Lead Image © Rachael Arnott, 123RF.com

Lead Image © Rachael Arnott, 123RF.com

Border Gateway Protocol

From A to B

Article from ADMIN 79/2024
By
We look at the Border Gateway Protocol, how it routes packets through the Internet, its weaknesses, and some hardening strategies.

The Internet comprises a mix of autonomous systems (ASs) – networks and systems each under the administrative control of a specific provider – that have officially registered numbers known as AS numbers (ASNs). The Border Gateway Protocol (BGP), the latest version of which is BGP4, ensures accessibility between the autonomous systems and is designed and optimized for handling high volumes of routing information with a high level of stability.

Besides providers, large corporate and government customers also have to deal with BGP if they use or want to use multihoming (i.e., connecting your own autonomous system to several providers). BGP is also used on some internal networks and forms the basis for multiprotocol label switching (MPLS) in wide-area network (WAN) structures, but can also be used for Ethernet virtual private networks (EVPNs) or in combination with a virtual extensible local area network (VXLAN) in data center networks.

Today, BGP is capable of many more functions than simply distributing IP prefixes. The protocol therefore has a wide range of options for policy-based route selection.

Basics

In contrast to the various Interior Gateway Protocols (IGPs) such as the Routing Information Protocol (RIP), Open Shortest Path First (OSPF) protocol, or Enhanced Interior Gateway Routing Protocol (EIGRP) for internal networks, BGP is the only Exterior Gateway Protocol (EGP). As such, it is based on the path vector principle, which has similarities to the distance vector IGPs used to exchange routes within an autonomous system and optimized for fast convergence times to meet the stringent requirements for low downtimes – right down to the millisecond range. However, even smaller numbers of routes still need to be processed.

Extensions to BGP make it multiprotocol capable (MP-BGP4); that is, it supports IPv4 and IPv6. BGP can process and separate different types of information and contexts in these "address families." According to information from the American Registry for Internet Numbers (ARIN), as of 2023, a full BGP table on the Internet contained around 940,000 prefixes for IPv4 and 172,400 prefixes for IPv6. Routers therefore need to have a large amount of physical memory.

ASNs in Practice

As already explained, a network operator requires an ASN for the exchange of routing information. Public ASNs are assigned by Regional Internet Registries (RIRs). The Réseaux IP Européens Network Coordination Center (RIPE NCC) is responsible for this task in Europe, the Middle East, and parts of Central Asia.

An official ASN assignment from the RIR is required for a redundant Internet connection by more than one carrier (multihoming). Additionally, an IP address block independent of the provider must be assigned. Provider-independent (PI) or provider-aggregatable (PA) address blocks are used for this purpose. However, this process has become difficult because of the scarcity of public IPv4 addresses. Smaller customers are normally assigned addresses by the provider. If the company or authority has its own AS and public address blocks, it assumes the role of the local Internet registry (LIR).

Legacy ASNs are 16 bits in length and decimal (ASPlain). Newer ASNs use 32 bits and are dot separated. This format is known as ASDot [1]. ASN 6541 in ASPlain becomes 0.6541 in ASDot notation.

Route Selection and Attributes

BGP uses different types of attributes to influence the choice of the appropriate route, distinguishing between transitive and non-transitive, normal and path attributes. When people start to talk about BGP, the conversation quickly turns to peering, which means the neighborhood connection between BGP routers and, consequently, autonomous systems. However, BGP routers do not simply use multicast to find their neighbors when enabled, as is usually the case with the IGP in an AS.

With BGP, the administrator on the router must explicitly store the neighbors, including their IP addresses and the remote autonomous systems in the respective routing process, and then reverse it on the peer router (Figure 1). If router A in AS 64496 with an IP address of 192.0.2.1 wants to peer with router B in AS 64500 and IP address 192.0.2.2, router A must store the neighbor 192.0.2.2 with AS 64500 and router B the peer 192.0.2.1 with AS 64496. If the configurations do not match, peering will not take place.

Figure 1: In BGP dual multihomed design, several providers are each connected to the customer's AS by several connections.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Routing with Quagga

    Cisco and Juniper have implemented routing protocols to help your router find the optimum path. On Linux, you can use software like Quagga, with its Zebra daemon, to help automate this process.

  • Network overlay with VXLAN
    VXLAN addresses the need for overlay networks within virtualized data centers accommodating multiple tenants.
  • Flexible software routing with open source FRR
    The FRR open routing stack can be integrated into many networks because it supports a large number of routing protocols, though its strong dependence on the underlying kernel means it requires some manual configuration.
  • IPv6 tunnel technologies
    Now that IPv6 is the official Internet protocol, all that remains is the simple task of migrating all the machines on the Internet. Until that happens, tunnel technologies provide an interim solution.
  • A script for strict packet filter updates
    Automatically create restrictive rules in Linux iptables packet filters.
comments powered by Disqus