Routes leaked through the exchange point

Failure when setting up equipment on the MTS network (MOEX: MTSS) led to an incident that, according to Qrator Labs, could affect the work of Asian telecom operators and Internet companies. We are talking about the leak of Internet routes received through the largest traffic exchange point in Hong Kong. Russian, local and regional operators are connected to it, as well as international companies like Google and Amazon. At the time of the incident, the region saw a surge in user complaints about X/Twitter.

On March 11, the MTS operator erroneously announced BGP Internet routing prefixes from the largest Hong Kong traffic exchange point HKIX to the American first-tier operator Level3, according to a message in the account of the monitoring service Qrator.Radar (specializing in ensuring the availability of Internet resources) on the social network X (formerly Twitter ). According to him, the incident occurred around 11:00 Moscow time and affected 329 autonomous systems (part of the Internet under unified control) in 28 countries.

As Qrator Labs clarified to Kommersant, “potentially such routing leaks could lead to traffic interception or loss of availability,” but the consequences for users cannot be determined from the available data. According to the company, the incident affected routes of networks belonging to Asian autonomous networks present on HKIX.

MTS told Kommersant that the incident was related to “configuring a router during a planned equipment replacement.” The operator assures that its impact on global Internet connectivity and resource availability “was virtually negligible: the volume of traffic with suboptimal routing was less than 1% of the total traffic of MTS users.”

HKIX has 349 directly connected participants, including Google, Amazon, Bytedance, Zoom, local and regional telecom operators, as well as the Russian DDoS-Guard service and operators Rostelecom, MTS and VimpelCom. According to Hong Kong’s DownDetector, the region was experiencing a surge in user complaints about X/Twitter at the time of the incident. Rostelecom and DDoS-Guard said that they had not recorded any problems; VimpelCom declined to comment to Kommersant.

The last routing error publicly flagged by Qrator.Radar dates back to January 2024. Then the Kazakh operator TNS-Plus mistakenly redirected routes between two Russian autonomous systems. Incidents with erroneous routing of BGP traffic occur in global networks from time to time, “they can be caused by both human factors and technical problems,” says CorpSoft24 lead engineer Mikhail Sergeev. The risk of route leakage, according to a Kommersant source in the telecom industry, arises with almost any change in the network or its updating: “Such incidents occur due to configuration errors, often due to the human factor. This can happen, for example, when setting up new equipment or adding new channels.”

Speaking about traffic exchange points, Piter-IX CEO Nikolai Metlyuk noted that the consequences of such incidents depend on whether the point and its clients use appropriate monitoring and protection tools: “If such systems are used correctly, incorrect routing, in principle, will not lead to damage. But not all operators are connected to such services.”

Kommersant’s second source in the telecom industry believes that in the case of MTS, it could also be an attempt to intercept routing from one of the networks connected to it “for the purpose of phishing.” Qrator Labs, however, noted that they recorded the incident as a leak of routes, and not as their interception. MTS assured that “this did not affect user traffic and the safety of their data.” Roskomnadzor, whose structure (TsMU SSOP GRChTs) has the right to send instructions to operators in the event of interception of traffic routes, did not respond to the request.

Yuri Litvinenko