By Tamber Ray, NTCA; Jerry Horton, Blue Valley Technologies; and Frank Bulk, Premier Communications
Right on the heels of the FCC adopting the Open Internet Order in April, in which the FCC concluded the agency has authority to regulate broadband services, today the FCC adopted a Notice of Proposed Rulemaking (NPRM) that would require all broadband providers to prepare and maintain a plan for implementing Border Gateway Protocol (BGP) for their Internet Protocol (IP) addresses. You are not alone if you just said, “Border what?” Even FCC Chairwoman Jessica Rosenworcel has referred to BGP as “the most important part of the Internet you’ve probably never heard of.”
For those unfamiliar with this area of the internet, BGP is the underlying protocol the internet relies upon for routing internet traffic to Internet Protocol (IP) addresses, or numbers, that correspond to individual web addresses (e.g., www[.]fcc[.]gov = 104.81.181.217 in IPv4 or 2600:1409:9800:18b::132d in IPv6).
To understand BGP, consider how the logistics of FedEx are designed. Much like an IP address, the shipping address indicates the location of the sender. Likewise, the delivery address indicates the intended final destination of the package; however, neither the shipping nor the delivery address dictates the path the package should (or does) take.
IP addresses such as fcc[.]gov are a bit like a house or apartment number – they indicate a single point on the internet. Autonomous System Numbers (ASN), on the other hand, are used to identify a group of systems or IP addresses because every internet router does not need to know the location of every IP address; instead, ASNs are used to let the rest of the internet know where to find the IP address they are looking for. Route Origin Authorization (ROA) allows IP address prefix owners to create a digital record demonstrating their Autonomous System is authorized to originate a certain IP prefix. Route Origin Validation (ROV), meanwhile, uses ROAs to ensure that IP addresses match the entity that registered the IP prefix. Prefixes that match the ROA will be passed on through the internet while those that do not will be dropped.
In this manner, BGP routing uses ASNs to make routing decisions much like any shipping company uses ZIP codes to find which regional distribution center is closest to the recipient’s address. For instance, the shipper’s zip code directs FedEx to the local FedEx station where the package is initially bound. ROA is similar to the customer placing items into a prescribed envelope or box with all key identification pieces filled out. ROV, then, is the FedEx processing facility confirming the source or origin of the package.
FedEx will use the delivery zip code on the package to plan a route to the distribution center closest to the recipient, although the route used to deliver the package may change depending on circumstances such as weather. Each package will have to pass through at least two distribution centers, one at the shipper’s end and another at the delivery end, as well as one or more shipping hubs. Similarly, BGP routing relies upon knowledge of the ASNs connected to the router or information reported by other BGP routers to identify the most efficient path for routing IP traffic. As those conditions change due to router outages, bandwidth utilization or other circumstances which may restrict or interrupt traffic flow, BGP must respond to the information, possibly rerouting the traffic.
Due to the digital nature of the Internet as well as its accessibility by any user, federal agencies are concerned that malicious actors could cause Internet traffic to be intercepted or rerouted to the detriment of individuals, businesses, or national security. As a result, the FCC believes that the rules proposed in the NPRM are an important step toward securing the Internet.
What does this mean for small broadband providers? The FCC proposes to require all providers to create a plan that describes the “specific efforts they have made, and further plan to undertake, to create and maintain ROAs” and “the extent to which the service provider conducts ROV filtering at interconnection points.” (BGP Plan) Small broadband providers do not have to file their BGP Plan with the FCC but must make their Plan available if requested by the FCC.
Comments on the NPRM will be due 30 days following publication of the NPRM in the Federal Register. In our comments, we plan to address the FCC’s proposal to require broadband providers’ contracts for internet routing to include a requirement that the IP address prefixes have ROAs as well as the FCC’s proposal to look at ways to remove hurdles for creating ROAs.
Please reach out with any thoughts or questions on this NPRM.