BGP handling bug causes widespread internet routing instability

Summary

May 27 2025 BGP handling bug causes widespread internet routing instability At 7AM (UTC) on Wednesday May 20th 2025 a BGP message was propagated that triggered surprising (to many) behaviours with two major BGP implementations that are often used for carrying internet traffic. This caused a large number of “internet facing” BGP sessions to automatically shut down, causing at the very least some routing instability, and at worst brief loss of connectivity for some networks. What was the message? Using the sessions that people feed to bgp.tools, we can see here a version of the update that caused this behavior, it is a relatively unremarkable BGP Update for a /16, except it had a BGP Prefix-SID Attribute that was not only unwelcome (it is unexpected to see this on internet table BGP updates), but it was also corrupt with all of its internal data being 0x00. Most implementations (IOS-XR/Nokia SR-OS) correctly filtered this out without causing any problems assuming their systems have been setup for RFC7606 (“BGP error tolerance”), however an interesting interaction with JunOS and Arista EOS caused JunOS to carry the corrupt message, and Arista EOS devices to reset sessions when receiving the message from (likely) a JunOS device. Since a lot of internet transit carriers use Juniper hardware running JunOS, this meant that those running Arista EOS and connected to an upstream transit carrier router running JunOS would have had their access to the internet severed for a period (likely up to 10 mins). Who emitted the message? After filtering through the whole bgp.tools archive for that period, it would appear that a number of AS origins were involved with this incident. Suggesting that rather than the attribute having been added by the network that originated the prefix, it was added by a carrier in the middle on its way to the wider internet. The 4 candidates that appear in all of the offending messages are: AS9304 ( Hutchison Global Communications Limited ) AS135338 ( Star...