Google's G Suite, Search, and Analytics services were down for more than one hours on November 12, following a denial of service incident caused by an accidental Border Gateway Protocol (BGP) hijack caused by the MainOne Nigerian ISP.
BGP is an internet routing protocol developed in the 1980s to manage the way network packets are routed around the Internet via exchanges of server reachability and routing information between autonomous systems (AS).
After discovering the BGP leak problem, Google said on its Google Cloud Status Dashboard that "We have reports of Google Cloud IP addresses being erroneously advertised by internet service providers other than Google."
After the issue was fixed by the Nigerian ISP, Google stated that "The issue with Google Cloud IP addresses being erroneously advertised by internet service providers other than Google has been resolved for all affected users as of 14:35 US/Pacific."
Although at first the Google traffic rerouting event was considered to be malicious, MainOne eventually issued a statement saying that "This was an error during a planned network upgrade due to a misconfiguration on our BGP filters. The error was corrected within 74mins & processes put in place to avoid reoccurrence."
MainOne unwittingly rerouted Google's traffic through Chinese and Russian ISPs
The Nigerian ISP has direct routes to Google which it inadvertently leaked to China Telecom which advertised the misconfigured routing settings to the Russian AS20485 TRANSTELECOM, eventually getting picked up by multiple other ISPs.
ThousandEyes' experts were the ones who analyzed the issue in deep, discovering a suspect announcement for 126.96.36.199/19 which changed the best path to Google via Russia, China, and Nigeria, through TransTelecom (AS 20485), China Telecom (AS 4809), and MainOne (AS 37282).
"This incident at a minimum caused a massive denial of service to G Suite and Google Search," ThousandEyes stated. "However, this also put valuable Google traffic in the hands of ISPs in countries with a long history of Internet surveillance."
Beside affecting Google's services, MainOne's poorly configured BGP filters also affected parts of Cloudflare's Internet traffic by mistakenly rerouting it through a different route according to BGPmon, a service which monitors Internet traffic routes.
We have investigated the advertisement of @Google prefixes through one of our upstream partners. This was an error during a planned network upgrade due to a misconfiguration on our BGP filters. The error was corrected within 74mins & processes put in place to avoid reoccurrence — MainOne (@Mainoneservice) November 13, 2018