BGP Routing Basics: How the Internet Finds Its Way
BGP Routing Basics: How the Internet Finds Its Way
The internet you use every day isn’t one giant network. It’s tens of thousands of independent networks exchanging data with each other. The protocol that makes this possible — the one that helps all these networks find paths to each other — is BGP (Border Gateway Protocol).
How the Internet Is Connected
The internet is a collection of network units called Autonomous Systems (AS). Each ISP, large enterprise, cloud provider, and university operates its own AS, and these interconnected systems form the global internet. Today, there are over 70,000 active ASes worldwide.
What Is an Autonomous System?
An AS is a collection of IP networks and routers managed by a single organization. Each AS is assigned a unique ASN (Autonomous System Number). For example, AT&T uses AS7018, Cloudflare uses AS13335, and Google uses AS15169. ASNs are managed by IANA and allocated through Regional Internet Registries (RIRs).
How BGP Works
BGP is the protocol that ASes use to exchange route information with each other. Each AS’s BGP router advertises the network paths it knows about to its neighboring ASes.
Route Information Exchange
BGP routers establish TCP connections (port 179) with their peers and share the IP prefixes they can reach along with path attributes. For example: “To reach 203.0.113.0/24, go through AS64501 then AS64502.”
Choosing the Best Path
When multiple paths exist to a destination, BGP selects the optimal route. The key criteria are:
| Priority | Criterion | Description |
|---|---|---|
| 1 | Local Preference | Administrator-defined priority |
| 2 | AS-path length | Fewer ASes in the path is preferred |
| 3 | Origin type | IGP > EGP > Incomplete |
| 4 | MED | Entry point preference for the same AS |
eBGP vs iBGP
- eBGP (External BGP): BGP sessions between different ASes. This is how ASes exchange routes across the internet.
- iBGP (Internal BGP): BGP sessions within the same AS. Used to distribute externally-learned routes to internal routers.
BGP Path Selection — An Example
Imagine a user in London wants to reach a server in the US. Their ISP (AS-A) knows about multiple routes via BGP:
- Path 1: AS-A → AS-B → AS-C (AS-path length: 2)
- Path 2: AS-A → AS-D → AS-E → AS-C (AS-path length: 3)
Without any special policy, Path 1 wins because it has a shorter AS-path. However, if the administrator sets a higher Local Preference for Path 2, it will be chosen despite the longer AS-path — policy overrides path length.
BGP Hijacking
The biggest vulnerability in BGP is that it’s fundamentally a trust-based protocol. There’s no built-in mechanism to verify whether an AS is actually authorized to announce a given route.
What Is BGP Hijacking?
When a malicious or misconfigured AS announces IP prefixes that don’t belong to it, traffic destined for those prefixes gets routed to the wrong place. This is called BGP hijacking, and it can be used to intercept, blackhole, or redirect traffic.
Famous Case: Pakistan’s YouTube Blackout (2008)
In 2008, the Pakistani government ordered Pakistan Telecom to block YouTube domestically. Pakistan Telecom responded by announcing YouTube’s IP prefix (208.65.153.0/24) as its own. The false route leaked to upstream providers and propagated globally, making YouTube unreachable worldwide for approximately two hours. A local censorship action turned into a global outage.
Defending with RPKI
RPKI (Resource Public Key Infrastructure) is a cryptographic framework that validates the association between IP prefixes and ASNs. Through ROA (Route Origin Authorization) records, networks can verify that “this IP prefix may only be announced by this ASN.” RPKI adoption is growing globally, but coverage is not yet universal.
ASN and Whois
A Whois lookup reveals the ASN, network range, and managing organization for any IP address. This information is essential for network troubleshooting, security analysis, and identifying the origin of traffic.
With ip.utilo.kr’s Whois tool, you can look up any IP address and instantly see its ASN, network range, registrar, and more.
Why This Matters to Everyone
BGP isn’t just for network engineers. BGP incidents directly affect everyday internet users:
- Major internet outages: The 2021 Facebook outage, multiple Cloudflare incidents, and many other high-profile disruptions originated from BGP misconfigurations.
- Understanding security threats: When you read about BGP hijacking in the news, you can assess whether your data may have been exposed.
- Understanding the internet’s structure: Knowing how BGP works explains why the internet isn’t perfect and why outages happen despite redundancy.
Wrapping Up
BGP is the protocol that holds the internet together. Tens of thousands of autonomous systems exchange routes through BGP, and data follows the best available path to its destination. But BGP’s trust-based design creates real risks — hijacking can redirect traffic at a global scale. Security frameworks like RPKI are steadily gaining adoption, but full protection is still a work in progress.
Curious which AS your IP belongs to? Check your IP’s ASN and network info →
Related posts: Whois Lookup Guide | Network Security Basics | CIDR Notation Guide