networking routing

BGP (BGP)

bgp routing internet autonomous-systems
Plain English

BGP is the GPS navigation system for the internet. When you visit a website hosted in another country, your data passes through multiple internet service providers and networks. BGP is the protocol that tells each network which direction to forward your data so it reaches the right destination. If BGP makes a mistake or gets hijacked, entire chunks of the internet can become unreachable or get rerouted through the wrong network.

Technical Definition

Border Gateway Protocol (BGP), defined in RFC 4271, is the path-vector routing protocol that manages routing between Autonomous Systems (AS), the independently operated networks that compose the internet. BGP is the only protocol responsible for inter-domain routing.

Key concepts:

  • Autonomous System (AS): a network or group of networks under a single administrative domain, identified by a unique AS Number (ASN). Examples: AS15169 (Google), AS16509 (Amazon), AS13335 (Cloudflare).
  • BGP peering: two routers exchange routing information over a TCP session (port 179). Peers are configured manually (no auto-discovery).
  • eBGP: peering between different AS (inter-domain, the internet)
  • iBGP: peering within the same AS (internal route distribution)
  • Prefix announcement: an AS tells its peers which IP prefixes (subnets) it can reach
  • AS path: the sequence of ASNs a route traverses. BGP prefers shorter AS paths.

BGP route selection (simplified priority):

  1. Highest local preference
  2. Shortest AS path
  3. Lowest origin type (IGP > EGP > incomplete)
  4. Lowest MED (Multi-Exit Discriminator)
  5. eBGP over iBGP
  6. Lowest router ID (tiebreaker)

BGP security concerns:

  • Route hijacking: malicious or accidental announcement of someone else’s IP prefixes, redirecting their traffic
  • Route leaks: an AS propagates routes it should not, creating unintended traffic paths
  • Mitigation: RPKI (Resource Public Key Infrastructure) cryptographically validates prefix ownership; ROA (Route Origin Authorization) records

BGP route inspection 

# View BGP routing table for a prefix (public looking glass)
$ whois -h whois.radb.net 8.8.8.0/24
route:      8.8.8.0/24
origin:     AS15169
descr:      Google LLC

# Check BGP path to a destination
$ traceroute -A 8.8.8.8
 1  192.168.1.1 [AS0]          1.2 ms
 2  10.0.0.1 [AS7018]          5.4 ms    # AT&T
 3  12.122.2.1 [AS7018]       11.1 ms    # AT&T
 4  74.125.242.1 [AS15169]    12.3 ms    # Google
 5  8.8.8.8 [AS15169]         12.5 ms    # Google

# Query BGP route info via RIPE RIS
$ curl -s "https://stat.ripe.net/data/routing-status/data.json?\
resource=8.8.8.0/24" | jq '.data.first_seen'

# Check RPKI validation status
$ curl -s "https://rpki-validator.ripe.net/api/v1/validity/\
AS15169/8.8.8.0/24" | jq '.validated_route.validity.state'
"valid"
In the Wild

BGP literally holds the internet together. Every ISP, cloud provider, and large enterprise runs BGP. When BGP goes wrong, the consequences are massive: the 2021 Facebook outage (6+ hours, affecting 3.5 billion users) was caused by a BGP misconfiguration that withdrew Facebook’s routes from the global routing table. Pakistan accidentally hijacked YouTube’s IP space via BGP in 2008, making YouTube unreachable worldwide. Route hijacking is also used for surveillance and traffic interception. RPKI adoption is growing but still incomplete, leaving the internet vulnerable to both accidental and malicious BGP incidents. For most IT professionals, BGP is relevant when choosing cloud providers and understanding internet outage reports; hands-on BGP configuration is typically limited to network engineers at ISPs and large enterprises.

← Back to Dictionary