22 Sep

RIPE Atlas India coverage and some thoughts

It has been some time since I started pushing Indian community for hosting RIPE Atlas Probes. These probes are small devices designed to be hosted at end user’s connection and do pre-defined as well as user-defined measurement. Measurement includes ping, trace, DNS lookup, SSL check etc.

Currently, there are 61 active RIPE Atlas probes. I would say it has +/- of 7-8 probes which go offline and come back online when I request hosts to check.

 

 

Map of probes in India

 

I think now we about to reach a scenario where we should focus more around probes in specific regions and specific networks. Metro cities have some probes but outside are pretty much missing. Plus almost no probe in central India. In terms of ASN coverage, we can look at Hurricane Electric’s country report for top ASNs list – https://bgp.he.net/country/IN

 

Following top ASNs IP network are missing from coverage of probe network:

  1. Reliance Communications  – AS18101
  2. Vodafone India – AS55410
  3. Sify – AS9583 (I recently shipped probes to them and expecting few to go online soon)
  4. TTSL – AS45820
  5. IDEA Cellular – AS55644
  6. Aircel – AS10201
  7. Syscon Infoway – AS45194
  8. CtrlS datacenter – AS18229
  9. Ishan’s Network – AS45117
  10. Railtel Corp – AS24186

 

In case you work for any of these networks or are a customer of these networks, please consider hosting RIPE Atlas probe. You can fill the form given below and I will send you a probe on priority.

19 Mar

Prefix hijacks by D-Vois Broadband

Today BGPmon reported about possible BGP prefix hijack of Amazon’s IP address space. Amazon announces 50.16.0.0/16 from AS14618. At 13:45:44 UTC / 19:15:44 IST D-Vois broadband started originating a more specific 50.16.226.0/24 in the table from AS45769.

One of example AS_PATH of this announcement: 198290 197264 197264 197264 29467 1299 9583 45769

Clearly, this leak was carried over by AS9583 (Sify) to AS1299 (Telia) and was carried over to rest of internet from there. There was a visible withdrawal of this request by 14:17:37 UTC / 19:47:37 IST.  So it was visible for approx 32mins.

Hard to guess on how come they did that. May be they are learning more specific /24 from Amazon in India and they leaked e-BGP routes in their IGP or it was just a hijack for some hard to guess reasons.

BGP Play link for the reference: https://stat.ripe.net/widget/bgplay#w.resource=50.16.226.0/24

Right along with this, there are multiple more visible hijacks by D-Vois including of Cloudflare, AT&T, Microsoft etc.

 

For instant updates, one may follow – https://bgpstream.com/

 

 

***Updates***

So I looked at dumps from RIPE RIS collector rrc00 at 13:45UTC. This dump shows following prefixes announced by AS45769 updates.20170319.1345-prefixes

I used Team Cymru’s IP-ASN service to map these against actual origin ASNs and I get a list of all leaks:

 

I think it’s very hard to say now what actually caused the leak.