From Bill.lewis at kijoma.co.uk Mon May 22 11:44:42 2017 From: Bill.lewis at kijoma.co.uk (Bill Lewis) Date: Mon, 22 May 2017 10:44:42 +0100 Subject: [members-discuss] Provider announcing IP ranges when they should not be. Message-ID: HI all, Not sure where I should post this so trying here first. Quick question, we changed hosts recently as the former host are moving their DC at the end of this month and our services would not work from their new location (wireless back haul). We asked them to remove two of our IP blocks from their routers so they are no longer announced there as we have now got them announced at the new host. Last Friday they confirmed by email they had done this, but it is clear they have not as reverse trace routes from some local (to London) sites show they are still announcing them even today. This means many resources are unreachable by our clients and is causing significant disruption. We have again chased them to resolve this. Is there any mechanism in place or tools available to make it easy to either block this false route or have action taken against the provider for failing to stop it? Thank you -- Bill Lewis Kijoma Solutions Ltd From juergen.jaritsch at jmpts.ch Mon May 22 12:09:51 2017 From: juergen.jaritsch at jmpts.ch (=?iso-8859-1?Q?J=FCrgen_Jaritsch_=28juergen=2Ejaritsch=40jmpts=2Ech=29?=) Date: Mon, 22 May 2017 10:09:51 +0000 Subject: [members-discuss] Provider announcing IP ranges when they should not be. In-Reply-To: <83d58d8b-35a5-47d6-b9cd-89099229703e@AAA-EXCHG01.aaa-sales.local> References: <83d58d8b-35a5-47d6-b9cd-89099229703e@AAA-EXCHG01.aaa-sales.local> Message-ID: <81959468ed304250a74833a61924d321@aaa-exchg01.aaa-sales.local> Hi Bill, What subnet size are you talking about? Several small /24 or something like /19 etc? You can hijack your own prefixes as a quick fix if you're dealing with prefixes >/24: just announce more specific /24 to get the issue mostly bypassed. If this is no option for you, please feel free to share some more details like ASN and affected prefixes. With this details most users will be able to help you to track down the issue :). Best regards J?rgen JARITSCH CEO, Co-Founder JMP Technology Services GmbH Zugerstrasse 76 B CH 6340 Baar Switzerland E-Mail: juergen.jaritsch at jmpts.ch Mobil: +43-660-8889638 -----Urspr?ngliche Nachricht----- Von: members-discuss [mailto:members-discuss-bounces at ripe.net] Im Auftrag von Bill Lewis Gesendet: Montag, 22. Mai 2017 11:45 An: members-discuss at ripe.net Betreff: [members-discuss] Provider announcing IP ranges when they should not be. HI all, Not sure where I should post this so trying here first. Quick question, we changed hosts recently as the former host are moving their DC at the end of this month and our services would not work from their new location (wireless back haul). We asked them to remove two of our IP blocks from their routers so they are no longer announced there as we have now got them announced at the new host. Last Friday they confirmed by email they had done this, but it is clear they have not as reverse trace routes from some local (to London) sites show they are still announcing them even today. This means many resources are unreachable by our clients and is causing significant disruption. We have again chased them to resolve this. Is there any mechanism in place or tools available to make it easy to either block this false route or have action taken against the provider for failing to stop it? Thank you -- Bill Lewis Kijoma Solutions Ltd ---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/ Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. From laurent.seror at outscale.com Mon May 22 12:10:24 2017 From: laurent.seror at outscale.com (Laurent Seror) Date: Mon, 22 May 2017 12:10:24 +0200 Subject: [members-discuss] Provider announcing IP ranges when they should not be. In-Reply-To: <5922b815.ce86500a.afcdc.908aSMTPIN_ADDED_MISSING@mx.google.com> References: <5922b815.ce86500a.afcdc.908aSMTPIN_ADDED_MISSING@mx.google.com> Message-ID: If you are the maintainer of the Route objects, be sure to edit them to reflect the new AS announcing them. Then you can write to all your previous operator providers to have them reflect that in their prefix-accept rules. L. 2017-05-22 11:44 GMT+02:00 Bill Lewis : > HI all, > > Not sure where I should post this so trying here first. > > Quick question, we changed hosts recently as the former host are moving > their DC at the end of this month and our services would not work from > their new location (wireless back haul). > > We asked them to remove two of our IP blocks from their routers so they > are no longer announced there as we have now got them announced at the new > host. > > Last Friday they confirmed by email they had done this, but it is clear > they have not as reverse trace routes from some local (to London) sites > show they are still announcing them even today. > > This means many resources are unreachable by our clients and is causing > significant disruption. > > We have again chased them to resolve this. > > Is there any mechanism in place or tools available to make it easy to > either block this false route or have action taken against the provider for > failing to stop it? > > Thank you > > -- > Bill Lewis > Kijoma Solutions Ltd > > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the > general page: > https://lirportal.ripe.net/general/ > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From > here, you can add or remove addresses. > -- Best Regards - Cordialement, [image: outscale_logo] EUROPE / NORTH AMERICA / ASIA Laurent SEROR CEO Direct +33 1 53 27 52 89 Fax. +33 1 83 62 92 89 www.outscale.com [image: logo_facebook] [image: logo_twitter] [image: logo_google+] [image: logo_linkedin] [image: logo_youtube] [image: Outscale] ------------------------------ IMPORTANT: Ce message, y compris les documents joints, est susceptible de contenir des informations confidentielles ? l?usage exclusif de son/ses destinataire(s). Si vous n??tes pas destinataire de ce message, nous vous rappelons qu?il vous est strictement interdit de le divulguer, diffuser, reproduire ou utiliser ? quelque fin que ce soit. Si vous avez re?u ce message par erreur, merci d?en avertir l?exp?diteur et d?effacer ce message et les documents joints de votre syst?me. -------------- next part -------------- An HTML attachment was scrubbed... URL: From david.ponzone at gmail.com Mon May 22 12:20:35 2017 From: david.ponzone at gmail.com (David Ponzone) Date: Mon, 22 May 2017 12:20:35 +0200 Subject: [members-discuss] Provider announcing IP ranges when they should not be. In-Reply-To: <5922b818.98b1500a.bac97.b811SMTPIN_ADDED_MISSING@mx.google.com> References: <5922b818.98b1500a.bac97.b811SMTPIN_ADDED_MISSING@mx.google.com> Message-ID: <8402B89F-B981-459E-84C3-49A9ABF3C131@gmail.com> Bill, you should contact their upstream and in the meantime, you could try to announce more specific routes, in order to reduce the impact. Of course, if the blocks are both /24, it?s not going to be very efficient as prefixes more specific than /24 will be probably filtered by your upstreams. > Le 22 mai 2017 ? 11:44, Bill Lewis a ?crit : > > HI all, > > Not sure where I should post this so trying here first. > > Quick question, we changed hosts recently as the former host are moving their DC at the end of this month and our services would not work from their new location (wireless back haul). > > We asked them to remove two of our IP blocks from their routers so they are no longer announced there as we have now got them announced at the new host. > > Last Friday they confirmed by email they had done this, but it is clear they have not as reverse trace routes from some local (to London) sites show they are still announcing them even today. > > This means many resources are unreachable by our clients and is causing significant disruption. > > We have again chased them to resolve this. > > Is there any mechanism in place or tools available to make it easy to either block this false route or have action taken against the provider for failing to stop it? > > Thank you > > -- > Bill Lewis > Kijoma Solutions Ltd > > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/ > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. From nick at netability.ie Mon May 22 12:21:54 2017 From: nick at netability.ie (Nick Hilliard) Date: Mon, 22 May 2017 11:21:54 +0100 Subject: [members-discuss] Provider announcing IP ranges when they should not be. In-Reply-To: <201705221006.v4MA6OfY009680@mail.netability.ie> References: <201705221006.v4MA6OfY009680@mail.netability.ie> Message-ID: <5922BBC2.8010200@netability.ie> Bill Lewis wrote: > Is there any mechanism in place or tools available to make it easy to > either block this false route or have action taken against the provider > for failing to stop it? - announcement of more specific routes - escalation at their NOC - if it's the UK, try some megaphone diplomacy on the uknof mailing list - talk to their upstream You could threaten lawyers and all that end of things, but bearing in mind that this sort of thing is rarely caused by malice, you're almost always better off being courteous but persistent in getting a mistake corrected. Nick From Bill.lewis at kijoma.co.uk Mon May 22 12:48:49 2017 From: Bill.lewis at kijoma.co.uk (Bill Lewis) Date: Mon, 22 May 2017 11:48:49 +0100 Subject: [members-discuss] Update on announce issue Message-ID: Hi All, Thanks for the feedback on this, it seems the fastest way to have them fix this is to post on here. 3 days of hell later and things have been now been resolved. I would say though, will those companies whose ticketing systems replied en mass please remove them from these lists, it is rather unprofessional -- Bill Lewis Kijoma Broadband From markel.stefo at plus.al Mon May 22 13:32:57 2017 From: markel.stefo at plus.al (Markel Stefo) Date: Mon, 22 May 2017 11:32:57 +0000 Subject: [members-discuss] Update on announce issue In-Reply-To: <46add410-16e3-476c-8874-8bc16fd41cde@EXCH-HTC01.plus.local> References: <46add410-16e3-476c-8874-8bc16fd41cde@EXCH-HTC01.plus.local> Message-ID: <38078DF5B9A0984C8AC03AAEAB7BC1CED794C917@EXCH-MBX02.plus.local> Hi Bill, Glad to see that you have resolved the issue, something that might be worth looking into for the future might be implementing RPKI for your resources. Regards, Markel -----Original Message----- From: members-discuss [mailto:members-discuss-bounces at ripe.net] On Behalf Of Bill Lewis Sent: Monday, May 22, 2017 12:49 PM To: members-discuss at ripe.net Subject: [members-discuss] Update on announce issue Hi All, Thanks for the feedback on this, it seems the fastest way to have them fix this is to post on here. 3 days of hell later and things have been now been resolved. I would say though, will those companies whose ticketing systems replied en mass please remove them from these lists, it is rather unprofessional -- Bill Lewis Kijoma Broadband ---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/ Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses.