Comment by next_hopself

6 days ago

CANTV (AS8048) is a correct upstream transit provider for Dayco (AS21980) as seen in both https://radar.cloudflare.com/routing/as21980#connectivity and https://bgp.tools/as/21980#upstreams

What most likely happened, instead of a purposeful attempt to leak routes and MITM traffic, is CANTV had too loose of a routing export policy facing their upstream AS52320 neighbor, and accidentally redistributed the Dayco prefixes that they learned indirectly from Sparkle (AS6762) when the direct Dayco routes became unavailable to them.

This is a pretty common mistake and would explain the leak events that were written about here.

3 comments

next_hopself

next_hopself 5 days ago

A closer look at the leak: https://news.ycombinator.com/item?id=46518731

Bengalilol 4 days ago

The "closer" look is more blurry than the one presented here though.

itsamario 6 days ago

Most providers enforce rpki but unless you peer with tier1 networks you can't influence a network you don't peer with.