Skip to main content

Why understanding ‘the Notorious BGP’ is more important than ever

(Image credit: Image Credit: Wright Studio / Shutterstock)

Over the last 40 years the internet has changed dramatically, evolving into a complex web of thousands of independently-managed networks organised into Autonomous Systems (AS), where the transfer of information is based purely on trust.

Border Gateway Protocol (BGP) is the routing protocol of the Internet that all these Autonomous Systems use to share routing information with each other. You could say that BGP is essentially the main highway of the Internet which means that understanding how it works is key to knowing how your network connects to the rest of the Internet, especially with your customers. It is particularly important if you intend to have operational insights for any business-critical app or service that you are either offering or consuming over the Internet. After all, is not a stretch to say that if you don’t understand the Internet, then you can’t really understand how to deliver a good digital experience.

A simplified explanation of information exchange is:

Identity: Announce to the Internet who you are. For example: Google sees a set of IP addresses belongs to a certain ‘person’ – identity: Google announces this. 

Route propagation: Google connects to AT&T, then AT&T announces this to Verizon, who announces it to somebody else so somebody who is connected to Verizon knows how to reach Google.

Issues with BGP routing

With this whole system being based on trust that interconnected networks are telling the truth, if somebody says “I’m Google”, networks will believe this to be true and start sending traffic to that address, whether or not it really is Google. If it is not the right address, the result is BGP leak, with traffic being sent to a different, unintended network. As the Internet has expanded, with more devices connected to it, these leaks have become more common and the need for BGP visibility has become more and more essential. The problem is that the initial ‘design’ of the Internet was as a defence network, sending information from point A to point B, not a public one. BGP was designed to be a chain of trust between well-meaning ISPs and universities that blindly believe the information they receive. It hasn’t evolved to reflect the complex commercial and geopolitical relationships that exist between ISPs and nations today. As the use of technology has developed, the structure of the Internet has become too irregular, with countries acting autonomously, to have a standard applied to the whole entity. 

BGP route leaking is often labelled a mistake, however, we’re seeing BGP as a target for hackers looking to wreak havoc in our digital lives. The last few years have been riddled with various incidents involving cybercriminals redirecting traffic from intended browsers or applications to illegitimate networks. By “rerouting” traffic to illegitimate sites, hackers can bring down entire services that consumers love to use for hours at a time. Scarier still they can use this process to reroute users onto fake sites to steal personal information such as username, passwords and even financial details.

One example of BGP route leaking was back in June 2019 when European Internet traffic was rerouted through China for two hours. Swiss data centre colocation company Safe Host accidently leaked over 70,000 routes to the Chinese Internet service provider (ISP). Instead of ignoring the leak, China Telecom identified Safe Host’s routes as its own, giving the illusion that it was the shortest way to reach Safe Host’s network and other nearby European telecoms and ISPs. This resulted in slow connections for users on the mobile networks, with some unable to connect to servers.

Another example of BGP hijacking or BGP leaks was on November 12th 2018 when Google Traffic was rerouted for over an hour to Russia and China. The traffic went into a black hole, causing outages for users around the world. A Nigernian firm later claimed responsibility for the hijack, saying it misconfigured a BGP filter which was then passed on.

Benefits of BGP visibility

So, how can businesses effectively deliver the best digital experiences whilst mitigating potential security issues associated with BGP routing? It all comes down to having full visibility over the relationships between autonomous systems within their network. This level of transparency is key to businesses understanding how their customers get to them. Up until recently BGP monitoring had largely been ignored by the industry, however, with so many organisations using cloud platforms to build apps, offer more digital-first services and consume SaaS, and consumers increasingly demanding best-in-class services, it’s become a problem too big to ignore. Even the most sceptical of industry professionals are becoming BGP visibility advocates. 

Not only this but monitoring is also fundamental to reducing the impact of a BGP-related hack. BGP hijacks are notoriously hard to prevent, however, by continuously monitoring BGP routes, businesses can detect abnormal activity quickly in order to mitigate any service impacts and a hijack’s impact.

Ian Waters, Senior Director, EMEA Marketing, ThousandEyes

Ian Waters
Ian Waters is Director of Solutions Marketing at ThousandEyes, the Network Intelligence company that delivers visibility into every network.