BGP Vortex: Update Message Floods Can Create Internet Instabilities

The Border Gateway Protocol (BGP), while essential for Internet connectivity, faces many stability and convergence challenges in today's evolving routing ecosystem.

In this paper, we present the discovery of the BGP Vortex, a configuration where just three legitimate BGP UPDATE messages can trigger persistent instability. We demonstrate that this vulnerability can be weaponized as an attack vector, potentially causing widespread Internet connectivity issues through router overload and forwarding loops. Crucially, a BGP Vortex cannot be prevented by existing security mechanisms such as BGPSEC or RPKI, because the protocol messages involved are legitimate. All major router implementations we could experiment with are susceptible to this threat.

At its root, the BGP Vortex is caused by standards-compliant BGP extensions—BGP Communities in this case—that allow the modification of route preferences for traffic engineering purposes. Therefore, to aid the mitigation of this attack as well as its potential future variations, we propose a framework to determine which BGP extensions are problematic, and which are safe to deploy. Our findings highlight the need to carefully balance network operators' traffic engineering capabilities with routing stability requirements.