Routes leaks by Indian ISPs for NIXI's routes

Anurag Bhatia
networking

Interesting days as always. Recently I was handed over “Alumni form” from college. 
Mixed feelings. This brings me to conclusion that I somewhat missed college life but anyways that’s small price I paid for my high obsession with some long term ideas. (ok may be that explains why I don’t have a Facebook account? Stop asking me about it!)

Hard to come to any conclusion at this stage. 

Anyways post for today…

Last night I was trying to see impact of mis-match of route objects & prefix visibility. So far have not been able to get much but anyways realized an interesting issue. I found that few ISPs which participate at NIXI (and also have transit from other major ISPs) and are leaking routes learnt from NIXI to the transit.

This is surely a result of mis-configuration of prefix filters in their BGP routers by these networks. NIXI is an IXP where ISPs peer. Now peering means exchange of routing information. If A is peering with B, it means A will pass it’s own routes + it’s downstream customer routes to B and so does B. No one is supposed to be passing their peer routes to each other or peer routes to transit. 

Let’s look at global IPv4 table from Oregon route-views project for entries having AS24029 (NIXI’s ASN) in AS path - output here

Picking couple of samples from output:

* 103.9.132.0/24                66.110.0.86                6453 4755 9829 24029 18101 18101 58603 i

* 119.226.240.0/23           66.110.0.86                 6453 4755 9829 24029 9583 i

* 202.90.192.0                   69.31.111.244              4436 3549 9829 24029 9583 45264 i

* 193.108.88.0                   66.110.0.86                 6453 4755 17439 24029 9498 20940 20940 21342 i

* 203.119.50.0                   4.69.184.193                3356 1273 9583 24186 24029 4755 i

and few more…

There are in total 18 prefixes being leaked by around 4-5 ISPs. 

First three routes here are coming from BSNL’s incorrect prefix filters. In 1st case  AS58603 is originating 103.9.132.0/24 to it’s transit Reliance AS18101which is announcing it to NIXI’s route server AS24029 (with a prepend). Next, BSNL is getting prefixes from route server and BSNL AS9829 is further announcing these prefixes to Tata-VSNL AS4755. 

4th case is of MTNL AS17439 leaking routes learnt from NIXI. There are few other cases like last one with AS24186 Railtel (ISP wing of Indian Railways).

Well that’s about it. If you are an ISP and reading this blog post - then stop leaking stuff out on transit. :) 

Time for me to get back to my work!