Cisco Blogs

Securing BGP

- July 29, 2009 - 2 Comments

Border Gateway Protocol (BGP) is an Internet Engineering Task Force (IETF) standard, and the most scalable of all routing protocols. BGP is the routing protocol of the global Internet, as well as for service provider private networks. BGP has expanded upon its original purpose of carrying Internet reachability information, and can now carry routes for Multicast, IPv6, VPNs, and a variety of other data. For more information on BGP please reference RFC 1163 and RFC 1267.The use of BGP as a routing protocol is ubiquitous on the Internet (used by both Internet Service Providers (ISPs) and non-ISPs). Because of its prevalence, there is a great deal concern on behalf of the Internet community whenever there is public knowledge of a BGP or TCP-based vulnerability that is being or could be exploited. It is this concern that prompted me to provide you with some helpful techniques to secure BGP.On July 29, 2009, Cisco released a Security Advisory announcing that recent versions of Cisco IOS Software that support RFC 4893 (“BGP Support for Four-octet AS Number Space”) contain two remote denial of service vulnerabilities in the handling of specific BGP updates. While there are no workarounds or techniques available to mitigate exploitation of the first vulnerability on the affected BGP device itself, the use of the bgp maxas-limit feature can mitigate exploitation of the second vulnerability.The bgp maxas-limit feature enables the ability to filter routes by limiting the number of AS numbers (ASNs) in the AS path segments that each route can include. This limiting is performed primarily to prevent the router from expending too much memory when it stores routes with long AS paths. The bgp maxas-limit feature allows administrators to set a limit on the number of AS path segments that are associated with any route. Administrators should note that because this feature is a router configuration command that is not tied to any specific BGP neighbor, all neighbors will be treated uniformly according to the specified policy.Those of us responsible for maintaining and operating networks should understand the many important aspects of BGP as a protocol in order to assess where it may be susceptible to various forms of attack and where it must be protected. First, unlike other routing protocols that typically provide their own transport layer (Layer 4) protocol, BGP relies on TCP as its transport protocol. BGP is susceptible to the same attacks that target any TCP-based protocol, and it must be protected similarly.Additionally, because BGP as an application is vulnerable to various threats, administrators must mitigate the risk and potential impact of associated exploit attempts. Some of these threats include the following:

  • BGP Route Manipulation — This scenario occurs when a malicious device alters the contents of the BGP routing table, which can, among other impacts, prevent traffic from reaching its intended destination without acknowledgement or notification.
  • BGP Route Hijacking — This scenario occurs when a rogue BGP peer maliciously announces a victim’s prefixes in an effort to reroute some or all traffic to itself for untoward purposes (for example, to view contents of traffic that the router would otherwise not be able to read).
  • BGP Denial of Service (DoS) — This scenario occurs when a malicious host sends unexpected or undesirable BGP traffic to a victim in an attempt to expend all available BGP or CPU resources, which results in a lack of resources for valid BGP traffic processing.

Finally, inadvertent mistakes (or non-malicious actions) among BGP peers can also have a disruptive impact on a router’s BGP process. Thus, security techniques should be applied to mitigate any impacts from these kinds of events as well.The following white paper highlights several of the most important BGP security techniques — including the bgp maxas-limit feature that is referenced above — that are used by SPs and show their applicability in non-SP environments: Protecting Border Gateway Protocol for the Enterprise.

Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

All comments in this blog are held for moderation. Your comment will not display until it has been approved

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. I'm a BGP administrator and have been quite amazed by the possible security issues with BGP.Is this the same vulnerability that we saw in February when we saw very (~250) long ASpaths?'m using to help me monitoring my prefixes for hijacks and other BGP events. This is a very helpful tool for BGP network administrators.-Richard

  2. Hi Richard,Thanks for reviewing the Securing BGP blog entry - I hope you found it useful.While the vulnerabilities released as part of the Cisco Security Advisory Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities"" appear similar they are tied to BGP speakers supporting the four-octet AS number space whereas the vulnerability you referenced was independent of 2 or 4 byte AS numbers and was tied directly to long AS paths (i.e. roughly 250 AS numbers). Thanks again!!"