DDoS Mitigation Leak

Summary

SubscribeIn this edition of Beyond Their Intended Scope, we take a look at last week’s BGP leak by a DDoS mitigation company which impacted networks around the world. We look at the impacts in both BGP and traffic data, and discuss how RFC 9234’s “Only to Customer” BGP Path Attribute could have helped.Late last year, we published the first edition of Beyond Their Intended Scope, our new blog series intended to shed light on BGP mishaps which may have escaped the attention of the internet community but are still worthy of analysis. In this episode, let’s take a look at a BGP routing mishap from last Tuesday that briefly disrupted and misdirected internet traffic from around the world through Bucharest, Romania, due to a BGP leak by a DDoS mitigation provider. It may come as a surprise to many that route leaks continue to occur with some regularity. The difference today is that routing hygiene has improved to such a point that these leaks are often contained to the country or region where they originated, limiting the disruption. In this case, route propagation was not limited, but it’s possible the duration of the leak may have been. The State of Routing SecurityJoin Doug Madory on April 24 for an in-depth look at the current state of routing security — the progress made and work yet to be done. “A route leak is the propagation of routing announcement(s) beyond their intended scope.” That was the overarching definition of a BGP route leak introduced by RFC7908 in 2016. Border Gateway Protocol (BGP) enables the internet to function by providing a mechanism by which autonomous systems (e.g., telecoms, companies, universities, etc.) exchange information on how to forward packets based on their destination IP addresses. In this context, the term “route,” when a noun, is shorthand for the prefix (range of IP addresses), AS_PATH, and other associated information relating to packet delivery. When routes are circulated farther than where they are supposed to go, traffic can ...