BGP

Page Links: News, Overview, FSM, Selection, Other, Attributes, IOS, JUNOS, Useful

News

09-06-2019: BGP event sends European mobile traffic through China Telecom for 2 hours. [Ars Technica] [The Register]

24-05-2019: If you worry about 768k day, you're probably doing it wrong. [ipSpace]

13-03-2019: Facebook outage caused by BGP routing error. [HardOCP] [Bleeping Computer] [Outage Report]

26-02-2019: Four years of breaking HTTPS with BGP hijacking. [NANOG 75 YouTube]

16-01-2019: BGP in 2018. [Geoff Huston: part 1, part 2]

22-12-2018: How 3ve’s BGP hijackers eluded the Internet—and made $29M. [Ars Technica] [Schneier]

24-10-2018: China's hacking of BGP. [Schneier] [USF] [Russ White] [Ars Technica]

30-09-2018: BGP peering updates. [Network Collective] [Russ White]
06-09-2018: NIST backs internet route security. [The Register]

28-08-2018: IPv6 causes peering issues between top networks. [The Register]
01-08-2018: Telegram redirected through Iran by baffling BGP leak. [The Register]
01-08-2018: Monitoring BGP anomalies. [Russ White] [APNIC Blog]

24-07-2018: An update on securing BGP from IETF 102. [Geoff Huston]
17-07-2018: Shutting down a BGP hijack factory. [Russ White] [Dyn]
10-07-2018: BGP broken? Blame the net's big providers. [The Register] [APNIC Blog]
09-07-2018: Recent BGP peering enhancements. [Russ White]

05-06-2018: The hijacking of 1.1.1.1. [Russ White] [Internet Society]

22-05-2018: Playing "Battleships" using BGP. [The Register] [ipSpace] [BenJojo]
01-05-2018: Canned response to BGP networking question. [EtherealMind] [Reddit]

02-03-2018: When will BGP become unfashionable? [Packet Pushers] [EtherealMind]

10-01-2018: Fat fingers strike again. [ipSpace] [puck.nether.net]
08-01-2018: BGP in 2017. [Geoff Huston] [Russ White]

13-12-2017: Suspicious BGP event routed big traffic sites through Russia. [The Register] [Ars Technica]

06-11-2017: Fat-fingered Level 3 techie reduces internet to level zero: glitch knocks out connections. [The Register] [DC Knowledge]

04-10-2017: Recent BGP Innovations for Operational Challenges. [NANOG YouTube]

06-09-2017: What's wrong with BGP. [Russ White] [Packet Pushers]

08-08-2017: RFC 8212 - bringing sane defaults to eBGP. [ipSpace] [RFC 8212] [RIPE]

19-06-2017: Internet boffins take aim at BGP route leaks. [The Register]

12-05-2017: Improving peering relationships in Japan. [Russ White] [APNIC Blog]
12-05-2017: Open source project SNAS taps BGP telemetry. [Packet Pushers]

07-02-2017: Survey of interconnection agreements. [NANOG YouTube]

31-01-2017: BGP in 2016. [Russ White] [Geoff Huston]

01-02-2017: Response: BGP in 2016. [EtherealMind]

08-01-2017: Iran censored porn so hard it broke the internet in Hong Kong. [Engadget] [Gizmodo] [The Verge]

09-12-2016: Slimming down the Internet routing table. [Redpill Linpro] [EtherealMind]

07-11-2016: The death of transit. [Russ White] [CircleID]

17-05-2016: BGP: the application networking dream. [Networking Nerd]

29-01-2016: BGP in 2015. [Geoff Huston]

12-03-2015: Indian ISP’s routing hiccup briefly takes Google down worldwide. [Ars Technica]

21-01-2015: BGP in 2014. [Geoff Huston]

10-11-2014: Russian internet traffic detours through China's Frankfurt outpost. [The Register]

26-09-2014: Internet Transit price falls slowing: Telegeography. [The Register]

14-08-2014: Snowden: The NSA, not Assad, took Syria off the Internet in 2012. [Ars Technica] [Gizmodo] [HotForSecurity]

18-08-2014: Do you really need to see all 512k Internet routes? [ipSpace] [NZ Herald]

13-08-2014: Brace for the BGPocalypse: big disruptions loom as internet overgrowth continues. [ExtremeTech] [Renesys] [Ars Technica] [BBC News]

06-05-2014: Global IPv4 routing table hits 500k routes. [PacketLife]
06-05-2014: You won’t get better internet until old one is broken. 500K BGP routes good start. [EtherealMind]

18-02-2014: BGP in 2013 -- the churn report. [Geoff Huston]

24-01-2014: BGP in 2013. [Geoff Huston]

21-11-2013: How somebody forced the world's Internet traffic through Belarus and Iceland. [WSJ ATD]

21-11-2013: Rerouting Internet traffic by attacking BGP. [Schneier] [Renesys]

20-06-2013: Verizon: that peering flab about Netflix is Cogent's fault. [GigaOM]

15-02-2013: Fight to keep YouTube online in Egypt. [BuzzFeed]

29-12-2012: Pakistan lifts YouTube ban for 3 minutes. [BoingBoing] [NYT] [BBC News]
09-12-2012: Why dictators (don't) shut down the Internet. [Schneier] [BoingBoing] [Vice]

29-11-2012: Syria experiencing Internet blackout. [DC Knowledge] [BBC News] [WSJ ATD] [Wired] [Gizmodo] [Engadget] [Stuff] [THG]

29-11-2012: Syria's throwing of the Internet kill switch raises lots of questions. [WSJ ATD]
29-11-2012: How Syria turned off the Internet. [CloudFlare] [Gizmodo]
30-11-2012: Syrian Internet outage raises question "Could it happen here?" [WSJ ATD] [Renesys] [DC Knowledge] [Gizmodo]

04-12-2012: Internet shut-down easier in more countries than you think. [The Register]

30-11-2012: Syrian Internet blackout continues for second day. [BoingBoing] [NYT]
30-11-2012: Anonymous declares war on Syrian government sites. [THG]
30-11-2012: For Syria's rebel movement, Skype is a useful and increasingly dangerous tool. [NYT]
02-12-2012: Syrian Internet largely restored after blackout. [NZ Herald] [WSJ ATD] [Engadget] [Gizmodo] [CNN] [Stuff]
02-12-2012: Paint it black -- how Syria methodically erased itself from the Internet. [Ars Technica]

07-11-2012: How an Indonesian ISP took down the mighty Google for 30 minutes. [Ars Technica] [CloudFlare]

08-08-2012: A BGP leak made in Canada. [BGPmon]

06-07-2012: Internet outage in Lebanon continues into second day. [BGPmon]

09-04-2012: Iran preps Internet cutoff. [The Register] [IBT] [Gizmodo]

09-04-2012: Iran plans to unplug the Internet, launch its own "clean" alternative. [Ars Technica]
10-04-2012: Iran isn't shutting down the Internet in August, merely building a new one next March. [Gizmodo]

27-02-2012: How the Internet in Australia went down under. [BGPmon]

21-08-2011: The battle for Tripoli's Internet. [Renesys]

03-06-2011: Internet Syria offline. [BGPmon] [Renesys] [The Register]

04-06-2011: Internet service mostly restored in Syria. [WSJ]

26-03-2011: Facebook's detour through China and Korea. [BGPmon]
04-03-2011: Libya's Internet goes down again. [Gizmodo]

04-03-2011: Libya's Internet goes dark as upheaval spreads. [The Register]
05-03-2011: Internet access blocked across much of Libya. [Engadget]

29-01-2011: Egypt falls off the Internet. [BGPmon]

27-01-2011: Egyptian networks turn off the Internet. [DC Knowledge]
28-01-2011: How Egypt turned off the Internet. [Gizmodo]
28-01-2011: How Egypt killed the Internet. [WSJ]
28-01-2011: How to foil a nationwide shutdown. [Lifehacker --> use US proxy]
28-01-2011: Block like an Egyptian. [Slate]
29-01-2011: Without the Internet, Egyptians find new ways to get online. [Computer World]
29-01-2011: Recent events in Egypt. [Tor]
31-01-2011: Internet traffic in Egypt drops. [Geekzone]
31-01-2011: Egypt's net on life support. [Renesys]
31-01-2011: Egypt shuts down Noor, its last ISP. [TechCrunch]
01-02-2011: Egypt Internet ban lingers, users adjusting. [DailyTech]
01-02-2011: Egypt loses last vestiges of connectivity. [The Register]
02-02-2011: Egypt back online. [BGPmon] [RIPE] [Renesys]
02-02-2011: Egypt Internet back up as protests turn violent in Cairo. [Ars Technica]
02-02-2011: Egypt Internet restored, Cairo protests turn violent. [Wired]
03-02-2011: Vodafone network "hijacked" by Egypt. [BBC News]
03-02-2011: Vodafone says Egyptian government hijacked its networks to send propaganda. [Forbes]
04-02-2011: Vodafone Egypt confirms data services back, forced to send SMS supporting Egyptian government. [Geekzone]
06-02-2011: How Google removed the muzzle on Twitter in Egypt. [Yahoo]
09-02-2011: Internet role in Egypt's protests. [BBC News]
10-02-2011: Egypt turned off the Net with a big switch, not phone calls. [Gizmodo]
21-02-2011: Was Egypt's 'kill switch' the big red button? [DC Knowledge]

15-01-2011: Hijacks by AS4761 - INDOSAT - a quick report. [BGPmon]

03-12-2010: Chinese BGP incident: was it a traffic hijack? [IOS Hints]
01-12-2010: Comcast vs Level 3 peering dispute:

01-12-2010: Internet peering disputes: follow the money. [IOS Hints]
01-12-2010: Comcast vs Level 3. [PacketLife]
01-12-2010: Comcast vs Level 3 feud stirs intense debate. [DC Knowledge]
02-12-2010: Comcast: we bent over backwards to help Level 3. [Ars Technica]

Overview

Uses TCP port 179.
Sends keepalives every 60 seconds.
Within AS, must have full iBGP peering mesh, which leads to scaling problems that are resolved by:

route reflectors
confederations

FSM

Once "Established", BGP Updates are exchanged containing NLRI information:
destination prefix
prefix length
AS path
next hop
attributes

Route Selection

Next hop reachable (via IGP)?
Local preference.
Weight (Cisco): highest.
AS path: shortest.
MED: lowest.
Lowest cost next hop (IGP).
eBGP route: lowest BGP identifier.
iBGP route: lowest BGP identifier.

Other Stuff

Communities: allows prefixes with the same community to be treated with the same policy (i.e. tagging prefixes).
MED: advertise "route preference" to peer (influence only).
Route flap dampening: the internet community is moving away from this.
Internet route table growth: approx. 200k routes in mid-October 2006.

Attributes

Well-known mandatory: must be supported.

AS path, next hop, origin.

Well-known discretionary: must be supported.

Local pref

Optional transitive: may not be supported.

Community

Optional non-transitive: may not be supported.

IOS Configuration Example

router bgp <AS>

  no synchronization

  timers bgp x y

  neighbor <peer-group-name> peer-group

  neighbor <peer-group-name> remote-as <AS>

  neighbor <peer-group-name> update-source lo0

  neighbor <peer-group-name> soft-reconfiguration inbound

  neighbor x.x.x.x peer-group <peer-group-name>

  neighbor x.x.x.x description <...>

JUNOS Configuration Example

protocol

  bgp

   group <name>

   type [internal|external]

   description <...>

   local-address x.x.x.x

   authentication-key <...>

   peer-as <AS>

   neighbor x.x.x.x

   export <policy-options-name>

   family inet

   any

   prefix limit x

   teardown x idle-timeout y

   import <policy-options-name>

   export <policy-options-name>

interface <...>

  unit 0

   family inet

   filter

   input <filter-name>

   output <filter-name>

firewall

  filter <filter-name>

   term <term-name>

   from <...>

   then [accept|reject|discard]

Useful Articles

BGP route security. [NANOG YouTube]
BGP confederations. [ipCisco]
BGP route reflector. [ipCisco]
The BGP monitoring tool (BMP). [Russ White]
BGP community attribute. [ipCisco]
BGP communities. [Russ White]
Why BGP visibility is more important than ever. [Network Computing]
What designs require BGP in the DC? [Packet Pushers]
BGP peering in the real world. [Network Collective] [Russ White]
Understanding BGP table version. [Networking with Fish: part 1, part 2, part 3]
BGP show and tell. [ipSpace] [Networking with Fish]
Duplicate BGP updates. [Russ White]
Peering with providers. [Network Collective] [Russ White]
BGP as a high availability protocol. [ipSpace, ipSpace]
BGP routers and parrots. [Russ White]
Optimal BGP route reflection. [Network Collective] [Russ White]

Next hop self. [Russ White]

BGP LLGR. [Vincent Bernat]
BGP DFZ security. [Russ White] [CircleID]
BGP and sub-optimal route reflection. [Russ White]
History of networking: BGP route servers. [Network Collective] [Russ White]
BGP security: a gentle reminder that networking is business. [Russ White]
Is BGP good enough? [Russ White]
Flowspec for BGP route servers at IXPs. [NANOG YouTube]
Architecting robust BGP policies. [NANOG YouTube]
DDoS evolution and enhancing DDoS protection with BGP flowspec. [NANOG YouTube]
Dissecting iBGP and eBGP JUNOS configuration. [ipSpace]
History of networking: BGP security. [Network Collective] [Russ White]
RIPE NCC: the future of BGP security. [Russ White] [YouTube]
Securing BGP. [Network Collective]
Inferring BGP blackholing activity in the Internet. [NANOG 72 YouTube]
Using ARIN Whois data in BGP prefix filters. [NANOG 72 YouTube]
Do we really need a new BGP? [APNIC Blog]

Response. [EtherealMind]

BGP traffic engineering. [Network Collective] [Russ White]
Section 10 routing loops. [Russ White]
BGP route selection -- a failure of intent-based networking. [ipSpace] [Russ White]
Flowspec and RFC1998? [Russ White]
Do we really need a new BGP? [Russ White]
BGP: the tragedy of the commons. [ipSpace]
Should we build a better BGP? [Networking Nerd]
Data center BGP: autonomous systems and AS numbers. [ipSpace, ipSpace]
BGP peering and reachability. [Network Collective] [Russ White]
BGP as a better IGP -- when and where. [ipSpace]
Classifying route leaks. [ipSpace] [CircleID] [RFC 7908]
BGPsec and reality. [Russ White]
BGP Large Community for Route Leak Detection. [NANOG YouTube]
History of networking - Tony Li - BGP. [Network Collective, YouTube] [Russ White]
Improving BGP convergence without tweaking BGP timers. [ipSpace]
BGP churn and Add Path. [Network Collective, YouTube] [Russ White]
Synchronising BGP and OSPF. [ipSpace]
BGP persistent oscillation. [Russ White]
History of networking - BGP optimisations. [Network Collective, Russ White, YouTube]
Are more specifics harmful? [Russ White] [APNIC Blog]
The impact of more specifics in the DFZ. [Russ White] [Geoff Huston]
PBGPP makes analysing BGP data easier. [Russ White] [APNIC Blog]
BGP optimal route reflection. [NANOG YouTube]
When BGP meets big data. [NANOG YouTube]
Optimal route reflection. [Russ White]
Leaky abstraction: an example. [Russ White]
Simplify BGP configurations. [ipSpace, video]
High performance BGP security - algorithms and architectures. [NANOG YouTube]
BGP best path selection modifications. [NANOG YouTube]
TralXroute detecting IXPs in traceroute paths. [NANOG YouTube]
BGP shutdown. [NANOG YouTube]
PCAP BGP parser. [NANOG YouTube]
BGP basics: internal and external BGP. [Network Computing]
BGP Flowspec indirection. [Russ White]
BGP security: preventing bad route propagation. [Network Computing]
Large BGP communities. [Russ White] [APNIC]
BGP tools for the DFZ. [Russ White: part 1, part 2]
Optimal inter-AS routing challenge. [ipSpace]
BGP security: mitigating route leaks. [Network Computing]
21st century iBGP route reflection. [NANOG 68 YouTube]
Large BGP communities. [NANOG 68 YouTube]
BGP Flowspec is a step forward. [Russ White] [Netcraftsmen]

How BGP Flowspec mitigates DDoS. [Network Computing]

Running BGP between virtual machine and ToR switch. [ipSpace]
Using BGP in spine and leaf fabrics. [ipSpace, video]
BGP attributes: Weight, Local Preference, AS Path, Origin, MED. [ipCisco]
Absorbing DDoS with communities. [Russ White]
Aggregation pixies. [Russ White] [APNIC Blog]
Snaproute BGP code dive:

Installation - part 1. [Russ White]
Installation - part 2. [Russ White]
Installation - part 3. [Russ White]
Starting a peer - part 1. [Russ White]
Starting a peer - part 2. [Russ White]
Starting a peer - part 3. [Russ White]
Moving to Connect. [Russ White]
Moving to Open - part 1. [Russ White]
Moving to Open - part 2. [Russ White]
Moving to Established. [Russ White]
Moving to OpenConfirm. [Russ White]
Moving to Established. [Russ White]
Finding the tail of the update chain. [Russ White]
First steps in processing an update. [Russ White]

Fat-thumbed a BGP entry? Relax, now your pain has a name. [The Register] [RFC 7908]
Is BGP really that complex? [ipSpace]
When prepend fails, what next? [Russ White: part 1, part 2, part 3]
BGP security and spam. [Russ White]
Running BGP RR in a VM. [ipSpace]
Six tips on improving BGP security. [Network Computing] [Russ White]
BGP route maps and continued feature limitations. [ipSpace]
On collaborative blocking and filtering. [Russ White] [Internet Society]
BGP convergence, divergence, and the 'net. [Russ White]
Rethinking path validation:

Part 1 [Russ White] [LinkedIn Blog]
Part 2 [Russ White] [LinkedIn Blog]

Running BGP on servers. [ipSpace]
Using BGP in data center fabrics. [ipSpace]
Introduction to BGP-LS and PCEP. [ipSpace, video]

BGP-LS deep dive. [ipSpace, video]
Why would you need BGP-LS and PCEP? [ipSpace]
PCEP deep-dive. [ipSpace, video]
PCEP usage scenarios. [ipSpace, video]
PCEP extensions. [ipSpace, video]
PCEP and BGP-LS Q&A. [ipSpace, video]

Securing BGP: a case study. [Russ White: part 1, part 2, part 3, part 4, part 5, part 6, part 7, part 8, part 9, part 10]

Rethinking path validation. [Russ White, YouTube]

BGP in an Arista data center. [Aspiring Networker]
BGP security. [Russ White]
BGPSEC operation:

Basic operation. [Packet Pushers]
Protections offered. [Packet Pushers]
Replays, timers, and performance. [Packet Pushers]
Signatures and performance. [Packet Pushers]
Leaks and leaks. [Packet Pushers]

Estimating BGP convergence time. [ipSpace]
RFC 7454: BGP operations and security. [ipSpace] [RFC7454]
BGP communities. [Router Jockey]
BGP deaggregation with conditional route injection. [ipSpace]
AS-Path filtering. [Router Jockey]
Use BGP to defend against a DDoS attack originating from remote AS. [StackExchange]
Do you really need to see all 512k Internet routes? [ipSpace] [NZ Herald]
What is a valid BGP route? [ipSpace]
The accumulated IGP metric for BGP. [MellowD]
Why BGP choose wrong Next-hop address? [StackExchange]
Making everything a Route Reflector? [Reddit]
Question about Nexus 7000, eBGP and sub-interfaces. [Reddit]
Changes in iBGP next hop processing drastically improves BGP-based DMVPN designs. [ipSpace]
Why don't network providers peer better? [Reddit]
Real life BGP route originator and BGP next-hop intricacies. [ipSpace]
Why BGP implements its own keepalive instead of using tcp keepalive? [StackExchange]
Cisco: reliable fast BGP failover when mixing BGP NHT and BFD. [StackExchange]
Should I use default routes or full BGP table? [StackExchange]
BGP preferring routes with longer as-path prepend? [Reddit]
Multihomed BGP and NAT. [StackExchange]
Active / Active BGP with Default routes. [StackExchange]
BGP peering in the datacenter with a Root server. [Reddit]
Why does export/import policy addition/removal cause a BGP session reset? [StackExchange]
How could MTU affect BGP sessions? [CostiSer]
Learned eBGP routes not distributed to iBGP neighbors. [StackExchange]
BGP Autonomous System Path Duplicate AS. [StackExchange]
MITM and routing security. [Geoff Huston]
Cisco BGP - see communities on advertised-routes? [StackExchange]
Is it possible to connect two private eBGP peers with the same AS number? [StackExchange]
After TCP is established which BGP peer will send open message first? [StackExchange]
BGP routing in DMVPN networks. [ipSpace]
10-11-2013: What is the need of iBGP inside an Autonomous system as IGP protocols fulfill the need for internal communication. [StackExchange]
iBGP migrations can generate forwarding loops. [ipSpace]
Exception routing with BGP: SDN done right. [ipSpace]
Can BGP route reflectors really generate forwarding loops? [ipSpace]
BGP regular expression ".+_.+_.+_.+_.+_.+_.+_.+_.+_.+_.+_.+". [StackExchange]
Local Policy Denied Prefixes” in 'show ip bgp neighbor' output. [StackExchange]
How would one route an IP network through different ISPs? [StackExchange]
Originate customer AS. [StackExchange]
Seamless BGP configuration (or why BGP is a poor routing protocol). [EtherealMind]
More private AS numbers. [ipSpace]
BGP multipath with different ASNs feasible for production networks? [StackExchange]
BGP simulation tool. [StackExchange]
Circular BGP propagation. [StackExchange]
How can I check to see if I'm receiving MEDs? [StackExchange]
Load balancing between two ISP BGP links. [StackExchange]
Routing traffic out different links from the same BGP AS. [StackExchange]
BGP Best External explained. [ipSpace]
BGP security draft adopted as IETF workgroup document. [ipSpace]
BGP convergence optimisation. [ipSpace]
Setting no-export BGP community. [ipSpace]
Beware of the pre-bestpath cost extended BGP community. [ipSpace]
BGP route reflection in MPLS/VPN PE-routers. [ipSpace]
BGP operations and security, second draft. [ipSpace] [IETF Draft]
Implications of BGP local-as on IOS. [PacketLife]
My first Internet draft has just been published. [ipSpace]
Filter inbound BGP prefixes: summary. [ipSpace]
How could we filter extraneous BGP prefixes? [ipSpace]
BGP-free SP core in pictures. [ipSpace]
BGP Route Preference -- the most commonly missed task in R&S CCIE mock lab 2. [CCIE Blog]
Understanding BGP MED and BGP Deterministic MED. [CCIE Blog]
Responsible generation of BGP default route. [IOS Hints]
Shut down BGP session based on tracked object. [IOS Hints]
BGP next-hop processing. [IOS Hints]
IBGP or EBGP in an enterprise network? [IOS Hints]
BGP/IGP network design principles. [IOS Hints]
Death of the Internet predicted, film at your local cineplex. [Ars Technica]
A brief history of notable Internet disruptions. [PacketLife]
IBGP and an IGP. [PacketLife]
Validating BGP announcements with RPKI. [BGPmon]
How accurate is the routing registry? [Fix6]

How complete is the RIPE routing registry? [CircleID]

Routing on the Internet: a disaster waiting to happen? [Slashdot] [Security Week]
Understanding the Internet's insecure routing infrastructure. [Ars Technica]
Understanding BGP convergence. [CCIE Blog]
Network dictionary -- BGP speaker. [Etherealmind]
BGP: time to grow up. [IOS Hints]
Riddle me this, BGP man... [CCIE Blog]
Interesting BGP/IGP interaction problem. [IOS Hints] [Jeremy Filliben]
BGP path manipulation: Bob is at it again. [CCIE Blog]
Why BGP uses TCP and IGPs don't. [Packet Life]
BGP redistribution with OSPF and statics. [Etherealmind]
BGP: the big gory protocol -- can you troubleshoot it? [CCIE Blog]
Optimising IP event dampening. [CCIE Blog]
BGP proportional load balancing. [CCIE Blog]
Secure BGP. [IOS Hints]
Anomalies in BGP (Part 1). [CCIE Blog]
How the 'Net works: an introduction to peering and transit. [Ars Technica]
Scale your Internet backbone with core MPLS, BGP on the edge. [IOS Hints] [TechTarget]