ARP packets are processed as described above. When BGP packets are received, the router compares the indicated IP address (or IP address range) against the IP address of the BGP packet source to determine if the BGP route and the IP address(es) identified for rerouting by the BGP packet are in the same general geographic area. IP address ranges are assigned by geographic location and the current assignments are stored in a network database maintained by one or more network managers. If the originating BGP packet's IP address and rerouted IP addresses do not match geographically, the BGP packet may be rejected and the router will take an action as described in this document.

Packet redirection detection software (4032) may operate in two modes. It performs application-level round trip timing to one or more IP addresses using a protocol like ping or traceroute, or even a service such as the echo service hosted on a remote IP-based server. These packet timings may be used to populate the historical packet database (2034) and/or be used to calculate current packet transmission time/response time metrics. In addition, the packet redirection detection software interoperates with the IP stack in order to determine if packet redirection is occurring on other packet streams.

Unlike end user devices, routers other than edge routers generally do not receive and process TCP/IP stream ACKs. Edge routers (which often include a firewall component) can inspect the network packets for timestamps as described above. Alternatively, an edge router may retain packet message numbers for TCP/IP packet streams and calculate the round trip packet times as described above.