How a Single Rogue BGP Announcement Took Telegram Offline Across Three Continents - AOS for Lemmy.World - A generic Lemmy server for everyone to use.

Telegram faced major connectivity disruptions after researchers reported that Reliance Communications’ AS18101 allegedly announced Telegram’s 91.108.56.0/22 IP prefix, a route normally originated by Telegram’s AS62041. The announcement reportedly spread through FLAG Telecom and reached international peers, causing Telegram traffic in India and parts of the UAE, Europe, and Asia to be misrouted or dropped.

The incident came around the same time as India’s temporary Telegram restriction linked to NEET exam security, but the network-layer impact went far beyond a domestic block. Researchers say the route should have been flagged as RPKI-invalid and filtered, raising fresh concerns about weak BGP security enforcement, poor route filtering, and how a single unauthorized routing announcement can disrupt a major platform across borders.

The “misconfigured local block gone global” theory goes like this: Reliance was trying to comply with India’s Section 69A blocking order for Telegram. To implement the block domestically, they configured a null route for Telegram’s IP prefixes – traffic from Indian users heading to 91.108.56.0/22 gets redirected to a dead end. Normal ISP blocking procedure.

But somewhere in that configuration, instead of just inserting a null route in their internal routing tables, they accidentally originated a BGP announcement for the prefix – telling the world, via FLAG, that they were the legitimate destination for Telegram’s traffic. The internal block leaked into the global routing table.

This is technically plausible. BGP misconfigurations do happen. The internet has seen accidental route leaks before. Pakistan Telecom knocked YouTube offline globally in 2008 with exactly this kind of mistake. Human error in complex network configurations is real.

But there are a few things that make pure-accident harder to swallow here.

First, the announcement persisted. Multiple researchers spotted it, documented it, and publicly reported it. Network operators contacted FLAG Telecom. The incident was visible in public routing data. Yet it stayed live for an extended period. Accidents get cleaned up faster when there’s external pressure and the error is obvious.

Second, the timing. The government ban announcement, followed immediately by a technically sophisticated routing manipulation that happened to push users toward a blackhole rather than a redirect, followed by slow remediation – this sequence is either a spectacular coincidence or it isn’t.

Third, the competitive context. Reliance Jio and RCom share common ownership threads with Mukesh Ambani’s broader business empire, which has a strategic partnership with Meta – the company behind WhatsApp, Telegram’s primary competitor in India. Telegram’s growth in India has been directly at WhatsApp’s expense. A platform disruption that makes Telegram unreliable while WhatsApp continues working normally is commercially convenient for a Meta-aligned entity.

None of this proves intent. But “we accidentally configured a global BGP hijack of our primary competitor’s IP space and then didn’t fix it quickly when people noticed” is a story that requires you to accept a lot of charitable coincidences stacking up simultaneously.