BGP - The Cloudflare Blog

Helping build a safer Internet by measuring BGP RPKI Route Origin Validation

December 16, 2022 2:00PM

Is BGP safe yet? If the question needs asking, then it isn't. But how far the Internet is from this goal is what we set out to answer....

Why BGP communities are better than AS-path prepends

November 24, 2022 5:31PM

Routing BGP Network

Routing on the Internet follows a few basic principles. Unfortunately not everything on the Internet is created equal, and prepending can do more harm than good. In this blog post we’ll talk about the problems that prepending aims to solve, and some alternative solutions...

Tom Strickx

How we detect route leaks and our new Cloudflare Radar route leak service

November 23, 2022 4:00PM

Cloudflare Radar BGP Routing Security

In this blog post, we will introduce our new system designed to detect route leaks and its integration on Cloudflare Radar and its public API....

BGP security and confirmation biases

February 23, 2022 1:59PM

BGP RPKI Security Internet Traffic Better Internet

On February 1, 2022, a configuration error on one of our routers caused a route leak of up to 2,000 Internet prefixes to one of our Internet transit providers. This leak lasted for 32 seconds and at a later time 7 seconds...

Maximilian Wilhelm

What happened on the Internet during the Facebook outage

October 08, 2021 4:16PM

Outage Facebook BGP DNS Trends

Today, we're going to show you how the Facebook and affiliate sites downtime affected us, and what we can see in our data....

October 04, 2021 10:08PM

Understanding how Facebook disappeared from the Internet

Today at 1651 UTC, we opened an internal incident entitled "Facebook DNS lookup returning SERVFAIL" because we were worried that something was wrong with our DNS resolver 1.1.1.1. But as we were about to post on our public status page we realized something else more serious was going on....

By

Celso Martinho
, Tom Strickx

Trends , Outage , BGP , DNS , Facebook

March 25, 2021 1:00PM

Protecting Cloudflare Customers from BGP Insecurity with Route Leak Detection

Today, we're excited to announce Route Leak Detection, a new network alerting feature that tells customers when a prefix they own that is onboarded to Cloudflare is being leaked....

By

David Tuber

Security Week , BGP , Security , RPKI

November 06, 2020 12:36PM

The Internet is Getting Safer: Fall 2020 RPKI Update

The cap of two hundred thousand routing cryptographic records was recently passed. We thought it was time for an update on a major year for RPKI....

By

Louis Poinsignon

BGP , RPKI , Security , Crypto

June 26, 2020 12:00PM

Introducing Regional Services

Cloudflare launches Regional Services, giving customers control over where their data is processed....

By

Achiel van der Mandele

Localized Processing , Data Center , Europe , Region , Product News

April 17, 2020 4:00PM

Is BGP Safe Yet? No. But we are tracking it carefully

BGP leaks and leaks and hijacks have been accepted as an unavoidable part of the Internet for far too long. Today, we are releasing isBGPSafeYet.com, a website to track deployments and filtering of invalid routes by the major networks....

By

Louis Poinsignon

BGP , Security , RPKI , DNSSEC

March 03, 2020 2:00PM

RPKI and the RTR protocol

Today’s Internet requires stronger protection within its core routing system and as we have already said: it's high time to stop BGP route leaks and hijacks by deploying operationally-excellent RPKI!...

By

Martin J Levy

BGP , RPKI

June 26, 2019 11:22PM

The deep-dive into how Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Monday

On Monday we wrote about a painful Internet wide route leak. We wrote that this should never have happened because Verizon should never have forwarded those routes to the rest of the Internet. Today we will dive into the archived routing data and analyze it....

By

Martin J Levy

RPKI , BGP , Deep Dive , Post Mortem

June 24, 2019 8:58PM

How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today

Today at 10:30UTC, the Internet had a small heart attack. A small company in Northern Pennsylvania became a preferred path of many Internet routes through Verizon (AS701), a major Internet transit provider....

By

Tom Strickx

BGP

June 18, 2019 2:00PM

Securing Certificate Issuance using Multipath Domain Control Validation

Trust on the Internet is underpinned by the Public Key Infrastructure (PKI). PKI grants servers the ability to securely serve websites by issuing digital certificates, providing the foundation for encrypted and authentic communication....

By

Dina Kozlov
, Gabbi Fisher

Crypto Week , Crypto , Cryptography , DNS , BGP