BGP.KMCD.DEV

Global Routing Telemetry

Live Telemetry Stream

Understanding BGP

The Border Gateway Protocol (BGP) is the routing protocol of the internet. It acts like the postal service for the web, allowing different networks (Autonomous Systems or ASes) to announce which IP addresses they control and discover the most efficient paths to send data to each other. Because BGP relies on trust, it is vulnerable to misconfigurations or malicious attacks known as Route Hijacks.

1. Announcing

The Origin AS 'announces' its IP space. Routers propagate this information so that every network knows the path back to the origin.

2. Routing

Data follows the established paths. BGP selects the shortest route to reach the destination AS.

3. Withdrawals

When an origin AS goes offline, it sends a 'withdrawal' message. Routers propagate this to stop traffic from being sent down the dead path.

4. Asymmetric Routing

In BGP, the path taken to reach a destination may differ from the path taken for return traffic. This is normal but can complicate troubleshooting.

5. Multipath (ECMP)

Equal-Cost Multi-Path (ECMP) allows a router to distribute traffic across multiple best-paths simultaneously for better load balancing.

Advanced BGP Topics

Explore the complex protocols and architectural standards built on top of BGP's extensible framework.

Path & Scalability

Route Reflection (RFC 4456)
Eliminates the need for a full iBGP mesh by using reflectors to propagate internal routes.
BGP ADD-PATH (RFC 7911)
Allows advertising multiple paths for the same prefix to enable better ECMP and faster convergence.
BGP PIC
Prefix Independent Convergence allows millisecond failover by using pre-calculated backup paths.
Confederations (RFC 5065)
Dividing a large AS into smaller sub-ASs to simplify management and reduce peering overhead.

Security & Integrity

BGPsec (RFC 8205)
Full path signing. Rarely deployed due to high CPU load; RPKI is the preferred modern alternative.
BGP OPSEC (RFC 7454)
Best practices for securing BGP sessions including TTL security and prefix filtering.
RPKI Validation
Cryptographic verification that an AS is authorized to originate specific IP prefixes.

Traffic Engineering & Resiliency

BGP FlowSpec (RFC 5575)
Propagating firewall-like traffic filtering rules across AS boundaries for DDoS mitigation.
Segment Routing (SR)
Steering traffic using source-routing instructions, often distributed via BGP (SR-TE).
Graceful Restart (RFC 4724)
Mechanism to maintain packet forwarding during a BGP control-plane restart.

Modern Overlays

EVPN (RFC 7432)
The industry standard control plane for modern Layer 2 and Layer 3 virtualization.
BGP Link-State (RFC 7752)
Exporting IGP topology information to controllers for centralized traffic engineering.
BMP Monitoring (RFC 7854)
A protocol to monitor BGP sessions and peer information without impacting forwarding.