BGP Explained

How the Global Internet Stays Connected

The Border Gateway Protocol (BGP) is the postal service of the Internet. When someone drops a letter into a mailbox, the Postal Service looks at the address and chooses a fast, efficient route to deliver that letter. BGP does the same for the Internet.

The Internet is a network of networks. It’s made up of hundreds of thousands of individual networks known as Autonomous Systems (AS). BGP is the protocol that allows these ASes to communicate with each other, sharing information about which IP addresses they "own" and which other networks they are connected to.

How BGP Works

BGP doesn't just look at the shortest physical distance. It considers a variety of factors, including:

• Path Attributes: The number of networks (AS hops) the data must pass through.
• Policy-based Routing: Organizations can set rules based on cost, performance, or trust.
• Stability: BGP favors routes that are stable and haven't "flapped" (gone up and down) recently.

BGP uses TCP (Port 179) to establish a connection between "neighbors" or "peers." Once connected, they exchange their entire routing tables and then only send updates when something changes.

Key Concepts

• Autonomous System (AS): A large network or group of networks managed by a single organization (like an ISP, a university, or a large tech company). Each AS is assigned a unique AS Number (ASN).
• Peering vs. Transit:
  • Peering: Two networks exchange traffic directly for mutual benefit, often without exchanging money.
  • Transit: A smaller network pays a larger network (a Tier-1 ISP) to carry its traffic to the rest of the global Internet.
• EBGP vs. IBGP:
  • External BGP (EBGP): Used to route traffic between different ASes.
  • Internal BGP (IBGP): Used to route traffic within a single AS.

Why BGP is Fragile (BGP Hijacking)

BGP was designed in an era when the Internet was small and based on trust. Because there is no built-in mechanism to verify that a network actually "owns" the IP addresses it claims to own, a network can accidentally (or maliciously) broadcast that it has a better route to a certain destination.

This is known as BGP Hijacking. It can lead to:

• Traffic Redirection: Data is sent to the wrong place, where it can be inspected or dropped.
• DDoS Attacks: Traffic is overwhelmed by being funneled into a network that can't handle it.
• Outages: Large sections of the Internet can become unreachable (e.g., the famous Facebook outage of 2021 was caused by a BGP configuration error).

Modern Improvements

To fix these security gaps, the industry is moving toward RPKI (Resource Public Key Infrastructure), which uses cryptographic signatures to prove that a network is authorized to announce specific IP address blocks.