Is the growth of the global Internet route table all about growth? Or is there a certain amount of laziness, cluelessness, and insensitivity factored into the growth? Over the past two years we've used e-mail and the top 20 CIDR list to contact ISPs and multihomed enterprises. This volunteer effort draws attention to the impact their announcements are having on the global Internet table. We endeavor to make a difference by pointing out the problem, highlighting available resources, and offering free technical BGP assistance. In addition, over the past year we have encountered many RFC1918 and RFC1930 (private ASN) announcements leaking into the global routing tables. This presentation will show the results of our actions. We will also point out how much of the encountered problem is clue, lameness, or "just don't care."
See more at: https://www.nanog.org/meetings/nanog27/agenda#sthash.omWt608q.dpuf
Cidr police please pull over and show us your bgp announcements
1. 1CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
CIDR Police: Please Pull Over andCIDR Police: Please Pull Over and
Show Us Your BGPShow Us Your BGP
AnnouncementsAnnouncements
Hank Nussbacher
hank@riverhead.com
Barry Greene
bgreene@cisco.com
V2.0
NANOG 27NANOG 27
Phoenix, AZ, Feb 11, 2003Phoenix, AZ, Feb 11, 2003
2. 2CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
PremisePremise
l We have the weekly CIDR reports that use
peer pressure to keep try to keep people from
abusing their announcements.
l Is that enough?
l Are there issues with clue, workload, skills,
and other knowledge factors that effect the
size of the table?
l Are people lazy, over worked, or just do not
care?
l Q. Can true peer pressure dent the growth?
3. 3CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
TechniqueTechnique
l Review the Weekly Top 20 list, analysis the
change, then E-mail the contacts.
l E-mails point out the observation based on
the top 20 list, offers assistance, and
sometimes recommends remediation.
l Whitepapers, presentations, and other
materials are created based on the
interaction with the Top 20.
l E-mails sent out on a time available.
4. 4CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
CIDR results for 2001CIDR results for 2001
l Feb 1, 2001: 95,787
l Dec 31, 2001: 104,932
l Barry+Hank cleanup efforts: 3,884
l CIDR table ends up 30% smaller than it would
have been if we hadn’t sent out emails
l Total sent: 72 emails
5. 5CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
The Bad Boys of 2001The Bad Boys of 2001
l AS701 – UUnet
l AS4151 – USDA
l AS2686 – AT&T EMEA
l AS13999 – Megacable, Mexico
l AS4755 – VSNL, India
l AS9498 – Bharti, India
l AS724 – DLA, (.mil)
l AS577 – Bell Canada
l AS376 – RISQ, Canada
l AS12302 – Mobifon, Romania
6. 6CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
The Good Boys of 2001The Good Boys of 2001
l AS1221 – Telstra (501 withdrawn)
l AS4293 – C&W (361 withdrawn)
l AS15412 – Flag Telecom (661 withdrawn)
l AS2551 – ICG (619 withdrawn)
7. 7CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
CIDR results for 2002CIDR results for 2002
l Jan 1, 2002: 104,852
l Dec 31, 2002: 117,450
l Barry+Hank cleanup efforts: 4,318
l CIDR table ends up 25% smaller than it would
have been if we hadn’t sent out emails
l Total sent: 14 emails
8. 8CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
The Bad Boys of 2002The Bad Boys of 2002
l AS17557 – Pakistan Telecom
l AS852 – Telus
l AS18566 - Covad
9. 9CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
The Good Boys of 2002The Good Boys of 2002
l AS8984 – Internet5 AB, Sweden (1069
withdrawn)
l AS209 – Qwest (1276 withdrawn)
l AS2548 – Allegiance Internet (1282
withdrawn)
10. 10CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
20032003
l 23 emails already sent – starting Dec 22
l Only 7 replied
l Only one has reduced their announcements:
AS1580 – HQ 5th Signal Command
l Reduced announcements by 302 prefixes!
11. 11CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
CIDR growthCIDR growth
95000
100000
105000
110000
115000
120000
125000
130000
2001 2002 2003
CIDR
CIDR without Barry and Hank
7%
12. 12CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
Total BGP Table GrowthTotal BGP Table Growth
Could
growth
slowdown
be
attributed
to our
emails?
13. 13CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
LeakingsLeakings of 2002of 2002
l “Friends” ISPs
l Janice/Chandler or Phoebe
l 12 IP prefixes
l Some RFC1918
l Some unregistered
l 22 ASNs
l Mostly RFC1930
l 5 interesting cases
14. 14CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
Leaky cases #1 & #2Leaky cases #1 & #2
l AS5050 leaking AS64511
l “remove-private-as” not working since AS64511
is not a private ASN
l Private ASNs start at AS64512!
l AS1221 leaking AS65000
l Cisco IOS bugs CSCdy59660 & CSCdj19299
l “remove-private-as” not working if as-path is
more than 1 and created by as-path prepend
15. 15CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
Leaky cases #3 & #4Leaky cases #3 & #4
l AS701 leaking AS5757
l Not registered in ARIN
l Lost allocation in 1995
l Proof sitting on 8mm tape
l ARIN’s stuck L
l AS1880 leaking AS1877
l Peter Lothberg’s ASN
l Paperwork lost in 1994 in RIPE
l RIPE willing to re-register it
16. 16CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
Leaky case #5Leaky case #5
l IP range: 192.83.0.0 – 192.83.100.255
l Allocated to Sonera (Finland) in 1992
l Sonera claims all of it
l ARIN has records for only parts of this block
l Sonera claims paperwork lost by Internic
l Announced by AS5515
l ARIN involved
17. 17CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
US Military UnilateralismUS Military Unilateralism –– AS568AS568
l Announcing prefixes not listed anywhere:
l 132.0.0.0/10
l 137.0.0.0/13
l 158.0.0.0/13
l 192.153.136.0/21
l 192.172.0.0/19
l No record in ARIN or whois.nic.mil for the
first block out of the aggregate (i.e.
132.0.0.0/16)
l No answer from anyone at AS 568.
18. 18CIDR Police: Pull Over and Show Us Your BGP AnnouncementsCIDR Police: Pull Over and Show Us Your BGP Announcements
What now?What now?
l We will continue to send emails to CIDR
leakers and non-aggregators
l We ask that everyone do their share by
checking their BGP setups
l Will continue to develop materials to help
communicate operational clue.
l Open for more volunteers to invest their time.
Contact Hank or Barry.