Border Gateway Protocol (BGP) is the routing protocol for the Internet. BGP is used to exchange routing information between the individual networks that make up the Internet. Essentially, BGP is what allows the Internet to function as a vast, interconnected network of networks by establishing the most efficient path from one location to another across multiple networks.
Think of BGP as the Internet’s ZIP-code system, built on top of the IP addressing system. It directs data through the most efficient routes across networks, constantly adjusting to find the best path based on current conditions.
In Internet routing, the individual networks that make up the Internet are known as autonomous systems (AS). Speaking more formally, an autonomous system is a collection of IP networks and routers managed by one or more operators with a unified routing policy.
An example of an autonomous system would be a large Internet service provider (ISP) or a major enterprise network. In many cases, networks operated by universities and government agencies can also function as autonomous systems.
Each AS is assigned a unique autonomous system number (ASN) for use in Border Gateway Protocol (BGP) routing, similar to how ZIP codes are used for geographic areas.
The organization responsible for this process is the Internet Assigned Numbers Authority (IANA). IANA maintains a registry of ASNs reserved for private use and allocates blocks of public ASNs to Regional Internet Registries (RIRs). These RIRs then reassign ASNs to Local Internet Registries (LIRs) and end-user organizations.
The number of autonomous systems has been steadily growing over the years, and as of 2024, there are more than 76,000 ASes in existence.
As mentioned earlier, the purpose of BGP is to establish the most efficient path for data to travel from one AS to another. With tens of thousands of autonomous systems worldwide, interconnected in a complex, mesh-like structure, finding the optimal route can be quite challenging.
To accomplish this, BGP relies on several key mechanisms:
The Internet is a dynamic environment, with routes frequently becoming available or unavailable. BGP routers continuously monitor these changes and update their routing tables accordingly, ensuring that data always travels along the most optimal path.
BGP can be used both for exchanging Internet routes between different autonomous systems and for exchanging them within a single AS. Therefore, BGP comes in two flavors:
iBGP should not be confused with IGP (Interior Gateway Protocol), a category of routing protocols used for distributing internal routing information within an autonomous system.
Originally devised in 1989 and famously drafted on the back of “three ketchup-stained napkins,” the Border Gateway Protocol (BGP) has become the backbone of the Internet. The problem is, at the time of its creation, security was often not taken into account, and many systems on the Internet were built to automatically trust users. BGP was no exception.
The protocol is designed so that routers running BGP accept advertised routes from other BGP routers by default. On one hand, this enables automatic and decentralized routing of traffic across the Internet. On the other hand, it makes BGP vulnerable to accidental or malicious disruptions, known as BGP route leaks and BGP hijacking.
These incidents occur frequently, with the root cause being that BGP is built on trust: ASes trust the route information they receive from their peers. As a result, when a peer announces incorrect route information, whether intentionally or accidentally, traffic can be misdirected to unintended destinations, sometimes with dangerous consequences.
Over the decades, various BGP security measures have been introduced to enhance protocol’s reliability, including BGP route filtering, BGP neighbor authentication, and more. Among these, the most significant advancements are RPKI and ROA, which have already had a substantial positive impact on BGP security.
However, while RPKI and ROA have proven effective in enhancing BGP security and their adoption is steadily increasing, they have not yet been implemented across the entire internet. As a result, BGP vulnerabilities still exist, and global Internet traffic remains at risk. Therefore, it is crucial for network engineers to continuously monitor for BGP incidents to promptly address any arising issues.
The right tool for this task is Qrator.Radar, one of the world’s largest real-time routing data collectors and network behavior anomaly detectors. With its comprehensive insights and alerts on BGP-related issues, Qrator.Radar helps maintain a secure, reliable, and resilient network infrastructure, protecting against BGP hijacking and other routing-related threats.