The Self Inflicted DDoS Wound

Established CDNs and Telcos are always busy fighting the endless streams of DDoS attacks. The DDoS attacks come in different flavors, at different layers, from different players, from different parts of the world, and created for different reasons. But once in a while, we’ll come across an interesting story that’s beyond the norm. In this story, Indosat, one of Indonesia’s largest telecommunications companies, created what amounted to a DDoS attack against itself. I didn’t even know this was possible until now.

Border Gateway Protocol (BGP) is the routing protocol of the Internet that enables the exchange of routing info between all of the world’s Autonomous Systems (AS). That means BGP enables the large number of disparate networks around the world to communication with each other in an efficient manner. It has tremendous built-in redundancy so that if a network segment fails, the system finds an alternative path. According to Cidr-Report, as of March 30, 2014, there were 493k prefixes, or almost 500,000 routes on the internet.

However, the BGP process and the way it works within the Internet has an inherent flaw. The Internet is “designed to work, namely, on the honor system”, without any sort of “authentication or validation” in place. That means that sometimes an honest mistake can cause havoc. According to Renesys, Indosat accidently “leaked portion of their global routing table multiple times over a two hour period”, claiming it owned 320,000 routes out of the 493,000 available routes, which equates to about 64.9% of the Internet. Fortunately, only 354 prefix leaks were accepted, so there was no impact outside of Indonesia.

The Self Inflicted DDoS Wound

But the impact on Indosat was devastating, and took them offline for a few hours. On the contrary to what Renesys published in their blog, the incident didn’t have any major impact on Akamai, even though Akamai owned some of the leaked prefixes. In the worse case scenario, there would have been local impact for Akami, where users on the networks that accepted those routes, would have been sent through Indosat.

Akamai is Immune to Route Leaks

But in the grand scheme of things, the Indonesia content delivery market for Akamai is most likely very tiny. Plus, Akamai peers with hundreds of carriers, and is connected to thousands of networks, which means they deal with an incredible amount of prefixes.  Akamai has been around a long time, and is too smart to let an oops-the-daisy route leak have an impact on their operations. Akamai, and most CDNs have routing policies in place that discern bogus routes, and mitigate the issues associated with route leaks.