Overview
ABSTRACT
The Border Gateway Protocol is the only protocol interconnecting all IP networks composing the Internet. Hence Internet interconnection security and robustness depend exclusively on the security of BGP. This article presents some weaknesses of this protocol, such as the ability to spoof a BGP peer, global incidents due to malformed messages or human errors, BGP route injection and traffic hijacking. After discussing the risks, this article presents all the countermeasures available for the operators such as inherent security mechanisms and operational best practices that aim to build a more reliable and resilient Internet.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Sarah NATAF: Network Architect, Orange, Paris, France
INTRODUCTION
The Internet is a network made up of tens of thousands of IP networks interconnected in pairs. These interconnections are based on a single communications protocol: BGP, or Border Gateway Protocol, which dynamically calculates and propagates the best paths to a destination. Version 4 of this protocol appeared in the mid-1990s, 1995 to be exact, at a time when the number of Internet operators and players was limited, as was the number of IP address blocks advertised on the network. In the wake of the Internet bubble in the 2000s, the explosion in the size of the routing table, the introduction of a new version of IP and the arrival of a large number of new participants in the global network, the architecture of the protocol itself has changed only slightly: BGP has undergone only minor changes to date, its structuring principles remaining unchanged.
Yet the Internet's entire reliability and resilience to outages depend on this BGP technology. The first major incident on the Internet took place in the late 1990s, when an operator inadvertently propagated incorrect routes across the entire network, causing it to collapse (this event is analyzed in the course of the article, along with a number of others). With the emergence of services that are an integral part of the daily lives of millions of people, network robustness has become a major issue: people and services need to be connected and reachable without interruption. On the other hand, while data security is always paramount, more and more attention is being paid to the way in which it is routed between sender and destination; the risks of interception for eavesdropping are growing, and particular attention is being paid to the paths taken by this data.
Traffic detour, destination unreachability, spoofing, fault propagation, isolation of all or part of the network: in this article, we list the various security risks applicable to network interconnections. We will then explain the countermeasures available, both at protocol level and in terms of the operations to be implemented by the various network operators and players. Finally, we will detail the new mechanisms available to operators to improve Internet security and combat threats such as ad spoofing and packet hijacking.
Exclusive to subscribers. 97% yet to be discovered!
Already subscribed? Log in!
KEYWORDS
IP | network security | internet | telecommunications | security | BGP | IP
BGP and IP interconnection security on the Internet
Overview of the BGP protocol and its applications
Article included in this offer
"Networks and Telecommunications"
(
170 articles
)
Updated and enriched with articles validated by our scientific committees
A set of exclusive tools to complement the resources
Bibliography
Exclusive to subscribers. 97% yet to be discovered!
Already subscribed? Log in!
