Addressing a particular internetworking misconception
Radar

BGP Route leaks vs BGP Hijacks

Since 2014 Qrator Labs has developed a BGP monitoring and analytics service called Qrator.Radar.  One of its main features is monitoring specific BGP anomalies that could result in an incident that we would further call either a BGP route leak or BGP hijack.

Both of them reroute traffic to third parties, compared to the no-anomaly state, but differently. Over the last few years, a lot of efforts have been invested in solving those issues, but there are still misunderstandings about what is what and how different tools are helping resolve different problems.

Read more
The day the whole world did not walk away
Radar

Yesterday, on February 19 Internet observed yet another demonstration of a handy Noction feature that is probably supposed to get you rich but is more likely to make you infamous.

Starting from 09:48 UTC, we saw around 200 thousand routes of previously non-existent prefixes with broken AS_PATH. But first things first.

The day started with a rather harsh and buzzing sound of email notifications for critical routing events, which, as you can see, are cut off on such a high threshold that we consider those to be global. 

Read more
AS28548 - Cablevision - Route Leak
Radar

February 11, 2021 - AS28548 - Cablevision - leaked 2828 prefixes, creating 2828 conflicts for 763 ASNs in 80 countries. Maximum propagation: 93%. Severity: High.

Read more
Prepending the trouble
Radar

January 27 of the year 2021 was marked with quite a peculiar route leak. AS61666 - GLOBO started announcing prefixes of its upstream provider MHNET - AS28146 to its another provider ALGAR - AS16735. In three minutes GLOBO leaked 1330 prefixes, and the whole routing incident lasted for 8 minutes - a time that was enough to create 1435 conflicts in 21 countries with 265 ASNs, mainly in Brazil (194 ASNs), United States (22 ASNs) and Venezuela (7 ASNs).

Read more
AS9304 leaking 8764 prefixes through AS15412
Radar

One would expect 2021 to start somewhat differently compared with chaos of the previous year. In Qrator.Radar, we also hoped for the better. Unfortunately, as soon as January 6 - today, we proved wrong.

Read more
Lumen aka CenturyLink is generating routing incidents via former Level3 network, again
Radar

AS203, belonging to what was formerly known as "Level3", acquired by "CenturyLink" in 2016, latter rebranded as "Lumen" in 2020, is a frequent visitor within the incident reports of the Qrator.Radar team. We are not here to blame anyone, but such occurrence of routing incidents for a single organization is worrying - we hope this article would help you to understand how even a small event could reach enormous impact with specific prerequisites met.

Read more
AS1221 hijacking 266 ASNs in 51 countries
Radar

On Tuesday, September 29, 2020 AS1221 - Telstra announced 472 prefixes in a BGP hijack event that affected 266 other ASNs in 50 countries, with the most damage rendered to the U.S. and U.K. based networks. Worldwide it affected more than 1680 IPv4 prefixes, creating almost 2000 path challenge conflicts.

Read more
(Yet another one) CenturyLink BGP incident and the blinking Internet
Radar

On Sunday, August 30, 2020, it all started with a simple question: “What’s happening?”

A downdetector.com screenshot at the beginning of the incident

Approximately around 10 UTC, the global Internet started experiencing a very specific state of connectivity - inside the network of one of the largest Tier-1 operators in the world, CenturyLink (primary AS3356), something bad was undoubtedly going on.

Read more
AS42910 leaking hundreds of prefixes, affecting Akamai and Western Asia region
Radar

Yesterday, on August 24, 2020, Qrator.Radar BGP monitoring saw a rather large route leak originating from the AS42910 - Premier DC, containing 1403 prefixes mainly from the United States (571) and, peculiarly, Akamai. And then almost all the Western Asia region countries.

Read more
What is happening with the BY internet segment in terms of BGP and IPv4/IPv6
Radar

Before we start investigating what is happening with the Internet within and outside of Belarus, let us quote a couple of sentences we are repeating in annual National Reliability Research & Report

“Strictly speaking, when the BGP and the world of interdomain routing were in the design stage, the creators assumed that every non-transit AS would have at least two upstream providers to guarantee fault tolerance in case one goes down. However, the reality is different; over 45% of ISP’s have only one connection to an upstream transit provider. A range of unconventional relationships among transit ISPs further reduces reliability. So, have transit ISPs ever failed? The answer is yes, and it happens with some frequency. The more appropriate question is — under what conditions would a particular ISP experience service degradation? If such problems seem unlikely, it may be worth considering Murphy’s Law: “Anything that can go wrong, will.”

Why are we repeating this rather than start with the facts and timesteps as usual? Because this is precisely the case, from our point of view, with Belarus’ internet segment. Let us take a look at two diagrams representing a BGP network of Belarus a month ago, at the beginning of July 2020:

Read more