From: "Peter Müller" <peter.mueller@ipfire.org>
To: location@lists.ipfire.org
Subject: Re: location db mismatch
Date: Tue, 25 Jan 2022 18:15:44 +0000 [thread overview]
Message-ID: <c18f93cd-3c31-e61e-a7c6-06bff82bbe8a@ipfire.org> (raw)
In-Reply-To: <1D1C8279-E28B-44FA-AE24-F964BA2186F8@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 6649 bytes --]
Hello Michael,
hello nusenu,
hello Martin (???),
sorry for my late reply.
Yes, this change is due to an override of mine, committed as f3901759ede298e49cf5c056d0655b97e86cd211,
affecting all location databases generated after January 9th, 2022.
This is because German hoster netcup GmbH claims to be located solely in Germany - quoted
from https://www.netcup.eu/ueber-netcup/rechenzentrum.php:
> The infrastructure of the netcup GmbH is located in Nuremberg, Germany.
However, some prefixes announced by AS197540 show country codes set to AT or CH. The former is probably
thanks to netcup being a subsidiary of Austria-based ANEXIA Internetdienstleistungs GmbH now, but apparently
they did not align the country codes to the physical location of their services.
185.216.176.0/22 is a good example:
> inetnum: 185.216.176.0 - 185.216.179.255
> netname: AT-ANEXIA-20170808
> country: AT
> org: ORG-AIG10-RIPE
> admin-c: ANXT-RIPE
> tech-c: ANXT-RIPE
> status: ALLOCATED PA
> mnt-by: ANEXIA-MNT
> mnt-by: RIPE-NCC-HM-MNT
> created: 2021-09-08T11:53:09Z
> last-modified: 2021-09-08T11:53:09Z
> source: RIPE
Yet the entire /22 is announced out of DE (185.216.176.191 picked as an arbitrary example):
> 1. x
> 2. x
> 3. x
> 4. x
> 5. AS47147 ae10-0.bbr01.anx25.fra.de.anexia-it.net (144.208.208.211)
> 6. AS47147 ae0-0.bbr02.anx25.fra.de.anexia-it.net (144.208.208.142)
> 7. AS47147 ae1-0.bbr01.anx84.nue.de.anexia-it.net (144.208.208.140)
> 8. AS47147 94.16.25.77 (94.16.25.77)
> 9. AS197540 v220201236964137497.bestsrv.de (185.216.176.191)
At this point, I thought a blanket override for AS197540 might be in order, to have inaccuracies covered
for the entire Autonomous System. After all, they claim it is not being located somewhere else than DE.
While investigating on this further after reading your mail, I have some doubts.
First, there is 2a04:b500::/32, apparently owned by a customer of netcup / ANEXIA:
> inet6num: 2a04:b500::/29
> netname: CH-HOSTSTAR-20140224
> country: CH
> org: ORG-MNA17-RIPE
> admin-c: HSTR13
> tech-c: HSTR13
> status: ALLOCATED-BY-RIR
> mnt-by: RIPE-NCC-HM-MNT
> mnt-by: HSTR-FBR
> mnt-routes: HSTR-FBR
> mnt-routes: NETCUP-MNT
> created: 2014-02-24T07:07:25Z
> mnt-domains: NETCUP-MNT
> mnt-domains: HSTR-FBR
> last-modified: 2017-01-18T12:26:29Z
> source: RIPE # Filtered
Traceroutes to a destination in this /32 are rather funny:
> 1. x
> 2. x
> 3. x
> 4. AS47147 2a00:11c0:47:1:47::213 (2a00:11c0:47:1:47::213)
> 5. AS47147 2a00:11c0:47:3::33 (2a00:11c0:47:3::33) <<<<< average latency: ~ 2020 ms
> 6. (no route to host)
> 1. x
> 2. x
> 3. x
> 4. x
> 5. AS9002 RT.IRX.VIE.AT.retn.net (2a02:2d8::57f5:e0af)
> 6. AS??? et-2-0-5-1337.bbr01.anx03.vie.at.anexia-it.net (2001:7f8:30:0:1:1:4:7147)
> 7. AS47147 2a00:11c0:47:1:47::132 (2a00:11c0:47:1:47::132)
> 8. AS47147 2a00:11c0:47:1:47::137 (2a00:11c0:47:1:47::137)
> 9. AS47147 2a00:11c0:47:3::33 (2a00:11c0:47:3::33) <<<<< average latency: ~ 2040 ms
> 10. (waiting for reply)
> 11. (no route to host)
According to sources, I believe with a medium level of confidence 2a00:11c0:47:1:47::137 is located in Nuremberg, DE
(thanks to ANEXIA for not providing PTRs to their IPv6 space :-/ ), but with a response time of around 2 seconds, the
next hop can be located virtually anywhere in the world.
Oddly enough, the /22 you mentioned in your mail first traces to Vienna, AT, indeed, but then shows the same behaviour:
> 1. x
> 2. x
> 3. x
> 4. AS201011 ae16-2074.fra10.core-backbone.com (81.95.2.137)
> 5. AS1299 ffm-b5-link.ip.twelve99.net (62.115.9.225)
> 6. AS1299 anexia-ic327209-ffm-b5.ip.twelve99-cust.net (62.115.14.117)
> 7. AS47147 ae0-0.bbr02.anx25.fra.de.anexia-it.net (144.208.208.142)
> 8. AS47147 ae1-0.bbr01.anx84.nue.de.anexia-it.net (144.208.208.140)
> 9. AS47147 ae0-0.bbr02.anx84.nue.de.anexia-it.net (144.208.208.138)
> 10. AS47147 ae2-0.bbr02.anx03.vie.at.anexia-it.net (144.208.208.136)
> 11. AS47147 ae1-0.bbr02.anx04.vie.at.anexia-it.net (144.208.208.130)
> 12. AS47147 94.16.25.91 (94.16.25.91) <<<<< average latency: ~ 2020 ms
> 13. (waiting for reply)
> 1. x
> 2. x
> 3. x
> 4. x
> 5. AS9002 ae1-3.rt.irx.sto.se.retn.net (87.245.234.206)
> 6. AS1299 s-b3-link.ip.twelve99.net (62.115.174.226)
> 7. AS1299 s-bb2-link.ip.twelve99.net (62.115.118.108)
> 8. AS1299 ffm-bb2-link.ip.twelve99.net (62.115.138.105)
> 9. AS1299 ffm-b5-link.ip.twelve99.net (62.115.114.91)
> 10. AS1299 anexia-ic327209-ffm-b5.ip.twelve99-cust.net (62.115.14.117)
> 11. AS47147 ae0-0.bbr02.anx25.fra.de.anexia-it.net (144.208.208.142)
> 12. AS47147 ae1-0.bbr01.anx84.nue.de.anexia-it.net (144.208.208.140)
> 13. AS47147 ae0-0.bbr02.anx84.nue.de.anexia-it.net (144.208.208.138)
> 14. AS47147 ae2-0.bbr02.anx03.vie.at.anexia-it.net (144.208.208.136)
> 15. AS47147 ae1-0.bbr02.anx04.vie.at.anexia-it.net (144.208.208.130)
> 16. AS47147 94.16.25.93 (94.16.25.93) <<<<< average latency: ~ 2050 ms
> 17. (waiting for reply)
Frankly, this leaves me a bit puzzled:
(a) At least one network being announced by AS197540 is certainly not located in AT, albeit claiming to be.
(b) From our BGP feed, we learn 89.58.16.0/22 is announced by AS197540, yet traceroutes end somewhere in ANEXIA's
main AS47147, being used at least across Europe. An IPv6 customer of netcup (2a04:b500::/32) shows a similar
behaviour.
At the time of writing, I'd still say an override for AS197540 is fine, since it represents what the hosting
company claims about its location. With regards to
> route: 94.16.25.0/24
> descr: powered by ANX
> descr: More specific route object, announced only
> descr: for engineering or in case of DDoS attack.
> origin: AS47147
> mnt-by: ANEXIA-MNT
> created: 2020-10-14T12:11:39Z
> last-modified: 2020-10-14T12:11:39Z
> source: RIPE
the current situation might be due to an ongoing DDoS mitigation at ANEXIA, diverting the traffic to their
scrubbing centers, which one of them appears to be located in Vienna, AT. They might just disabled ICMP responses
to tracerouting attempts temporarily.
Do you happen to have further information on this, especially related to 89.58.16.0/22?
Thanks, and best regards,
Peter Müller
next prev parent reply other threads:[~2022-01-25 18:15 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-21 17:15 nusenu
2022-01-21 19:02 ` nusenu
2022-01-24 16:25 ` Michael Tremer
2022-01-24 17:37 ` nusenu
2022-01-25 8:52 ` Michael Tremer
2022-01-25 18:15 ` Peter Müller [this message]
2022-01-25 23:10 ` nusenu
2022-01-29 11:18 ` Peter Müller
2022-01-26 4:17 ` Martin Gebhardt (Die LINKE.)
2022-02-04 13:40 ` Peter Müller
2022-02-06 9:48 ` Martin Gebhardt
2022-02-08 18:32 ` Peter Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c18f93cd-3c31-e61e-a7c6-06bff82bbe8a@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=location@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox