What is Border Gateway Protocol (BGP) security?

Answer

BGP lacks built-in security — anyone can announce any prefix, leading to routing incidents. BGP hijacking occurs when a malicious or misconfigured AS announces prefixes it does not own, redirecting traffic. Famous examples: Pakistan Telecom's 2008 YouTube hijack, Amazon Route 53 BGP hijack in 2018. BGP route leaks propagate routes to peers that should not see them, disrupting routing. Mitigations: RPKI (Resource Public Key Infrastructure) — cryptographically validates that ASes have authorization to announce specific IP prefixes via ROA (Route Origin Authorization) records; ROV (Route Origin Validation) drops invalid announcements. IRR (Internet Routing Registry) filtering — filter based on published routing policies. MD5 authentication on BGP sessions — prevents session hijacking. Prefix filtering — only accept expected prefixes from each peer. MANRS (Mutually Agreed Norms for Routing Security) — industry initiative for routing security practices. RPKI adoption is growing but still not universal.