Massive Vodafone India route leak
On September 5 the year 2017, at 15:03 UTC AS55410, owned by Vodafone India leaked more than 10 000 prefixes in the direction of AS1273, belonging to the parent Vodafone holding headquartered at Newbury, United Kingdom. This leak further spread to the outer world, including most Tier-1 ISPs.
Three big Indian ISPs suffered directly: (ASNs: 4755, 18101 and 9498), increasing latency in their networks. More than 400 operators within South Asia region were affected collaterally. The active phase of this incident lasted for 5 minutes, with a total leak duration of 25 minutes.
Possible cause of this route leak hides in the incorrect setup of the BGP routing configuration between Vodafone autonomous systems 55410 and 1273. Often BGP routing configuration between several ASNs owned by the same company could be quite complicated, requiring perfect synchronization on both sides (good, if there are just two of them). Our team is developing an initiative (https://initiatives.qrator.net/details/asn-union), aimed at simplifying this complexity and easing the process of routing policy configuration between several ASNs that belong to one organization.
Standard warning from Qrator.Radar team — persistent monitoring is the only way for early detection and coping with consequences of various eventual network anomalies, where route leak is just a single example.