BGP Route Leak
What is BGP Route Leak?
BGP Route LeakAn unintended BGP propagation in which an autonomous system advertises routes outside the intended business relationship, often steering global traffic into the wrong AS.
A route leak, formally categorized in RFC 7908, occurs when an AS advertises routes it learned from one neighbor to another neighbor in a way that violates the local routing policy (typically the Gao-Rexford model: customer, provider, peer). Unlike a deliberate hijack, route leaks are usually misconfigurations of route maps, prefix lists, or BGP confederation/community handling. The effect is similar to a hijack: traffic for prefixes is funneled through the leaking AS, which is often undersized, causing congestion, packet loss, and exposure of traffic to interception. High-profile examples include the 2017 Google/NTT incident in Japan and the 2019 Verizon/DQE leak. Mitigations include RFC 9234 BGP Roles, RPKI ASPA, peer-locking, and outbound prefix filters.
● Examples
- 01
An ISP accidentally re-advertises full transit routes received from one upstream to another upstream.
- 02
A regional AS leaks customer prefixes to a peer, breaking customer-only contracts.
● Frequently asked questions
What is BGP Route Leak?
An unintended BGP propagation in which an autonomous system advertises routes outside the intended business relationship, often steering global traffic into the wrong AS. It belongs to the Network Security category of cybersecurity.
What does BGP Route Leak mean?
An unintended BGP propagation in which an autonomous system advertises routes outside the intended business relationship, often steering global traffic into the wrong AS.
How does BGP Route Leak work?
A route leak, formally categorized in RFC 7908, occurs when an AS advertises routes it learned from one neighbor to another neighbor in a way that violates the local routing policy (typically the Gao-Rexford model: customer, provider, peer). Unlike a deliberate hijack, route leaks are usually misconfigurations of route maps, prefix lists, or BGP confederation/community handling. The effect is similar to a hijack: traffic for prefixes is funneled through the leaking AS, which is often undersized, causing congestion, packet loss, and exposure of traffic to interception. High-profile examples include the 2017 Google/NTT incident in Japan and the 2019 Verizon/DQE leak. Mitigations include RFC 9234 BGP Roles, RPKI ASPA, peer-locking, and outbound prefix filters.
How do you defend against BGP Route Leak?
Defences for BGP Route Leak typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for BGP Route Leak?
Common alternative names include: BGP route leakage, Routing policy violation.
● Related terms
- network-security№ 092
BGP Hijacking
An attack in which an autonomous system announces IP prefixes it does not legitimately own, attracting and potentially intercepting global Internet traffic.
- network-security№ 168
CIDR Notation
Classless Inter-Domain Routing notation expresses an IP prefix as an address followed by a slash and the number of significant bits, e.g., 10.0.0.0/8.
- network-security№ 553
IP Address
A numeric identifier assigned to a network interface for routing across IP networks: 32 bits in IPv4 (RFC 791) or 128 bits in IPv6 (RFC 8200).
- network-security№ 1136
TCP/IP
The four-layer Internet Protocol Suite that defines how packets are addressed, routed, fragmented, and reliably delivered between hosts across interconnected networks.
- network-security№ 1113
Subnet
A contiguous range of IP addresses that share a common prefix, defining a single broadcast domain and routing boundary on a network.
- attacks№ 338
DNS Hijacking
An attack that redirects DNS resolution to attacker-controlled answers by modifying client settings, router configurations, resolver responses, or authoritative DNS records.