BGP security: IP network interconnections security

The Internet is a network made up of tens of thousands of IP networks interconnected in pairs. These interconnections are based on a single communications protocol: BGP, or Border Gateway Protocol, which dynamically calculates and propagates the best paths to a destination. Version 4 of this protocol appeared in the mid-1990s, 1995 to be exact, at a time when the number of Internet operators and players was limited, as was the number of IP address blocks advertised on the network. In the wake of the Internet bubble in the 2000s, the explosion in the size of the routing table, the introduction of a new version of IP and the arrival of a large number of new participants in the global network, the architecture of the protocol itself has changed only slightly: BGP has undergone only minor changes to date, its structuring principles remaining unchanged.

Yet the Internet's entire reliability and resilience to outages depend on this BGP technology. The first major incident on the Internet took place in the late 1990s, when an operator inadvertently propagated incorrect routes across the entire network, causing it to collapse (this event is analyzed in the course of the article, along with a number of others). With the emergence of services that are an integral part of the daily lives of millions of people, network robustness has become a major issue: people and services need to be connected and reachable without interruption. On the other hand, while data security is always paramount, more and more attention is being paid to the way in which it is routed between sender and destination; the risks of interception for eavesdropping are growing, and particular attention is being paid to the paths taken by this data.

Traffic detour, destination unreachability, spoofing, fault propagation, isolation of all or part of the network: in this article, we list the various security risks applicable to network interconnections. We will then explain the countermeasures available, both at protocol level and in terms of the operations to be implemented by the various network operators and players. Finally, we will detail the new mechanisms available to operators to improve Internet security and combat threats such as ad spoofing and packet hijacking.