BGP Heart Ache

3 min read Original article ↗

John Studarus

Border Gateway Protocol, the heart of the Internet, needs to go…

BGP, Border Gateway Protocol, has been a thorn in my side through my career. My experiences developing software and operating content delivery networks (CDNs) as well as a network security engineer, has exposed me to the flaws in BGP. The time has come for BGP to be put aside and allow new routing protocols designed with security and the current scale of the Internet in mind. One such replacement is SCION and from what I see, the days for BGP may be numbered.

Press enter or click to view image in full size

Photo Credit: Jessica Studarus

Path Selection & Multi Path Support

As a CDN operator, one customer may wants two way live video stream packets to be delivered via a low latency network, while another customer wants file downloads to be done via high bandwidth without regards to latency. As the network operator, I want all my peering points to be active with traffic seamlessly flowing across all the available links in aggregate. These are real examples that a network routing protocol should be able to solve but unfortunately, BGP does not.

With BGP, network selection and concurrent multi-path network support is not possible. As a CDN software designer, we’ve had to develop application layer logic and place intelligent content routers across the Internet to handle multi-path support. This places a burden on the CDN operator who now has to run additional application layer infrastructure to overcome these BGP shortcomings. Using different IP subnets and DNS names to indicate different levels of CDN service (high versus low latency services) are an undue operational burden placed upon us by BGP shortcomings.

SCION has these capabilities baked into the network layer capabilities. When a network connection is opened, the application can select the network path with its own decisions around latency, bandwidth, or even geo-political concerns. With these capabilities in place at the network layer, the design and capabilities of a CDN are greatly simplified and expanded. This could result in a blossoming of CDN features and offerings atop SCION.

Path Hijacking

Later in my career, as my work focused more on network security, BGP reared it’s ugly head again as BGP route hijacking became more prevalent. Core network routes could, whether intentionally, malicious, or not, be routed in strange, worrisome, and inefficient manners. Traffic between two end points within one country or continent end up traversing trans-oceanic links multiple times. And with nation state cyber security becoming a regular occurrence, the fear of a network traffic transiting through a less than friendly country becomes a concern.

Once again, SCION, with it’s greenfield architecture, gives network path control to sender. No longer are the intermediate networks allowed to place their own arbitrary policies upon the traffic flows. With information being so valuable, the decision on how and by which means it flows needs to be given to the transmitter.

Numbering BGPs Days

If you play a role in network design or information security, I encourage you to take a look at SCION. Cyber Security needs to move beyond patching and bolt-on security fixes and push networking teams to adopt solutions that have security baked into the core design. With BGP, a critical portion of the Internet, being an active attack surface, we need engage and start looking for its replacement.