Senior network/routing/noc staff at the top 5-10 backbones mostly. They move most/all bits at some points. For 2014 that was Level 3, Telia Sonera, Cogent, GTT, Tata, Verizon, Sprint and a few others.
One or more of these networks likely provides transit to the errand AS or the errand AS' upstream and they can lean on them pretty hard. Doing so will be in full compliance to whatever transit agreement exists between them as well. No need to be big brother about it, it's plain self-interest. They have SLAs to meet.
It is an admin for each AS. Each AS that has a direct connection to the abusing AS would need to put a stop to it, otherwise risk being seen as complicit themselves. Hops further down could blacklist an AS as well.
Large ISP's may have multiple people that can affect these policies.
The BGP admins are those that are assigned that task by whatever company or organisation owns the AS they are responsible for.
There is no central authority, most people that are interested in that sort of stuff are on various mailing lists, the main one being NANOG.
Generally for larger ISP's they will have direct contacts with their counterpart on their BGP neighbour where the handoff from network to network exists, for smaller entities (for example a small business with two uplinks that announces their own /24) they may have a support contact that they can call about issues.
Is it a risk? Maybe. The Internet and BGP is built on mutual respect. You can and sometimes will filter certain routes from certain uplinks/providers to change how routing happens from your network onto the next hop, but overall there is no authentication, and no authorization.
Anyone that has an AS, and has a peer that is willing to accept their routes, can advertise whatever they want.
As for how many there are? How many CCNA/CCNP/CCIE's are there out there? How about comparable certs for Juniper/Alcatel Lucent and whatnot. Each of them could potentially be a BGP admin. It's not a difficult job. When I worked at a large ISP I remember announcing some new IP's out from our AS to the world from a new location and watching it propagate across the world. Had me and my colleague made one little typo we could have accidentally announced the wrong thing.
The only controls are policies that are set up by each AS for what routes they will or will not accept from a neighbouring AS. In general this is an accept all. Then the AS can choose to re-advertise it's received routes from it's neighbours to it's other neighbours, this is how route propagation works. You can also choose for example to receive routes from a neighbour but not re-advertise them (i.e. you don't become transit).
BGP changes happen every minute of every day. Routes get added, get removed, and those things propagate. This is not the first time nor the last time that a mistake happens, or that someone advertises an address space they shouldn't be advertising. Look at what happened when China accidentally leaked routes that took YouTube and Google off-line for a bit, or the BGP issues with Syria advertising everything in an attempt to take the internet offline in their country...
acveilleux|10 years ago
Source: http://research.dyn.com/2015/02/bakers-dozen-2014-edition/
One or more of these networks likely provides transit to the errand AS or the errand AS' upstream and they can lean on them pretty hard. Doing so will be in full compliance to whatever transit agreement exists between them as well. No need to be big brother about it, it's plain self-interest. They have SLAs to meet.
X-Istence|10 years ago
Large ISP's may have multiple people that can affect these policies.
larrys|10 years ago
Similar to my question. Who are they, how many are there, how do they communicate, is the fact that they have this power in itself some kind of risk?
X-Istence|10 years ago
There is no central authority, most people that are interested in that sort of stuff are on various mailing lists, the main one being NANOG.
Generally for larger ISP's they will have direct contacts with their counterpart on their BGP neighbour where the handoff from network to network exists, for smaller entities (for example a small business with two uplinks that announces their own /24) they may have a support contact that they can call about issues.
Is it a risk? Maybe. The Internet and BGP is built on mutual respect. You can and sometimes will filter certain routes from certain uplinks/providers to change how routing happens from your network onto the next hop, but overall there is no authentication, and no authorization.
Anyone that has an AS, and has a peer that is willing to accept their routes, can advertise whatever they want.
As for how many there are? How many CCNA/CCNP/CCIE's are there out there? How about comparable certs for Juniper/Alcatel Lucent and whatnot. Each of them could potentially be a BGP admin. It's not a difficult job. When I worked at a large ISP I remember announcing some new IP's out from our AS to the world from a new location and watching it propagate across the world. Had me and my colleague made one little typo we could have accidentally announced the wrong thing.
The only controls are policies that are set up by each AS for what routes they will or will not accept from a neighbouring AS. In general this is an accept all. Then the AS can choose to re-advertise it's received routes from it's neighbours to it's other neighbours, this is how route propagation works. You can also choose for example to receive routes from a neighbour but not re-advertise them (i.e. you don't become transit).
BGP changes happen every minute of every day. Routes get added, get removed, and those things propagate. This is not the first time nor the last time that a mistake happens, or that someone advertises an address space they shouldn't be advertising. Look at what happened when China accidentally leaked routes that took YouTube and Google off-line for a bit, or the BGP issues with Syria advertising everything in an attempt to take the internet offline in their country...
_ikke_|10 years ago
They arrange with each other to connect their networks, sometimes payed, sometimes with no money exchanged.
These admins are not self-appointed admins over the 'internet', but they just maintain their own networks.