Border Gateway Protocol (BGP) is an Internet Engineering Task Force (IETF) standard, and the most scalable of all routing protocols. BGP is the routing protocol of the global Internet, as well as for service provider private networks. BGP has expanded upon its original purpose of carrying Internet reachability information, and can now carry routes for Multicast, IPv6, VPNs, and a variety of other data. For more information on BGP please reference RFC 1163 and RFC 1267.The use of BGP as a routing protocol is ubiquitous on the Internet (used by both Internet Service Providers (ISPs) and non-ISPs). Because of its prevalence, there is a great deal concern on behalf of the Internet community whenever there is public knowledge of a BGP or TCP-based vulnerability that is being or could be exploited. It is this concern that prompted me to provide you with some helpful techniques to secure BGP.On July 29, 2009, Cisco released a Security Advisory announcing that recent versions of Cisco IOS Software that support RFC 4893 (“BGP Support for Four-octet AS Number Space”) contain two remote denial of service vulnerabilities in the handling of specific BGP updates. While there are no workarounds or techniques available to mitigate exploitation of the first vulnerability on the affected BGP device itself, the use of the bgp maxas-limit feature can mitigate exploitation of the second vulnerability.The bgp maxas-limit feature enables the ability to filter routes by limiting the number of AS numbers (ASNs) in the AS path segments that each route can include. This limiting is performed primarily to prevent the router from expending too much memory when it stores routes with long AS paths. The bgp maxas-limit feature allows administrators to set a limit on the number of AS path segments that are associated with any route. Administrators should note that because this feature is a router configuration command that is not tied to any specific BGP neighbor, all neighbors will be treated uniformly according to the specified policy.Those of us responsible for maintaining and operating networks should understand the many important aspects of BGP as a protocol in order to assess where it may be susceptible to various forms of attack and where it must be protected. First, unlike other routing protocols that typically provide their own transport layer (Layer 4) protocol, BGP relies on TCP as its transport protocol. BGP is susceptible to the same attacks that target any TCP-based protocol, and it must be protected similarly.Additionally, because BGP as an application is vulnerable to various threats, administrators must mitigate the risk and potential impact of associated exploit attempts. Some of these threats include the following:
- BGP Route Manipulation — This scenario occurs when a malicious device alters the contents of the BGP routing table, which can, among other impacts, prevent traffic from reaching its intended destination without acknowledgement or notification.
- BGP Route Hijacking — This scenario occurs when a rogue BGP peer maliciously announces a victim’s prefixes in an effort to reroute some or all traffic to itself for untoward purposes (for example, to view contents of traffic that the router would otherwise not be able to read).
- BGP Denial of Service (DoS) — This scenario occurs when a malicious host sends unexpected or undesirable BGP traffic to a victim in an attempt to expend all available BGP or CPU resources, which results in a lack of resources for valid BGP traffic processing.
Finally, inadvertent mistakes (or non-malicious actions) among BGP peers can also have a disruptive impact on a router’s BGP process. Thus, security techniques should be applied to mitigate any impacts from these kinds of events as well.The following white paper highlights several of the most important BGP security techniques — including the bgp maxas-limit feature that is referenced above — that are used by SPs and show their applicability in non-SP environments: Protecting Border Gateway Protocol for the Enterprise.