Hi all,
I found the following prefixes are often originated by many ASNs more than
five, wonder if they provide global anycast service, if so what specific
service they provide?
12.64.255.0/24
70.37.135.0/24
198.32.176.0/24
199.7.49.0/24
199.7.80.0/24
199.16.93.0/24
199.16.94.0/24
199.16.95.0/24
206.223.115.0/24
Thanks,
Yaoqing
Most of those are for Verisign's DNS resolution services. Definitely
nothing to be suspicious about here. Move along. These aren't the droids
you are looking for.
Stefan Fouant
I found the following prefixes are often originated by many ASNs more than
five, wonder if they provide global anycast service, if so what specific
service they provide?12.64.255.0/24
CERNET.
70.37.135.0/24
Microsoft/Hotmail.
198.32.176.0/24
Yahoo!
199.7.49.0/24
VeriSign.
199.7.80.0/24
VeriSign.
199.16.93.0/24
VeriSign.
199.16.94.0/24
VeriSign.
199.16.95.0/24
VeriSign.
206.223.115.0/24
Yahoo!
These to me are all organisations that might reasonably be distributing services using anycast. It's difficult to tell whether all the origin ASes you see for those prefixes are legitimate, of course.
It's perhaps worth noting that there is work in the IETF to recommend that every prefix originated as part of an anycast cloud uses a unique origin AS (see <http://tools.ietf.org/html/draft-ietf-grow-unique-origin-as-00>\). I'm not personally convinced of the arguments in the draft, but mentioning it in this thread seems reasonable.
Joe
as a note, this is bmanning/ep.net exchange space, no? so this could
be just people leaking this into their table/global-table by mistake?
used to be. ep.net has fragmented into little bits. most of the prefixes have
been transfered to the clients who were using them, the ones who are still around
are outside the ARIN region and there is no clean way to move them given ARIN and
other RIR policy.
This particular prefix was used as a public exchange, operated by Switch & Data. Not sure
what they have done w/ it since then.
Switch and Data Management Company LLC NET-PAIX-V4 (NET-198-32-175-0-1) 198.32.175.0 - 198.32.177.255
EP.NET, LLC. NET-EP-176 (NET-198-32-176-0-1) 198.32.176.0 - 198.32.176.255
/bill
Still in-use at the Equinix Palo Alto exchange (former PAIX)
https://www.peeringdb.com/private/exchange_view.php?id=7
https://www.peeringdb.com/dns-scan/198-32-176-0-24.txt
Andy
I'm also not convinced of the arguments in the draft, since it argues that it would be a best-practice for me to originate my address space from more than 8,000 different ASNs, when I currently do just fine advertising it from three. I'd much rather there not exist a document that clueless people can point at and claim is a "best common practice" when it's neither best nor common.
-Bill
+1
We are not convinced and are not planning on implementing this draft either.
-DM
Thanks for clarifying this, actually I have a few more blocks with four
origin ASNs that I'm not positive if they are anycast prefixes. Please help
distinguish them if the provide anycast service.
27.130.0.0/16
58.147.0.0/20
58.147.0.0/17
58.147.16.0/20
58.147.64.0/20
58.147.80.0/20
58.147.96.0/20
58.147.112.0/20
61.237.224.0/20
65.61.188.0/24
69.20.95.0/24
110.164.0.0/16
110.164.48.0/20
110.164.64.0/20
110.164.80.0/20
110.164.176.0/20
112.142.0.0/16
112.143.0.0/16
180.183.0.0/16
198.32.64.0/24
198.32.136.0/24
198.32.175.0/24
202.69.136.0/21
202.99.58.0/24
202.122.116.0/24
203.119.30.0/24
204.79.195.0/24
204.79.197.0/24
206.51.38.0/24
206.223.116.0/24
207.231.241.0/24
208.67.239.0/24
222.35.0.0/18
222.35.248.0/21
222.123.0.0/16
223.204.0.0/16
223.205.0.0/16
Yaoqing
You could probably get a good distance towards the answer to this by looking up the prefixes yourself using appropriate whois servers. Enumerating every prefix you see with more than one apparent origin and asking NANOG to type whois for you does not scale very well.
Joe
> Thanks for clarifying this, actually I have a few more blocks with four
origin ASNs that I'm not positive if they are anycast prefixes. Please help
distinguish them if the provide anycast service.You could probably get a good distance towards the answer to this by
looking up the prefixes yourself using appropriate whois servers.
Enumerating every prefix you see with more than one apparent origin and
asking NANOG to type whois for you does not scale very well.
This is definitely a good idea, I'll do it right now. Thanks.
Yaoqing
Hi NANOG,
I manually extracted the origins and their org info for the announced
block of prefixes. All these prefixes were observed being originated
by at most four ASNs simultaneously. I suspect they provide anycast or
IXP service, but not positive. Please confirm my conjecture if you
know them. Thanks!
27.130.0.0/16
58.147.0.0/20
58.147.0.0/17
58.147.16.0/20
58.147.64.0/20
58.147.80.0/20
58.147.96.0/20
58.147.112.0/20
110.164.0.0/16
110.164.48.0/20
110.164.64.0/20
110.164.80.0/20
110.164.176.0/20
112.143.0.0/16
180.183.0.0/16
202.69.136.0/21
223.204.0.0/16
223.205.0.0/16
AS24326: as-name:TTT-AS-AP|descr:Maxnet, Internet Service Provider,
Bangkok>country:TH
AS38550: as-name:TTGN-INTER-AS-AP|descr:TTGN , INTERNATIONAL INTERNET
GATEWAY, THAILAND|country:TH
AS45629: as-name:JASTEL-NETWORK-TH-AP|descr:Jasmine International
Tower>country:TH
AS45758: as-name:TRIPLETNET-AS-AP|descr:TripleT Internet Internet
service provider Bangkok|country:TH
61.237.224.0/20
AS4808:as-name:CHINA169-BJ|descr:CNCGROUP IP network China169 Beijing
Province Network|country:CN
AS4847:as-name:CNIX-AP|descr:China Networks Inter-Exchange
AS9819:as-name:BZNET|descr:Beijing Bozhiruihai Network Technology Co.,
Ltd.|country:CN
AS17772:as-name:CHINACOM|descr:CHINA COMMUNICATIONS SYSTEM Co.,Ltd.|country:CN
AS17964: as-name:DXTNET|descr:Beijing Dian-Xin-Tong Network
Technologies Co., Ltd.|country:CN
AS24138:as-name:CRNET_BJ_IDC-CNNIC-AP|descr:China Tietong
Telecommunication Corporation|CN
AS38356:as-name:NETEON|descr:Beijing Neteon Tech Co, Ltd.|country:CN
AS45114:as-name:CNNIC-SUNINFO-MDC-AP|descr:Beijing Sunrise Technology
Co. Ltd.|country:CN
65.61.188.0/24
69.20.95.0/24
AS10532:ASName: RACKSPACE;OrgName:Rackspace Hosting
AS15395:as-name:UNSPECIFIED|descr:UK Rackspace|descr:LONDON office
AS27357:ASName: RACKSPACE;OrgName:Rackspace Hosting
AS33070:ASName: RMH-14;OrgName:Rackspace Hosting
112.142.0.0/16
222.123.0.0/16
AS24326: as-name:TTT-AS-AP|descr:Maxnet, Internet Service Provider,
Bangkok>country:TH
AS38550: as-name:TTGN-INTER-AS-AP|descr:TTGN , INTERNATIONAL INTERNET
GATEWAY, THAILAND|country:TH
AS45629: as-name:JASTEL-NETWORK-TH-AP|descr:Jasmine International
Tower>country:TH
AS45758: as-name:TRIPLETNET-AS-AP|descr:TripleT Internet Internet
service provider Bangkok|country:TH
AS45626:as-name:TOPL-AU-AS|descr:Travelex Outsourcing Pty Ltd 5/504
Pacific Highway St Leonards NSW AUS 2065|country:AU
198.32.64.0/24
AS4555:ASName: EP0-BLK-ASNBLOCK-5;OrgName:Almond Oil Process, LLC.
AS9584:as-name:GENESIS-AP|descr:Diyixian.com Limited|country:HK
AS20144:ASName: L-ROOT;Comment:distributed using Anycast.
AS42909: as-name: COMMUNITYDNS;descr: Internet
Computer Bureau Ltd
198.32.136.0/24
AS195:OrgName:San Diego Supercomputer Center
AS293:OrgName:ESnet|OrgId:ENSN-Z
AS1239:OrgName:Sprint
AS2914:OrgName:NTT America, Inc.
AS7018:OrgName:AT&T Services, Inc.
198.32.175.0/24
AS2497:as-name:IIJ|descr:Internet Initiative Japan Inc.
AS2914:OrgName:NTT America, Inc.|
AS4323:OrgName:tw telecom holdings, inc.
AS5650:OrgName:Frontier Communications of America, Inc.
AS6461:OrgName:Abovenet Communications, Inc
202.99.58.0/24
AS4808:as-name:CHINA169-BJ|descr:CNCGROUP IP network China169 Beijing
Province Network|country:CN
AS6619:as-name:SAMSUNGNETWORKS-AS-KR|descr:Samsung Networks Inc.
AS17431:as-name:TONET|descr:Beijing TONEK Information Technology
Development Company|country:CN
AS17964:as-name:DXTNET|descr:Beijing Dian-Xin-Tong Network
Technologies Co., Ltd.|country:CN
202.122.116.0/24
AS17775:as-name:STN-CN|descr:SHANGHAI Guangdian Electronics Group
Co.,Ltd|country:CN
AS18118:as-name:CITICNET-AP|descr:CITIC Networks Management Co.,Ltd.
AS24142:as-name:CNNIC-BennalongNet-AP|descr:Shanghai Bennalong Network
Technology Co.,LTD
AS38356:as-name:NETEON|descr:Beijing Neteon Tech Co,
Ltd.|descr:Room203-204, No.1,737,CaoXi Road
North,Shanghai,China|country:CN
AS38814:as-name:ASIAMAX-HK-EA-AP|descr:Asiamax Technology Limited VPN
Service Provider Hong Kong|country:HK
203.119.30.0/24
AS24151:as-name:CNNIC-CRITICAL-AP|descr:China Internet Network Infomation Center
AS24406:as-name:CNNIC-CRITICAL-AP|descr:China Internet Network Infomation Center
AS24408:as-name:CNNIC-CRITICAL-AP|descr:China Internet Network Infomation Center
AS24410:as-name:CNNIC-CRITICAL-AP|descr:China Internet Network Infomation Center
204.79.195.0/24
AS8068:OrgName:Microsoft Corp
AS8069:OrgName:GRYPHON NETWORKS
AS8071:OrgName:Microsoft Corp
AS8075:OrgName:Microsoft Corp
204.79.197.0/24
AS8068:OrgName:Microsoft Corp
AS8069:OrgName:GRYPHON NETWORKS
AS8071:OrgName:Microsoft Corp
AS8075:OrgName:Microsoft Corp
AS12076:OrgName:Hotmail Corporation
206.51.38.0/24
AS3549:OrgName:Hotmail Corporation
AS6453:OrgName:Tata Communications
AS7911:OrgName:Level 3 Communications, Inc.
AS25973:OrgName:Mzima Networks, Inc.
206.223.116.0/24
AS293:OrgName:ESnet
AS1280:OrgName:Internet Systems Consortium, Inc.
AS2914:OrgName:NTT America, Inc.
AS6461:OrgName:Abovenet Communications, Inc
AS23352:OrgName:Server Central Network
207.231.241.0/24
AS101:OrgName:University of Washington
AS226:OrgName:Los Nettos
AS293:OrgName:ESnet
AS14221:OrgName:University of Washington
208.67.239.0/24
AS11588:OrgName:Highwinds Network Group, Inc.
AS23148:OrgName:TERRENAP DATA CENTERS, INC.
AS29045:IT ACTION - Managed Hosting
AS40009:OrgName:BitGravity, Inc.
222.35.0.0/18
AS4808:as-name:CHINA169-BJ|descr:CNCGROUP IP network China169 Beijing
Province Network|country:CN
AS4847:as-name:CNIX-AP|descr:China Networks Inter-Exchange|descr:Using
International Link at Beijing
AS9819:as-name:BZNET|descr:Beijing Bozhiruihai Network Technology Co.,
Ltd.|country:CN
AS17964:as-name:DXTNET|descr:Beijing Dian-Xin-Tong Network
Technologies Co., Ltd.|country:CN
AS24138:as-name:CRNET_BJ_IDC-CNNIC-AP|descr:China Tietong
Telecommunication Corporation|descr:Beijing branch IDC
network>country:CN
AS38356:as-name:CRNET_BJ_IDC-CNNIC-AP|descr:China Tietong
Telecommunication Corporation|descr:Beijing branch IDC
network>country:CN
AS45114:as-name:CNNIC-SUNINFO-MDC-AP|descr:Beijing Sunrise Technology Co. Ltd.
222.35.248.0/21
AS4847:as-name:CNIX-AP|descr:China Networks Inter-Exchange|descr:Using
International Link at Beijing
AS9802:as-name:CHINA-ABITCOOL|descr:Abitcool(China) Inc.|country:CN
AS9803:as-name:JINGXUN|descr:Beijing Jingxun Public Information
Technology Co., Ltd|country:CN
AS17964:as-name:DXTNET|descr:Beijing Dian-Xin-Tong Network
Technologies Co., Ltd.|country:CN
AS18118:as-name:CITICNET-AP|descr:CITIC Networks Management Co.,Ltd.
AS24138:as-name:CRNET_BJ_IDC-CNNIC-AP|descr:China Tietong
Telecommunication Corporation|descr:Beijing branch IDC
network>country:CN
AS38356:as-name:CRNET_BJ_IDC-CNNIC-AP|descr:China Tietong
Telecommunication Corporation|descr:Beijing branch IDC
network>country:CN:
Yaoqing
It has been pointed out to me that not _all_ IXP subnets are there, which is quite true. That list is the subset of the full list of IXPs ( http://pch.net/ixpdir ) for which we have the IPv4/IPv6 subnet information. If anyone spots an IXP that's missing from that list, it's because we don't have the IP subnets. We would love to be as complete as possible, so if anyone has any corrections or additions, we'd be very grateful to hear them.
Thanks,
-Bill
according to Filip, this is -NOT- supposed to be
anycast. the only legal origin ASN is 4555.
these other ASNs have hijacked the prefix.
/bill
The source data above may be old, or simply wrong -- I don't see *any* AS originating that prefix right now, and I can confirm specifically AS20144 is not configured to originate it.
Perhaps I'm misunderstanding the original question, but the assertion that anybody is hijacking that particular prefix seems false.
Joe
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1It's perhaps worth noting that there is work in the IETF to recommend that every prefix originated as part of an anycast cloud uses a unique origin AS (see <http://tools.ietf.org/html/draft-ietf-grow-unique-origin-as-00>\). I'm not personally convinced of the arguments in the draft, but mentioning it in this thread seems reasonable.
I'm also not convinced of the arguments in the draft, since it argues that it would be a best-practice
'A', not 'the', for the reasons conveyed in the draft (e.g., control
plane discriminator, RPKI foundations, etc..). If you don't like it,
don't do it, it's certainly easier to not do it.
for me to originate my address space from more than 8,000 different ASNs,
8000 is a very large number.
when I currently do just fine advertising it from three.
"You" as a service operator do just fine, and it's surely much
simpler from a configuration and provisioning standpoint. But
what about those folks that consume the service, and have no
indication of which node they may be utilizing from an Internet
control plane perspective, or all the associated derivatives?
I'd much rather there not exist a document that clueless people can point at and claim is a "best common practice" when it's neither best nor common.
'clueless people' wouldn't care which node they utilize, where
it resides, or what other attributes might exist and be associated
with it. Providing a discriminator in the control plane for the
consumer of critical network services might well be of utility to
some.
-danny
Furthermore, that exchange prefixes may often appear to be anycast is
not unusual. Those prefixes are often originated by multiple disparate
networks who are connected to the exchange. In a lightning talk I did
at NANOG 41, I talked about mapping peering relationships at exchanges.
When I noted that these prefixes are often announced by exchange
participants, Louie Lee explained that some of his participants often
announce the space to their transit customers so that monitoring and
troubleshooting tools don't cause confusion (e.g. traceroutes).
John
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1It's perhaps worth noting that there is work in the IETF to recommend that every prefix originated as part of an anycast cloud uses a unique origin AS (see<http://tools.ietf.org/html/draft-ietf-grow-unique-origin-as-00>\). I'm not personally convinced of the arguments in the draft, but mentioning it in this thread seems reasonable.
I'm also not convinced of the arguments in the draft, since it argues that it would be a best-practice
'A', not 'the', for the reasons conveyed in the draft (e.g., control
plane discriminator, RPKI foundations, etc..). If you don't like it,
don't do it, it's certainly easier to not do it.for me to originate my address space from more than 8,000 different ASNs,
8000 is a very large number.
when I currently do just fine advertising it from three.
"You" as a service operator do just fine, and it's surely much
simpler from a configuration and provisioning standpoint. But
what about those folks that consume the service, and have no
indication of which node they may be utilizing from an Internet
control plane perspective, or all the associated derivatives?
In a properly functioning system - folks that consume the service don't need to know which node they are utilizing.
Providing the capability for well behaved customers to select/prefer a particular node over another would also allow evildoers to select/prefer a particular node over others - thereby increasing the attack surface of this node, yes?
Not a fan.
198.32.64.0/24
AS4555:ASName: EP0-BLK-ASNBLOCK-5;OrgName:Almond Oil Process, LLC.
AS9584:as-name:GENESIS-AP|descr:Diyixian.com Limited|country:HK
AS20144:ASName: L-ROOT;Comment:distributed using Anycast.
AS42909: as-name: COMMUNITYDNS;descr: Internet
Computer Bureau Ltdaccording to Filip, this is \-NOT\- supposed to be anycast\. the only legal origin ASN is 4555\. these other ASNs have hijacked the prefix\.The source data above may be old, or simply wrong -- I don't see *any* AS originating that prefix right now, and I can confirm specifically AS20144 is not configured to originate it.
This is based on last four year's data(2007-2010)collected from more
than 120 peers around the world. Today it may be not announced
anymore, but it used to be announced by the four ASNs simultaneously.
I just checked the detailed info about this prefix, here it is about
the prefix:
198.32.64.0/24
(ASN: average peers announcing this prefix:existing period:total
appearing days: MOAS period: total appearing days)
4555:4.94:20080318-20080506:50:20080318-20080506:50
9584:3.07:20080402-20080513:42:20080402-20080513:42
20144:79.44:20070101-20080501:487:20071215-20080501:138
42909:26.39:20071215-20080515:152:20071215-20080513:150
MY source data
Perhaps I'm misunderstanding the original question, but the assertion that anybody is hijacking that particular prefix seems false.
This needs to do further analysis to confirm if it was hijacked
Yaoqing