IP allocations / bogon - verification

Mailman List Mirror (Read Only)
1

Gang,

I apologize for a double post on this same topic tonight however I thought
that broadening my request may help our cause. This month we had one of
our IP allocations revoked and just recently got everything squared away
with ARIN and things are "turned back" on so to speak.

However I still have some customers having issues hitting a number of
financial related websites ..etc and I assume its because of bogons ..etc

I saw some earlier posts on here where folks have posted their allocation
to ensure that others are routing it properly so I wanted to do the same.

My allocation which has recently been revived: 66.185.0.0/20

Test point traceroute .etc 66.185.0.198

We do seem to be having some issues with some level 3 routing our range to
some desitnations and can provide specifics off list.

Thanks all for the help / verification.

Kenny

2

from europe, serbia seems to be working via level3...

# traceroute 66.185.0.198
traceroute to 66.185.0.198 (66.185.0.198), 30 hops max, 40 byte packets
1 XX.verat.net (213.244.xx.xxx) 0.780 ms 1.692 ms 1.697 ms
2 XX.verat.net (217.26.xx.xxx) 3.062 ms 3.054 ms 3.018 ms
3 clint.noc.verat.net (62.108.96.77) 2.973 ms 2.938 ms 2.901 ms
4 195.178.34.125 (195.178.34.125) 2.839 ms 3.000 ms 2.968 ms
5 212.200.5.105 (212.200.5.105) 15.477 ms 15.383 ms 15.333 ms
6 212.73.203.245 (212.73.203.245) 15.400 ms 14.308 ms 14.914 ms
7 ae-0-11.bar1.vienna1.level3.net (4.69.153.149) 14.730 ms 14.615 ms
14.648 ms
8 ae-12-12.ebr2.frankfurt1.level3.net (4.69.153.146) 158.533 ms 158.503
ms 158.468 ms
9 ae-93-93.csw4.frankfurt1.level3.net (4.69.163.14) 159.090 ms
ae-83-83.csw3.frankfurt1.level3.net (4.69.163.10) 158.330 ms 158.264 ms
10 ae-81-81.ebr1.frankfurt1.level3.net (4.69.140.9) 158.135 ms
ae-71-71.ebr1.frankfurt1.level3.net (4.69.140.5) 158.150 ms
ae-91-91.ebr1.frankfurt1.level3.net (4.69.140.13) 155.613 ms
11 ae-47-47.ebr2.paris1.level3.net (4.69.143.142) 158.885 ms * 158.402 ms
12 ae-41-41.ebr2.washington1.level3.net (4.69.137.50) 156.600 ms
ae-44-44.ebr2.washington1.level3.net (4.69.137.62) 154.621 ms 157.051 ms
13 ae-72-72.csw2.washington1.level3.net (4.69.134.150) 156.779 ms
ae-92-92.csw4.washington1.level3.net (4.69.134.158) 158.681 ms
ae-72-72.csw2.washington1.level3.net (4.69.134.150) 164.913 ms
14 ae-81-81.ebr1.washington1.level3.net (4.69.134.137) 154.991 ms
ae-91-91.ebr1.washington1.level3.net (4.69.134.141) 155.272 ms 156.546 ms
15 ae-2-2.ebr3.atlanta2.level3.net (4.69.132.85) 158.204 ms 158.965 ms
158.492 ms
16 ae-7-7.ebr3.dallas1.level3.net (4.69.134.21) 157.186 ms 157.565 ms
157.564 ms
17 ae-93-93.csw4.dallas1.level3.net (4.69.151.169) 159.837 ms
ae-83-83.csw3.dallas1.level3.net (4.69.151.157) 158.034 ms
ae-73-73.csw2.dallas1.level3.net (4.69.151.145) 156.320 ms
18 ae-82-82.ebr2.dallas1.level3.net (4.69.151.154) 161.284 ms
ae-72-72.ebr2.dallas1.level3.net (4.69.151.142) 158.624 ms 159.402 ms
19 ae-5-5.car1.kansascity1.level3.net (4.69.135.229) 156.168 ms 156.481
ms 158.202 ms
20 ae-11-11.car2.kansascity1.level3.net (4.69.135.234) 160.914 ms
158.152 ms 160.836 ms
21 iowa-networ.car2.kansascity1.level3.net (4.53.34.114) 180.620 ms
180.514 ms 180.249 ms
22 ins-db1-et-12-1.desm.netins.net (167.142.67.6) 180.053 ms 179.767 ms
179.712 ms
23 prairieinet.desm.netins.net (167.142.53.18) 179.123 ms 178.434 ms
178.410 ms
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

host is btw. pingable:

# ping 66.185.0.198 -A -q -c 5
PING 66.185.0.198 (66.185.0.198) 56(84) bytes of data.

--- 66.185.0.198 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 657ms
rtt min/avg/max/mdev = 162.617/163.933/165.772/1.296 ms, ipg/ewma
164.282/163.237 ms

generally, it's visible from routers in Germany, and West Coast...

3

Hi,

Kenny Kant wrote:

[...]

However I still have some customers having issues hitting a number of
financial related websites ..etc and I assume its because of bogons

..etc

66/8 was allocated to ARIN some 13 years ago and 66.185.0.0/20 seem to
have been allocated to JAB Wireless a little over a year after that. I'd
be surprised if your problems are due to people not updating old bogon
filters. A dozen years is long enough that that kind of basic error
sounds unlikely.

But I'd be fascinated - if somewhat disturbed - to be proved wrong...

Regards,

Leo

4

But I'd be fascinated - if somewhat disturbed - to be proved wrong...

Team Cymru seems to think it was a Bogon, as recently as yesterday.
http://www.cymru.com/BGP/bogons.html (search for 66.185.0.0/20, last seen
Aug 1st)

Probably the networks of the "financial related websites" were blocking due
to the Cymru Bogons list.

Regards,

Leo

-Marcel

5

It is possible that it ended up on TC's Bogons list because the prefix was listed as reserved by ARIN in:

ftp://ftp.arin.net/pub/stats/arin/delegated-arin-extended-20130730
ftp://ftp.arin.net/pub/stats/arin/delegated-arin-extended-20130731
ftp://ftp.arin.net/pub/stats/arin/delegated-arin-extended-20130801
ftp://ftp.arin.net/pub/stats/arin/delegated-arin-extended-20130802

I have not checked back further than 30 July.

It definitely shows as allocated here in whois, so I'm confused by the mismatch.

Regards,

Leo

6

But I'd be fascinated - if somewhat disturbed - to be proved wrong...

Team Cymru seems to think it was a Bogon, as recently as yesterday.
http://www.cymru.com/BGP/bogons.html (search for 66.185.0.0/20, last seen Aug 1st)

Probably the networks of the "financial related websites" were blocking due to the Cymru Bogons list.

It is possible that it ended up on TC's Bogons list because the prefix was listed as reserved by ARIN in:

ftp://ftp.arin.net/pub/stats/arin/delegated-arin-extended-20130730
ftp://ftp.arin.net/pub/stats/arin/delegated-arin-extended-20130731
ftp://ftp.arin.net/pub/stats/arin/delegated-arin-extended-20130801
ftp://ftp.arin.net/pub/stats/arin/delegated-arin-extended-20130802

I have not checked back further than 30 July.

RIPEstat shows the prefix was "withdrawn" from ARIN delegated stats on the 8 of July

It came reappeared as 'allocated' yesterday, 2013-08-01

It definitely shows as allocated here in whois, so I'm confused by the mismatch.

there is a mismatch between the normal and extended ARIN stats:

$ cd ftp/pub/stats/arin
$ grep 66.185.0.0 delegated-arin-*20130802
delegated-arin-20130802:arin|US|ipv4|66.185.0.0|4096|20011026|allocated
delegated-arin-extended-20130802:arin||ipv4|66.185.0.0|4096||reserved|

-- Rene

7

It's listed as being on a BOGON at HE, too:
http://bgp.he.net/net/66.185.0.0/20
Not sure who HE uses to make that designation.

Frank

8

Frank,

HE uses the extended files for these stats since the standard ones will soon be deprecated. As Rene pointed out, the extended and standard delegation files from ARIN do not match for this prefix. I do not know why there is inconsistent data between the two, but this is something that ARIN should look into. It appears the extended file is not being updated properly, though whois output clearly shows this was updated recently.

NetRange: 66.185.0.0 - 66.185.15.255
CIDR: 66.185.0.0/20
OriginAS: AS36219
NetName: PAIRIEINET-SPARKPLUG
NetHandle: NET-66-185-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
RegDate: 2001-10-26
Updated: 2013-07-31

9

I have been lead to understand that, for ARIN, the extended stats file reflects the registry state at a slightly different time (earlier by ~1 day) than the "standard" stats file. This is a likely explanation of the observed inconsistency.

Geoff

10

It looks like the update process for the extended stats got stuck. The files which have been published in recent days all are identical to the version of 2013-07-30, ftp://ftp.arin.net/pub/stats/arin/delegated-arin-extended-20130730

Thus allocations and changes made to the registry on 30 July or later are not accounted for in delegated-arin-extended-latest

-- Rene

11

Hi,

For additional information, including BGP history and BGplay, take a look at RIPEstat:

https://stat.ripe.net/66.185.0.0/20#tabId=routing

Regards,
Vesna