I don’t have any resources, but as a hobby homelab / networking guy with too much Mikrotik hardware at home, this is what I learned:
* There are a bunch of organizations responsible for distributing all IP ranges (i.e. ARIN and RIPE);
* Each of these ranges they assign, get a unique ASN;
* Once I have such an ASN, I can go to an ISP and say, “please broadcast this for me and route it to my network”
* ISP will verify whether you speak the truth (hopefully);
* They will add an entry in their route tables for your range, so that any traffic they receive is correctly routed to your port:
* They will start broadcasting your routes, using protocols such as RIP;
* They will then start broadcasting your IP ranges with their uplinks they peer with using BGP;
* The internet has now learned how to reach your servers behind your IP ranges.
This is a bit simplified, but in general is how I understand things work.
Would love it if someone with more knowledge on the matter can elaborate a bit on the BGP broadcasting part, and how ISPs protect against bad actors / scammers / whatever. I know there are recent improvements in BGP security, but it all still seems very insecure to me, and humans are still a critical factor here?
Additionally, I understand that BGP is necessary because typical route table entries being broadcasted using RIP etc are too narrow, too smal, and you want to be able to aggregate a whole bunch of routes into large blocks, which is what BGP is for? Did I get that right?
This is a huge help as a quick start on this subject. Thanks a lot.
Question: so if I want to host a web application at hosting provider X, and I have my own ASN and want to use my own IP addresses - I assume then that the hosting provider needs to "support BGP"? Is that accurate?
> I assume then that the hosting provider needs to "support BGP"? Is that accurate?
Indeed, one way or another, they need to support BGP which if they are using their own ASN and data center, they most likely already do but it's not 100% they allow their customers to use their own. Sometimes they advertise that they support BGP for their customers (like Vultr: https://www.vultr.com/docs/configuring-bgp-on-vultr/), sometimes they can provide the service to you if you ask nicely and sometimes they don't want anything to do with customer BGP.
* There are a bunch of organizations responsible for distributing all IP ranges (i.e. ARIN and RIPE);
* Each of these ranges they assign, get a unique ASN;
* Once I have such an ASN, I can go to an ISP and say, “please broadcast this for me and route it to my network”
* ISP will verify whether you speak the truth (hopefully);
* They will add an entry in their route tables for your range, so that any traffic they receive is correctly routed to your port:
* They will start broadcasting your routes, using protocols such as RIP;
* They will then start broadcasting your IP ranges with their uplinks they peer with using BGP;
* The internet has now learned how to reach your servers behind your IP ranges.
This is a bit simplified, but in general is how I understand things work.
Would love it if someone with more knowledge on the matter can elaborate a bit on the BGP broadcasting part, and how ISPs protect against bad actors / scammers / whatever. I know there are recent improvements in BGP security, but it all still seems very insecure to me, and humans are still a critical factor here?
Additionally, I understand that BGP is necessary because typical route table entries being broadcasted using RIP etc are too narrow, too smal, and you want to be able to aggregate a whole bunch of routes into large blocks, which is what BGP is for? Did I get that right?