Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A routing protocol that advertises the full path of networks to a destination; BGP is the prime example, using AS-path to pick routes and stop loops.
Path Vector Protocol Definition: A routing protocol that advertises the full path of networks to a destination; BGP is the prime example, using AS-path to pick routes and stop loops.
A path vector protocol is a routing protocol that makes routing decisions based on the entire path of networks a route traverses, rather than just hop count (distance vector) or full topology maps (link state). Each route advertisement carries a list of the autonomous systems it has passed through. Border Gateway Protocol (BGP), the routing protocol of the internet, is the defining example.
Mechanically, when BGP advertises a route, it appends its own autonomous system number (ASN) to the route's AS-path attribute. Receiving routers examine this path to choose among routes and, critically, to prevent loops: if a router sees its own ASN already in the AS-path, it rejects the route. Routers select the best path using a sequence of attributes, often preferring the shortest AS-path, but heavily influenced by policy attributes like local preference, MED, and weight. This policy-driven, path-aware behavior lets independently operated networks exchange reachability while enforcing their own business and routing rules.
From a security perspective, path vector routing is foundational to internet scale but also a notable attack surface. Because BGP historically trusts advertised paths, attackers or misconfigurations can cause route hijacking (announcing IP prefixes they do not own) or path manipulation to intercept or black-hole traffic. Defenses include prefix filtering, RPKI (Resource Public Key Infrastructure) to validate route origins, and emerging path-validation work like BGPsec. Authenticated peering and route filtering at boundaries are essential to limit malicious or accidental route injection.
For example, two internet service providers establish a BGP peering session. ISP A advertises its customer's network with an AS-path containing only its own ASN; ISP B receives it, prepends its ASN, and passes it to its peers. When that advertisement eventually loops back toward ISP A, ISP A sees its own ASN already present in the AS-path and discards the route, preventing a routing loop. If a third network tried to hijack the prefix, RPKI origin validation would let peers detect that the unauthorized AS is not the legitimate origin and drop the bogus announcement.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →