In this episode of PING, APNIC’s Chief Scientist, Geoff Huston, explores Border Gateway Protocol (BGP) ‘zombies’. BGP Zombies are routes that should have been removed but are still there. They’re the living dead of routes. How does this happen?
In the early 2000s, Gert Döring, working within the RIPE NCC region, was compiling reports on the state of BGP for IPv6. With only around 300 IPv6 announcements at the time, he was familiar with each one and had a clear understanding of what should be visible in the routing tables and what was missing. During his analysis, he discovered that some routes he knew had been withdrawn from BGP were still present in repositories tracking known routing states. This provided some of the earliest evidence of a BGP failure mode in which route withdrawals fail to propagate properly, causing some BGP routers to retain and continue using routes that should have been removed.
Because BGP operates by only sending updates when there are changes to the current routing state, it typically transmits differences rather than full tables. When a session starts from scratch, a large amount of data is exchanged to establish the initial state. However, after that, updates are only sent when routes are added or withdrawn. If a route remains stable, BGP has nothing new to announce. Similarly, once a route is withdrawn and that withdrawal is propagated, there’s no further mention of it.
This means that if a BGP speaker fails to receive a withdrawal update, it may continue believing the route exists indefinitely. As long as it doesn’t need to announce that route to anyone else, the issue can remain unnoticed — no one will realize that the speaker missed the withdrawal.
More recently, there has been concern that this issue may stem from how BGP operates within TCP messages. This has prompted efforts within the IETF, resulting in an RFC that defines a new method for properly closing BGP sessions to address the problem.
Geoff isn’t convinced that this diagnosis is correct or that the proposed fix is the right solution. In a recent NANOG presentation, he shared his thoughts on the issue and potential ways to address it. He has been considering a simpler approach that might be more effective.
Read more about BGP zombies on the APNIC Blog and the web:
- BGP Zombies at NANOG 93 (Geoff Huston, APNIC Blog February 2025)
- NANOG 93 presentation on BGP Zombies (Iliana Xygkou from Thousand Eyes, NANOG presentation)
- RFC 9687 SendHold Timers (IETF RFC)
Subscribe and share your story
You can stream and subscribe to PING via the following channels:
If you’re interested in sharing your insights or research, please get in touch — we’re always looking for great stories from the community. Please let us know what you think of the podcast and the APNIC Blog so we can keep improving.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.
Geoff — Present with Len Bosack when BGP was first conceived was Kirk Lougheed, and Jakov Rekhter. And me. I could follow the discussion but was too junior and didn’t contribute.