BGP Routing Explanation

Border Gateway Protocol (BGP) is the routing protocol for the Internet. Like the post office processing mail, BGP picks the most efficient routes for delivering Internet traffic.

What is BGP?

Border Gateway Protocol (BGP) is the postal service of the Internet. When someone drops a letter into a mailbox, the Postal Service processes that piece of mail and chooses a fast, efficient route to deliver that letter to its recipient. Similarly, when someone submits data via the Internet, BGP is responsible for looking at all the available paths that data could travel and picking the best route, usually hopping between autonomous systems.

BGP is the protocol that makes the Internet work by enabling data routing. When a user in Singapore loads a website with origin servers in Argentina, BGP is the protocol that enables that communication to happen quickly and efficiently.

What is an autonomous system?

The Internet is a network of networks. It is broken into hundreds of thousands of smaller networks known as autonomous systems (ASes). Each network is a large pool of routers run by a single organization.

If we continue to think of BGP as the Postal Service of the Internet, ASes are like individual post office branches. A town may have hundreds of mailboxes, but the mail in those boxes must go through the local postal branch before being routed to another destination. The internal routers within an AS are like mailboxes. They forward their outbound transmissions to the AS, which then uses BGP routing to get these transmissions to their destinations.

The diagram above illustrates a simplified version of BGP. In this version, there are only six ASes on the Internet. If AS1 needs to route a packet to AS3, it has two different options:

Hopping to AS2 and then to AS3:

AS2 → AS3

Or hopping to AS6, then to AS5, AS4, and finally to AS3:

AS6 → AS5 → AS4 → AS3

In this simplified model, the decision seems straightforward. The AS2 route requires fewer hops than the AS6 route, and therefore it is the quickest, most efficient route. Now imagine that there are hundreds of thousands of ASes, and that hop count is only one part of a complex route selection algorithm. That is the reality of BGP routing on the Internet.

The Internet structure constantly changes, with new and existing systems becoming unavailable. Because of this, every AS must be updated with information regarding new and obsolete routes. This is done through peering sessions where each AS connects to neighboring ASes with a TCP/IP connection to share routing information. Using this information, each AS is equipped to route outbound data transmissions coming from within properly.

Here is where part of our analogy falls apart. Unlike post office branches, autonomous systems are not all part of the same organization. They often belong to competing businesses. For this reason, BGP routes sometimes take business considerations into account. ASes often charge each other to carry traffic across their networks, and the price of access can be factored into which route is ultimately selected.

Who operates BGP autonomous systems?

ASes typically belong to Internet service providers (ISPs) or other large organizations, such as tech companies, universities, government agencies, and scientific institutions. Each AS wishing to exchange routing information must have a registered autonomous system number (ASN). Internet Assigned Numbers Authority (IANA) assigns ASNs to Regional Internet Registries (RIRs), which then assigns them to ISPs and networks. ASNs are 16-bit numbers between one and 65534 and 32-bit numbers between 131072 and 4294967294. As of 2018, there are approximately 64,000 ASNs in use worldwide. These ASNs are only required for external BGP.

What is the difference between external BGP and internal BGP?

Routes are exchanged, and traffic is transmitted over the Internet using external BGP (eBGP). Autonomous systems can also use an internal version of BGP to route through their internal networks, known as internal BGP (iBGP). It should be noted that using internal BGP is NOT a requirement for using external BGP. Autonomous systems can choose from several internal protocols to connect the routers on their internal network.

External BGP is like international shipping. Some certain standards and guidelines must be followed when shipping a piece of mail internationally. Once that piece of mail reaches its destination country, it has to go through the destination country’s local mail service to reach its final destination. Each country has its own internal mail service that does not necessarily follow the same guidelines as other countries. Similarly, each autonomous system can have its own internal routing protocol for routing data within its own network.

What are BGP attributes?

Overall, BGP tries to find the most efficient path for network traffic. But as noted above, hop count is not the only factor BGP routers use for finding those paths. BGP assigns attributes to each path, and these attributes help routers select a path with multiple options. Many routers allow administrators to customize attributes for more granular control over network traffic flows. Some examples of BGP attributes are:

  • Weight: A Cisco-proprietary attribute, this tells a router which local paths are preferred.
  • Local preference: This tells a router which outbound path to select.
  • Originate: This tells a router to choose routes it added to BGP.
  • AS path length: Similar to the example diagram above, this attribute tells a router to prefer shorter paths.

There are several other BGP attributes as well. All these attributes are ordered by priority for BGP routers — so that, for example, a BGP router first checks to see which route has the highest weight, then checks local preference, then checks to see if the router originated the route, and so on. (If all routes received have equal weight, the router selects a path based on local preference instead.)

BGP flaws and how to address them

In 2004, a Turkish ISP called TTNet accidentally advertised incorrect BGP routes to its neighbors. These routes claimed that TTNet was the best destination for all traffic on the Internet. As these routes spread further to more autonomous systems, a massive disruption occurred, creating a one-day crisis where many people worldwide could not access some or all of the Internet.

Similarly, in 2008, a Pakistani ISP attempted to use a BGP route to block Pakistani users from visiting YouTube. The ISP then accidentally advertised these routes with its neighboring ASes, and the route quickly spread across the Internet’s BGP network. This route sent users trying to access YouTube to a dead end, which resulted in YouTube being inaccessible for several hours.

Another incident along these lines occurred in June 2019, when a small company in Pennsylvania became the preferred path for routes through Verizon’s network, causing much of the Internet unavailable to users for several hours.

These are examples of a practice called BGP hijacking, which does not always happen accidentally. In April 2018, attackers deliberately created bad BGP routes to redirect traffic meant for Amazon’s DNS service. The attackers could steal over $100,000 worth of cryptocurrency by redirecting the traffic to themselves.

BGP hijacking can be used for several kinds of attacks:

  • Phishing and social engineering through re-routing users to fake websites
  • Denial-of-service (DoS) through traffic blackholing or redirection
  • On-path attacks to modify exchanged data and subvert reputation-based filtering systems
  • Impersonation attacks to eavesdrop on communications

Incidents like these can happen because the route-sharing function of BGP relies on trust, and autonomous systems implicitly trust the routes that are shared with them. When peers announce incorrect route information (intentionally or not), traffic goes where it is not supposed to, potentially with malicious results.

How to secure BGP

Fortunately, some progress has been made in securing BGP. Most notably, a security framework for routing called Resource Public Key Infrastructure (RPKI) was introduced in 2008. RPKI uses cryptographically signed records called Route Origin Authorization (ROAs) to validate which network operator can announce an organization’s IP addresses using BGP. This ensures that only authorized parties are announcing an organization’s prefixes.

But RPKI’s existence alone is not enough. Large networks can spread large-scale hijacking attacks if they do not follow BGP security best practices. Over 50% of the top Internet providers support RPKI to some extent, but a larger majority is needed to secure BGP fully.


Nord VPN
60% off Nord VPN
Coinbase - Getty Images - 1234552839
Coinbase – Crypto Currency – Sign up with this link and get $10 free?! Buy/sell/exchange crypto, and use their ATM card to access your cash easily!
Chase Sapphire Preferred - Travel Points
NordPass - Password Manager - CJ Banner
https://www.dpbolvw.net/click-100604079-15345170
Binance Cryptowallet - Buy/Sell
Binance Blockchain
Amazon - Daily Deals
Amazon’s Daily Deals!
Your favorite restaurants are delivered to your front door! Grubhub!
Game Fly
Game Fly Video Game Rentals!

Please enter CoinGecko Free Api Key to get this plugin works.