is RIPEstat confused about the origin of 147.171.0.0/16?
Hi, I came across this particular prefix when going through big RPKI unreachable blocks. prefix-routing-consistency [1] says: current origin is AS2200 prefix-overview [2] says: current origin is AS1942 (nlnog's LG agrees) routing-history [3] says it was announced by AS220 until 2017-06-10 and is currently announced by AS1942 RPKI validator's BGP Preview (using RIS): says it is announced by AS1942 and is therefore invalid (ROA authorizes AS2200 - not AS1942) So why does [1] say this prefix is announced by AS2200? maybe it is announced by both? btw: AS2200 and AS1942 have the same owner and AS2200 appears to be the only upstream of AS1942. [1] https://stat.ripe.net/widget/prefix-routing-consistency#w.resource=147.171.0... [2] https://stat.ripe.net/widget/prefix-overview#w.resource=147.171.0.0%2F16 [3] https://stat.ripe.net/widget/routing-history#w.resource=147.171.0.0%2F16 -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
Hi, On 9/27/18 1:11 AM, nusenu wrote:
Hi,
I came across this particular prefix when going through big RPKI unreachable blocks.
prefix-routing-consistency [1] says: current origin is AS2200 prefix-overview [2] says: current origin is AS1942 (nlnog's LG agrees) routing-history [3] says it was announced by AS220 until 2017-06-10 and is currently announced by AS1942
RPKI validator's BGP Preview (using RIS): says it is announced by AS1942 and is therefore invalid (ROA authorizes AS2200 - not AS1942)
So why does [1] say this prefix is announced by AS2200? maybe it is announced by both?
I do not know what is announced, but RIS observes the prefix with both origins. As the looking-glass widget states: "19 RRCs see 202 peers announcing 147.171.0.0/16 originated by 2 ASNs" https://stat.ripe.net/widget/looking-glass#w.resource=147.171.0.0%2F16 Actually, it is just one single peer on collector rrc04 (Geneva) which sees AS2200 as origin; that's why prefix-overview and routing-history do not show the info by default. You have to deselect 'Exclude low visibiliy' (prefix-overview) and 'No low visibility' (routing-history) options in the widgets to see it. RPKI validator's BGP Preview might be using similar logic. The latest RIS dump, http://ris.ripe.net/dumps/riswhoisdump.IPv4.gz lists 147.171.0.0/16 with both AS1942 (203 peers) and AS2200 (1 peer) as origin. prefix-routing-consistency widget appears to indeed have problems; at least in this case. It only shows a result for the route observed by the lowest amount of peers. -- Rene
btw: AS2200 and AS1942 have the same owner and AS2200 appears to be the only upstream of AS1942.
[1] https://stat.ripe.net/widget/prefix-routing-consistency#w.resource=147.171.0... [2] https://stat.ripe.net/widget/prefix-overview#w.resource=147.171.0.0%2F16 [3] https://stat.ripe.net/widget/routing-history#w.resource=147.171.0.0%2F16
Hi nusenu, Please note that the RPKI Validator BGP Preview only shows announcements that are “widely seen”, which in this case 5 peers or more. Anything lower than that will not simply show up in the list, however it may still be listed in the dump file Rene linked to. Cheers, —Alex
On 27 Sep 2018, at 03:07, Rene Wilhelm <wilhelm@ripe.net> wrote:
Hi,
On 9/27/18 1:11 AM, nusenu wrote:
Hi, I came across this particular prefix when going through big RPKI unreachable blocks. prefix-routing-consistency [1] says: current origin is AS2200 prefix-overview [2] says: current origin is AS1942 (nlnog's LG agrees) routing-history [3] says it was announced by AS220 until 2017-06-10 and is currently announced by AS1942 RPKI validator's BGP Preview (using RIS): says it is announced by AS1942 and is therefore invalid (ROA authorizes AS2200 - not AS1942) So why does [1] say this prefix is announced by AS2200? maybe it is announced by both?
I do not know what is announced, but RIS observes the prefix with both origins. As the looking-glass widget states:
"19 RRCs see 202 peers announcing 147.171.0.0/16 originated by 2 ASNs"
https://stat.ripe.net/widget/looking-glass#w.resource=147.171.0.0%2F16
Actually, it is just one single peer on collector rrc04 (Geneva) which sees AS2200 as origin; that's why prefix-overview and routing-history do not show the info by default. You have to deselect 'Exclude low visibiliy' (prefix-overview) and 'No low visibility' (routing-history) options in the widgets to see it.
RPKI validator's BGP Preview might be using similar logic. The latest RIS dump, http://ris.ripe.net/dumps/riswhoisdump.IPv4.gz lists 147.171.0.0/16 with both AS1942 (203 peers) and AS2200 (1 peer) as origin.
prefix-routing-consistency widget appears to indeed have problems; at least in this case. It only shows a result for the route observed by the lowest amount of peers.
-- Rene
btw: AS2200 and AS1942 have the same owner and AS2200 appears to be the only upstream of AS1942. [1] https://stat.ripe.net/widget/prefix-routing-consistency#w.resource=147.171.0... [2] https://stat.ripe.net/widget/prefix-overview#w.resource=147.171.0.0%2F16 [3] https://stat.ripe.net/widget/routing-history#w.resource=147.171.0.0%2F16
Hi Martin, (related to a recent discussion on RIPE routing-wg ML [0]) I was wondering whether HE's bgp toolkit displays announced prefixes only or announced prefixes _AND_ prefix-origin pairs for which ROAs exits. Example: 186.182.0.0/16 announced according to RIS by one ASN: AS19037 [2] (invalid per RPKI) bgp.he.net [1] shows two announcements (one valid, one invalid) rt-bgp [3] shows one orign ASN (AS19037) (invalid) The question is: Are both announcements visible to HE (HE just sees more announcements than RIS) or is the second entry just the display of a ROA (that is not actually announced)? thanks, nusenu [0] https://www.ripe.net/ripe/mail/archives/routing-wg/2018-September/003630.htm... [1] https://bgp.he.net/net/186.182.0.0/16 [2] https://stat.ripe.net/widget/looking-glass#w.resource=186.182.0.0%2F16 [3] https://rt-bgp.he.net/prefix/186.182.0.0/16 Alex Band:
Hi nusenu,
Please note that the RPKI Validator BGP Preview only shows announcements that are “widely seen”, which in this case 5 peers or more. Anything lower than that will not simply show up in the list, however it may still be listed in the dump file Rene linked to.
Cheers,
—Alex
On 27 Sep 2018, at 03:07, Rene Wilhelm <wilhelm@ripe.net> wrote:
Hi,
On 9/27/18 1:11 AM, nusenu wrote:
Hi, I came across this particular prefix when going through big RPKI unreachable blocks. prefix-routing-consistency [1] says: current origin is AS2200 prefix-overview [2] says: current origin is AS1942 (nlnog's LG agrees) routing-history [3] says it was announced by AS220 until 2017-06-10 and is currently announced by AS1942 RPKI validator's BGP Preview (using RIS): says it is announced by AS1942 and is therefore invalid (ROA authorizes AS2200 - not AS1942) So why does [1] say this prefix is announced by AS2200? maybe it is announced by both?
I do not know what is announced, but RIS observes the prefix with both origins. As the looking-glass widget states:
"19 RRCs see 202 peers announcing 147.171.0.0/16 originated by 2 ASNs"
https://stat.ripe.net/widget/looking-glass#w.resource=147.171.0.0%2F16
Actually, it is just one single peer on collector rrc04 (Geneva) which sees AS2200 as origin; that's why prefix-overview and routing-history
do not show the info by default. You have to deselect 'Exclude low visibiliy' (prefix-overview) and 'No low visibility' (routing-history) options in the widgets to see it.
RPKI validator's BGP Preview might be using similar logic. The latest RIS dump, http://ris.ripe.net/dumps/riswhoisdump.IPv4.gz lists 147.171.0.0/16 with both AS1942 (203 peers) and AS2200 (1 peer) as origin.
prefix-routing-consistency widget appears to indeed have problems; at least in this case. It only shows a result for the route observed by the lowest amount of peers.
-- Rene
btw: AS2200 and AS1942 have the same owner and AS2200 appears to be the only upstream of AS1942. [1] https://stat.ripe.net/widget/prefix-routing-consistency#w.resource=147.171.0...
[2] https://stat.ripe.net/widget/prefix-overview#w.resource=147.171.0.0%2F16
[3] https://stat.ripe.net/widget/routing-history#w.resource=147.171.0.0%2F16
-- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
Hi Wilhelm, thanks for your reply. Rene Wilhelm:
RPKI validator's BGP Preview might be using similar logic. The latest RIS dump, http://ris.ripe.net/dumps/riswhoisdump.IPv4.gz lists 147.171.0.0/16 with both AS1942 (203 peers) and AS2200 (1 peer) as origin.
which brings me back to the lack of a documentation/specification of the RIPE RPKI validator 3 and the dependency on people like Alex that can answer such questions on twitter and this list (thanks!). https://github.com/RIPE-NCC/rpki-validator-3/issues/48 https://www.ripe.net/ripe/mail/archives/routing-wg/2018-September/003615.htm... -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
Rene Wilhelm:
prefix-routing-consistency widget appears to indeed have problems; at least in this case. It only shows a result for the route observed by the lowest amount of peers.
thanks, this is now documented in: https://github.com/nusenu/RIPEstat-wishlist/issues/9 kind regards, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
participants (3)
-
Alex Band -
nusenu -
Rene Wilhelm