Feeds

Routing instability causes net traffic chaos

Interweb routing chart snarl-up

Protecting against web application threats using SSL

Surfers experienced problems accessing parts of the internet Monday, following the flare-up of router instability problems.

Security watchers pinned the problem on "garbage" being thrown into global BGP (Border Gateway Routing) lookup tables, causing entries to become unnecessarily long. Some backbone routers with older software versions are unable to process this traffic, resulting in sessions getting dropped and problems reaching parts of the internet as a result.

BGP is a core routing protocol which, put simply, maps the best available routes for traffic to flow across the interweb. These routing tables have become snarled up with junk in the loose equivalent of motorists being instructed to go around a roundabout 20 times before proceeding with their journey. As a result traffic has become snarled up and, in some cases, may only be able to access parts of the net via the back-roads.

"The source of the problem appears to be with AS 47868 causing AS paths to become too long," writes Marcus H Sachs, director of the SANS Internet Storm Center. "Not much you can do about it unless you have access to your BGP router, in which case you might want to either block AS 47868 or limit the length of any AS path."

BGP autonomous system (AS) numbers represent unique routing domains, which are typically linked to administrative domains. These work something like place names, indicating the fastest routes on the information super-highway, with the important difference that these routing tables are not fixed but periodically updated.

Danny McPherson, chief security officer at Arbor Networks, explained that routers still running versions of Cisco software older than three years old didn’t allocate enough buffer space for "silly long AS paths, and so they blow chunks when they receive the update".

"However, other vendor implementations and patched versions happily propagate the update, apparently through numerous intermediate ASes, so seemingly random sets of BGP routers in the routing system were taking a dump, or dropping sessions with malformed AS path complaints," he notes.

Similar problems caused global routing instability five years ago, McPherson notes in a detailed technical dissection of the problem here.

The practical upshot of the problem is not altogether clear.

UK traffic stats from LINX look normal, but elsewhere Slashdot reports a "single mis-configured router is apparently able to cause a DOS for a huge chunk of the net". ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
Seagate's triple-headed Cerberus could SAVE the DISK WORLD
... and possibly bring us even more HAMR time. Yay!
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.