BGP Routing Leak in Philippines Impacts Thousands of Routes
First spotted by Qrator Labs on Friday, this incident is considered a “Type 1” routing leak based on RFC7908, in which the leaker AS “learns a route from one upstream ISP and simply propagates it to another upstream ISP”.
Based on our aggregated netflow, we can see the impact of this event as a spike in traffic volume to flows with AS paths containing the subsequence “9304 137996 9299”. While the majority of the traffic misdirection occurred within the first hour, we can see impact lasting over two hours for some routes.
Again using aggregated netflow as a datasource, we can see that almost half of the misdirected traffic was bound for either Indonesia or Vietnam before being re-routed to the Philippines.
Doug Madory is the director of internet analysis for Kentik where he works on internet infrastructure analysis. The Washington Post dubbed him “The Man who can see the Internet” for his reputation in identifying significant developments in the global layout of the internet. Doug is regularly quoted by major news outlets about developments ranging from national blackouts to BGP hijacks to the activation of submarine cables. Prior to Kentik, he was the lead analyst for Oracle’s internet intelligence team (formerly Dyn Research and Renesys).
About the data
How do we get this data? Kentik uses thousands of service provider networks and cloud agents, located around the world, to collect information about network events, outages, and disruptions.
Market leaders like Booking.com, Box, and Zoom turn to the Kentik Network Observability Platform to plan, run, and fix any network. We show network pros what they need to know about their network performance, health, and security to make their services, apps, and products shine.
Discover the power of the Kentik Network Observability Platform for yourself—get a demo with a product expert.