how/network

BGP: how the internet agrees on routes

Thousands of independent networks (AS) make up the internet. No one knows the whole map. Each AS just tells its neighbors what it can reach. Out of that comes all the routing on the planet.

The internet is not one big router. It is ~100,000 independent networks, each with its own operator (Google, Cloudflare, your ISP, a bank's corporate network). Each such network is called an AS (Autonomous System) and has its own number.

Between AS runs BGP (Border Gateway Protocol), the protocol that AS use to tell each other which prefixes they can deliver and over what path. From these announcements each AS builds its own picture of "how to reach any prefix in the internet".

Press ▶ to watch one prefix 1.1.1.0/24 spread across a network of 5 AS, and how AS_PATH becomes the criterion for path selection.

step 1/7·00 · AS1 owns the prefix, the others do not know it

§ steps

AS1 is, for example, Cloudflare. They have the prefix 1.1.1.0/24. They are its owner and can officially announce it anywhere.

The other 4 AS do not yet know how to reach it. Their [[routing-table|routing tables]] hold no route to this prefix. Until BGP announcements start, the internet does not know about 1.1.1.0/24.

recap

What to remember:

AS = an independent network with its own number (16-bit or 32-bit). A large company can have many AS: AWS uses AS16509, AS14618, and dozens more for different regions
BGP UPDATE carries the prefix + AS_PATH (the list of AS the announcement passed through). Each AS adds its own number at the front when it propagates
Loop defense: if an AS sees its own number in AS_PATH, it ignores the announcement. That way loops are impossible at the BGP level
Path selection runs through a list of attributes in order: LOCAL_PREF → AS_PATH length → ORIGIN → MED → eBGP/iBGP → IGP cost. AS_PATH length is the best known one, but operators often override it with LOCAL_PREF
AS_PATH prepending is a technique where an AS adds itself several times at the front (artificially lengthening the path). It is used to steer incoming traffic over a preferred path
BGP hijacking is when an AS announces someone else's prefix. A real attack (or mistake): in 2018 AS 7007 announced half the internet for a couple of hours. The defense is RPKI (Resource PKI), which validates who has the right to announce a prefix
The full BGP table of the internet right now is ~950,000 prefixes, taking several GB of memory on routers. That is why small routers (like home ones) do not run BGP at all

If you want to go deeper, there is the bgp article in the KB and the advanced lesson advanced-08-bgp-minimal where you can set up a BGP session between two containers.

§ dig into the knowledge base

§ try it hands-on

advanced-08-bgp-minimal- BGP: set up a session between nodes

§ steps

AS1 is, for example, Cloudflare. They have the prefix 1.1.1.0/24. They are its owner and can officially announce it anywhere.

The other 4 AS do not yet know how to reach it. Their [[routing-table|routing tables]] hold no route to this prefix. Until BGP announcements start, the internet does not know about 1.1.1.0/24.