BGP for Beginners: How Internet Routing Actually Works

BGP — the Border Gateway Protocol — is the routing protocol that makes the global internet work. Unlike interior routing protocols such as OSPF or EIGRP that operate within a single organisation's network, BGP operates between organisations, exchanging reachability information so that every network on the planet knows how to reach every other network. Without BGP, the internet would fragment into thousands of disconnected islands. For IT resellers, understanding BGP is essential whenever you design multi-homed WAN solutions, work with data centre connectivity, or troubleshoot why a client's traffic is taking an unexpected path to reach a cloud provider.

An Autonomous System (AS) is a collection of IP networks under the control of a single administrative entity that presents a common routing policy to the internet. Every AS is identified by a unique AS Number (ASN) — a 32-bit integer assigned by a Regional Internet Registry such as APNIC for the Asia-Pacific region. Major Australian ISPs like Telstra (AS1221), Optus (AS7474), and Vocus (AS4826) each have their own ASNs, as do large enterprises and data centre operators. BGP's job is to build a table of all reachable prefixes (IP address blocks) and the AS-path needed to reach each one.

When you peer with an ISP using BGP, your router advertises your IP prefixes and receives their prefixes (or the full global routing table, which currently exceeds one million IPv4 routes). Each route carries an AS-path attribute listing every AS the route has traversed. This path information is how BGP prevents routing loops — if a router sees its own ASN in the path, it discards the route. The AS-path also forms the primary basis for BGP's path selection: shorter paths are generally preferred over longer ones.

External BGP (eBGP) runs between routers in different autonomous systems — for example, between your edge router and your ISP's router. eBGP sessions are typically established over directly connected links, and the TTL of BGP packets is set to 1 by default (though multi-hop eBGP is possible). Routes learned via eBGP have their next-hop set to the peer's IP address, and the advertising router prepends its own ASN to the AS-path before sending the route.

Internal BGP (iBGP) runs between routers within the same autonomous system. iBGP is used to distribute externally learned routes to all BGP-speaking routers inside your network. A key rule of iBGP is that routes learned from one iBGP peer are not re-advertised to another iBGP peer — this prevents loops but means that every iBGP router must peer with every other iBGP router (a full mesh), or you must use route reflectors or confederations to reduce the peering complexity. In most SMB and mid-market deployments, a pair of route reflectors is sufficient.

BGP often receives multiple paths to the same destination prefix from different peers. The BGP best-path selection algorithm evaluates these candidates using an ordered list of criteria. First, it prefers the route with the highest local preference (a value set by your own policy to favour certain paths). Next, it prefers the route with the shortest AS-path. Then it considers the origin type (IGP over EGP over incomplete), followed by the lowest MED (Multi-Exit Discriminator, a hint from your neighbour about their preferred entry point). After that, eBGP routes are preferred over iBGP routes, and finally the route with the lowest IGP metric to the next-hop wins.

Understanding this hierarchy is crucial because it tells you exactly which knobs to turn when engineering traffic. If you want outbound traffic to prefer ISP-A over ISP-B, you increase the local preference for routes learned from ISP-A. If you want to influence inbound traffic (how the internet reaches you), you use AS-path prepending to make certain paths look longer, or advertise more-specific prefixes via your preferred ISP. These are the everyday tools of BGP traffic engineering, and they give multi-homed businesses fine-grained control over their internet connectivity.

Transit is a commercial relationship where you pay an ISP to carry your traffic to the rest of the internet. Your transit provider announces your prefixes to their peers and upstream providers, giving you global reachability. This is the standard model for most businesses. Peering is a mutual arrangement between two networks to exchange traffic destined for each other's customers at no cost (settlement-free peering) or at a reduced cost. Peering happens at Internet Exchange Points (IXPs) — in Australia, the key exchanges are IX Australia (formerly PIPE Networks) with presence in Sydney, Melbourne, Brisbane, Adelaide, and Perth.

For IT resellers designing WAN solutions, the distinction matters. A client with a single transit provider has a single point of failure and limited path diversity. Adding a second transit provider (multi-homing) provides redundancy and allows BGP to select the best path for each destination. Clients with significant traffic volumes — such as SaaS providers or content platforms — can reduce costs further by peering directly with major content networks (Google, Microsoft, Cloudflare) at an IXP, offloading that traffic from their paid transit links.

Multi-homing — connecting to two or more ISPs — is the primary reason a business would run BGP on its own routers. Without BGP, switching between ISPs during a failure requires manual intervention or clumsy static route failover. With BGP, if one ISP link goes down, the router withdraws its prefix advertisement via that ISP and traffic automatically re-routes through the remaining provider. The failover is seamless and typically completes within seconds (or faster with BFD — Bidirectional Forwarding Detection — enabled).

To run BGP as an end-site, you need your own ASN and at least a /24 IPv4 prefix (the minimum globally routable block). In Australia, APNIC allocates ASNs and IP space. The process involves becoming an APNIC member (or getting a sub-allocation from your ISP) and justifying your need for address space. For many SMBs, the simpler alternative is to use provider-assigned (PA) address space from each ISP and rely on NAT or DNS-based failover. However, this means your public IP addresses change during a failover, which can disrupt inbound services. Owning your own prefix with BGP means your IP addresses stay the same regardless of which ISP is carrying the traffic.

BGP was designed in an era of mutual trust between network operators, and it has no built-in mechanism to verify that a route announcement is legitimate. This has led to high-profile incidents where networks accidentally (or maliciously) advertised prefixes belonging to someone else, hijacking traffic. Resource Public Key Infrastructure (RPKI) addresses this by allowing prefix holders to cryptographically sign Route Origin Authorisations (ROAs) that specify which ASN is authorised to originate a given prefix. Routers that perform Route Origin Validation (ROV) can then reject or deprioritise invalid announcements.

In Australia, APNIC has been a strong advocate for RPKI adoption. If you are helping a client obtain their own IP space, encourage them to create ROAs in the APNIC portal from day one. Additionally, always configure inbound route filters on your BGP sessions — accept only the prefixes your ISP is supposed to send, and limit the maximum number of prefixes accepted. These basic hygiene measures protect your network from accidental route leaks and reduce the blast radius of upstream misconfigurations.