BGP (Border Gateway Protocol)

BGP is the protocol that makes the Internet work by determining how packets travel between the 70,000+ autonomous systems (AS) that comprise the global network.

Why it matters

• BGP misconfigurations cause Internet outages affecting millions of users.
• Route hijacking attacks can redirect traffic through malicious networks.
• Understanding BGP is essential for network troubleshooting and security monitoring.
• Cloud and hybrid architectures increasingly rely on BGP for connectivity.

Key concepts

• Autonomous System (AS): A network under single administrative control, identified by an ASN.
• AS Path: The sequence of AS numbers a route advertisement traverses.
• Prefix announcement: An AS advertising that it can reach a specific IP range.
• Peering: Direct BGP connections between networks for traffic exchange.
• Transit: Paying another network to carry your traffic to destinations you cannot reach directly.

How BGP works

1. AS establishes BGP sessions with neighbors (peers or transit providers).
2. AS announces prefixes it owns or has permission to announce.
3. BGP routers exchange route information and select best paths.
4. Traffic flows based on the selected paths, considering AS path length, local preferences, and policies.

Security considerations

• Route hijacking: Malicious or accidental announcement of prefixes owned by others.
• RPKI (Resource Public Key Infrastructure): Cryptographically validates prefix ownership.
• ROA (Route Origin Authorization): Specifies which AS can announce a prefix.
• BGP Monitoring: Track your prefixes for unauthorized announcements.
• BGPsec: End-to-end path validation (limited deployment).

Real-world incidents

• Pakistan Telecom YouTube hijack (2008): Accidentally blocked YouTube globally.
• Cloudflare outage (2020): Configuration error caused 50% traffic loss.
• Facebook outage (2021): BGP withdrawal made Facebook unreachable for 6 hours.