Widespread Internet Instability Caused by BGP Bug
On May 20th, 2025, a malformed BGP message containing a corrupt BGP Prefix-SID attribute triggered routing instability and brief outages across the internet. Juniper's JunOS, failing to filter the erroneous message, propagated it to peers, while Arista's EOS reset sessions upon receiving it. The incident impacted numerous networks, including major internet exchanges, as the Bird routing software lacks BGP SID support, resulting in widespread dissemination of the faulty message. Investigation points to AS9304, AS135338, AS151326, and AS138077 as potential sources, with Starcloud (AS135338) or Hutchison (AS9304) considered more likely culprits. This highlights severe flaws in BGP error handling and the need for improved error tolerance in network devices.