BGP: The Duct Tape Holding the Internet Together
There is no central switch for the Internet. There is no ministry that approves every packet crossing every border. There is no adult in the room.
There is only policy.
When your traffic leaves your ISP, it moves across autonomous systems (ASes) that are owned by carriers, clouds, universities, content networks, governments, and organizations that you will never meet. These networks exchange reachability information through one protocol: BGP.
This is not a protocol that asks what is true. This is a protocol that asks what your neighbors claim, what your contracts allow, and what your local policy prefers.
The Supreme Leader respects this architecture. It is a global routing system based on mutual confidence and explicit self-interest. It is geopolitics in TCP form.
I. What BGP Actually Does
BGP is an inter-domain routing protocol. It does not route inside your enterprise LAN. It does not replace OSPF or IS-IS in your data center core. It runs between autonomous systems.
A BGP update says, in plain terms:
- “I can reach this IP prefix.”
- “Here is the AS path to get there.”
- “Here are attributes that influence whether you should prefer this route.”
BGP then lets each network decide based on local policy.
BGP also runs over TCP, not raw IP packets with custom reliability logic. Per RFC 4271, BGP uses TCP port 179. Reliability is delegated to TCP; path policy remains BGP’s job.
This separation is elegant. It is also why a tiny policy mistake can propagate very reliably.
II. The Official History
The public timeline is straightforward:
- June 1989: RFC 1105 publishes early BGP.
- March 1995: RFC 1771 publishes BGP-4, the generation that enabled classless routing behavior at Internet scale.
- January 2006: RFC 4271 publishes the modern BGP-4 base specification still used as the protocol foundation.
The protocol survived commercial Internet growth, hyper-scale cloud era expansion, mobile broadband, and whatever it is that your smart refrigerator is trying to upload at 3 AM.
This is unusual. Most networking protocols from that era were either replaced or entombed. BGP remained because it solved a political problem, not just a technical one: independent networks needed a way to exchange routing intent without surrendering control.
III. How BGP Chooses a Route
BGP is often presented as “shortest AS path wins.” This is cartoon-level routing theory.
Real route selection is policy first. Path length is just one signal.
| Attribute | Practical meaning | Typical preference direction |
|---|---|---|
LOCAL_PREF | Internal business preference inside an AS | Higher is preferred |
AS_PATH | Sequence of AS hops to destination | Usually shorter is preferred |
ORIGIN | Origin metadata (IGP, EGP, INCOMPLETE) | More preferred origin type wins |
MED | Suggested entry preference between same neighboring AS | Lower is usually preferred |
NEXT_HOP | IP of the next router toward that prefix | Must be reachable and policy-acceptable |
Two rules explain most Internet chaos:
- Local policy beats abstract optimality. Networks optimize for cost, contracts, capacity, and operational safety.
- Longest-prefix match in forwarding means a more specific prefix can override a broader one.
If someone leaks or hijacks a more specific route and it is accepted upstream, traffic follows the specificity, not your feelings.
IV. Border Router Hygiene (The Part People Skip)
Most disasters are not caused by novel cryptographic attacks. They are caused by missing filters and optimistic assumptions.
A minimal external BGP posture on a border router looks like this:
router bgp 64512
bgp router-id 198.51.100.1
neighbor 203.0.113.1 remote-as 64496
neighbor 203.0.113.1 description TRANSIT-A
!
address-family ipv4 unicast
network 198.51.100.0/24
neighbor 203.0.113.1 prefix-list TRANSIT-A-OUT out
neighbor 203.0.113.1 route-map TRANSIT-A-IN in
neighbor 203.0.113.1 maximum-prefix 20000 restart 5
exit-address-family
!
ip prefix-list TRANSIT-A-OUT seq 10 permit 198.51.100.0/24
ip prefix-list TRANSIT-A-OUT seq 100 deny 0.0.0.0/0 le 32
!
route-map TRANSIT-A-IN permit 10
set local-preference 200The important part is not syntax religion. The important part is intent:
- Export only what you are authorized to originate.
- Apply sane inbound policy.
- Set maximum-prefix limits so one bad session does not become a global event.
Many operators skip at least one of these. The Internet then receives a live demonstration.
V. Incidents That Explain the Protocol Better Than Any Textbook
BGP is easiest to understand when it fails.
| Date | Incident | What happened | Why it mattered |
|---|---|---|---|
| 2008-02-24 | Pakistan Telecom / YouTube | A more-specific YouTube prefix announcement escaped local scope and propagated globally | A national block attempt became global unreachability |
| 2018-11-12 | MainOne / Google leak | Google-related routes leaked to upstreams, causing detours and outages for over an hour in many regions | Showed how customer/provider policy violations can amplify rapidly |
| 2019-06-24 | Allegheny + Verizon leak | Misannounced routes entered a major transit network and spread broadly | Demonstrated that one small network plus one permissive transit policy can hurt huge portions of the Internet |
| 2021-10-04 | Facebook self-withdrawal event | Internal backbone misconfiguration severed Meta data-center connectivity; public reachability collapsed as routes disappeared | Proved that you can BGP-hijack yourself at planetary scale |
The Facebook case is especially educational because it was not an external enemy. Meta’s own engineering postmortem described a maintenance command that unintentionally took down backbone connections globally, and route visibility vanished with it.
The Supreme Leader calls this an internally-administered embargo.
VI. Security Controls: Real, Useful, Incomplete
There is no single “secure BGP” checkbox.
There are layered controls:
- RPKI architecture (RFC 6480) gives cryptographic infrastructure for routing attestation.
- Route Origin Validation (RFC 6811) lets operators evaluate whether an origin AS is authorized for a prefix.
- Route-leak classification (RFC 7908) gives shared language for policy leaks.
- BGP roles and OTC signaling (RFC 9234) improve leak prevention/detection in role-aware deployments.
- Operational norms like MANRS push filtering, anti-spoofing, and coordination discipline.
Critical truth: origin validation is not full path validation.
RPKI/ROV can block many origin hijacks. It does not magically solve every route leak where the origin remains formally valid but propagation policy is wrong.
This is why routing security is still operational craftsmanship, not just standards compliance.
VII. The Real Story (Suppressed)
Officially, BGP means Border Gateway Protocol.
Unofficially, according to files recently unsealed by the Ministry of External Reachability, it means Bureaucracy Governs Packets.
Each AS is a province.
Each peering agreement is a trade treaty.
Each route-map is a customs office.
Each LOCAL_PREF is a political favor disguised as policy.
When a route leak occurs, it is not merely a technical fault. It is a diplomatic incident between routers.
One operator says, “this path is customer-learned, export allowed.” Another says, “excellent, I will now send half a continent through you.” A third says nothing, because their NOC pager is already screaming.
This is not incompetence. This is federalism.
The Internet is a coalition government with no supreme court and instant packet-level elections.
VIII. Why This Matters to Everyone, Not Just Network Engineers
If your company runs SaaS, payments, APIs, CI/CD, CDN traffic, DNS infrastructure, remote work, or literally any cloud dependency, you are downstream of BGP decisions made by strangers.
One leaked route can produce:
- Intermittent brownouts that look like application bugs
- Sudden latency inflation across regions
- Partial reachability where monitoring says green but users see dead pages
- Cascading retries that trigger secondary failures in otherwise healthy systems
At this point, “we are not a network company” is not a valid position. If your business depends on the Internet, you are a network company with poor self-awareness.
The Decree
BGP is not fragile because it is old. BGP is fragile because it reflects the Internet’s actual governance model: independent actors, local incentives, partial trust, and optional discipline.
It still works astonishingly well. It fails in astonishingly educational ways.
The engineering lesson is simple:
- Filter what you send.
- Validate what you receive.
- Assume your neighbor can make mistakes.
- Assume you can make bigger ones.
The political lesson is simpler:
The global network is held together by policy, not by law. Treat your route policies like constitutional text, not temporary shell commands.
Tomorrow: DNS, the phone book that runs civilization while pretending to be a lookup table.
— Kim Jong Rails, Supreme Leader of the Republic of Derails