The ongoing problem is causing issues for Google Cloud customers, according to British security researcher Kevin Beaumont.
This is a good visual replay of the incident, in this case for the prefix 104.196.64.0/19. Clearly visiable is the leak via AS 4809 and 37282 https://t.co/qkoEf80jMV pic.twitter.com/nr5o6EbTQA
— BGPmon.net (@bgpmon) November 12, 2018
Beaumont said the problem appeared to have been caused by a small African ISP that announced itself as a few hundred Google networks.
tl;dr of this one appears to be a tiny African ISP announced itself as a few hundred Google networks and somehow NTT accepted it, woops.
— Kevin Beaumont ? (@GossiTheDog) November 12, 2018
About 9.30am AEDT (2.26pm Pacific time), Google said on its cloud status page, "Connectivity issues connecting to Google services including Google APIs, Load balancers, instances and other external IP addresses.
BREAKING: Potential hijack underway. ThousandEyes detected intermittent availability issues to Google services from some locations. Traffic to certain Google destinations appears to be routed through an ISP in Russia & black-holed at a China Telecom gateway router. pic.twitter.com/Tz7shf7cOy
— ThousandEyes (@thousandeyes) November 12, 2018
|
This is what we know: Starting at 2018-11-12 21:12 UTC Nigerian ISP AS37282 'MainOne Cable Company' leaked 212 @google prefixes to China telecom. Causing traffic to be redirected and dropped.
— BGPmon.net (@bgpmon) November 12, 2018
Leaked BGP Paths via Tier1 ISP NTT disappeared at 22:32 UTC.
"Traffic to certain Google destinations appears to be routed through an ISP in Russia & black-holed at a China Telecom gateway router."
Here’s the track for Google outage, they have a big ongoing problem caused by BGP hijacking, impacts Google Cloud customers too https://t.co/rLBzBkC6M5 pic.twitter.com/bocLfGFlLa
— Kevin Beaumont ? (@GossiTheDog) November 12, 2018
BGP hijacking occurs when groups of IP addresses are taken over by entities that corrupt Internet routing tables maintained using the BGP.
Customer behind Cogent and NTT experienced the @google outages likely in 5 waves between these times (UTC) 74 minutes total:
— BGPmon.net (@bgpmon) November 12, 2018
21:13 - 21:17 4min
21:18 - 21:21 3min
21:22 - 21:28 6min
21:30 - 21:50 20min
21:51 - 22:32 41min
example ASpath: 174 2914 20485 4809 37282 15169
A week ago, Oracle's Internet Intelligence division issued a research paper that accused China Telecom, one of the country's bigger state-owned ISPs, of hijacking and re-routing Internet traffic.
We have investigated the advertisement of @Google prefixes through one of our upstream partners. This was an error during a planned network upgrade due to a misconfiguration on our BGP filters. The error was corrected within 74mins & processes put in place to avoid reoccurrence
— MainOne (@Mainoneservice) November 13, 2018