Network Discovery with BGP
So now we're going to discuss BGP. BGP stands for Border Gateway protocol, it's the underlying routing protocol of the internet. Routers on the internet run BGP and they peer between each other. Each ISP/company has an ASN which is assigned by ARIN or their local registry (APNIC, LACNIC, AFRINIC, RIPE) .
Routes are transferred between hosts with the gateway set on the router which is able to reach the destination. Often routes aren't direct and require going through multiple routers, which leads to something called an AS-path which is basically a list of the ISPs/routers you will be taking to get to the destination.
For example 126.96.36.199/8 entirely belongs to MIT and MIT has an ASN of 3 (AS3). So a route to MIT would look like this:
*> 188.8.131.52 184.108.40.206 0 12714 3549 1239 3 i
12614 3549 1239 and 3 are the ASNs taken to get to MIT from that router. Those are what are called transit asn's meaning traffic can go through them to reach other networks they are attached to. Most ISP routers receive and broadcast what are known as full tables, a full list of all IP prefixes on the public internet. There's currently around 350,000 routes in the public internet .
Due to the "public" nature of the routing tables, they can come in use for looking up what networks belong to a certain ASN. If you have the ASN of the company or organization you are trying to find out more about, then you can easily find out what netblocks they are announcing.
To get this information, lets use this list: http://thyme.apnic.net/current/data-used-autnums. That list is updated every 8 hours by apnic. This is basically a mapping of ASN to organisation, you can usually grep -i for a big organisation to find it's asn. Asn is the number, anything after that is the description of the asn.
372 National Aeronautics and Space Administration 377 Sandia National Laboratories 523 Army Information Systems Command 825 Canadian Forces Weather Services
You can find a list of what netblocks each asn is announcing here. Another useful resource is: http://thyme.apnic.net/current/data-raw-table. Once you find the asn of an organization, you can take the other file and: grep -w ASNHERE$ data-raw-table.
1.0 - Introduction
Basically you have a group of routers you are in charge of and you assign them an ASN by your local ANS registrar. The ASN is used to configure the BGP which is used to announce their ASN numbers along with what IP address blocks they own to your BGP peers. You then use the BGP numbers to configure your router peer list. In otherwords, they are telling other routers on the internet to rotue all packets destined to a certain IP address block to.
Example BGP Configuration
router bgp 65111 synchronization bgp log-neighbor-changes network 172.16.11.4 mask 255.255.255.252 network 172.16.11.12 mask 255.255.255.252 network 172.16.11.16 mask 255.255.255.252 network 172.16.190.0 mask 255.255.255.0 neighbor 172.16.11.5 remote-as 64667 neighbor 172.16.11.14 remote-as 64666 neighbor 172.16.11.18 remote-as 65222 no auto-summary
Basically i am announcing all 4 of those routes to the 3 neighbors i have. Some of those neighbors have other neighbors that I am not directly connected to. The neighbor that I know will pass the route I announced to him and then he will pass that route along to the neighbors that I am not directly connected to.
Let's say, we have 3 routers, A, B and C. A is connected to B and then B is connected to C (A<->B<->C). For C to reach A, it has to know the route to A, which is given by the B router. The B router tells the C router, "I can talk to the network 220.127.116.11/24, route all packets destined to this network to me."
When the c router gets a packet to 18.104.22.168, it knows, "b router knows the route to this address, i should give this packet to him". C router then gives the packet to b router and b router sees that it needs to go to a router because a router knows where to send it next.
Thus, the point of BGP is to basically look at every path the packet can take and deliver it down the shortest path. The separation of the different networks is controlled by the use of an ASN.
Usually every ASN has a couple of routers under it, a couple to millions of router per ASN. For routing of the packet internally inside of an asn, an IGP is used, interior gate protocol.
2.0 - Example
You are an ASN owner, you have 100 routers, only 10 will provide access to the internet, the other 90 route data between sites. Every router controls a certin ip block or even a group of ip blocks. This is where the IGP comes in.
It's cool and all that you have 22.214.171.124/24 and 126.96.36.199/24 routing in your router but you also want to let the rest of your network know about them. So lets take RIP as an interior gateway protocol as it is similar to BGP in many ways.
With RIP, every router has an ID assigned between 1 and 255, the reason why RIP isn't suitable on large networks. With this ID, they tell all of the other routers what IP blocks they can route packets to.
Now, every other router(99) knows that any packets destined to 188.8.131.52 are destined to router id 1 because it is inside the 184.108.40.206/24 netblock that router 1 was announcing over RIP. RIP is also vulnerable to downgrade attacks or at least some implementations are. You can even make it send you the ripv1 2 way hash in some cases.
Every router cannot be connected to every other router because that would mean that every router would have 99 connections. Other reasons include physical connections and cost. Instead, you just lay fibre to a few buildings from each building. So that when you announce a route via RIP, it only goes to the directly attached routers.
Router 1 is telling other routers on the network to route packets destined to 220.127.116.11/24 to it since it is connected to only 5 networks directly. It only announces that route to thos networks. Then those networks let the networks they are attached to know that it knows to send packets to 18.104.22.168/24 to router id 1.
Every router looks at every packets ip, and looks for it on it's routing table. So lets say router 99 is connected to router 5, and router 5 is connected to router 1. Router 99 owns 22.214.171.124/24, router 5 owns 126.96.36.199/24 and router 1 owns 188.8.131.52/24.
The ip address 184.108.40.206, which is in 220.127.116.11/24 which belongs to router 99, makes a request to 18.104.22.168. The router checks it's routing table and sees that it cannot route the packet internally within the router so it checks to see if it can route it using an IGP.
It sees that 22.214.171.124/24 is announced from router 5 because router 5 sees that router 1 is announcing it. Router 5 then checks its local routing tables, sees that it cannot locally route it, and then sends it it to router 1 because router 1 is direecty connected to router 5.
3.0 - RIP
RIP is the micro routing protocol. RIP routes packets between individual router in a group. BGP routes packets between all of the different groups of routers on the internet. You configure it to redisrtribute the routes in it's RIP table to the BGP table and vice versa.