24 Sep

Tata Communications (AS4755) pushing traffic to Reliance Jio (AS55836) via Singapore!

Bad route

So it seems like apart from voice interconnect issues, Jio is also facing routing issues on the backbone. I ran a trace to one of IP’s on Jio network allocated to end customer –

I ran trace from all Indian RIPE Atlas probes – https://atlas.ripe.net/measurements/5738489/#!probes

There seem quite a few RIPE Atlas probes which are giving latency on 150ms + range. Seems like they are downstream or downstream of downstream of Tata Comm’s AS4755 and routing is happening via Singapore!



Two of such traces

jio1 screen-shot-2016-09-24-at-11-26-05-pm


This isn’t how regular routing should work since even if both do not announce routes to each other, Jio’s routes are visible at NIXI. E.g NIXI Noida shows visible which covers that test IP. Tata AS4755 is probably rejecting that IP.



And if we look at Tata AS6453 routing table for their Chennai PoP, it shows AS_PATH as AS3431 (PCCW Global) who happens to be upstream of Jio’s International network AS64049.



Clearly, that’s just bad routing!


It might be the case Tata is doing intentionally without any evil plans because NIXI might just not have sufficient capacity. Overall ISPs should peer with PNI’s as well as we need IX’es other than just NIXI to promote more peering and promote better interconnect.


Disclaimer: This post and expressed comments are in my personal capacity and my employer has no relation with it. 

06 Oct

K root server – Noida anycast and updates

K root in Noida seems to be not getting enough traffic from quite sometime and connectivity does seems bit broken. This is a blog post following up to Dyn’s excellent and detailed post about how TIC leaked the world famous address space used by AS25152. It was good to read this post from RIPE NCC written by my friend Emile (and thanks to him for crediting me to signal about traffic hitting outside!)


The route leak…

TIC AS48159 was supposed to keep the route within it’s IGP but it leaked it to Omantel AS8529 – a large International backbone which propagated route leak further to global table. It was mistake at by both players primarily by TIC for leaking route.


If we look at IPv4 route propagation graph of Omatel AS8529 on Hurricane Electric BGP tool kit, it shows two import ASNs:


Omantel IPv4 routing



This has AS9498 (Bharti Airtel) and AS6453 (Tata Communications). Both of these are extremely important networks and two of large International and domestic IP transit providers in India. Very likely Omantel is customer of Bharti Airtel and if we look at IRR record of Airtel as published in their peeringdb record: AS9498:AS-BHARTI-IN


Anurags-MacBook-Pro:~ anurag$ whois -h whois.apnic.net AS9498:AS-BHARTI-IN |grep -w AS8529
members: AS38476,AS45219,AS45264,AS45283,AS45514,AS45451,AS37662,AS45491,AS7642,AS45517,AS45514:AS-TELEMEDIA-SMB,AS45609,AS38740,As131210,AS45335,AS23937,AS132045,AS8529,AS132486,AS8164,AS133967,AS37048
Anurags-MacBook-Pro:~ anurag$


This also confirms the same. Airtel did picked this route and since it was a customer route, it had a higher local preference then the peering route Airtel learnt from NIXI Noida peering with  K root. For now route leak fixed and Airtel seems to be having good routing with K root anycast instance in Noida.


Current status

From Tata Communications – it’s yet not picking announcement of K root anycast instance from Noida since their peering session at NIXI Noida has been down from long time. NIXI moved over from STPI to Netmagic Sector 63 Noida in August (see heavy drop of traffic in NIXI Noida graphs here). From that time onwards Tata’s domestic backbone AS4755’s peering session seems down.


As per NIXI’s connected parties page, Tata Comm’s IP is From NIXI’s looking glass there seems to no peer on that IP !


Hence for now Tata Comm isn’t getting route at all from Noida instance and that explains reason for bad outbound path.


Example of trace from Tata Comm to K root:


even same stays for its downstream customers who have outbound via TCL:



Another issue which is causing serious trouble around K root is the fact that it appears to be broken IP transit pipe of K root Noida. Due to the way NIXI works, K root must have a IP transit pipe. I pointed long back about broken connectivity of root DNS servers due return path problems. After that both K root and i root got transit but seems like after NIXI moved over, IP transit has been broken for current setup in Netmagic.


Why “local node” of root server needs IP transit?

It needs transit because:

    1. NIXI has a weird pricing of “x-y” where requester pays and this leads to a quite high settlement amount for a network which has a high inbound traffic (eyeball network) – even few x times than that of transit! (paying 5Rs/GB!). This leads to scenario where networks do “partial prefix announcement” to keep their traffic balanced (or slightly in outbound direction) to avoid high settlement cost. Hence most of such eyeball networks announce their regional routes but avoid all routes while they still do learn K root’s route and inject in their IGP.This leads in case where K root’s is leant by networks in West and South India and hence there’s a forward path from customers >>> K root Noida node. Now since these networks aren’t announcing their West or South Indian routes at NIXI Noida, there’s no return path for packets. Thus for root DNS to stay operationally stable (which they should since they are critical) they must have transit / default route to return packets as last resort to IP’s which aren’t visible via peering.
    2. Similar case of some other random leaked routes. E.g if a large ISP decided to learn K root route and announce to customer’s table thus leading to Customer > Large network > K root Noida path while not announcing that customer’s route at NIXI resulting in no return path.



So in short – It does needs transit but just for outbound traffic, not for announcing routes on the transit.

I have informed of broken connectivity issue to RIPE NCC and their team is actively working on the fix. Hopefully it would be fixed very soon!


With hope that your DNS is not getting resolved from other side of world, good night! 🙂


Disclaimer: As usual – thoughts & comments are completely personal.