Hello,
Anyone here from Vodafone India (and/or their upstream Airtel AS9498). Seems like Vodafone AS55410 (likely accidentally) hijacked a Brazilian pool 24.152.117.0/24.
https://twitter.com/bgpstream/status/1383115813004181504?s=20
It was visible on RIPE RIS rrc05.ripe.net at VIX, Vienna.
Raw MRT dump show this:
anurag@devops01:~/tmp$ bgpscanner -e '24.152.117.0/24' latest-bview.gz | awk -F '|' '{OFS="|"; print $2,$3}' 24.152.117.0/24|35369 2914 3356 28598 263362 263362 263362 263362 270497 24.152.117.0/24|48362 3356 28598 263362 263362 263362 263362 270497 24.152.117.0/24|47147 2914 3356 28598 263362 263362 263362 263362 270497 24.152.117.0/24|47692 33891 6461 9498 55410 55410 55410 24.152.117.0/24|51184 47692 33891 6461 9498 55410 55410 55410 24.152.117.0/24|59890 3356 28598 263362 263362 263362 263362 270497 24.152.117.0/24|8218 6461 3356 28598 263362 263362 263362 263362 270497 24.152.117.0/24|6720 1853 6939 28598 263362 263362 263362 263362 270497 24.152.117.0/24|13237 2914 174 28598 263362 263362 263362 263362 270497 anurag@devops01:~/tmp$
So besides Vodafone AS55410 hijacking it, seems like Airtel AS9498 carried it to AS6461 i.e upto default free zone. If not an hijack, then they should get the IRR route object updated (which right now shows AS270497 in origin).
*Details about the pool:* inetnum: 24.152.116.0/22 aut-num: AS270497 abuse-c: RUMCU12 owner: RUTE MARIA DA CUNHA ownerid: 13.974.251/0001-19 responsible: RUTE MARIA DA CUNHA country: BR owner-c: RUMCU12 tech-c: RUMCU12 created: 20200312 changed: 20200312
nic-hdl-br: RUMCU12 person: RUTE MARIA DA CUNHA e-mail: rute@hrnet.slz.br country: BR created: 20200307 changed: 20210220
*IRR Check: * anurag@devops01:~$ whois -h whois.radb.net 24.152.117.0/24 route: 24.152.117.0/24 descr: CLARO S.A. Customer origin: AS270497 remarks: Proxy Object notify: irradmin@embratel.net.br mnt-by: MAINT-AS4230 changed: irradmin@embratel.net.br 20201204 source: RADB anurag@devops01:~$
Thanks.