that any IP address beginning with “129.6” (addresses between the range 129.6.0.0 - 129.6.255.255)
belongs to NIST. In other words, anything after the leftmost 16 bits can be used in combination with the
leftmost 16 bits to designate an IP address for the NIST network. In binary, 129.6.0.0 is 1000 0001 0000
0110 0000 0000 0000 0000, so if the address block were given as 129.6.0.0/15, then anything after the
first 15 bits would be available, so the range would be 129.6.0.0 – 129.7.255.255, because the second byte
could be either 0000 0110 (decimal 6) or 0000 0111 (decimal 7). The size of an address block A/n is 2
32-n
.
For example, 129.6.0.0/16 is of size 2
32-16
= 2
16
= 65,536, so NIST has 65,536 possible addresses.
The significance of address block sizes for routing is that more specific addresses are normally more
efficient because more specific addresses specify a smaller block of addresses. For example, just as if we
are sending a package from Los Angeles to Baltimore, it is better to use a truck going to Maryland than
one that we only know is going somewhere on the East Coast. A “/m” block is 2
n-m
times as large as a
more specific /n block (m<n). For example, suppose one router advertises that it can reach addresses in
the range 129.6.0.0/16, and another announces 129.6.2.0/23. If an address of 129.6.3.164 is sent, the
second router would normally be preferred, because the /16 address space is 2
7
= 128 times as large as the
/23 space (2
23
= 2
16
x 2
7
). This is one reason why routers are configured to give preference to the most
specific addresses. Normally this practice makes routing more efficient, but when overly specific
addresses are announced by mistake, routers can be overloaded (see for example Section 3.2.5).
2.3 How BGP Works
A set of computers and routers under a single administration, such as a university or company network, is
known as an autonomous system (AS). AS numbers are managed by the Internet Corporation for
Assigned Names and Numbers (ICANN), a non-profit organization established by the U.S. Department of
Commerce, which authorizes Internet registration organizations to assign AS numbers. As of May 2007,
the Internet included more than 25,000 advertised ASes [20]. Packets that make up an Internet
transmission, such as a request for a Web page, are passed from one autonomous system to another until
they reach their destination. BGP’s task is to maintain lists of efficient paths between ASes. The paths
must be as short as possible, and must be loop-free. BGP routers exchange and store tables of
reachability data, which are lists of AS numbers that can be used to reach a particular destination network.
Figure 2-1 reflects the growth of BGP routing tables from 1989 – 2007. Active BGP entries (i.e., the
number of reachable prefixes) in the Forwarding Information Base (FIB) table are currently approaching
300,000. The reachability information sent between ASes is used by each AS to construct graphs of
Internet paths that are loop-free and as short as practical.
Each AS will have many routers for internal communication, and one or more routers for communications
outside the local network. Internal routers use internal BGP (iBGP) to communicate with each other, and
external routers use external BGP (eBGP). (iBGP and eBGP are the same protocol, but use different
routing rules; iBGP does not advertise third-party, outside routes.) Any two routers that have established
a connection for exchanging BGP information are referred to as peers. BGP peers use TCP, the same
protocol used for email and Web page transmissions, to exchange routing information in the form of
address prefixes that the routers know how to reach, plus additional data used in choosing among
available routes. When a BGP router starts, it attempts to establish sessions with its configured peer
routers by opening connections to port 179, the standard (or “well known”) BGP port. The router
attempting to establish the connection receives packets on a random port number greater than 1024
(referred to as an ephemeral port).
Autonomous systems can be categorized as either transit or non-transit. A transit AS is one with
connections to multiple peer ASes, which will pass transit traffic between ASes. Large Internet service
providers typically function as transit ASes. In most cases it will be easier to secure a non-transit AS
because it is connected to only one neighbor AS. A transit AS, with multiple connections, can be more
2-2