Border Gateway Protocol (BGP) is the protocol that runs the Internet. BGP has been in use on the Internet since the early nineties. BGP provides routing (best pathways) on the Internet. We can compare it to a mail service. When we mail a letter into a mailbox, the mail service processes that piece of mail and chooses a quick, efficient route to deliver that letter to the recipient. Likewise, when the data is sent across the Internet, BGP checks all of the available paths that data could traverse and picks the best route. BGP is important for WAN engineers and administrators of large organizations that hook up with two or more Internet Service Providers, as well as to Internet Service Providers (ISPs) that connect to other network providers.
BGP Fundamentals (from www.gamaodontologia.com)
- The current version of BGP is BGP version 4, based on RFC4271.
- BGP is the path-vector protocol that provides routing information for autonomous systems on the Internet via its AS-Path attribute.
- BGP is a Layer 4 protocol that sits on top of TCP. It is much simpler than OSPF, because it does not have to worry about the things TCP will handle
- It has peers that have been manually configured to exchange routing information will form a TCP connection and begin speaking BGP. There is no discovery in BGP.
- True multi-homing for the entire network.
- An important aspect of BGP is that the AS-Path itself is an anti-loop mechanism. Routers will not import any routes that contain themselves in the AS-Path.
Why one needs to understand BGP?
When BGP is not configured correctly, it can cause massive availability and security problems, as Google discovered in 2008 and 2018, when its YouTube service became unreachable to large portions of the Internet. What happened was that, in an effort to ban YouTube in its home country, Pakistan Telecom used BGP to route YouTube’s address block into a black hole. But, in what is believed to have been an accident, this routing information somehow got transmitted to Pakistan Telecom’s Hong Kong ISP and from there got propagated to the rest of the world. The end result was that most of YouTube’s traffic ended up in a black hole in Pakistan.
More sinisterly, 2003 saw a number of BGP hijack attacks, where modified BGP route information allowed unknown attackers to redirect large blocks of traffic so that it travelled via routers in Belarus or Iceland before it was transmitted on to its intended destination.
Undoubtedly, BGP is important. Here I provide a short overview of how BGP works, along with the problems it solves and causes.
Autonomous Systems
In the world of BGP, each routing domain is known as an autonomous system, or AS. What BGP does is help choose a path through the Internet, usually by selecting a route that traverses the least number of autonomous systems: the shortest AS path.
You might need BGP, for example, if your corporate network is connected to two large ISPs. To use BGP you would need an AS number, which you can get from the American Registry of Internet Numbers (ARIN). Once BGP is enabled, your router will pull a list of Internet routes from your BGP neighbors, who in this case will be your two ISPS. It will then scrutinize them to find the routes with the shortest AS paths. These will be put into the router’s routing table. (If you only connect to a single ISP then you do not need BGP. That is because there is only one path to the Internet, so there is no need for a routing protocol to select the best path.) Generally, but not always, routers will choose the shortest path to an AS. BGP only knows about these paths based on updates it receives.
Route Updates
Unlike Internet Gateway Routing Protocol (IGRP) or Routing Information Protocol (RIP), a distance-vector routing protocols which employs the hop count as a routing metric, BGP does not broadcast its entire routing table. At boot, your peer will hand over its entire table. After that, everything relies on updates received.
Route updates are stored in a Routing Information Base (RIB). A routing table will store only the best route per destination, but the RIB generally holds many paths to a destination. The router decides which routes will make it into the routing table, and therefore which paths will actually be used. If for any reason the route is lost or withdrawn, RIB can provide another route to the same destination.
The RIB is only used to keep track of routes that could possibly be used. If a route withdrawal is received and it only existed in the RIB, it is silently deleted from the RIB. No update is sent to peers. RIB entries never time out. They continue to exist until it is assumed that the route is no longer valid.
BGP Issues
In order to indeed comprehend how BGP works, it is important to spend some time understanding the issues that plague the Internet.
First, there is a very big problem with routing table growth. If someone decides to split a network that used to be a single /16 network, he/she could potentially start advertising hundreds of new routes. Every router on the Internet will learn the new route when this happens. Network administrators are persistently pushed to aggregate, or combine multiple routes into a single advertisement. Aggregation is not always possible, especially if you want to break up a /19 subnet into two geographically separate /20 subnets. Routing tables are approaching 200,000 routes now, and for a time they were appearing to grow exponential.
Second, there is always a concern that someone will “advertise the Internet.” If some large ISP’s customer suddenly decides to advertise everything, and the ISP accepts the routes, all of the Internet’s traffic will be sent to the small customer’s AS. There’s a simple solution to this. It’s called route filtering. It’s quite simple to set up filters so that your routers won’t accept routes from customers that you aren’t expecting, but many large ISPs will still accept the equivalent of “default” from peers that have no likelihood of being able to provide transit.
Finally, we come to route flapping. BGP has a mechanism to “hold down” routes that appear to be unstable (going up and down). Routes that flap usually aren’t reliable enough to send traffic to. If routes flap frequently, the load on all Internet routes will increase due to the processing of updates every time someone disappears and reappears. Dampening will prevent BGP peers from listening to all routing updates from flapping peers. The amount of time one is in hold-down increases exponentially with every flap. It’s annoying when you have a faulty link, since it can be more than an hour before you can get to many Internet sites, but it is very necessary.
This is a quick discussion of BGP to get you thinking the right way about the protocol but is by no means all-inclusive. One of the best resource I used for learning BGP was “Internet Routing Architectures” By Sam Halabi Spend some time reading it if you’re tasked with managing a BGP router.
References
2. https://bestestredteam.com/2018/11/18/what-the-hell-is-bgp-and-how-did-it-cripple-google/
3. https://www.cloudflare.com/learning/security/glossary/what-is-bgp
4. https://www.gamaodontologia.com/1990-redline/bgp-attributes-classification.html