Mismatch in Quagga-RPKI vs HE.net
11 views
Skip to first unread message
alejandroacostaalamo
May 31, 2014, 10:21:41 PM5/31/14
to rtr...@googlegroups.com
Hello List, Few days ago I found something weird that I would like to share with you. I might be doing something wrong or probably I found a bug. I installed quagga with RPKI support and I'm using RIPE NCC Validator. The case is that when checking the network 200.85.64.0/20 in Quagga it appears as Invalid. I think it should be Valid as you can check yourself using he.net whois. Anyhow, I don't think there should be two different rpki states out there. Here is the output of what I found. 1) 200.85.64/20 prefix: a) In Quagga (Invalid): I*> 200.85.64.0/20 200.7.84.2 0 64512 28007 6939 7908 i b) In he.net (Valid): root@squat:/tmp# whois -h whois.bgpmon.net " --roa 7908 200.85.64.0/20" 0 - Valid ------------------------ ROA Details ------------------------ Origin ASN: AS7908 Not valid Before: 2013-12-24 06:52:26 Not valid After: 2018-12-24 06:52:26 Expires in 4y210d3h5m20.4000000059605s Trust Anchor: repository.lacnic.net Prefixes: 2001:1350::/32 (max length /48) 200.85.64.0/20 (max length /24) I checked in the ROA section using the RIPE Validator and the prefix has two valid ROAs, one correctly indicating AS7908 as origin and other indicating AS 52358. This scenario is permissible. I found this case using the Quagga from https://github.com/rtrlib/quagga-rtrlib/tree/feature/rtrlib I don't recall this behavior in another version but I could pass it without noticing it. Am I doing something wrong?, did I miss something? is it a bug? Thanks, Alejandro,
Matthias Waehlisch
Jun 16, 2014, 6:06:31 AM6/16/14
to alejandroacostaalamo, rtr...@googlegroups.com
Hi Alejandro,
sorry for the delay. We will have a look into this. It seems indeed a
little bit weird as the RTRlib itself provide the correct validation
result.
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waeh...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net
> --
> You received this message because you are subscribed to the Google Groups "rtrlib" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> rtrlib+un...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
sorry for the delay. We will have a look into this. It seems indeed a
little bit weird as the RTRlib itself provide the correct validation
result.
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waeh...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net
> You received this message because you are subscribed to the Google Groups "rtrlib" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> rtrlib+un...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
Michael Mester
Jun 29, 2014, 1:31:31 PM6/29/14
to rtr...@googlegroups.com
Hi,
my output of prefix table shows the following:
Network Next Hop Metric LocPrf Weight Path
...cut...
N*> 200.85.52.0/23 212.45.111.154 0 51224 1299 12956 23201 i
V*> 200.85.64.0 212.45.111.154 0 51224 1299 3549 52358 52358 52358 52358 52358 52358 i
I* 200.85.65.0 212.45.111.154 0 51224 1299 1239 7908 52386 i
V*> 200.85.66.0/23 212.45.111.154 0 51224 1299 1239 7908 i
V*> 200.85.68.0/22 212.45.111.154 0 51224 1299 1239 7908 i
V*> 200.85.68.0 212.45.111.154 0 51224 1299 1239 7908 ?
V*> 200.85.72.0/21 212.45.111.154 0 51224 1299 1239 7908 i
...cut...
So I assume they recently changed their AS-number. Maby something was misconfigured there.
Greetings
Michael
my output of prefix table shows the following:
Network Next Hop Metric LocPrf Weight Path
...cut...
N*> 200.85.52.0/23 212.45.111.154 0 51224 1299 12956 23201 i
V*> 200.85.64.0 212.45.111.154 0 51224 1299 3549 52358 52358 52358 52358 52358 52358 i
I* 200.85.65.0 212.45.111.154 0 51224 1299 1239 7908 52386 i
V*> 200.85.66.0/23 212.45.111.154 0 51224 1299 1239 7908 i
V*> 200.85.68.0/22 212.45.111.154 0 51224 1299 1239 7908 i
V*> 200.85.68.0 212.45.111.154 0 51224 1299 1239 7908 ?
V*> 200.85.72.0/21 212.45.111.154 0 51224 1299 1239 7908 i
...cut...
So I assume they recently changed their AS-number. Maby something was misconfigured there.
Greetings
Michael
Matthias Waehlisch
Jun 29, 2014, 2:05:20 PM6/29/14
to Michael Mester, rtr...@googlegroups.com, Alejandro Acosta
Hi Alejandro,
Alejandro, do you have a more recent example?
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waeh...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net
Alejandro, do you have a more recent example?
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waeh...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net
On Sun, 29 Jun 2014, Michael Mester wrote:
> Hi,
> my output of prefix table shows the following:
>
?? ?
> Hi,
> my output of prefix table shows the following:
>
Alejandro Acosta
Jul 1, 2014, 12:47:59 AM7/1/14
to Matthias Waehlisch, Michael Mester, rtr...@googlegroups.com
Hi Matthias,
Please give me two days to try to reproduce the behavior.
Thanks,
Alejandro,
Sent with AquaMail for Android
http://www.aqua-mail.com
On June 29, 2014 1:35:19 PM Matthias Waehlisch <m.wae...@fu-berlin.de>
wrote:
Please give me two days to try to reproduce the behavior.
Thanks,
Alejandro,
Sent with AquaMail for Android
http://www.aqua-mail.com
On June 29, 2014 1:35:19 PM Matthias Waehlisch <m.wae...@fu-berlin.de>
wrote:
Alejandro Acosta
Jul 7, 2014, 2:38:17 PM7/7/14
to Matthias Waehlisch, Michael Mester, rtr...@googlegroups.com
Hi there,
I'm sorry to tell you I've not been able to reproduce the error again,
weird.
In case I see any error again I will let you know.
Thanks,
Alejandro,
I'm sorry to tell you I've not been able to reproduce the error again,
weird.
In case I see any error again I will let you know.
Thanks,
Alejandro,
Matthias Waehlisch
Jul 7, 2014, 3:13:01 PM7/7/14
to Alejandro Acosta, Michael Mester, rtr...@googlegroups.com
Hi Alejandro,
thanks, let us know when you see another mismatch.
Is the error of the disappearing IPv4 prefixes in the ROA table still
present?
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waeh...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net
thanks, let us know when you see another mismatch.
Is the error of the disappearing IPv4 prefixes in the ROA table still
present?
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waeh...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net
Thanushka Wijethunge
Nov 22, 2015, 8:41:53 AM11/22/15
to rtrlib
Hi Alejandro
I would like to install this NCC Validator Quagga + RPKI route server, it would be grateful if you can help me with the steps or if you can share me any VM that has been already installed it would be grate
Thanks in advance
Reply all
Reply to author
Forward
0 new messages