What Is BGP? A Plain-English Guide for UK IT Managers
BGP (Border Gateway Protocol) is the routing system that holds the internet together. This guide explains BGP, BGP hijacking, and why UK businesses should monitor BGP events.
BGP: The Internet's Postal Service
Border Gateway Protocol (BGP) is the routing protocol that connects the internet's autonomous systems β the thousands of networks operated by ISPs, cloud providers, universities, and enterprises. If DNS is the internet's address book, BGP is its postal sorting system: it decides which path your data packets take to reach their destination.
BGP is spoken between routers at internet exchanges β including the London Internet Exchange (LINX), the UK's largest IX by traffic volume. Every UK ISP, cloud provider, and large enterprise participates in BGP to announce their IP address ranges to the rest of the world.
How BGP Works
Each network on the internet is assigned an Autonomous System Number (ASN). BT's ASN is AS2856. Sky Broadband is AS5607. Amazon Web Services UK uses several ASNs including AS16509. These networks use BGP to advertise which IP prefixes they can route traffic to.
When you visit a UK website, your ISP's routers consult their BGP routing tables to find the most efficient path. If the destination network announces its prefixes correctly, your traffic arrives. If those announcements are missing, incorrect, or hijacked, your traffic fails or gets redirected.
BGP Hijacking: The Hidden Threat
BGP hijacking occurs when a network announces IP prefixes that it does not legitimately own. This can redirect internet traffic through the hijacker's infrastructure β enabling eavesdropping, traffic interception, or denial of service.
BGP hijacks are not theoretical. Notable incidents affecting UK users include the 2022 redirect of traffic through Russian infrastructure and multiple incidents affecting major cloud providers. In most cases, the hijack is accidental (a configuration error) rather than malicious β but the effect on affected users is the same.
BGP Leaks
A BGP route leak occurs when a network incorrectly re-advertises routes it has received, causing unexpected traffic flows. The 2019 Cloudflare BGP leak β caused by a misconfigured router at a small ISP β disrupted internet access for millions of users globally for approximately 90 minutes.
How VP Pulse Monitors BGP
VP Pulse pulls live BGP event data from RIPE RIS (Routing Information Service), the European internet registry that aggregates BGP announcements from hundreds of monitoring points. The BGP Activity tile shows:
- Recent BGP announcements and withdrawals affecting UK IP space
- Unusual routing events that may indicate hijacking or leaks
- New ASN-to-prefix associations that deviate from expected routing
- Volume of BGP updates β a spike often precedes or accompanies a network incident
RPKI: The BGP Security Fix
Resource Public Key Infrastructure (RPKI) allows networks to cryptographically sign their BGP route announcements. Routers that validate RPKI can reject hijacked or invalid announcements before they propagate. RIPE NCC (the European internet registry) operates RPKI services for UK networks.
UK adoption of RPKI is growing but not universal. If you operate a network, contact your upstream provider or RIPE NCC about enabling RPKI origin validation.
What UK IT Managers Should Do
- Monitor BGP announcements for your organisation's ASN and IP ranges
- Ask your ISP or hosting provider if they validate RPKI
- Subscribe to BGP monitoring alerts via RIPE NCC or RouteViews
- Use VP Pulse's BGP tile to track live events affecting UK internet routing
- For financial services firms: work with your WAN provider to implement BGP communities for traffic engineering
VP Pulse displays live BGP events from RIPE RIS on its main dashboard. Unusual spikes in BGP activity often correlate with the internet incidents you read about in the tech press β you can see them forming in real time.