A realistic global network failure scenario was presented at the USENIX Security conference.
A vulnerability in internet architecture, dubbed BGP Vortex , attracted the attention of security experts after a presentation at the USENIX Security 2025 conference. It stems from instability in the BGP routing protocol , which underpins the interconnection of networks worldwide.
Although the protocol was developed over three decades ago and remains a key mechanism for exchanging routable IP addresses between autonomous systems, its design lacks modern resilience guarantees. This opens the door to unpredictable internet outages.
The study demonstrated the possibility of artificially triggering so-called vortex routing. This leads to endless route switching between major internet networks, causing an avalanche of BGP messages and, consequently, large-scale routing disruptions . Such fluctuations can disrupt the stability of connections between networks and create equipment overload, which can lead to partial or complete internet access disruptions.
The key element enabling this scenario was the combination of two fairly common routing strategies: reducing local route priority and selectively blocking route propagation to specific autonomous systems. While each of these practices is considered acceptable on its own, their combination violates stable routing rules and triggers a chain reaction of instability.
To demonstrate the impact of BGP Vortex, the team conducted a series of experiments involving real autonomous systems. It was found that 21 of the 30 largest networks on the internet implement policies that make them vulnerable. This means that a coordinated attack could impact up to 96% of all networks connected to the internet.
Laboratory measurements have shown that even a single vortex activation can increase the system load to tens of thousands of routed announcements per second, compared to a typical rate of just a few. This leads to significant delays in route updates—up to 40 seconds—and connection disruptions lasting nearly 40 seconds, which is critical for latency-sensitive services.
The authors proposed several ways to mitigate the risks. One is to use existing mechanisms for controlling route oscillation, such as route retry intervals and a route hopping suppression system. However, these methods limit the consequences rather than address the root cause.
A more robust solution is considered to be eliminating insecure routing policies and checking for compliance with established stable routing rules. Alternative architectures, such as SCION, which were developed from the ground up with robustness and security in mind, are also suggested.
A vulnerability in internet architecture, dubbed BGP Vortex , attracted the attention of security experts after a presentation at the USENIX Security 2025 conference. It stems from instability in the BGP routing protocol , which underpins the interconnection of networks worldwide.
Although the protocol was developed over three decades ago and remains a key mechanism for exchanging routable IP addresses between autonomous systems, its design lacks modern resilience guarantees. This opens the door to unpredictable internet outages.
The study demonstrated the possibility of artificially triggering so-called vortex routing. This leads to endless route switching between major internet networks, causing an avalanche of BGP messages and, consequently, large-scale routing disruptions . Such fluctuations can disrupt the stability of connections between networks and create equipment overload, which can lead to partial or complete internet access disruptions.
The key element enabling this scenario was the combination of two fairly common routing strategies: reducing local route priority and selectively blocking route propagation to specific autonomous systems. While each of these practices is considered acceptable on its own, their combination violates stable routing rules and triggers a chain reaction of instability.
To demonstrate the impact of BGP Vortex, the team conducted a series of experiments involving real autonomous systems. It was found that 21 of the 30 largest networks on the internet implement policies that make them vulnerable. This means that a coordinated attack could impact up to 96% of all networks connected to the internet.
Laboratory measurements have shown that even a single vortex activation can increase the system load to tens of thousands of routed announcements per second, compared to a typical rate of just a few. This leads to significant delays in route updates—up to 40 seconds—and connection disruptions lasting nearly 40 seconds, which is critical for latency-sensitive services.
The authors proposed several ways to mitigate the risks. One is to use existing mechanisms for controlling route oscillation, such as route retry intervals and a route hopping suppression system. However, these methods limit the consequences rather than address the root cause.
A more robust solution is considered to be eliminating insecure routing policies and checking for compliance with established stable routing rules. Alternative architectures, such as SCION, which were developed from the ground up with robustness and security in mind, are also suggested.
