Introduction to BGP and its security #1



BGP made you capable of reading this article RIGHT NOW! Sounds scary  ??! 😜 Isn't it?? 

The Border Gateway Protocol (BGP) is the routing protocol which makes Internet working , used to route traffic across the Internet. For that reason, it's a pretty important protocol, and it can also be the hardest one to understand.


From our overview of Internet routing, you should realize that routing in the Internet is comprised of two parts: the internal fine-grained portions managed by an IGP such as OSPF, and the interconnections of those autonomous systems (AS) via BGP.




Who should understand BGP?


BGP is relevant to network administrators of large organizations which connect to two or more ISPs, as well as to Internet Service Providers (ISPs) who connect to other network providers. If you are the administrator of a small corporate network, or an end user, then you probably don't need to know about BGP.


Some basic BGP facts:


  • The current version of BGP is BGP version 4, based on RFC4271.

  • Peers that have been manually configured to exchange routing information will form a TCP connection and begin speaking BGP. There is no discovery in BGP.

  • Medium-sized businesses usually get into BGP for the purpose of true multi-homing for their entire network.

  • An important aspect of BGP is that the AS-Path itself is an anti-loop mechanism. Routers will not import any routes that contain themselves in the AS-Path.

  • BGP is the path-vector protocol that provides routing information for autonomous systems on the Internet via its AS-Path attribute.

  • BGP is a Layer 4 protocol that sits on top of TCP. It is much simpler than OSPF, because it doesn’t have to worry about the things TCP will handle.



Routes and Autonomous Systems

To fully understand BGP we’ll first get familiar with a couple of underlying concepts, starting with what it actually means to be connected to the Internet. For a host to be connected there must be a path or “route” over which it is possible for you to send a packet that will ultimately wind up at that host, and for that host to have a path over which to send a packet back to you. That means that the provider of Internet connectivity to that host has to know of a route to you; they must have a way to see routes in the section of the IP space that you are using. For reasons of enforced obfuscation by RFC writers, routes are also called Network Layer Reachability Information (NLRI). As of December 2015, there are over 580,000 IPv4 routes and nearly 26,000 IPv6 routes.


Another foundational concept is the Autonomous System (AS), which is a way of referring to a network. That network could be yours, or belong to any other enterprise, service provider, or nerd with her own network. Each network on the Internet is referred to as an AS, and each AS has at least one Autonomous System Number (ASN). There are tens of thousands of ASNs in use on the Internet. Normally the following elements are associated with each AS:

  • An entity (a point of contact, typically called a NOC, or Network Operations Center) that is responsible for the AS.

  • One or multiple border routers. A border router is a router that is configured to peer with a router in a different AS, meaning that it creates a TCP session on port 179 and maintains the connection by sending a keep-alive message every 60 seconds. This peering connection is used by border routers in one AS to “advertise” routes to border routers in a different AS (more on this below).

  • An internal routing scheme so that every router in a given AS knows how to get to every other router and destination within the same AS. This would typically be accomplished with an interior gateway protocol (IGP) such as Open Shortest Path First (OSPF) or Intermediate System to Intermediate System (IS-IS).


Introducing BGP

As explained above, the interconnections that are created to carry traffic from and between Autonomous Systems result in the creation of “routes” (paths from one host to another). Each route is made up of the ASN of every AS in the path to a given destination AS. BGP (more explicitly, BGPv4) is the routing protocol that is used by your border routers to “advertise” these routes to and from your AS to the other systems that need them in order to deliver traffic to your network:

  • Upstream or transit networks, which are the providers that connect you to other networks.

  • Peer networks, which are the ASs with which you’ve established a direct reciprocal connection;

Actually, your border routers advertise routes to the portions of the IPv4 and IPv6 address space that you and your customers are responsible for and know how to get to, either on or through your network.


Advertising routes that “cover” (include) your network is what enables other networks to “hear” a route to the hosts within your network. In other words every IP address that you can get to on the Internet is reachable because someone, somewhere, has advertised a route that covers it. If there is not a generally advertised route to cover an IP address, then at least some hosts on the Internet will not be able to reach it.


The advertising of routes helps a network operator do two very important things. One is to make semi-intelligent routing decisions concerning the best path for a particular route to take outbound from your network. Otherwise you would simply set a default route from your border routers into your providers, which might cause some of your traffic to take a sub-optimal external route to its destination. Second, and more importantly, you can announce your routes to those providers, for them to announce in turn to others (transit) or just use internally (in the case of peers).


In addition to their essential role in getting traffic to its destination, advertised routes are used for several other important purposes:

  • To enable policy enforcement and traffic preferences;

  • To avoid creating routing, and thus packet, loops.

  • To help track the origin and path of network traffic;

In addition to the routing functionality of BGP, BGP is also used to listen to the routes from other networks. The sum of all of the route advertisements from all of the networks on the Internet contributes to the “global routing table” that is the Internet’s packet directory system. If you have one or more transit provider, you will usually be able to hear that full list of routes.