BGP.KMCD.DEV

Global Routing Telemetry

Understanding BGP

The Postal Service of the Web

The Border Gateway Protocol (BGP) is the routing protocol of the internet. It acts like the postal service for the web, allowing different networks (Autonomous Systems or ASes) to announce which IP addresses they control and discover the most efficient paths to send data to each other. Because BGP relies on trust, it is vulnerable to misconfigurations or malicious attacks known as Route Hijacks.

IP Prefixes & Subnetting

In BGP, we don't route individual IPs, but Prefixes (blocks of addresses). A prefix like 192.0.2.0/24 represents 256 addresses.

  • Specific (/24): A "small" prefix. BGP always prefers the most specific route. A hijacker announcing a /24 can "steal" traffic from a larger /23 announcement.
  • Aggregate (/8): A "large" prefix covering millions of IPs. Used to keep the global routing table manageable.
Learn about Subnetting →
Entity

Autonomous System (AS)

A large network or group of networks under a single administrative control. Every major entity on the internet (Google, Comcast, CERN) is assigned a unique ASN to identify itself in the global BGP table.

Economics

Peering vs Transit

Peering is a direct connection between ASes to exchange traffic. Transit is when a network pays a provider to carry its traffic to the rest of the global internet.

Connectivity

BGP Sessions & Peering

Two ASes establish a session to exchange routing information. This "peering" is the handshake that allows data to flow across corporate and national networks.

Infrastructure

The Global Routing Table

Often called the Default-Free Zone (DFZ), this is the master list of all known IP prefixes and the best paths to reach them globally.

Path Selection

In BGP, a Path is not just a wire between two points; it is a sequence of Autonomous Systems (ASes) that data must traverse to reach its destination. Because the internet is a "network of networks," there are often dozens of possible ways to reach a single IP address.

Unlike protocols that count every individual router (hops), BGP operates at a higher level of abstraction. It selects a single "best" path based on business relationships, geography, and network health.

Best Path Algorithm

  1. 01
    Local Preference: Prefers exit points based on internal policy.
  2. 02
    AS Path Length: Prefers the shortest chain of network hops.
  3. 03
    Origin Type: Prefers internal routes over external ones.
  4. 04
    MED: Suggests an entry point to a neighbor.
Route Selection

BGP Communities

Metadata "tags" attached to routes that signal instructions to upstream peers. Standardized via RFC 1997 and RFC 4360.

  • Blackholing: Used for DDoS mitigation. Example: 65535:666 (RTBH)
  • Traffic Steering: Influencing path priority. Example: ASN:70 (Set Local-Pref 70)
  • Scoping: Preventing regional leakage. Example: NO_EXPORT (RFC 1997)

Looking Glasses

A Looking Glass allows engineers to view the routing table from the perspective of a specific remote router.

  • University of Oregon RouteViews

    A global project providing real-time BGP data to researchers since 1995. It peers with dozens of major backbones worldwide.

  • RIPE NCC RIS

    The Routing Information Service collects and stores BGP routing updates from over 600 peer sessions across the globe.

Anatomy of a BGP Update

Type: Announcement
Attribute Value
TYPE UPDATE (Announcement)
PEER ASN 199524
AS PATH AS199524AS1299AS7922AS46427AS64289
COMMUNITIES 1299:30000, 7922:101
NEXT HOP 2001:504:1::a519:9524:1
PREFIXES 2a14:3f87:9800::/38

The AS PATH attribute shows the chain of networks this update traversed. In this example, traffic flows through AS199524 then AS1299 and so on until it reaches the destination. Networks use COMMUNITIES to tag routes with handling instructions. These tags can prevent advertisements to certain regions or signal DDoS mitigation. The NEXT HOP is the specific IP address used to reach the next network in the chain.

Type: Withdrawal
Attribute Value
TYPE UPDATE (Withdrawal)
PEER ASN 19151
WITHDRAWALS
199.199.238.0/23
204.221.20.0/24
206.10.88.0/22

A withdrawal message removes prefixes from the global routing table immediately. This happens when a network link goes down or a peering session is disconnected. Unlike an announcement that builds a path, a withdrawal lists PREFIXES that are no longer reachable through this peer. Large bursts of withdrawals are often the first sign of major fiber cuts or data center outages.

1. Announcing

The Origin AS 'announces' its IP space. Routers propagate this information so that every network knows the path back to the origin.

UserOrigin AS

References

Advanced BGP Topics

Explore the complex protocols and architectural standards built on top of BGP's extensible framework.

Path & Scalability

  • eBGP vs iBGP

    External BGP is used between networks while Internal BGP distributes those routes within a single AS.

  • Route Reflection (RFC 4456)

    A method to scale internal networks by reducing the need for every router to talk to every other router.

  • BGP ADD-PATH (RFC 7911)

    Allows advertising multiple paths for the same prefix to enable better ECMP and faster convergence.

  • BGP PIC

    Prefix Independent Convergence allows millisecond failover by using pre-calculated backup paths.

  • Confederations (RFC 5065)

    Dividing a large AS into smaller sub-ASs to simplify management and reduce peering overhead.

Security & Integrity

  • BGPsec (RFC 8205)

    Full path signing. Rarely deployed due to high CPU load; RPKI is the preferred modern alternative.

  • BGP OPSEC (RFC 7454)

    Best practices for securing BGP sessions including TTL security and prefix filtering.

  • RPKI Validation

    Cryptographic verification that an AS is authorized to originate specific IP prefixes.

Traffic Engineering & Resiliency

Modern Overlays