[NLNOG] 145.111.0.0/16 RPKI / BGP misconfiguration

Marco Paesani marco at paesani.it
Sat Aug 24 11:52:45 CEST 2019


The route is invaild

m.paesani at MX960-MIX-RE0> show route 145.111.0.0/16 hidden

inet.0: 768530 destinations, 4902554 routes (763410 active, 0 holddown,
22030 hidden)
+ = Active Route, - = Last Active, * = Both

145.111.0.0/16      [BGP ] 18:29:41, MED 0, localpref 100
                      AS path: 3356 3257 1103 1125 1125 1199 I,
validation-state: invalid
                    > to 213.249.105.25 via xe-7/1/0.0
                    [BGP ] 18:29:55, MED 100, localpref 100
                      AS path: 6762 3257 1103 1125 1125 1199 I,
validation-state: invalid
                    > to 93.186.128.48 via xe-8/0/3.0
                    [BGP ] 18:29:55, localpref 100
                      AS path: 1299 3257 1103 1125 1125 1199 I,
validation-state: invalid
                    > to 62.115.169.234 via xe-8/1/0.0
                    [BGP ] 18:29:56, MED 180, localpref 100
                      AS path: 3257 1103 1125 1125 1199 I,
validation-state: invalid
                    > to 213.254.220.77 via xe-7/2/3.100


https://apps.db.ripe.net/db-web-ui/#/query?searchtext=145.111.0.0%2F16

SN-LIR-MNT must change or delete ROA



Il giorno sab 24 ago 2019 alle ore 11:40 nusenu <nusenu-lists at riseup.net>
ha scritto:

> Marco Paesani:
> > The record is valid
> >
> > m.paesani at MX960-MIX-RE0> show validation database record 145.111.0.0/16
> > RV database for instance master
> >
> > Prefix                 Origin-AS Session
> > State   Mismatch
> > 145.111.0.0/16-16           1101 172.20.21.33
> >  valid
> > 145.111.0.0/16-16           1101 172.30.37.33
> >  valid
> >
> >   IPv4 records: 2
> >   IPv6 records: 0
> >
> > Kind regards,
>
> You are referring to the announcement from AS1101
> I'm referring to the announcement from AS1199.
>
>
> Origin AS1101 is (currently) authorized to announce 145.111.0.0/16
> but AS1199 is (currently) not.
>
> https://stat.ripe.net/widget/looking-glass#w.resource=145.111.0.0%2F16
>
>
> >> Hi,
> >> the BGP announcement for prefix 145.111.0.0/16
> >> changed about two weeks ago:
> >>
> >>
> >>
> https://stat.ripe.net/widget/routing-history#w.resource=145.111.0.0%2F16&w.starttime=2019-08-07T00%3A00%3A00&w.endtime=2019-08-12T00%3A00%3A00
> >>
> >> since then the announcement has an RPKI validity state of invalid
> >> which affects its visibility:
> >>
> >> https://stat.ripe.net/widget/visibility#w.resource=145.111.0.0%2F16
> >>
> >>
> >>
> >>
> https://rpki-validator.ripe.net/announcement-preview?asn=AS1199&prefix=145.111.0.0%2F16
> >> https://nusenu.github.io/RPKI-Observatory/unreachable_AS1199-v4.html
> >>
> >>
> >> Please consider updating your ROA in case this is not intentional.
> >>
> >> thanks,
> >> nusenu
> >>
> >>
> >> --
> >> https://twitter.com/nusenu_
> >> https://mastodon.social/@nusenu
> >>
> >> _______________________________________________
> >> NLNOG mailing list
> >> NLNOG at nlnog.net
> >> http://mailman.nlnog.net/listinfo/nlnog
> >>
> >
> >
>
> --
> https://twitter.com/nusenu_
> https://mastodon.social/@nusenu
>
>

-- 

Marco Paesani


Skype: mpaesani
Mobile: +39 348 6019349
Success depends on the right choice !
Email: marco at paesani.it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nlnog.net/pipermail/nlnog/attachments/20190824/da3d054f/attachment.html>


More information about the NLNOG mailing list