Border Gateway Protocol (BGP) is the protocol that connects all networks over the internet, allowing your computer to send and receive data from other computers located anywhere in the world. BGP maps out how information or traffic should travel around the internet, like a GPS for the web.
BGP is like an international postal service. The network of postal services across the world are what enables us to send letters and packages from one place to another. BGP does something similar for data—it helps route data across the internet like a mail carrier.
Table of Contents
What is BGP routing?
Border Gateway Protocol (BGP) is an exterior gateway protocol that enables the exchange of routing and reachability information between autonomous systems (AS) on the internet.
BGP, as defined in RFC 1163 and RFC 1267, plays an important role in forming the topology of the global internet. It connects independently operated networks, or AS’s, by allowing them to exchange information about their reachability.
By sharing these updates with their neighbors, BGP routers can update their stored knowledge of how to reach a certain network with the best route possible. The router then informs its neighbors of this change, which allows them to do the same in turn. In this way, the complex web, which comprises the global internet, can stay continually connected.
How BGP routing works
BGP routing works by exchanging messages between autonomous systems (AS). An AS is a group of networks managed by a single organization or entity. Each AS has its own unique number, which is used to identify it in BGP messages.
Autonomous systems (AS) communications
When two ASs communicate with each other, they exchange information about their respective networks. This includes details such as IP address ranges, subnet masks, and other network-related data. This information is then used to build a routing table that contains all the possible routes between two ASs.
Once a routing table has been built, it needs to be updated regularly so that any changes in the network can be reflected in the routing table. This process is known as route updating, and it involves sending messages back and forth between two ASs to keep their respective routing tables up-to-date.
BGP path attributes
In addition to exchanging information about networks, BGP also uses path attributes to determine which route should be taken when sending packets from one AS to another. These attributes include things like hop count, latency, and cost of transmission. By considering these factors, BGP ensures that packets are sent along the most efficient route possible.
Why is Border Gateway Protocol important?
BGP is an integral part of how the internet works today. Without it, there would be no way for different networks to communicate or share information about routes, making it impossible for data to be sent from one place to another efficiently and securely.
BGP enables the exchange of information between different networks and allows them to determine the best path for data to travel. It’s used by ISPs, large organizations, and cloud providers to connect their networks with each other and with the rest of the internet. BGP is also used to ensure traffic flows through the most efficient route possible, which helps reduce latency and improve performance.
8 main functions of BGP
BGP provides critical functions to the operation of the internet, including everything from maintaining route information, selecting the shortest route, and providing redundancy in case of routing errors, to providing security through authentication and facilitating communication between different network types.
1. Maintaining route information
BGP maintains an up-to-date routing table that regularly updates it with information about all available routes on the internet. BGP routers use this table to determine the best paths for sending packets from one network to another.
2. Selecting the best route for sending packets
BGP uses a variety of parameters, such as distance and latency, to calculate the best route for sending packets. BGP routers typically have multiple paths to choose from and will select the one that offers the best performance.
3. Providing redundancy in case of route failure
BGP will automatically reroute traffic over an alternative path if it detects that a primary path is not functioning.
4. Detecting loops in routing paths
BGP can detect and eliminate loops in routing paths using a set of algorithms known as the BGP Decision Process. This helps ensure packets are sent along the most efficient route possible without wasting bandwidth or taking unnecessary detours.
5. Preventing malicious attacks
BGP can filter out malicious traffic by verifying that BGP messages come from legitimate autonomous systems.
6. Providing security
BGP authenticates messages between routers using a preconfigured password or key. This helps ensure that only authorized entities can exchange information and keep malicious actors from disrupting traffic.
7. Controlling traffic flow
BGP enables ISPs to control how traffic flows through their networks by specifying the route taken when sending packets from one network to another.
8. Facilitating network communication
BGP allows communication between networks, such as IPv4 and IPv6. This helps ensure that all devices can communicate with one another, regardless of which type of network they’re on.
What are common issues of BGP routing?
Despite its many benefits, there are some issues associated with using BGP for routing traffic across the internet—both in terms of general applicability (e.g., stability and configuration) and security (e.g., route manipulation and hijacking).
General BGP applicability issues
BGP routing has some important issues to be aware of, including propagation delay and potential instabilities caused by manual configuration.
One of the main issues with using BGP is that changes made in one network can take a long time to propagate throughout all other connected networks. This can be a concern if you need to make changes quickly or if your network relies on up-to-date information.
Another issue is that BGP can cause instability if not configured correctly. If routes are not set up properly, packets may be routed inefficiently, leading to slow performance and potential outages.
BGP requires manual configuration, which can be time-consuming and error-prone. This means that any mistakes in setting up the routes could lead to problems down the line. In addition, BGP does not scale well when dealing with large numbers of routers or large amounts of data being routed simultaneously.
BGP security issues
Some security concerns around BGP routing arise out of the general issues above and as a result of criminals actively trying to exploit BGP by manipulating or hijacking routes for malicious purposes.
BGP route manipulation
BGP route manipulation is a serious threat to the integrity of a network, as it involves malicious actors deliberately altering BGP tables to prevent traffic from reaching its intended destination. This can not only lead to data loss but can cause considerable disruption to service continuity and potentially become used in a range of cyberattack scenarios.
In addition, BGP route manipulation can damage route credibility and require users to manually vet or deploy additional security products to detect route manipulation attempts.
BGP route hijacking
This is a method of exploitation that allows attackers to announce a victim’s IP address prefixes to reroute traffic through itself, leading to instability and increased load from the sudden influx of traffic. In some cases, BGP route hijacking could enable attackers to access unencrypted data streams or be used for bypassing IP blocklist mitigation for launching unsolicited campaigns like spam.
BGP denial-of-service (DoS)
This malicious attack primarily targets BGP routing protocols. In this attack, a cybercriminal sends unexpected or undesirable BGP traffic to the victim system, which exhausts all available resources, making it impossible to process valid BGP traffic.
The BGP threat landscape
BGP has experienced numerous security incidents over the years. The most notable incident occurred in February 2008 when a BGP hijack caused a global YouTube outage.
More recently, 2017 saw several events shed light on existing vulnerabilities: In August 2017, Japan experienced a countrywide outage due to a Google error that leaked BGP advertisements, sending Japanese internet traffic into a black hole.
In October of the same year, services such as Twitter and Google in Brazil were disrupted due to another BGP leak incident. And in November 2017, internet backbone provider Level 3 experienced a router misconfiguration which caused a significant route leak and that ended up directly impacting Comcast and in the process shutting down the internet in large swaths of the U.S.
Fast forward to October 4, 2021. Facebook and its subsidiaries experienced a major outage that affected users worldwide. The cause of the outage was traced back to a faulty BGP, which caused an interruption in the routing of traffic. This resulted in many users being unable to access their accounts or use any of the services provided by Facebook and its subsidiaries. The outage lasted several hours before it was resolved and cost the organization $60 million in lost revenue.
Protecting against BGP threats
To adequately protect against BGP threats, it’s necessary to put proper countermeasures and safeguards in place. One such security measure is the Resource Public Key Infrastructure (RPKI), a cryptographic system developed specifically for route-origin authentication, which helps prevent hijacking and leaks.
Though RPKI has proven highly effective at shielding BGP networks, its uptake is still low. The other option is to deploy machine learning tools to detect, classify, and analyze BGP anomalies. There is already some success in this practice based on studies conducted by MIT.
Are there any alternatives to BGP?
There are several alternatives available for those who do not want or need all the features offered by BGP. The most prominent of these are Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP).
Open Shortest Path First (OSPF)
OSPF is a link-state routing protocol used to find the best path between the source and destination in an IP network. It’s based on Dijkstra’s algorithm which computes the shortest path between two nodes. OSPF is an intradomain protocol, meaning it is used within a single autonomous system.
One of the main advantages of OSPF over other routing protocols (including BGP) is its efficient path choice. In addition, OSPF has faster convergence times than BGP, meaning it can quickly detect changes in the network and update its routing tables accordingly.
However, one disadvantage of OSPF is that it requires more memory and processing power than BGP because it needs to store all the information about the links in its routing table.
Enhanced Interior Gateway Routing Protocol (EIGRP)
EIGRP is an advanced distance-vector routing protocol developed by Cisco Systems. It’s a hybrid protocol that combines features of both distance-vector and link-state routing protocols, allowing it to be more efficient than either one alone. EIGRP uses the Diffused Update Algorithm (DUAL) to calculate the shortest path to a destination within a network. This algorithm allows for fast convergence times, meaning that when changes occur in the network, EIGRP can quickly adapt and find new paths for data transmission.
Compared to BGP, EIGRP has several advantages. It’s easier to configure and maintain than BGP, as it requires fewer parameters and less manual intervention. It’s also more efficient at using resources such as bandwidth and memory, making it better suited for networks with limited resources. And it offers faster convergence times than BGP.
On the other hand, there are some drawbacks associated with EIGRP when compared to BGP. For example, while EIGRP does support both IPv4 and IPv6 addresses, BGP supports both IPv4 and IPv6 addresses as well as multiple autonomous systems, which makes it better suited for larger networks with complex topologies. Further, since EIGRP is a proprietary protocol, its implementation on other vendors’ equipment can be challenging.
Bottom line: Understanding and using BGP routing in the enterprise
BGP is a powerful, versatile protocol that enables organizations to build reliable computer networks by exchanging routing information between autonomous systems. BGP offers features such as path selection and route filtering which are essential in providing the best possible network connectivity.
However, BGP has vulnerabilities that must be addressed in order to maintain secure routing operations. Also, BGP is not the only routing protocol available and organizations may want to consider using other protocols such as OSPF or EIGRP.
Please note that while this overview of BGP is a good introduction, it is far from being exhaustive. If you are ever assigned to manage a BGP router, take some time to read through the RFCs associated with it.
If you’re thinking about moving beyond BGP, you can learn more about OSPF and EIGRP and which could benefit your business the most.