Hi, On 9/27/18 1:11 AM, nusenu wrote:
Hi,
I came across this particular prefix when going through big RPKI unreachable blocks.
prefix-routing-consistency [1] says: current origin is AS2200 prefix-overview [2] says: current origin is AS1942 (nlnog's LG agrees) routing-history [3] says it was announced by AS220 until 2017-06-10 and is currently announced by AS1942
RPKI validator's BGP Preview (using RIS): says it is announced by AS1942 and is therefore invalid (ROA authorizes AS2200 - not AS1942)
So why does [1] say this prefix is announced by AS2200? maybe it is announced by both?
I do not know what is announced, but RIS observes the prefix with both origins. As the looking-glass widget states: "19 RRCs see 202 peers announcing 147.171.0.0/16 originated by 2 ASNs" https://stat.ripe.net/widget/looking-glass#w.resource=147.171.0.0%2F16 Actually, it is just one single peer on collector rrc04 (Geneva) which sees AS2200 as origin; that's why prefix-overview and routing-history do not show the info by default. You have to deselect 'Exclude low visibiliy' (prefix-overview) and 'No low visibility' (routing-history) options in the widgets to see it. RPKI validator's BGP Preview might be using similar logic. The latest RIS dump, http://ris.ripe.net/dumps/riswhoisdump.IPv4.gz lists 147.171.0.0/16 with both AS1942 (203 peers) and AS2200 (1 peer) as origin. prefix-routing-consistency widget appears to indeed have problems; at least in this case. It only shows a result for the route observed by the lowest amount of peers. -- Rene
btw: AS2200 and AS1942 have the same owner and AS2200 appears to be the only upstream of AS1942.
[1] https://stat.ripe.net/widget/prefix-routing-consistency#w.resource=147.171.0... [2] https://stat.ripe.net/widget/prefix-overview#w.resource=147.171.0.0%2F16 [3] https://stat.ripe.net/widget/routing-history#w.resource=147.171.0.0%2F16