Breaking the Internet in one easy step

A critical piece of the Internet, known as the border gateway protocol, demonstrated its weakness once again in an outage last week

For about an hour on Friday, about 1 to 2 percent of the Internet went higgly-piggly.

The confusion was caused when a major Internet registry -- known as Réseaux IP Européens Network Coordination Centre (RIPE NCC) -- inserted additional information into the database entries used by routers to direct data packets to the correct destinations. The addition, which was part of its research into Internet infrastructure, complied with standards, but many routers -- including those made by Cisco -- could not handle the change, said a representative for the registry in a statement published Friday.

[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide. ]

"We discovered that the experiment had caused an unexpected and unintended negative impact on Internet operations," RIPE said.

While the major actors among Internet operators have embarked on a path toward tackling flaws in the domain name system (DNS), another fundamental Internet technology, known as the border gateway protocol or BGP, remains fragile. BGP is used by routers to figure out efficient and effective paths to send Internet requests onto their destinations. About 40,000 key routers use the system and are identified by their autonomous system numbers, but a bad update to any one of them can have regional and global impact.

A year and a half ago, for example, a Czech Internet service provider, SuproNet, inadvertently issued a massive update to its path information that choked routers manufactured by a number of vendors.

Fast-forward to last week's incident. A very large packet -- which for BGP means about 3KB -- was issued by researchers at Duke University in conjunction with the RIPE NCC. The result was predictable, says Earl Zmijewski, vice president and general manager of Renesys, a network monitoring and intelligence service.

"You don't send something that was 100 times larger than what is expected, and not expect to have problems," he says. "Either you are completely ignorant of the history of the Internet and haven't been awake of the last 30 years, or you just don't care."

Because the community of Internet operators was not notified by the researchers, they had to scramble Friday morning to figure out what was going on, Zmijewski says. Cisco confirmed that a vulnerability in its routing hardware caused some backbone routers to react badly to the BGP update.

"The Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices," said Cisco in its advisory. "Neighboring devices that receive this corrupted update may reset the BGP peering session."

It's likely that these sorts of incidents will continue. While the issues with BGP have been studied and a variety of technical improvements proposed, there is little incentive for an update that will require years of work to deploy. The current updates to DNS required a massive vulnerability to spur the various constituents to act. It's likely that a major change to BGP will require a similar dire situation.

This article, "Breaking the Internet in one easy step," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

Copyright © 2010 IDG Communications, Inc.