BGP: The Protocol That Actually Runs the Internet
The internet isn't one network — it's roughly 70,000 separate networks (Autonomous Systems) that exchange traffic with each other. The protocol that coordinates this exchange is BGP, the Border Gateway Protocol. It's been largely unchanged since 1994. It has no built-in authentication. And when it breaks, entire countries go offline.
What BGP Actually Does
BGP is a path vector protocol. Each Autonomous System (AS) — think ISP, CDN, major enterprise — announces the IP prefixes it's responsible for to its BGP neighbours. Those neighbours propagate the announcements to their neighbours. The result is a distributed, globally consistent routing table where every router knows the best path to reach any IP prefix on earth.
'Best path' in BGP means the path with the most favourable combination of policy attributes, not necessarily the fastest or most reliable. BGP is built for policy, not performance. A network can deliberately prefer a longer path through a partner network over a shorter path through a competitor. This is how the commercial relationships between ISPs translate into actual traffic flows.
BGP Route Leaks and Hijacks
A BGP route leak happens when a network accidentally announces IP prefixes it shouldn't be announcing — forwarding routes from one upstream provider to another, drawing traffic through paths that can't handle it. In 2010, China Telecom leaked routes for about 37,000 IP prefixes, briefly redirecting traffic from major US networks through Chinese routers. The traffic itself was probably fine. The possibility that it was inspected is less fine.
BGP hijacking is deliberate. An attacker announces someone else's IP space as their own, diverting traffic to their infrastructure. In 2018, traffic to Amazon's Route 53 DNS service was hijacked for about 2 hours using BGP, redirecting cryptocurrency wallet queries to a fake site. The attack stole roughly $150,000 in cryptocurrency.
Why BGP Is So Vulnerable
BGP was designed in an era when the internet was a trusted research network and the idea of adversarial participants wasn't central to the design. There's no cryptographic verification that a network actually owns the prefixes it announces. RPKI (Resource Public Key Infrastructure) was designed to fix this — it lets networks cryptographically sign their prefix ownership. Adoption is growing but not universal.
RPKI: The Fix That's Being Slowly Deployed
Resource Public Key Infrastructure lets network operators cryptographically sign their route announcements. A signed route origin authorisation (ROA) says 'AS12345 is authorised to announce 203.0.113.0/24.' RPKI-validating routers reject announcements that don't match ROAs — which would stop most BGP hijacks and route leaks.
RPKI adoption has grown substantially since 2019. By early 2026, roughly 40% of global routes have valid RPKI coverage. The major internet exchanges, Tier 1 carriers, and cloud providers are mostly there. The long tail of smaller ISPs and enterprise networks is moving more slowly. Until adoption is near-universal, route hijacking remains possible — a single non-validating network can still propagate a hijacked route to the parts of the internet that trust it.
Look Up ASN and Routing Information
Check which AS is responsible for any IP address and see its BGP routing details.
IP Lookup ToolAbout Kunal Khatri
Kunal is a network security specialist and systems administrator with 8+ years of experience auditing secure connections and building network infrastructure.
Related Articles
Understanding CIDR and Subnetting: A Practical Guide
Confused by IP addresses followed by slashes like /24? Learn what CIDR notation means, how subnet masks work, and how to divide networks easily.
Network Latency: What It Is and How to Actually Reduce It
Latency is the delay in network communication. It's not the same as bandwidth, it can't be fully eliminated, and most advice for reducing it misses the real causes.
TTL (Time to Live) in Networking: A Real Explanation
TTL appears in both DNS records and IP packets, doing different but related jobs in each context. Understanding both uses makes network troubleshooting much easier.
MAC Address vs IP Address: What's the Difference
MAC addresses and IP addresses both identify devices on networks — but at different layers, for different purposes, with different implications for privacy and security.
