Border Gateway Protocol (BGP) is a fundamental technology to the operation of the Internet; without it, our packets would never make it to their destination. But many people don't know what it is and aren't aware of the dire flaws within the technology, so let us address these two points: What is BGP, and what's the problem with the technology?
How exactly does it work?
BGP is like the post office for the Internet. When a post office receives a letter, they look at the destination and work out the fastest, most efficient route for the letter to be delivered by. BGP is no different, it receives packets of data, and works out the most efficient and quickest route for the packet to get to its destination. For example, if I load up a website in England that is hosted in Germany, BGP will be responsible for getting the data where it needs to be quickly.
The Internet is simply a group of networks connected together to share resources, and each separate network is known as an Autonomous System (AS). These networks are typically a group of routers run by an organisation- like an Internet Service Provider. Now, think of each of these AS's like your local post office branch- all the letters go there before going to the final destination. Again, BGP is very similar; all the data goes to the autonomous system first, then goes to the individual routers. Below is a basic example of how this all works:
As you can see, the post office has chosen the quickest route with the least stops as the route for the letter to travel. It could have gone through branches AS 2 and AS 3, but the main post office decided that going straight to AS 4 would be the best option. The local branch AS 4 then delivers the letter to the mailbox. Again, this is identical to how BGP works. It finds the best route to AS 4 and delivers the data, and then AS 4 routes the data internally to the destination. Again, BGP could've chosen to deliver the data through AS 2 and AS 3, but it found going from AS 1 to AS 4 the best route.
This is a perfect example of why BGP is so important to the Internet. In the real world, there would be hundreds of different ways to get the data to the intended destination, and without it, the Internet as we know it would simply fall apart.
Now, a problem arises. New systems are coming online and old ones are coming offline all the time on the Internet, and each AS needs to be aware of these changes, so they can continue to route traffic to where it needs to go. To do this, each AS establishes a direct connection (via TCP/IP) to its neighbours, to keep everyone up to date. It's like a community watch, where neighbours come together regularly to share where the trouble is, and where there is no longer trouble. The problem with BGP is that unlike the post offices and branches, each AS may be owned by a different organisation. These means some competition and charges may come into use for the use of their networks, and these factors may come into consideration. The other gaping problem is that BGP is a trust reliant network, and it trusts all the AS's to be telling the truth. This is where the problems begin:
What's the problem with BGP?
As mentioned earlier, BGP relies on trust to keep it running. Each AS advertises routes, and they advertise what destinations will be routed the most efficiently through their networks. Now, this can be misused, accidently or on purpose. In 2004, a Turkish ISP by the name TTNet accidentally advertised that their network was the best destination for all traffic on the internet. As the AS communicated with its neighbours, this information spread quickly throughout them, and they relayed this onto their neighbours. All traffic was then routed through TTNet, and this undoubtedly caused widespread outages across much of the World.
However, this can also be used maliciously. In 2018, attackers deliberately advertised they were the best destination for all of Amazon's DNS service data (Route 53). This bad data again spread quickly amongst neighbouring AS's, and caused widespread outages for the service. They were able to then use this attack to steal over $100,000 in cryptocurrency. If you want to find out more about this specific attack, here is a post going more in-depth about the attack.
So as demonstrated, BGP is evidently insecure. But the problem is, it is a tricky fix and any fix needs adoption over all networks, otherwise it would fail and cause big outages. One promising fix is RPKI, which simply put makes sure that the AS is verified and authorised to be the destination for the traffic they advertise. To make this work properly, it needs to be adopted by every single network, which is very unlikely to happen any time in the future. If you wish to read further into RPKI, here is a post that explains in more depth.
To summarise, BGP is the fragile technology that makes the Internet work. Without it would be chaos, but it clearly isn't optimised for the Internet of today. As always, I hope you found this post interesting and informative. If you have any queries, feel free to contact me via any method on my main site, and I'll do my best to answer. See you next Time!