CLOUDFLARE recently disclosed a BGP route leak that persisted for twenty-five minutes and specifically affected IPv6 traffic, causing network congestion, packet loss and an overall throughput deficit of about 12Gbps. The incident stemmed from a policy misconfiguration during a change intended to restrict Bogotá-based IPv6 prefixes in Miami, which led to a hybrid of Type 3 and Type 4 leaks, as defined by RFC 7908.
The deletion of a particular prefix list rendered the export policy overly permissive, allowing internal iBGP IPv6 routes to be advertised to external neighbours and redistributed by Cloudflare’s backbone to every BGP peer in the Miami region. Routing policies are meticulously tuned by major providers, so such a misconfiguration can degrade performance and create opportunities for traffic to be diverted into unauthorized networks.
According to Cloudflare’s post-mortem, detection allowed engineers to intervene manually and suspend automated workflows, neutralising the impact within twenty-five minutes. The company also notes similarities between this event and a disruption in July 2020 and outlines remedial measures including stricter export safeguards, CI/CD validation for policy changes and accelerated adoption of RFC 9234 and RPKI ASPA.