BGP route leak sends European mobile traffic via China

Yet another BGP hijack by China Telecom routes internet traffic of several European mobile operators via China

A major 'routing leak' at a data centre in Switzerland caused the re-routing of European mobile traffic through China Telecom for more than two hours - and not for the first time.

More than 70,000 routes were leaked to the Chinese ISP as a result of this incident, impacting several European ISPs including KPN of the Netherlands, Swisscom of Switzerland, and Numericable-SFR and Bouygues Telecom of France.

A large number of users reported significant slowdowns in data speeds as a result.

According to experts, the leak occurred due to a Border Gateway Protocol (BGP) route leak at Safe Host - a data centre in Switzerland.

AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office's Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC's Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.

BGP helps routers to decide the best route for a specific network destination. BGP errors are not uncommon and can occur when an autonomous system wrongfully claims to deliver traffic to the blocks of IP addresses grouped by network prefixes.

However, Thursday's incident was rare considering the duration of the leak. Moreover, rather than ignoring the leak, the Chinese telecoms company re-announced the leaked routes as its own, thereby presenting itself as one of the shortest ways to reach the network of Safe Host, as well as other European ISPs.

The leak suggests that China Telecom is yet to apply the basic routing safeguards that are required to prevent the propagation of routing leaks

"Today's incident shows that the internet has not yet eradicated the problem of BGP route leaks," Doug Madory, director of Oracle's internet analysis division.

"Two hours is a long time for a routing leak of this magnitude to stay in circulation, degrading global communications," he added.

According to Madory, the leak suggests that China Telecom is yet to apply the basic routing safeguards that are required to prevent the propagation of routing leaks. The company also lacks procedures to remediate routing leaks in a timely manner.

China Telecom is the third-largest telecoms and ISP in China and has earlier been accused of having a role in similar traffic leak incidents. Last year, an academic report accused the firm of "hijacking the vital internet backbone of western countries."

Researchers argued that Chinese agencies were using local ISPs for stealing the data of many western countries. It was claimed that ISPs were hijacking BGP routes to reroute western traffic through China.

In 2010, security specialists found that about 15 per cent of the world's internet traffic had traversed through Chinese servers for about roughly 18 minutes. That incident affected the US government and military websites, including NASA, as well as commercial firms such as Microsoft and Dell.

Cloud & Infrastructure Live 2019 returns to London on 19th September 2019. Learn about the latest technologies in cloud, how to keep one step ahead of the regulators, and network with an audience of IT leaders and senior IT pros. The event will include keynotes, panel discussions, case studies, and strategic and technical streams. Best of all, the event is FREE to qualifying attendees. Secure your place now.

Attending Cloud & Infrastructure Live 2019 already? Why not enter the Computing Cloud Excellence Awards that will be celebrated in the evening, too?