K root route leak by AS49505 – Selectel, Russia
There seems be an ongoing route leak by AS49505 (Selectel, Russia) for K root server.
K root server’s IP: 193.0.14.129
Origin Network: AS25152
Here’s trace from Airtel Looking Glass, Delhi PoP
Mon Oct 26 16:21:18 GMT+05:30 2015
traceroute 193.0.14.129
Mon Oct 26 16:21:22.053 IST
Type escape sequence to abort.
Tracing the route to 193.0.14.129
1 *
203.101.95.146 19 msec 4 msec
2 182.79.224.73 14 msec 3 msec 1 msec
3 14.141.116.89.static-Delhi.vsnl.net.in (14.141.116.89) 7 msec 3 msec 2 msec
4 172.23.183.134 26 msec 45 msec 26 msec
5 ix-0-100.tcore1.MLV-Mumbai.as6453.net (180.87.38.5) 151 msec 153 msec 152 msec
6 if-9-5.tcore1.WYN-Marseille.as6453.net (80.231.217.17) [MPLS: Label 383489 Exp 0] 160 msec 163 msec 155 msec
7 if-2-2.tcore2.WYN-Marseille.as6453.net (80.231.217.2) [MPLS: Label 595426 Exp 0] 161 msec 162 msec 162 msec
8 if-7-2.tcore2.FNM-Frankfurt.as6453.net (80.231.200.78) [MPLS: Label 399436 Exp 0] 149 msec 151 msec 155 msec
9 if-12-2.tcore1.FNM-Frankfurt.as6453.net (195.219.87.2) 164 msec 163 msec 159 msec
10 195.219.156.146 153 msec 151 msec 160 msec
11 spb03.transtelecom.net (188.43.1.226) 190 msec 192 msec 189 msec
12 Selectel-gw.transtelecom.net (188.43.1.225) 185 msec 185 msec 185 msec
13 k.root-servers.net (193.0.14.129) 183 msec 204 msec 196 msec
RP/0/8/CPU0:DEL-ISP-MPL-ACC-RTR-9#
The routing information (show route 193.0.14.129 output) from their looking glass doesn’t seems useful since it shows that it’s learning K root Noida route via NIXI. This is likely because routing information is different from actual forwarding information in that device.
So the trace looks extremely weird. It’s leading traffic to K root which does has anycast instance in Noida, landing into Russia!
Why is that happening?
Let’s look at what Tata Communications (AS6453) routing table has for K root’s prefix. I am looking at feed of AS6453 which it’s putting into RIPE RIS RRC 03 collector.
anurag@server7:~/temp$ awk -F ‘|’ ‘$5==6453’ rrc03-table-26-Oct-2015.txt|grep 193.0.14.0/24
TABLE_DUMP_V2|10/26/15 08:00:03|A|80.249.209.167|6453|193.0.14.0/24|6453 20485 49505 25152|IGP
anurag@server7:~/temp$
Let’s analyse this AS_PATH
- AS25152 is orignating prefix to AS49505 (Selectel Russia)
- AS49505 is “leaking” route to it’s upstream AS20485 (Trans Telecom, Russia)
- AS20485 is further propagating route to Tata Communications AS6453 making route visible globally via Tata Communications IP backbone
What impact of it?
Impact is much higher latency with K root from India. Here’s how RIPE Probe 170111 hosted at my home finds latency to K root:
As per graph change, leak started on 24th Oct at 9am UTC and this resulted in jump of latency of over 180ms.
Disclaimer: Post, comments, thoughts and analysis is in personal capacity and in no way linked to my employer.
You mistake.
K root route is locating on Selectel
https://blog.selectel.ru/udalyonnyj-uzel-k-root-v-selektele/
Dear RS – thanks for the article and pointing their blog post out.
I have checked it in detail and seems like they host what RIPE refers to as “remote site” and by design these sites should limit the BGP announcement. They should limit announcements to their clients only.
Quoting from RIPE’s FAQ on hosted nodes: http://k.root-servers.org/faq.html
“The K-root server will advertise the K-root anycast prefixes from AS25152 to your router. Your router needs to propagate the K-root prefixes to your clients”
I hope this clarifies what’s wrong.