Hello, welcome to the Tuesday, June 25th, 2019 edition of the Sandsenet Storms on a stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

This morning, for about two hours, a major BGP route leak did affect a number of large internet sites including Cloudflare.

And CloudFare was the one that was most often quoted in this particular case.

CloudFair published a nice blog post about what exactly happened here and apparently the

root cause was a small internet service provider

in Pennsylvania DQE communications using BGP optimizer. What these optimizers typically do is they

well try to find the best routes for internet traffic if there are multiple options.

So what it did it in Cloudflare's case was that they took a larger net block that Cloudflare

advertised, that's usually a slash 20, split up into two slash 21s and advertised these

slash 21s and what was supposed to be internal to their network.

But apparently their upstream Verizon AS701 picked up these more specific routes and since more

specific routes have precedents over the more general or larger prefix.

These routes were now propagated to other peers connected to Verizon and AS701 this

Verizon network is one of these core networks in the Internet, so a lot of different services that appeared with Verizon were now trying to route their

traffic instead of directly to Cloudflare to this small network in Pennsylvania, which

of course as a result was overloaded and that then led to a denial of service

against Cloudflare and other affected networks.

This is yet another case where we sort of see one of the basic problems with BGP.

BGP is the protocol that allows ISP to essentially advertise which IP addresses

belong to them. And well, there's little to no verification if these advertisements are

...