
Summarise this article with:
The Short Answer
Every network on the internet has a unique Autonomous System Number (ASN), and the Border Gateway Protocol (BGP) is how those networks tell each other where to send traffic. When a router in Pakistan announced it could reach YouTube's servers faster than YouTube itself could, BGP believed it, and YouTube disappeared globally for nearly two hours. That is not a bug story. It is how BGP was designed to work, and understanding that design explains both the protocol's power and its vulnerabilities.

What Is an Autonomous System?
An Autonomous System (AS) is a large network, or group of networks, managed by a single organization that presents a unified routing policy to the rest of the internet. The internet is not one giant network. It is roughly 80,000 autonomous systems, all interconnected.
Organizations that operate autonomous systems include:
- Internet Service Providers (Comcast, AT&T, Deutsche Telekom)
- Cloud and hosting providers (AWS, Google Cloud, Cloudflare)
- Large enterprises (Apple, Microsoft, banks)
- Content delivery networks (Akamai, Fastly)
- Academic networks (universities, research institutions)
Each autonomous system is identified by a unique Autonomous System Number (ASN). You can look up which ASN owns any IP address with the ASN Lookup tool, which shows the organization name and the IP prefixes that AS announces.
ASN Format
Originally, ASNs were 16-bit numbers (1 to 65535). As the internet grew, 32-bit ASNs were introduced (up to 4,294,967,295) via RFC 6793. Both formats remain in active use. As of 2026, approximately 80,000 ASNs are visible and active in the global BGP routing table.
ASNs are allocated by Regional Internet Registries (RIRs):
| RIR | Region |
|---|---|
| ARIN | North America |
| RIPE NCC | Europe, Middle East, Central Asia |
| APNIC | Asia Pacific |
| LACNIC | Latin America, Caribbean |
| AFRINIC | Africa |
What Is BGP?
BGP (Border Gateway Protocol, defined in RFC 4271) is the protocol that autonomous systems use to exchange routing information with each other. It is often called "the routing protocol of the internet." BGP runs over TCP on port 179.
BGP is a path-vector protocol. Each AS announces to its neighbors which IP address prefixes it can reach and the sequence of ASNs traffic would pass through to get there. Routers make forwarding decisions based on these announcements and on local policy.
How BGP Works: A Simple Example
- AS65001 (your ISP) wants to reach IP prefix 198.51.100.0/24, which belongs to AS65003 (a web hosting company).
- AS65003 announces to its neighbors: "I can reach 198.51.100.0/24. The path is AS65003."
- AS65002 (a transit provider connected to AS65003) re-advertises: "I can reach 198.51.100.0/24. The path is AS65002, AS65003."
- AS65001 learns it can reach 198.51.100.0/24 via AS65002, which forwards to AS65003.
- If AS65001 receives multiple paths to the same prefix, it picks the best one using BGP's selection algorithm.
The AS-PATH list also serves as a loop-prevention mechanism. If a router sees its own ASN already in the path, it discards the advertisement.
BGP Path Selection
When a BGP router receives multiple routes to the same prefix, it picks the best one using criteria in roughly this order:
- Highest Local Preference: A locally configured value (higher wins). Used to express internal policy.
- Shortest AS Path: Fewer AS hops usually means a more direct route.
- Lowest Origin Type: Routes originated within the AS are preferred over imported ones.
- Lowest MED (Multi-Exit Discriminator): A hint from a neighboring AS about its preferred entry point.
- eBGP over iBGP: External BGP routes are preferred over internal ones.
- Lowest IGP metric to next hop: The closest exit from the local AS.
- Lowest Router ID: A final tiebreaker.
iBGP vs. eBGP
BGP operates in two contexts:
- eBGP (External BGP): Used between different autonomous systems. This is what most people mean when they say "BGP."
- iBGP (Internal BGP): Used within a single AS to distribute routes learned from eBGP peers to all internal routers.
Internet Peering and Transit
Peering
Peering is a settlement-free arrangement where two autonomous systems agree to exchange traffic directly. Peering typically happens at Internet Exchange Points (IXPs) or through direct private connections. Both sides benefit without either paying the other.
A large ISP and a popular content provider might peer at several IXPs. The ISP's customers get faster access to the content, and the content provider avoids paying transit costs.
Transit
Transit is a paid arrangement where one AS (the transit provider) carries another AS's traffic to the rest of the internet. A small regional ISP pays a transit provider for access to the full internet. That transit provider in turn has peering arrangements that reach the rest of the global routing table.
Tier 1 Networks
A Tier 1 network is an AS that can reach every other network on the internet solely through settlement-free peering. There is no official authority that grants Tier 1 status. Commonly cited members of this group include Lumen, Arelion (formerly Telia Carrier), NTT, Cogent, GTT, and Tata Communications, among others. The exact list shifts as business arrangements change.
You can trace the path your traffic takes through these networks with the Traceroute tool, and check each hop's AS with ASN Lookup.
The 2008 YouTube Hijack: BGP as a Cautionary Tale
This is the clearest demonstration of BGP's trust problem, and it is worth walking through in detail.
On February 24, 2008, the government of Pakistan ordered ISPs to block access to YouTube. Pakistan Telecom (AS17557) complied by creating a static route that pointed YouTube's prefix toward a dead end, intending only to affect its own customers. The prefix at issue was 208.65.153.0/24, a more specific (smaller) route than the 208.65.152.0/22 that YouTube itself was announcing.
Here is where BGP's longest-prefix-match rule became the problem. BGP always prefers the most specific matching route. Pakistan Telecom began advertising 208.65.153.0/24 to its upstream provider, PCCW Global (AS3491). PCCW accepted the advertisement without validating whether Pakistan Telecom actually owned that prefix, and propagated it to its peers worldwide.
The entire global BGP routing table accepted the update in under two minutes. Traffic destined for YouTube's servers began flowing into Pakistan Telecom's network, which discarded it. YouTube was unreachable across most of the internet. At 21:01 UTC, PCCW withdrew all routes originating from AS17557, ending the hijack. The outage lasted approximately one hour and forty-two minutes.
Nobody broke a rule. BGP behaved exactly as designed. The design simply did not include a way to verify whether Pakistan Telecom was authorized to announce YouTube's addresses.
My rule when an IP address or a route looks suspicious: check its ASN first using the ASN Lookup tool, then trace the actual path with Traceroute to see whether traffic is going where it should.
Other BGP Incidents
The YouTube hijack is the most-studied example, but it is not the only one.
China Telecom 2010 (Route Leak)
In April 2010, China Telecom's AS23724 originated approximately 37,000 prefixes it did not control, affecting roughly 15 percent of global internet traffic for about 18 minutes. Research suggests this was most likely a misconfiguration rather than an intentional act. The affected prefixes included US government and military sites, as well as addresses belonging to companies like Microsoft and Dell. It is often called a "route leak" rather than a hijack, though the practical result is the same: traffic going to the wrong place.
Facebook, October 4, 2021 (BGP Misconfiguration)
During a routine maintenance operation, Facebook triggered a bug that caused all of its BGP routes to be withdrawn. Facebook's authoritative DNS nameservers were designed to pull their own BGP routes if they lost connection to Facebook's data centers, so when the backbone disconnected, DNS became unreachable too. Facebook, Instagram, WhatsApp, and related services were completely unavailable for approximately six hours. Because internal engineering tools also relied on the network, the team had difficulty even connecting to the equipment needed to fix the problem.
BGP Security: RPKI and Route Validation
The Core Problem
BGP was designed during an era of implicit trust between network operators. There is no built-in mechanism to verify that an AS is actually authorized to originate a given IP prefix. Any AS can announce any prefix, and peers will accept it unless they have deployed additional filtering.
Resource Public Key Infrastructure (RPKI)
RPKI is the primary technical solution. It lets IP address holders cryptographically sign Route Origin Authorizations (ROAs), which state which ASN is authorized to originate a specific prefix.
How it works:
- The IP address owner creates a ROA signed with their RPKI certificate, stating which AS may announce a given prefix.
- This ROA is published in a repository maintained by the relevant RIR.
- BGP routers download and validate ROAs, then classify incoming announcements as Valid (matches a ROA), Invalid (contradicts a ROA), or Not Found (no ROA exists for this prefix).
- Routers configured for Route Origin Validation can reject Invalid announcements.
If RPKI had been deployed in 2008, a router receiving Pakistan Telecom's advertisement of 208.65.153.0/24 would have seen it classified as Invalid (wrong originating AS) and dropped it.
RPKI Adoption Today
Adoption has grown significantly. As of early 2025, more than half of IPv4 routes (roughly 51%) and IPv6 routes (roughly 57%) in the global routing table are covered by ROAs. Kentik estimates that around 74% of IP traffic volume goes to ROA-covered destinations, meaning major content providers have broadly adopted RPKI. Full deployment across all operators is still incomplete, which means BGP hijacking remains possible on less-protected parts of the internet.
Practical BGP Tools
Looking Glass Servers
Many networks operate "Looking Glass" servers that let you query their BGP routing tables remotely. This is useful for seeing how your routes appear from different vantage points around the internet.
Command Line (for network operators)
# Show BGP routing table (Cisco IOS)
show ip bgp
# Show BGP neighbors
show ip bgp neighbors
# Show routes for a specific prefix
show ip bgp 198.51.100.0/24Online Tools
The ASN Lookup tool shows the organization name, RIR registration details, and the IP prefixes announced by any AS. You can also check IP-level registration details with WHOIS Lookup, and understand how traffic is traversing ASes end-to-end with Traceroute.
For context on how addresses are subdivided within an AS, Subnet Calculator Guide explains CIDR notation and prefix length.
How BGP Affects You
Even if you are not a network operator, BGP shapes your internet experience daily:
- Website outages: When BGP routes are withdrawn or hijacked, websites become unreachable even if the servers are running. The problem is that nobody can find them.
- Performance variation: BGP path selection determines whether your traffic takes an efficient, direct path or a slow, circuitous one. Peering arrangements between ASes affect latency on specific routes.
- Privacy exposure: A BGP hijack can redirect unencrypted traffic through a network controlled by an unknown party. HTTPS protects the content, but the fact that you made the connection is still visible.
- Geographic routing: CDNs rely on BGP to route users to the nearest server. Routing anomalies can land you on a server in the wrong region.
Frequently Asked Questions
How do I find the ASN for an IP address?
Use the ASN Lookup tool. Enter any IP address and it returns the ASN, the organization name, the RIR that allocated it, and the IP prefixes that AS is announcing. You can also use a WHOIS query, which will include the originating ASN in the routing information section.
What is the difference between an ASN and an IP address?
An IP address identifies a specific device or interface on a network. An ASN identifies the organization or network that controls a block of IP addresses. One AS typically owns thousands or millions of IP addresses. The ASN is used by BGP to describe who originates a route, while the IP address is the actual destination of a packet.
Is BGP hijacking illegal?
In most jurisdictions there is no law that specifically criminalizes BGP hijacking. Whether a hijack is intentional or accidental, the act of misrouting internet traffic could potentially be prosecuted under computer misuse or fraud laws in some countries, but enforcement is rare and jurisdictional overlap makes prosecution difficult. The 2008 Pakistan Telecom incident is believed to have been accidental in its global scope (intended as a domestic block), and no criminal charges resulted.
Can RPKI stop all BGP hijacks?
Not yet. RPKI verifies the origin AS of a route, which would have stopped the 2008 YouTube hijack. It does not verify the full AS path, so a more sophisticated attack that uses a valid origin AS as cover can still succeed. A complementary standard called ASPA (Autonomous System Provider Authorization) is being developed to validate the path as well, but it is in early deployment. Until all operators adopt both, RPKI reduces risk without eliminating it.
How do I look up who owns an ASN?
Use the ASN Lookup tool for quick lookups. For detailed registration information, including contact details and date of allocation, you can also query the relevant RIR's WHOIS database directly. ARIN handles North American ASNs, RIPE NCC covers Europe and the Middle East, APNIC covers Asia Pacific, LACNIC covers Latin America, and AFRINIC covers Africa.
Sources
- YouTube Hijacking: A RIPE NCC RIS Case Study
- Understanding How Facebook Disappeared from the Internet, Cloudflare Blog
- Exploring the Latest RPKI ROV Adoption Numbers, Kentik
- Chinese ISP Hijacked the Internet, BGPmon
- RFC 4271: A Border Gateway Protocol 4 (BGP-4), IETF
- Pakistan Hijacks YouTube: A Closer Look, CircleID
WhatIsMyLocation Team
Our team of network engineers and web developers builds and maintains 25+ free networking and location tools used by thousands of users every month. Every article is reviewed for technical accuracy using real-world testing with our own tools.
Related Articles
Try Our Location Tools
Find your IP address, GPS coordinates, and more with our free tools.