April 1, 2026

Packets, panic, and popcorn

Article URL →HN comments →

Is BGP Safe Yet? No. Test Your ISP

Internet’s traffic cops still snoozing? Crowd says “mostly safe,” skeptics yell “new internet now”

TLDR: A major backbone (Sparkle) just started blocking bad internet routes, adding to big names already using RPKI, the ID check for traffic. Commenters are split: some say coverage looks solid, others point to Google’s “unsafe” label and test mismatches, while a loud minority wants to replace BGP entirely.

The internet’s “postal service,” BGP, is still messy, but a fresh win has the crowd buzzing: Sparkle, a global backbone, now rejects bad routes, joining Verizon, Comcast, Bell, and more. The fix everyone’s cheering (and arguing about) is RPKI—think an ID badge that keeps fake routes from hijacking your traffic. Simple, right? Not to this comment section.

One camp is feeling chill. As nemomarx puts it, coverage looks pretty good—big American and European providers are filtering, mobile networks too. The counter‑camp arrives with sirens blaring. RRRA flags that Google shows up as “unsafe” on the list, speculating they might filter internally anyway. Others pile on with receipts: bilekas and olivier5199 both say the table says “unsafe,” but the live test says their ISP is safe. Cue the popcorn: is the scoreboard out of date, or are policies only partial?

Then there’s the nuclear take from commandersaki: forget patching BGP—ditch it for SCION, a proposed “new internet” with built‑in safety. Memes fly: “RPKI = the internet’s vaccine,” “It’s 2026 and the web’s held together by duct tape,” and “ISPs doing vibe-based routing.”

Translation: progress is real and growing (Sparkle’s policy), but the community’s split between “we’re finally fine,” “the scoreboard’s wrong,” and “burn it all down and rebuild.”

Key Points

  • BGP is not secure by default and has caused significant Internet disruptions.
  • RPKI is presented as the practical solution to secure BGP by validating route origins.
  • The article urges ISPs and major networks to implement RPKI Origin Validation and drop invalid prefixes.
  • Recent adoption includes Sparkle (AS6762) rejecting RPKI-invalid prefixes as of Feb 3, 2026.
  • Major operators across regions (e.g., Verizon, Deutsche Telekom, Bell Canada) have deployed RPKI OV, indicating growing coverage.

Hottest takes

“This actually shows pretty good coverage … the big American ISPs do it” — nemomarx
“Google being shown as unsafe makes me think they have some internal methods for filtering” — RRRA
“BGP is safe when we stop using it and instead use SCION” — commandersaki

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.