For more than two hours on Thursday, one of China’s largest internet providers forced a huge chunk of European mobile traffic to be rerouted through its own servers.
China Telecom has been implicated in similar incidents before. For about 18 minutes in April 2010, roughly 15 percent of the world’s internet traffic suddenly traversed through Chinese servers. This included traffic flowing to and from U.S. government and military websites, including NASA. Commercial sites for companies such as Dell and Microsoft were similarly affected.
Thursday’s incident, the result of what’s known as a BGP route leak, is said to have swallowed massive amounts of mobile traffic originating from service providers in France, Switzerland, and Holland. Users reportedly experienced significant slowdowns in data speeds.
At the time of writing, China Telecom has yet to be formally accused of intentionally causing the routing leak, though the duration of the episode is unusual, experts say, and such incidents can be malicious.
As ZDNet reported in October, academic research out of the US Naval War College and Tel Aviv University fingered China Telecom’s behavior as highly suspicious, revealing that the company had seamlessly “hijacked the domestic US and cross-US traffic and redirected it to China over days, weeks, and months.” While BGP leaks can be explained by routine configuration errors, the incidents reviewed by researchers suggested “malicious intent,” they said.
“Two hours is a long time for a routing leak of this magnitude to stay in circulation, degrading global communications,” said Doug Madory, director of Oracle’s internet analysis division.
BGP route leaks—so named after the Border Gateway Protocol (BGP) that helps routers determine the best route to reach a particular network destination—are not uncommon. They can result when an autonomous system (AP) illegitimately advertises that it can deliver traffic to blocks of IP addresses, which are grouped by network prefixes. This frequently happens by mistake and there are often few safeguards in place, as BGP trusts all AP announcements by default.
On Thursday, a major data center in Switzerland, Safe Host, leaked more than 70,000 routes to China Telecom, which in turn announced the routes on the global internet, causing huge amounts of traffic destined for European networks to be rerouted through its own servers.
The incident shows that BGP route leaks are still a critical problem for the global communications, said Madory, adding that China Telecom had clearly “neither the basic routing safeguards” nor proper procedures in place “to detect and remediate them in a timely manner when they inevitably occur.”