/plushcap/analysis/cloudflare/route-leaks-and-confirmation-biases

BGP security and confirmation biases

What's this blog post about?

On February 1, 2022, a configuration error on one of Cloudflare's routers caused a route leak of up to 2,000 Internet prefixes to an Internet transit provider. The leak lasted for 32 seconds and later 7 seconds but did not impact Cloudflare's network or customers. The company apologized for the mistake. The error occurred during a scheduled migration of one of their existing Internet transit links in Newark to a link with more capacity. Due to an oversight, no BGP filters were added to only export prefixes of Cloudflare and its customers. As a result, all known prefixes were sent to the ISP router, which shut down the session as the number of prefixes exceeded the maximum limit configured. The company has since introduced an implicit reject policy for BGP sessions to prevent such incidents in the future. They also emphasized the importance of protocols like RPKI and network automation to reduce the impact of route leaks, whether intentional or accidental.

Company
Cloudflare

Date published
Feb. 23, 2022

Author(s)
Maximilian Wilhelm

Word count
1579

Language
English

Hacker News points
6


By Matt Makai. 2021-2024.