Projection of corporate conflict on network connectivity
A corporate conflict arose on 06/10/2019 due to an increase in the cost of delivering SMS to users of the Vimpelcom network by Mail.RU Group. As a response, Mail.RU Group ceased to “service” direct Russian IP channels to the Vimpelcom network.
Below is a brief analysis of the situation from the perspective of a network engineer.
Update : 06/14/2019 18:45 - emphasis on Russian routes to the VimpelCom network, adjusted conclusions, added an explanation by Sergey Kubasov (CIO Vkontakte) .
Update : 06/14/2019 19:48 - a description has been added of how to restrict the distribution of routes along the “short” Russian route via Rostelecom, MTS, RETN.NET ..
Update : 06/15/2019 09:39 - Mail.ru blocked its Looking Glass.
Update: 06/18/2019 10:10 - Depyring is over. VimpelCom and Mail.RU Group raised direct BGP sessions.
Introductory:
Vimpelcom has an autonomous system AS3216, all the rest (8402 - home Internet, 16345 - mobile Internet) are located for 3216.
Mail.RU Group - autonomous systems AS47541, AS47542 and AS47764. The main content generator is 47542, the so-called CDN VKONTAKTE (films, music). All autonomous systems are independent of each other (from the position of an external autonomous system).
First, let's look at the situation from the Vimpelcom network. Looking Glass Vimpelcom will help us for this .
We look at the first autonomous system - AS47541.
2914 47541
79.104.32.251 (metric 10500) (79.104.32.251)
Origin IGP, metric 30, localpref 87, valid, internal, best, group-best, import-candidate, import suspect
Received Path ID 0, Local Path ID 1, version 2865394342
Community: 2914:410 2914:1214 2914:2213 2914:3200 3216:3000 3216:3103 47541:1 47541:40000 47541:50078AS-PATH contains two autonomous systems - 2914 (NTT) and 47541 (VKONTAKTE-SPB-AS).
The localpref metric is set to 87, which, as described in the RIPE DB for the AS3216 object, corresponds to international peering.
...The 3216: 3000 and 3216: 3103 community (source - RIPE DB for AS3216 ) also confirms the same information :
remarks: International peer's routes get local preference in the
remarks: range of 81-89.
...
...That is, Vimpelcom sees the route to VKontakte through the European junction.
remarks: 3216: 3000 Receieved from an international uplink or peer, specifically:
...
remarks: 3216: 3103 AMS-IX
...
Let's see another VKontakte autonomy - 47542 (VKONTAKTE-MSK-CDN-AS).
Everything is similar.
2914 47541
79.104.32.251 (metric 10500) (79.104.32.251)
Origin IGP, metric 30, localpref 87, valid, internal, best, group-best, import-candidate, import suspect
Received Path ID 0, Local Path ID 1, version 2865394338
Community: 2914:410 2914:1214 2914:2213 2914:3200 3216:3000 3216:3103 47541:1 47541:40000 47541:50078What about Mail.ru itself? Let's take a look at AS47764 (mailru-as).
3356 47764
194.67.0.215 (metric 10501) (194.67.0.215)
Origin IGP, metric 0, localpref 77, valid, internal, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 2867605667
Community: 3216:3000 3216:3007 3356:2 3356:22 3356:100 3356:123 3356:519 3356:2094 47764:1 47764:40000 47764:50077 VimpelCom sees Mail.ru via as3356 (uplink Level3, Tier1 operator). This information is confirmed by localpref 77:
...and community (3216: 3000 and 3216: 3007):
remarks: Uplink's routes get local preference in the range of 71-79.
remarks: Last Update: February 2012 ...
...
remarks: 3216: 3000 Receieved from an international uplink or peer, specifically:
...
remarks: 3216: 3007 Level 3 Communications
...
From the information received, it can be seen that traffic from the Vimpelcom network on VKontakte and MailRu is distributed through European connections according to the routes received via the BGP protocol. There are no alternative routes through Russian connections at Looking Glass. No measures have been found to artificially redirect traffic through knowingly worse routes.
And how does the Mail.ru Group see the VimpelCom network?
We will use Looking Glass from Mail . Update : as of the morning of June 15, 2019 Looking Glass does not work, the 500th error is
displayed on requests: From routers from AS47764 (mailru-as):
Path #6: Received by speaker 0
Advertised to peers (in unique update groups):
188.93.60.188
1299 1299 1273 3216 3216
217.20.147.250 (metric 100) from 217.20.147.250 (217.20.147.253)
Origin IGP, metric 500, localpref 200, valid, internal, best, group-best
Received Path ID 0, Local Path ID 0, version 1172721494
Community: 1299:20000 47764:701 47764:41100 47764:41108 47764:50077AS-PATH contains AS1299 (Telia, Tier1 operator, uplink Mail.RU) and as1273 (Vodafon, Tier1 operator, uplink Vimpelcom).
LocalPreference 200 is the standard for external Mail.ru interfaces (https://net.mail.ru/bgp.html), and the MED 500 corresponds to everything received not from a direct interface, not from IX-s, not from peer-to-peer ones.
But why are there no local routes through Russian telecom operators ???
They are, but their priority is “non-standard”!
Here is the route through Rostelecom (as12389):
Path #1: Received by speaker 0
Not advertised to any peer
12389 3216
46.61.178.149 from 46.61.178.149 (213.59.207.79)
Origin IGP, metric 500, localpref 199, valid, external
Received Path ID 0, Local Path ID 0, version 0
Community: 3216:2001 3216:2999 3216:4100 12389:5 12389:6 12389:1100 12389:1105 12389:1277 47764:701 47764:41100 47764:41104 47764:50077
Origin-AS validity: not-foundHere is through the Megaphone (as31133):
Path #2: Received by speaker 0
Not advertised to any peer
31133 3216
78.25.77.41 from 78.25.77.41 (10.222.253.97)
Origin IGP, metric 500, localpref 199, valid, external
Received Path ID 0, Local Path ID 0, version 0
Community: 3216:2001 3216:2999 3216:4100 31133:300 31133:46170 47764:701 47764:41100 47764:41105 47764:50077
Origin-AS validity: not-foundHere is through RET.NO:
Path #3: Received by speaker 0
Not advertised to any peer
9002 9002 3216
87.245.253.24 from 87.245.253.24 (87.245.225.1)
Origin IGP, metric 500, localpref 199, valid, external
Received Path ID 0, Local Path ID 0, version 0
Community: 9002:9002 9002:64667 47764:701 47764:41100 47764:41101 47764:50077
Origin-AS validity: not-foundAnd even through MTS!
Path #5: Received by speaker 0
Not advertised to any peer
8359 3216
212.188.61.105 from 212.188.61.105 (195.34.52.77)
Origin IGP, metric 500, localpref 199, valid, external
Received Path ID 0, Local Path ID 0, version 0
Community: 8359:200 8359:609 8359:5012 47764:701 47764:41100 47764:41103 47764:50077
Origin-AS validity: not-foundThe localpref metric for these Russian routes is underestimated, that is, the routes are degraded compared to foreign ones!
In addition, Mail.Ru Group has prohibitions on distributing its prefixes to VimpelCom through Russian operators!
RET.NET (http://lg.retn.net/):
The announcements from Mail.RU Group include a 3216 community: 65535.
Conclusion from LG RET.NO
inet.0: 762737 destinations, 1734826 routes (762708 active, 222780 holddown, 277 hidden)
94.100.176.0/20 (1 entry, 1 announced)
* BGP Preference: 170 / -201
...
...
AS path: 47764 I
AS path: Recorded
Communities: 3216: 65535 9002: 64667 9002: 65530
...
94.100.176.0/20 (1 entry, 1 announced)
* BGP Preference: 170 / -201
...
...
AS path: 47764 I
AS path: Recorded
Communities: 3216: 65535 9002: 64667 9002: 65530
...
Vimpelcom does not accept routes marked by such a community on its network. Excerpt from RIPE DB by AS3216:
...
remarks: Internal comminuties are assigned only internally.
remarks:
and are always deleted from incoming updates at the border
remarks: routers.... remarks: They are in range 3216: 0000-3216: 4999 and 3216: 6000-3216: 65535
...
Towards Rostelecom (http://lg.ip.rt.ru) Mail.RU Group gives similar routes with the community 12389: 8350.
Conclusion from LG Rostelecom
94.100.176.0/20 via 217.107.65.1 on eth0.9 [sr2 2019-06-13] * (100 /?) [AS47764i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 47764
BGP.next_hop: 213.59 .207.78
BGP.med: 0
BGP.local_pref: 850
BGP.community: (12389,1) (12389,1100) (12389,1105) (12389,1277) (12389,8350) (12389,8380) (47764,1 ) (47764,40000) (47764,50077)
BGP.originator_id: 213.59.207.78
BGP.cluster_list: 95.167.88.79 95.167.88.49 95.167.88.17
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 47764
BGP.next_hop: 213.59 .207.78
BGP.med: 0
BGP.local_pref: 850
BGP.community: (12389,1) (12389,1100) (12389,1105) (12389,1277) (12389,8350) (12389,8380) (47764,1 ) (47764,40000) (47764,50077)
BGP.originator_id: 213.59.207.78
BGP.cluster_list: 95.167.88.79 95.167.88.49 95.167.88.17
According to the entries in the RIPE DB for the as12389 object, this community means “do not announce on the as3216 network”:
...
remarks: | 12389: 835y When advertising to GoldenTelecom (AS3216) |
...
remarks: | ... y = 0 - do not advertise |
...
Similarly, towards MTS (http://lg.mtu.ru):
Conclusion from LG MTS
BGP routing table entry for 94.100.176.0/20, version 161717219
Paths: (2 available, best # 1, table default)
Multipath: eBGP
Advertised to update-groups:
6
47764, (received & used)
195.34.52.77 (metric 16) from 195.34.52.181 (195.34.52.181)
Origin IGP, metric 0, localpref 140, valid, internal, best
Community: 8359: 2120 8359: 2150 8359: 5500 8359: 55277
Originator: 195.34.52.77, Cluster list: 83.59.83.59
47764 , (received & used)
195.34.52.77 (metric 16) from 195.34.52.182 (195.34.52.182)
Origin IGP, metric 0, localpref 140, valid, internal
Community: 8359: 2120 8359: 2150 8359: 5500 8359: 55277
Originator: 195.34.52.77, Cluster list: 83.59.2.77
Paths: (2 available, best # 1, table default)
Multipath: eBGP
Advertised to update-groups:
6
47764, (received & used)
195.34.52.77 (metric 16) from 195.34.52.181 (195.34.52.181)
Origin IGP, metric 0, localpref 140, valid, internal, best
Community: 8359: 2120 8359: 2150 8359: 5500 8359: 55277
Originator: 195.34.52.77, Cluster list: 83.59.83.59
47764 , (received & used)
195.34.52.77 (metric 16) from 195.34.52.182 (195.34.52.182)
Origin IGP, metric 0, localpref 140, valid, internal
Community: 8359: 2120 8359: 2150 8359: 5500 8359: 55277
Originator: 195.34.52.77, Cluster list: 83.59.2.77
Community 8359: 2120 means:
...
remarks: 8359: 212x when announcing to Sovam (Beeline)
...
remarks: x = 0 - do not announce
...
You can’t look at the announcements of Mail.RU Group towards Megafon - the latter does not have Looking Glass.
Let's see AS47541 (VKONTAKTE-SPB-AS).
The conclusion is too big.
Router: a9922-e-5
Command: show ip bgp 81.211.56.202
Last switch-over Thu Apr 5 04:25:09 2018: 1 year, 10 weeks, 6 hours, 9 minutes ago
Fri Jun 14 10:34:20.791 MSK
BGP routing table entry for 81.211.0.0/17
Versions:
Process bRIB/RIB SendTblVer
Speaker 913059757 913059757
Last Modified: May 21 05:20:38.536 for 1y03w
Paths: (6 available, best #4)
Advertised to update-groups (with more than one peer):
0.2
Advertised to peers (in unique update groups):
188.93.60.188
Path #1: Received by speaker 0
Not advertised to any peer
1299 1273 3216 3216
87.240.191.235 (metric 31) from 87.240.191.235 (87.240.191.235)
Origin IGP, metric 5000, localpref 150, valid, internal
Received Path ID 0, Local Path ID 0, version 0
Community: 1273:12752 1299:431 1299:4000 1299:20000 1299:20002 1299:20200 3216:2001 3216:2999 3216:4100 47541:701 47541:41100 47541:41111 47541:50078
Path #2: Received by speaker 0
Not advertised to any peer
1299 1273 3216 3216
87.240.191.248 (metric 31) from 87.240.191.248 (87.240.191.248)
Origin IGP, metric 5000, localpref 150, valid, internal
Received Path ID 0, Local Path ID 0, version 0
Community: 1273:12752 1299:431 1299:4000 1299:20000 1299:20002 1299:20200 3216:2001 3216:2999 3216:4100 47541:701 47541:41100 47541:41111 47541:50078
Path #3: Received by speaker 0
Not advertised to any peer
174 6762 3216 3216
87.240.191.249 (metric 31) from 87.240.191.249 (87.240.191.249)
Origin IGP, metric 5000, localpref 150, valid, internal
Received Path ID 0, Local Path ID 0, version 0
Community: 174:21100 174:22005 47541:701 47541:41100 47541:41108 47541:50078
Path #4: Received by speaker 0
Advertised to update-groups (with more than one peer):
0.2
Advertised to peers (in unique update groups):
188.93.60.188
174 6762 3216 3216
149.6.169.113 from 149.6.169.113 (38.28.1.236)
Origin IGP, metric 5000, localpref 150, valid, external, best, group-best
Received Path ID 0, Local Path ID 0, version 913059757
Community: 174:21100 174:22005 47541:701 47541:41100 47541:41108 47541:50078
Origin-AS validity: not-found
Path #5: Received by speaker 0
Not advertised to any peer
1273 1273 3216 3216
195.89.114.197 from 195.89.114.197 (195.2.1.107)
Origin IGP, metric 5005, localpref 150, valid, external
Received Path ID 0, Local Path ID 0, version 0
Community: 1273:12752 3216:2001 3216:2999 3216:4100 47541:701 47541:41100 47541:41110 47541:50078
Origin-AS validity: not-found
Path #6: Received by speaker 0
Not advertised to any peer
3356 3356 3216 3216 3216
213.242.69.69 from 213.242.69.69 (4.69.177.130)
Origin IGP, metric 5000, localpref 150, valid, external
Received Path ID 0, Local Path ID 0, version 0
Community: 3216:2001 3216:2999 3216:4100 3356:2 3356:22 3356:100 3356:123 3356:503 3356:2067 47541:701 47541:41100 47541:41107 47541:50078
Origin-AS validity: not-foundAS-PATH points to AS174 - Cogent (uplink Mail.RU, Tier1), then AS6762 - Telecom Italia (uplink Vimpelcom). Local Preference everywhere 150, but so on all external joints, regardless of the written policies .
Let's see the AS47542 (VKONTAKTE-MSK-CDN-AS).
Router: mx960-m9-0
Command: op lg-sh-bgp prefix 81.211.56.202
0.0.0.0/0 LP:151 MED: NH:87.240.191.222 AS path: 47541 I
Communities:
Accepted Best
0.0.0.0/0 LP:151 MED: NH:95.142.204.251 AS path: 47541 I
Communities:
Accepted
Inactive-reason: Interior > Exterior > Exterior via InteriorAnd from the second router:
Router: mx960-m9-1
Command: op lg-sh-bgp prefix 81.211.56.202
0.0.0.0/0 LP:151 MED: NH:87.240.191.224 AS path: 47541 I
Communities:
Accepted Best
0.0.0.0/0 LP:151 MED: NH:95.142.204.250 AS path: 47541 I
Communities:
Accepted
Inactive-reason: Interior > Exterior > Exterior via InteriorOnly default routes (0.0.0.0/0). This situation was explained by an employee of Mail.RU Group greediness , for which he thanks. In short: the Moscow segment of the VKontakte network is caching (rather than generating), whose task is to optimize the download speed of popular, demanded content. Caring for users, yes.
If there is no route to any network, then this network is not served by caching servers. So the optimization of the download speed does not work, and users suffer. But here it is necessary to emphasize - users are not only their own, but also VimpelCom.
Conclusions:
- From Vimpelcom, traffic towards Mail.RU Group is distributed naturally. No artificial redirects through Local Preference manipulations detected
- On the part of Mail.RU Group, there are manipulations with Vimpelcom prefixes . On existing routes towards the Vimpelcom network through Russian operators, priorities are underestimated compared to routes through foreign Tier1 operators.
- Managers of the BGP community have been added to the routes transferred to Russian operators (MTS, Rostelecom, RETN.NET) from the Mail.RU Group to restrict their distribution to Vimpelcom
Why does Mail.RU Group prioritize routes through Europe? Why Mail.RU Group prohibits a short domestic connection with Vimpelcom?
Is it cheaper for them? Drive traffic through foreign channels and pay currency to tirvans?
Or is there a desire to drive traffic away so that it wasn’t so convenient to take it, huh?
This is not known to the network engineer ...
Depyring results: 06/17/2019
BGP sessions between Vimpelcom and Mail.RU Group raised:
AS47764 (Mail.RU):
AS47541 (Vk):
AS47542 (Vk CDN): It
is not known who initiated the raising of the sessions.