[afnog] strict RPF ????

Frank Habicht geier at geier.ne.tz
Mon Oct 19 06:08:11 UTC 2015 

Hi all,

thanks for all the replies.

update:
The problem is no longer, I have a little idea, but would like to
confirm first.

AS_PATH is now symmetric and no longer via Europe.

Regards,
Frank


On 10/18/2015 8:31 PM, Frank Habicht wrote:
> Hi all,
> 
> I'm getting the impression that something is wrong in the South...
> 
> Can anyone please confirm whether or not any bigger network in South
> Africa is doing strict RPF on their AS-boundaries, specifically
> peering/transit links.
> (not talking about customer links here)
> 
> I don't want to mention names yet....
> 
> What we see (from AS37084, for example 41.221.41.13):
> 
> traffic to most IPs does work and ping fine , some 50ms via Seacom IP
> network (37100) - good.
> 
> that also means the south african network has (and uses) a route to us
> via Seacom - nice and short. also good.
> 
> the problem:
> traffic to at least one prefix
> - the prefix is apparently not advertised by that south african network
> in the same way to seacom, at least we don't get it advertised from
> seacom like we get many others
> - so traffic goes to Europe, specifically to a "tier-1" network
>   (mentioning because i think it's safe to say the south african
>    network won't have a peering with my upstream.)
> - and then traceroute to the problem-destination stops
> - from a hetzner hosted host in Europe we can get to the problem
>    destination fine.
>    a stable RTT of >790ms might suggest a vsat link from SA thoug - not
>    a problem.
> - from same host a traceroute features the AMS-IX IP of the south
>    African network....
>   So peering might suggest a symmetric path
> - in fact: traceroute the opposite direction kind-of confirms that.
> 
> 
> The only idea that I have here is that from 37084 in TZ the path to the
> problem-prefix is via Europe. and the return path is not.
> and that someone is doing strict RPF.
> 
> To which I would like to say:
> Where I life the internet is asymmetric.
> Especially when you guys (same origin AS btw) advertise some but not all
> prefixes to Seacom.
> 
> And this hurts both our customers and your customers.
> And at the moment I'm convinced that it's not my routers dropping the
> packets.
> And that's the message our customers are getting.
> 
> I'd like to get it fixed - soon.
> If possible without naming names.
> So I add one email address (from whois) into BCC...
> 
> But I _can_ name names.
> 
> Have fun.
> 
> Frank
> 
> 
> _______________________________________________
> afnog mailing list
> https://www.afnog.org/mailman/listinfo/afnog
>

More information about the afnog mailing list