Cloudflare’s widely used 1.1.1.1 DNS resolver service recently faced significant disruptions due to simultaneous Border Gateway Protocol (BGP) hijack and route leak incidents. The incidents, initiated by unauthorized announcements from AS267613 and AS262504, caused widespread misrouting of internet traffic, impacting users globally for several hours. BGP, a foundational protocol for internet routing, proved vulnerable as these announcements led to unintended traffic paths, affecting Cloudflare’s ability to resolve DNS queries reliably.
The vulnerabilities exposed in this event highlight ongoing challenges in securing internet infrastructure against unauthorized BGP modifications. BGP hijacks occur when incorrect routing information is propagated, redirecting traffic intended for one destination to another, potentially disrupting services and compromising user security. Route leaks, on the other hand, involve unintentional announcements of BGP routes, leading to unintended consequences for network operations.
Cloudflare responded swiftly to mitigate the impact, disabling affected peering points and engaging with the responsible networks to rectify the situation. They emphasized the need for broader adoption of RPKI (Resource Public Key Infrastructure) to authenticate routing information and prevent such incidents in the future. RPKI helps validate the origin of BGP routes, ensuring that announcements come from legitimate sources and reducing the risk of unauthorized changes affecting internet traffic.
Moving forward, Cloudflare continues to advocate for industry-wide improvements in BGP security practices, including stricter filtering policies and enhanced route leak detection mechanisms. They encourage network operators and ISPs to adopt RPKI and participate in initiatives like Mutually Agreed Norms for Routing Security (MANRS) to strengthen the resilience of global internet infrastructure against BGP-related disruptions. This incident underscores the critical importance of securing BGP to maintain reliable and secure internet connectivity for users worldwide.
