Border Gateway Protocol

Border Gateway Protocol (BGP) distributes Routing information, enabling routers to connect users with specific IP address prefixes.

Overview[edit | edit source]

BGP is designed to exchange routing and reachability information between Autonomous Systems on the Internet. Each BGP peer exchanges routing information with its neighboring peers in the form of network prefix announcements.[1] The BGP decision-making mechanism analyzes the data and selects one peer as the next hop for forwarding packets to their destination. Each peer manages a table with all the routes it knows for each network and propagates that information to its neighboring autonomous systems. An AS collects all the routing information from its neighbors and advertises it internally. As multiple routes exist for each destination, BGP determines the most suitable one according to the information collected and an IRR's routing policy.

History[edit | edit source]

In June 1990, the specifications and applications of BGP were originally defined in RFC 1163 and RFC 1164, and the latest version, outlined in RFC 1771, was shared in January 2006.

Security Issues[edit | edit source]

  • BGP Hijacking - when a device announces a victim’s prefixes to reroute traffic to or through itself, potentially allowing attackers to access unencrypted information, launch spam campaigns, or bypass blocklist mitigation. When an AS announces a route to IP prefixes that it does not actually control and this announcement is not filtered (for instance, by Ads.txt), it can be added to routing tables in BGP routers across the Internet. BGP always favors the shortest, most specific path to a desired IP address. BGP hijackers' route announcements either offer more specific routes with a smaller range of IP addresses or shorter routes.[2]
  • Route Manipulation - when a device alters the content of a BGP table, preventing traffic from reaching the intended destination.
  • DoS Attack - when a device sends unexpected traffic to a victim, exhausting all resources and rendering the target system incapable of processing valid traffic.
  • BGP Route Leak - when (generally accidental) misconfigurations redirect traffic through an unintended path that may enable eavesdropping or traffic analysis and result in an overload or black hole.[3]

References[edit | edit source]