BGP.KMCD.DEV

Global Routing Telemetry

Understanding BGP

The Internet's Control Plane

The Border Gateway Protocol (BGP) manages how data travels across the internet. It allows Autonomous Systems (ASes) to announce IP prefix ownership and discover efficient paths to other networks. BGP relies on trust, which makes it vulnerable to misconfigurations and malicious route hijacks.

IP Prefixes & Subnetting

BGP routes Prefixes, which are blocks of IP addresses. A prefix like 192.0.2.0/24 represents 256 addresses.

Specific (/24): Small prefixes. BGP prefers the most specific route. A hijacker can steal traffic by announcing a more specific /24 than a legitimate /23.
Aggregate (/8): Large prefixes covering millions of IPs. These keep the global routing table manageable.

Learn about Subnetting →

Autonomous System (AS)

A network or group of networks under a single administrative control. Major entities like Google, Comcast, and CERN use a unique ASN to identify themselves.

Peering vs Transit

Peering is a direct interconnection between ASes. Transit is a service where a network pays a provider to carry its traffic to the rest of the internet.

BGP Sessions & Peering

Two ASes establish a session to exchange routing information. This handshake occurs over TCP port 179. This detail is essential for troubleshooting firewall and security policy blocks.

The Global Routing Table

Often called the Default-Free Zone (DFZ), this is the master list of all known IP prefixes and their best paths.

Path Selection

A BGP Path is the specific chain of Autonomous Systems that data follows as it moves across the global internet. Since the web is a "network of networks," there are often dozens of different ways to reach the same destination. BGP's job is to evaluate all those choices and pick the single "best" route from the list.

BGP makes routing decisions based on network policy. These choices are driven by business relationships, cost, and the overall health of the path. You can see these real-world routing decisions in action using Cloudflare Radar or by looking at the global routing table through RouteViews.

How BGP Chooses a Route

01
Local Preference: The primary way networks prioritize outbound paths, often preferring free peering over paid transit.
02
AS Path Length: A tie-breaker that prefers the shortest chain of networks.
03
Origin Type: Routes that start from within the network are trusted more than those from outside.
04
MED: A technical hint used to tell a neighboring network which entry point into your network is preferred.
05
External vs Internal: BGP prefers routes learned from external neighbors (eBGP) over those learned internally (iBGP).

Path selection is a deliberate choice negotiated by network operators. These policies are vital for managing transit costs and maintaining link reliability across the Internet.

BGP Communities

Metadata "tags" attached to routes that signal instructions to upstream peers. Standardized via RFC 1997 and RFC 4360.

Blackholing: Used for DDoS mitigation. Example: 65535:666 (RTBH)
Traffic Steering: Influencing path priority. Example: ASN:70 (Set Local-Pref 70)
Scoping: Preventing regional leakage. Example: NO_EXPORT (RFC 1997)

Network Tooling & Resources

A Looking Glass allows engineers to view the routing table from the perspective of a specific remote router.

Cloudflare Radar
Real-time insights into internet traffic, security, and routing patterns globally.
PeeringDB
The industry-standard database for peering locations and network interconnection data.
HE BGP Toolkit
Extensive BGP routing information, including AS details, prefix propagation, and path history.
RouteViews
A global project providing real-time BGP data to researchers since 1995 via dozens of collectors.
RIPE NCC RIS
The Routing Information Service collects and stores BGP routing updates from over 600 peer sessions.

The Session Lifecycle

Before routes can be exchanged, routers must traverse the BGP Finite State Machine (FSM). This sequence ensures that both peers are ready and authorized to communicate over TCP Port 179.

1
Idle
Starting state

2
Connect
Waiting for TCP

3
Active
TCP link up

4
OpenSent
OPEN msg sent

5
OpenConfirm
KEEPALIVE sent

6
Established
Session up

Handshake & Authentication

Security is a major concern in BGP. Since the protocol relies on a persistent TCP connection, it is vulnerable to session resets and spoofing. To mitigate this, BGP sessions are almost always secured with MD5 Signatures (RFC 2385) or the more modern TCP Authentication Option (TCP-AO).

TTL Security (GTSM)

The Generalized TTL Security Mechanism (RFC 5082) protects sessions by requiring the IP Time-to-Live (TTL) to be exactly 255. Since routers decrement TTL at every hop, this ensures the peer is directly connected and prevents attacks from remote networks.

BGP Message Types

Open: Identifies the sender and negotiates session parameters (Hold Time, ASN).
Update: The core of BGP. Advertises new reachability or withdraws old routes.
Keepalive: Periodically exchanged to ensure the peer is still reachable.
Notification: Sent when an error is detected. Immediately closes the session.

Anatomy of BGP Messages

Type: Open

Attribute	Value
TYPE	OPEN
VERSION	4
MY ASN	10122
HOLD TIME	90
BGP IDENTIFIER	10.255.255.36

Details

The first packet sent after the TCP handshake. It establishes the 'ground rules' for the peering session, including optional capabilities like IPv6 support or Route Refresh.

BGP in Action

To truly understand BGP, you must see it in motion. Use the simulation below to walk through the lifecycle of a route. Starting from its initial announcement and path selection across the global internet mesh, to handling failures and anycast failover.

1. Announcing

The Origin AS 'announces' its IP space. Routers propagate this information so that every network knows the path back to the origin.

References

Advanced BGP Topics

Explore the complex protocols and architectural standards built on top of BGP's extensible framework.

Path & Scalability

eBGP vs iBGP
External BGP is used between networks while Internal BGP distributes those routes within a single AS.
Route Reflection (RFC 4456)
A method to scale internal networks by reducing the need for every router to talk to every other router.
BGP ADD-PATH (RFC 7911)
Allows advertising multiple paths for the same prefix to enable better ECMP and faster convergence.
BGP PIC
Prefix Independent Convergence allows millisecond failover by using pre-calculated backup paths.
Confederations (RFC 5065)
Dividing a large AS into smaller sub-ASs to simplify management and reduce peering overhead.

Security & Integrity

BGPsec (RFC 8205)
Full path signing. Rarely deployed due to high CPU load; RPKI is the preferred modern alternative.
BGP OPSEC (RFC 7454)
Best practices for securing BGP sessions including TTL security and prefix filtering.
RPKI Validation
Cryptographic verification that an AS is authorized to originate specific IP prefixes.

Traffic Engineering & Resiliency

BGP FlowSpec (RFC 5575)
Propagating firewall-like traffic filtering rules across AS boundaries for DDoS mitigation.
Segment Routing (SR)
Steering traffic using source-routing instructions, often distributed via BGP (SR-TE).
Graceful Restart (RFC 4724)
Mechanism to maintain packet forwarding during a BGP control-plane restart.

Modern Overlays

EVPN (RFC 7432)
The industry standard control plane for modern Layer 2 and Layer 3 virtualization.
BGP Link-State (RFC 7752)
Exporting IGP topology information to controllers for centralized traffic engineering.
BMP Monitoring (RFC 7854)
A protocol to monitor BGP sessions and peer information without impacting forwarding.