[ITNOG] Italian networks suffering from RPKI misconfigurations

nusenu nusenu-lists@riseup.net
Mer 26 Set 2018 22:13:00 CEST


Dear Italian Network Operators,

the table bellow shows IP prefixes that are unreachable in an RPKI
route origin validating (ROV) environment (the list shows Italian ASNs only).
(data as of 2018-09-26 12:51 UTC).

Affected networks might soon (by the end of the year) loose the ability to talk to
Cloudflare's network since they plan to deploy ROV.
https://blog.cloudflare.com/rpki-details/

I'd encourage everyone to look into the ROAs of affected prefixes
(or to ask their customer / responsible IP holder to do so).

The RIPE RPKI dashboard offers a notification service for these kinds of problems
and every operator should use it to get automatic alerts and avoid reduced network reachability.
https://www.ripe.net/manage-ips-and-asns/resource-management/certification/resource-certification-roa-management

some more context:
https://medium.com/@nusenu/where-are-rpki-unreachable-networks-located-65c7a0bae0f8

List of RPKI invalid and unreachable prefixes (sorted by prefix size):

+----------+---------------------------------------+------------------+------------------------+
| ASN      | (announcing) AS Name                  | affected prefix  | unreachable /24 blocks |
+----------+---------------------------------------+------------------+------------------------+
| AS20746  | ASN-IDC - Telecom Italia S.p.A.       | 212.104.0.0/18   |                     64 |
| AS33942  | IREN-ENERGIA-AS - IREN ENERGIA S.P.A  | 83.139.208.0/20  |                     16 |
| AS33942  | IREN-ENERGIA-AS - IREN ENERGIA S.P.A  | 83.139.200.0/21  |                      8 |
| AS198013 | IPKOM - Ipkom Srl                     | 94.185.104.0/22  |                      4 |
| AS33942  | IREN-ENERGIA-AS - IREN ENERGIA S.P.A  | 83.139.196.0/22  |                      4 |
| AS33942  | IREN-ENERGIA-AS - IREN ENERGIA S.P.A  | 83.139.192.0/23  |                      2 |
| AS30848  | IT-TWT-AS - TWT S.p.A.                | 94.185.124.0/23  |                      2 |
| AS30848  | IT-TWT-AS - TWT S.p.A.                | 94.185.126.0/23  |                      2 |
| AS34971  | PDDA-AS - Prometeus di Daniela Agro   | 195.88.4.0/23    |                      2 |
| AS29286  | SKYLOGIC-AS - SKYLOGIC S.P.A.         | 185.8.40.0/23    |                      2 |
| AS197650 | AIRMAX-AS - AirMax S.r.l.             | 185.30.112.0/24  |                      1 |
| AS197650 | AIRMAX-AS - AirMax S.r.l.             | 185.30.113.0/24  |                      1 |
| AS197650 | AIRMAX-AS - AirMax S.r.l.             | 185.30.114.0/24  |                      1 |
| AS197650 | AIRMAX-AS - AirMax S.r.l.             | 185.30.115.0/24  |                      1 |
| AS198013 | IPKOM - Ipkom Srl                     | 94.185.97.0/24   |                      1 |
| AS198013 | IPKOM - Ipkom Srl                     | 94.185.98.0/24   |                      1 |
| AS198013 | IPKOM - Ipkom Srl                     | 94.185.99.0/24   |                      1 |
| AS198013 | IPKOM - Ipkom Srl                     | 94.185.100.0/24  |                      1 |
| AS198013 | IPKOM - Ipkom Srl                     | 94.185.101.0/24  |                      1 |
| AS198013 | IPKOM - Ipkom Srl                     | 94.185.102.0/24  |                      1 |
| AS198013 | IPKOM - Ipkom Srl                     | 94.185.108.0/24  |                      1 |
| AS198013 | IPKOM - Ipkom Srl                     | 94.185.109.0/24  |                      1 |
| AS33942  | IREN-ENERGIA-AS - IREN ENERGIA S.P.A  | 83.139.194.0/24  |                      1 |
| AS206732 | LOCONTEWIFI-AS - Lo Conte WiFi s.r.l. | 185.52.67.0/24   |                      1 |
| AS41849  | WHL-AS - Worldwide Hotel Link srl     | 185.178.252.0/24 |                      1 |
| AS41849  | WHL-AS - Worldwide Hotel Link srl     | 185.178.253.0/24 |                      1 |
+----------+---------------------------------------+------------------+------------------------+

Should you have further questions feel free to contact me (on or off-list).

kind regards,
nusenu

-- 
https://twitter.com/nusenu_


-------------- parte successiva --------------
Un allegato non testuale รจ stato rimosso....
Nome:        signature.asc
Tipo:        application/pgp-signature
Dimensione:  833 bytes
Descrizione: OpenPGP digital signature
URL:         <http://lists.itnog.it/pipermail/itnog/attachments/20180926/40af4582/attachment.sig>


Maggiori informazioni sulla lista itnog