BGP LiveMap
Visual guide to global internet routing
The Internet's Control Plane
The Border Gateway Protocol (BGP) connects thousands of independent networks to form the global internet. While interior protocols handle traffic within a single organization, BGP is built for scale and policy-driven routing between Autonomous Systems (ASes).
Networks use BGP to announce IP address ownership and discover paths to reach the rest of the world. Because the protocol relies on implicit trust, it is susceptible to security issues like route hijacks and leaks. We will dive into how BGP works, its vulnerabilities, and how operators mitigate risks to keep the global Internet running smoothly.
IP Prefixes & Subnetting
IP addresses are grouped into blocks called Prefixes. In BGP, these use "slash" notation, such as a "slash 24" (/24), which represents 256 individual addresses.
- Longest Prefix Match: BGP typically prefers the most specific route. If one network announces a /23 and another announces a /24 that overlaps with it, traffic follows the /24.
- Minimum Prefix Size:
/24is the smallest unit generally accepted on the global BGP table. Prefixes more specific than /24 are filtered by ISPs, except for specialized use cases like RTBH.
Network subnets are an entire subject on their own, so go here to learn more about subnetting:
Cloudflare: What is a Subnet? →The Gossip Protocol
BGP is a gossip protocol. BGP builds routing tables through neighbor-to-neighbor updates. Because routers lack a global map, they rely on direct peers to tell them which IP addresses are reachable. When an Autonomous System announces a prefix, it essentially tells its neighbors 'send traffic for these IPs to me,' and those neighbors relay the message outward.
Each peer records the path, appends its own ASN, and re-announces the prefix to its neighbors.
Announcement vs. Traffic
Announcements form paths that production traffic traverses in reverse. If an announcement travels AS 100 → AS 200 → AS 400, then data from AS 400 back to AS 100 follows the path [400, 200, 100].
Path Prepending
Because BGP prefers shorter AS Paths, operators can lengthen a path by repeating their own AS number multiple times. This traffic engineering technique is used to discourage incoming traffic from taking a specific link.
Core Concepts & Economics
BGP Communities
BGP Communities are metadata "tags" attached to routes that signal instructions to upstream peers. They are standardized via RFC 1997 and RFC 4360.
- BLACKHOLING (RTBH)
- This is a "nuclear option" for DDoS mitigation. It tells providers to drop all traffic to an IP to protect the resources of the rest of the network.
Example:65535:666(Standardized RTBH) - TRAFFIC STEERING
- Communities are used for influencing path priority. Most community semantics are operator-defined and not universal.
Example:ASN:70(Common convention to set Local-Pref 70, but varies per ISP) - SCOPING
- They are also used for preventing regional route leakage.
Example:NO_EXPORT(Well-known RFC 1997)
The Internet Hierarchy
Networks are grouped into tiers based on how they connect to the global internet.
- TIER 1 (The Backbone)
- These are a small number of global networks (including Lumen, Arelion, and AT&T) that peer with each other without settlement and do not purchase transit. These networks form the core backbone.
- TIER 2 (Regional)
- These are providers that peer with some networks but must purchase transit from Tier 1 networks to reach the global internet.
- TIER 3 (Local)
- These are local ISPs and organizations that primarily purchase transit for connectivity.
Transit vs. Peering
The physical connections that make up the internet are driven by business agreements. Networks connect to each other either by purchasing access from a larger provider or by mutually agreeing to swap traffic for free.
- TRANSIT
- Transit is a commercial relationship where a network pays a provider for access to the entire internet. The provider advertises all global routes, meaning the customer can reach any destination on the internet.
- PEERING
- Peering is a relationship where two networks connect directly to exchange traffic. Crucially, they only provide access to each other's specific networks and customers, not the global internet. Networks coordinate these relationships using PeeringDB, a public database for published peering policies and exchange locations.
Looking Glasses
Looking Glasses are public, read-only interfaces used by engineers to debug BGP behavior.
- PERSPECTIVE
- Because BGP paths vary based on network location, debugging global routing requires viewing the table from different points on the internet.
- REAL-WORLD USE
- Public projects like RIPE RIS and RouteViews collect global routing updates from hundreds of peers for analysis.
- COMMANDS
- These interfaces support diagnostic commands like 'show ip bgp <prefix>' or 'traceroute' to reveal AS Paths, Local Preference, and Communities.
The Session Lifecycle
Before routes are exchanged, routers establish a session through states in the BGP Finite State Machine (FSM). This sequence ensures peers are ready and authorized over TCP Port 179.
- 1IdleStarting state
- 2ConnectWaiting for TCP
- 3ActiveTCP link up
- 4OpenSentOPEN msg sent
- 5OpenConfirmKEEPALIVE sent
- 6EstablishedSession up
Security & Authentication
BGP sessions are vulnerable to resets and spoofing. Networks secure them with MD5 Signatures or TCP Authentication Option (TCP-AO).
TTL Security (GTSM)
The Generalized TTL Security Mechanism protects sessions by having routers send packets with an IP Time-to-Live (TTL) of 255 and configuring the receiver to only accept packets with a TTL of 255. Since TTL decrements at every router hop, an attacker multiple hops away cannot spoof a packet that arrives with a TTL of 255, proving the legitimate peer must be directly connected.
Inside the BGP Message
- Open: Handshake to negotiate parameters like ASN and Hold Time.
- Update: Announces new reachability or withdraws stale routes.
- Keepalive: Periodically confirms the session is still active.
- Notification: Reports errors and immediately closes the session.
Anatomy of BGP Messages
| Attribute | Value |
|---|---|
| TYPE | OPEN |
| VERSION | 4 |
| MY ASN | 10122 |
| HOLD TIME | 90 |
| BGP IDENTIFIER | 10.255.255.36 |
Details
The first packet sent after the TCP handshake. It establishes the 'ground rules' for the peering session, including optional capabilities like IPv6 support or Route Refresh.
Path Selection
A BGP Path is the chain of Autonomous Systems that data follows. Because routers often learn multiple paths to the same destination, BGP uses a strict, step-by-step tie-breaking algorithm (evaluating metrics like Local Preference, AS Path length, and MED) to select the single best route.
Routing decisions are based on network policy, business relationships, and cost. Real-world decisions can be viewed on Cloudflare Radar.
Pro Tip: Topology vs. Geography
By default, BGP's pathing metric is topologically aware but lacks geographic context. It evaluates "AS hops" rather than physical distance or latency. Without operator-defined policies to steer traffic geographically, a path crossing the Atlantic could technically appear "shorter" to a router than a neighbor across the street if that neighbor requires more AS hops.
How BGP Chooses a Route
Note: This is the core decision process. Real routers evaluate many more tie-breakers and vendor-specific attributes (like Cisco Weight).
BGP in Action
See BGP in motion. Walk through the lifecycle of a route, from announcement and path selection to failure handling and anycast failover.
1. Announcing
The Origin AS 'announces' its IP space. Routers propagate this information so that every network knows the path back to the origin.
ISP Safety Test
Verify if your ISP filters invalid BGP routes using RPKI. A good global citizen drops invalid paths at the network edge.
Verify your network's integrity. This probe attempts to connect to known RPKI-invalid prefixes. A secure ISP will drop these invalid paths, preventing a connection. If the connection succeeds, your network may be vulnerable to BGP route hijacks. Initiate the probe below to test your connection.
The Tip of the Iceberg
Getting Perspective
Understanding BGP is essential for seeing how thousands of independent networks interconnect to form the global internet, but it is really just the beginning. In real-world environments, operators use the protocol as a flexible policy engine and a global-scale database to manage traffic.
Mastering BGP gives you a view of one specific layer, but the full "internet sandwich" goes much deeper. Below this level, you find the physical realities of optical fiber and copper. Above it, the paths BGP discovers support the entire suite of modern protocols. IP, TCP, UDP, and ICMP rely on BGP to find their way across the globe.
Further up the stack, technologies like HTTP/3, QUIC, and Anycast-based CDNs build even more complexity on top of these foundations. To truly understand networking, you have to look at how each layer constraints or enables the one above it.
Physical: Optical vs Electrical
- DWDM: Dense Wavelength Division Multiplexing.
- Coherent Transceivers: High-speed optical processing.
- EDFAs: Optical signal amplification.
- Twisted pair & DAC cables: Copper foundation.
Tunneling & L2
Upper Layers
- QUIC & HTTP/3: Modern transport and application layers.
- gRPC & Service Meshes: Microservice orchestration.
- DNS: The global naming service.
References
Advanced BGP Topics
Explore the complex protocols and architectural standards built on top of BGP's extensible framework.
Network Tooling & Resources
A Looking Glass allows engineers to view the routing table from the perspective of a specific remote router.
Deep Dive Resources
Foundational texts and community archives for mastering the stack.