On Tuesday, May 20, 2025, a routine Border Gateway Protocol (BGP) message led to unexpected disruptions in internet connectivity, affecting numerous networks worldwide. The incident unfolded around 7AM (UTC) when a corrupted BGP Update, containing an unwelcome BGP Prefix-SID Attribute, caused internet-facing BGP sessions to shut down automatically.
The flawed message, identified through data collected by bgp.tools, surfaced as a standard BGP Update for a /16 prefix. However, the message’s internal data was found to be entirely null (0x00). While some systems, like IOS-XR and Nokia SR-OS, managed to filter out the problematic update without significant issues, a peculiar interaction involving JunOS and Arista EOS led to session resets on Arista devices receiving the corrupt message, disrupting connectivity for a number of networks.
Investigations into the origin of the message revealed multiple Autonomous System (AS) candidates involved in the incident. Notable among them were AS9304 (Hutchison Global Communications Limited) and AS135338 (Starcloud Information Limited), both of which appeared frequently in the offending messages. As the message propagated through internet exchanges, it exacerbated the situation, affecting networks linked to significant transit carriers using Juniper hardware running JunOS.
Approximately 100 networks faced connectivity issues as a result, with high-impact examples including SpaceX Starlink (AS14593) and Zscaler (AS62044). The average message rate during the incident surged to over 150,000 messages per second, highlighting the scale of disruption. Experts are now calling for vendors to enhance their BGP error handling protocols to prevent similar incidents in the future.