Topic List |
Page List:
1 |
---|---|
CableZL 11/12/18 5:09:11 PM #1: |
At work, our primary internet connection is through Spectrum... According to the traceroute, traffic destined to Google was getting routed through China.
I've failed my job over to the secondary connection, but other people on Spectrum may be having similar issues. --- ... Copied to Clipboard!
|
#3 | Post #3 was unavailable or deleted. |
P4wn4g3 11/12/18 5:37:43 PM #4: |
I thought time weiner was great
sadface --- 7D ChessMaster of Dark Aether https://www.gamefaqs.com/boards/851-dark-aether ... Copied to Clipboard!
|
CableZL 11/12/18 5:50:23 PM #5: |
Looks like they normalized the routing a little while ago.
--- ... Copied to Clipboard!
|
CableZL 11/13/18 9:51:07 AM #6: |
https://www.engadget.com/2018/11/13/google-outage-rerouted-china-russia/
The problem started when a carrier in Lagos, Nigeria improperly declared its own system as the correct route to several hundred IP prefixes belonging to Google. China Telecom accepted the route (also improperly) and declared it worldwide. That in turn was picked up by Russia's Transtelecom and other large ISP services. Later on, the same Nigerian carrier made a second incorrect IP declaration that sent Google partner Cloudflare's IP addresses on a similar joyride. That's what happened. --- ... Copied to Clipboard!
|
P4wn4g3 11/13/18 10:16:38 AM #7: |
... Copied to Clipboard!
|
Questionmarktarius 11/13/18 10:17:44 AM #8: |
P4wn4g3 posted...
smh nigeria The prince still owes me money... ... Copied to Clipboard!
|
#9 | Post #9 was unavailable or deleted. |
Paragon21XX 11/13/18 10:19:05 AM #10: |
Nigerian prince strikes again!
--- Hmm... ... Copied to Clipboard!
|
#11 | Post #11 was unavailable or deleted. |
#12 | Post #12 was unavailable or deleted. |
CableZL 11/13/18 10:29:09 AM #13: |
Ex-Kefiroth posted...
CableZL posted...traffic destined to Google was getting routed through China. It can happen very easily if you don't do route filtering. Global routing, by default, is based on a trust system. One router tells the next router what routes it knows about and the metrics (quality and other things) about those routes. The receiving router examines the advertised routes and decides whether that router's path to a certain destination subnet is the best one it has or not. If it's the best route, then the route is placed in the routing table and any traffic to that destination subnet is sent to that next router. If that next router's route isn't the best, then it keeps it in a secondary routing table just in case the best route goes down. If you have route filtering in place (everyone SHOULD, but not everyone does), then you can set it up so that the router won't allow an unexpected route to be placed in its routing table and thus avoid this kind of problem. --- ... Copied to Clipboard!
|
CableZL 11/13/18 10:46:54 AM #14: |
Ex-Kefiroth posted...
Yeah, I call BS. It is very likely an accidental thing. Some time last year, I believe, Level3 had a BGP routing mishap that took down like 3 different carriers across the US. --- ... Copied to Clipboard!
|
P4wn4g3 11/13/18 10:47:36 AM #15: |
how does one use route filtering
--- 7D ChessMaster of Dark Aether https://www.gamefaqs.com/boards/851-dark-aether ... Copied to Clipboard!
|
CableZL 11/13/18 11:03:05 AM #16: |
P4wn4g3 posted...
how does one use route filtering There are a couple different methods. 1) With Cisco, you can use a distribute list, which uses an access list to either permit or deny certain subnets inbound or outbound. Example config: router bgp 65000 neighbor 10.0.0.1 distribute-list 1 in access-list 1 permit 1.1.1.1/32 access-list 1 deny 2.2.2.2/32 This config would cause BGP to allow 1.1.1.1/32 to be placed into the routing table if it is received from the peer router at 10.0.0.1, but deny 2.2.2.2/32 inbound from that same router. Any other subnet not listed in access-list 1 is also denied by default unless you add a line at the end that says access-list 1 permit any. 2) The way I like to do it is with route maps. Route maps are a little more complex, but they also allow you to do more things with the allowed or denied prefixes like modify metrics and route tags. Example config: router bgp 65000 neighbor 10.0.0.1 route-map TO-SPECTRUM in route-map TO-SPECTRUM permit 10 match ip address prefix-list TO-SPECTRUM set metric 3 set weight 110 set tag 10 set as-path prepend 65001 65001 65001 ip prefix-list TO-SPECTRUM seq 5 permit 0.0.0.0/0 This config only allows the prefix 0.0.0.0/0 (known as a default route) inbound from the peer router at 10.0.0.1. It also sets the BGP metric (MED, multi-exit discriminator) value to 3, sets the weight value to 110, route tag to 10, and adds 3 AS hops of 65001 to the AS-Path of the BGP route for any prefix list permitted in the prefix list TO-SPECTRUM. --- ... Copied to Clipboard!
|
P4wn4g3 11/13/18 11:09:16 AM #17: |
Ah so it's complicated network admin stuff.
--- 7D ChessMaster of Dark Aether https://www.gamefaqs.com/boards/851-dark-aether ... Copied to Clipboard!
|
CableZL 11/13/18 11:12:59 AM #18: |
P4wn4g3 posted...
Ah so it's complicated network admin stuff. Yeah. This is stuff is typically done on network infrastructure equipment that your ISP would have or on a company's enterprise network infrastructure. --- ... Copied to Clipboard!
|
Topic List |
Page List:
1 |