The Data Behind 2024's Cyber Threats
+420-602-558-144 I'm under attack Log in Sign Up

What is BGP?

Exploring BGP: What It Is and How It Works

Border Gateway Protocol (BGP) is the routing protocol for the Internet. BGP is used to exchange routing information between the individual networks that make up the Internet. Essentially, BGP is what allows the Internet to function as a vast, interconnected network of networks by establishing the most efficient path from one location to another across multiple networks.

Think of BGP as the Internet’s ZIP-code system, built on top of the IP addressing system. It directs data through the most efficient routes across networks, constantly adjusting to find the best path based on current conditions.

What is an Autonomous System (AS)?

In Internet routing, the individual networks that make up the Internet are known as autonomous systems (AS). Speaking more formally, an autonomous system is a collection of IP networks and routers managed by one or more operators with a unified routing policy.

An example of an autonomous system would be a large Internet service provider (ISP) or a major enterprise network. In many cases, networks operated by universities and government agencies can also function as autonomous systems.

Each AS is assigned a unique autonomous system number (ASN) for use in Border Gateway Protocol (BGP) routing, similar to how ZIP codes are used for geographic areas.

The organization responsible for this process is the Internet Assigned Numbers Authority (IANA). IANA maintains a registry of ASNs reserved for private use and allocates blocks of public ASNs to Regional Internet Registries (RIRs). These RIRs then reassign ASNs to Local Internet Registries (LIRs) and end-user organizations.

The number of autonomous systems has been steadily growing over the years, and as of 2024, there are more than 76,000 ASes in existence.

How Does BGP Work?

As mentioned earlier, the purpose of BGP is to establish the most efficient path for data to travel from one AS to another. With tens of thousands of autonomous systems worldwide, interconnected in a complex, mesh-like structure, finding the optimal route can be quite challenging.

The Network of the Internet Networks

To accomplish this, BGP relies on several key mechanisms:

  • BGP Route Advertisement: Each AS shares information about the IP prefixes it can reach with its neighboring ASes. This information helps build a map of routing paths across the global network.
  • BGP Best Path Selection: When multiple paths to the same destination are available, a BGP router uses a list of criteria to select the best one. Factors such as the number of AS hops, cost of transmission, and path reliability are considered to determine the most efficient route.
  • BGP Routing Tables: BGP routers store the best paths in their routing tables, which are then used to direct data packets through the network. These tables are constantly updated as new routes are advertised or as network conditions change.

The Internet is a dynamic environment, with routes frequently becoming available or unavailable. BGP routers continuously monitor these changes and update their routing tables accordingly, ensuring that data always travels along the most optimal path.

BGP Routs

What is the Difference Between Internal BGP and External BGP?

BGP can be used both for exchanging Internet routes between different autonomous systems and for exchanging them within a single AS. Therefore, BGP comes in two flavors:

  • eBGP (External or Exterior Border Gateway Protocol): Used for communication between routers in different autonomous systems, exchanging information to facilitate data transfer across the internet.
  • iBGP (Internal or Interior Border Gateway Protocol): Used for sharing external routing information between routers within a single autonomous system (AS).

iBGP should not be confused with IGP (Interior Gateway Protocol), a category of routing protocols used for distributing internal routing information within an autonomous system.

Challenges and Vulnerabilities of BGP

Originally devised in 1989 and famously drafted on the back of “three ketchup-stained napkins,” the Border Gateway Protocol (BGP) has become the backbone of the Internet. The problem is, at the time of its creation, security was often not taken into account, and many systems on the Internet were built to automatically trust users. BGP was no exception.

The protocol is designed so that routers running BGP accept advertised routes from other BGP routers by default. On one hand, this enables automatic and decentralized routing of traffic across the Internet. On the other hand, it makes BGP vulnerable to accidental or malicious disruptions, known as BGP route leaks and BGP hijacking.

  • BGP route leaks occur when an autonomous system advertises routes to other ASes that it should not be advertising. This often happens due to a misconfiguration, where routes intended for internal use or specific partners are made public. While typically unintentional, BGP leaks can lead to significant issues such as inefficient routing, increased latency, and, in some cases, traffic being routed through insecure paths.
  • BGP hijacking is an illegitimate prefix announcement by a malicious or misconfigured autonomous system (AS) that results in the redirection of traffic. For example, a malicious actor can use BGP hijacking to force traffic to pass through a network under their control. Whether intentional or not, BGP hijacking can cause serious issues, such as traffic interception, data loss, and service disruption.

BGP Hijacking

These incidents occur frequently, with the root cause being that BGP is built on trust: ASes trust the route information they receive from their peers. As a result, when a peer announces incorrect route information, whether intentionally or accidentally, traffic can be misdirected to unintended destinations, sometimes with dangerous consequences.

Securing Border Gateway Protocol

Over the decades, various BGP security measures have been introduced to enhance protocol’s reliability, including BGP route filtering, BGP neighbor authentication, and more. Among these, the most significant advancements are RPKI and ROA, which have already had a substantial positive impact on BGP security.

  • RPKI (Resource Public Key Infrastructure) is a cryptographic framework designed to secure the BGP routing infrastructure by allowing network owners to validate route updates and ensure that routing announcements are legitimate. This framework helps prevent BGP hijacking and BGP route leaks.
  • ROA (Route Origin Authorization) is a key component of RPKI — a digitally signed object that specifies which AS is authorized to originate a specific IP prefix. When a BGP route announcement is made, other ASes can check the ROA to verify that the announcement is legitimate. If the route does not match a valid ROA, it can be flagged as potentially fraudulent, helping to prevent BGP hijacking.

However, while RPKI and ROA have proven effective in enhancing BGP security and their adoption is steadily increasing, they have not yet been implemented across the entire internet. As a result, BGP vulnerabilities still exist, and global Internet traffic remains at risk. Therefore, it is crucial for network engineers to continuously monitor for BGP incidents to promptly address any arising issues.

The right tool for this task is Qrator.Radar, one of the world’s largest real-time routing data collectors and network behavior anomaly detectors. With its comprehensive insights and alerts on BGP-related issues, Qrator.Radar helps maintain a secure, reliable, and resilient network infrastructure, protecting against BGP hijacking and other routing-related threats.

Qrator Labs uses cookies to improve your experience, deliver personalized content and analyze our traffic. By clicking “Accept All” you agree to the storing of cookies on your device to enhance website navigation and analyze usage, assisting in our marketing efforts and improving user experience. You may modify your cookies settings at any time, as explained in our Cookie notice.
Cookies Preference Center
Strictly Necessary Cookies

Always Active

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Detailed information about this category of cookies can be found in the Cookie Policy.
Performance/Analytics Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance. Detailed information about this category of cookies can be found in the Cookie Policy.
Targeting/Marketing Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. You may opt out of Targeting/Marketing cookies through the "Cookie settings" button. Detailed information about this category of cookies can be found in the Cookie Policy.
Functionality Cookies
These cookies enable the Website to provide enhanced functionality and personalization. Company sets some functionality cookies, while third party providers whose services Qrator Labs added to the website set the rest of these cookies. If you do not allow functionality cookies, then services relying on functionality cookies may not function properly.