Autonomous systems (AS) are the unit of routing for BGP
BGP, the border gateway protocol is a decentralized protocol to route packets through the internet. BGP operates on top of TCP connections between AS routers. It allows each peering router to discover the routes available through each of its neighboring ASes (path vector).
Fun fact : the protocol first draft was drawn on 2 napkins at lunch !
Some figures on the network of interconnected AS for 2018:
| Â | IPv4 | IPv6 |
|---|---|---|
| AS count | 60k | 16k |
| Route count | 700k | 60k |
| Average Route subnet size | 20 prefix len => 4k | 32 prefix len |
| Average path len (diameter) | 6 | 5 |
| Highly connected nodes (>1k edges) | ~12 | ?? |
How routes are represented and propagated
| Address prefix | Next Hop | Origin AS | AS path(*) | Preference attributes | Other attributes |
|---|---|---|---|---|---|
| 172.217.168.0/24 | 66.1.45.124 | AS15169 | 3302,3356,6666 | MULTI_EXIT_DISC (between AS) LOCAL_PREF (intra AS) |
relating to route aggregation… |
Note AS_PATH can be a list of sequences and sets (due to route aggregation)
BGP route selection model
A BGP speaker will rank, filter and select incoming route advertissements (adjacent Route Information Base In). It will modify and propagate a subset of those routes (adj rib out). To avoid an explosion in the number of routes, only 1 route per destination is forwarded
For example for a router belonging to AS6.
| Adj-RIB-In | Local RIB | Adj-RIB-Out |
|---|---|---|
11.22.33.0/24 AS1,3NEXT_HOP 72.12.48.1 |
KEEP | 11.22.33.0/24 AS1,3,6 (append my AS#)NEXT_HOP 73.133.159.1 (choose next hop) |
11.22.44.0/24 AS1,6,2NEXT_HOP 66.25.35.1 |
DISCARD ! Loop in AS_PATH |
NO PROPAGATION ! |
44.33.11.0/24 AS2NEXT_HOP 66.25.35.1 |
KEEP | 44.33.11.0/24 AS2,6NEXT_HOP 73.133.159.1 |
44.33.11.0/24 AS2,3NEXT_HOP 72.12.48.1 |
DISCARD ! Longer AS_PATH |
NO PROPAGATION ! |
22.33.44.0/24 AS4,3NEXT_HOP 72.12.48.1MULTI_EXIT_DISC 100 |
KEEP | 22.33.44.0/24 AS4,3,6NEXT_HOP 73.133.159.1MULTI_EXIT_DISC is NOT propagated |
22.33.44.0/24 AS4,3NEXT_HOP 72.12.48.111MULTI_EXIT_DISC 1000 |
DISCARD ! Higher discriminator |
NO PROPAGATION ! |
Which translates to the following network.
Route leaks attacks
If an AS peering routers advertise a route via themselves to an IP for a popular service like youtube they can mess-up routing for the whole traffic from neighbour ASes.
External Vs Internal route propagation
Some big ASes (ex: amazon) will have a network that span multiple continents. So multiple BGP speakers peering with different other ASes. Route propagation inside an AS network is subject to different rules.
Vanilla BGP requires internal speakers be fully connected
This requirement can be bypassed using route reflection or confederations.