[NLNOG] 145.111.0.0/16 RPKI / BGP misconfiguration
nusenu
nusenu-lists at riseup.net
Sat Aug 24 11:40:00 CEST 2019
Marco Paesani:
> The record is valid
>
> m.paesani at MX960-MIX-RE0> show validation database record 145.111.0.0/16
> RV database for instance master
>
> Prefix Origin-AS Session
> State Mismatch
> 145.111.0.0/16-16 1101 172.20.21.33
> valid
> 145.111.0.0/16-16 1101 172.30.37.33
> valid
>
> IPv4 records: 2
> IPv6 records: 0
>
> Kind regards,
You are referring to the announcement from AS1101
I'm referring to the announcement from AS1199.
Origin AS1101 is (currently) authorized to announce 145.111.0.0/16
but AS1199 is (currently) not.
https://stat.ripe.net/widget/looking-glass#w.resource=145.111.0.0%2F16
>> Hi,
>> the BGP announcement for prefix 145.111.0.0/16
>> changed about two weeks ago:
>>
>>
>> https://stat.ripe.net/widget/routing-history#w.resource=145.111.0.0%2F16&w.starttime=2019-08-07T00%3A00%3A00&w.endtime=2019-08-12T00%3A00%3A00
>>
>> since then the announcement has an RPKI validity state of invalid
>> which affects its visibility:
>>
>> https://stat.ripe.net/widget/visibility#w.resource=145.111.0.0%2F16
>>
>>
>>
>> https://rpki-validator.ripe.net/announcement-preview?asn=AS1199&prefix=145.111.0.0%2F16
>> https://nusenu.github.io/RPKI-Observatory/unreachable_AS1199-v4.html
>>
>>
>> Please consider updating your ROA in case this is not intentional.
>>
>> thanks,
>> nusenu
>>
>>
>> --
>> https://twitter.com/nusenu_
>> https://mastodon.social/@nusenu
>>
>> _______________________________________________
>> NLNOG mailing list
>> NLNOG at nlnog.net
>> http://mailman.nlnog.net/listinfo/nlnog
>>
>
>
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nlnog.net/pipermail/nlnog/attachments/20190824/cac1f432/attachment-0001.sig>
More information about the NLNOG
mailing list