<div dir="ltr">Hello,<div><br></div><div>If the IP's are your's, PCCW should definitely not continue to announce them if you tell them not to, perhaps start announcing it from somewhere else and remove any route objects so that from everyone's perspective they are hijacking the IP range, this has happened to us before and we usually just threaten to make the issue public and talk to RIPE and usually it works.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Nov 12, 2019 at 1:09 PM Bothe, Jason <<a href="mailto:Jason.Bothe@invesco.com" target="_blank">Jason.Bothe@invesco.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">If anyone could tell me how to get an ISP to 'un-announce' prefixes on your behalf I will buy them dinner. I have two prefixes of mine that PCCW won't to take down and at this point I have better chances of convincing Donald Trump to resign than I do getting PCCW to remove them from their announcements.<br>
<br>
J~<br>
<br>
On 11/12/19, 6:48 AM, "members-discuss on behalf of Job Snijders" <<a href="mailto:members-discuss-bounces@ripe.net" target="_blank">members-discuss-bounces@ripe.net</a> on behalf of <a href="mailto:job@ntt.net" target="_blank">job@ntt.net</a>> wrote:<br>
<br>
Dear Bernd,<br>
<br>
Good questions, thanks for bringing them up, this topic indeed doesn't<br>
receive much attention.<br>
<br>
I can't comment on the specifics of your case in regard to SLA and what<br>
the best choices are for your organisation, but I can share one small<br>
data point.<br>
<br>
On Tue, Nov 12, 2019 at 12:16:53PM +0100, Bernd Naumann wrote:<br>
> Then the ISP offered us to announce _our_ prefix for us, from their<br>
> ASN, and here I lost trust, and stopped the planning for now to get<br>
> either confirmation or an other red flag.<br>
<br>
This actually is a common practise!<br>
<br>
Speaking from NTT's perspective we see that customer's used to run BGP<br>
in the past, but no longer have interest in maintaining that<br>
infrastructure and switch to a "Direct Internet Access" (DIA) product<br>
which usually is statically routing the IP space and perhaps using a<br>
first-hop redundancy protocol. In such cases the customers request NTT<br>
to announce the space on their behalf - which we can do provided that a<br>
RPKI ROA and IRR route object are created to demonstrate to the world<br>
that we in fact are allowed to originate the prefix.<br>
<br>
> - Is this even "allowed" or recommend by RIPE policies or BCPs?<br>
<br>
yes, this is allowed; and if it adequately addresses the challenges you<br>
are trying to solve for your organisation I'd say it is even<br>
'recommended' ;-) - the real answer is "it depends".<br>
<br>
> - Wouldn't that be at least looks like a/an BGP hijacking (attempt)?<br>
<br>
it would not look like a BGP hijack if RPKI ROAs / IRR "route:/route6:"<br>
objects are created in the appropriate places authorising the ASN that<br>
originates the prefix.<br>
<br>
> - Just in case this is ok-ish, how would I setup the ROA with RPKI so that<br>
> it would be come valid?<br>
<br>
You'd go to the RIPE web portal, and create a RPKI ROA like you'd<br>
normally do, but instead of inputting your own ASN you input the ASN of<br>
the provider that will announce the space on your behalf. You<br>
create/have multiple ROAs covering the same prefix but with different<br>
Origin ASNs co-exist - this allows you to make-before-break in<br>
transitions such as you might be going through at this moment.<br>
<br>
A variant of the scenario you describe is "BYOIP" in context of the<br>
cloud providers. The analogy is that instead of routing your IP space to<br>
your office, some cloud providers offer to announce your IP space and<br>
route it to your virtual datacenter:<br>
<br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__aws.amazon.com_vpc_faqs_-23Bring-5FYour-5FOwn-5FIP&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=r6F6zj0eWYSBLwke7RzsjRWmiMDnA48kBc8MtH6LHY4&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__aws.amazon.com_vpc_faqs_-23Bring-5FYour-5FOwn-5FIP&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=r6F6zj0eWYSBLwke7RzsjRWmiMDnA48kBc8MtH6LHY4&e=</a> <br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__developers.cloudflare.com_spectrum_getting-2Dstarted_byoip_&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=FVQO-bem3vPPgWp_IBnXM0T--YTxtYfdLWLEWXRQPQs&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__developers.cloudflare.com_spectrum_getting-2Dstarted_byoip_&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=FVQO-bem3vPPgWp_IBnXM0T--YTxtYfdLWLEWXRQPQs&e=</a> <br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__cloud.ibm.com_docs_tutorials-3Ftopic-3Dsolution-2Dtutorials-2Dbyoip&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=8REIxiHlVLSmo3TNJ7qNSmgsfGVHpxq5Ttd0mibZ0ww&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__cloud.ibm.com_docs_tutorials-3Ftopic-3Dsolution-2Dtutorials-2Dbyoip&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=8REIxiHlVLSmo3TNJ7qNSmgsfGVHpxq5Ttd0mibZ0ww&e=</a> <br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.zdnet.com_article_google-2Dcloud-2Dnow-2Dlets-2Dyou-2Dbring-2Dyour-2Down-2Dip-2Daddress-2Dto-2Dall-2D20-2Dregions_&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=TdoE7Lfs-p40nmMmMndCui0e-SGGPxEGMxGkvD9N9aQ&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.zdnet.com_article_google-2Dcloud-2Dnow-2Dlets-2Dyou-2Dbring-2Dyour-2Down-2Dip-2Daddress-2Dto-2Dall-2D20-2Dregions_&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=TdoE7Lfs-p40nmMmMndCui0e-SGGPxEGMxGkvD9N9aQ&e=</a> <br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__ideas.digitalocean.com_ideas_DO-2DI-2D566-23-3A-7E-3AtargetText-3DSupport-2520Bring-2520Your-2520Own-2520IP-2520Space-2Ctheir-2520AS-2520to-2520your-2520server&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=TYJoDyr0WewiKRJ3rLvbaA1Y1q2ICKACpeEI7stPDw8&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__ideas.digitalocean.com_ideas_DO-2DI-2D566-23-3A-7E-3AtargetText-3DSupport-2520Bring-2520Your-2520Own-2520IP-2520Space-2Ctheir-2520AS-2520to-2520your-2520server&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=TYJoDyr0WewiKRJ3rLvbaA1Y1q2ICKACpeEI7stPDw8&e=</a> .<br>
<br>
Your IP resources are yours*, and you are free to authorize anyone to<br>
route them on your behalf on the public internet.<br>
<br>
Kind regards,<br>
<br>
Job<br>
<br>
* not meaning to start debate about ownership, just wanted to emphasize<br>
that whether you do your own BGP or have someone do it on your behalf<br>
is the same.<br>
<br>
_______________________________________________<br>
members-discuss mailing list<br>
<a href="mailto:members-discuss@ripe.net" target="_blank">members-discuss@ripe.net</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ripe.net_mailman_listinfo_members-2Ddiscuss&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=LLJl3WzcTkyuUBaUuRuuAvmBoRj00wIunLBsYcEpE1M&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ripe.net_mailman_listinfo_members-2Ddiscuss&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=LLJl3WzcTkyuUBaUuRuuAvmBoRj00wIunLBsYcEpE1M&e=</a> <br>
Unsubscribe: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ripe.net_mailman_options_members-2Ddiscuss_jason.bothe-2540invesco.com&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=zF-69Zepe30kowdDFJeO2wQGvCB9SrGXxicJii7w6Ug&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ripe.net_mailman_options_members-2Ddiscuss_jason.bothe-2540invesco.com&d=DwICAg&c=MWFkEADu9ctt4KEmLIuwsQ&r=aNH3UFbvNKJFeaKLnEx5sWc0jPyXLBSnLQU0V6pTp1U&m=cngdDIcxq1dCVmEzgJd6Uq2XrWGQdta0BKRKcDWzHe4&s=zF-69Zepe30kowdDFJeO2wQGvCB9SrGXxicJii7w6Ug&e=</a> <br>
<br>
<br>
<br>
****************************************************************<br>
Confidentiality Note: The information contained in this <br>
message, and any attachments, may contain confidential <br>
and/or privileged material. It is intended solely for the <br>
person(s) or entity to which it is addressed. Any review, <br>
retransmission, dissemination, or taking of any action in<br>
reliance upon this information by persons or entities other <br>
than the intended recipient(s) is prohibited. If you received <br>
this in error, please contact the sender and delete the <br>
material from any device.<br>
****************************************************************<br>
_______________________________________________<br>
members-discuss mailing list<br>
<a href="mailto:members-discuss@ripe.net" target="_blank">members-discuss@ripe.net</a><br>
<a href="https://mailman.ripe.net/" rel="noreferrer" target="_blank">https://mailman.ripe.net/</a><br>
Unsubscribe: <a href="https://lists.ripe.net/mailman/options/members-discuss/miao%40epik.com" rel="noreferrer" target="_blank">https://lists.ripe.net/mailman/options/members-discuss/miao%40epik.com</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div style="font-family:Helvetica,Arial;font-size:13px">Kind Regards,</div><div style="font-family:Helvetica,Arial;font-size:13px">Marcelo Goncalves</div><div style="font-family:Helvetica,Arial;font-size:13px">Director of Network Operations and President of Sibyl Systems</div><div style="font-family:Helvetica,Arial;font-size:13px"><br></div><div><div>Skype: grumpycatofficial</div><div>Discord: Miao#0001</div><div><img src="https://docs.google.com/uc?export=download&id=12xWA5kcaVPnvfBRZwQK-yaL39Q7Auunw&revid=0B3Tq8KsCyKUCVnZpSE0xRkx0WVhnY1lINVdFb2ZIUmgxRHBZPQ"><br></div><div><br></div></div></div></div></div></div>