Route leak sends Google Cloud traffic to Russia

By on
Route leak sends Google Cloud traffic to Russia
Source: ThousandEyes

"Hijack" caused by Nigerian ISP.

Google has acknowledged a connectivity issue earlier today that saw traffic destined for its Cloud platform end up at a Russian internet provider for over an hour, following an erroneous border gateway protocol routing advertisement.

Network monitoring company ThousandEyes spotted traffic going to Google Cloud was taking the wrong route, and called the incident a "potential hijack".

A /19 prefix contains 8,192 internet protocol addresses and traffic to these was redirected to a China Telecom router at Russian internet provider TransTeleCom in the Komi Republic, well-known for its gulag penal camps during the Soviet era.

Andrée Toonk of OpenDNS-owned internet route monitoring service BGPMon confirmed the traffic redirection, and provided further detail:

Since Google is blocked in China, the redirected traffic was blackholed and dropped.

Toonk said that the route leak affected 212 unique Google prefixes.

Google said the problem has now been sorted out, and that it is looking into measures to prevent it from happening again.

"The issue with Google Cloud IP addresses being erroneously advertised by internet service providers other than Google has been resolved for all affected users as of 14:35 US/Pacific.

"Throughout the duration of this issue Google services were operating as expected and we believe the root cause of the issue was external to Google.

"We will conduct an internal investigation of this issue and make appropriate improvements to our systems to help prevent or minimise future recurrence," Google said.

China Telecom was accused of hijacking internet traffic by researchers last month, as part of a large espionage and intellectual property theft effort spanning several years.

It is unclear if today's incident was an accident, or intentional.

“Could be both. It was very visible, with many reports on it, so if done to steal data i'd say it's too visible,” Toonk told iTnews.

“My guess is that's a leak since it wasn't just Google, but also included the [Nigerian ISP] MainOne’s networks and it's downstream customers,” he added.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?