http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0#AS27595
Gadi.
Or is it?
Looks to not be, so I call BS on your subject line..
however, I do see:
* 64.28.176.0/20 71.13.116.101 100 0 20115
19151 26769 27595 i
*> 204.11.128.105 100 0 33125
174 3549 27595 i
* 67.210.0.0/21 71.13.116.101 100 0 20115
19151 26769 27595 i
*> 204.11.128.105 100 0 33125
174 3549 27595 i
* 67.210.8.0/22 71.13.116.101 100 0 20115
19151 26769 27595 i
20115 sees 27595 through wv (which peers with bandcon), so it would
seem wv shut the edge edge (renesys data also agrees).
It's interesting the gx edge is still active.
-Tk
Gadi,
A quick look at route-views will confirm that Atrivo is multi-homed.
And WV Fiber is a transit provider to them, not a peer.
As NANOG community members in good standing, I'm sure WV, nLayer, etc
would take the appropriate action if you were to contact their
respective abuse departments, *privately*, with evidence of active
abuse on Atrivo's part.
Drive Slow,
Paul Wall
Or is it?
Looks to not be, so I call BS on your subject line..
Thanks Anton! I appreciae you looking into it.
Minor correction to your at least implied statement above: nLayer has no direct connectivity to Atrivo, peering or transit.
Personally, I'm fine with anyone providing Atrivo transit being shamed in public, but I understand if others do not want such traffic on the list.
Anton's post that GX is still providing them transit is a bit curious, since I was under the impression GX had severed all ties with Atrivo. But the table does not lie, a path of "174 3549 27595" is clearly transit. GX, care to comment?
Anton's post that GX is still providing them transit is a bit curious, since
I was under the impression GX had severed all ties with Atrivo. But the
table does not lie, a path of "174 3549 27595" is clearly transit. GX, care
to comment?
After poking for a bit, it's unclear what, if anything, GX is or isn't
doing here.
I tossed a static /24 towards the upstream sending the AS path with GX
in it, and traced towards a host in the that /24 - the traceroute
output disagrees with the as path, oddly enough.
bgp routes, again:
58.65.238.0/24 71.13.116.101 100 0 20115 19151 27595 i
r 204.11.128.105 100 0 33125 174 3549 27595 i
actual path is cogent, (3), wv, intercage, not cogent, gx, intercage:
Tracing the route to 58-65-238-1.myrdns.com (58.65.238.1)
1 204.11.128.105 [AS 33125] 0 msec 0 msec 0 msec
2 gi2-15.ccr02.ord03.atlas.cogentco.com (38.104.102.29) [AS 174] 4
msec 4 msec 8 msec
3 te-9-1.car4.Chicago1.Level3.net (4.68.127.129) [AS 3356] 4 msec 8
msec 4 msec
4 ae-32-56.ebr2.Chicago1.Level3.net (4.68.101.190) [AS 3356] 8 msec
20 msec 16 msec
5 ae-5.ebr2.Chicago2.Level3.net (4.69.140.194) [AS 3356] 8 msec 4 msec 8 msec
6 ae-2.ebr2.Washington1.Level3.net (4.69.132.70) [AS 3356] 40 msec
36 msec 36 msec
7 ae-72-72.csw2.Washington1.Level3.net (4.69.134.150) [AS 3356] 36 msec
ae-82-82.csw3.Washington1.Level3.net (4.69.134.154) [AS 3356] 40 msec
ae-92-92.csw4.Washington1.Level3.net (4.69.134.158) [AS 3356] 40 msec
8 ae-14-69.car4.Washington1.Level3.net (4.68.17.6) [AS 3356] 28 msec
ae-24-79.car4.Washington1.Level3.net (4.68.17.70) [AS 3356] 32 msec
ae-34-89.car4.Washington1.Level3.net (4.68.17.134) [AS 3356] 32 msec
9 CWIE-LLC.car4.Washington1.Level3.net (4.79.170.146) [AS 3356] 32
msec 32 msec 28 msec
10 * * *
11 atl-ten3-1-ash-ten3-1.wvfiber.net (66.216.1.157) [AS 19151] [MPLS:
Label 120 Exp 0] 216 msec 208 msec 188 msec
12 nsh-ten4-1-atl-ten3-2.wvfiber.net (64.127.130.58) [AS 19151]
[MPLS: Label 73 Exp 0] 32 msec 32 msec 32 msec
13 la-ten1-1-nsh-ten4-2.wvfiber.net (66.186.197.109) [AS 19151]
[MPLS: Label 113 Exp 0] 80 msec 80 msec 80 msec
14 sjc-ten1-1-la-ten1-2.wvfiber.net (66.186.197.106) [AS 19151] 80
msec 84 msec 80 msec
15 58-65-238-1.myrdns.com (58.65.238.1) 84 msec 132 msec 104 msec
question I have for the list is...who's faking the funk?
-Tk
Anton's post that GX is still providing them transit is a bit curious, since
I was under the impression GX had severed all ties with Atrivo. But the
table does not lie, a path of "174 3549 27595" is clearly transit. GX, care
to comment?After poking for a bit, it's unclear what, if anything, GX is or isn't
doing here.I tossed a static /24 towards the upstream sending the AS path with GX
in it, and traced towards a host in the that /24 - the traceroute
output disagrees with the as path, oddly enough.bgp routes, again:
> 58.65.238.0/24 71.13.116.101 100 0 20115 19151 27595 i
r 204.11.128.105 100 0 33125 174 3549 27595 iactual path is cogent, (3), wv, intercage, not cogent, gx, intercage:
Tracing the route to 58-65-238-1.myrdns.com (58.65.238.1)
1 204.11.128.105 [AS 33125] 0 msec 0 msec 0 msec
2 gi2-15.ccr02.ord03.atlas.cogentco.com (38.104.102.29) [AS 174] 4
msec 4 msec 8 msec
3 te-9-1.car4.Chicago1.Level3.net (4.68.127.129) [AS 3356] 4 msec 8
msec 4 msec
4 ae-32-56.ebr2.Chicago1.Level3.net (4.68.101.190) [AS 3356] 8 msec
20 msec 16 msec
5 ae-5.ebr2.Chicago2.Level3.net (4.69.140.194) [AS 3356] 8 msec 4 msec 8 msec
6 ae-2.ebr2.Washington1.Level3.net (4.69.132.70) [AS 3356] 40 msec
36 msec 36 msec
7 ae-72-72.csw2.Washington1.Level3.net (4.69.134.150) [AS 3356] 36 msec
ae-82-82.csw3.Washington1.Level3.net (4.69.134.154) [AS 3356] 40 msec
ae-92-92.csw4.Washington1.Level3.net (4.69.134.158) [AS 3356] 40 msec
8 ae-14-69.car4.Washington1.Level3.net (4.68.17.6) [AS 3356] 28 msec
ae-24-79.car4.Washington1.Level3.net (4.68.17.70) [AS 3356] 32 msec
ae-34-89.car4.Washington1.Level3.net (4.68.17.134) [AS 3356] 32 msec
9 CWIE-LLC.car4.Washington1.Level3.net (4.79.170.146) [AS 3356] 32
msec 32 msec 28 msec
10 * * *
11 atl-ten3-1-ash-ten3-1.wvfiber.net (66.216.1.157) [AS 19151] [MPLS:
Label 120 Exp 0] 216 msec 208 msec 188 msec
12 nsh-ten4-1-atl-ten3-2.wvfiber.net (64.127.130.58) [AS 19151]
[MPLS: Label 73 Exp 0] 32 msec 32 msec 32 msec
13 la-ten1-1-nsh-ten4-2.wvfiber.net (66.186.197.109) [AS 19151]
[MPLS: Label 113 Exp 0] 80 msec 80 msec 80 msec
14 sjc-ten1-1-la-ten1-2.wvfiber.net (66.186.197.106) [AS 19151] 80
msec 84 msec 80 msec
15 58-65-238-1.myrdns.com (58.65.238.1) 84 msec 132 msec 104 msecquestion I have for the list is...who's faking the funk?
second that...
from ripe bgplay view, gx is never seen as an adjacency to 27595, just
wv and bandcon, with liteup being brought up later on in the 2 day
interval
-Tk
-christian
I'm not sure where that 58.65.238.0/24 prefix with AS3549
in the path came from. I *currently* see no BGP RIB entries
with AS "3549_27595" (GBLX Intercage) in the path.
A query for the past 6 hours yields 32 AS 27595 originated
prefixes, here are each with their associated upstream
ASN(s) (26769::BANDCON, 19151::WVFIBER-1):
58.65.238.0/24 - 26769
58.65.239.0/24 - 26769
64.28.176.0/20 - 26769,19151
67.210.0.0/21 - 26769,19151
67.210.8.0/22 - 26769,19151
67.210.14.0/23 - 26769,19151
69.22.162.0/23 - 26769,19151
69.22.168.0/21 - 26769,19151
69.22.184.0/22 - 26769,19151
69.31.64.0/20 - 26769,19151
69.50.160.0/19 - 26769,19151
69.50.173.0/24 - 26769,19151
69.50.182.0/23 - 26769,19151
85.255.113.0/24 - 26769,19151
85.255.114.0/23 - 26769,19151
85.255.116.0/22 - 26769,19151
85.255.116.0/23 - 26769,19151
85.255.118.0/24 - 26769,19151
85.255.119.0/24 - 26769,19151
85.255.120.0/23 - 26769,19151
85.255.120.0/24 - 26769,19151
85.255.121.0/24 - 26769,19151
85.255.122.0/24 - 26769,19151
116.50.10.0/24 - 26769,19151
116.50.11.0/24 - 26769,19151
216.255.176.0/20 - 26769,19151
216.255.176.0/21 - 26769,19151
216.255.176.0/22 - 19151
216.255.180.0/22 - 19151
216.255.184.0/21 - 26769,19151
216.255.184.0/22 - 19151
216.255.188.0/22 - 19151
As for which of these prefixes seem to be associated with alleged
nefarious activities, I'll leave that as an exercise for the operator.
-danny