BGP (Border Gateway Protocol)

When data travels from a company site to a cloud service, it usually passes through several networks run by different operators. No central coordinator decides which path the packets take; that task is handled by the Border Gateway Protocol (BGP). It is the protocol with which network operators worldwide negotiate among themselves which destinations are reachable via which paths. For IT decision-makers, BGP is relevant for two reasons: the quality of external connections depends directly on the routing decisions of the providers involved, and errors or attacks in global routing can hit your own operations without anything being misconfigured in your own network. Those who understand the basics can assess providers better and classify incidents faster.

What is BGP?

BGP governs the exchange of reachability information between autonomous systems. An autonomous system (AS) is a network under unified administrative control, for example the network of an internet provider, a carrier or a large enterprise. Each AS carries a globally unique number, assigned by the regional internet registries. Managed service providers such as KAEMI also operate their own network infrastructure with their own autonomous system and make the associated routing decisions themselves.

Via BGP, an AS tells its direct neighbours which IP address ranges, known as prefixes, are reachable through it. These announcements travel from network to network and together form the global routing table. There is no central authority in the internet that dictates paths. It works because tens of thousands of autonomous systems announce their routes to each other and process the information from their neighbours further. In this sense, BGP is the protocol that holds the internet together: if it is disrupted or manipulated, entire networks vanish from reachability.

How it works

  • Neighbour relationships instead of automation: BGP routers establish deliberately configured connections to defined partners, known as peers. Every neighbour relationship is a conscious decision on both sides and usually reflects a business relationship.
  • Announcements and withdrawals: An AS announces prefixes that it holds itself or has learned from customers. If a path fails, the router withdraws the route and the neighbours calculate alternatives.
  • Path selection via attributes: If a destination is reachable via several paths, BGP decides on the basis of attributes. Important ones include local preference and the length of the AS path, that is, the number of networks to be traversed.
  • Policy before speed: BGP does not optimise technical metrics such as bandwidth or utilisation. It implements policies, such as favouring customer routes or avoiding expensive transit paths.
  • Gradual convergence: If the topology changes, updates propagate from neighbour to neighbour until all routers involved have reached a consistent state again.

Why it matters

  • Every publicly reachable service depends on its IP prefixes being announced correctly via BGP.
  • Only your own AS with your own announcements makes multihoming possible, that is, simultaneous connection to several providers with automatic failover.
  • Path steering allows latency and costs to be influenced, for example when traffic preferably runs over direct peerings rather than over transit.
  • Route leaks, that is, routes passed on by mistake, can steer traffic over the wrong networks and noticeably slow connections down.
  • Route hijacking refers to the deliberate announcement of prefixes belonging to others in order to reroute or intercept traffic. Such incidents repeatedly affect large providers too.
  • RPKI counteracts this: network operators deposit cryptographically signed records of which AS may announce a prefix, and routers discard invalid announcements automatically.

Typical scenarios

  • A company connects its main site to two providers. With its own AS and its own address ranges, the second connection takes over automatically if a line fails.
  • An operator wants to route traffic to a public cloud over a private, direct path and steers the path selection via BGP announcements on dedicated connections.
  • After a routing incident at a large carrier, the operations team checks whether its own prefixes were affected and tightens the filters towards its peers.
  • When moving to a new data centre, address ranges are migrated in a controlled way by activating announcements at the new site step by step and withdrawing them at the old one.

BGP vs. interior routing (OSPF)

BGP and interior protocols such as OSPF solve different tasks. OSPF works within an organisation: it knows the complete topology of its own network and calculates the shortest path between two points from it. BGP works between organisations: it knows no details of other networks and instead implements policies about which paths traffic may take across network boundaries. In practice, the two worlds complement each other. OSPF keeps the internal network consistent, BGP connects this network with the outside world and carries the complete routing table of the internet for that purpose.

KAEMI as your partner

KAEMI operates its own network infrastructure, makes routing decisions in its own autonomous system itself and knows BGP from day-to-day operations. This creates controlled paths to cloud platforms and direct handover points to other networks, with short response paths in the event of disruptions in global routing. Our Cloud Connectivity & SDN service shows how private and high-performance connections into public clouds arise from this. If you are planning your own AS or want to design your connection redundantly, our team accompanies you via Professional & Managed Services from concept to ongoing operation.

Frequently asked questions about BGP (Border Gateway Protocol)

What is an autonomous system (AS)?

An autonomous system is a network under unified administrative control that carries a globally unique number and pursues its own routing policy. Providers and large enterprises operate their own AS. The numbers are assigned by the regional internet registries, in Europe by the RIPE NCC. Only your own AS lets you steer announcements, and thereby your own network paths, yourself.

How does BGP differ from OSPF?

OSPF is an interior protocol and calculates the shortest path within a network on the basis of the complete topology. BGP, by contrast, connects independent networks and implements policies about which paths traffic may take between organisations. Companies use OSPF in their own backbone and BGP at the handovers to providers and partners.

What is route hijacking?

In route hijacking, a network announces IP prefixes belonging to others, deliberately or through misconfiguration. Other routers adopt the false route and steer traffic into the wrong network, where it can be intercepted or discarded. Protection comes from clean filters towards peers as well as RPKI, with which routers automatically discard invalid announcements.

Does my company need its own AS?

Your own AS is worthwhile if you use several providers at the same time, want to keep your own IP address ranges or want to steer the path selection of your traffic yourself. For a single site with one connection, the provider's address space is usually sufficient. Introducing it requires a clean routing concept and ongoing operation, both of which can be outsourced to an experienced partner.

What is RPKI?

RPKI stands for Resource Public Key Infrastructure. In it, network operators deposit cryptographically signed objects that define which autonomous system may announce an IP prefix. Routers compare incoming announcements against these and discard invalid routes. This defuses many hijacks and leaks, but it does not replace careful routing filters between the networks involved.

Wondering how this looks in your own network? Talk to KAEMI: we plan, build and operate the right solution with you.