NANOG Digest, Vol 38, Issue 26

Yaoqing_Joey_Liu · March 8, 2011, 3:14am

Message: 9
Date: Mon, 7 Mar 2011 11:32:39 -0600
From: "Yaoqing(Joey) Liu" <joey.liuyq@gmail.com>
Subject: About the different causes of multiple origin ASN(MOAS)
       problem
To: nanog@nanog.org
Message-ID:
       <AANLkTi=RpzYDhcroH2043uiA7XDa0Apo2cHhu6y6XC6V@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Hi,

I'm trying to find all causes of multiple origin AS problem(MOAS) as
follows, but not sure if it's complete. Also please let me know how popular
each item is, especially item 3 and 4 that I'm very curious about.

1. Internet Exchange Points, we have observed a list of this prefixes,
although they generally are not announced to the DFZ.
2. Anycast, rare, but occurs sometimes, for example, 192.88.99.0/24,
2002::/16, and 2001::/32
3. Multi-homing with Private AS number
4. Multi-homing using static route (customer doesn't have AS number)
5. Misconfiguration
6. Hijacking
7. What else?

Thanks,
Yaoqing

------------------------------

Message: 10
Date: Tue, 8 Mar 2011 01:02:19 +0000
From: "Dobbins, Roland" <rdobbins@arbor.net>
Subject: Re: About the different causes of multiple origin ASN(MOAS)
       problem
To: nanog group <nanog@nanog.org>
Message-ID: <6A23D7CB-9DA4-48DF-B655-B1397C573BF6@arbor.net>
Content-Type: text/plain; charset="us-ascii"

> I'm trying to find all causes of multiple origin AS problem(MOAS) as
> follows, but not sure if it's complete.

1. MOAS isn't necessarily a 'problem'; it's fairly common, these days,
and has been for quite some time. The actual problem is the inability to
determine when it's intentional and not evil, vs. unintentional or
intentional and evil.

Good point. That's why I need to have a complete cause list first, then I
can try to tell the evil from the good.

2. There's already a fair body of work on this topic, as a Web search
for "multiple origin as" reveals. Check the NANOG archives for Lixia's
preso, among others.

I know a lot of previous work about MOAS, but they were not comprehensive
enough to drill down to the prefix level and also the results have been
outdated. We need to know what things were going on recently.

Yaoqing

Bandy_Rush1 · March 8, 2011, 3:17am

Good point. That's why I need to have a complete cause list first,
then I can try to tell the evil from the good.

there is no complete cause list

you can not know evil from good because you have no way of knowing
intent

haven't you ucla people figured this out yet?

randy

Yaoqing_Joey_Liu · March 8, 2011, 4:12am

> Good point. That's why I need to have a complete cause list first,
> then I can try to tell the evil from the good.

there is no complete cause list

I admit it's basically impossible to get a complete list, but at least, I
want to have a try to make it as complete as possible in order to
understand the issue. I think industry people should have more experience to
give me the answer, since all the data come from the real practice. For
example, how popular private AS number used for multi-homing, and how
popular one organization has no AS number using static routing.

Yaoqing