Skip to content Skip to footer
0 items - $0.00 0
Menu

North Korea Downed by Faulty ROA by oavioklein

0CommentsShare Post
North Korea Downed by Faulty ROA by oavioklein
News

North Korea Downed by Faulty ROA by oavioklein

6 hours ago
0Comments
Share This Article
Share Post
Newsletter

Sed ut perspiciatis unde.

Subscribe

Send to HN

On March 18, 2025, North Korea’s BGP routes became RPKI-invalid due to the publication of a faulty ROA. In this post, we’ll visualize the impact on the propagation of affected routes and what North Korea (and you too!) can do to avoid problems with the optional maxLength attribute.

At 09:30:15 UTC on Monday, March 18, APNIC signed a new Route Origin Authorization (ROA) for a country that had never had one before: North Korea. However, as was first reported by the North Korean Internet blog, there was a problem.

The new ROA specified a maximum prefix length of 22, shorter than the four /24 routes originated by North Korea’s only ISP, Star JV (AS131279), rendering the routes RPKI-invalid. As such, minutes after the publication of this problematic ROA, many international carriers began rejecting routes from the modern-day hermit kingdom, dramatically reducing their propagation and the country’s reachability from the internet.

Let’s take a look at what the introduction of the faulty ROA did to the reachability of two of the four North Korean routes.

175.45.176.0/24 is originated by AS131279, passed exclusively to AS134544 (Cenbong Holdings), China Unicom (AS4837), and on to a slew of international carriers and peers of China Unicom. The graphic below shows how many Routeviews BGP sources had this route in their tables over time. There is a clear dropoff beginning at 09:36 UTC, accelerating downwards until it stabilizes at around 100 sources (aka vantage points).

North Korea Routeviews BGP sources

If we expand the view to break down how the internet (we’ll use Routeviews BGP sources as a stand-in) reached AS4837 to get to 175.45.176.0/24 over time, we arrive at the visualization below. The colors reveal how different carriers drop the route (or not!) over time and how that contributes to the overall decline in propagation.

Breakdown showing how different carriers drop the BGP route

Specifically, Arelion (AS1299) in pink is the first to go, taking with it almost a hundred sources. GTT (AS3257, yellow) and Verizon (AS701, cyan) go soon after. Cogent (AS174, orange) briefly emerges as a popular path until its systems catch up and blot the RPKI-invalid routes out of its tables. Conversely, AS6762, AS6939, and AS5511 never stop carrying the route.

For another view, let’s take a look at the propagation of 175.45.177.0/24. Like the previous example, things start coming undone around 09:36 UTC when the propagation declines more severely and in

Read More

Tags:
0Likes
Leave a comment

Leave a comment

In the Shadows of Innovation”

© 2025 HackTech.info. All Rights Reserved.

Sign Up to Our Newsletter

Be the first to know the latest updates

Whoops, you're not connected to Mailchimp. You need to enter a valid Mailchimp API key.