|   HOME   |   RESEARCH   |   DATA   |   TOOLS   |   PUBLICATIONS   |   WORKSHOPS   |   PROJECTS   |   FUNDING   |
CAIDA Home
 
 www.caida.org > analysis : routing : : incongruity
    visit     contact     search:
CAIDA: Cooperative Association for Internet Data Analysis
Incongruities Between Announced BGP AS Path and Forward Path

-----summary of contents-----
We have observed discrepancies between the announced BGP AS path and the actual forward path as measured by CAIDA skitter boxes.
-----end summary of contents-----
 

Discrepancy of announced BGP AS path versus forward path as measured by
skitter boxes. (Using skitter source riesling.caida.org, On net 192.172.226
Checking the paths from riesling on 11/16: Most of the path differences seem
to be insertion of an additional AS hop, typically 2914 (Verio) just after
1740 (CERF), but also 1877

##Target: 193.14.46.1
##BGP path:             195 1740 1800 1257
##Forwarding path:      195 1740 2914 1800 1877 1257

This is interesting though:

##Target: 196.38.47.1
##BGP path:             195 1740 7018 3741
##Forwarding path:      195 1740 701 3741

The path is advertised through ATT, but passes through UUNET

##Target: 216.72.47.1
##BGP path:             195 1740 4000
##Forwarding path:      195 1740 2914 4000 7984 4000

##Target: 195.187.47.1
##BGP path:             195 1740 701 1833 1299 8308
##Forwarding path:      195 1740 701 1833 3301 8308

##Target: 194.250.47.1
##BGP path:             195 1740 1239 5511 3215
##Forwarding path:      195 1740 1239 3215 5511 3215

##Target: 200.6.48.1
##BGP path:             195 1740 7018 3561 1916
##Forwarding path:      195 1740 7018 3561 2561

##Target: 203.16.48.1
##BGP path:             195 1740 6453 1221 9324
##Forwarding path:      195 1740 6453 1221 2764

##Target: 193.40.48.1
##BGP path:             195 1740 6453 2603 1741 3221
##Forwarding path:      195 1740 6453 2603 UNKN 3221

This last is probably just a 10/8 intermediate hop...

##Target: 216.72.48.1
##BGP path:             195 1740 4000
##Forwarding path:      195 1740 2914 4000 7984 4000

Skipping forwards a bit:

##Target: 207.24.67.1
##BGP path:             195 1740 1673 {1324,12217,1333,1326,1695,1322,1335,5113,1334,1670,1677,1665,1325,1669,1323,1327,1684,1667,1661,1672,1663,1331,1675,1321,1685,689,1225,1332,1330,1674,11563,1671,1662}
##Forwarding path:      195 1740 2914 1673 1325

This seems perfectly OK, as 1325 is a member of the AS set

##Target: 198.97.67.1
##BGP path:             145 7170 132
##Forwarding path:      195 145 7170 132

Quite bizarre! For some reason this path went out through SDSC? Most likely
the route changed during the day, but it currently goes through the vBNS
directly (11/18, ~23:00)

Verio AS insertion occurs from:

traceroute to 194.23.44.1
traceroute to 193.14.46.1
[...]
14      134.24.46.114   AS1740
15      192.157.69.21   AS2914
16      198.67.133.37   AS1800

traceroute to 195.70.45.1
traceroute to 194.211.46.1
traceroute to 194.55.47.1
[...]
9       134.24.29.37    AS1740
10      198.32.136.28   AS2914
11      134.222.228.18  AS286

traceroute to 203.111.46.1
traceroute to 194.235.47.1
[...]
14      134.24.46.169   AS1740
15      192.157.69.80   AS2914
16      204.59.136.193  AS4000

192.157.69.0/24 belongs to Sprint, and the whois record indicates it is used
for NAPs. Known NAP prefixes:

Sprint (NETBLK-SPRINT-NAP)      SPRINT-NAP       192.157.64.0 - 192.157.73.255
Sprint NAP Team (NET-ICMNET-6)  ICMNET-6                          192.157.69.0

Exchange Point Blocks (NET-EP-)

Netname: NET-EP-1
Netblock: 198.32.0.0 - 198.32.255.255

Suspected NAP prefixes:

ENEA Data AB (NET-SWNET4)

Netname: SWNET4
Netnumber: 192.36.147.0

Cable & Wireless USA (NETBLK-CW-02-BLK)

Netname: CW-02-BLK
Netblock: 204.188.0.0 - 204.189.255.255
Maintainer: CWUS
(only 204.189.152.0/24)
from:
traceroute to 192.160.50.1
[...]
13      204.70.2.14     AS3561
14      204.189.152.170 AS2561
15      200.130.255.21  AS1916

Egyptian Universities Network (EUN) (ASN-FRCU-EUN)
Autonomous System Name: FRCU-EUN
   Autonomous System Number: 2561

Performance Systems International, Inc. (NETBLK-PSI-C)

   Netname: PSINET-C4
   Netblock: 204.4.0.0 - 204.7.255.0
   Maintainer: PSI
(only 204.6.118.0/24)
from:
traceroute to 199.67.51.1
[...]
7       134.24.29.74    AS1740
8       204.6.118.137   AS8656
9       38.1.3.45       AS174

aut-num:     AS8656
descr:       PSINet Europe DE

PSINet Inc. (ASN-PSINET)
   Autonomous System Name: PSINET
   Autonomous System Number: 174

Hmm, this last one might not be a NAP.

So any hop from these prefixes should probably be ignored in the forwarding
AS path

So is Global One Colombia (ASN-GIPCO) Autonomous System Number: 7984
providing transit for Sprint (4000) in Columbia?

traceroute to 216.72.47.1
[...]
12      134.24.46.169   AS1740
13      192.157.69.80   AS2914
14      204.59.137.134  AS4000
15      206.49.176.241  AS7984
16      206.49.176.130  AS7984
17      196.27.25.81    AS4000
##BGP path:             195 1740 4000
##Forwarding path:      195 1740 2914 4000 7984 4000

So BGP isn't being used end-to-end (AS-wise) on this path. For a multihomed
provider, this opens the possibility of loops. Why is Sprint
proxy-advertising the destination, but the intermediate prefixes are still
being advertised by GIPCO? Where is GIPCO advertising these prefixes, and do
they peer with anyone other than Sprint? Has GIPCO been bought by Sprint,
and is this just displaying a transitional phase?

Similar weirdness between OPENTRANSIT (5511) and RAIN (3215) in .fr:

traceroute to 194.250.47.1
[...]
11      194.206.207.53  AS3215
12      193.251.128.129 AS5511
13      193.251.128.34  AS5511
14      194.250.89.13   AS3215
15      194.250.89.2    AS3215
16      194.250.88.5    AS3215
17      194.250.88.10   AS3215
18      194.250.180.146 AS3215
19      195.101.11.58   AS3215

Cooperative Association for Internet Data Analysis (CAIDA)
  Last Modified: Thurs Mar-2-2006 23:25:0 PDT
  Maintained by: Young Hyun
  Page URL: http://www.caida.org/analysis/routing/incongruity/index.xml