AS path: 7018 3491 13414 13414 I, validation-state: valid
> to 12.0.1.1 via em0.0
--
| Jeremy Chadwick jdc_at_koitsu.org |
| UNIX Systems Administrator PGP 0x2A389531 |
| Making life hard for others since 1977. |
More information about the Outages-discussion
mailing list