AS and BGP

Autonomous Systems

The Internet (with a capital I) is a huge mesh of networks of networks. Within the networks are a more sub-networks, or IP addresses belonging to the network.

Internet topography
https://www.cloudflare.com/learning/security/glossary/what-is-bgp/

An AS, or Autonomous System, is a collection of IP addresses that are logically grouped together to form a network. When one machine in one network wants to send a message to a machine in another network, it has to go from AS to AS. In a sense, the AS is the post office who is responsible for either delivering messages to the IP addresses under his purview, and also to pass messages along to other post offices.

An AS is typically owned by a large enough corporation, organization, or institute, that has a large enough IP address group to form a AS block. Examples of such organizations are ISPs or universities.

BGP

As there are many ASes around the world, when machines in different AS wants to talk to each other, they must find the most optimal route for sending the message. This information of optimal route is communicated across ASes using Border Gateway Protocol, or BGP.

Optimal in this cases does not always mean the shortest path, but also the allowed path. Some ASes are owned by private companies, and have their own restrictions to the traffic that is following in and out of it.

ASN

As new AS comes about or becomes unavailable, the ASes must be kept up to date with the latest most optimal BGP information. For an AS to talk to one another to pass and receive the updated BGP information, it needs an AS Number, or ASN.

The ASN is assigned from Internet Assigned Numbers Authority (IANA) to Regional Internet Registries (RIR), which then assigns the ASN to the AS. These ASNs are 16 bit or 32 bit numbers.

Internal and External BGP

When communication of routing information occurs between peers across different ASes, it uses External BGP, or eBGP. When communication of routing information occurs between peers within the same AS, it uses Internal BGP, or iBGP.

Only ASes that uses eBGP requires an ASN to communicate with each other. ASes that only uses iBGP does not require an ASN.

BGP Routers

The routers on the boundary of the AS communicating via eBGP with other ASes are known as borders, edge routers, BGP peers, or BGP routers. Regardless of iBGP or eBGP, communication between BGP routers happen over TCP, port 179.

These BGP routers have 3 types of routing tables that store different kinds of information

  1. BGP Neighbor Table
    • Information contain the neighboring BGP routers
  2. BGP Table
    • Contains all routes from all neighbors
  3. BGP Routing Table
    • Contains only the best routes from the BGP table
    • After BGP has decided which route its the most optimal from the BGP table, it is placed into the BGP Routing Table

How BGP can fail and break the Internet

If a BGP router accidentally broadcasts wrong routing information to its neighbors, and it gets transmitted further across the world, it can have wide reaching effects and damages.

One example was in 2004, where an ISP in Turkey accidently broadcasted information to state that it was the best destination for all traffic on the internet. When the BGP routers passed this information to all other ASes, all their internet traffic got routed to the ISP.

Also when a country tries to block a certain website by blocking a BGP route, accidentally broadcasting this information across ASes can lead to multiple users across the internet being blocked unintentionally.

BGP can also be intentionally hacked to advertise bad routes, and rerouting the data to malicious endpoints. The act of doing so is called BGP hijacking.

These incidents happen because the BGP relies on trust, and there is no verification process that occurs when information is shared between ASes. This makes the internet an inherently fragile place.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s