Hyper-Specific Prefixes: Gotta Enjoy the Little Things in Interdomain Routing

TL;DR

This paper investigates hyper-specific prefixes in BGP routing, revealing their prevalence, use cases, and whether they are intentionally or accidentally propagated, with implications for network operators and routing security.

Contribution

It provides a detailed analysis of hyper-specific prefixes in interdomain routing, highlighting their origins, propagation patterns, and the distinction between intentional and accidental leaks.

Findings

Most HSPs are internal routes or related to address relocations.

Some HSPs propagate widely and persist over a year.

Many HSPs are likely accidental leaks rather than intentional.

Abstract

Autonomous Systems (ASes) exchange reachability information between each other using BGP -- the de-facto standard inter-AS routing protocol. While IPv4 (IPv6) routes more specific than /24 (/48) are commonly filtered (and hence not propagated), route collectors still observe many of them. In this work, we take a closer look at those "hyper-specific" prefixes (HSPs). In particular, we analyze their prevalence, use cases, and whether operators use them intentionally or accidentally. While their total number increases over time, most HSPs can only be seen by route collector peers. Nonetheless, some HSPs can be seen constantly throughout an entire year and propagate widely. We find that most HSPs represent (internal) routes to peering infrastructure or are related to address block relocations or blackholing. While hundreds of operators intentionally add HSPs to well-known routing databases, we observe that many HSPs are possibly accidentally leaked routes.