A closer look at a BGP anomaly in Venezuela

The newsletter explores a series of BGP route leaks in Venezuela linked to the state-run ISP, CANTV (AS8048), which appear to be due to inadequate routing export and import policies rather than malicious intent. These leaks, characterized by the misrouting of traffic and the redistribution of routes beyond their intended scope, were noted on Cloudflare Radar and involved the transfer of routes from CANTV's provider, Sparkle (AS6762), to another provider, V.tal GlobeNet (AS52320). The analysis suggests that these incidents are common and often result from technical oversights, such as mismatched export policies, rather than deliberate actions. The post emphasizes the importance of implementing path-based validations, like Autonomous System Provider Authorization (ASPA), alongside existing Resource Public Key Infrastructure (RPKI) measures to prevent such anomalies. Additionally, it highlights the need for collaborative efforts to enhance BGP security, including the adoption of RFC9234, which introduces BGP roles and attributes to mitigate route leaks, illustrating the broader context of how routing frameworks can be fortified through collective industry action.