Tata Scenic routing in LAX area?

Anyone else seeing an odd Scenic routing in the LAX/SJE area for tata.

traceroute to 23.92.178.22 (23.92.178.22), 30 hops max, 52 byte packets

1 if-ae-13-2.tcore2.lvw-los-angeles.as6453.net (64.86.252.34) 180.698 ms 180.610 ms 181.712 ms

MPLS Label=344269 CoS=0 TTL=1 S=1

2 if-ae-7-2.tcore2.svw-singapore.as6453.net (180.87.15.25) 189.327 ms if-ae-7-2.tcore2.svw-singapore.as6453.net (64.86.252.37) 176.800 ms if-ae-7-2.tcore2.svw-singapore.as6453.net (64.86.252.39) 174.631 ms

MPLS Label=609315 CoS=0 TTL=1 S=1

3 if-ae-20-2.tcore1.svq-singapore.as6453.net (180.87.96.21) 174.287 ms 173.370 ms 173.804 ms

4 120.29.215.202 (120.29.215.202) 179.104 ms 179.367 ms 179.324 ms

5 182.79.152.247 (182.79.152.247) 180.164 ms 182.79.152.253 (182.79.152.253) 184.816 ms 182.79.152.247 (182.79.152.247) 250.928 ms

6 unknown.telstraglobal.net (202.127.73.101) [AS 4637] 173.974 ms 173.986 ms 173.484 ms

7 i-93.sgpl-core02.telstraglobal.net (202.84.224.189) [AS 4637] 175.094 ms 175.699 ms 174.343 ms

8 i-10850.eqnx-core02.telstraglobal.net (202.84.140.46) [AS 4637] 280.686 ms 288.703 ms 280.836 ms

9 i-92.eqnx03.telstraglobal.net (202.84.247.17) [AS 4637] 278.021 ms 276.637 ms 302.249 ms

10 equinix-ix.sjc1.us.voxel.net (206.223.116.4) 174.139 ms 174.163 ms 174.067 ms

Marcus Josephson

IP Operations

mjosephson@inap.com

This message is intended for the use of the intended recipient(s) and may contain confidential and privileged information.

Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

That’s quite the tour…

From Montreal, QC

traceroute to 23.92.178.22 (23.92.178.22), 30 hops max, 60 byte packets
1 67-221-x-x.ebox.net (67.221.x.x) 0.459 ms 0.431 ms 0.409 ms
2 ix-ae-10-190.tcore1.mtt-montreal.as6453.net (206.82.135.105) 5.637 ms 5.619 ms 5.588 ms
3 if-ae-12-2.tcore1.w6c-montreal.as6453.net (64.86.31.27) 246.680 ms 246.682 ms 246.723 ms
4 if-ae-30-2.tcore2.ct8-chicago.as6453.net (66.198.96.24) 257.231 ms 257.275 ms 257.286 ms
5 if-ae-22-2.tcore1.ct8-chicago.as6453.net (64.86.79.2) 249.929 ms 249.807 ms 249.989 ms
6 if-ae-29-2.tcore2.sqn-san-jose.as6453.net (64.86.21.104) 257.468 ms 257.206 ms 257.211 ms
7 if-ae-1-2.tcore1.sqn-san-jose.as6453.net (63.243.205.1) 251.862 ms 251.116 ms 250.928 ms
8 if-ae-18-2.tcore2.sv1-santa-clara.as6453.net (63.243.205.13) 251.988 ms if-ae-13-2.tcore2.lvw-los-angeles.as6453.net (64.86.252.26) 254.136 ms if-ae-38-2.tcore2.sv1-santa-clara.as6453.net (63.243.205.75) 252.838 ms
9 if-ae-7-2.tcore2.svw-singapore.as6453.net (180.87.15.25) 254.861 ms if-ae-0-2.tcore1.sv1-santa-clara.as6453.net (63.243.251.1) 267.270 ms if-ae-7-2.tcore2.svw-singapore.as6453.net (64.86.252.39) 259.345 ms
10 if-ae-20-2.tcore1.svq-singapore.as6453.net (180.87.96.21) 250.794 ms if-et-1-2.hcore2.kv8-chiba.as6453.net (120.29.211.3) 181.610 ms if-ae-20-2.tcore1.svq-singapore.as6453.net (180.87.96.21) 250.683 ms
11 120.29.215.202 (120.29.215.202) 256.046 ms if-ae-23-2.tcore1.svw-singapore.as6453.net (180.87.67.32) 253.692 ms 120.29.215.202 (120.29.215.202) 255.907 ms
12 * * *
13 if-ae-20-2.tcore1.svq-singapore.as6453.net (180.87.96.21) 253.551 ms unknown.telstraglobal.net (202.127.73.101) 280.228 ms if-ae-20-2.tcore1.svq-singapore.as6453.net (180.87.96.21) 254.633 ms
14 120.29.215.242 (120.29.215.242) 254.595 ms 269.004 ms 265.841 ms
15 i-10850.eqnx-core02.telstraglobal.net (202.84.140.46) 248.997 ms 249.750 ms 249.693 ms
16 i-92.eqnx03.telstraglobal.net (202.84.247.17) 247.845 ms unknown.telstraglobal.net (202.127.73.101) 267.627 ms i-92.eqnx03.telstraglobal.net (202.84.247.17) 249.147 ms
17 * i-93.sgpl-core02.telstraglobal.net (202.84.224.189) 255.787 ms *
18 bbr1.inapbb-dal-sje-1-2-4-6.dal006.pnap.net (64.95.158.182) 261.728 ms bbr2.ae7.sje.pnap.net (64.95.158.178) 248.810 ms bbr1.inapbb-dal-sje-1-2-4-6.dal006.pnap.net (64.95.158.182) 261.988 ms
19 i-92.eqnx03.telstraglobal.net (202.84.247.17) 250.373 ms 245.202 ms bbr2.xe-1-1-1.inapbb-chg-sje-8.chg.pnap.net (64.95.159.21) 260.105 ms
20 * * bbr1.xe-0-0-1.inapbb-wdc-dal-7.wdc002.pnap.net (64.95.158.210) 260.176 ms
21 bbr2.ae7.sje.pnap.net (64.95.158.178) 247.134 ms 251.671 ms bbr1.inapbb-dal-sje-1-2-4-6.dal006.pnap.net (64.95.158.182) 264.785 ms
22 bbr2.xe-1-1-1.inapbb-chg-sje-8.chg.pnap.net (64.95.159.21) 263.305 ms * 64.95.159.45 (64.95.159.45) 287.747 ms
23 bbr1.ae7.nym007.pnap.net (64.95.158.73) 263.963 ms bbr1.xe-4-0-0.inapbb-chg-nym-12.nym007.pnap.net (64.95.159.18) 251.967 ms *
24 tsr1.e6-1.nyj004.pnap.net (64.95.158.234) 267.155 ms 263.123 ms *
25 64.95.159.45 (64.95.159.45) 266.946 ms * *
26 * bbr1.ae7.nym007.pnap.net (64.95.158.73) 266.049 ms *
27 * * tsr1.e6-1.nyj004.pnap.net (64.95.158.234) 262.634 ms
28 * * *
29 * * *
30 * * *

From East Coast:

root@dns1:~# traceroute 23.92.178.22

traceroute to 23.92.178.22 (23.92.178.22), 30 hops max, 60 byte packets

1 gw-128-254.phlapalo.quonix.net (208.82.128.254) 0.657 ms 0.657 ms 0.651 ms
2 te0-0-2-3.nr11.b002999-2.phl01.atlas.cogentco.com (38.104.111.121) 1.057 ms 1.118 ms 1.196 ms
3 te0-1-0-0.rcr21.phl01.atlas.cogentco.com (154.24.50.85) 1.018 ms te0-1-0-0.rcr22.phl01.atlas.cogentco.com (154.24.50.89) 0.971 ms te0-1-0-0.rcr21.phl01.atlas.cogentco.com (154.24.50.85) 1.049 ms
4 be2333.ccr42.jfk02.atlas.cogentco.com (154.54.5.1) 3.775 ms be2364.ccr41.jfk02.atlas.cogentco.com (154.54.3.141) 3.756 ms 3.756 ms
5 be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2) 3.767 ms be3294.ccr31.jfk05.atlas.cogentco.com (154.54.47.218) 3.877 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2) 3.772 ms
6 38.104.74.130 (38.104.74.130) 4.807 ms 5.371 ms 5.414 ms
7 border1-po1-bbnet1.nyj004.pnap.net (216.52.95.46) 3.360 ms 3.343 ms 3.316 ms
8 inapvoxcust-XX.border1.nyj004.pnap.net (74.201.136.66) 12.197 ms 12.222 ms 12.468 ms
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

Marcus,

From route-views output, it looks like AS9498/airtel is probably leaking your route between two of its upstreams (AS6453/Tata and AS4637/Telstra) overseas, funneling some of your traffic through their router.

route-views>sh ip bgp 23.92.178.22 | i 9498
� 3356 6453 9498 4637 29791
� 1403 6453 9498 4637 29791
� 3549 3356 6453 9498 4637 29791
� 19214 3257 6453 9498 4637 29791
� 1403 6453 9498 4637 29791
� 286 6453 9498 4637 29791
� 53364 3257 6453 9498 4637 29791
� 3257 6453 9498 4637 29791
� 1239 6453 9498 4637 29791
� 2497 6453 9498 4637 29791
� 57866 6453 9498 4637 29791
� 7660 2516 6453 9498 4637 29791
� 701 6453 9498 4637 29791
� 3561 209 6453 9498 4637 29791

You might try halting advertisements to your AS4637/Telstra peer while you contact AS9498.

-John

FYI 29791 isn’t the only origin I’m seeing this on from one point of view:

AS path: 3257 6453 9498 4637
AS path: 3257 6453 9498 4637 10310 26085 14210
AS path: 3257 6453 9498 4637 20773 29066
AS path: 3257 6453 9498 4637 2906
AS path: 3257 6453 9498 4637 2906 40027
AS path: 3257 6453 9498 4637 29791
AS path: 3257 6453 9498 4637 30844
AS path: 3257 6453 9498 4637 30844 36991
AS path: 3257 6453 9498 4637 30844 38056 38056 38056
AS path: 3257 6453 9498 4637 37468 37230
AS path: 3257 6453 9498 4637 37468 37230 37230 37230
AS path: 3257 6453 9498 4637 47869
AS path: 3356 6453 9498 4637
AS path: 3356 6453 9498 4637 1299 2906
AS path: 3356 6453 9498 4637 1299 3491 20485 20485 4809 49209
AS path: 3356 6453 9498 4637 20773 29066
AS path: 3356 6453 9498 4637 2906
AS path: 3356 6453 9498 4637 29791
AS path: 3356 6453 9498 4637 30844
AS path: 3356 6453 9498 4637 30844 36991
AS path: 3356 6453 9498 4637 30844 38056 38056 38056
AS path: 3356 6453 9498 4637 37468 37230
AS path: 3356 6453 9498 4637 37468 37230 37230 37230
AS path: 3356 6453 9498 4637 47869

I’m not sure what is supposed to be there for 6453_9498 but I suspect not nearly as much as is currently present (only 4637 listed here for brevity).

FYI 29791 isn’t the only origin I’m seeing this on from one point of view:

AS path: 3257 6453 9498 4637
AS path: 3257 6453 9498 4637 10310 26085 14210
AS path: 3257 6453 9498 4637 20773 29066
AS path: 3257 6453 9498 4637 2906
AS path: 3257 6453 9498 4637 2906 40027
AS path: 3257 6453 9498 4637 29791
AS path: 3257 6453 9498 4637 30844
AS path: 3257 6453 9498 4637 30844 36991
AS path: 3257 6453 9498 4637 30844 38056 38056 38056
AS path: 3257 6453 9498 4637 37468 37230
AS path: 3257 6453 9498 4637 37468 37230 37230 37230
AS path: 3257 6453 9498 4637 47869
AS path: 3356 6453 9498 4637
AS path: 3356 6453 9498 4637 1299 2906
AS path: 3356 6453 9498 4637 1299 3491 20485 20485 4809 49209
AS path: 3356 6453 9498 4637 20773 29066
AS path: 3356 6453 9498 4637 2906
AS path: 3356 6453 9498 4637 29791
AS path: 3356 6453 9498 4637 30844
AS path: 3356 6453 9498 4637 30844 36991
AS path: 3356 6453 9498 4637 30844 38056 38056 38056
AS path: 3356 6453 9498 4637 37468 37230
AS path: 3356 6453 9498 4637 37468 37230 37230 37230
AS path: 3356 6453 9498 4637 47869

I’m not sure what is supposed to be there for 6453_9498 but I suspect not nearly as much as is currently present (only 4637 listed here for brevity).

huh… us-carrier → tata → airtel → telstra … that seems TOTALLY PLAUSIBLE… no.

I have tried to reach out to Airtel, no response yet, but yah I could see my issue being due to them leaking routes.

-Marcus

9498/Airtel seems to be leaking a lot of routes.

Source: https://bgpstream.com/

All Events for BGP Stream.

I don’t know what’s less surprising, Tata making sure you see the entire internet (wink wink), or Airtel leaking routes…

Airtel has acknowledged and is in the process of reverting. Thanks all for your input.

-Marcus

I have shared about this leak with known contacts in their NOC.

Thanks.