What is BGP?

Last updated:

What is BGP?

What is BGP?

The Border Gateway Protocol (BGP) functions as the Internet’s postal service, ensuring the smooth transmission of data. Just as the Postal Service processes and determines the most optimal route for a letter to reach its destination after it is dropped into a mailbox, BGP performs a similar task for data sent over the Internet. It carefully analyzes the various available paths and selects the most efficient route, often involving the traversal of multiple autonomous systems.

BGP serves as the underlying protocol that enables the Internet to operate effectively by facilitating data routing. For instance, when a user in Singapore accesses a website hosted on servers located in Argentina, BGP plays a crucial role in establishing and maintaining the communication between them, ensuring that it occurs swiftly and with minimal delays.

What is an autonomous system?

The Internet functions as an intricate web of interconnected networks. It comprises numerous smaller networks called autonomous systems (ASes) that number in the hundreds of thousands. These ASes are essentially collections of routers operated by individual organizations, forming a vast network infrastructure.

Imagine BGP as the Internet’s equivalent of the Postal Service, where ASes (Autonomous Systems) play the role of individual post office branches. In a town, you can find numerous mailboxes, but all the mail stored in those boxes needs to pass through the local post office branch before it can be routed to its intended destination. Similarly, the internal routers within an AS function as mailboxes. They send their outbound transmissions to the AS, which utilizes BGP routing to ensure that these transmissions reach their respective destinations.

The presented diagram provides a simplified representation of BGP (Border Gateway Protocol). It showcases six ASes (Autonomous Systems) within the Internet. When AS1 needs to direct a packet to AS3, it has two possible options:

Route through AS2 and then to AS3: AS2 → AS3

Route through AS6, then AS5, AS4, and finally AS3: AS6 → AS5 → AS4 → AS3

In this simplified scenario, the decision appears straightforward. The AS2 route requires fewer hops compared to the AS6 route, making it the quickest and most efficient choice. However, in reality, BGP routing on the Internet involves complex route selection algorithms, where hop count is just one factor among many. This complexity intensifies when there are hundreds of thousands of ASes.

The structure of the Internet is dynamic, constantly evolving with the emergence of new systems and the unavailability of existing ones. Consequently, every AS must stay updated with information on new and obsolete routes. This is accomplished through peering sessions, where ASes establish TCP/IP connections with neighboring ASes to exchange routing information. By leveraging this shared knowledge, each AS becomes capable of appropriately routing outbound data transmissions originating within its network.

Here is where our analogy begins to diverge. Unlike branches of a post office, autonomous systems are not all part of the same organization. In reality, they often belong to competing businesses. Therefore, BGP routes can sometimes incorporate business considerations. ASes frequently charge each other for carrying traffic across their networks, and the cost of access can influence the selection of the final route.

Who operates BGP autonomous systems?

Autonomous System Numbers (ASNs) are commonly associated with Internet service providers (ISPs) and prominent organizations such as technology companies, universities, government agencies, and scientific institutions. To facilitate the exchange of routing information, each AS needs to possess a registered ASN. The Internet Assigned Numbers Authority (IANA) oversees the allocation of ASNs to Regional Internet Registries (RIRs), which then distribute them to ISPs and networks. ASNs can be either 16-bit numbers ranging from one to 65534 or 32-bit numbers between 131072 and 4294967294. As of 2018, there were approximately 64,000 ASNs actively used worldwide. It is important to note that ASNs are primarily necessary for external BGP connections.

What is the difference between external BGP and internal BGP?

Routes are shared and traffic is transmitted across the Internet using external Border Gateway Protocol (eBGP). Autonomous systems can also employ an internal variant of BGP to direct traffic within their internal networks, which is referred to as internal Border Gateway Protocol (iBGP). It’s important to note that the utilization of internal BGP is not obligatory for the use of external BGP. Autonomous systems have the flexibility to select from various internal protocols to establish connections between routers in their internal network.

External BGP can be likened to international shipping. Just as there are specific standards and guidelines to be followed when shipping mail internationally, a piece of mail must go through the local mail service of the destination country to reach its final destination. Each country has its own internal mail service, which may not adhere to the same guidelines as those of other countries. Similarly, each autonomous system can employ its own internal routing protocol to efficiently route data within its own network.

What are BGP attributes?

In general, BGP aims to discover the most efficient route for network traffic. However, it takes into consideration various factors beyond hop count when determining these routes. BGP routers assign attributes to each route, which assist in selecting the appropriate path when multiple options are available. Network administrators can often customize these attributes to exert more precise control over traffic flow within their networks. Here are a few examples of BGP attributes:

  • Weight: This attribute, specific to Cisco routers, informs a router about the preferred local paths.
  • Local preference: It guides a router in selecting the outbound path to follow. Originate: This attribute instructs a router to prioritize routes that it added to BGP itself.
  • AS path length: Similar to the illustrated diagram above, this attribute favors shorter paths. Numerous other BGP attributes exist, each with its own significance. BGP routers consider these attributes in a predetermined order of priority. For instance, a BGP router first evaluates the route with the highest weight, then considers local preference, followed by checking if the router originated the route, and so forth. In the scenario where all received routes have equal weight, the router chooses a path based on local preference instead.

BGP flaws and how to address them

In 2004, TTNet, a Turkish ISP, mistakenly advertised incorrect BGP routes to its neighboring networks. These routes falsely declared TTNet as the optimal destination for all Internet traffic. As these routes propagated to more autonomous systems, a widespread disruption occurred. This one-day crisis resulted in the inability of numerous people worldwide to access certain parts or the entirety of the Internet.

Likewise, in 2008, a Pakistani ISP aimed to block Pakistani users from accessing YouTube using a BGP route. However, the ISP unintentionally advertised these routes to its neighboring autonomous systems, causing the route to quickly spread across the Internet’s BGP network. Consequently, users attempting to visit YouTube were led to a dead end, rendering the platform inaccessible for several hours.

Another incident of a similar nature transpired in June 2019. In this case, a small company in Pennsylvania inadvertently became the preferred path for routing through Verizon’s network. As a result, a substantial portion of the Internet became unavailable to users for several hours.

These incidents exemplify the practice known as BGP hijacking, which can occur both accidentally and deliberately. In April 2018, attackers intentionally generated malicious BGP routes to divert traffic intended for Amazon’s DNS service. By redirecting the traffic to themselves, these attackers successfully stole over $100,000 worth of cryptocurrency.

BGP hijacking can be exploited for various types of attacks, including:

  • Phishing and social engineering by redirecting users to fraudulent websites.
  • Denial-of-service (DoS) attacks through traffic blackholing or redirection.
  • On-path attacks aimed at modifying exchanged data and undermining reputation-based filtering systems.
  • Impersonation attacks for eavesdropping on communications.

These incidents occur due to the inherent trust in the route-sharing mechanism of BGP, where autonomous systems implicitly rely on the accuracy of shared routes. When peers announce incorrect route information, whether intentionally or unintentionally, traffic is redirected to unintended destinations, potentially leading to malicious outcomes.

How to secure BGP

Fortunately, there has been significant progress in enhancing the security of BGP (Border Gateway Protocol). One noteworthy development is the introduction of Resource Public Key Infrastructure (RPKI), a security framework for routing in 2008. RPKI employs cryptographically signed records known as Route Origin Authorization (ROAs) to verify the legitimacy of network operators who are permitted to announce an organization’s IP addresses via BGP. This ensures that only authorized parties have the ability to announce an organization’s prefixes.

However, the mere existence of RPKI is insufficient. If major networks fail to adhere to BGP security best practices, it can lead to the propagation of large-scale hijacking attacks. Presently, slightly more than 50% of the leading Internet providers offer some level of support for RPKI, but a larger majority is necessary to fully safeguard BGP. Network operators can protect their networks by implementing RPKI and employing network alerting technology such as Toffs Route Leak Detection. This feature effectively prevents BGP hijacking attacks by promptly notifying customers when unauthorized parties attempt to advertise their prefixes.