Hi,
We are having an issue with Charter Communications advertising 2 of our IP ranges.
We are in the process of implementing RPKI now, but does anyone have a suggestion on how to get them to stop? We have tried contacting them via email and via and phone through numerous channels with no luck.
Thanks
Hi,
We are having an issue with Charter Communications advertising 2 of our IP ranges.
… and these routes are: and so you kind folk can filter them from your Charter peerings…
what are the prefixes?
Good luck. Charter hijacked my prefixes once while I was a paying customer (did not withdraw after I shut down BGP) and they wouldn't do anything about it outside of wanting to schedule a maintenance window.
But do let us know what prefixes they are so those of us who are proactive about such things can filter and do contact everyone Charter peers with or where they use an upstream. I got faster responses that way than with Charter directly.
~Seth
Have you tried checking PeeringDB?
Any idea how this could have happened? Did you used to have some kind of
relationship with them back in the day?
Mark.
The affected prefixes were 208.79.8.0/24 and 208.79.10.0/24
We did previously have a relationship with 10 years ago in the Thibodaux/Hammond area.
Around 8 pm CST last night service to the customers was restored.
Not sure who resolved the issue or if RPKI that I set up yesterday afternoon was responsible. but it does not appear to be an issue at this time.
We are watching it more closely.
We did previously have a relationship with 10 years ago in the
Thibodaux/Hammond area.
Do you recall whether you had an eBGP session with them, or if they
originated your prefixes on your behalf behind their own AS?
Not sure who resolved the issue or if RPKI that I set up yesterday
afternoon was responsible. but it does not appear to be an issue at
this time.
RPKI is not yet that widely deployed that you would see global success
in resolution. I'm curious to understand my query above...
That said, do keep trying to find a warm body there that can answer your
questions.
Mark.
The affected prefixes were 208.79.8.0/24 and 208.79.10.0/24
i do see a /22 ROA for this set of prefixes, hurray! 
We did previously have a relationship with 10 years ago in the Thibodaux/Hammond area.
Around 8 pm CST last night service to the customers was restored.
Not sure who resolved the issue or if RPKI that I set up yesterday afternoon was responsible. but it does not appear to be an issue at this time.
here’s hoping charter’s plans for RPKI are moving along and caught your case
We had an eBGP session with them at that time but it was very problematic. It is strange that the IP blocks that had the issue were the same blocks that we advertised with them and the ones that we were using with Level 3 at the time were unaffected.
Once this message posted to the group, I got responses from Charter almost immediately from the group. So if I had been a member of the group yesterday morning when the problem was discovered I could have had a much faster resolution.
Thanks for the response.
We had an eBGP session with them at that time but it was very
problematic. It is strange that the IP blocks that had the issue were
the same blocks that we advertised with them and the ones that we were
using with Level 3 at the time were unaffected.
My suspicion is that those 2 prefixes you highlight were being
originated from behind their AS, for some reason or other. It is quite
possible that between leaving that contract and people moving on, that
origination stayed in place. It's not the first time I or Philip (Smith)
have seen many cases of these, that pop up years later, only to find
that someone forgot about a static route or an on-behalf origination
from years back after all manner of staff shuffled through both companies.
Of course, very possible this is - as Randy would say - conjecturbation,
on my part; but it's what stands out to me most, at the moment.
Once this message posted to the group, I got responses from Charter
almost immediately from the group. So if I had been a member of the
group yesterday morning when the problem was discovered I could have
had a much faster resolution.
More pressure is better than less :-).
Mark.