An experiment run by Duke University and a European group responsible for managing Internet resources went wrong Friday, disrupting a small percentage of Internet traffic.
The damage could have been far worse however, and the incident shows just how fragile one of the Internet’s core protocols really is, security experts say.
The problem started just before 9 a.m. Greenwich Mean Time Friday and lasted less than half an hour. It was kicked off when RIPE NCC (Reseaux IP Europeens Network Coordination Centre) and Duke ran an experiment that involved the Border Gateway Protocol (BGP) — used by routers to know where to send their traffic on the Internet. RIPE started announcing BGP routes that were configured a little differently from normal because they used an experimental data format. RIPE’s data was soon passed from router to router on the Internet, and within minutes it became clear that this was causing problems.
“During this announcement, some Internet service providers reported problems with their networking infrastructure,” wrote RIPE NCC’s Erik Romijn in a note posted to the NANOG (North American Network Operators Group) discussion list. “Immediately after discovering this, we stopped the announcement and started investigating the problem. Our investigation has shown that the problem was likely to have been caused by certain router types incorrectly modifying the experimental attribute and then further announcing the malformed route to their peers.”
That shouldn’t have happened on systems that were properly configured to support BGP, Romijn said, but nonetheless for a brief period Friday morning, about 1 percent of all the Internet’s traffic was affected by the snafu, as routers could not properly process the BGP routes they were being sent.
“Over 3,500 prefixes (announced blocks of IP addresses) became unstable at the exact moment this ‘experiment’ started,” wrote Earl Zmijewski, a general manager with Internet security firm Renesys. “Not surprisingly, they were located all over the world: 832 in the US, 336 in Russia, 277 in Argentina, 256 in Romania and so forth. We saw over 60 countries impacted.”
Security experts have warned for years that attackers could cause serious Internet disruptions by messing with BGP routes. Two years ago, YouTube was temporarily cut off from the Internet after a Pakistani BGP route that censored the video service was inadvertently spread worldwide.
Earlier this year, bad routes announced out of China ended up briefly disrupting some Internet traffic.
The damage from Friday’s experiment was minimal, but if someone had been able to intentionally announce bad routes, it would have been much worse, said Paul Ferguson, a researcher with security firm Trend Micro.
It’s unclear why RIPE NCC and Duke were trying out these new route formats.
One of the researchers behind the experiment, Duke assistant professor Xiaowei Yang, declined to talk in detail about the experiment, citing legal concerns. But she said that the work was for a research paper, and the BGP data that was sent was “100 percent standard compliant.”
“It is an experiment initiated by my student and I,” she wrote in an e-mail message. “It unexpectedly triggered some vendor bugs.”
RIPE NCC could not immediately be reached for comment.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com