The provider, Hathway, made a technical change that caused traffic to more than 300 network prefixes belonging to Google to be directed to its own network, wrote Doug Madory, director of Internet analysis at Dyn, which studies global traffic patterns.
This type of error is seen daily across the Internet. It involves BGP (border gateway protocol), which is used by networking equipment to direct traffic between different providers. Changes in the network are “announced” by providers using BGP, and propagate across the internet to other providers over time.
But mistakes in BGP announcements can cause traffic to go where it isn’t supposed to, often disrupting services. When such changes are made for malicious purposes it’s known as route hijacking, but there is no suggestion that Hathway’s action was intentional.
Route hijacking can give a network full visibility into the traffic it has commandeered, putting it at risk if it is not encrypted. Organizations have few courses of action and must wait until global routing tables are corrected.
Hathway’s BGP error was accepted by its transit provider Bharti Airtel, which then broadcast the changes. The incorrect routes were accepted by other network providers including Cogent, Level 3, Orange, Singapore Telecom and Pakistan Telecom, Madory wrote.
Network providers have ways to verify that routing changes are being executed by the entity that legitimately controls the IP addresses in question. In Europe, digital certificates are used.
But the system requires broad participation by network providers to obtain the certificates and for others to verify them, which has resulted in BGP issues still being a problem.