A Regional Look into BGP Incidents in 2020

By Augusto Mathurin, MANRS Fellow (2020 Cohort)

While the MANRS team has already covered Border Gateway Protocol (BGP) security and the MANRS Year in Review for 2020, we can analyze BGP incidents gathered from different sources and through different lenses. In this post, I dig deeper into the incidents by considering them by region and in perspective.

Let’s start with the big ones. The following are five of the most important routing incidents from last year:

Most BGP incidents are short-lived and have limited impact on the Internet. However, whether from accidental misconfiguration or malicious attacks, the results are often more than just inconvenient. Now that the MANRS Observatory has more than two years of routing incidents data, let’s take a look!

Fig-1: Evolution of monthly incidents between 2019 and 2020.
Source: MANRS Observatory

In Figure 1, we see that there is not a dramatic difference between 2019 and 2020, though there is a slight increase in the number of route misoriginations, or hijacks, and a slight decrease in leaks. Figure 2 below shows there were 1,727 hijacks and 1,865 leaks registered in 2019. In 2020, there were 2,255 hijacks (30.57% more) and 1,260 leaks (32.44% less).

Fig-2: Incidents in 2019 vs. 2020.
Source: MANRS Observatory

In Figure 3, analyzing the data by Regional Internet Registries (RIRs), we see the same trend: in 2020, there were more hijacks and fewer leaks across all RIRs, with the exception of AFRINIC, which saw the number of leaks climb in 2020.

Fig-3: Incidents in 2019 vs. 2020 by RIRs.
Source: MANRS Observatory

Simply comparing the number of incidents per year by RIR might paint a misleading picture, because new Autonomous System Numbers (ASNs) are registered every day, and some RIRs handle more resources than others. So, if we put things in perspective, even a flat trendline over time is in fact a positive development. In Figure 4, we consider the incidents per 1,000 registered ASNs by region in 2019 vs 2020.

Fig-4: Incidents per 1000 registered ASNs in 2019 vs. 2020 by RIRs.
Sources: MANRS Observatory, Telecom SudParis

While the increase in the number of BGP hijacks remains, the improvement on leaks is considerable. If we compare the data across RIRs, we can see that all of them improved on leaks, except AFRINIC. It is true that this RIR has the lowest absolute numbers of leaks and hijacks in both years, but it must be said that they are clearly behind other regions in relative terms, as we can see in Figure 4.

APNIC, ARIN, LACNIC, and RIPE NCC all decreased their number of leaks, both absolutely and relatively, but they had more route misoriginations in 2020 than in 2019. There is obviously still room for improvement, so the commitment to routing security should continue and get even stronger in the future.

Lastly, let’s remember that not everything was captured by numbers and charts. 2020 was a year full of development, milestones achieved, and new participants in MANRS.

Since the beginning of 2020, Google started to contact proactively its peers to alert them about routing information that appears invalid. In May, Team Cymru was the first cybersecurity partner to join MANRS. In December, China Telecom and DigitalOcean also joined.

In 2020, MANRS launched the CDN and Cloud Programme, along with several prominent technology companies, including Verisign, Google, Microsoft, and AWS. In partnership with Global Cyber Alliance, MANRS announced a global study to understand the current state of routing security concerns as well as tool and practice – please take the survey!

In April, MANRS announced it has more than 300 ISPs, and in December, it hit the 500 members milestone.

Keeping the Internet highways clean and secure is hard work, and it takes a strong commitment from all network operators around the world. We should build on all this hard work, and support more networks to join MANRS to protect the core of the Internet together.

Editor’s note: This is a guest post by a MANRS fellow. Viewpoints expressed in this post are those of the author’s and may or may not reflect official positions.

Leave a Comment