What is BGP? – BGP routing explained

There is <i>already</i> a nice writeup on the current incident from Cloudflare at <a href="https:&#x2F;&#x2F;blog.cloudflare.com&#x2F;october-2021-facebook-outage&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blog.cloudflare.com&#x2F;october-2021-facebook-outage&#x2F;</a><p>They key observations:<p>&quot;Due to Facebook stopping announcing their DNS prefix routes through BGP, our and everyone else&#x27;s DNS resolvers had no way to connect to their nameservers. Consequently, 1.1.1.1, 8.8.8.8, and other major public DNS resolvers started issuing (and caching) SERVFAIL responses.<p>But that&#x27;s not all. Now human behavior and application logic kicks in and causes another exponential effect. A tsunami of additional DNS traffic follows.<p>This happened in part because apps won&#x27;t accept an error for an answer and start retrying, sometimes aggressively, and in part because end-users also won&#x27;t take an error for an answer and start reloading the pages, or killing and relaunching their apps, sometimes also aggressively.&quot;

Cloudflare has a useful tool for measuring if your ISP is using RPKI.[0] For Facebook, this is the latest I could find for their implementation of BGP.[1][2]<p>[0] <a href="https:&#x2F;&#x2F;isbgpsafeyet.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;isbgpsafeyet.com&#x2F;</a><p>[1] <a href="https:&#x2F;&#x2F;engineering.fb.com&#x2F;2021&#x2F;05&#x2F;13&#x2F;data-center-engineering&#x2F;bgp&#x2F;" rel="nofollow">https:&#x2F;&#x2F;engineering.fb.com&#x2F;2021&#x2F;05&#x2F;13&#x2F;data-center-engineerin...</a><p>[2] <a href="https:&#x2F;&#x2F;www.usenix.org&#x2F;conference&#x2F;nsdi21&#x2F;presentation&#x2F;abhashkumar" rel="nofollow">https:&#x2F;&#x2F;www.usenix.org&#x2F;conference&#x2F;nsdi21&#x2F;presentation&#x2F;abhash...</a>

Was banging on about this with some of the people probably here over 20 years ago. Not sure what this issue with FB was as I&#x27;m not on nanog anymore, but if it&#x27;s bgp, it&#x27;s a short list of likely events, as I foggily remember.<p>- someone big redistributed their static routes for FB into their announcements to peers.<p>- someone who has mapped peer filters and their prefix lengths has figured out how to announce smaller prefixes for FB routes and have them propagate.<p>- someone with enable somewhere in one of the major ASNs (like 701 back in my day etc) is doing a straight forward attack on FB.<p>- someone inside FB messed with load balancing and prepended a bunch of their routes internally and redistributed the long AS paths themselves and just broke shit with internal routing loops.<p>I have no idea how people unbefunge routing problems now that you have to coordinate multiple teams on the phone to get anything done instead of just one router guru just logging into everything and fixing it. I would be useless at it now, but this is not a recent problem. If it&#x27;s still a problem, it will always be a problem.

&gt; While there have been a number of ambitious proposals intended to make BGP more secure, these are hard to implement because they would require every autonomous system to simultaneously update their behavior. Since this would require the coordination of hundreds of thousands of organizations and potentially result in a temporary takedown of the entire Internet, it seems unlikely that any of these major proposals will be put into place anytime soon.<p>Excellent. Just what I like to hear &#x2F;s

I have a hunch that the &quot;How BGP can break the Internet&quot; will get updated in the near future :^)

Why can’t they at least start to inform who is advertising what. After say 1 year we would have most if not all … gradually we can build a grey BGP not all white but at least in case if some … wonder. Or any other option. Total trust is so untrustworthy.

I recall from networking classes messing around with BGP can be bad. Very bad.

How does one go about setting up an autonomous system? Seems like a shadowy world based on the impact they could potentially have.