• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
MANRS

MANRS

Mutually Agreed Norms for Routing Security

  • Home
  • About
    • About MANRS
    • History
    • Partners
    • Advisory Group
      • Description and Role
      • Members
    • Testimonials
    • Contact Us
  • Programmes
    • Network Operators
      • Network Operators Programme and Actions
      • Implementation Guide
      • Participants
      • Join MANRS
    • IXPs
      • IXP Programme and Actions
      • Participants
      • Join IXP Programme
    • CDN and Cloud Providers
      • CDN and Cloud Providers Programme and Actions
      • Participants
      • Join the Programme
  • MANRS Ambassadors
  • Resources
    • All Resources
      • Implementation Guide
      • Papers
    • Training
      • Workshops
      • Tutorials
    • Promote MANRS
  • Observatory
  • Blog
  • Join

MANRS in the news: Oracle ‘net-watcher agrees, China Telecom is a repeat offender for misdirecting traffic

November 8, 2018 by Internet Society Leave a Comment

This article was written by Richard Chirgwin and originally published at The Register website. The views expressed in this article are those of the author alone and not the Internet Society/MANRS.

Network admins really need to mind their MANRS

Oracle has backed claims that China Telecom Border Gateway Protocol (BGP) announcements regularly take internet traffic on an unwanted tour of the Middle Kingdom.

At the end of October, a Naval War College paper by Chris Demchak and Yuval Shavit documented what the pair said were “unusual and systematic hijacking patterns associated with China Telecom” (PDF).

Now that report has received a degree of corroboration from Oracle Internet Intelligence (OII).

While declining to comment on possible motivations, OII’s Director of Internet Analysis Doug Madory blogged today that he “expended a great deal of effort” to end traffic misdirection by China Telecom in 2017.

As evidence, Madory described a leak lasting “less than a minute” from 2015, when an announcement from China Telecom’s AS4134 resulted in transit customer South Korea Broadband (AS9318) sending traffic to China via Verizon APAC (AS703).

That event illustrated how far an error can reach and how long it could persist: 18 months later, traffic starting out in a Telia router in London, and destined for Australia’s Department of Defence, was sent to Verizon APAC via China Telecom. Madory provided a traceroute as proof:
The long way home … London to Sydney via China
(Image: Oracle Internet Intelligence)

In other words, having let their systems accept the route announcements, network admins failed to correct the error for up to two-and-a-half years.

Madory told The Register: “BGP routes from Verizon APAC were partially routed through China Telecom beginning in December 2015 and going until April 2018 (~2.5 years). Those routes should never have gone through China Telecom for anywhere except in China.”

Verizon APAC errors had a knock-on effect, he explained: “Verizon APAC … were announcing [routes] to the internet on behalf of their customers. A couple of AS hops away, China Telecom was mishandling them – announcing them in a manner that would cause internet traffic destined for those IP address ranges to flow back through China Telecom’s network.”

Verizon APAC was involved in another erroneous announcement, and in his blog post, Madory wrote: “When these routes were in circulation, networks peering with China Telecom (including those in the US) accepted AS701 routes via AS4134, sending US-to-US traffic via mainland China. One of our affected clients was a major US internet infrastructure company.”

While path monitoring can help prevent leaks, it’s not a complete solution because leaks can occur “multiple hops from the origin”.

“Verizon APAC (AS703) likely established a settlement-free peering relationship with SK Broadband (AS9318), unaware that AS9318 would then send Verizon’s routes exclusively on to China Telecom and who would in turn send them on to the global internet,” Madory said.

Networks also need to watch the announcements they receive from their peers, which Madory noted is rare, and he directed his readers to the Internet Society’s MANRS project. ®

Bootnote

Madory’s post is a welcome corroboration of the Demchack/Shavit paper, even without addressing the question of intent.

China has been accused of BGP hijacks in the past – for example, in 2010, when tainted tables twice redirected as many as 37,000 networks to China Telecom.

However, BGP hijacks are almost routine. At the time of writing, BGPStream reported 18 BGP advertisements as “possible hijacks” for the few first days of November alone.

Some of these are already going on a bit – there’s currently a mixup between Harmony Hosting and France’s internet exchange GIXE that’s lasted more than 100 hours.

Whether malicious or accidental, China Telecom’s repeated BGP errors mean providers should handle its route announcements with care – and, as Madory wrote, the more networks that join the MANRS initiative, the better.

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • More
  • Email
  • Print
  • Reddit
  • Tumblr

Category iconMANRS in the News Tag iconBGP

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • 2020: A Record Year for MANRS
  • Did someone try to hijack Twitter? Yes!
  • Major Route Leak by AS28548 – Another BGP Optimizer?
  • New tool helps answer: Which RPKI-related RFCs should I read?
  • Introducing the MANRS Ambassador Program 2021
MANRS logo
Join MANRS
  • Sharing Our Content
  • Terms of Use
  • Privacy Policy
  • Contact
Follow us: Follow MANRS on Twitter Follow MANRS on Facebook Follow MANRS on LinkedIn Follow MANRS on YouTube

MANRS Document © 2016–2021

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.