BGP LiveMap

Real-time telemetry and visual guide to global internet routing.

The Internet's Control Plane

The Border Gateway Protocol (BGP) connects thousands of independent networks to form the global internet. While interior protocols handle traffic within a single organization, BGP is built for scale and policy-driven routing between Autonomous Systems (ASes).

Networks use BGP to announce IP address ownership and discover paths to reach the rest of the world. Because the protocol relies on implicit trust, it is susceptible to security issues like route hijacks and leaks.

IP Prefixes & Subnetting

IP addresses are grouped into blocks called Prefixes. In BGP, these use "slash" notation, such as a "slash 24" (/24), which represents 256 individual addresses.

  • Longest Prefix Match: BGP typically prefers the most specific route. If one network announces a /23 and another announces a /24 that overlaps with it, traffic follows the /24.
  • Minimum Prefix Size: /24 is the smallest unit generally accepted on the global BGP table. Prefixes more specific than /24 are filtered by ISPs, except for specialized use cases like RTBH.

Network subnets are an entire subject on their own, so go here to learn more about subnetting:

Cloudflare: What is a Subnet? →

The Gossip Protocol

BGP is a gossip protocol. Routers learn reachability information from direct neighbors. When an Autonomous System announces its IP addresses, it passes the news to its peers.

Each peer records the path, appends its own ASN, and re-announces the prefix to its neighbors.

Announcement vs. Traffic

Announcements form paths that production traffic traverses in reverse. If an announcement travels AS 100 → AS 200 → AS 400, then data from AS 400 back to AS 100 follows the path [400, 200, 100].

Path Prepending

Because BGP prefers shorter AS Paths, operators can lengthen a path by repeating their own AS number multiple times. This traffic engineering technique is used to discourage incoming traffic from taking a specific link.

AS 100 AS 200 AS 300 AS 400 AS 500 AS 600 AS 700 Path: [100] Path: [200, 100] Path: [300, 100] Path: [400, 200, 100] Path: [500, 200, 100] Path: [600, 300, 100] Path: [700, 300, 100]

Core Concepts & Economics

BGP Communities

Metadata "tags" attached to routes that signal instructions to upstream peers. Standardized via RFC 1997 and RFC 4360.

BLACKHOLING (RTBH)
A "nuclear option" for DDoS mitigation. It tells providers to drop all traffic to an IP to protect the bandwidth of the rest of the network.
Example: 65535:666 (Standardized RTBH)
TRAFFIC STEERING
Influencing path priority. Most community semantics are operator-defined and not universal.
Example: ASN:70 (Common convention to set Local-Pref 70, but varies per ISP)
SCOPING
Preventing regional leakage.
Example: NO_EXPORT (Well-known RFC 1997)

The Internet Hierarchy

Networks are grouped into tiers based on how they connect to the global internet.

TIER 1 (The Backbone)
A small number of global networks (including Lumen, Arelion, and AT&T) that peer with each other without settlement and do not purchase transit. These networks form the core backbone.
TIER 2 (Regional)
Providers that peer with some networks but must purchase transit from Tier 1 networks to reach the global internet.
TIER 3 (Local)
Local ISPs and organizations that primarily purchase transit for connectivity.

Transit vs. Peering

BGP routing is dictated by business relationships, resulting in 'Valley-Free' routing policies.

TRANSIT
A commercial relationship where a network pays a provider for access to the entire internet. The provider advertises all global routes to the customer.
PEERING
A relationship where two networks connect directly to exchange traffic between their respective customers. No fees are typically involved, and they do not provide transit for each other.
PEERINGDB
Networks coordinate these relationships using PeeringDB, a public database for published peering policies and exchange locations.

Looking Glasses

Looking Glasses are public, read-only interfaces used by engineers to debug BGP behavior.

PERSPECTIVE
BGP paths vary based on network location. Debugging global routing requires viewing the table from different points on the internet.
REAL-WORLD USE
Public projects like RIPE RIS and RouteViews collect global routing updates from hundreds of peers for analysis.
COMMANDS
Interfaces support diagnostic commands like 'show ip bgp <prefix>' or 'traceroute' to reveal AS Paths, Local Preference, and Communities.

The Session Lifecycle

Before routes are exchanged, routers establish a session through states in the BGP Finite State Machine (FSM). This sequence ensures peers are ready and authorized over TCP Port 179.

  1. 1
    Idle
    Starting state
  2. 2
    Connect
    Waiting for TCP
  3. 3
    Active
    TCP link up
  4. 4
    OpenSent
    OPEN msg sent
  5. 5
    OpenConfirm
    KEEPALIVE sent
  6. 6
    Established
    Session up

Security & Authentication

BGP sessions are vulnerable to resets and spoofing. Networks secure them with MD5 Signatures or TCP Authentication Option (TCP-AO).

TTL Security (GTSM)

The Generalized TTL Security Mechanism protects sessions by requiring the IP Time-to-Live (TTL) to be 255. Since TTL decrements at each hop, this ensures the peer is directly connected.

Inside the BGP Message

  • Open: Handshake to negotiate parameters like ASN and Hold Time.
  • Update: Announces new reachability or withdraws stale routes.
  • Keepalive: Periodically confirms the session is still active.
  • Notification: Reports errors and immediately closes the session.

Anatomy of BGP Messages

Type: Open
Open Message Details
AttributeValue
TYPEOPEN
VERSION4
MY ASN10122
HOLD TIME90
BGP IDENTIFIER10.255.255.36

Details

The first packet sent after the TCP handshake. It establishes the 'ground rules' for the peering session, including optional capabilities like IPv6 support or Route Refresh.

Path Selection

A BGP Path is the chain of Autonomous Systems that data follows. BGP evaluates multiple choices to select the single best route.

Routing decisions are based on network policy, business relationships, and cost. Real-world decisions can be viewed on Cloudflare Radar.

Pro Tip: Topology vs. Geography

BGP is topologically aware and geographically blind. It counts AS hops rather than physical distance. A path crossing the Atlantic can appear shorter to BGP than a neighbor across the street if that neighbor is more AS hops away.

How BGP Chooses a Route

Note: This is the core decision process. Real routers evaluate many more tie-breakers and vendor-specific attributes (like Cisco Weight).

01
Local Preference: The primary way networks prioritize outbound paths, often preferring free peering over paid transit.
02
AS Path Length: BGP typically prefers the shortest chain of networks (ASes), though policies and traffic engineering regularly override this.
03
Route Origin: BGP prefers routes originated directly (locally injected) over those learned from neighbors.
04
MED: A technical "hint" used to tell a neighboring network which entry point into your network is preferred for their inbound traffic.
05
eBGP over iBGP: External paths are strongly preferred over internal paths to ensure traffic exits the local network efficiently.
06
IGP Cost to Next Hop: Prefers paths with the lowest internal routing cost to reach the exit router.

BGP in Action

See BGP in motion. Walk through the lifecycle of a route, from announcement and path selection to failure handling and anycast failover.

1. Announcing

The Origin AS 'announces' its IP space. Routers propagate this information so that every network knows the path back to the origin.

Step Complete
BGP Route Announcement DiagramUserOrigin AS
Synchronizing Telemetry...

The Tip of the Iceberg

Getting Perspective

Understanding BGP is essential for seeing how thousands of independent networks interconnect to form the global internet, but it is really just the beginning. In real-world environments, operators use the protocol as a flexible policy engine and a global-scale database to manage traffic.

Mastering BGP gives you a view of one specific layer, but the full "internet sandwich" goes much deeper. Below this level, you find the physical realities of optical fiber and copper. Above it, the paths BGP discovers support the entire suite of modern protocols. IP, TCP, UDP, and ICMP rely on BGP to find their way across the globe.

Further up the stack, technologies like HTTP/3, QUIC, and Anycast-based CDNs build even more complexity on top of these foundations. To truly understand networking, you have to look at how each layer constraints or enables the one above it.

Physical: Optical vs Electrical

Tunneling & L2

Upper Layers

The Control Plane

  • OSPF & IS-IS: Interior Gateway Protocols.
  • Flowspec: Distributed firewall policies.
  • SDN: Centralized network control.

References

Advanced BGP Topics

Explore the complex protocols and architectural standards built on top of BGP's extensible framework.

Step Complete

Path & Scalability

  • eBGP vs iBGP

    External BGP is used between networks while Internal BGP distributes those routes within a single AS.

  • Route Reflection (RFC 4456)

    A method to scale internal networks by reducing the need for every router to talk to every other router.

  • BGP ADD-PATH (RFC 7911)

    Allows advertising multiple paths for the same prefix to enable better ECMP and faster convergence.

  • BGP PIC

    Prefix Independent Convergence allows millisecond failover by using pre-calculated backup paths.

  • Confederations (RFC 5065)

    Dividing a large AS into smaller sub-ASs to simplify management and reduce peering overhead.

Security & Integrity

  • BGPsec (RFC 8205)

    Full path signing. Rarely deployed due to high CPU load; RPKI is the preferred modern alternative.

  • BGP OPSEC (RFC 7454)

    Best practices for securing BGP sessions including TTL security and prefix filtering.

  • RPKI Validation

    Cryptographic verification that an AS is authorized to originate specific IP prefixes.

Traffic Engineering & Resiliency

Modern Overlays

Network Tooling & Resources

A Looking Glass allows engineers to view the routing table from the perspective of a specific remote router.

Step Complete
  • Cloudflare Radar

    Real-time insights into internet traffic, security, and routing patterns globally.

  • PeeringDB

    The industry-standard database for peering locations and network interconnection data.

  • HE BGP Toolkit

    Extensive BGP routing information, including AS details, prefix propagation, and path history.

  • RouteViews

    A global project providing real-time BGP data to researchers since 1995 via dozens of collectors.

  • RIPE NCC RIS

    The Routing Information Service collects and stores BGP routing updates from over 600 peer sessions.

Deep Dive Resources

Foundational texts and community archives for mastering the stack.

Step Complete