Autonomous Systems
An Autonomous System is a collection of network devices (routers, switches, e.t.c.) that are under the control of a single administrative entity or organization. Autonomous Systems are typically identified by an Autonomous System Number (ASN), which is used to uniquely identify and differentiate between different Autonomous Systems.
Autonomous Systems can either be stub Autonomous systems or transit Autonomous systems.
- Stub Autonomous System: This type of Autonomous System is for end customers, such as universities and most organizations. Stub Autonomous Systems do not allow traffic from one Autonomous System to pass through to another Autonomous System.
- Transit Autonomous System: This type of Autonomous System connects to multiple Autonomous systems and offers to route data from one Autonomous System to another Autonomous System.
When two Autonomous Systems are connected, we refer to it as pairing. Autonomous Systems can either be paired publicly or privately.
- Public peering usually occurs at an Internet Exchange Point (IXP). An Internet Exchange Point is a place that houses a high-throughput switch that connects routers from different Autonomous Systems.
- Private peering occurs at a collocation center. A collocation center is a facility that provides Autonomous Systems with space, power, cooling, and security to house their network devices. When two Autonomous Systems peer privately, their routers are directly connected via a dedicated copper or fiber cable.
When an Autonomous System has its network devices present in an IXP or collocation center, that Autonomous System is said to have a Point of Presence (PoP).
For Autonomous Systems with PoP at IXP or collocation centers to be connected, their BGP routers need to undergo a pairing session and exchange route information. For Autonomous systems that pair at IXPs, a route server is used to simplify the pairing process amongst participating Autonomous Systems.
Interior Gateway Protocol (IGP) is a routing protocol used within an Autonomous System (Autonomous System) to exchange routing information between routers within the Autonomous System network.
- Routing Information Protocol (RIP): RIP uses a hop count to determine the best path.
- Interior Gateway Routing Protocol (IGRP): IGRP is a Cisco proprietary protocol that uses bandwidth, delay, reliability, and load to calculate the best path.
- Open Shortest Path First (OSPF): OSPF uses a link-state database to store information about the network topology. Routers exchange link-state advertisements (LSAs) to build a complete view of the network and calculate the shortest path using the Dijkstra algorithm.
Exterior Gateway Protocol (EGP) is a routing protocol used for exchanging routing information between different autonomous systems. Routers within an autonomous system do not participate directly in EGP; a designated gateway router (edge router) is what connects to routers in other autonomous systems.
ASN and IP Prefixes
To know what ASN is associated with what IP prefixes, we can query the RADB database.
-
The following command lists all the IP prefixes owned by AS29465, the ASN belonging to MTN Nigeria Communication Limited.
whois -h whois.radb.net -- '-i origin AS29465'
-
The following command shows the ownership of the IP address 8.8.8.8
whois -h whois.radb.net 8.8.8.8
Border Gateway Protocol
BGP is a routing protocol that is used on the Internet to exchange routing information and facilitate communication between different Autonomous Systems.
Each Autonomous System maintains a BGP routing table, which contains information about the routes it has learned from other Autonomous Systems. BGP routers exchange this routing information with their neighboring routers and update their routing tables accordingly.
BGP routers exchange routing information through BGP update messages. BGP routers advertise routes or withdraw routes via BGP update messages.
When BGP routers exchange routing information, a BGP router will end up having multiple paths to get to a destination; however, it has to choose the best path to follow. To determine the best part, it uses the below algorithm from top to bottom:
-
Prefer routes with the highest weight.
-
Prefer routes with the highest local preference.
-
Prefer routes that are locally originated.
-
Prefer routes with the shortest Autonomous System path.
-
Prefer routes with the lowest origin type.
-
Prefer routes with the lowest MED (Multi-Exit Discriminator).
-
Prefer eBGP-learned routes over iBGP-learned routes.
-
Prefer routes with the lowest IGP metric to the next-hop
-
Prefer routes with the lowest router ID.
-
Prefer routes with the lowest neighbor’s IP address.
BGP Prefix Attack (BGP Hijacking)
A BGP prefix attack occurs when an attacker announces false routing information for a specific IP address prefix. This means that the attacker told other autonomous systems to route traffic destined for that IP address range to a different destination. Attackers can then intercept or modify the traffic.
Thanks for reading…