nanog mailing list archives

RE: 1.1.1.1

From: Gary Sparkes via NANOG <nanog () lists nanog org>
Date: Tue, 15 Jul 2025 19:54:46 +0000

There's also ranges like 44net where RPKI is infeasible, but that is indeed a hobbyist setup in the extreme. Ampr.org

They do provide ROA though, so they're not entirely head in the sand, but it's only via RADB, not via RIR. 

Current word on the street, however, is that this was not a tata hijack, but a leak after the fact when cloudflare went 
offline. Likely some ancient test configurations or other similar example material/default setups from 20 years 
ago..... 

Even so, just ROA enforcement would protect against this. 

-----Original Message-----
From: Francis Booth via NANOG <nanog () lists nanog org> 
Sent: Tuesday, July 15, 2025 3:49 PM
To: North American Network Operators Group <nanog () lists nanog org>
Cc: Francis Booth <boothf () caramelfox net>
Subject: Re: 1.1.1.1

If reporting is accurate from RIPE, Tata has 4,976 IP route entries and of that only 2,554 of those entries have valid 
RPKI. [1]

Most likely in order to continue serving those who are unwilling or unable to deploy RPKI they work with their 
upstreams to exempt their announcements from being filtered due to invalid or missing RPKI. 

Unfortunately as long as companies continue to make exceptions as to who is exempt from RPKI route filtering the risk 
of someone announcing a bad route will persist with us. It would be awesome if every single IP resource was covered 
under RPKI but according to Cloudflare Radar, worldwide we’re only halfway there at 56.8% valid and 42.1% 
unknown/missing. [2]

Fortunately we will never have another AS7007-like incident [3] but as yesterday proved can still be quite impactful!


[1] https://stat.ripe.net/resource/AS4755#tab=routing
[2] https://radar.cloudflare.com/routing
[3] https://en.wikipedia.org/wiki/AS_7007_incident

On Jul 15, 2025, at 15:18, Marco Moock via NANOG <nanog () lists nanog org> wrote:

Am 15.07.2025 um 12:12:28 Uhr schrieb Randy Bush via NANOG:

1.1.1.1 was mis-announced by tata.  see


Didn't RPKI and IR avoid any damage?
If not, are there still relevant AS border routers that just accept 
anything?

--
Gruß
Marco

Send unsolicited bulk mail to 1752574348muell () cartoonies org 
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/XU
NM4WIHDMECHNOOKIJX5VL66WE5TQGB/


_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/XMYD6ZQHK5JO4USQGZ756KM7MP72TIFS/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/SXOGG2NJLAUNVZSX2WFUCVAHWWSAJXXU/

Current thread:

1.1.1.1 Randy Bush via NANOG (Jul 15)
- Re: 1.1.1.1 Marco Moock via NANOG (Jul 15)
  - Re: 1.1.1.1 Francis Booth via NANOG (Jul 15)
    - RE: 1.1.1.1 Gary Sparkes via NANOG (Jul 15)
  - Re: 1.1.1.1 Noah van der Aa via NANOG (Jul 15)
    - Re: 1.1.1.1 Tom Beecher via NANOG (Jul 16)
    - Re: 1.1.1.1 Saku Ytti via NANOG (Jul 16)
    - Are public DNS a good thing? (was: Re: 1.1.1.1) Marc Binderberger via NANOG (Jul 17)
    - Re: Are public DNS a good thing? (was: Re: 1.1.1.1) Mel Beckman via NANOG (Jul 17)
    - Re: Are public DNS a good thing? Marco Davids (Private) via NANOG (Jul 17)
    - Re: Are public DNS a good thing? (was: Re: 1.1.1.1) Rubens Kuhl via NANOG (Jul 17)
    - Re: Are public DNS a good thing? (was: Re: 1.1.1.1) Paul Ebersman via NANOG (Jul 17)
    - Re: Are public DNS a good thing? (was: Re: 1.1.1.1) Rubens Kuhl via NANOG (Jul 17)
    - Re: Are public DNS a good thing? (was: Re: 1.1.1.1) Paul Ebersman via NANOG (Jul 17)

(Thread continues...)