OMG. The ingenuity (and geek level) of achieving this with something that is essentially invisible to 99.99999% of the human race (even most network admins) and planning ahead to do this is... indescribable.
In similar category of doing fun things with internet tools, you can play tetris on IPv6 traceroute:
traceroute -I -q 1 trh.milek7.pl
Game is controlled by appending chars into subdomain: w – rotate, s – drop, a – move left, d – move right. Example: tracerouting wwddds.trh.milek7.pl rotates 2x, moves right 3x and drops piece. After dropping to request new piece it is required to traceroute trh.milek7.pl without commands.
8 points.22 (2001:470:1f13:202:c000::16) 20.135 ms
9 I----------I (2001:470:1f13:202:8000::) 20.071 ms
10 I----------I (2001:470:1f13:202:8000::) 20.108 ms
11 I----------I (2001:470:1f13:202:8000::) 20.109 ms
12 I----------I (2001:470:1f13:202:8000::) 20.113 ms
13 I---XXXX---I (2001:470:1f13:202:8000:0:333:3000) 20.132 ms
14 I----------I (2001:470:1f13:202:8000::) 20.120 ms
15 I----------I (2001:470:1f13:202:8000::) 20.098 ms
16 I----------I (2001:470:1f13:202:8000::) 20.097 ms
17 I----------I (2001:470:1f13:202:8000::) 17.422 ms
18 I----------I (2001:470:1f13:202:8000::) 17.262 ms
19 I----------I (2001:470:1f13:202:8000::) 17.280 ms
20 I----------I (2001:470:1f13:202:8000::) 17.279 ms
21 I----------I (2001:470:1f13:202:8000::) 17.267 ms
22 I----------I (2001:470:1f13:202:8000::) 17.268 ms
23 I----------I (2001:470:1f13:202:8000::) 17.211 ms
24 I----------I (2001:470:1f13:202:8000::) 17.193 ms
25 I----------I (2001:470:1f13:202:8000::) 17.187 ms
26 I---O------I (2001:470:1f13:202:8000::1000) 17.219 ms
27 I---OO--O--I (2001:470:1f13:202:8000:0:1001:1000) 17.306 ms
28 IOOOOO--OOOI (2001:470:1f13:202:8000:11:1001:1111) 17.036 ms
29 IIIIIIIIIIII (2001:470:1f13:202::) 16.975 ms
This sort of endearing Internet-scale thing reminds me of how NTT changes their reverse DNS's (https://mailman.nanog.org/pipermail/nanog/2016-February/0841...). There's other vanity reverse-DNS tricks that you can see in traceroutes, but this is done with a global-scale IPv4/IPv6 network that actually is carrying a lot of customer traffic. Try "traceroute ntt.net" now, you'll see hops like:
9 ae-19.sayonara-todd.r04.sttlwa01.us.bb.gin.ntt.net (129.250.66.57) 17.225 ms 17.166 ms 17.171 ms
10 ae-5.sayonara-todd.r21.sttlwa01.us.bb.gin.ntt.net (129.250.2.7) 16.257 ms 16.156 ms 16.101 ms
11 ae-3.sayonara-todd.r23.snjsca04.us.bb.gin.ntt.net (129.250.3.124) 33.097 ms 33.125 ms 31.566 ms
12 ae-7.sayonara-todd.r23.dllstx09.us.bb.gin.ntt.net (129.250.4.155) 69.840 ms 69.764 ms 69.763 ms
13 ae-6.sayonara-todd.r10.dllstx09.us.bb.gin.ntt.net (129.250.5.4) 69.634 ms 74.424 ms 72.319 ms
14 ae-0.sayonara-todd.a01.dllstx09.us.bb.gin.ntt.net (129.250.3.244) 74.050 ms 74.046 ms 74.035 ms
or
3 ae-13.sayonara-todd.r05.plalca01.us.bb.gin.ntt.net (2001:418:0:5000::bae) 1.324 ms 1.307 ms 1.205 ms
4 ae-15.sayonara-todd.r02.snjsca04.us.bb.gin.ntt.net (2001:418:0:2000::172) 2.505 ms
5 ae-10.sayonara-todd.r23.snjsca04.us.bb.gin.ntt.net (2001:418:0:2000::cd) 2.091 ms 2.067 ms
6 ae-7.sayonara-todd.r23.dllstx09.us.bb.gin.ntt.net (2001:418:0:2000::1fa) 38.386 ms 39.757 ms 38.312 ms
7 ae-6.sayonara-todd.r10.dllstx09.us.bb.gin.ntt.net (2001:418:0:2000::1c1) 41.586 ms
8 ae-1.sayonara-todd.a02.dllstx09.us.bb.gin.ntt.net (2001:418:0:2000::135) 51.986 ms
Is this NTT as in "Nippon Telegraph and Telephone"? It's a surprising and welcome sight to see such shenanigans coming out of a Japanese mega corporation that used to be owned by the government, and now operations in a heavily regulated industry.
The starting point is a BMP file of the Nyan cat which is read into a simple two dimensional array by a small python script. The script looks at the current time and maps that to a column of pixels in the BMP. Each row of pixels in the BMP is represented by one IPv4 /24. If the pixel is "on" a BGP route announcement is generated, if the pixel is "off" the route is withdrawn. Each pixel in the BMP file represents 8 hours of announcing.
AS15562 appears to be an employee of NTT out of the Netherlands. I can't tell if AS15562 is for personal or work, maybe both: http://bgp.he.net/AS15562
I couldn't care less about the IPv6 prefixes, but the IPv4 ones are all /24s made from 209.24.0.0/16, which is registered to NTT (AS2914). 209.24/16 is publicly announced (and has been for a very long time), and is routed through NTT Amsterdam routers.
I haven't looked at BGPlay to review all the data, but it looks like many of the /24s that make up that /16 were individually announced through AS15562, then later withdrawn, gradually over 4 months, to make said graph. I would hope this would be unused v4 space. That AS announced almost 98% of a /16 (probably 209.24/16): https://stat.ripe.net/AS15562#tabId=routing
Another user voiced their concerns, particularly if it was actively used: https://news.ycombinator.com/item?id=14621859 -- there's no way any of us could know this; NTT would be authoritative, and jwhois -h rwhois.gtt.net.net -p 4321 209.24.0.0/16 doesn't give any clues.
While the antic made me smirk, it doesn't (publicly) "look good" when we're living in a world that lacks (or has greatly limited) v4 space. What this says is: "NTT has a /16 they're fooling around with publicly", even though it (presumably) is harmless.
> it doesn't (publicly) "look good" when we're living in a world that lacks (or has greatly limited) v4 space. What this says is: "NTT has a /16 they're fooling around with publicly", even though it (presumably) is harmless.
NTT is one of the larger Tier 1 ISPs. Having some unused IPv4 address space is a good thing when you're such a huge network operator -- it means you can dedicate some globally-routed IPs for testing/prototyping/renumbering and also have some extra IP space for new devices. Given what happens to ISPs that run out of IPs, I am frankly glad NTT has enough free IPs to fool around with nyan cats.
If NTT was dragging its feet on IPv6, then yeah, such a stunt might look awkward, but NTT hasn't -- they've been on the forefront of IPv6 for a while. AFAICT they were the first to offer commercial IPv6 connectivity and their global IP network has been native IPv4/IPv6 since 2004, and anecdotally I see their routers in my IPv6 traceroutes all the time.
Yeah, I'm familiar with the original companies that have /8 allocations per IANA. I started using the 'net in 1989.
I'm also aware many of those places have either refused to relinquish space, or have done so but have no more to give back. Quoting Doug Barton, former manager at IANA, July 2015: "... Many orgs did give back space and/or swap allocations. But that well ran dry long ago" (if you need a reference link for that quote, let me know).
A recent example of relinquishing space is 18.0.0.0/8 (previously MIT) as of April 2017, which now has many /16 and /24 segments delegated to companies such as Comcast (ex. 18.10.0.0/16), Amazon (ex. 18.145.0.0/16), and Akamai (ex. 18.255.255.0/24), while many larger portions still reside with MIT (ex. 18.128.0.0/12, 18.0.0.0/9, 18.144.0.0/16).
My point of giving examples: note all the /16s. If you need further examples, refer to IANA's Recovered Address Space document and note the subnet sizes (many are much smaller than a /16): https://www.iana.org/assignments/ipv4-recovered-address-spac...
He's doing announcements and withdraws of a bunch of /24s and a few other prefixes (including a few IPv6). The green bars are showing that a specific prefix was visible in the global routing table at a specific point in time (and the absence of green indicating it was not globally routed).
In 1985, Chris Capon wrote a program called "Sing Song Serenade" for the Commodore 64 + 1541 disk drive. It loaded a program into the disk drive that made the stepper motor vibrate to the tune of "Daisy Bell".
Nowadays replicated (mostly) by linear actuators in stuff like the Steam controllers from Valve (intended for vibration in games). Even the Nintendo Switch joycons now have the same kind of actuators and can do this too (play sounds).
From their About us page:
"We’re the Regional Internet Registry for Europe, the Middle East and parts of Central Asia. As such, we allocate and register blocks of Internet number resources to Internet service providers (ISPs) and other organisations."
This interface is the historical bgp announcements for this particular ASN. The X access is time. The Y axis is ip address blocks.
So some employee at an ISP registered IP addresses over time in such a way as to create this pattern? Kind of like how people make art out of their github commits [1] (only without the ability to retroactively modify the dates)?
Nearly, but they didn't register them, they just had their network announce routes for them (which is just telling other networks "hi, if you have traffic for this IP range I can send it on", the registration is unrelated to that)
BGP is basically what routes the internet. It handles the routing of traffic between ASs (autonomous systems - independent networks owned by companies, with their own sets of public IP ranges). BGP is super complex, and it takes a lot of experience to understand the intricacies involved. Also BGP peering configurations are generally confidential, so much of BGP (which again, is literally the core of the internet) happens in the dark. There have been academic studies to try mapping out BGP routes, and you can see the routes when you do a traceroute. Somehow it all manages to work, mostly :).
If you want to play with BGP, download Quagga - its interface emulates the Cisco router interface. Documentation is poor but you can just reference Cisco docs.
I for one appreciated the question "what is BGP?" for the following reasons...
1. It allows me to understand that I am not the only one who doesn't understand the terminology involved, allowing the discussion to be more educational and inclusive.
2. Sometimes searching for terminology is ambiguous and without prior knowledge of the subject domain, can result in lack of confirmation as to whether the definition is the same as the one in the article.
3. For one person to ask here and have it answered, can save 100 people having to search for themselves when reading the comments.
On a technical newsfeed almost every story is littered with jargon and a ton of them I don't know what an acronym means. Not only is the correct wikipedia article the 1st result, Google actually includes the start of the definition right into the search. Its fine to ask, especially when its a generic acronym but that was not the case. Its a bad habit to get into and I speak from experience, spend a couple minutes on your own and come up with a question that shows you were willing to put in some effort.
Better yet, as I see people do around here from time to time, go read a brief synopsis and then post a "For other people who didn't know what BGP was: BGP is ....". I'm not for creating a hostile stuck up community but rewarding pure laziness seems pointless to me.
I agree (irony warning!) those IPv4 addresses would be best used for Hue lamps or something, no?
On a more serious note, I've been watching IPv6 "rolling out" since 2004 (which is when I had an active role in mobile network planning), and I'm somewhat saddened that we haven't yet been able to switch over completely (even if it is somewhat more awkward to shout IPv6 addresses across the room, which was one of the arguments one of my colleagues had against it.)
thats why we use DNS more effectively. A tool is only useful is if it implemented correctly. it would be easier and faster with well thought out DNS to yell a name across the room. (would have been my response to that silly argument)
Yeah, well, DNS can't be used for core network configs - only to expose them to lesser networks :)
To clarify those of you who haven't worked in a telco core: You can't rely on DNS to configure core network gear. EVERYTHING of consequence is done using IP addresses, DNS is a convenience/comfort service for outer layers and end users.
and there are ... so many obscure and strange problems that are caused by a hiccup or simply misconfigured DNS... not saying you shouldn't use it, just ... don't claim it's the ultimate cool-aid that resolves everything.
Correct me if my understanding of internet routing is wrong, but the IP blocks were not out of service during the experiment. Only that a router(s) was advertising that it would accept traffic for those addresses. It would cause traffic to be sent through AS15562 during the time, which may have been suboptimal at times, but eventually would have reached the destination without visitors being aware of the game being played behind the scenes.
Your understanding is mostly correct. Whether or not traffic directed to any of the /24s involved "would have eventually reached the destination" is undetermined (and possibly irrelevant), meaning it's both possible and not possible. We simply don't know. Speaking strictly about "internet routing" (BGP in this case), it is 100% possible for an announcement to send traffic through an AS which literally dumps it on the floor -- it's happened many times over the years (the Pakistan/Youtube one was noticed by many): https://en.wikipedia.org/wiki/BGP_hijacking#Public_incidents
The question is whether or not the /16 (of which most of the advertised/withdrawn /24s make up) was used by actual devices, or if it's address space NTT has yet to use. If it is assigned to NTT but unused space, then effectively no harm done. If it's actually used IP space, then that would be very inappropriate.
(the AS holder is http://instituut.net/~job/, to those uninitiated - I had to double check my comment)
Sir, I take my many virtual hats off to you.