BGP misconfigurations frequently trigger large-scale outages and security incidents (e.g., the 2021 Facebook outage), yet existing verification approaches rely on manually crafted rules or synthetic scenarios, failing to account for vendor-specific implementations and BGP’s intricate stateful behavior. This paper introduces the first structure-aware, state-preserving BGP configuration fuzzing framework. It performs mutation-based fuzzing in a virtualized network environment, integrating session-state tracking and end-to-end traffic path monitoring. Crucially, it requires no predefined rules and employs runtime oracles to automatically detect anomalies—including session resets and traffic blackholes. Our approach innovatively unifies protocol syntax modeling with dynamic state constraints. It successfully reproduces and detects canonical BGP failures, such as maximum-prefix violations and sub-prefix hijacking. Experimental evaluation demonstrates high reliability and practical effectiveness across diverse vendor implementations and topology configurations.

Telecommunications networks rely on configurations to define routing behavior, especially in the Border Gateway Protocol (BGP), where misconfigurations can lead to severe outages and security breaches, as demonstrated by the 2021 Facebook outage. Unlike existing approaches that rely on synthesis or verification, our work offers a cost-effective method for identifying misconfigurations resulting from BGP's inherent complexity or vendor-specific implementations. We present BGPFuzz, a structure-aware and stateful fuzzing framework that systematically mutates BGP configurations and evaluates their effects in virtualized network. Without requiring predefined correctness properties as in static analysis, BGPFuzz detects anomalies through runtime oracles that capture practical symptoms such as session resets, blackholing, and traffic redirection. Our experiments show that BGPFuzz can reliably reproduce and detect known failures, including max-prefix violations and sub-prefix hijacks.