Researchers ‘break the internet’… twice

An experiment into new Border Gateway Protocol (BGP) standards accidentally knocked internet users offline twice this month, researchers have admitted.

A group of researchers from universities across the world teamed up this month to try and discover “evaluated alternatives for speeding up adoption of BGP route origin validation”.

Similar experiments, such as one in 2010 by Duke University, caused disruption due to a bug in some routers, which caused denial of service attacks.

The bugs were patched and the researchers were free to conduct the trial without causing disruption – or so they thought.

This month’s test actually forced a number of routers to crash accidentally.

These routers were running FRRouting, an open source IP routing protocol suite for Linux and Unix systems.

The test involved advertising a route with the type 0xFF which is reserved for development.

The researchers wrote online: “Despite the announcement being compliant with BGP standards, FRR routers reset their sessions upon receiving it.

“Upon notice of the problem, we halted the experiments. The FRR developers confirmed that this issue is specific to an unintended consequence of how FRR handles the attribute 0xFF (reserved for development) we used. The FRR devs already merged a fix and notified users.”

The patch was released on January 9, and on January 23 the team ran their experiment once more, and yet again forced routers offline.

According to some critics, the fact that the experiment was announced on a forum for North American researchers meant that worldwide internet users weren’t properly informed.

One poster wrote: “You caused again a massive prefix spike/flap, and as the internet is not centered around NA (shock horror!) a number of operators in Asia and Australia go effected (sic) by your “expirment” (sic) and had no idea what was happening or why.

“Get a sandbox like every other researcher, as of now we have black holed and filtered your whole ASN, and have reccomended (sic) others do the same.”

The team cancelled any further testing, which also sparked controversy online.

Supporters called for the experiments to continue, arguing that testing is key to securing BGP validation.

One commenter wrote: “I'm not sure this experiment should be canceled. On the public Internet we MUST assume BGP speakers are compliant with the BGP-4 protocol.

“Broken BGP-4 speakers are what they are: broken. They must be fixed, or the operator must accept the consequences.

“"Get a sandbox like every other researcher" is not a fair statement, one can also posit "Get a compliant BGP-4 implementation like every other network operator".

“When bad guys explicitly seek to target these Asian and Australian operators you reference (who apparently have not upgraded to the vendor recommended release), using *valid* BGP updates, will a politely emailed request help resolve the situation? Of course not!

“Stopping the experiment is only treating symptoms, the root cause must be addressed: broken software.”