ANS begins filtering...

  • To: apops at apnic dot net
  • Subject: ANS begins filtering...
  • From: "David R. Conrad" <davidc at apnic dot net>
  • Date: Thu, 15 May 1997 13:38:56 +0900
  • Sender: owner-apops@apnic.net
    • 
      ------- Forwarded Message
      
      Date:    Thu, 15 May 1997 00:03:56 -0400
      From:    Curtis Villamizar <curtis at brookfield dot ans dot net>
      To:      nanog at merit dot edu
      cc:      curtis at ans dot net
      Subject: prefixes not registered in the IRR/GRR
      
      
      
      There have been a few recent incidents of incorrect routing
      information propagated by major providers that have caused substantial
      outages.  An example, though by no means the only example, is the
      recent AS7007 announcements trig-erred by a routing software bug.  In
      the AS7007 case, some providers had filters in place within 15-20
      minutes while others never put filters in place and the upstream
      provider took over 2 1/2 hours to block the announcements at the
      source.  We've seen similar slow response in other incidents.
      
      The AS7007 was easy to detect and isolate because very many
      destinations where impacted.  Other incidents have occurred that
      impacted a lesser number of prefixes.  This type of outage is very
      hard for a provider to detect.
      
      In order to insure that these routing anomalies can no longer impact
      connectivity within ANS, we will begin filtering routing information
      based on registered route objects in the IRR/GRR, that is the ANS,
      CANET, MCI, RIPE, and RADB databases.  If you are unfamiliar with the
      IRR/GRR, documentation is available at:
      
        http://www.ra.net/RADB.tools.docs/.docs.html
      
      Brief instructions on registering objects are provided at:
      
          http://www.ra.net/RADB.tools.docs/register.html
      
      During April ANS took routing dumps, analyzed ANS routing policy, and
      identified 2,829 announced prefixes that were not registered and not
      covered by an aggregate (reachable anyway).  During early April,
      emphasis was placed on verifying ANS routing policy files.  From April
      25 to April 29 notifications were sent to 312 origin AS, covering
      2,108 of the unregistered prefixes.  Notification could not be sent to
      151 origin AS covering 721 prefixes due to lack of contact information
      for the origin AS.
      
      Quite a number of the origin AS contacted registered the missing
      prefixes.  Others have not responded and of course those who were not
      contacted have not corrected problems.  We'd like to thank the many
      people who promptly made corrections.
      
      The number of unregistered prefixes has been reduced by almost 1/3.
      There still remain 2,096 prefixes from 333 origin AS that are not
      registered.  We've put together a web page describing the methodology
      and listing the remaining unregistered prefixes.  The URL is:
      
        http://engr.ans.net/route-dumps/
      
      It also interesting to note that 8,562 unregistered prefixes were
      excluded from these reports because they were overlapped by
      aggregates.  The vast majority of these were /24 prefixes.  This may
      indicate that 8,562 (or more) prefixes need not be included in global
      routing but are leaking from their aggregates.
      
      Curtis
      
      
      ------- End of Forwarded Message
      
      _________________________________________________________________________
      To unsubscribe: send "unsubscribe" to apops-request at apnic dot net
      ------------------------------------------------------------------------