An accidental Border Gateway Protocol (BGP) route leak on the network of a major undersea cable company connecting South Africa to the rest of the world caused a recent local Internet outage.
Outage tracking website Downdetector reported a spike in connection issues across various Internet service providers (ISPs) and fibre networks just after 21:00 on Friday, 26 December 2025.
Affected service providers included Afrihost, Atomic Access, Cool Ideas, Vox, Vodacom, Vumatel, Openserve, and Frogfoot.
MyBroadband forum members initially noted high packet loss, indicating that data packets were failing to reach their destinations, before their connections went down completely.
Major ISPs and telecom sources informed MyBroadband that the outage resulted from a BGP route leak on the West Indian Ocean Cable Company (WIOCC). WIOCC is an important investor and operator of several undersea cables connected to South Africa, such as 2Africa, EASSy, Equiano, and WACS.
A source explained that around 21:20, WIOCC’s Autonomous System (AS) 37662 started leaking prefixes and using other networks’ IP spaces incorrectly. For example, they adopted the IP ranges of Cool Ideas and Afrihost and announced them in locations like the London Internet Exchange and NAPAfrica.
This issue also impacted Google, as WIOCC leaked their Domain Name System (DNS) IP range. The source added that this caused a shift in traffic from direct network peering to all traffic passing through WIOCC’s network, leading to congestion and significant packet loss.
The main impact lasted about 10 minutes as affected Internet exchanges shut down WIOCC ports due to the prefix limits being reached, a protective measure against route leaks.
There were several minutes of reconvergence when the leaked routes were withdrawn, and the correct routes were reinstated. WIOCC confirmed to MyBroadband that a brief routing incident occurred due to a configuration error involving a client prefix list.
WIOCC indicated that they have routing rules, filtering policies, and monitoring controls in place, which allowed for quick identification and resolution of the issue. They attributed the incident to a manual human error during implementation.
BGP route leaks can disrupt Internet traffic when routes are incorrectly advertised, leading to congestion or untrustworthy paths. Both accidental and malicious misconfigurations can result in significant disruptions, underscoring the importance of implementing filtering for incorrect routes.
In 2017, traffic intended for major companies was hijacked by a state-owned Russian operator. A local incident in 2013 involved a cyberattack that disrupted connectivity for Internet Solutions’ network.
While BGP can be secured through legitimate route announcements and filtering, criticism has been directed at major IP transit networks for not implementing sufficient safeguards during the WIOCC issue.
—
