What Is BGP? How the Internet Decides Where Your Data Goes

What Is BGP and Why Does It Run the Internet?

Every time you load a webpage, your request travels across dozens of different networks before reaching the server. Those networks are owned by different companies — your ISP, a backbone provider, a data center, a CDN. None of them are the same organization. So how does your data know which way to go?

The answer is BGP — the Border Gateway Protocol. It's the system that lets all these separate networks talk to each other, share routing information, and agree on paths. Without BGP, the internet would be a collection of isolated islands with no way to reach each other.

It was first defined in 1989, and the core of it hasn't changed much since. That's either a testament to good design or a sign of how difficult it is to replace something this foundational — probably both.

The Internet Is Made of Autonomous Systems

Before understanding BGP, you need to understand what it connects. The internet isn't one big network. It's tens of thousands of smaller networks, each owned and operated independently. These are called Autonomous Systems (AS).

Your ISP is an autonomous system. Google is an autonomous system. A university, a hosting company, a mobile carrier — each one is its own AS. Every AS gets a unique number called an ASN (Autonomous System Number). For example, Cloudflare's ASN is AS13335. Google's is AS15169.

Within its own AS, a network can use whatever routing protocol it wants — OSPF, EIGRP, IS-IS, whatever works internally. But when it needs to exchange routes with other autonomous systems on the internet, it uses BGP. That's what makes BGP an exterior gateway protocol.

How BGP Actually Works

BGP routers establish connections with each other called BGP sessions or peering sessions. Two routers that have an active BGP session are called BGP peers or BGP neighbors.

Once peered, routers exchange routing information — specifically, they announce which IP prefixes they can reach. A prefix is a block of IP addresses, like 192.0.2.0/24. When a router announces a prefix, it's saying: "If you want to reach any IP in this block, send the traffic to me."

These announcements propagate across the internet. Router A tells Router B about the prefix. Router B adds its own AS to the path and tells Router C. Eventually, every BGP router on the internet has a table of which AS path to use to reach every prefix.

The key attribute BGP uses to make routing decisions is the AS_PATH — the list of autonomous systems traffic would pass through to reach a destination. All else being equal, shorter paths are preferred.

eBGP vs iBGP: Two Flavors

BGP comes in two forms depending on where the session is:

• eBGP (external BGP) — sessions between routers in different autonomous systems. This is BGP as most people think of it: the protocol that connects separate networks across the internet.
• iBGP (internal BGP) — sessions between routers within the same autonomous system. Large networks use iBGP to distribute BGP routing information internally so all their border routers stay in sync.

The rules are slightly different between the two. iBGP requires full-mesh connectivity or route reflectors to avoid routing loops. eBGP sessions are usually between directly connected routers, while iBGP sessions often span the entire AS.

BGP Path Selection: How a Route Gets Chosen

When a BGP router receives multiple paths to the same destination, it runs through a priority list to pick the best one. The order is roughly:

1. Highest LOCAL_PREF — a value set locally within the AS to prefer certain paths. Higher wins.
2. Shortest AS_PATH — fewer autonomous systems in the path means a shorter route.
3. Lowest ORIGIN type — IGP is preferred over EGP over Incomplete.
4. Lowest MED (Multi-Exit Discriminator) — used to suggest preferred entry points into an AS.
5. eBGP over iBGP — external routes preferred over internal.
6. Lowest IGP metric to next hop — the internally shortest path to the BGP next-hop router.
7. Oldest route — stability is preferred.
8. Lowest Router ID — tiebreaker.

In practice, most of the decisions come down to LOCAL_PREF and AS_PATH length. Network operators use these attributes to control traffic engineering — pushing traffic toward cheaper or faster paths.

BGP and the Business of Routing

BGP isn't just technical. It's also commercial. When one network agrees to route traffic for another, that's a business relationship. There are two main types:

• Transit — one network pays another to carry its traffic to the rest of the internet. Your ISP buys transit from a backbone provider.
• Peering — two networks agree to exchange traffic with each other for free (or for mutual benefit), typically at an Internet Exchange Point (IXP). This saves both sides transit costs.

Large content providers like Netflix and Google peer directly with hundreds of ISPs worldwide to keep their traffic cheap and fast. That's why Netflix loads quickly even when your ISP and Netflix's servers are technically separate organizations — they've worked out a direct peering arrangement.

What Is BGP Hijacking?

BGP was designed in an era when the internet was small and everyone trusted each other. There's no built-in authentication for route announcements. Any AS can announce any prefix, and BGP routers will believe it.

This is how BGP hijacking happens. A malicious or misconfigured network announces that it can reach IP prefixes it doesn't actually own. Other routers accept the announcement and start sending traffic there. The hijacker can then read, modify, or drop that traffic.

Some famous examples:

• 2010: China Telecom accidentally (or intentionally) announced prefixes covering 15% of internet routes. Traffic from the US to various destinations was briefly rerouted through China.
• 2018: Routes for Amazon's Route 53 DNS service were hijacked, redirecting users trying to reach MyEtherWallet to a fake site that stole cryptocurrency.
• 2019: A small ISP in Pennsylvania leaked misconfigured routes that caused significant traffic disruption across Europe.

These incidents aren't rare. BGP hijacks — accidental or intentional — happen regularly. Most are quickly caught and fixed. Some aren't.

BGP Security: RPKI and Route Filtering

The main defense against BGP hijacking is RPKI (Resource Public Key Infrastructure). RPKI lets IP address holders cryptographically sign their route announcements, proving they're authorized to announce a given prefix.

When a router validates BGP routes using RPKI, it can reject announcements that don't have valid signatures. This doesn't eliminate all hijacking but it significantly raises the bar.

Adoption of RPKI has been growing steadily. Major networks like AT&T, Comcast, and most large cloud providers now publish RPKI records and validate incoming routes. But it's not universal yet — plenty of smaller networks still don't participate.

Other defenses include prefix filtering (only accepting routes you expect from a given peer), max-prefix limits (disconnecting peers that suddenly announce too many routes), and IRR (Internet Routing Registry) databases for documenting routing policy.

BGP in the Real World: CDNs and Anycast

CDNs like Cloudflare and Akamai use BGP cleverly to route users to their nearest server. They announce the same IP prefix from data centers in dozens of cities simultaneously. BGP's path selection naturally routes each user to the closest location — this is called anycast routing.

When you ping 1.1.1.1 (Cloudflare's DNS), you might be hitting a server in Frankfurt while someone in Tokyo hits a completely different server at the same IP address. BGP makes this possible because it routes based on network topology, not geographic coordinates.

This also means anycast is naturally resilient. If one data center goes down, BGP reconverges and routes traffic to the next best location automatically.

BGP Convergence: What Happens When Routes Change

When a network goes down or a new route appears, BGP routers need to update their tables. This process is called BGP convergence. The problem is that BGP was designed for stability, not speed. Convergence can take seconds to minutes depending on network size and configuration.

During that window, traffic can be black-holed (dropped with no delivery), routed sub-optimally, or temporarily interrupted. Network operators tune timers and use route dampening to balance between quick convergence and stability.

This is why major internet outages sometimes cause "packet loss" for minutes even after the core issue is fixed — BGP is still propagating the updated routing information across thousands of routers globally.

BGP vs OSPF: What's the Difference?

Common BGP Mistakes

• Not filtering routes from customers. If you accept all BGP routes from a customer without filtering, a misconfiguration on their end can leak routes that affect your other customers — or the whole internet.
• Missing max-prefix limits. Without a limit on how many prefixes a peer can announce, a single misconfigured router can flood your BGP table and crash your network.
• Ignoring RPKI. Not implementing RPKI validation leaves you vulnerable to accepting hijacked routes you could have rejected.
• Asymmetric routing surprises. BGP controls outbound traffic from your AS, but you can't fully control how inbound traffic reaches you. Asymmetric paths are common and sometimes unexpected.
• Route flap without dampening. A route that keeps appearing and disappearing causes constant BGP updates across the internet. Route dampening suppresses unstable routes but needs careful tuning.

Pro Tips for Working with BGP

• Use a looking glass server to see how your routes appear from different points on the internet. Tools like BGPView, RIPE RIS, or Routeviews let you check your announcements without needing special access.
• Register your routes in an IRR (Internet Routing Registry) like ARIN, RIPE, or RADB. Many networks use IRR data to build their filters — if your routes aren't registered, some peers might drop them.
• Set up RPKI signing for your prefixes. It takes maybe an hour through your RIR's portal and immediately improves your route security posture.
• Always set max-prefix limits on BGP sessions. A safe default is 2x the expected number of prefixes from that peer — if exceeded, the session drops rather than accepting garbage routes.
• Monitor your BGP sessions and route counts continuously. Unexpected changes in announced routes are often the first sign of a misconfiguration or attack.

Frequently Asked Questions About BGP

What does BGP stand for?

BGP stands for Border Gateway Protocol. It's the routing protocol used to exchange routing information between autonomous systems on the internet. "Border" refers to the boundaries between different networks.

Why is BGP called the protocol that runs the internet?

Because it's the only protocol that connects all the different networks that make up the internet. Without BGP, there would be no way for your ISP's network to exchange routing information with Google's network, Amazon's network, or any other organization's infrastructure.

What is an autonomous system in BGP?

An autonomous system (AS) is an independent network or collection of networks under a single administrative control, identified by a unique ASN. Your ISP, a cloud provider, a university — each is its own AS. BGP is the language autonomous systems use to talk to each other.

What is BGP hijacking?

BGP hijacking is when a network announces IP prefixes it doesn't legitimately own. Since BGP has no built-in authentication, other routers may accept these false announcements and start routing traffic through the hijacker. It can be accidental (misconfiguration) or intentional (for traffic interception or disruption).

How do I check my BGP routes?

You can use BGP looking glass tools like bgp.he.net, bgpview.io, or RIPE's RIS looking glass. Enter your IP address or ASN to see how your routes appear from different vantage points on the internet.

What is RPKI and how does it protect BGP?

RPKI (Resource Public Key Infrastructure) lets network operators cryptographically sign their route announcements. Routers that validate RPKI can reject unsigned or incorrectly signed routes, making it much harder to successfully hijack BGP prefixes.

What is the difference between eBGP and iBGP?

eBGP (external BGP) runs between routers in different autonomous systems — this is how separate organizations exchange routes. iBGP (internal BGP) runs between routers within the same AS to distribute BGP information internally. The main difference is that iBGP doesn't modify the AS_PATH when forwarding routes.

How long does BGP convergence take?

BGP convergence — the time for routing changes to propagate across the internet — typically takes anywhere from a few seconds to several minutes depending on network size, configuration, and how many routers need to update. It's much slower than interior routing protocols like OSPF, which can converge in under a second.

Can BGP be used for load balancing?

Yes, through a technique called ECMP (Equal-Cost Multi-Path) or by announcing the same prefix from multiple locations (anycast). CDNs use anycast extensively to route users to their nearest server using BGP's natural path selection.

What happens to internet traffic during a BGP outage?

During a BGP outage — like Facebook's 2021 incident where they withdrew their own routes — traffic destined for the affected network simply has nowhere to go. Routers receive no route for those prefixes and drop the packets. The service becomes completely unreachable until BGP routes are restored and converge globally.

The Bottom Line on BGP

BGP is unglamorous infrastructure that most people never think about — until it breaks. When it works, data flows seamlessly across thousands of independent networks as if they were one. When it breaks or gets abused, entire regions of the internet can go dark.

Understanding BGP matters if you're running any internet-facing infrastructure, managing a corporate network with multiple ISPs, or just trying to understand why the internet sometimes does strange things. It's old, it's quirky, and it's irreplaceable.

Check your current IP address and see which network and ASN it belongs to — no login needed.