Routing on Wirez

BGP data: Filtering the 50% of routing noise

Thu, 16 Apr 2026 00:00:00 +0000

A single peer, AS140627, generated 2.93 billion updates in one day, exposing the sheer scale of pathological BGP noise.

While the global enterprise networking market expands, the fundamental data powering these networks is increasingly corrupted by peers that flood collectors with repeated announcements reflecting no actual topological change. Ebrima Jaw and collaborators at RIPE NCC and the University of Oregon demonstrate that this concentration of noise inflates storage costs and obscures genuine routing intelligence within MRT archives. Ripe 200

Gateway API for EKS: Unify Your Network Logic

Tue, 31 Mar 2026 00:00:00 +0000

With the Ingress-NGINX Controller retirement imminent in March 2026, Gateway API becomes the mandatory standard for Amazon EKS networking. This shift eliminates the operational chaos of fragmented configuration APIs by unifying ingress and service-to-service communication under a single, role-oriented specification. Teams can no longer afford to manage distinct annotation sets when the industry demands consistency across L4 and L7 routing layers.

Cloud WAN vs Transit VPC: Why LexisNexis Switched

Mon, 30 Mar 2026 00:00:00 +0000

LexisNexis Risk Solutions replaced fragile virtual router instances with a resilient global backbone to eliminate single points of failure. This migration proves that legacy Transit VPC architectures can no longer sustain the dynamic routing demands of modern, regulated data analytics. The article demonstrates how shifting to AWS Cloud WAN streamlines management while introducing critical traffic inspection capabilities previously impossible with static VPN tunnels.

IPv6 loops explained: Stop packet amplification now

Thu, 26 Mar 2026 00:00:00 +0000

Routing loops can exponentially amplify traffic when routers duplicate packets, a flaw prevalent in 34% of assigned IPv6 blocks.

The core thesis is clear: the sparse population of IPv6 address space combined with misconfigured provider-aggregatable assignments creates a fertile ground for packet amplification that network operators are lazily ignoring. While cloud-native workloads drive adoption, the underlying routing hygiene has not kept pace, leaving infrastructure vulnerable to self-inflicted DDoS attacks. Research indicates that despite the simplicity of the fix, the community fails to prioritize these dangerous misconfigurations, allowing unnecessary load to congest links and destabilize the global internet.

CIDR report data shows why 461k routes matter

Tue, 24 Mar 2026 00:00:00 +0000

With 461,596 routes currently tracked, the CIDR Report remains the definitive audit of global routing table scalability. Geoff Huston's analysis asserts that classless inter-domain routing is not merely a legacy fix but the critical mechanism preventing total BGP collapse in an era of autonomous network expansion.

RPKI validation stops 820k daily IoT attacks by 2026

Mon, 23 Mar 2026 00:00:00 +0000

With over 820,000 daily IoT attacks projected for early 2026, RPKI deployment is the only viable defense against mass routing hijacks. The central thesis is clear: manual configuration is obsolete, and cryptographic validation via Route Origin Authorizations is now the baseline for operational survival.

BGP visibility jumps with 300 vantage points

Thu, 19 Mar 2026 00:00:00 +0000

Collecting data from over 300 vantage points, bgproutes. Io shatters the 2% visibility ceiling of legacy BGP monitoring systems. This platform represents a fundamental shift from passive archiving to active, discrete state processing via the BGP Monitoring Protocol. By using BMP architecture, the system extracts granular transaction logs from individual speakers rather than relying on aggregated route dumps.

Cloud WAN fixes hybrid routing across regions

Tue, 17 Mar 2026 00:00:00 +0000

Betsson migrated from complex mesh topologies to eliminate rising costs driven by excessive Direct Connect links. This case study argues that segment-based routing offers a superior, cost-effective alternative to traditional Transit Gateway deployments for global operators.

SCION routing fixes BGP's 40-year security gap

Tue, 17 Mar 2026 00:00:00 +0000

Over 7,000 route entries remained invalid in March 2020 despite decades of patch attempts. The Border Gateway Protocol fundamentally lacks native mechanisms to verify address ownership, rendering current fixes like RPKI insufficient against sophisticated route hijacks. While extensions such as BGPsec attempt to secure the AS_PATH attribute, they impose heavy computational overhead and fail to address the core architectural rot of a forty-year-old system.

BGP visibility gaps: Why legacy tools miss leaks

Fri, 13 Mar 2026 00:00:00 +0000

Covering less than 2% of Autonomous Systems, legacy collectors like RIPE RIS and RouteViews leave the internet blind to most routing anomalies. RIPE's routing information service ris The bgproutes. Io platform argues that maximizing vantage point diversity through BMP aggregation is the only viable path to true routing security. As global traffic surges toward 602.1 exabytes monthly in 2026, the traditional trade-off between data retention and coverage creates dangerous visibility gaps that attackers exploit.

Routing control stays yours during DDoS outages

Tue, 10 Mar 2026 00:00:00 +0000

When cloud DDoS platforms suffer multi-hour outages, organizations lose independent rerouting capabilities if they cede BGP routing control.

The central thesis is clear: resilient architectures must strictly separate attack mitigation from traffic authority. While the cybersecurity market explodes toward USD 591.84 billion by 2032 per Research and Markets, spending alone cannot buy immunity when a provider's orchestration layer collapses. As Ofir Shaham notes, reality has proven wrong the assumption that providers never fail; when they do, customers relying on static paths face recovery dependent on the very vendor causing the blackout. True durability demands that while a provider absorbs the flood, the customer retains the keys to the gate.

APNIC data shows routing silos collapsing fast

Fri, 06 Mar 2026 00:00:00 +0000

With TWNIC reporting 98% IPv6 RPKI validity, National Internet Registry coordination has become the definitive mechanism for securing Asia Pacific's routing infrastructure. APNIC's ip addresses through 2025 The strategic alignment of seven regional NIRs under APNIC governance is no longer administrative overhead but a critical defense against escalating route hijacking and resource exhaustion.

Routing fixes for duplicate private IP chaos now

Thu, 05 Mar 2026 00:00:00 +0000

With 20% of global Internet traffic now handled by Cloudflare, duplicate private IPs create immediate routing failures that break return paths. Cloudflare's automatic return routing ip overlap Automatic Return Routing eliminates the need for complex NAT or VRF configurations by using stateful flow tracking to correctly route traffic in overlapping networks.

ASSET filtering beats linear scans for BGP

Sun, 01 Mar 2026 00:00:00 +0000

Matching a single ASN via tree lookup is exponentially faster than the legacy linear scanning found in older as-path-set implementations.

Classless routing fixes: Stop BGP table bloat now

Sun, 01 Mar 2026 00:00:00 +0000

The CIDR Report exists because the Internet's routing table grew from a manageable list into a chaotic 461,596-entry beast that demands constant scrutiny. Geoff Huston's March 2026 analysis in "The ISP Column" argues that without rigorous monitoring of BGP architecture, the global network remains vulnerable to the very fragmentation risks Classless Inter-Domain Routing was designed to solve decades.

ASPA records prove your upstream provider ties

Fri, 27 Feb 2026 00:00:00 +0000

Cloudflare handles over 20% of global Internet traffic, yet standard BGP routing remains vulnerable to undetected path manipulation. Cloudflare's bgp hijack detection The deployment of ASPA records under RFC 9582 represents the critical shift from verifying only traffic origins to validating the entire transmission path against configuration errors and malicious leaks. While ROA systems successfully mitigate origin hijacks, they fail to detect when traffic traverses unauthorized intermediate networks, a gap this new cryptographic standard explicitly closes.

Routing security gaps threaten your 2026 supply chain

Thu, 26 Feb 2026 00:00:00 +0000

With global cybercrime costs hitting $10.8 trillion in 2026, ignoring Internet routing security is financial suicide. Dan Fidler's February 2026 MANRS paper argues that enterprises must treat the global routing system as a critical, under-managed supply chain dependency rather than a background utility. The thesis is clear: voluntary operator goodwill has failed, and only aggressive demand-side pressure via enterprise procurement can force the adoption of necessary safeguards.

Network Portability: Build a Personal AS Now

Sun, 08 Feb 2026 00:00:00 +0000

Running an Autonomous System with 80,000 peers globally is no longer exclusive to Tier 1 ISPs. This guide argues that individuals can now bypass traditional provider lock-in by deploying provider-independent addressing on commodity hardware. You will learn how to secure IPv6 prefixes through sponsoring LIRs, architect a dual-tier network using FreeBSD and FRR, and deploy personal routing infrastructure that survives provider migrations.

Routing communities: Spot real handoff sites

Mon, 02 Feb 2026 00:00:00 +0000

Only 4% of routes are tagged near their origin, breaking direct geolocation assumptions according to Thomas Krenc et al. With manual tracking impossible, operators must shift from opaque speculation to data-driven inference using passive observation.

IPv6mostly Rollouts: Google's Data on 2027 Automation

Thu, 29 Jan 2026 00:00:00 +0000

APNIC data shows 30% of enterprises will automate over half their network activities by 2027, making APRICOT 2026 in Jakarta the critical pivot point for operators. APNIC's how much does it cost This summit is no longer just a gathering for peer networking; it is the operational ground zero where the industry transitions from manual execution to governing Agentic AI systems.

Route leak lessons: What the 25-minute Cloudflare outage...

Fri, 23 Jan 2026 00:00:00 +0000

A single automation error triggered a 25-minute BGP route leak that disrupted IPv6 traffic across Cloudflare's Miami infrastructure on January 22, 2026. Cloudflare's route leak incident january 22 2026 This incident highlights that despite industry progress, manual configuration errors remain a critical vulnerability in global routing stability. Readers will learn the precise mechanics of RFC 7908 violations, analyze the specific AS path anomalies involving AS13335, and explore how RFC 9234 adoption offers a viable path toward automated prevention.