Border Gateway Protocol (BGP): A Comprehensive Guide

What is BGP?

BGP, or Border Gateway Protocol, is an exterior routing protocol designed to share routing information between autonomous systems on the internet.

Routing protocol

Routing refers to how a packet traverses a TCP/IP (transmission control protocol/internet protocol) network. TCP/IP is the standard communication protocol of the internet and most private networks.

A routing protocol establishes the path a data packet travels from source to destination. For example, routing protocols will establish the path from a laptop to google.com.

The common scenario is that an internal routing protocol such as Open Shortest Path First (OSPF) routes the packet. If google.com is not in the internal network, the packet is routed to the appropriate gateway. The gateway sends it out of the originating autonomous system to a gateway router in the connected autonomous system.

An external routing protocol sends the packet out of the gateway to the correct autonomous system.

Autonomous systems

An autonomous system (AS) is defined as a collection of connected IP routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet.

In reality, a public AS is a block of IP addresses assigned by the Internet Assigned Number Authority (IANA) to a specific organization. Each AS receives a number that is included in an IP header, and the numbeshows that the sending IP address belongs to the owner of the AS number. IANA is responsible for the global administration of IP addresses and AS number assignment. For example, Google’s AS is AS1569, and Google has over 14 million IP addresses.

BGP is the routing protocol used to interconnect autonomous systems.

In addition, there are also private AS numbers. Private AS numbers are used inside an organization’s private network—for example, to connect a private cloud to a public cloud router. These are similar to private IP addresses such as 192.168.1.0/24. They're never routed outside of a private network.

Types of routing protocols

Exterior

Exterior gateway protocols enable routing information exchange between autonomous systems. BGP is the only exterior protocol in general use.

Interior

Interior gateway protocols share routing information with routers and layer three switches within an AS. OSPF, ISIS, EGRIP, and RIP are examples of interior gateway protocols. BGP could be used as an interior protocol but BGP requires a full mesh topology, which becomes overwhelming to maintain.

Types of BGP and uses

Exterior BGP

Exterior BGP is used for exchanging routing information between autonomous systems. A primary use case is to connect an AS to other autonomous systems to make the IP range visible to the internet.

Additionally, EBGP can be used in conjunction with private AS numbers. A typical example is using them to connect a virtual private cloud to a cloud router. This enables route exchanges within a private IP space and the cloud.

Interior BGP

Internal BGP, or IBGP, is used when there are multiple paths egressing EGBP. IBGP allows edge routers to share routing information and attributes. Basically, IGBP enables redundant connections. This creates a backup if one egress router is down or has service issues. It also enables routing policies to determine the best destination path.

MP-BGP

Multiprotocol BGP is an IBGP that enables the distribution of address families. These can include layer 2 VPN, layer 3 VPN, multicast, and IPV6. One of its primary uses is to establish routing of private IP addresses over a service provider backbone. For example, different clients can use a 10.10.1.0/24 across an MPLS backplane without IP address conflicts.

How BGP works

Setup

BGP requires manual implementation. Unlike interior routing protocols, BGP has no auto discovery. The first step in peering is to establish a TCP session on port 179. Subsequently, the routers exchange open messages. These messages contain vital information such as ASNs. In addition, the routers send "keep alive" messages. The receipt of a "keep alive" establishes a session. Consequently, routers exchange routing information. Once BGP establishes the session, routes are exchanged. Accordingly, BGP uses updated messages to communicate any route changes.

Route selection

BGP Attributes

Attributes are information types. Significantly, BGP transmits attributes in the BGP header. It is important to realize there can be multiple routes to the same destination. Consequently, engineers adjust attribute values to influence route selection. Some attributes are vendor specific. For example, weight is a Cisco attribute. GivenCisco’s market dominance, many vendors support this attribute.

Attribute classification

Well-known mandatory

BGP peers universally recognize these attributes. In addition, routers pass them in every update message to peers. They include

• next hop,
• origin, and
• AS-PATH

Well-known discretionary

BGP peers universally recognize these attributes and pass them on. However, BGP discretionary are optional. They include

• local preference, and
• atomic aggregate.

Optional transitive

BGP peers may or may not use these. However, BGP peers pass them on to the next connected BGP router. They include

• aggregator, and
• community

Optional nontransitive

Local routers use these and do not pass them on. They include

• multi-exit discriminator MED
• originator ID, and
• cluster ID.

BGP algorithm

Border gateway protocol generally has multiple routes to the same destination. The BGP algorithm determines which is the preferred route.

Therefore, the process of manipulating attribute variables determines BGP route selection. For example, there may be a spike in traffic to a destination that causes network congestion on its preferred route. The following is the basic algorithm flow for path preference.

• highest Weight (Cisco to Cisco)
• highest L0CAL-PREF
• locally originated using network or aggregate command
• shortest AS-PATH
• lowest origin type
• lowest multi-exit discriminator
• EBGP paths over IBGP paths
• lowest IGP metric for BGP next hop (If multipath is configured, the routes are installed. However, if multipath is not configured, the process continues.)
• oldest external route (The algorithm prefers this, but BGP skips this step if it compares router ID or if they have the same router ID.)
• lower router ID (The router ID defaults to the interface with the highest IP address. However, one can manually configure the router ID.)
• shortest cluster list
• lower neighbor address

BGP offers very granular control over outbound traffic. However, influencing how traffic enters a network is much more difficult. It requires the remote peer to cooperate. Multihoming makes ingress route influencing far more difficult.

BGP multihoming

Multihoming is connecting the AS via BGP to two or more internet provider autonomous systems. Multihoming creates redundancy and mitigates risk. The risks mitigated include

• downtime caused by outages;
• network issues such as congestion, internal routing issues, or peering disputes;
• maintenance windows; and
• business policy changes.

However, multihoming can create problems with inbound traffic.

For example, an AS could be connected to Comcast ASN 7922 and AT&T ASN 7918. The sending AS could prefer AT&T when sending traffic to Google ASN1569 and try to influence the inbound packet to return via AT&T. However, Google could decide to limit traffic to AT&T and the return traffic via the Comcast ASN. This causes issues when the outside world decides to send too much traffic down one connection.

BGP security

Developers designed BGP with limited security considerations. They trusted that no one would send malicious routes. Significantly, BGP has no directly implemented security standards.

Equally important, there are over 10,000 ISPs globally. Each one has its own security issues. A major security risk is BGP hijacking. BGP hijacking is the illegitimate takeover of IP prefixes. Cyber bandits hack into BGP-enabled routers and send out poisoned routes. The prefixes maliciously route IP prefixes. Hijackers can direct routes to fake websites or use them to spam, spoof, or black hole them.

The first thing to remember is that BGP has no fully adopted security standard. Developers are evolving BGP SEC to enhance security. BGP SEC is a BGP extension. Basically, it replaces the AS-PATH attribute. In addition, BGP SEC provides public/private key authentication of update messages between peers.

However, BGP SEC requires universal deployment across the entire global BGP ecosphere. In addition, it places high overhead on routers. Moreover, the routing security community’s mutually agreed-upon norms recommend the following to enhance security and discover hacks:

• filter inbound and outbound BGP messages,
• facilitate the coordination among operators by publishing up-to-date contact information,
• facilitate the validation of announcement by keeping up-to-date IRR entries, and
• impede the propagation of illegitimate traffic by applying anti-spoofing techniques.

Summary

BGP is the internet routing protocol. Network engineers for large enterprises, service providers, and ISPs are its primary users. It enables the internet to locate their IP address space. In addition, border gateway protocol provides network backup, cloud router connections, and layer 2 VPN and layer 3 VPN routing functions.

Border gateway protocol makes the internet work. Therefore, internet-enabled digital transformation initiatives require routing stability. It's important that IT professionals involved in digital transmissions are familiar with BGP basics.