+420-602-558-144 I'm under attack Log in Sign Up
DDoS
BGP monitoring
DNS
General

What is a BGP route leak?

BGP route leak definition

Route leaks are a type of BGP incident in which route announcements are propagated beyond their intended scope, causing traffic to be redirected through the autonomous system (AS) responsible for the incident. Route leaks can be either intentional or accidental, but they most often occur due to configuration errors.

This problem typically arises when a smaller AS mistakenly passes routes learned from one of its providers to another of its providers. As a result, a small operator may unintentionally begin carrying traffic between large providers, leading to a number of negative consequences discussed below.

What is Border Gateway Protocol (BGP)?

Border Gateway Protocol (BGP) is the primary routing protocol that enables the exchange of routing information between autonomous systems (AS) on the Internet. Similar to a ZIP code system, BGP helps direct traffic by determining which networks it should pass through and optimizing routes based on current network conditions and routing policies.

An autonomous system (Autonomous System, AS) is a collection of IP networks managed by a single organization and operating under a unified routing policy. Examples of ASes include Internet service providers, corporate and university networks, as well as networks belonging to government institutions. Each AS is assigned a unique Autonomous System Number (ASN) that is used to exchange routing information between networks.

The modern Internet consists of tens of thousands of autonomous systems interconnected in a complex distributed structure. Without a protocol such as BGP, finding the optimal route between them would be impossible, which is why BGP is critical for the stable operation of the Internet.

How BGP route leaks work

Route leaks can be compared to a short circuit in an electrical circuit. Under normal conditions, BGP routes propagate according to predefined policies: providers, customers, and peers exchange routes in accordance with established agreements and routing logic. However, during a route leak, traffic is unexpectedly redirected along an unintended path — much like electric current bypassing the main circuit and flowing along the incorrect route.

This typically occurs when a small autonomous system (AS), after receiving routes from one provider, mistakenly passes them to another provider. As a result, traffic between two large operators may be routed through a smaller AS that is not intended to handle such volumes of data.

Consequences of BGP route leaks

As with a short circuit, a route leak not only disrupts the normal operation of the system but can also lead to much more serious consequences, including service disruptions and security risks.

  • Increased latency. During a route leak, traffic may be routed along a longer or less efficient path, increasing network latency (RTT). This can degrade the performance of services, especially those sensitive to delays, such as video conferencing, online gaming, or financial systems.
  • Traffic redirection through unintended ASes. Due to a route leak, traffic may be routed through malicious autonomous systems, creating conditions for man-in-the-middle (MitM) attacks, including the interception, analysis, or manipulation of data.
  • Denial of service due to a sudden surge in traffic volume. Redirecting large volumes of traffic through an AS not designed to handle them can cause congestion, which in some cases may result in denial of service (DoS) and make services unavailable to legitimate users.

Even a single route leak can affect significant portions of the Internet. That is why it is crucial to detect such incidents as early as possible and respond to them promptly.

Real-world examples of BGP route leaks

Route leaks are neither rare nor merely a hypothetical threat: dozens of such BGP incidents are recorded worldwide every day. Below are several of the most well-known cases that resulted in serious consequences.

  • Google service outage caused by a route leak in Nigeria. On November 12, 2018, a routing misconfiguration by the Nigerian provider MainOne (AS37282) caused a route leak that redirected global traffic to Google through China, Russia, and Nigeria. Due to the high load, the intermediate networks were unable to handle the volume of traffic, making Google services unavailable for a large number of users for 74 minutes.
  • Global outage caused by a route leak in Malaysia. On June 12, 2015, the operator Telekom Malaysia (AS4788) mistakenly began announcing about 176,000 prefixes it had learned from customers and peers to the provider Level3 (AS3356). Level3 then propagated these routes to its own customers and peers, causing a significant portion of global traffic to be redirected through Telekom Malaysia. This led to a sharp increase in latency and widespread packet loss, particularly on routes between Asia and other regions. As a result, users around the world experienced major disruptions and slower Internet speeds for about two hours.

These incidents demonstrate the fragility of global routing — where a configuration error by one operator can cause a major disruption on the other side of the world.

BGP route leak prevention and mitigation

One of the key vulnerabilities of the BGP protocol is its trust-based model: autonomous systems exchange routes assuming that their neighbors announce only valid routing information. While this simplifies global routing, it also introduces risks — including the possibility of route leaks, which may occur either accidentally or as a result of malicious intent.

To protect against BGP hijacks, the RPKI ROA mechanism has been developed and is now widely used. It relies on cryptographic signatures to verify whether a particular AS is authorized to announce a specific IP prefix. However, RPKI ROA does not address the problem of route leaks.

To prevent such incidents, another mechanism is required — BGP Roles, defined in RFC 9234. It allows operators to explicitly specify the type of relationship between neighboring ASes (for example, provider–customer) and use this information to filter anomalous routes. However, this standard has not yet been widely adopted, so the risk of route leaks remains relatively high. As a result, network engineers must closely monitor for such incidents and respond to them promptly.

Qrator.Radar helps address this challenge. It is a real-time BGP monitoring and analytics service that enables the rapid detection of network anomalies such as route leaks and BGP hijacks. Through detailed analysis and a notification system, Qrator.Radar helps operators quickly identify incidents affecting their networks and minimize potential damage.

Previous article Next article
Article’s content
BGP route leak definition What is Border Gateway Protocol (BGP)? How BGP route leaks work Consequences of BGP route leaks Real-world examples of BGP route leaks BGP route leak prevention and mitigation
Qrator Labs uses cookies to improve your experience, deliver personalized content and analyze our traffic. By clicking “Accept All” you agree to the storing of cookies on your device to enhance website navigation and analyze usage, assisting in our marketing efforts and improving user experience. You may modify your cookies settings at any time, as explained in our Cookie notice.

Cookies Preference Center

Strictly Necessary Cookies

Always Active

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Detailed information about this category of cookies can be found in the Cookie Policy.
Performance/Analytics Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance. Detailed information about this category of cookies can be found in the Cookie Policy.
Targeting/Marketing Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. You may opt out of Targeting/Marketing cookies through the "Cookie settings" button. Detailed information about this category of cookies can be found in the Cookie Policy.
Functionality Cookies
These cookies enable the Website to provide enhanced functionality and personalization. Company sets some functionality cookies, while third party providers whose services Qrator Labs added to the website set the rest of these cookies. If you do not allow functionality cookies, then services relying on functionality cookies may not function properly.
Your subscription successfully activated
To main page
Type
Name
Email
Phone Number
Write your message