Hi Damien!
Yes the spreadsheet only shows prefixes seen in BGP routing table which do not match one in the portal. Like your prefix, my 44.131.4.0/24 and 44.131.5.0/24 are not in it as they prefix match a portal entry.
At the suggestion of others on this thread, I included extra columns today for whois lookups. In this case if a prefix is seen in the BGP routing table, but doesn't have a portal public, but does have a whois entry it is shown! I am not sure for what reason a prefix would be allocated in the first place without making it visible on the portal, it is a community resource after all.
https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whdv...
Scripts and dumps - https://github.com/natm/amprnet-observer
One other idea someone suggested was including a column for a matching AltDB record, I will add that tomorrow.
Nat,
On Sun, Jan 31, 2021 at 9:53 PM Damien Gardner vk2tdg@gmail.com wrote:
Just wanted to double-check.. Is the spreadsheet ONLY the prefixes which don’t appear in the AMPR portal? (As my 44.136.201.0/24 is not appearing in that list, and it’s definitely appearing in BGP on lg.he.net :) )
I do agree on it being really bizarre that some regions only have a /16 listed in the portal, and none of their more specifics. That has thrown me a few times.
Cheers,
DG
On Sun, 31 Jan 2021 at 1:36 pm, Nat Morris via 44Net 44net@mailman.ampr.org wrote:
Hello all,
Over the last few months I have noticed some odd BGP announcements of prefixes which have no allocations in the AMPRnet portal. After spotting 5 or 6 of these it made me wonder how many existed.
This evening I took a snapshot of the RIPE RIS data for announcements within 44.0.0.0/9 and 44.128.0.0/10, which took place in 2021. Then scraped the allocations from the AMPRnet portal, compared prefixes directly and then used a radix tree to find a best match.
The resulting data https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whdv...
At first glance there are some expected entries, for example users with a /22 or /23 announcing a more specific /24.
What really worries me is the amount of announcements of /24s where the closest portal documented prefix is a /16. Are these being used legitimately? do AMPR co-ordinators what details about them? or have they been hijacked?
Look for example at /24 announcements within country assignments, but no specific description!
I would like to start a discussion around these specific prefixes.
The scripts I wrote are here https://github.com/natm/amprnet-observer
Kind regards,
Nat.
Nat
https://nat.ms +44 7531 750292 _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net