Interior vs. Exterior Gateway Protocols

The Internet's routing architecture embodies a fundamental principle: sovereignty with cooperation.

Inside your network, you're the king. You choose your topology, your equipment, your routing decisions. No one else gets a vote. Outside your network, you're a diplomat. You negotiate relationships, honor agreements, and accept that other networks make their own choices.

This isn't just organizational convenience—it's the architecture that allows 70,000+ independent networks to form a functioning Internet without any of them surrendering control.

The Two Domains

Routing protocols divide cleanly along this sovereignty boundary:

Interior Gateway Protocols (IGPs) operate within your network. They find optimal paths, converge quickly after failures, and assume every router cooperates toward shared goals. Trust is implicit—all routers answer to the same authority.

Exterior Gateway Protocols (EGPs) operate between networks. They implement policy, respect business relationships, and assume nothing about other networks' goals. Trust is negotiated—each network pursues its own interests.

This division exists because the problems are fundamentally different. Optimizing paths within a network you control is a technical challenge. Coordinating between networks you don't control is a political one.

Interior Gateway Protocols

IGPs solve the technical problem: given a network topology, find the best path to each destination.

The common IGPs each take a different approach:

OSPF (Open Shortest Path First) builds a complete map of the network topology. Every router knows the entire picture and independently calculates shortest paths. Changes propagate quickly because routers share topology information, not just route conclusions.

IS-IS (Intermediate System to Intermediate System) works similarly to OSPF—a link-state protocol that builds topology maps. Large service providers often prefer IS-IS for historical and operational reasons.

EIGRP (Enhanced Interior Gateway Routing Protocol) takes a hybrid approach. Routers share route information with neighbors but use sophisticated algorithms to converge quickly without building full topology maps.

RIP (Routing Information Protocol) is the simplest approach—routers periodically announce what networks they can reach and how far away those networks are. Simple to understand, but slow to adapt to changes.

All IGPs share common assumptions: routers cooperate, the goal is optimal paths, and the network is small enough that every router can know about every destination.

The Exterior Gateway Protocol

Between networks, there's only one protocol that matters: BGP (Border Gateway Protocol).

BGP doesn't find optimal paths. It finds acceptable paths—paths that respect business relationships, policy requirements, and the sovereignty of every network involved.

When your border router peers with another network's border router, they exchange routes. But unlike IGPs, these exchanges are governed by policy:

• Which routes do you accept from this peer?
• Which routes do you advertise to this peer?
• If multiple paths exist, which do you prefer?

These aren't technical questions. They're business questions. You might prefer routes through a peer you've paid for transit over routes through a peer you exchange traffic with freely. You might refuse to advertise certain routes to certain peers. You might accept a longer path because it's cheaper.

BGP provides the mechanism. Policy provides the decisions.

How They Work Together

Consider a packet traveling from New York to Tokyo.

Within the New York ISP, an IGP (perhaps OSPF) routes the packet through internal infrastructure. OSPF finds the fastest internal path to a border router—this is pure technical optimization within a single domain of control.

At the border, BGP takes over. The border router knows multiple paths to Tokyo through different peer networks. BGP's decision isn't "which path is fastest?" but "which path is preferred given our business relationships and policies?" The ISP might choose a path through a partner they've negotiated favorable terms with, even if another path has fewer hops.

The packet crosses into another network. That network's IGP routes it internally. At their border, their BGP makes another policy decision. This repeats across multiple networks until the packet reaches the Tokyo ISP.

Within the Tokyo ISP, their IGP (perhaps IS-IS) handles the final leg—routing through internal infrastructure to the destination server.

The packet passed through multiple kingdoms. Each kingdom used its own IGP internally and BGP at its borders. No kingdom told another how to route internally. They only negotiated what traffic to accept and where to send it next.

iBGP: A Necessary Complication

Large networks often have multiple border routers connecting to different external peers. This creates a problem: border router A learns routes from one peer, border router B learns routes from another peer, but they both need to know all the external routes to make good decisions.

The solution is iBGP—BGP sessions between routers within the same network. This isn't an IGP; it's BGP carrying external routing information across internal infrastructure.

The network still runs a real IGP (like OSPF) to route between its internal routers. iBGP rides on top of that, ensuring all border routers share the external routes they've learned.

This is confusing until you realize what iBGP actually carries: not internal routes (that's the IGP's job), but external routes that need to be known at multiple border points.

Why This Architecture Works

The IGP/EGP split succeeds because it aligns protocol design with organizational reality.

IGPs can optimize aggressively because they operate within a single trust domain. Every router shares the same goal: move packets efficiently. There's no conflict of interest, no business negotiation, no policy beyond "find the best path."

BGP can scale globally because it doesn't try to optimize globally. Each network makes local decisions based on local policy. The Internet doesn't need a single entity deciding optimal global paths—it needs a mechanism for independent networks to cooperate while retaining control.

This is why the Internet works despite having no central authority. The architecture assumes sovereignty, provides mechanisms for cooperation, and lets thousands of independent decisions aggregate into global connectivity.