BGP

BGP. The Border Gateway Protocol is the standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems on the Internet. It is classified as a path vector protocol and is a critical component of the global routing system, enabling data packets to traverse multiple networks managed by different organizations. The protocol's primary function is to maintain a table of IP network prefixes which designate network reachability between autonomous systems, making it essential for the interconnectivity of the worldwide web.

Overview

BGP was created to replace the earlier Exterior Gateway Protocol and was first defined in RFC 1105 in 1989. Its development and standardization have been managed by the Internet Engineering Task Force through numerous subsequent Request for Comments documents. The protocol operates by establishing persistent Transmission Control Protocol sessions between BGP speakers in different autonomous systems, which are often large Internet service providers, content delivery networks, or major enterprise networks. Key concepts within BGP include the Autonomous System Number, IP prefix advertisements, and the complex set of routing policy decisions that influence path selection based on attributes like the AS_PATH.

Technical operation

BGP peers exchange routing information through messages defined by the protocol, primarily UPDATE messages which contain Network Layer Reachability Information. A fundamental operation is the construction and maintenance of the BGP routing table, which is separate from a router's forwarding information base. Path selection is governed by a multi-step decision process that evaluates attributes such as LOCAL_PREF, MULTI_EXIT_DISC, and the origin type. The protocol uses TCP port 179 for its sessions and employs mechanisms like route reflection and BGP confederations to improve scalability within large networks, avoiding the need for a full mesh topology.

Security and vulnerabilities

The security of BGP has been a longstanding concern due to its inherent trust model. Major incidents like the Pakistan Telecom hijack of YouTube traffic in 2008 have highlighted risks such as route hijacking and IP prefix hijacking. Other vulnerabilities include BGP route leaks, where incorrect routing information is propagated, and potential attacks on the TCP session itself. To mitigate these issues, extensions like the Resource Public Key Infrastructure framework and BGPsec have been developed to provide origin validation and path security. Operational best practices, including prefix filtering and coordination through Internet Routing Registry databases, are also critical defenses.

Deployment and configuration

Deploying BGP requires coordination with an Internet registry like ARIN or RIPE NCC to obtain an Autonomous System Number. Configuration is performed on routers from vendors such as Cisco Systems, Juniper Networks, and Huawei, involving the establishment of BGP sessions with upstream providers and peers. Common configurations include setting route filtering policies, tuning attributes like LOCAL_PREF, and implementing route dampening. Large-scale deployments by Tier 1 networks and Internet exchange points involve complex routing policy configurations to manage traffic flows and adhere to commercial peering agreements.

BGP extensions and enhancements

To address evolving network requirements, several extensions to BGP have been standardized. Multiprotocol BGP extensions allow the protocol to carry routing information for other address families, such as MPLS VPN routes and IPv6 prefixes, which was crucial for the deployment of the 6bone pilot network. Other enhancements include BGP Flow Specification for distributed denial-of-service mitigation, BGP Add-Path for improved path diversity, and BGP Link-State for integration with Software-Defined Networking architectures like those used in the I2RS framework.