Posts

Network hijacking: Wrong BGP announcements screwing up traffic

Yesterday I came across a very interesting case of network hijacking of an ISP from wrong BGP announcements by another network. This issue was reported to NANOG mailing list. 

Issue was reported by Kevin, Senior Engineer at Altus Communications (AS11325). Problem was that SBJ Media LLC (AS33611) was making a /24 block announcement for specific slices of Altus -  208.110.48.0/2063.246.112.0/20, and 68.66.112.0/20 which are allocated to Altus Communications (as per ARIN whois).

Sify broadband in rural areas

Sify is one of really interesting companies. One time pioneer of Indian internet market via chain of cyber cafes. Good old days. Present situation of Sify in consumer market is not significant. Latest earing figures clearly state company is moving towards enterprise segment.

Company is quite aggressive in enterprise segment offerings specially datacenters & corporate leased lines.
Is consumer market really over for Sify or there’s still some hope?

Well, consumer broadband market isn’t really over! Infact this is the main market which is yet to explode in India!

Tata Communications - NTT routing issue for Akamai

Interestingly routing issues didn’t spare one of top CDN provider - Akamai!

So what’s wrong?

(from my BSNL connection):

PING akamai.com (61.213.189.49) 56(84) bytes of data.  
64 bytes from 61.213.189.49: icmp_req=1 ttl=52 time=492 ms  
64 bytes from 61.213.189.49: icmp_req=2 ttl=52 time=492 ms  
64 bytes from 61.213.189.49: icmp_req=3 ttl=52 time=474 ms  
64 bytes from 61.213.189.49: icmp_req=4 ttl=51 time=492 ms  
64 bytes from 61.213.189.49: icmp_req=5 ttl=51 time=489 ms

\--- akamai.com ping statistics --- 
5 packets transmitted, 5 received, 0% packet loss, time 22236ms  
rtt min/avg/max/mdev = 474.296/488.469/492.837/7.183 ms

~ 500ms is way too high. Even US is at like 300ms latency.

Looking at traceroute: 

traceroute to akamai.com (61.213.189.49), 30 hops max, 60 byte packets  
1 router.local (192.168.1.1) [AS8151/AS28513] 4.223 ms 4.979 ms 5.879 ms  
2 117.200.48.1 (117.200.48.1) [AS9829] 45.241 ms 46.384 ms 52.839 ms  
3 218.248.173.46 (218.248.173.46) [AS9829] 87.089 ms \* \*  
4 115.114.57.165.static-Mumbai.vsnl.net.in (115.114.57.165) [AS4755] 74.675 ms 76.970 ms 80.856 ms  
5 if-0-100.tcore2.MLV-Mumbai.as6453.net (180.87.39.25) [\*] 83.234 ms 84.403 ms 87.742 ms  
6 if-6-2.tcore1.L78-London.as6453.net (80.231.130.5) [AS6453] 230.777 ms 185.553 ms 194.288 ms  
7 \* Vlan704.icore1.LDN-London.as6453.net (80.231.130.10) [AS6453] 203.104 ms \*  
8 Vlan522.icore1.LDN-London.as6453.net (195.219.83.22) [AS6453] 308.973 ms 310.324 ms 311.038 ms  
9 ae-4.r23.londen03.uk.bb.gin.ntt.net (129.250.5.40) [AS2914] 311.799 ms 333.841 ms 313.348 ms  
10 as-0.r22.osakjp01.jp.bb.gin.ntt.net (129.250.5.35) [AS2914] 499.075 ms 501.158 ms 512.657 ms  
11 ae-5.r24.tokyjp01.jp.bb.gin.ntt.net (129.250.3.221) [AS2914] 484.258 ms 485.401 ms 499.039 ms  
12 \* \* \*  
13 xe-2-3.a17.tokyjp01.jp.ra.gin.ntt.net (61.213.169.214) [AS2914] 488.807 ms 489.543 ms 495.396 ms  
14 61.213.189.49 (61.213.189.49) [AS2914] 506.170 ms 501.504 ms 507.296 ms

So route is like Mumbai (India) - London (UK) - Tokyo (Japan).

Understanding dot in the end of hostname

This is a very popular mistake admins make - it’s missing . i.e dot in the end of hostname. This causes serious problems (and lot of frustration!).

E.g taking example of popular Google’s cname record ghs.google.com. As we know if one would like to use mail.domain.com., he has to point the CNAME record to “ghs.google.com”. Now here if one misses dot in the end of ghs.google.com. - it will give a real value like:

Poor performance of K-root server (Delhi node)

Seems like k-root servers are having issue again. This is not the first time BSNL is having such issues. Last year I reported issue with K root server (which was actually because of downtime at Delhi node).  

Here’s some data for today’s case:

PING 193.0.14.129 (193.0.14.129) 56(84) bytes of data. 
64 bytes from 193.0.14.129: 
icmp_req=1 ttl=44 time=309 ms 
64 bytes from 193.0.14.129: icmp_req=2 ttl=44 time=312 ms 
64 bytes from 193.0.14.129: icmp_req=3 ttl=44 time=312 ms 
64 bytes from 193.0.14.129: icmp_req=4 ttl=44 time=312 ms 
64 bytes from 193.0.14.129: icmp_req=5 ttl=44 time=313 ms 
--- 193.0.14.129 ping statistics --- 
5 packets transmitted, 5 received, 0% packet loss, time 4001ms 
rtt min/avg/max/mdev = 309.687/312.019/313.333/1.289 ms  


 

Finding IPv6 from IPv4 address of a host

One of my friend asked me an interesting question about relating IPv4 with IPv6. His question was: in dual stack setup, if we have IPv4 of a router/host, how can we find IPv6 associated with it?

Well, as far as I know there’s no direct way to relate IPv4 with IPv6 but there’s a nice trick out. Say e.g we have Google Public DNS operating at IPv4 - 8.8.8.8. To find IPv6 address of same server (if it exists at all), we can lookup for reverse DNS to get hostname, 

Thoughts on NKN - National Knowledge Network

You might have heard of NKN i.e National Knowledge Network by Govt. of India. Overall idea of NKN was to connect all educational institutions within country including all IIT’s, IIM’s, NIT’s and various govt. universities on fiber at 1Gbps speed. Though little late and crazy way of solving problem, but still NKN is nice effort from Mr Sam Pitroda.

I was talking to a friend from IIT Delhi last week, and here’s his speedtest.net result from his room (yeah room, not any lab!)

Simple bash script for IP-ASN mapping

Whenever I see a new unknown IP range, it gets hard to find exact source of that IP within command shell. Recently, I found a very interesting source of that information from Team Cymru.

I figured out (with a friend’s help) that using their whois server - v4.whois.cymru.com one can actually grab limited information as required. 


E.g

anurag@laptop:~$ whois -h v4.whois.cymru.com "  -v 8.8.8.8"
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name

15169   | 8.8.8.8          | 8.8.8.0/24          | US | arin     | 1992-12-01 | GOOGLE - Google Inc.

As we can see -v gives all possible information. All I needed was AS number, AS Name, BGP Prefix, Country code - this gives enough information for an IP address. Thus command turns out to be with -c & -p.

End of inter-circle roaming: Good or Bad move?

Today I read in news about Govt’s decision to finally end inter-circle roaming agreements between Airtel, Vodafone & IDEA. Well, the case is not new. It has been up with doT from over months and got highlights when CEO’s of all 3 firms wrote letter to Prime Minister of India for his intervention.  


Little background

In 3G auction held in 2010, none of the operators got pan India spectrum across 22 telecom circles. Most of them have license in around 10 circles (few in 9, few in 11 and so on) and thus no one can provide full Nationwide 3G coverage.

Start of competition based on speeds

Yesterday I read about BSNL increasing speeds from 512Kbps to 1Mbps (with caps). Today I came across news in Business Line about Bharti Airtel increasing speed on wireline DSL. This is really good believe me! I am not refering to little bit increase in speeds, but I am refering to start of competition within ISP’s based on speed. Right now it’s Wireless (3G) Vs Wireline (DSL) players, and I am sure very soon we will see competition within wireline Vs wireline players. Competition is always good specially in telecom industry. We can clearly see where we stand now: from 8years of waiting for a telephone connection to 5min of prepaid sim purchase, from 56Kbps at $1/hour to 10GB data at $20 a month. We have came so far, but yet long way to go!