Border Gateway Protocol (BGP)

by Sam Heckle

Border gateway protocol (and will subsequently be referred to as BGP) is the duct tape of the internet. But to really understand what BGP is we need to define a few other things.

Autonomous System (AS)

Firstly we need to establish the hierarchy of the internet. At the top most level we have The Internet which is a network of networks. This includes but is absolutely not limited by: the network that is your home system (so your wifi with encompassing infrastructure such as your router and modem), networks controlled by your internet service provider (ISP, such as Comcast or Spectrum), or even your school or work network. Effectively, every single device connected to the internet is connected to an autonomous system.

a flowchart with 3 layers. the topmost layer is a box titled "the internet" that feeds into the second layer composed of 4 boxes, each titled "autonomous system #" that are numbered 1-4. The third layer is composed of purple boxes with the text "ip address" inside of them. there are 3 purple boxes connected to the first autonomous system, 1 purple box connected to the second autonomous system, 2 purple boxes connected to the third autonomous system, and 3 purple boxes connected to the fourth autonomous system.

An autonomous system in this case operates as a set of protocols, but it is also a generic term for an independent network.

An image of the globe that has 7 clusters. Each cluster has a central node and 6 expanding nodes. Of each cluster, there is one node selected with a color and has a name such as AS13335 and is highlighted orange.

However, what we are explicitly looking at is how data is transferred between each autonomous system. How do we get information from here:

the same 3 layer flowchart with internet, autonomous systems and ip addresses with the bottommost ip address highlighted in red.

To here:

the same 3 layer flowchart with internet, autonomous systems and ip addresses with the topmost ip address highlighted in red.

Well, BGP is effectively this:

the same 3 layer flowchart with internet, autonomous systems and ip addresses with the connections between the internet and autonomous systems highlighted in red.

To reiterate, BGP is the duct tape. Another analogy would be each autonomous system is a highway exit, where each IP address is a location on that exit route. BGP operates as the highway that connects each exit to another.

BGP vs. IP

Internet protocol (IP) is different from border gateway protocol because the IP address is the destination and BGP is the journey. Again, BGP is the freeway that gets us from one place to another.

BGP and AS

So, border gateway protocol is the set of rules that autonomous systems use to direct data packets to the correct destination in the fastest possible route. The destination will not always be within the same AS, might need to cross multiple autonomous systems to get there. The data packet can and will jump across networks. In order to understand how BGP and AS interact with each other, we also need to understand how each element of an autonomous system knows about another autonomous system. To reiterate, each autonomous system knows the exact IP addresses it controls, which is called the “IP address space”.  What each AS does not know is how it is connected to other autonomous systems. This is what BGP handles. BGP knows which AS connects to other AS, which is defined as a “Next Hop” attribute.

An example of routing table attributes and information. The text shows a screenshot from a terminal that has a table that lists "network", "next hop", and "metric locprf weight path".
an example of a BGP file output

Every time that a network (AS) is updated, or goes down, or a new one comes up, the route between neighboring autonomous systems changes. This can happen when there is a power outage in an area, or if there are system issues related to an ISP.  Similar to an exit closure on a highway! The BGP registers the failed hop, and subsequently updates the routing tables where each packet should go after the route itself is updated. 

image of an led road sign that says in orange text: "use alt routes"

How does BGP actually work?

And, how is BGP actually represented? As pictured above, it is effectively a table that shows the current network, and the places that that data can go to from the current network. To do this, effectively BGP is a finite state machine, meaning it does a specific set of computations which ultimately changes the state of the operation. There are six states in BGP: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. BGP is inherently a program that exists on each device that connects other devices to the internet (eg. router), and these are called “BGP-speaking devices”. For example, your home router is connected to the internet via an ISP will has its own routing table, but the default route connects it to an overarching set of rules that your ISP manages. However, your home router does not have its own BGP since it takes up too much memory. Instead, it is directed to your ISP BGP router which manages all the connections.

An interesting aside – BGP does not have a broader specific certification as of now and can be relatively insecure. But, Cloudflare has created a certification to validate that each AS that is logged in a BGP is secure. I personally will not go into this too much, but you can read about the certification here, along with a list of Internet Service Providers that are / are not secure here.

What does this have to do with the internet?

So, what does this have to do with the internet as a whole? As you might have guessed, and to reiterate, border gateway protocol is the duct tape of the internet, connecting all of the data pertaining to the IP addresses, and wires them together in a route table. This table has a list of several IP ranges. Each router exists as an IP address, and they each have their own BGP that stores all of the information of where each IP address goes and the fastest way to get there.

What about Facebook (now called Meta)?

In October 2021 (right before this explainer was written), Facebook went down for an entire day. Every app they own, from Facebook, to Instagram, to Whatsapp, to their authentication for their employees was down. Facebook has its own autonomous system that they own and operate themselves. So, they also maintain their own BGP rules. Somehow, someone updated a rule that connected the IP addresses (that point to facebook.com), to their “Next Hop”. Their entire AS was effectively disconnected from the broader network of the internet.  Now we know what this is on a technical level, but the press release described it as “a command was issued with the intention to assess the availability of global backbone capacity, which unintentionally took down all the connections in our backbone network, effectively disconnecting Facebook data centers globally”. Someone had gone in, changed the routing table (read, BGP), and had completely removed all of the paths that connected Facebook’s autonomous systems to the web. 

Conclusion

Hopefully you are now a little bit more well versed in border gateway protocol!

References:

https://www.cloudflare.com/learning/network-layer/what-is-an-autonomous-system/

https://jvns.ca/blog/2021/10/05/tools-to-look-at-bgp-routes/

https://web.archive.org/web/20130928115120/http://www.orbit-computer-solutions.com/BGP.php

https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/

https://ipcisco.com/lesson/bgp-path-attributes-origin/

https://www.youtube.com/watch?v=wHfYUbKNEyc

https://www.techrepublic.com/article/understanding-routing-tables/