What Is BGP

BGP (Border Gateway Protocol) is the protocol that different networks, called autonomous systems (ASes), use to exchange routing information across the internet. The internet consists of tens of thousands of ASes interconnected with each other, and BGP is responsible for communicating which paths lead to which networks at each interconnection point.

When you access a website, your packets traverse multiple ISP and carrier networks to reach their destination. BGP is what determines this path. If BGP stops functioning correctly, packets cannot reach their destinations, and the entire internet breaks down. Often called the "road signs of the internet," BGP is one of the most critical protocols underpinning global routing.

AS Numbers and Route Selection

An AS (Autonomous System) is a collection of networks operated by a single administrative entity. Each AS is assigned a unique AS number (ASN) by IANA (Internet Assigned Numbers Authority). For example, Google operates AS15169 and Amazon operates AS16509.

BGP routers connect to neighboring AS routers via TCP port 179 and advertise the network prefixes (IP address ranges) they can reach. The receiving router evaluates multiple candidate routes based on attributes such as AS path length, local preference, and MED (Multi-Exit Discriminator) to select the optimal path.

The number of ASes traversed. Shorter paths are preferred. AS path prepending is a technique to intentionally lengthen the path and lower a route's priority.

A priority value set within an AS. Higher values are preferred. Used to prefer peering routes over paid transit routes.

An attribute that tells a neighboring AS which entry point to prefer. Used to control traffic ingress when multiple interconnection points exist.

BGP route selection is not simply shortest-path routing. It reflects business relationships (peering, transit), cost considerations, and traffic engineering policies.

BGP Hijacking - When Routes Get Stolen

A BGP hijack occurs when an attacker illegitimately advertises IP prefixes that do not belong to them, diverting traffic to their network. By design, BGP has no mechanism to verify the legitimacy of route advertisements, so malicious announcements propagate unchecked.

2008 YouTube Incident: A Pakistani ISP advertised a more specific route (/24) for YouTube's IP prefix, causing YouTube traffic worldwide to be routed to Pakistan. YouTube was inaccessible globally for approximately 2 hours.
2018 Amazon Route 53 Incident: A BGP hijack redirected traffic for Amazon's DNS service to attackers, who used it to direct cryptocurrency exchange users to phishing sites. Approximately $150,000 in cryptocurrency was stolen.
2021 Facebook Outage: Facebook accidentally withdrew its own BGP route advertisements, making Facebook, Instagram, and WhatsApp inaccessible worldwide for about 6 hours.

BGP hijacks occur not only as deliberate attacks but also frequently as accidents caused by operator misconfiguration (route leaks). In 2019, a Chinese ISP's misconfiguration caused European traffic to be rerouted through China.

RPKI - Cryptographic Route Validation

RPKI (Resource Public Key Infrastructure) is a framework for cryptographically verifying that BGP route advertisements originate from authorized ASes. IP prefix holders issue ROAs (Route Origin Authorizations) declaring which AS is authorized to advertise a given prefix.

BGP routers compare received route advertisements against ROAs and classify them into three states:

Matches a ROA. Accepted as a legitimate advertisement.

Contradicts a ROA. Likely illegitimate and recommended for rejection.

No ROA exists. Accepted as before, but without the benefit of validation.

RPKI adoption is steadily growing, with approximately 50% of global IP prefixes covered by ROAs as of 2024. Major providers including Cloudflare, Google, and Amazon reject Invalid routes. However, many routes remain in the Not Found state, so complete protection has not yet been achieved. Combining RPKI with IRR filtering and BGPsec is recommended for comprehensive defense.

BGP and Your Everyday Internet Experience

While regular users never interact with BGP directly, its operation significantly affects internet experience. Whether an ISP optimizes its BGP routing can make a noticeable difference in access speeds to overseas websites, even on the same connection plan.

Running a traceroute command reveals the ASes your packets traverse. More AS hops generally mean higher latency, demonstrating how BGP route selection directly impacts performance.

When a major BGP incident occurs, entire regions or services can "disappear" from the internet. BGP routing data is publicly available in real time through projects like RIPE RIS and RouteViews, which are used to detect network outages and hijacking attempts, supporting internet transparency.

Common Misconceptions

BGP determines internet speed: BGP determines which path traffic takes, not the bandwidth or speed of the connection itself. However, route selection indirectly affects latency and throughput by determining how many ASes packets traverse and the quality of those networks.
BGP hijacking requires advanced technical skills: Any network operator with an AS number can technically execute a BGP hijack simply by sending an illegitimate route advertisement. BGP was not designed to verify the legitimacy of advertisements. In fact, many BGP hijacks are accidental misconfigurations rather than deliberate attacks.
RPKI completely prevents BGP hijacking: RPKI verifies the origin AS of a route but cannot detect tampering with the AS path itself. Prefixes without ROAs remain unprotected. RPKI is an important defense layer but does not provide complete protection on its own.

BGP (Border Gateway Protocol)