Case Study 2 - BGP Still Carries Routes While Traffic is Black Holed (Bahrain)
As shown in the section on TTM traffic analysis, the TTM box in Manama, Bahrain was not reachable by any other TTM box between 30 January and 2 February because of the outage on the SEA-ME-WE-4 cable. If we look into RIS routing tables there is no indication of an outage, instead route announcements were rather stable for the prefixes originated by AS35313 (2Connect), which hosts the test-box.
Routing States of a Prefix Originated by AS35313 - BGPlay screenshots
AS35313 announces two prefixes (126.96.36.199/20, 188.8.131.52/22), and both of them underwent almost the same routing changes during the fibre outage time period. Therefore, we only show some key routing changes of one prefix (184.108.40.206/20) with following BGPlay screenshots.
00:00 (UTC), 30 January 2008: Before all the fibre outages.
16:15 (UTC), 1 February 2008: More than a day after the last the fibre outage, the paths are almost the same. AS35313 starts losing some paths.
16:17 (UTC), 1 February 2008: In two minutes, AS35313 reaches the most disconnected status during the fibre cut period.
16:53 (UTC), 1 February 2008: About 30 minutes later, practically all of the paths have been recovered. Most likely this short-lived event was caused by operator intervention (a manual router reset or similar event). The results from TTM traceroutes indicate that end-to-end connectivity was restored another 35 minutes later, around 17:29 (UTC).
Path Evolution of All the Prefixes Originated by AS35313 - BGPath screenshots
From the point of view of peers at RRC00 (RIPE NCC) and RRC03 (AMS-IX), AS35313's prefixes were reachable at all times during the cable outage period. The routes were also stable almost all time, except for about five minutes when both prefixes experienced some path changes. The following BGPath screenshots illustrate this:
The TTM data show that test-box 138 in Bahrain had no connectivity to any other TTM test-box for 2.5 days, starting 04:30 (UTC), 30 January. However during this period, hardly any changes were seen in BGP for the prefixes originated by AS35313 (the site which hosts the box). This shows that the presence of a route in BGP is no guarantee of a working Internet connection.
As explained in the section on TTM, we suspect the prefix was (statically) originated by a router located in London, hosted or owned by Teleglobe. Thus the failure of the submarine cable did not trigger a withdrawal of the prefix from BGP routing tables. Later, the Teleglobe-Bahrain traffic usually carried by the SEA-ME-WE4 cable was rerouted via a different submarine cable. Because this had no effect on how the prefix was announced in BGP, the RIS collectors see no changes in ASpath.