Comment by blumentopf
13 years ago
AS path as seen from the RIPE NCC RIS looking glass for 194.71.107.0/24:
... 2914 39138 22351 131279 51040
... [NTT America/ARIN] [rrbone/RIPE] [Intelsat/ARIN] [STAR JOINT VENTURE/APNIC] [The Pirate Bay/RIPE]
Apart from that /24, STAR JOINT VENTURE only advertises 175.45.176.0/22 (albeit as four /24, idiotically enough). What's kind of interesting is that this /22 is visible with a much shorter AS path:
... 3257 4837 131279
... [Tinet/RIPE] [China Netcom/APNIC] [STAR JOINT VENTURE/APNIC]
The question is: Is is deliberate that the Chinese don't allow transit of the Pirate Bay /24 through their network? (As opposed to Intelsat, a Washington-based American company.)
I see two prefixes advertised by 51040, with very different paths:
I don't know what, if anything, they use 194.14.56/24 for, but both appear to belong to the same organization (although the registrant records differ just a bit).
EDIT: I'm gonna dig into my database and see what the path looked like a day or two ago.
EDIT: 2 days ago: the .107/24 path: 3356 3549 16150 51040
16150 is "Availo Networks AB" and they do appear to do heavy prefix filtering -- as they should -- but I see no import policy for 51040:
It's possible and plausible that TPB is using one or more VPNs to hide the true route traffic is taking (who knows what they're really doing, though).
I don't understand BGP and AS... what does that mean?
Superficial explanation:
BGP is the border gateway protocol- you can think of large infrastructure providers as being huge networks that are connected through 'border nodes'. BGP is the protocol it uses to negotiate routes into each other's networks, each provider advertises to the other provider what routes it has available. A common way to make a country go dark is by simply removing the BGP routes advertised for that country.
All right... but who is faking this? Who can be faking this and how and how does it change the traceroute?
1 reply →
AS path = the numbers of the Autonomous Systems that traffic will pass through to reach that particular destination
AS = Autonomous System, a network of one or more (usually more) computers that looks like one entity to the outside Internet. It's 'autonomous' in that it can route traffic within itself without help from any outside source. The Internet is, at a high level, a collection of ASes that all pass data among each other. Every AS has a globally unique number, usually represented as AS15169 for AS number 15169.
BGP = Border Gateway Protocol, a specific Exterior Gateway Protocol that allows ASes to figure out what other ASes are close by and to which of their neighbors they should route traffic destined for a specific IP address. This basically works by each AS advertising which groups of IP addresses (represented by prefixes) they know how to reach. A prefix is something like 10.0.0.0/24, which represents all addresses from 10.0.0.0 to 10.0.0.255; in a prefix, the number after the slash is how many bits of the IP address are fixed. In a /24, 24 bits, or three eight-bit bytes, are fixed, so the last eight bits can vary freely. Larger numbers indicate smaller blocks of addresses, unintuitively enough. For example, AS15169 advertises that it contains 173.194.0.0/16, or the range 173.194.0.0 - 173.194.255.255. Route advertisements contain cost information, which is primarily due to how long the path is; as an example, if I'm AS1 and I contain the range 10.0.0.0/24, I'll advertise that with a very low cost. If I hear from my neighbor AS3 that she contains 192.5.0.0/16, I'll advertise that with a higher cost, since I'll have to hand it off to a different AS.
(Edited to add: Apparently, IPv6 prefixes work essentially the same as IPv4 prefixes. http://www.sabi.co.uk/Notes/swIPv6Prefixes.html )