How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today

How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today

Today at 10:30UTC, the Internet had a small heart attack. A small company in Northern Pennsylvania became a preferred path of many Internet routes through Verizon (AS701), a major Internet transit provider. This was the equivalent of Waze routing an entire freeway down a neighborhood street — resulting in many websites on Cloudflare, and many other providers, to be unavailable from large parts of the Internet.

This should never have happened because Verizon should never have forwarded those routes to the rest of the Internet. To understand why, read on. We have blogged about these unfortunate events in the past, as they are not uncommon.

This time, the damage was seen worldwide. What exacerbated the problem today was the involvement of a “BGP Optimizer” product from Noction. This product has a feature that splits up received IP prefixes into smaller, contributing parts (called more-specifics).

For example, our own IPv4 route 104.20.0.0/20 was turned into 104.20.0.0/21 and 104.20.8.0/21. It’s as if the road sign directing traffic to “Pennsylvania” was replaced by two road signs, one for “Pittsburgh, PA” and one for “Philadelphia, PA”. By splitting these major IP blocks into smaller parts, a network has a mechanism to steer traffic within their network but that split should never have been announced to the world at large.

When it was it caused today’s outage.

Source: cloudflare.com