When do we use bgp

Simple, centralized, intelligent management of distributed compute locations on massive scale. Border Gateway Protocol - Why do we need it and how does it work? July 8, Topics: Networking. What is BGP? What are Autonomous Systems? In the example topology, observe that there are two routes to AS from AS How secure is BGP?

This article was contributed by a student member of Section's Engineering Education Program. Please report any errors or innaccuracies to enged section. Once the traffic moves across an AS and reaches another BGP router connected to a different AS, the process repeats itself until the data reaches the AS where the destination site is located.

In most cases, in order to connect to the internet, computers, phones, and other devices use ISPs. The networks of these access providers connect to progressively larger ISP networks until they finally have access to the internet backbone. Traffic from a starting point goes up through the network hierarch to the backbone and then back down again to the destination IP address. In order for network operators to control routing within their own networks and to exchange routing information with other ISPs, autonomous system numbers ASN are used.

With ASNs continually joining the Internet and providing new routes for traffic, the number of BGP advertisements increases, creating a larger and larger attack surface. With this attack, adversaries manipulate BGP routing tables to have a compromised router advertise prefixes that have not been assigned to it.

If those false advertisements indicate that a better path is available than the legitimate path, traffic may be directed that way—only the path leads to malicious servers that could steal credentials, download malware, and execute other damaging activities. And all the while end users think they are visiting legitimate sites. In another well-documented incident, Pakistan Telecom, in its role as an ISP, attempted in to censor YouTube by advertising its own BGP routes to the site so users attempting to reach it would be blocked.

As a result, Web requests for YouTube were directed to Pakistan Telecom, which not only resulted in a massive outage for the site and but also overwhelmed the ISP. There are several strategies for defending against BGP hijacking, including using IP address-prefix filtering that blocks inbound network traffic from networks known to be controlled by malicious actors.

Another is BGP hijack-detection monitoring, which looks for suspiciously increased latency, degraded network performance or misdirected Internet traffic that could flag hijacking attempts.

They divide their allocated address pools into smaller blocks again and delegate them to Internet Service Providers. These smaller blocks of addresses can also be delegated to another organisation, like a company, at that level if the company is big enough to have their own block. Going down to the last level, Internet Service Providers can allocate addresses to customers. The company next door and your network at home are going to get their public IP addresses from an Internet Service Provider.

The Internet Service Provider is shown in the middle of the diagram above. They're running their IGP inside their network. Customer 1 shown on the left are a medium sized company.

They're also running an IGP inside their network as well. They also want to have Internet connectivity so they connect to the Internet Service Provider. Customer 2 on the right are a different company who also maintain their own IGP and want Internet connectivity.

Both customers have only one path out to the Internet, with the ISP as the next hop. Both customers configure a default static route pointing to the ISP. All internal traffic will be routed via their IGPs, and traffic destined to the Internet will match the default static routes.

At this point, the service provider knows the routes to all of their own internal networks. They also know the routes to the public IP addresses for their customers because they allocated those addresses. And the customers have default static routes pointing out to the Internet and IGP's for their own internal routes. We have connectivity within all internal private networks but not between the different private networks and also between all of the public networks. At this point we don't need BGP.

IGPs are running inside the service provider and the customers, default static routes at the customers point out to the Internet, and everything works just fine. Each peer transfers the information internally inside its own autonomous system. Just like in real life, usually more than one route exists to reach a given destination.

So the next time you check out this blog , remember that BGP is what helped you get here. Ziv Leyes. What is BGP? So what is BGP? BGP for History Buffs Once upon a time, when the Internet was just a tiny cloud, there were only a few networks connected to each other. Tree-like vs. In a full mesh topology, nodes have many paths to reach each other. The Emergence of Autonomous System Architecture As the Internet continued to expand, it became increasingly difficult to keep track of all the routes from one network to another.

Try Imperva for Free Protect your business for 30 days on Imperva. Start Now.