Warnings about the risks inherent in BGP are almost as old as the protocol itself. “I knew that routing security was a problem,” Columbia University computer scientist Steven M. Bellovin said. “Seeing this conceptually is fairly easy and straightforward. Sorting it out in terms of the engineering is fiendishly difficult.”
Rekhter, an immigrant to the United States who once played in an underground rock band in the Soviet Union, said security “wasn’t even on the table” when he sat down with his soft-spoken co-inventor, Kirk Lougheed, for lunch during an engineering conference in January 1989.
This was an era when hacks were rare and the toll modest. Lougheed recalled: “In the early days of the Internet, getting stuff to work was the primary goal. There was no concept that people would use this to do malicious things. . . . Security was not a big issue.”
The big issue of the day was the possibility that the Internet might break down. A halt in its furious expansion would have hurt the network’s users and the profits of companies supplying gear and services. Rekhter at the time worked for computing giant IBM; Lougheed was a founding employee of Cisco, maker of networking hardware.
“We needed to sell routers. And we had a strong economic motive to make sure this party would continue,” Lougheed said. “When Yakov and I showed up with a solution and it seemed to work, people were quite willing to accept it because they didn’t have anything else.”
There were other efforts underway to build routing protocols. BGP won out because it was simple, solved the problem at hand and proved versatile enough to keep data flowing as the Internet doubled in size, again and again and again. Networks across the world embraced the protocol, giving it an edge it has never relinquished.
Once technologies are widely deployed, they become almost impossible to replace because many users — including paying customers of technology companies — rely on them and resist buying costly new hardware or software. The result can be a steady buildup of outdated technology, one layer on top of another. It’s as if today’s most important bank vaults sit on foundations of straw and mud.
Pakistan crashes YouTube
In an online world rife with insecurity, the problems with BGP are among the most confounding. For a taste of why, visit the third floor of a drab office block on the outskirts of Hanover, N.H. There, Doug Madory spends his days marveling at the crazy things that happen on the Internet — a man-made creation that increasingly defies human understanding.
Madory and his colleagues at Dyn, an online performance research firm, attempt to make sense of the madness by sending 450 million trace routes each day to track how the Internet is flowing. He compares the trace routes — tiny bits of data set loose online — to pieces of dust whose movements reveal larger forces at work.
One recent day, Madory was trying to figure out why some Chinese Internet traffic was flowing through Belarus. Another day, it was British Internet traffic — including some intended for that nation’s Atomic Weapons Establishment, a nuclear weapons laboratory — flowing through Ukraine. Both cases, Madory figured, probably were the results of mistakes, but there was no way to be sure.
“This happens all day long,” says Madory, a gregarious former Air Force officer with short hair and stylish, squared-off eyeglasses. “Anything can happen, and it usually does.”
Diversions of Internet traffic, even unintentional ones, can cause massive problems throughout the network. Perhaps the most famous accident came in February 2008, when a Pakistani Internet provider tried to block YouTube after the government deemed a video’s depiction of the prophet Muhammad offensive.
When the Pakistani company attempted to carry out the government’s order, it made a mistake in configuring its BGP messages to the rest of the Internet. The result was that most of YouTube’s worldwide traffic was sent to Pakistan. The crush of data overwhelmed the servers there and disrupted YouTube for two hours.