The hijacking of Telecom Malaysia trunk provider noticeably worsened global routing last Friday.
Last Friday morning (June 12), starting at 8:40 am UTC (4:40 am EDT), prefixes were stolen from the trunk provider Telecom Malaysia, which affected the operation of routers in the Global Network on 4 continents. Problems were observed for two hours, and affected mainly providers in Oceania, as well as Europe, Asia and North America.
From the ping plots it can be seen that the BGP system in Oceania suffered the most, which was manifested for network users in packet timeouts and service connection errors, which naturally led to large-scale data loss. This was caused by a large increase in data transit time due to the fact that some routers became unavailable due to overflow of tables.
Here, for example, tracing from Sydney, which shows a significant packet loss on the Global Crossing provider's routers on 7 hop.
')
As noted earlier, at the same time, Europe experienced much more problems with the DNS, as can be seen from this track from Frankfurt. Here, too, the loss of packets led to an increase in the time of DNS-broadcasts.
In addition, Lawful Intercept systems installed on ABR were detected in the CIS countries. In some places this led to the fact that the sites only worked through https.
Distracting from the details of what happened, the global problem that arose on Friday shows the enormous potential of the “Butterfly Effect” in affecting global networks. The relatively easy flap of the provider in Malaysia caused a chain reaction that caused problems for other operators, global packet losses on another part of the Earth. It also shows that despite all the precautions taken by network administrators, sometimes the operation of our sites is completely outside our competence.
Even in spite of the fact that the specialists of Level 3 Communications, with whom Telecom Malasia had the main connectivity, promptly isolated and notified the provider about the problems, the hijacking led to such large-scale consequences.
The company responsible for the incident, has already published official comments .
From the ping plots it can be seen that the BGP system in Oceania suffered the most, which was manifested for network users in packet timeouts and service connection errors, which naturally led to large-scale data loss. This was caused by a large increase in data transit time due to the fact that some routers became unavailable due to overflow of tables.
Here, for example, tracing from Sydney, which shows a significant packet loss on the Global Crossing provider's routers on 7 hop.
')
1 2 ms 1 ms 1 ms xxx.xxx.xxx.xxx
2 * * * Timed Out
3 1 ms <1 ms <1 ms lag30.sglebinte01.aapt.net.au [202.10.14.196]
4 1 ms 1 ms 2 ms po41.sglebbrdr11.aapt.net.au [202.10.14.198]
5 <1 ms <1 ms <1 ms 203-219-106-153.tpgi.com.au [203.219.106.153]
6 2 ms 3 ms 3 ms syd-gls-har-int2-be-20.tpgi.com.au [203.29.129.196]
7,272 ms 316 ms 272 ms globalcrossing1-10g.hkix.net [123.255.91.212]
8 * * * Timed Out
9 * * * Timed Out
10 * * * Timed Out
As noted earlier, at the same time, Europe experienced much more problems with the DNS, as can be seen from this track from Frankfurt. Here, too, the loss of packets led to an increase in the time of DNS-broadcasts.
In addition, Lawful Intercept systems installed on ABR were detected in the CIS countries. In some places this led to the fact that the sites only worked through https.
Distracting from the details of what happened, the global problem that arose on Friday shows the enormous potential of the “Butterfly Effect” in affecting global networks. The relatively easy flap of the provider in Malaysia caused a chain reaction that caused problems for other operators, global packet losses on another part of the Earth. It also shows that despite all the precautions taken by network administrators, sometimes the operation of our sites is completely outside our competence.
Even in spite of the fact that the specialists of Level 3 Communications, with whom Telecom Malasia had the main connectivity, promptly isolated and notified the provider about the problems, the hijacking led to such large-scale consequences.
The company responsible for the incident, has already published official comments .
Source: https://habr.com/ru/post/260303/
All Articles