The Napkin Session
In June 1989, Kirk Lougheed from Cisco Systems and Yakov Rekhter from IBM were at a meeting at the Interop conference in San Jose. During a lunch break, they grabbed a stack of ketchup-stained napkins and sketched out the core ideas behind a new routing protocol. That protocol became BGP — the Border Gateway Protocol. The original sketch was later referred to internally as the "two-napkin protocol."
RFC 1105, the first formal BGP specification, was published the same year. It described a system for routing traffic between autonomous systems (ASes) — the independent networks operated by ISPs, companies, universities, and governments that together compose the internet.
How BGP Works
Every autonomous system on the internet has a unique AS number. BGP is the language these systems use to tell each other which IP address ranges (prefixes) they can reach and the paths to get there. A BGP router at an ISP maintains a table of every reachable prefix on the internet — currently around one million entries — and the list of AS hops to reach each one.
When you visit a website, your ISP's BGP router looks up the destination IP, picks the best path based on the BGP table, and forwards the packet. That packet passes through multiple ASes, each making its own BGP routing decision, until it reaches the destination network.
The Trust Problem
BGP has no built-in mechanism to verify that a network actually owns the IP prefixes it announces. Any network operator can send a BGP announcement claiming to be the best path for any prefix — and neighboring routers will generally believe it. This is called a BGP hijack.
Hijacks happen for several reasons: misconfiguration (someone accidentally announces the wrong prefix), deliberate redirection (a state actor or criminal operator wants to intercept specific traffic), and route leak (a network re-announces routes it should keep internal, flooding the global routing table).
The China Telecom Incident, 2010
On April 8, 2010, China Telecom — a state-owned carrier — began announcing BGP routes for roughly 37,000 prefixes belonging to US government agencies, military networks, major corporations, and other foreign organizations. For approximately 18 minutes, a significant portion of global internet traffic was rerouted through Chinese networks.
Whether deliberate or a misconfiguration was never definitively established in public. The traffic was eventually returned to the correct paths. The incident highlighted just how fragile the trust model underlying global routing actually is.
RPKI: The Attempted Fix
Resource Public Key Infrastructure (RPKI) is a cryptographic system that allows network operators to sign their IP address allocations, creating Route Origin Authorizations (ROAs). BGP routers that validate ROAs can reject announcements from unauthorized sources.
Adoption is growing but still uneven. As of 2024, roughly 40–50% of global prefixes have valid ROAs, and only a fraction of networks perform "invalid" route filtering. The network that carries most of the internet's traffic was designed on two napkins with a handshake protocol, and retrofitting trust into it is a decades-long process.