Computer Networks

BGP: The Glue of the Internet

Цели урока

Understand that BGP is not an IGP: it routes between ASes, not inside them
Know the key attributes: AS_PATH, NEXT_HOP, LOCAL_PREF, MED, and the path-selection order
Tell eBGP from iBGP and why iBGP needs full mesh or route reflectors
See how BGP hijacks and route leaks have broken the internet (AS7007 in 1997, Pakistan/YouTube 2008, Rostelecom 2017)
Know RPKI and why it exists to defend against bogus route announcements

October 4, 2021. Facebook disappears from the internet for six hours. Not a hack - engineers accidentally withdrew all BGP announcements for their DNS prefixes. WhatsApp, Instagram, Facebook's internal systems, office badge readers - none of it is reachable from the outside. BGP is not just a routing protocol, it is the glue that keeps 100,000+ autonomous systems on one network.

**Providers:** BGP determines whether to send traffic to Facebook through a paid Tier-1 or a free peering at an IX
**CDN (Cloudflare, Akamai):** Announce the same IPs from different continents - BGP automatically directs users to the nearest PoP
**Anycast DNS:** Root DNS servers (13 addresses) are actually hundreds of servers worldwide, connected via BGP anycast

Предварительные знания

Dynamic Routing

What is BGP

**BGP (Border Gateway Protocol)** - the only protocol that "glues" the internet together. Without it, your ISP wouldn't know how to reach Google, and Google wouldn't know how to reach your ISP.

**BGP scale:** The global routing table contains **over 900,000** prefixes. BGP routers hold all of them in memory!

BGP is a **path-vector** protocol. It doesn't calculate metrics (like OSPF), but remembers the **path** through autonomous systems. This allows complex routing policy to be applied.

Unlike IGP (OSPF, IS-IS), BGP operates **between organizations**. Each participant is an independent company with its own policy. That's why BGP allows fine-grained control: "exchange everything with this neighbor", "only accept their own networks from that one".

Why does BGP use TCP instead of its own protocol?

Autonomous Systems (AS)

**Autonomous System (AS)** - a network or group of networks under a single administrative control with a unified routing policy. Each AS has a unique number - **ASN**.

**Check an ASN:** `whois AS15169` or https://bgp.he.net/ shows all prefixes and neighbors for any AS.

Why do we need AS? The internet is too large for one OSPF-level routing table. AS creates **hierarchy**: IGP runs within an AS, BGP runs between ASes.

To get your own AS, you need to contact a regional internet registry (RIPE NCC for Europe). Requirements usually include: multi-homed connectivity (≥2 providers) and justification.

A company is connected to a single provider. Does it need its own AS?

eBGP and iBGP

BGP operates in two modes: **eBGP** (external) - between different ASes, **iBGP** (internal) - within the same AS. It's one protocol with different behaviors.

**Key iBGP rule:** a route received from an iBGP neighbor **cannot be forwarded** to other iBGP neighbors. This prevents loops, but requires full-mesh or a route reflector.

**Full-mesh problem:** with N routers, N*(N-1)/2 sessions are needed. For 100 routers - 4950 sessions! Solutions: **Route Reflector** (RR) or **Confederation**.

Differences between eBGP and iBGP affect TTL and next-hop:

Why does iBGP require full-mesh or a Route Reflector?

BGP Path Attributes

BGP selects the best route not by a simple metric, but by **path attributes**. This allows complex policy: prefer some neighbors, avoid others.

**Mnemonic:** "We Love Oranges AS Oranges Mean Pure Refreshment" - Weight, Local_pref, Originated, AS_path, Origin, MED, Paths (eBGP>iBGP), Router-id

Let's look at the key attributes:

In practice, providers use **BGP communities** - tags for grouping routes and applying policies. For example: `65000:100` = "do not announce to customers".

A provider wants to prefer traffic through a more expensive but reliable link. Which attribute to use?

BGP Hijacking

**BGP Hijacking** - intercepting traffic by announcing someone else's prefixes. BGP is based on **trust**: if an AS announces a route, everyone believes it has the right to do so.

**Real incident:** In 2018, a BGP hijack redirected Amazon Route 53 traffic through a Russian AS for 2 hours. ~$150K in cryptocurrency was stolen.

Even more dangerous is the **more-specific hijack**: if Google announces 8.8.8.0/24, the attacker announces 8.8.8.0/25 and 8.8.8.128/25. More specific routes **always** win!

Real-time BGP monitoring: **BGPStream** (RIPE RIS), **Cloudflare Radar**, **MANRS Observatory**. Hijack alerts arrive within minutes.

BGP is secure because it's used by major providers

BGP was created without security mechanisms and is based on trust

In 1989, the internet was a network of universities and military - everyone knew each other. Today, any AS can announce any route. RPKI is the first step toward fixing this, but adoption is slow. As of 2024, ~50% of routes have a ROA.

An attacker announces 1.2.3.0/25. The victim announces 1.2.3.0/24. What will happen?

Summary

**BGP is a path-vector protocol** between autonomous systems (AS). Operates over TCP:179, exchanges routes via UPDATE
**eBGP** connects different ASes, **iBGP** - routers within the same AS. iBGP requires full-mesh or a Route Reflector
**Path selection:** LOCAL_PREF → AS_PATH → MED → IGP metric. Policy matters more than metrics
**BGP hijacking** - announcing foreign prefixes. Protection: RPKI/ROA, IRR filtering, monitoring

Вопросы для размышления

Why doesn't the internet use a single IGP protocol instead of BGP between providers?
How would the internet change if RPKI had been mandatory from the start?
What would happen to global connectivity if Tier-1 providers stopped exchanging routes?

Связанные уроки

alg-15-bellman-ford

Computer Networks

BGP: The Glue of the Internet

Цели урока

Understand that BGP is not an IGP: it routes between ASes, not inside them
Know the key attributes: AS_PATH, NEXT_HOP, LOCAL_PREF, MED, and the path-selection order
Tell eBGP from iBGP and why iBGP needs full mesh or route reflectors
See how BGP hijacks and route leaks have broken the internet (AS7007 in 1997, Pakistan/YouTube 2008, Rostelecom 2017)
Know RPKI and why it exists to defend against bogus route announcements

**Providers:** BGP determines whether to send traffic to Facebook through a paid Tier-1 or a free peering at an IX
**CDN (Cloudflare, Akamai):** Announce the same IPs from different continents - BGP automatically directs users to the nearest PoP
**Anycast DNS:** Root DNS servers (13 addresses) are actually hundreds of servers worldwide, connected via BGP anycast

Предварительные знания

Dynamic Routing

What is BGP

**BGP (Border Gateway Protocol)** - the only protocol that "glues" the internet together. Without it, your ISP wouldn't know how to reach Google, and Google wouldn't know how to reach your ISP.

**BGP scale:** The global routing table contains **over 900,000** prefixes. BGP routers hold all of them in memory!

BGP is a **path-vector** protocol. It doesn't calculate metrics (like OSPF), but remembers the **path** through autonomous systems. This allows complex routing policy to be applied.

Why does BGP use TCP instead of its own protocol?

Autonomous Systems (AS)

**Autonomous System (AS)** - a network or group of networks under a single administrative control with a unified routing policy. Each AS has a unique number - **ASN**.

**Check an ASN:** `whois AS15169` or https://bgp.he.net/ shows all prefixes and neighbors for any AS.

Why do we need AS? The internet is too large for one OSPF-level routing table. AS creates **hierarchy**: IGP runs within an AS, BGP runs between ASes.

To get your own AS, you need to contact a regional internet registry (RIPE NCC for Europe). Requirements usually include: multi-homed connectivity (≥2 providers) and justification.

A company is connected to a single provider. Does it need its own AS?

eBGP and iBGP

BGP operates in two modes: **eBGP** (external) - between different ASes, **iBGP** (internal) - within the same AS. It's one protocol with different behaviors.

**Key iBGP rule:** a route received from an iBGP neighbor **cannot be forwarded** to other iBGP neighbors. This prevents loops, but requires full-mesh or a route reflector.

**Full-mesh problem:** with N routers, N*(N-1)/2 sessions are needed. For 100 routers - 4950 sessions! Solutions: **Route Reflector** (RR) or **Confederation**.

Differences between eBGP and iBGP affect TTL and next-hop:

Why does iBGP require full-mesh or a Route Reflector?

BGP Path Attributes

BGP selects the best route not by a simple metric, but by **path attributes**. This allows complex policy: prefer some neighbors, avoid others.

**Mnemonic:** "We Love Oranges AS Oranges Mean Pure Refreshment" - Weight, Local_pref, Originated, AS_path, Origin, MED, Paths (eBGP>iBGP), Router-id

Let's look at the key attributes:

In practice, providers use **BGP communities** - tags for grouping routes and applying policies. For example: `65000:100` = "do not announce to customers".

A provider wants to prefer traffic through a more expensive but reliable link. Which attribute to use?

BGP Hijacking

**BGP Hijacking** - intercepting traffic by announcing someone else's prefixes. BGP is based on **trust**: if an AS announces a route, everyone believes it has the right to do so.

**Real incident:** In 2018, a BGP hijack redirected Amazon Route 53 traffic through a Russian AS for 2 hours. ~$150K in cryptocurrency was stolen.

Even more dangerous is the **more-specific hijack**: if Google announces 8.8.8.0/24, the attacker announces 8.8.8.0/25 and 8.8.8.128/25. More specific routes **always** win!

Real-time BGP monitoring: **BGPStream** (RIPE RIS), **Cloudflare Radar**, **MANRS Observatory**. Hijack alerts arrive within minutes.

BGP is secure because it's used by major providers

BGP was created without security mechanisms and is based on trust

An attacker announces 1.2.3.0/25. The victim announces 1.2.3.0/24. What will happen?

Summary

**BGP is a path-vector protocol** between autonomous systems (AS). Operates over TCP:179, exchanges routes via UPDATE
**eBGP** connects different ASes, **iBGP** - routers within the same AS. iBGP requires full-mesh or a Route Reflector
**Path selection:** LOCAL_PREF → AS_PATH → MED → IGP metric. Policy matters more than metrics
**BGP hijacking** - announcing foreign prefixes. Protection: RPKI/ROA, IRR filtering, monitoring

Вопросы для размышления

Why doesn't the internet use a single IGP protocol instead of BGP between providers?
How would the internet change if RPKI had been mandatory from the start?
What would happen to global connectivity if Tier-1 providers stopped exchanging routes?

Связанные уроки

alg-15-bellman-ford

BGP: The Glue of the Internet

Цели урока

Предварительные знания

What is BGP

Autonomous Systems (AS)

eBGP and iBGP

BGP Path Attributes

BGP Hijacking

Summary

Related Topics

Вопросы для размышления

Связанные уроки

BGP: The Glue of the Internet

Цели урока

Предварительные знания

What is BGP

Autonomous Systems (AS)

eBGP and iBGP

BGP Path Attributes

BGP Hijacking

Summary

Related Topics

Вопросы для размышления

Связанные уроки