BGP.KMCD.DEV
Global Routing Telemetry
Understanding BGP
The Postal Service of the Web
The Border Gateway Protocol (BGP) is the routing protocol of the internet. It acts like the postal service for the web, allowing different networks (Autonomous Systems or ASes) to announce which IP addresses they control and discover the most efficient paths to send data to each other. Because BGP relies on trust, it is vulnerable to misconfigurations or malicious attacks known as Route Hijacks.
IP Prefixes & Subnetting
In BGP, we don't route individual IPs, but Prefixes (blocks of addresses). A prefix like 192.0.2.0/24 represents 256 addresses.
- Specific (/24): A "small" prefix. BGP always prefers the most specific route. A hijacker announcing a /24 can "steal" traffic from a larger /23 announcement.
- Aggregate (/8): A "large" prefix covering millions of IPs. Used to keep the global routing table manageable.
Autonomous System (AS)
A large network or group of networks under a single administrative control. Every major entity on the internet (Google, Comcast, CERN) is assigned a unique ASN to identify itself in the global BGP table.
Peering vs Transit
Peering is a direct connection between ASes to exchange traffic. Transit is when a network pays a provider to carry its traffic to the rest of the global internet.
BGP Sessions & Peering
Two ASes establish a session to exchange routing information. This "peering" is the handshake that allows data to flow across corporate and national networks.
The Global Routing Table
Often called the Default-Free Zone (DFZ), this is the master list of all known IP prefixes and the best paths to reach them globally.
Path Selection
A BGP Path is the specific chain of Autonomous Systems that data follows as it moves across the global internet. Since the web is a "network of networks," there are often dozens of different ways to reach the same destination. BGP's job is to evaluate all those choices and pick the single "best" route from the list.
BGP makes routing decisions based on network policy. These choices are driven by business relationships, cost, and the overall health of the path. You can see these real-world routing decisions in action using Cloudflare Radar or by looking at the global routing table through RouteViews.
How BGP Chooses a Route
- 01 Local Preference: The primary way networks prioritize outbound paths, often preferring free peering over paid transit.
- 02 AS Path Length: A tie-breaker that prefers the shortest chain of networks.
- 03 Origin Type: Routes that start from within the network are trusted more than those from outside.
- 04 MED: A technical hint used to tell a neighboring network which entry point into your network is preferred.
- 05 External vs Internal: BGP prefers routes learned from external neighbors (eBGP) over those learned internally (iBGP).
Path selection is a deliberate choice negotiated by network operators. These policies are vital for managing transit costs and maintaining link reliability across the Internet.
BGP Communities
Metadata "tags" attached to routes that signal instructions to upstream peers. Standardized via RFC 1997 and RFC 4360.
- Blackholing: Used for DDoS mitigation.
Example:
65535:666(RTBH) - Traffic Steering: Influencing path priority.
Example:
ASN:70(Set Local-Pref 70) - Scoping: Preventing regional leakage.
Example:
NO_EXPORT(RFC 1997)
Network Tooling & Resources
A Looking Glass allows engineers to view the routing table from the perspective of a specific remote router.
- Cloudflare Radar
Real-time insights into internet traffic, security, and routing patterns globally.
- PeeringDB
The industry-standard database for peering locations and network interconnection data.
- HE BGP Toolkit
Extensive BGP routing information, including AS details, prefix propagation, and path history.
- RouteViews
A global project providing real-time BGP data to researchers since 1995 via dozens of collectors.
- RIPE NCC RIS
The Routing Information Service collects and stores BGP routing updates from over 600 peer sessions.
Anatomy of a BGP Update
| Attribute | Value |
|---|---|
| TYPE | UPDATE (Announcement) |
| PEER ASN | 199524 |
| AS PATH | AS199524AS1299AS7922AS46427AS64289 |
| COMMUNITIES | 1299:30000, 7922:101 |
| NEXT HOP | 2001:504:1::a519:9524:1 |
| PREFIXES | 2a14:3f87:9800::/38 |
The AS PATH attribute shows the chain of networks this update traversed. Each network that receives this update will append its own ASN to the beginning of this list before passing it on. In this example, traffic flows through AS199524 then AS1299 and so on until it reaches the destination.
Networks use COMMUNITIES to tag routes with handling instructions. These tags can prevent advertisements to certain regions or signal DDoS mitigation. The prefixes represent the actual IP ranges being made reachable by this announcement.
| Attribute | Value |
|---|---|
| TYPE | UPDATE (Withdrawal) |
| PEER ASN | 19151 |
| WITHDRAWALS | 199.199.238.0/23 204.221.20.0/24 206.10.88.0/22 |
A withdrawal message removes prefixes from the global routing table immediately. This happens when a network link goes down or a peering session is disconnected.
Unlike an announcement that builds a path, a withdrawal lists prefixes that are no longer reachable through this peer. Large bursts of withdrawals are often the first sign of major fiber cuts or data center outages.
BGP in Action
To truly understand BGP, you must see it in motion. Use the simulation below to walk through the lifecycle of a route. Starting from its initial announcement and path selection across the global internet mesh, to handling failures and anycast failover.
1. Announcing
The Origin AS 'announces' its IP space. Routers propagate this information so that every network knows the path back to the origin.
References
Advanced BGP Topics
Explore the complex protocols and architectural standards built on top of BGP's extensible framework.