[ubuntu-za] Fwd: Mirror.ac.za routing issues (now resolved)

Morgan Collett morgan at ubuntu.com
Fri Apr 24 08:52:57 BST 2009

From: Andrew Alston <aa at tenet.ac.za>
Date: Thu, Apr 23, 2009 at 21:58
Subject: [CLUG-tech] Mirror.ac.za routing issues (now resolved)
To: clug-tech at clug.org.za

Hi All,

Due to rather bizarre routing policies at our favorite incumbent ISP people
using SAIX's DNS servers to resolve ubuntu.mirror.ac.za,
za.archive.ubuntu.com and za.releases.ubuntu.com would have been flowing to
the international server.

I've resolved this now and saix's dns servers will now send you to the
correct server.

If you want a more concrete explanation see below (warning, what follows is
true network geek speak)

The authorative DNS server for mirror.ac.za is anycast.tenet.ac.za

We announce into the global routing tables at 3 points,
Cape Town, Johannesburg and London.  This results in DNS requests for
mirror.ac.za hitting the closest geographic point and you get pointed by DNS
from there to the closest server.

Now, when you announce a route in BGP it forms an Autonomous System Path.
We announce that route on our ASN (6149), it goes to Internet solutions
(3741), and then to SAIX (5713)

So, from our Joburg and Cape Town announcements, SAIX should see from AS path 3741 6149.

We also announce it from London for international clients on AS 36944.  This
we send to NTT (AS 2914), who in turn send it to SAIX.

So saix gets ANOTHER route for this, with AS path 2914 36944

Standard BGP routing says on equal AS path length for the same prefix, use
the AS path that has the lowest ASN in the start.  In what I would consider
a sane routing policy, normally you would preference your national routes
over your international routes to avoid this situation happening.  SAIX
doesn't seem to do this, as a result, they preferred the route coming in
from NTT, and DNS requests that needed to get to were going
to the international node, which replied with the international IP

We resolved this by artificially lengthening the international AS path by
adding another 36944 ASN to the end of the path, thereby making the I.S
route shorter for SAIX and allowing them to route correctly.

Anyway, its fixed now.

Sorry about the issues.

Andrew Alston
TENET - Chief Technology Officer

