Speaker
Description
In June 2019, a Swiss data center accidentally leaked over 70,000 routes to China Telecom in Frankfurt. Within minutes, China Telecom announced those routes globally, and for over two hours, massive volumes of European mobile traffic — destined for networks in the Netherlands, Switzerland, and France — were silently rerouted through Chinese state-controlled infrastructure. In the summer of 2025, a BGP hijack disrupted DNS root server infrastructure, shaking the foundation of global name resolution. And in between, researchers documented a new class of "stealthy" BGP hijacks where a network's RPKI checks all pass and the BGP table looks perfectly clean, yet traffic is being diverted through non-validating neighbors without the victim ever knowing.
These are not abstract, far-away problems. The United Kingdom sits at the heart of global Internet interconnection. LINX is one of the largest Internet Exchange Points in the world. Traffic traversing UK peering fabrics touches networks across Europe, the Middle East, Africa, and beyond. When a route leak or hijack occurs anywhere on the planet, UK operators and their peers are in the blast radius — and when it happens to a European neighbor, the impact is immediate.
The good news: the UK peering community has made real progress. LINX and LONAP both enforce RPKI validation on their route servers, filtering invalid routes before they reach members. But route server filtering is only the first line of defense. Members peering bilaterally — without the route server as an intermediary — remain exposed unless they deploy validation themselves. And even networks with full ROV enabled face blind spots: route leaks that ROV cannot detect, path manipulation attacks that require ASPA to prevent, and stealthy hijacks that demand observability tools like BMP to even notice.
This presentation provides a practical, UK-focused roadmap for closing these gaps. We examine what LINX and LONAP route server filtering already protects against and where the remaining exposure lies for bilateral peers. We introduce ASPA — the emerging RPKI-based path validation standard that all five Regional Internet Registries have committed to supporting by the end of 2026 — and explain what it means for UK operators signing their first ASPA objects. And we make the case for BMP as the missing security observability layer: the tool that turns filtered invalid routes from silent discards into active threat intelligence, enabling operators to detect anomalies that neither ROV nor ASPA can surface on their own. Attendees will leave with a clear, prioritized action plan — from quick wins they can implement this quarter to strategic investments that will keep UK peering infrastructure resilient against the next generation of routing attacks.
Summary
In June 2019, a Swiss data center accidentally leaked over 70,000 routes to China Telecom in Frankfurt. Within minutes, China Telecom announced those routes globally, and for over two hours, massive volumes of European mobile traffic — destined for networks in the Netherlands, Switzerland, and France — were silently rerouted through Chinese state-controlled infrastructure. In the summer of 2025, a BGP hijack disrupted DNS root server infrastructure, shaking the foundation of global name resolution. And in between, researchers documented a new class of "stealthy" BGP hijacks where a network's RPKI checks all pass and the BGP table looks perfectly clean, yet traffic is being diverted through non-validating neighbors without the victim ever knowing.
These are not abstract, far-away problems. The United Kingdom sits at the heart of global Internet interconnection. LINX is one of the largest Internet Exchange Points in the world. Traffic traversing UK peering fabrics touches networks across Europe, the Middle East, Africa, and beyond. When a route leak or hijack occurs anywhere on the planet, UK operators and their peers are in the blast radius — and when it happens to a European neighbor, the impact is immediate.
The good news: the UK peering community has made real progress. LINX and LONAP both enforce RPKI validation on their route servers, filtering invalid routes before they reach members. But route server filtering is only the first line of defense. Members peering bilaterally — without the route server as an intermediary — remain exposed unless they deploy validation themselves. And even networks with full ROV enabled face blind spots: route leaks that ROV cannot detect, path manipulation attacks that require ASPA to prevent, and stealthy hijacks that demand observability tools like BMP to even notice.
This presentation provides a practical, UK-focused roadmap for closing these gaps. We examine what LINX and LONAP route server filtering already protects against and where the remaining exposure lies for bilateral peers. We introduce ASPA — the emerging RPKI-based path validation standard that all five Regional Internet Registries have committed to supporting by the end of 2026 — and explain what it means for UK operators signing their first ASPA objects. And we make the case for BMP as the missing security observability layer: the tool that turns filtered invalid routes from silent discards into active threat intelligence, enabling operators to detect anomalies that neither ROV nor ASPA can surface on their own. Attendees will leave with a clear, prioritized action plan — from quick wins they can implement this quarter to strategic investments that will keep UK peering infrastructure resilient against the next generation of routing attacks.
| Talk Duration | 25 Minutes Presentation (+5 Minutes Q&A) |
|---|---|
| Can your presentation be broadcast live on our webcast, which will be accessible via Youtube? | Yes |
| Can your presentation slides be published publicly on our Indico instance and the NetUK website? | Yes |
| Can a recording of your presentation be published publicly on our website? | Yes |
| Can a recording of your presentation be uploaded to our public YouTube channel? | Yes |
| Do you consent for us to publish your name and affiliation as a Speaker on the NetUK website and Social Media? | Yes |