IPv6 prefix that is defined for transit is reported as E1 hijack.

[stkonst]

Hi guys,

We have an IPv6 prefix that is defined in the configuration of Artemis:

prefixes:

# NL PREFIXES

  super_prefix_NL: &super_prefix_NL
  - 2001:67c:1a8::/48

And we have the transit provider defined few lines later

asns:
# NL ASNs
  my_asn_NL: &my_asn_NL 1200
  primary_upstream_NL_3: &primary_upstream_NL_3 4455

In the rule section we "glue" the prefixes with the transit provider:

rules:
# NL RULES
# These are the rules for the upstream providers of AS1200
- prefixes:
  - *super_prefix_NL
  origin_asns:
  - *my_asn_NL
  neighbors:
  - *primary_upstream_NL_3
  mitigation: manual

But still Artemis reports the prefix as being hijacked from AS4455 with E1 type but that's not correct as 4455 is a true transit provider of us.

[vkotronis]

Will try to replicate using the given configuration and crafted BGP updates using pseudo-history from https://bgpartemis.readthedocs.io/en/latest/history/ . Will report back with the findings.

[vkotronis]

Setup

Sample configuration

prefixes:
  super_prefix_NL: &super_prefix_NL
  - 2001:67c:1a8::/48

asns:
  my_asn_NL: &my_asn_NL 1200
  primary_upstream_NL_3: &primary_upstream_NL_3 4455

monitors:
  #riperis: ['']
  #bgpstreamkafka:
  #  host: stream.routeviews.org
  #  port: 9092
  #  topic: '^routeviews.*\.bmp_raw'
  bgpstreamhist: /tmp/csv_dir

rules:
- prefixes:
  - *super_prefix_NL
  origin_asns:
  - *my_asn_NL
  neighbors:
  - *primary_upstream_NL_3
  mitigation: manual

Env-compose diffs:

diff --git a/.env b/.env
index 92a2f2c2..8082bf2f 100644
--- a/.env
+++ b/.env
@@ -4,7 +4,7 @@ COMPOSE_PROJECT_NAME=artemis
 DB_VERSION=24
 GUI_ENABLED=true
 SYSTEM_VERSION=latest
-HISTORIC=false
+HISTORIC=true
 
 # Redis config
 REDIS_HOST=redis

diff --git a/docker-compose.yaml b/docker-compose.yaml
index bb633dc5..c6b1e5e0 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -110,6 +110,7 @@ services:
         volumes:
             - ./local_configs/monitor/logging.yaml:/etc/artemis/logging.yaml
             - ./monitor-services/bgpstreamhisttap/entrypoint:/root/entrypoint
+            - ./local_configs/demo_hijack/:/tmp/csv_dir/
     exabgptap:
         image: inspiregroup/artemis-exabgptap:${SYSTEM_VERSION}
         build: ./monitor-services/exabgptap/
@@ -235,6 +236,7 @@ services:
         volumes:
             - ./local_configs/backend/:/etc/artemis/
             - ./backend-services/configuration/entrypoint:/root/entrypoint
+            - ./local_configs/demo_hijack/:/tmp/csv_dir/
     database:
         image: inspiregroup/artemis-database:${SYSTEM_VERSION}
         build: ./backend-services/database/

BGP Updates

(in file local_configs/demo_hijack/pseudo-hijack.csv):

2001:67c:1a8::/48|1200|10|10 4455 1200|test-project|test-collector|A|"[]"|1571184000

[vkotronis]

@stkonst at the test setup in my case I see it as valid (no hijacks, which is the correct behavior). I suspect it has to do sth with the dual versions. Will try with both v4 ad v6 on the same rule, just to understand what might have gone wrong in your case (the default v6 case seems to work fine).