You use it every time you open a browser. You’ve probably never heard of it. And when it breaks, the internet breaks.
Introduction
The internet is not a single network. It’s a vast, chaotic collection of tens of thousands of independent networks — run by ISPs, universities, corporations, cloud providers, and governments — all somehow agreeing to talk to each other. What makes this possible? A single routing protocol called BGP: the Border Gateway Protocol.
BGP is often called the “glue of the internet.” It’s the system that decides how data finds its way from a server in Tokyo to a laptop in Kyiv — across dozens of networks, in milliseconds. It’s remarkably powerful, surprisingly old, and genuinely fragile in ways that should concern everyone.
What Problem Does BGP Solve?
Imagine you want to send a package from one city to another. Inside a city, a local courier knows every street. But between cities, you need a system where couriers from different companies share routing information: “To reach Chicago, hand packages to us. To reach Miami, use those guys over there.”
That’s exactly what BGP does — but for IP address blocks instead of cities.
The internet is divided into Autonomous Systems (AS) — independently managed networks, each identified by a unique AS Number (ASN). Google might be AS15169. Cloudflare is AS13335. Your ISP has its own ASN too.
BGP is the protocol these autonomous systems use to announce to each other:
- “I own these IP address ranges”
- “You can reach this network through me”
- “This path is X hops long and passes through these ASes”
Without BGP, autonomous systems would be isolated islands. With it, they form the interconnected web we call the internet.
A Brief History
BGP wasn’t born in a research lab. It was designed in 1989 on three napkins — literally. Engineers Kirk Lougheed and Yakov Rekhter sketched the original protocol at a conference, trying to replace a failing predecessor called EGP (Exterior Gateway Protocol).
The current version, BGP-4, was standardized in 1994 via RFC 1771 and later updated by RFC 4271 in 2006. Despite being over 30 years old, it remains the backbone of global internet routing — a testament to its elegant design, and a source of ongoing concern about its security.
How BGP Works
Establishing Peering Sessions
BGP operates over TCP port 179. Before exchanging any routing information, two BGP routers (called peers or neighbors) must establish a session. This can happen in two ways:
- eBGP (External BGP) — between routers in different autonomous systems. This is the “real” internet-level BGP.
- iBGP (Internal BGP) — between routers within the same autonomous system, to distribute external routing information internally.
The BGP Message Types
Once a session is established, peers exchange four types of messages:
| Message | Purpose |
|---|---|
OPEN | Initiates the BGP session, exchanges capabilities |
UPDATE | Announces new routes or withdraws old ones |
KEEPALIVE | Confirms the session is still alive |
NOTIFICATION | Reports errors and terminates the session |
Path Attributes and Route Selection
BGP doesn’t just learn routes — it learns paths, represented as sequences of AS numbers. For example:
192.0.2.0/24 AS_PATH: 15169 → 3356 → 1299 → 6939This tells a router: “To reach this IP block, traffic will pass through Google, Level3, Telia, and Hurricane Electric.”
When multiple paths exist to the same destination, BGP uses a path selection algorithm based on a series of attributes, evaluated in order:
- Weight (Cisco-specific, local preference)
- LOCAL_PREF — preferred exit point from your AS
- Locally originated routes — prefer routes you originated
- AS_PATH length — shorter is better
- ORIGIN — IGP > EGP > incomplete
- MED (Multi-Exit Discriminator) — hint to neighbors about preferred entry
- eBGP over iBGP
- IGP metric to next hop
- Router ID — tiebreaker of last resort
This makes BGP highly policy-driven. Network operators can manipulate these attributes to control how traffic flows — both into and out of their network.
BGP in Practice: The Internet Routing Table
Every major internet router maintains a BGP routing table (also called the global routing table or DFZ — Default-Free Zone). As of 2024, this table contains over 900,000 IPv4 prefixes and is growing steadily.
Each entry represents a block of IP addresses and the best path to reach it. Routers must process updates to this table in real time — when a network goes down, when a new AS peers with another, or when an operator changes routing policy.
This scale is one of BGP’s biggest challenges. Not every router can handle the full table; smaller routers often rely on a default route instead.
BGP Security: The Elephant in the Room
Here’s an uncomfortable truth: BGP was designed with zero built-in security. Any AS can announce any IP prefix, and by default, other ASes will believe it.
This has led to some spectacular failures.
BGP Hijacking
In a BGP hijack, a malicious (or misconfigured) AS announces IP prefixes it doesn’t own. Traffic destined for the legitimate owner gets redirected — sometimes to a black hole, sometimes to an eavesdropping server.
Famous examples:
- 2010 — China Telecom (AS23724) briefly announced routes for 15% of the internet’s IP space, redirecting traffic through China for about 18 minutes.
- 2018 — Routes for Amazon Route 53 DNS servers were hijacked to steal cryptocurrency from a DeFi platform.
- 2022 — A misconfiguration by Vodafone Germany caused widespread outages across Europe.
BGP Route Leaks
A route leak happens when an AS re-announces routes it shouldn’t — typically because of a misconfigured router. Unlike hijacks, leaks are usually accidental, but they can cause massive traffic shifts.
2019 — Cloudflare’s worst day: A small Pennsylvania ISP leaked Cloudflare’s routes to Verizon, which accepted and propagated them widely. Cloudflare became unreachable for much of the internet for about an hour.
The Fix: RPKI
Resource Public Key Infrastructure (RPKI) is the most widely adopted solution. It uses cryptographic certificates to bind IP address blocks to their legitimate AS owners. Routers that support RPKI can validate route announcements and reject invalid ones.
Adoption is growing but uneven. As of 2024, roughly 40-50% of global routes are covered by valid RPKI records — a major improvement, but still far from universal.
Other efforts include:
- BGPsec — cryptographic signing of full AS paths (RFC 8205), but complex to deploy
- MANRS (Mutually Agreed Norms for Routing Security) — an industry initiative promoting filtering and anti-spoofing
Real-World Architecture: How Traffic Actually Flows
Let’s trace a request from a user in Kyiv to a server in San Francisco:
[User] → [Ukrainian ISP (AS6849)]
→ [DE-CIX Frankfurt (Internet Exchange Point)]
→ [Cogent Communications (AS174)]
→ [Equinix San Jose (IXP)]
→ [Fastly CDN (AS54113)]
→ [Origin Server]Each arrow represents a BGP peering relationship. At Internet Exchange Points (IXPs) like DE-CIX, AMS-IX, or Equinix, hundreds of networks peer directly — bypassing transit providers and reducing latency.
BGP makes all of this possible by continuously exchanging reachability information so every AS knows the best path to every other AS.
Tools for Exploring BGP
If you want to observe BGP in the wild:
| Tool | What it does |
|---|---|
| BGP.he.net | Look up ASN info, prefixes, peering |
| RIPE RIS | Real-time BGP data from route collectors |
| BGPstream | Live and historical BGP event monitoring |
| RouteViews | Access to full BGP routing tables via telnet |
traceroute / mtr | Observe AS hops in real network paths |
For hands-on practice, tools like GNS3 or EVE-NG let you simulate BGP topologies locally using open-source routers like FRRouting or BIRD.
The Paradox of BGP
BGP is simultaneously:
- Ancient — designed in 1989, largely unchanged at its core
- Indispensable — there is no realistic replacement on the horizon
- Insecure by design — built on trust in an era when the internet was small and collaborative
- Remarkably resilient — it self-heals from most failures automatically
The internet’s continued operation depends on thousands of network engineers at competing companies cooperating, following best practices, and not making typos in router configurations. Most of the time, this works. When it doesn’t, the consequences can be global.
Conclusion
BGP is an engineering marvel that emerged from necessity rather than grand design. Three napkins in 1989 became the protocol that routes every packet across the global internet today. It scales to hundreds of thousands of routes, adapts to failures in seconds, and enables the complex web of peering relationships that make the modern internet possible.
But it also carries the vulnerabilities of its era: no authentication, no cryptographic verification, and an assumption of good faith that the modern internet can no longer afford to make.
Understanding BGP means understanding why the internet is as reliable as it is — and as fragile as it sometimes proves to be.