BGP: The Protocol That Holds the Internet Together (Barely)

How 70,000+ networks use an old-school routing protocol to keep global internet traffic flowing, despite constant attacks and human error

---

Here’s a terrifying thought: one misconfigured router in Pakistan once took YouTube offline for the entire planet. A single typo from a small ISP in Pennsylvania made Facebook disappear for millions of users. And every few months, some country’s internet traffic gets accidentally routed through North Korea or China.

Welcome to BGP (Border Gateway Protocol), the routing protocol that determines how data flows between the 70,000+ networks that make up the internet. BGP controls how IP packets find their way from source to destination across this massive interconnected system. It’s based on trust, held together with digital duct tape, and somehow keeps the global internet working despite being fundamentally broken by design.

And yet, it’s also one of the most elegant and resilient systems ever created.

BGP messages - these simple announcements control how trillions of packets flow across the global internet

The Internet is Not One Network

Most people think “the internet” is one giant network, but that’s completely wrong. The internet is actually tens of thousands of separate networks (called Autonomous Systems) that agree to carry each other’s traffic.

These networks include:

• ISPs like Comcast, Verizon, and AT&T
• Cloud providers like Amazon, Google, and Microsoft
• Content networks like Netflix and Facebook
• Universities with their own networks
• Governments and military networks
• Corporations with private networks that connect to the internet

BGP is the diplomatic protocol that lets all these networks talk to each other and figure out how to route traffic between them.

How BGP Works: Digital Gossip

BGP works like a massive gossip network. Each network announces to its neighbors: “Hey, I can reach these IP addresses” and “Here’s the path I’d take to get there.”

Route Announcements

Network A: “I can reach 192.168.1.0/24 directly” Network B: “Cool, I can reach 192.168.1.0/24 via Network A”
Network C: “Noted, I can reach 192.168.1.0/24 via Network B via Network A”

This information gets passed along from network to network until everyone knows how to reach everyone else.

Path Selection

When a network has multiple ways to reach the same destination, BGP uses a complex set of rules to pick the “best” path:

1. Shortest AS path (fewest networks to traverse)
2. Local preferences (business relationships matter!)
3. Origin type (how the route was originally announced)
4. Multi-exit discriminator (which connection to prefer)

But here’s the thing: “best” doesn’t always mean fastest or most reliable. It often means cheapest based on business relationships between networks.

The Trust Problem

BGP’s fundamental flaw is that it’s based on complete trust. When a network announces “I can reach Google.com,” everyone just believes them. There’s no built-in verification.

This leads to some spectacular failures:

Route Hijacking

A malicious (or misconfigured) network can announce routes for IP addresses they don’t actually control, essentially saying “send all traffic for Bank of America through me.” Sometimes this is accidental, sometimes it’s cybercrime or espionage.

BGP Leaks

Networks sometimes accidentally announce routes they learned from one provider to another provider, causing traffic to flow through unintended paths. This can break internet connectivity for entire regions.

The Pakistan YouTube Incident

In 2008, Pakistan’s government tried to block YouTube domestically by announcing a more specific route for YouTube’s IP addresses. But they accidentally announced this route to the entire internet, causing YouTube traffic worldwide to flow to Pakistan’s network (which promptly dropped it all).

Business Relationships Drive Routing

BGP isn’t just about technology - it’s about money and politics. The routing decisions BGP makes are heavily influenced by the business relationships between networks:

Customer-Provider Relationships

Your home ISP pays a larger ISP for internet access. Your ISP will prefer routes that go through providers they pay rather than peers.

Peering Relationships

Large networks often agree to exchange traffic for free at internet exchange points. These “settlement-free peering” relationships can dramatically affect routing.

Political Considerations

Some countries prefer to keep their internet traffic within national borders for security or surveillance reasons, even if international routes would be faster.

This means your data might take a longer, slower path because of a contract negotiation between ISPs you’ve never heard of.

The Convergence Problem

When BGP routes change (like when a major link goes down), it can take several minutes for the entire internet to “converge” on new routing paths. During this time, some traffic just disappears into the void.

For critical applications, this is unacceptable. That’s why major services like Google and Facebook have multiple connections to many different networks, so they can route around problems quickly.

Modern BGP Security

The networking community has developed several technologies to make BGP more secure:

RPKI (Resource Public Key Infrastructure): Cryptographically sign route announcements to prove ownership Route Origin Validation: Check signatures before accepting routes BGP Filtering: Carefully control which routes you accept from neighbors Monitoring Systems: Detect suspicious routing changes in real-time

But adoption is slow and spotty. Many networks still run BGP with minimal security because “it’s always worked fine.”

A Personal Note

I’ve spent countless hours debugging BGP routing problems, and it never stops being both fascinating and terrifying. The fact that this 40-year-old protocol based on handshake agreements between competitors keeps the global internet running is remarkable.

BGP represents both the best and worst of internet governance. It’s completely decentralized - no single organization controls how traffic flows. But it’s also held together by gentleman’s agreements and the assumption that most people are trying to do the right thing.

The internet works not because BGP is perfect, but because humans are (usually) reasonable.

---

Want to understand more internet infrastructure? Check out our posts on IP (foundation layer), TCP (reliable transport), DNS (finding servers), and TLS (secure communication). Or explore all our networking protocols.