Mailing List Archive: NANOG: users

Who has AS 1712?

1 2 3

View All

Index | Next | Previous | View Threaded

bortzmeyer at nic

Nov 23, 2009, 7:10 AM

Post #1 of 60 (2236 views)
Permalink

Who has AS 1712?

% whois -h whois.ripe.net AS1712

aut-num: AS1712
as-name: FR-RENATER-ENST
descr: Ecole Nationale Superieure des Telecommunications,
descr: Paris, France.
descr: FR

% whois -h whois.arin.net AS1712

OrgName: Twilight Communications
City: Wallis
StateProv: TX
Country: US

And, yes, AS 1712 is actually used by both and announced :-(

jeffrey.lyon at blacklotus

Nov 23, 2009, 7:13 AM

Post #2 of 60 (2177 views)
Permalink

Re: Who has AS 1712? [In reply to]

Looks like FR-RENATER-ENST is in the wrong:

1708-1728 Assigned by ARIN whois.arin.net
(source: http://www.iana.org/assignments/as-numbers/ )

Jeff

On Mon, Nov 23, 2009 at 10:10 AM, Stephane Bortzmeyer <bortzmeyer [at] nic> wrote:
> % whois -h whois.ripe.net AS1712
>
> aut-num: AS1712
> as-name: FR-RENATER-ENST
> descr: Ecole Nationale Superieure des Telecommunications,
> descr: Paris, France.
> descr: FR
>
> % whois -h whois.arin.net AS1712
>
> OrgName: Twilight Communications
> City: Wallis
> StateProv: TX
> Country: US
>
> And, yes, AS 1712 is actually used by both and announced :-(
>
>

--
Jeffrey Lyon, Leadership Team
jeffrey.lyon [at] blacklotus | http://www.blacklotus.net
Black Lotus Communications of The IRC Company, Inc.

Follow us on Twitter at http://twitter.com/ddosprotection to find out
about news, promotions, and (gasp!) system outages which are updated
in real time.

Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 -
21 to find out how to "protect your booty."

bortzmeyer at nic

Nov 23, 2009, 7:18 AM

Post #3 of 60 (2176 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Mon, Nov 23, 2009 at 10:13:58AM -0500,
Jeffrey Lyon <jeffrey.lyon [at] blacklotus> wrote
a message of 42 lines which said:

> Looks like FR-RENATER-ENST is in the wrong:

You mean RIPE-NCC is wrong? Because this AS is used by ENST for many
years and is registered in the RIPE database...

fweimer at bfk

Nov 23, 2009, 7:19 AM

Post #4 of 60 (2176 views)
Permalink

Re: Who has AS 1712? [In reply to]

* Jeffrey Lyon:

> Looks like FR-RENATER-ENST is in the wrong:
>
> 1708-1728 Assigned by ARIN whois.arin.net
> (source: http://www.iana.org/assignments/as-numbers/ )

It could have been ERXed (or whatever the process is called for AS
numbers).

--
Florian Weimer <fweimer [at] bfk>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99

woody at pch

Nov 23, 2009, 7:41 AM

Post #5 of 60 (2177 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Mon, 23 Nov 2009, Stephane Bortzmeyer wrote:
> % whois -h whois.ripe.net AS1712
> as-name: FR-RENATER-ENST
>
> % whois -h whois.arin.net AS1712
> OrgName: Twilight Communications

That would be ARIN, rather than RIPE:

http://www.iana.org/assignments/as-numbers/as-numbers.xml
"1708-1728 Assigned by ARIN whois.arin.net"

> And, yes, AS 1712 is actually used by both and announced :-(

Ouch, that's unfortunate.

-Bill

morrowc.lists at gmail

Nov 23, 2009, 7:50 AM

Post #6 of 60 (2173 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Mon, Nov 23, 2009 at 10:41 AM, Bill Woodcock <woody [at] pch> wrote:
> On Mon, 23 Nov 2009, Stephane Bortzmeyer wrote:
> > % whois -h whois.ripe.net AS1712
> > as-name: FR-RENATER-ENST
> >
> > % whois -h whois.arin.net AS1712
> > OrgName: Twilight Communications
>
> That would be ARIN, rather than RIPE:
>
> http://www.iana.org/assignments/as-numbers/as-numbers.xml
> "1708-1728 Assigned by ARIN whois.arin.net"
>
> > And, yes, AS 1712 is actually used by both and announced :-(
>
> Ouch, that's unfortunate.

at least they are protected from eachother...

In all seriousness though, how does this get fixed? and... who has to
renumber? :)

ljb at merit

Nov 23, 2009, 8:06 AM

Post #7 of 60 (2177 views)
Permalink

Re: Who has AS 1712? [In reply to]

Bill Woodcock wrote:
> On Mon, 23 Nov 2009, Stephane Bortzmeyer wrote:
> > % whois -h whois.ripe.net AS1712
> > as-name: FR-RENATER-ENST
> >
> > % whois -h whois.arin.net AS1712
> > OrgName: Twilight Communications
>
> That would be ARIN, rather than RIPE:
>
> http://www.iana.org/assignments/as-numbers/as-numbers.xml
> "1708-1728 Assigned by ARIN whois.arin.net"
>
> > And, yes, AS 1712 is actually used by both and announced :-(
>
> Ouch, that's unfortunate.
>
> -Bill
>
>
>

It's not just AS1712. AS1707 - AS1726 appear to all
have been allocated to Renater. AS1707 was ERX'd to
RIPE on Sep 9, 2002, but it appears that AS1708-AS1726
were missed and have subsequently been reallocated
by ARIN (between Aug 18 and Aug 21, 2009)

-Larry

bbillon-ml at splio

Nov 23, 2009, 8:29 AM

Post #8 of 60 (2170 views)
Permalink

Re: Who has AS 1712? [In reply to]

The RENATER I'm peering with is AS2200.
From my PoV, AS1712 is announced by as174 and as701, with all the
respect do to them I doubt their announcing RENATER.

From what I receive from as2200:
* 137.194.0.0 194.68.129.102 0 2200 2200 2422 1712 i

And from bgp table (sniped):
sh ip bgp path 1712$
Address Hash Refcount Metric Path
0x52D8F878 352 2 1001 174 1712 i
0x575A9088 1320 1 0 6453 174 1712 i
0x2274494C 1849 2 0 6453 701 1712 ?
0x52CF7AD0 1986 1 0 2200 2200 2422 1712 i
0x66B90AD0 3421 1 0 2200 2422 1712 i

Indeed: WTF.

Stephane Bortzmeyer a écrit :
> % whois -h whois.ripe.net AS1712
>
> aut-num: AS1712
> as-name: FR-RENATER-ENST
> descr: Ecole Nationale Superieure des Telecommunications,
> descr: Paris, France.
> descr: FR
>
> % whois -h whois.arin.net AS1712
>
> OrgName: Twilight Communications
> City: Wallis
> StateProv: TX
> Country: US
>
> And, yes, AS 1712 is actually used by both and announced :-(
>

frederic at placenet

Nov 23, 2009, 8:31 AM

Post #9 of 60 (2174 views)
Permalink

Re: Who has AS 1712? [In reply to]

Arin CREATE DATE:

2009-08-19

RIPE CREATE DATE:
1999-10-14

well, we all know the serious of these compagny....

@+

Le lundi 23 novembre 2009 Ã 16:10 +0100, Stephane Bortzmeyer a Ã©crit :
> % whois -h whois.ripe.net AS1712
>
> aut-num: AS1712
> as-name: FR-RENATER-ENST
> descr: Ecole Nationale Superieure des Telecommunications,
> descr: Paris, France.
> descr: FR
>
> % whois -h whois.arin.net AS1712
>
> OrgName: Twilight Communications
> City: Wallis
> StateProv: TX
> Country: US
>
> And, yes, AS 1712 is actually used by both and announced :-(
>
>

bortzmeyer at nic

Nov 23, 2009, 8:36 AM

Post #10 of 60 (2179 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Mon, Nov 23, 2009 at 05:29:59PM +0100,
Benjamin BILLON <bbillon-ml [at] splio> wrote
a message of 36 lines which said:

> The RENATER I'm peering with is AS2200.

The AS number was allocated (ten years ago, as noticed by Frédéric)
through the LIR Renater to the customer ENST (now Télécom Paris
Tech). It does not mean it is today announced by Renater.

bortzmeyer at nic

Nov 23, 2009, 8:37 AM

Post #11 of 60 (2173 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Mon, Nov 23, 2009 at 11:06:31AM -0500,
Larry Blunk <ljb [at] merit> wrote
a message of 29 lines which said:

> it appears that AS1708-AS1726 were missed and have subsequently been
> reallocated by ARIN (between Aug 18 and Aug 21, 2009)

Now, interesting question: what can we do to solve the problem? Who
should act?

I am quite surprised that it is possible to have the same AS number in
two different RIRs, to different organizations :-( IP resources
certificates will be difficult to deploy here.

morrowc.lists at gmail

Nov 23, 2009, 8:46 AM

Post #12 of 60 (2174 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Mon, Nov 23, 2009 at 11:37 AM, Stephane Bortzmeyer <bortzmeyer [at] nic> wrote:
> On Mon, Nov 23, 2009 at 11:06:31AM -0500,
> Larry Blunk <ljb [at] merit> wrote
> a message of 29 lines which said:
>
>> it appears that AS1708-AS1726 were missed and have subsequently been
>> reallocated by ARIN (between Aug 18 and Aug 21, 2009)
>
> Now, interesting question: what can we do to solve the problem? Who
> should act?
>
> I am quite surprised that it is possible to have the same AS number in
> two different RIRs, to different organizations :-( IP resources
> certificates will be difficult to deploy here.

oh! we can test out that 'transfer' policy now! :) lookie it's the
ip-resources grey market arriving early (or on-time, depending upon
which of Geoff's presentations you read over the years)

-Chris

smb at cs

Nov 23, 2009, 9:27 AM

Post #13 of 60 (2174 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Nov 23, 2009, at 10:50 03AM, Christopher Morrow wrote:

> On Mon, Nov 23, 2009 at 10:41 AM, Bill Woodcock <woody [at] pch> wrote:
>> On Mon, 23 Nov 2009, Stephane Bortzmeyer wrote:
>> > % whois -h whois.ripe.net AS1712
>> > as-name: FR-RENATER-ENST
>> >
>> > % whois -h whois.arin.net AS1712
>> > OrgName: Twilight Communications
>>
>> That would be ARIN, rather than RIPE:
>>
>> http://www.iana.org/assignments/as-numbers/as-numbers.xml
>> "1708-1728 Assigned by ARIN whois.arin.net"
>>
>> > And, yes, AS 1712 is actually used by both and announced :-(
>>
>> Ouch, that's unfortunate.
>
> at least they are protected from eachother...

So much so that they probably can't even email each other to discuss it...

--Steve Bellovin, http://www.cs.columbia.edu/~smb

dhetzel at gmail

Nov 23, 2009, 9:31 AM

Post #14 of 60 (2169 views)
Permalink

Re: Who has AS 1712? [In reply to]

>
> >> Ouch, that's unfortunate.
> >
> > at least they are protected from eachother...
>
> So much so that they probably can't even email each other to discuss it...
>
>
> --Steve Bellovin, http://www.cs.columbia.edu/~smb<http://www.cs.columbia.edu/%7Esmb>
>
>
>
Well, unless they have default routes... :)

randy at psg

Nov 23, 2009, 2:58 PM

Post #15 of 60 (2151 views)
Permalink

Re: Who has AS 1712? [In reply to]

> It's not just AS1712. AS1707 - AS1726 appear to all have been
> allocated to Renater. AS1707 was ERX'd to RIPE on Sep 9, 2002, but it
> appears that AS1708-AS1726 were missed and have subsequently been
> reallocated by ARIN (between Aug 18 and Aug 21, 2009)

this failure is one of the joys of per-rir trust anchors

randy

randy at psg

Nov 23, 2009, 4:25 PM

Post #16 of 60 (2151 views)
Permalink

Re: Who has AS 1712? [In reply to]

> In all seriousness though, how does this get fixed? and... who has to
> renumber? :)

luckily, it's not a renumber in the ip address sense. but some router
jock[ette]s are gonna be even more overworked than usual.

how to detect if there are more instances?

how to prevent new instances, both asn and ip?

randy

alain_durand at cable

Nov 23, 2009, 4:42 PM

Post #17 of 60 (2150 views)
Permalink

Re: Who has AS 1712? [In reply to]

On 11/23/09 7:25 PM, "Randy Bush" <randy [at] psg> wrote:

> how to prevent new instances, both asn and ip?
>
The whole value of the RIR is to guarantee this uniqueness. This problem
should not have happened.
The fact that it has is troublesome. I¹ll make a guess that this is a result
of a clerical error somewhere in the chain...
The answer to the above question seems to be stricter process.

- Alain.

randy at psg

Nov 23, 2009, 5:03 PM

Post #18 of 60 (2149 views)
Permalink

Re: Who has AS 1712? [In reply to]

> The answer to the above question seems to be stricter process.

mops schmops. formal rigor and tools, please.

randy

jared at puck

Nov 23, 2009, 5:11 PM

Post #19 of 60 (2142 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Tue, Nov 24, 2009 at 07:58:00AM +0900, Randy Bush wrote:
> > It's not just AS1712. AS1707 - AS1726 appear to all have been
> > allocated to Renater. AS1707 was ERX'd to RIPE on Sep 9, 2002, but it
> > appears that AS1708-AS1726 were missed and have subsequently been
> > reallocated by ARIN (between Aug 18 and Aug 21, 2009)
>
> this failure is one of the joys of per-rir trust anchors

I don't see operators jumping at the idea of central trust anchor
myself, no more than I see everyone ready to sign the root zone.

I see some gTLD and ccTLD operators ready, but not all gTLD and ccTLD
operators want it signed. There is perhaps the same issue here.

Then again, ARIN doesn't say that an allocated resource is actually
usable, they've specifically ducked that one in the past with address
space on blacklists or bogon filters... I am curious to see their response
now.

- Jared

--
Jared Mauch | pgp key available via finger from jared [at] puck
clue++; | http://puck.nether.net/~jared/ My statements are only mine.

jlewis at lewis

Nov 23, 2009, 5:25 PM

Post #20 of 60 (2146 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Mon, 23 Nov 2009, Durand, Alain wrote:

> On 11/23/09 7:25 PM, "Randy Bush" <randy [at] psg> wrote:
>
>> how to prevent new instances, both asn and ip?
>>
> The whole value of the RIR is to guarantee this uniqueness. This problem
> should not have happened.
> The fact that it has is troublesome. I¹ll make a guess that this is a result
> of a clerical error somewhere in the chain...
> The answer to the above question seems to be stricter process.

Even after that clerical error happened, the subsequent error of assigning
an ASN that's already assigned should never have happened. It seems
someone (probably multiple someones) never considered this possibility.

When assigning a subnet of our IP space to a customer or internal network,
first I look for a suitably sized block marked as "open" in our IP space.
Then I check our IGP to make sure that block isn't currently routed
somewhere. It's a little disappointing that I ever find it is...but it
happens. It just happened yesterday in fact. A customer who had some
servers turned down had their subnet marked as available for re-use, but
it looks like they still have a few servers online in that VLAN and the
space obviously isn't ready for re-use.

Is it too much to ask that the RIRs query each other's whois servers for
an ASN before assigning that ASN?...just to make sure an ASN they think
they're responsible for and about to assign hasn't already been assigned
by another RIR? That should have been an item on the RIR ASN assignment
checklist from the beginning.

----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

brunner at nic-naa

Nov 23, 2009, 6:03 PM

Post #21 of 60 (2149 views)
Permalink

Re: Who has AS 1712? [In reply to]

Jared Mauch wrote:
> On Tue, Nov 24, 2009 at 07:58:00AM +0900, Randy Bush wrote:
>
>>> It's not just AS1712. AS1707 - AS1726 appear to all have been
>>> allocated to Renater. AS1707 was ERX'd to RIPE on Sep 9, 2002, but it
>>> appears that AS1708-AS1726 were missed and have subsequently been
>>> reallocated by ARIN (between Aug 18 and Aug 21, 2009)
>>>
>> this failure is one of the joys of per-rir trust anchors
>>
>
> I don't see operators jumping at the idea of central trust anchor
> myself, no more than I see everyone ready to sign the root zone.
>

Not everyone gets to sign the IANA root zone.

> I see some gTLD and ccTLD operators ready, but not all gTLD and ccTLD
> operators want it signed. There is perhaps the same issue here.
>

I'm looking at the registry service requests for .museum, .org, .com/.net/.name, .biz, and writing .cat's.

What gTLD operators are you looking at?
What ccTLD operators are you looking at?

> Then again, ARIN doesn't say that an allocated resource is actually
> usable, they've specifically ducked that one in the past with address
> space on blacklists or bogon filters... I am curious to see their response
> now.
>
> - Jared
>
>

morrowc.lists at gmail

Nov 23, 2009, 8:33 PM

Post #22 of 60 (2139 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Mon, Nov 23, 2009 at 7:25 PM, Randy Bush <randy [at] psg> wrote:
>> In all seriousness though, how does this get fixed? and... who has to
>> renumber? :)
>
> luckily, it's not a renumber in the ip address sense. but some router
> jock[ette]s are gonna be even more overworked than usual.

hope for their sake it's just 1 router :) and 2 transits ... if they
have internal bgp setup (more than one router in their peering/transit
edge) it's going to cause them some pain :(

(at least with only 1 router and 2 bgp peers you could hope to static
route around the maintenance event)

> how to detect if there are more instances?

o Should some form of 'scrape routeviews before assignment' happen at
the RIR? (if you don't like o RV, pick another 2-3 sources of data)
o How do you make sure each RIR does this act?
o Should the customer check public data sources before acceptance?
o Is there a 30 day revoke/return dance for Number Resources?

> how to prevent new instances, both asn and ip?

See above ... It seems sensible to check existing data sources, if
that can be automated easily enough?

-chris

jlewis at lewis

Nov 23, 2009, 9:32 PM

Post #23 of 60 (2142 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Mon, 23 Nov 2009, Christopher Morrow wrote:

>> how to detect if there are more instances?
>
> o Should some form of 'scrape routeviews before assignment' happen at
> the RIR? (if you don't like o RV, pick another 2-3 sources of data)
> o How do you make sure each RIR does this act?
> o Should the customer check public data sources before acceptance?
> o Is there a 30 day revoke/return dance for Number Resources?

Checking "global BGP" only works if the ASN is being announced at that
instant. That ought to be one of the due diligence steps, but so should
checking the various RIR whois servers. Lots of ASNs have been assigned
but aren't visible in the global table.

----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

morrowc.lists at gmail

Nov 23, 2009, 9:43 PM

Post #24 of 60 (2143 views)
Permalink

Re: Who has AS 1712? [In reply to]

On Tue, Nov 24, 2009 at 12:32 AM, Jon Lewis <jlewis [at] lewis> wrote:
> On Mon, 23 Nov 2009, Christopher Morrow wrote:
>
>>> how to detect if there are more instances?
>>
>> o Should some form of 'scrape routeviews before assignment' happen at
>> the RIR? (if you don't like o RV, pick another 2-3 sources of data)
>> o How do you make sure each RIR does this act?
>> o Should the customer check public data sources before acceptance?
>> o Is there a 30 day revoke/return dance for Number Resources?
>
> Checking "global BGP" only works if the ASN is being announced at that
> instant. That ought to be one of the due diligence steps, but so should
> checking the various RIR whois servers. Lots of ASNs have been assigned but
> aren't visible in the global table.
>

sure, pick 2-3 ways to check was my point... I ain't writin' RIR
policy in nanog maillist traffic :) I presume also there's some '80%
check is good enough' standard that's applied along the way because I
doubt you'll ever get 100% certainty in this sort of thing, sadly.

-Chris

> ----------------------------------------------------------------------
> Jon Lewis | I route
> Senior Network Engineer | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>

randy at psg

Nov 23, 2009, 10:58 PM

Post #25 of 60 (2140 views)
Permalink

Re: Who has AS 1712? [In reply to]

>> how to detect if there are more instances?
>
> o Should some form of 'scrape routeviews before assignment' happen at
> the RIR? (if you don't like o RV, pick another 2-3 sources of data)
> o How do you make sure each RIR does this act?
> o Should the customer check public data sources before acceptance?
> o Is there a 30 day revoke/return dance for Number Resources?
>
>> how to prevent new instances, both asn and ip?
>
> See above ... It seems sensible to check existing data sources, if
> that can be automated easily enough?

owned resources may not be announced or visible universally.

existing data sources deeply suck. rir source data are in different
formats, owner identies are not even unique in one rir (how many names
does goog have in arin?), let alone coordinated across rirs, much
historical data is missing, ...

dual ownership is needed for transfer. so i am thinking along the lines
of an aged report of cert conflicts. maybe "bob and alice have both
owned 42.666.0.0/15 for 77 days."

of course this begs the issue of irs not having unique single IDs for
bob and alice.

randy

1 2 3

View All

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads