Yesterday we discussed BGP as the duct tape holding the Internet together.

Today we discuss what happens when somebody picks at the tape.

A route leak is not magic. It is not a mysterious act of digital sabotage. It is usually a network taking routes learned from one relationship and exporting them into another relationship that was never supposed to see them.

This sounds minor. It is not minor.

When policy is wrong in inter-domain routing, the rest of the Internet can believe the wrong thing very quickly.

The Supreme Leader calls this a customs failure at the border. One clerk stamps one document incorrectly and half a continent starts driving freight through a goat path.

I. What a Route Leak Actually Is

The IETF did the sensible thing and defined the term formally. RFC 7908 classifies BGP route leaks as policy violations in how routes are propagated between ASes.

The practical version is simpler:

• customer routes should not be exported as if they were provider routes
• peer-learned routes should not be sprayed toward other peers or providers
• internal preference logic should not escape into external chaos

If you do this badly enough, traffic detours through networks that never intended to carry it.

II. Why the Problem Exists

BGP has no universal truth oracle. It has:

• topology information
• local policy
• business relationships
• neighbor trust

That means a router can make a perfectly valid BGP announcement from a syntax perspective while being catastrophically wrong from a policy perspective.

This is the heart of the problem.

Situation	Technically parseable	Operationally correct
Customer announces its own prefix	Yes	Usually yes
Customer exports peer/provider-learned routes uphill	Yes	No
Provider accepts everything without filters	Yes	No
More-specific route escapes local containment	Yes	Very no

The Supreme Leader respects protocols that distinguish legality from wisdom. BGP is one of them.

III. Leak Types the Industry Had to Name

RFC 7908 is useful because it stops people from saying “BGP weirdness” and pretending that is analysis.

It classifies multiple leak patterns, including:

• hairpin turn with full prefix re-announcement
• lateral ISP-ISP leakage
• provider prefixes sent to providers or peers
• peer prefixes sent to peers
• re-origination patterns that alter propagation expectations

You do not need to memorize the numbering to understand the doctrine.

You need to remember one invariant:

routes should propagate according to relationship, not convenience.

IV. A Small Configuration Error With Large Consequences

This is the kind of thing that ruins afternoons:

router bgp 64512
 neighbor 203.0.113.10 remote-as 64496
 neighbor 198.51.100.20 remote-as 64497
 !
 address-family ipv4 unicast
  neighbor 203.0.113.10 route-map CUSTOMER-IN in
  neighbor 198.51.100.20 route-map UPSTREAM-OUT out
 exit-address-family

This looks harmless until UPSTREAM-OUT is too permissive or absent, and customer-learned routes start walking uphill into an upstream transit provider.

Then the Internet receives a new and exciting fiction.

The fix is not mystical:

• prefix filters
• AS-path filters
• relationship-aware policy
• maximum-prefix limits
• leak prevention mechanisms such as BGP Roles / OTC signaling from RFC 9234 where supported

This is boring work. Boring work is what prevents international routing incidents.

V. Famous Leaks Because Reality Needed Examples

There are many, but a few became canonical:

Date	Incident	What happened	Why it mattered
2008-02-24	Pakistan Telecom / YouTube	A more-specific route intended for censorship escaped and spread	Demonstrated how a local policy act can become global unreachability
2018-11-12	MainOne / Google	Misadvertised Google-related routes propagated via upstreams	Showed that route leaks still break major platforms in modern networks
2019-06-24	Allegheny Technologies / Verizon	A small network’s route leak spread into a major transit path	Proved once again that scale does not immunize against upstream trust mistakes

The lesson is repetitive because the industry keeps requiring repetition.

The leak is often small. The blast radius is not.

VI. Detection and Prevention

This is where operators separate from spectators.

You prevent route leaks with policy discipline:

• accept only what your neighbor is authorized to send
• export only what the relationship allows
• use IRR / RPKI-origin-aware filtering where appropriate
• deploy role-aware signaling when both ends support it

You detect route leaks with:

• route monitoring
• looking glass checks
• alerting on unexpected AS paths
• prefix-origin validation and anomaly detection

What you do not do is trust memory and good intentions.

VII. The Real Story (Suppressed)

Officially, a route leak is a policy violation.

Unofficially, it is a trade treaty signed by the wrong clerk at the wrong checkpoint while everyone else is on lunch break.

One AS says, “these caravans may pass.” Another AS replies, “excellent, I will reroute the empire.”

No packets were consulted.

The Supreme Leader has reviewed similar administrative failures in terrestrial logistics. The packet version is faster and somehow less embarrassing only because routers do not hold press conferences.

VIII. Why Product Teams Should Care

If you run global services, route leaks surface as:

• regional latency spikes
• intermittent reachability failures
• timeouts that look like app regressions
• CDN and DNS symptoms that are not actually DNS bugs

This is why software teams keep mislabeling network incidents as “partial platform instability.”

The platform is unstable because the path is lying.

The Decree

BGP route leaks are one of the clearest examples of the Internet’s real governance model: local incentives, partial trust, and global consequences.

The engineering doctrine is straightforward:

• relationship-aware export policy
• aggressive filtering
• explicit monitoring
• no optimism toward external announcements

The political doctrine is even simpler:

never assume your neighbor understands your borders just because the paperwork looks valid.

Small ASes can melt large networks because BGP believes policy until policy is disproven by pain.

That is not a flaw in civilization. That is civilization.

— Kim Jong Rails, Supreme Leader of the Republic of Derails