Today, Christian gives us a quick video tutorial on BGP and Anycast.
The video presentation
If you’ve got about ten minutes, you can watch the video.
The bullet points
Here are some learning points from the video:
- BGP (Border Gateway Protocol) is a routing protocol implemented over TCP that allows routers to advertise and exchange IP routes, effectively mapping out the entire internet.
- BGP can be used internally on a single network for routing floating IPs, Anycast for load balancing, or distributing route information for statically assigned IPs.
- Autonomous Systems (AS) are individual networks that manage their routes and BGP announcements.
- There are two types of BGP: Internal BGP (IBGP) and External BGP (EBGP).
- A transit provider is an ISP that facilitates BGP announcements between different AS.
- Peering is the connection between two routers that exchange BGP announcements.
- Anycast is a networking technique where a single IP address can have multiple possible destinations, and BGP determines the best route to take.
- Unlike Multicast, which delivers a message to all hosts with a specific address, Anycast provides single delivery to one destination.
- BGP announcements contain Network Layer Reachability Information (NLRI), which includes prefixes and their lengths.
- BGP path attributes, such as weight, local preference, origin, AS path, community, Multi-Exit Discriminator (MED), and next hop, are used to prioritize and select routes.
- The decision matrix for path selection prioritizes path length, then local preference, MED, weight, and finally origin. IBGP is typically favored over EBGP.
- BGP hijacking and route leaks are security concerns where unauthorized or erroneous route announcements occur.
- Mechanisms to prevent BGP security issues include Internet Routing Registries (IRR), a public registry of ASNs and their prefixes, and RPKI (Resource Public Key Infrastructure), a PKI specifically for BGP that validates router and prefix authenticity.
A bit longer summary
For those short on time, BGP (Wikipedia article) is a routing protocol that runs over TCP, allowing routers to advertise available IP addresses and exchange routing information across the internet and within private networks. It can be used for floating IPs, Anycast for load balancing, or distributing route information for statically assigned IPs.
BGP announcements are associated with autonomous systems (AS), which are essentially their own networks. The video distinguishes between internal BGP (IBGP) and external BGP (EBGP), illustrating with an example of two organizations and a transit provider (ISP) exchanging BGP announcements. Peering refers to the connection between two routers and their exchange of BGP announcements.
Anycast is described as an IP address that can have multiple destinations announced in BGP. When a message is sent to an Anycast IP, it is routed to one of the available machines, with the routing decision process to be explained later. The speaker briefly differentiates Anycast from Multicast, noting that Anycast is single delivery while Multicast reaches every host with the assigned address.
BGP announcements contain Network Layer Reachability Information (NLRI), which includes prefixes and their lengths, and BGP path attributes such as weight, local preference, origin, AS path, community, Multi-Exit Discriminator (MED), and next hop. These attributes are used in a decision matrix to select the best path, prioritizing path length, local preference, MED, weight, and origin. IBGP is typically favored over EBGP, though this can be configured.
And there are some security implications of BGP, noting that any router can advertise for any autonomous system, leading to issues like BGP hijacking and route leaks. Solutions to prevent these issues include Internet Routing Registries (IRR), public registries of ASNs and their prefixes (like RIPE), and RPKI (Resource Public Key Infrastructure), a PKI specifically for BGP that validates routers and prefixes. While RPKI adoption is slow on the internet, it is more common in internal networks.