What is BGP? The Protocol That Runs the Internet

The Internet Doesn't Have a Map -- It Has BGP

There's no central authority that knows how to route traffic from your laptop to a server in Tokyo. Instead, roughly 75,000 independently operated networks figure it out collaboratively using a single protocol: BGP (Border Gateway Protocol). It's the routing protocol that holds the internet together, and when it breaks -- through misconfiguration, hijacking, or simple human error -- millions of users lose connectivity within seconds.

BGP is rarely something application developers configure directly, but understanding it explains why outages happen, why latency varies between regions, and why your CDN choice matters more than you think. This guide builds a mental model for how internet routing works from the ground up.

What Is BGP?

Definition: BGP (Border Gateway Protocol) is the path-vector routing protocol that exchanges routing information between autonomous systems (AS) on the internet. Each AS announces the IP prefixes it owns, and BGP routers select the best path to each prefix based on policy, path length, and other attributes, creating the internet's global routing table.

BGP version 4, the current version, has been running since 1994 (RFC 4271). It's one of the oldest active protocols on the internet, and its design reflects a world of mutual distrust: every network operator sets their own routing policies, and BGP propagates the results of those independent decisions into a globally consistent (usually) routing table.

Autonomous Systems: The Internet's Building Blocks

An Autonomous System (AS) is a network or group of networks under a single administrative control with a unified routing policy. Every AS has a globally unique AS Number (ASN):

Cloudflare -- AS13335
Google -- AS15169
Amazon -- AS16509
Comcast -- AS7922
Your company might have one if you own IP space and peer directly with providers.

The internet is a network of approximately 75,000 autonomous systems connected by BGP. Each AS announces to its neighbors: "I can reach these IP prefixes." Those announcements propagate across the entire internet, and every BGP router builds a table of the best path to every announced prefix.

How BGP Works: Step by Step

Peer establishment -- Two BGP routers (usually at the border between two networks) establish a TCP connection on port 179. They exchange OPEN messages, negotiate capabilities, and become BGP peers (also called neighbors).
Route announcement -- Each peer sends UPDATE messages listing the IP prefixes it can reach and the path (sequence of ASNs) to get there. For example: "I can reach 104.16.0.0/12 via the path AS13335."
Route selection -- When a router receives multiple paths to the same prefix, it picks the best one using a decision algorithm based on local preference, AS path length, origin type, and other attributes.
Route propagation -- The selected best route is propagated to other peers. Each AS prepends its own ASN to the path before forwarding, creating a chain that shows the full route: "104.16.0.0/12 via AS7922 AS3356 AS13335."
Continuous updates -- When routes change (link failures, new prefixes, policy changes), UPDATE messages propagate the changes. KEEPALIVE messages (every 30-60 seconds) confirm the peer is still alive.

AS 65001 (Your ISP)          AS 65002 (Transit)         AS 13335 (Cloudflare)
     |                            |                           |
     |--- TCP:179 OPEN ---------->|                           |
     |<-- TCP:179 OPEN -----------|                           |
     |                            |--- TCP:179 OPEN --------->|
     |                            |<-- TCP:179 OPEN ----------|
     |                            |                           |
     |                            |<-- UPDATE: 104.16.0.0/12  |
     |                            |    AS_PATH: 13335         |
     |                            |                           |
     |<-- UPDATE: 104.16.0.0/12 --|                           |
     |    AS_PATH: 65002 13335    |                           |

BGP Path Selection

When multiple paths exist to the same prefix, BGP applies a decision process. The order varies slightly by implementation, but the general priority is:

Highest local preference -- A locally configured value that expresses the AS's preference for a path. This is the primary tool for traffic engineering.
Shortest AS path -- Fewer ASNs in the path generally means fewer hops and lower latency. This is the most intuitive selection criterion.
Lowest origin type -- IGP (Interior Gateway Protocol origin) is preferred over EGP, which is preferred over incomplete.
Lowest MED -- Multi-Exit Discriminator, used to influence inbound traffic from a neighboring AS when multiple peering points exist.
eBGP over iBGP -- Externally learned routes are preferred over internally learned ones.
Lowest IGP metric to next hop -- If two eBGP paths are otherwise equal, prefer the one whose next hop is closest within the internal network.
Oldest route -- Stability tiebreaker to avoid unnecessary route flapping.
Lowest router ID -- Final tiebreaker.

Pro tip: In practice, most BGP decisions are made at step 1 (local preference) or step 2 (AS path length). Network engineers use local preference to enforce business policies like "prefer the cheaper transit link" and AS path prepending to make a route look longer and less attractive to neighbors.

eBGP vs iBGP

BGP operates in two contexts:

Property	eBGP (External)	iBGP (Internal)
Peers	Routers in different ASes	Routers within the same AS
AS path	Prepends own ASN	Does not modify AS path
TTL	1 (adjacent routers)	255 (can be across internal network)
Loop prevention	Reject routes containing own ASN	Does not re-advertise iBGP routes to iBGP peers
Full mesh	Not required	Required (or use route reflectors)

iBGP distributes external routes within your own network. The full-mesh requirement (every iBGP router must peer with every other) doesn't scale, so production networks use route reflectors -- designated routers that reflect routes to other iBGP peers, reducing the peering requirement from O(n^2) to O(n).

BGP Hijacking: When Routing Goes Wrong

BGP was designed in an era of implicit trust between network operators. There's no built-in authentication of route announcements. If an AS announces a prefix it doesn't own, traffic destined for that prefix gets routed to the wrong network. This is a BGP hijack.

Famous BGP Incidents

2008: Pakistan vs YouTube -- Pakistan Telecom announced YouTube's prefix to block it domestically. The announcement leaked globally, sending YouTube traffic worldwide to Pakistan's network for hours.
2018: Amazon Route 53 hijack -- Attackers used a BGP hijack to redirect DNS traffic for MyEtherWallet.com through a server in Russia, stealing cryptocurrency.
2019: Google outage -- A Nigerian ISP accidentally leaked Google's prefixes through a Chinese telecom, causing widespread connectivity issues.
2021: Facebook outage -- Facebook's own BGP announcements were withdrawn due to an internal configuration change, making the entire company unreachable for six hours.

RPKI: Securing BGP

Resource Public Key Infrastructure (RPKI) adds cryptographic verification to BGP. IP prefix holders create Route Origin Authorizations (ROAs) that bind a prefix to an authorized ASN. Routers that validate RPKI can reject announcements from unauthorized ASes.

ROA: 104.16.0.0/12 is authorized to be announced by AS13335
If AS99999 announces 104.16.0.0/12, RPKI-validating routers reject it.

RPKI adoption is growing but not universal. As of 2025, roughly 50% of routes have ROAs, and most major networks perform RPKI validation. But plenty of networks still accept unvalidated routes, leaving room for hijacks.

Anycast: BGP's Trick for Global Services

Anycast is a technique where multiple servers in different locations announce the same IP prefix via BGP. When a user sends traffic to an anycast IP, BGP naturally routes it to the nearest announcing location (by AS path length).

This is how CDNs and DNS providers achieve global load distribution:

Cloudflare uses anycast across 300+ data centers. The same IP (1.1.1.1) is announced from every location.
Root DNS servers use anycast. The 13 root server "addresses" actually represent hundreds of physical servers.
Google Public DNS (8.8.8.8) is anycast across dozens of points of presence.

Watch out: Anycast works well for short, stateless transactions (DNS queries, CDN requests). For long-lived TCP connections, anycast can cause problems if a routing change mid-connection sends subsequent packets to a different server, breaking the connection. This is why anycast is primarily used with UDP or for initial connection establishment.

Tools for BGP Monitoring and Analysis

Tool	Purpose	Cost
BGP.tools	Real-time BGP monitoring and prefix lookup	Free
RIPE RIS	Route information service with historical data	Free
Hurricane Electric BGP Toolkit	ASN/prefix lookup and peering analysis	Free
Cloudflare Radar	Internet traffic and routing anomaly detection	Free
ThousandEyes	Network path monitoring and BGP visualization	Contact sales (enterprise)
Kentik	Network observability with BGP analytics	Custom pricing (enterprise)

# Look up BGP info for an IP
whois -h whois.radb.net 104.16.0.0

# Check which AS announces a prefix
dig +short TXT 0.16.104.in-addr.arpa @dns.google

# View BGP routes from public looking glasses
# https://lg.he.net/ (Hurricane Electric)
# https://bgp.tools/

Mental Model: How Internet Traffic Actually Flows

Put it all together and this is how a packet gets from your laptop to a server across the world:

Your laptop sends the packet to your router (local network).
Your router sends it to your ISP (your ISP's AS).
Your ISP's BGP table says "prefix X.X.X.X/Y is reachable via AS path [Transit AS, Destination AS]."
Your ISP forwards the packet to the transit AS (via their BGP peering link).
The transit AS's BGP table points to the destination AS.
The packet arrives at the destination AS, which routes it internally to the correct server.

Each hop is a BGP-informed decision. The path isn't always optimal in terms of physical distance -- it's optimal according to BGP policies, which factor in business relationships, cost, and capacity. That's why traffic from New York to New Jersey sometimes routes through Chicago: the BGP path through the transit provider in Chicago was preferred by policy.

Frequently Asked Questions

What happens if BGP goes down?

If a BGP session between two peers fails, routes learned from that peer are withdrawn. The routers fall back to alternative paths if they exist. If no alternative paths exist for a prefix, that prefix becomes unreachable from parts of the internet. The Facebook outage of 2021 demonstrated this: when Facebook withdrew all its BGP routes, the entire company was unreachable because no alternative paths existed to their network.

How long does BGP convergence take?

BGP convergence -- the time for all routers to agree on the best path after a change -- typically takes 30 seconds to several minutes. KEEPALIVE timers default to 60 seconds, and the hold time (after which a peer is declared dead) defaults to 180 seconds. Some providers tune these aggressively (3-second keepalive, 9-second hold) for faster convergence. BFD (Bidirectional Forwarding Detection) can detect link failures in milliseconds.

Do I need to understand BGP as a software developer?

You don't need to configure BGP routers, but understanding BGP explains observable behavior: why latency to certain regions is higher than geography suggests, why a CDN dramatically reduces it, why internet outages affect specific providers, and why anycast DNS resolves to different servers from different locations. It's the difference between debugging network issues and shrugging at them.

What is AS path prepending?

AS path prepending is a traffic engineering technique where an AS adds its own ASN multiple times to a route announcement, making the path appear longer. Since BGP prefers shorter paths, this makes the prepended path less attractive, steering traffic toward other paths. For example, if you have two ISPs and want most traffic through ISP A, you prepend your ASN on announcements to ISP B.

How is BGP different from OSPF or IS-IS?

OSPF and IS-IS are interior gateway protocols (IGPs) used within a single AS. They build a complete map of the internal network topology and compute shortest paths. BGP is an exterior gateway protocol (EGP) used between ASes. BGP doesn't know internal topologies -- it only knows paths as sequences of AS numbers. IGPs optimize for shortest physical path; BGP optimizes for policy and business relationships.

What is a BGP looking glass?

A BGP looking glass is a public service that lets you query a router's BGP table from another network's perspective. It shows which routes a specific AS sees and which path it would take to reach a prefix. Tools like Hurricane Electric's looking glass (lg.he.net) and RIPE RIS let you diagnose routing issues by viewing the internet from different vantage points. Essential for troubleshooting reachability problems.

Can a small company get its own ASN?

Yes, but you typically need a justification -- usually multihoming (connecting to two or more ISPs). ASNs are assigned by Regional Internet Registries (RIRs) like ARIN (North America) or RIPE NCC (Europe). The cost is approximately $550/year from ARIN. You'll also need your own IP space (or get it from your RIR) and at least two upstream providers willing to establish BGP peering with you.

Conclusion

BGP is the protocol that turns 75,000 independent networks into a single, navigable internet. It's not elegant -- it's built on trust, slow to converge, and vulnerable to misconfiguration and hijacking. But it works, and it scales to the entire internet's routing table. Understand autonomous systems, path selection, and anycast, and you'll have a mental model that explains most of the internet's observable behavior: why outages cascade, why CDNs reduce latency, and why your traceroute sometimes takes a scenic route through another continent. Push for RPKI adoption in your organization's infrastructure -- it's the single most impactful thing you can do to make the internet's routing more secure.