Border Gateway Protocol

BGP(Border Gateway Protocol)

BGP stands for Border Gateway Protocol. It is a standardized gateway protocol that exchanges routing information across autonomous systems (AS). When one network router is linked to other networks, it cannot decide which network is the best network to share its data to by itself.

Border Gateway Protocol considers all peering partners that a router has and sends traffic to the router closest to the data’s destination. This communication is possible because, at boot, BGP allows peers to communicate their routing information and then stores that information in a Routing Information Base (RIB).

The main goal of BGP is to find any path to the destination that is loop-free. 

The types of BGP are as follows −

Internal BGP

Routes are exchanged, and traffic is transmitted over the Internet using external BGP or eBGP. Autonomous systems can also use an internal BGP version to route through their internal networks, known as internal BGP.

External BGP

External BGP is like international shipping; some specific standards and guidelines need to be followed when shipping a piece of mail internationally. Once that piece of mail reaches its destination country, it has to go through its local mail service to reach its final destination.

Each country has its internal mail service that doesn’t necessarily follow the same guidelines as other countries. Similarly, each autonomous system can have its internal routing protocol for routing data within its network.

Resource Public Key Infrastructure (RPKI)

What is RPKI?

RPKI  is a security layer in BGP routing that provides full cryptographic trust towards ownership where the owners have a publicly available identifier. With BGP, the ground truth of ownership does not exist. Anyone is allowed to advertise a better route, whether maliciously or accidentally. Resource Public Key Infrastructure makes BGP more secure and reliable. Using RPKI, legitimate holders of number resources are able to control the operation of Internet routing protocols to prevent route hijacking and other attacks.

Routing information to a small network creates an overload. Malicious routing brings sensitive information to the wrong place. BGP errors have the potential for fraud and large-scale outages. Some notable cases are:

• Amazon – Route 53 BGP hijack of Amazon DNS for a cryptocurrency heist.
• Google – Misconfiguration of BGP filtering during an update routed traffic to China, Russia, and Nigeria.
• Mastercard, Visa, and major banks – Leaked 36 prefixes of payment services.
• YouTube – An attempt to block the YouTube website in Pakistan ended up taking it down.

RPKI Benefits

Implementing and using RPKI comes with the following benefits:

• Proof of origin. Resource holders have ownership proof to use specific resources through a signed certificate trust chain, helping prevent mistakes about the information origin.
• Cryptographic identity verification. Resource holders have a way to prove ownership to customers when distributing resources.
• Route hijacking prevention. Resource users protect the information provided by resource holders through a digital signature, which a verified resource holder generates and supplies to the user. Attempts to alter the signature renders it invalid.

Why do we need RPKI?

Routing protocols are potentially at risk of attacks that can harm individual users or network operations as a whole. RPKI was specified by the IETF to provide a secure means to certify the allocation of Internet number resources, as a step towards securing routing. The Internet Architecture Board considers a "properly designed and deployed RPKI an absolute prerequisite to having a secure global routing system, which is in turn a prerequisite to having a reliable worldwide Internet."