In theDesigning and Implementing Enterprise Network Assurance (300-445 ENNA)curriculum, identifying routing anomalies such as BGP Hijacking is a critical aspect of external network assurance. A BGP Hijack occurs when an Autonomous System (AS) illegitimately announces a prefix it does not own, causing traffic intended for the rightful owner to be misdirected.

By contrastingExhibit 3.4-1(Before the Outage) andExhibit 3.4-2(During the Outage), a definitive change in the routing path is observed. In the baseline view (Exhibit 3.4-1), traffic from the Los Angeles agent reaches the destination network 54.239.104.0/23, which is correctly associated withAmazon.com, Inc. (AS 16509). However, during the outage (Exhibit 3.4-2), the path visualization shows the traffic being redirected into a different network:eNET Inc. (AS 10297). At this new location, the traffic encounters100% Forwarding Lossat the node ten7-8.core-2.xlhost.com.

Thechange in the Autonomous System (AS) numberfrom 16509 to 10297 (Option B) is the most concrete indicator of a BGP Hijack. While symptoms such asAvailability Drop(Option A),Response Delay(Option C), andPacket Loss(Option D) are clearly visible in the ThousandEyes telemetry, these symptoms are generic and could be caused by various other issues like physical link failures or congestion. The shift in the AS path—specifically to an AS that does not legitimately host the target's IP prefix—provides the forensic evidence needed to identify the root cause as a routing takeover. This visualization allows network administrators to bypass internal troubleshooting and immediately focus on external remediation with upstream providers.