Subject: Rare project developers
List archive
- From: Tim Chown <>
- To: mc36 <>
- Cc: "" <>, "" <>, Orosz Emil <>, Simon Leinen <>, "" <>, "net-ad-mins @ niif.hu" <>, "" <>, "" <>, Tony Przygienda <>, Jeffrey Zhang <>
- Subject: Re: [rare-dev] [freertr] deprecated attributes on valid prefixes
- Date: Tue, 7 Nov 2023 10:09:18 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jisc.ac.uk; dmarc=pass action=none header.from=jisc.ac.uk; dkim=pass header.d=jisc.ac.uk; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Pzm7vaGpYgbAqNtsFqbIWqKggu5E1YcOgDOv6V1OW34=; b=YaDjQ3qB/s6XiRoiUTQS3Le+XWo0T2pC48HspYRVIiXth00dNgg9yANQxfmDx5HZwvoHYtgrC/wJywdeMWlYvRCZ7EV/iqEHs30t9g71SgAxO4M5CuNbSLmgMDjbHsCJPOCcrJf/jzaqYiExuLzC+J4Y2CrIz09RHpwtFHOP412whVAN7Rg/9iMiQCasNdAEae13OeNIGUT0e7l7bDwb2d6T5tufPT0b/qdw4MIJeNirbBQA4LcX2gXRTlCBILcTJKP/PF1E2Q+YTAzgxck8C7Z7ydrJYxJlF+BmF//qSiSHpP3MKx7vz5Dwsa1nGMnCtSKLKz3lXwNIQQGA5a8kPg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EAdeN9rRRJgAc5GXRotcMxjjjsz0Ct0rU85cZguUwWiNZiLfLiMEfx26h2T0BQP2MbQFzvAmLe3Pv8qEgJinBYR67qVJhMJ5yeENGJFSJwO9ZH4/+D3GQjNTr8Et1Zkpaiwfzd82Zit0O5bF196pAItnfzN8riHYD6H7LS05Dk/6DhQ0yu7EwClypxVMCYbEkYn1R9iDGARyqmUOskwMy8YljGTVyFM4i82uVkYLz2DDST/fYSQKY8vnQ/h6xU4msBNth9CJ1Z0gNPlC8k7rc8VxwMqeFXINZ2iAdk+d3biT29c+Ki/EWvyJyzGXh0nU/5biDl1Mt3HfUXYh2s/2yg==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=jisc.ac.uk;
Hi Csaba,
You can see Janet up/downstream advertisements quite nicely at Geoff’s page - https://www.potaroo.net/cgi-bin/as-report?as=as786.
That first IP is the University of Swansea, so yes, on a campus and not the Janet core.
The second IP is a Janet advertised one, no specific reverse on it though.
Tim
On 6 Nov 2023, at 10:17, mc36 <> wrote:
yeahhh, thats clear so here is your tldr from https://groups.io/g/freertr/message/2222
159.86.161.137 with 137.44.0.0/16, and 92.245.228.53 with 147.143.0.0/16...
as i did not found these in the labelled-unicast afi my bet is that these are
"proxy-advertisements" of some universities and not the jisc/janet core boxes....
in our case thats just would make the situation 1 bit more harder to act upon.... :)
br,
cs
On 11/6/23 09:40, Tim Chown wrote:
Hi Csaba,
I m at the IETF now so will be in sessions all week. Which routers exactly are you referring to? I recall previously there was a suggestion to deploy alongside GEANT routers.
We have a FreeRtr Wedge on Janet, but that is hosting our 100G network test facility, so is in production use and we have to be mindful of that.
Best wishes,
Tim
On 5 Nov 2023, at 16:09, mc36 <> wrote:
final bits on this, i played some more on the connector attrib; i added the rewriter support (remove, re-format, etc)
so from the commit below, one can arbitrarily route-map/route-policy rewrite the connector attrib if the need arises.... :)
these legacy optional transitive, deprecated / historicals..... i hear you out, the need to support the legacy/ancient
installations from the vendors whereas keep the commons peaces on the wild-wild-nets (dfz) is an np-hard problem....
https://www.rfc-editor.org/rfc/rfc8093.html vs my all-time favorite https://www.rfc-editor.org/rfc/rfc8962.html
now im really scrolling toward to the rest of the findings like the other attribs, the evpn l3vpn domain-list
https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-ipvpn-interworking/09/ its neeeeeeeew!!!!! :)
br,
cs
On 11/5/23 14:13, mc36 wrote:
hi tim,<Screenshot from 2023-11-05 15-57-40.png><Screenshot from 2023-11-05 15-57-49.png>
last week i was tasked by hbone, if i can provide my nren with some tools to have the unknowns unhidden...
last friday evening the code went online in-prod @ hbone monitoring freertr instance, then i immediately
bugged you on-list that jisc/janet "found guilty" on advertising the -->deprecated/historical/random-padded<--,
https://www.rfc-editor.org/rfc/rfc6037.html#section-5.2.1 bgp attribute.... today i had some time to provide
a dissector/encoder to the "connector attribute" (wireshark refuses to dissect them properly because of the paddings)
so from now i wont bug you anymore on this, however running the code against the fullbgp-feed from hbone i found another
/16 from 2 inner jisc/janet/univ routers are unhidden in the outputs below... the fact that your advertisements
are having some random paddings sounds more alarming than the fact its in the default-free-zone, instructing the
ciscos worldwide from any isp configured to provide legacy multicast services inside (like content providers like
bbc, cnn, etc) to initiate an m-gre toward the advertisers then start pim-hellos over the p-msi tunnel...
if you have some spare time consider forwarding the mail as-is to the univ/noc who operates the 2 boxes in question;
159.86.161.137 with 137.44.0.0/16, and 92.245.228.53 with 147.143.0.0/16...
both prefixes and router-ids are belonging to jisc/janet and arrived here through geant unicast....
br,
cs
sid#
sid#
sid#packet txt2full /nfs/temp/unk20.txt
info userReader.cmdEnter:userReader.java:1227 command sid#packet txt2full /nfs/temp/unk20.txt from console
% reading /nfs/temp/unk20.txt
% 2 dumps found
2023-11-03 22:00:53 62.40.124.17 -> ::
hungarnet-bckp.mx2.zag.hr.geant.net --> null
00000000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
00000010: 00 6a 02 00 00 00 50 40 01 01 00 40 02 0a 02 02
00000020: 00 00 51 e5 00 00 03 12 40 03 04 3e 28 7c 11 80
00000030: 04 04 00 00 00 14 40 06 00 c0 07 08 00 00 fc 73
00000040: 9f 56 a1 89 c0 08 04 51 e5 00 9b c0 10 08 00 02
00000050: fc 73 00 00 02 9e c0 14 0e 00 01 00 01 9f 56 a1
00000060: 89 02 9e 9f 56 a1 89 10 89 2c
+---------+---------------+----------+
21:00:53,000,000 ETHER
|0 |00|00|00|00|00|00|00|00|00|00|00|00|86|dd|60|00|00|00|00|7e|06|ff|00|00|00|00|00|00|00|00|00|00|ff|ff|3e|28|7c|11|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|b3|00|b3|30|cf|94|07|00|00|00|00|50|00|20|00|4e|91|00|00|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|00|6a|02|00|00|00|50|40|01|01|00|40|02|0a|02|02|00|00|51|e5|00|00|03|12|40|03|04|3e|28|7c|11|80|04|04|00|00|00|14|40|06|00|c0|07|08|00|00|fc|73|9f|56|a1|89|c0|08|04|51|e5|00|9b|c0|10|08|00|02|fc|73|00|00|02|9e|c0|14|0e|00|01|00|01|9f|56|a1|89|02|9e|9f|56|a1|89|10|89|2c|
len=87 typ=2 update
withdraw len=0
attrib len=80
attrib typ=1 len=1 origin
00000000: 00
attrib typ=2 len=10 aspath
00000000: 02 02 00 00 51 e5 00 00 03 12
aspath 20965 786
asname GEANT JANET
asinfo http://bgp.he.net/AS20965 http://ipinfo.io/AS786
asmixed 20965-GEANT 786-JANET <---------------------------------------------------------
path length 2
attrib typ=3 len=4 nexthop
00000000: 3e 28 7c 11
nexthop 62.40.124.17
attrib typ=4 len=4 metric
00000000: 00 00 00 14
metric 20
attrib typ=6 len=0 atomicAggr
00000000:
atomic aggregator true
attrib typ=7 len=8 aggregator
00000000: 00 00 fc 73 9f 56 a1 89
aggregator asnum 64627
aggregator asnam as64627
aggregator router 159.86.161.137
attrib typ=8 len=4 stdComm
00000000: 51 e5 00 9b
standard community 20965:155
attrib typ=16 len=8 extComm
00000000: 00 02 fc 73 00 00 02 9e
extended community 2:64627:670
attrib typ=20 len=14 connector
00000000: 00 01 00 01 9f 56 a1 89 02 9e 9f 56 a1 89
connector router 159.86.161.137 <---------------------------------------------------------
reachable len=3
reachable 137.44.0.0/16 <---------------------------------------------------------
2023-11-03 22:00:54 62.40.124.17 -> ::
hungarnet-bckp.mx2.zag.hr.geant.net --> null
00000000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
00000010: 00 6c 02 00 00 00 52 40 01 01 00 40 02 0a 02 02
00000020: 00 00 51 e5 00 00 03 12 40 03 04 3e 28 7c 11 80
00000030: 04 04 00 00 00 14 c0 08 0c 51 e5 00 9b fc 73 00
00000040: 6a fc 90 00 01 c0 10 10 00 02 fc 73 00 00 02 9e
00000050: 00 03 00 28 00 00 00 62 c0 14 0e 00 01 00 01 5c
00000060: f5 e4 35 02 9e 5c f5 e4 35 10 93 8f
+---------+---------------+----------+
21:00:54,000,000 ETHER
|0 |00|00|00|00|00|00|00|00|00|00|00|00|86|dd|60|00|00|00|00|80|06|ff|00|00|00|00|00|00|00|00|00|00|ff|ff|3e|28|7c|11|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|b3|00|b3|30|cf|94|71|00|00|00|00|50|00|20|00|b8|53|00|00|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|ff|00|6c|02|00|00|00|52|40|01|01|00|40|02|0a|02|02|00|00|51|e5|00|00|03|12|40|03|04|3e|28|7c|11|80|04|04|00|00|00|14|c0|08|0c|51|e5|00|9b|fc|73|00|6a|fc|90|00|01|c0|10|10|00|02|fc|73|00|00|02|9e|00|03|00|28|00|00|00|62|c0|14|0e|00|01|00|01|5c|f5|e4|35|02|9e|5c|f5|e4|35|10|93|8f|
len=89 typ=2 update
withdraw len=0
attrib len=82
attrib typ=1 len=1 origin
00000000: 00
attrib typ=2 len=10 aspath
00000000: 02 02 00 00 51 e5 00 00 03 12
aspath 20965 786
asname GEANT JANET
asinfo http://bgp.he.net/AS20965 http://ipinfo.io/AS786
asmixed 20965-GEANT 786-JANET <---------------------------------------------------------
path length 2
attrib typ=3 len=4 nexthop
00000000: 3e 28 7c 11
nexthop 62.40.124.17
attrib typ=4 len=4 metric
00000000: 00 00 00 14
metric 20
attrib typ=8 len=12 stdComm
00000000: 51 e5 00 9b fc 73 00 6a fc 90 00 01
standard community 20965:155 64627:106 64656:1
attrib typ=16 len=16 extComm
00000000: 00 02 fc 73 00 00 02 9e 00 03 00 28 00 00 00 62
00000010:
extended community 2:64627:670 3:40:98
attrib typ=20 len=14 connector
00000000: 00 01 00 01 5c f5 e4 35 02 9e 5c f5 e4 35
connector router 92.245.228.53 <---------------------------------------------------------
reachable len=3
reachable 147.143.0.0/16 <---------------------------------------------------------
sid#
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#2222): https://groups.io/g/freertr/message/2222
Mute This Topic: https://groups.io/mt/102400092/6006518
Group Owner:
Unsubscribe: https://groups.io/g/freertr/unsub []
-=-=-=-=-=-=-=-=-=-=-=-
- Re: [rare-dev] [freertr] deprecated attributes on valid prefixes, Tim Chown, 11/06/2023
- Message not available
- Re: [rare-dev] [freertr] deprecated attributes on valid prefixes, Tim Chown, 11/07/2023
- Message not available
Archive powered by MHonArc 2.6.24.