Easily administer network devices, monitor traffic, and manage device configurations in one place.
This article provides a high-level overview of BGP. It covers BGP’s components and explains their uses. Consequently, it will give readers a better understanding of the tasks of network engineers, facilitating better communication.
BGP, or Border Gateway Protocol, is an exterior routing protocol designed to share routing information between autonomous systems on the internet.
Routing refers to how a packet traverses a TCP/IP (transmission control protocol/internet protocol) network. TCP/IP is the standard communication protocol of the internet and most private networks.
A routing protocol establishes the path a data packet travels from source to destination. For example, routing protocols will establish the path from a laptop to google.com.
The common scenario is that an internal routing protocol such as Open Shortest Path First (OSPF) routes the packet. If google.com is not in the internal network, the packet is routed to the appropriate gateway. The gateway sends it out of the originating autonomous system to a gateway router in the connected autonomous system.
An external routing protocol sends the packet out of the gateway to the correct autonomous system.
An autonomous system (AS) is defined as a collection of connected IP routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet.
In reality, a public AS is a block of IP addresses assigned by the Internet Assigned Number Authority (IANA) to a specific organization. Each AS receives a number that is included in an IP header, and the numbeshows that the sending IP address belongs to the owner of the AS number. IANA is responsible for the global administration of IP addresses and AS number assignment. For example, Google’s AS is AS1569, and Google has over 14 million IP addresses.
BGP is the routing protocol used to interconnect autonomous systems.
In addition, there are also private AS numbers. Private AS numbers are used inside an organization’s private network—for example, to connect a private cloud to a public cloud router. These are similar to private IP addresses such as 192.168.1.0/24. They're never routed outside of a private network.
Exterior gateway protocols enable routing information exchange between autonomous systems. BGP is the only exterior protocol in general use.
Interior gateway protocols share routing information with routers and layer three switches within an AS. OSPF, ISIS, EGRIP, and RIP are examples of interior gateway protocols. BGP could be used as an interior protocol but BGP requires a full mesh topology, which becomes overwhelming to maintain.
Exterior BGP is used for exchanging routing information between autonomous systems. A primary use case is to connect an AS to other autonomous systems to make the IP range visible to the internet.
Additionally, EBGP can be used in conjunction with private AS numbers. A typical example is using them to connect a virtual private cloud to a cloud router. This enables route exchanges within a private IP space and the cloud.
Internal BGP, or IBGP, is used when there are multiple paths egressing EGBP. IBGP allows edge routers to share routing information and attributes. Basically, IGBP enables redundant connections. This creates a backup if one egress router is down or has service issues. It also enables routing policies to determine the best destination path.
Multiprotocol BGP is an IBGP that enables the distribution of address families. These can include layer 2 VPN, layer 3 VPN, multicast, and IPV6. One of its primary uses is to establish routing of private IP addresses over a service provider backbone. For example, different clients can use a 10.10.1.0/24 across an MPLS backplane without IP address conflicts.
BGP requires manual implementation. Unlike interior routing protocols, BGP has no auto discovery. The first step in peering is to establish a TCP session on port 179. Subsequently, the routers exchange open messages. These messages contain vital information such as ASNs. In addition, the routers send "keep alive" messages. The receipt of a "keep alive" establishes a session. Consequently, routers exchange routing information. Once BGP establishes the session, routes are exchanged. Accordingly, BGP uses updated messages to communicate any route changes.
Attributes are information types. Significantly, BGP transmits attributes in the BGP header. It is important to realize there can be multiple routes to the same destination. Consequently, engineers adjust attribute values to influence route selection. Some attributes are vendor specific. For example, weight is a Cisco attribute. GivenCisco’s market dominance, many vendors support this attribute.
BGP peers universally recognize these attributes. In addition, routers pass them in every update message to peers. They include
BGP peers universally recognize these attributes and pass them on. However, BGP discretionary are optional. They include
BGP peers may or may not use these. However, BGP peers pass them on to the next connected BGP router. They include
Local routers use these and do not pass them on. They include
Border gateway protocol generally has multiple routes to the same destination. The BGP algorithm determines which is the preferred route.
Therefore, the process of manipulating attribute variables determines BGP route selection. For example, there may be a spike in traffic to a destination that causes network congestion on its preferred route. The following is the basic algorithm flow for path preference.
BGP offers very granular control over outbound traffic. However, influencing how traffic enters a network is much more difficult. It requires the remote peer to cooperate. Multihoming makes ingress route influencing far more difficult.
Multihoming is connecting the AS via BGP to two or more internet provider autonomous systems. Multihoming creates redundancy and mitigates risk. The risks mitigated include
However, multihoming can create problems with inbound traffic.
For example, an AS could be connected to Comcast ASN 7922 and AT&T ASN 7918. The sending AS could prefer AT&T when sending traffic to Google ASN1569 and try to influence the inbound packet to return via AT&T. However, Google could decide to limit traffic to AT&T and the return traffic via the Comcast ASN. This causes issues when the outside world decides to send too much traffic down one connection.
Developers designed BGP with limited security considerations. They trusted that no one would send malicious routes. Significantly, BGP has no directly implemented security standards.
Equally important, there are over 10,000 ISPs globally. Each one has its own security issues. A major security risk is BGP hijacking. BGP hijacking is the illegitimate takeover of IP prefixes. Cyber bandits hack into BGP-enabled routers and send out poisoned routes. The prefixes maliciously route IP prefixes. Hijackers can direct routes to fake websites or use them to spam, spoof, or black hole them.
The first thing to remember is that BGP has no fully adopted security standard. Developers are evolving BGP SEC to enhance security. BGP SEC is a BGP extension. Basically, it replaces the AS-PATH attribute. In addition, BGP SEC provides public/private key authentication of update messages between peers.
However, BGP SEC requires universal deployment across the entire global BGP ecosphere. In addition, it places high overhead on routers. Moreover, the routing security community’s mutually agreed-upon norms recommend the following to enhance security and discover hacks:
BGP is the internet routing protocol. Network engineers for large enterprises, service providers, and ISPs are its primary users. It enables the internet to locate their IP address space. In addition, border gateway protocol provides network backup, cloud router connections, and layer 2 VPN and layer 3 VPN routing functions.
Border gateway protocol makes the internet work. Therefore, internet-enabled digital transformation initiatives require routing stability. It's important that IT professionals involved in digital transmissions are familiar with BGP basics.
Learn what is BGP hijacks and insecurities. Detect and avoid BGP hijacks and maintain the security of your network infrastructure.➤
Apache Tomcat is an open-source web server and servlet container used to run Java-based HTTP applications. In this article, you will learn how to monitor its performance to keep memory and CPU utilization in check, assess server status in real time, detect potential issues before they occur, and prevent downtime.➤
Write for Site24x7 is a special writing program that supports writers who create content for Site24x7 “Learn” portal. Get paid for your writing.Apply Now