Here’s a blog post about Google went offline on Nov. 6th for a short period. Basically what happened was that one AS in the route to Google announced incorrect IP addresses, which caused abnormal routes. As the article says, “the route has ‘leaked’ past normal paths”. What caused that happen? The arthor says that BGP (Border Gateway Protocol, a protocol that is used by different ASes to communicate with each other) is a trust-based system. One AS sent out incorrect information and other ASes trusted it. That was the problem.
Well, how can we solve this? Obviously, different ASes should not trust each other so easily. Maybe when one AS announces which IPs are inside its network to other ASes, other ASes can manually check other those IP are actually inside the source AS. Basically, one AS has the knowledge about its adjacent AS’s network.
To me, this sounds like a very old problem. In the very beginning, people used telnet a lot, but telnet does not do any encryption because the designer originally thought people would not do bad things. The original author trusted each other on the internet. However, it turned out we are using ssh now. I think the same thing will happen to BGP.