Loading learning content...
BGP routes carry far more than just destination prefixes and AS paths. Each route is annotated with a collection of path attributes—metadata that describes the route's characteristics, origin, policies, and preferences. These attributes collectively enable the sophisticated policy-based routing that makes BGP suitable for the Internet.
Understanding BGP attributes is essential for any network engineer working with BGP. Attributes determine which routes are selected, how they propagate, and how traffic flows across the Internet. Mastering attribute manipulation is the key to effective BGP traffic engineering.
By the end of this page, you will understand the complete taxonomy of BGP attribute types, the purpose and mechanics of each critical attribute (ORIGIN, NEXT_HOP, LOCAL_PREF, MED, COMMUNITY, etc.), how attributes are processed in the BGP decision algorithm, and how to manipulate attributes for traffic engineering and policy enforcement.
BGP path attributes are classified along two dimensions, creating four categories that determine how attributes are processed and propagated.
Classification Dimensions:
1. Well-Known vs. Optional
2. Mandatory vs. Discretionary (for Well-Known) / Transitive vs. Non-Transitive (for Optional)
| Category | Properties | Examples |
|---|---|---|
| Well-Known Mandatory | Required in every UPDATE; all BGP speakers must support | ORIGIN, AS_PATH, NEXT_HOP |
| Well-Known Discretionary | All speakers must support; optional in UPDATEs | LOCAL_PREF, ATOMIC_AGGREGATE |
| Optional Transitive | May not be supported; forwarded regardless | COMMUNITY, AGGREGATOR, Extended Community |
| Optional Non-Transitive | May not be supported; discarded if unknown | MED, ORIGINATOR_ID, CLUSTER_LIST |
Attribute Encoding:
Each attribute in an UPDATE message has a standard format:
+---------------------------+
| Attr. Flags (1 byte) |
+---------------------------+
| Attr. Type Code (1 byte) |
+---------------------------+
| Attr. Length (1-2 bytes) |
+---------------------------+
| Attr. Value (variable) |
+---------------------------+
Attribute Flags (bit fields):
| Type Code | Attribute Name | Category |
|---|---|---|
| 1 | ORIGIN | Well-Known Mandatory |
| 2 | AS_PATH | Well-Known Mandatory |
| 3 | NEXT_HOP | Well-Known Mandatory |
| 4 | MULTI_EXIT_DISC (MED) | Optional Non-Transitive |
| 5 | LOCAL_PREF | Well-Known Discretionary |
| 6 | ATOMIC_AGGREGATE | Well-Known Discretionary |
| 7 | AGGREGATOR | Optional Transitive |
| 8 | COMMUNITY | Optional Transitive |
| 9 | ORIGINATOR_ID | Optional Non-Transitive |
| 10 | CLUSTER_LIST | Optional Non-Transitive |
| 16 | EXTENDED COMMUNITIES | Optional Transitive |
| 32 | LARGE COMMUNITY | Optional Transitive |
When designing policies using communities or extended communities, remember they're transitive—they'll propagate across ASes that don't understand them. This is powerful (enables end-to-end signaling) but requires careful design to avoid unintended propagation.
The ORIGIN attribute indicates how the route was originally introduced into BGP. It's a well-known mandatory attribute that influences path selection.
ORIGIN Values:
| Value | Code | Meaning |
|---|---|---|
| IGP | 0 | Route learned from an Interior Gateway Protocol |
| EGP | 1 | Route learned from Exterior Gateway Protocol (legacy) |
| INCOMPLETE | 2 | Route origin is unknown (e.g., redistributed from static) |
ORIGIN in Best Path Selection:
ORIGIN is step 5 in the BGP decision process, after AS_PATH length. Lower origin values are preferred:
IGP (0) > EGP (1) > INCOMPLETE (2)
This preference reflects trustworthiness: routes learned from an IGP are considered more reliable than routes injected through redistribution.
Practical Example:
# Route with IGP origin - learned via network statementrouter bgp 65001 network 10.0.0.0 mask 255.255.255.0 ! This route will have ORIGIN: IGP # Route with INCOMPLETE origin - redistributed static routeip route 10.1.0.0 255.255.255.0 192.0.2.1router bgp 65001 redistribute static ! This route will have ORIGIN: INCOMPLETE # If both routes have same AS_PATH length, the IGP route wins # Changing ORIGIN with route-map:route-map SET-ORIGIN permit 10 set origin igp ! Forces ORIGIN to IGP (use judiciously)The EGP (Exterior Gateway Protocol) origin value exists for historical compatibility with the pre-BGP era. In modern networks, you'll only see IGP or INCOMPLETE. New routes should never be originated with EGP.
NEXT_HOP is a well-known mandatory attribute that specifies the IP address of the next-hop router to reach the advertised destinations. This attribute's behavior differs significantly between eBGP and iBGP.
NEXT_HOP Behavior:
| Scenario | NEXT_HOP Setting | Reason |
|---|---|---|
| eBGP to external peer | Interface IP of advertising router | Peer needs to reach advertiser directly |
| iBGP within AS (external route) | Original eBGP next-hop preserved | iBGP doesn't change next-hop by default |
| Route originated locally | 0.0.0.0 (self) | Replaced with appropriate IP when advertised |
| Route from multiaccess network | Third-party next-hop possible | Optimization to avoid extra hop |
The iBGP NEXT_HOP Challenge:
When R1 receives a prefix from AS 65002 with NEXT_HOP 192.0.2.1, it advertises via iBGP to R2 and R3 without changing the NEXT_HOP. This means R2 and R3 must be able to reach 192.0.2.1.
Solutions:
IGP Routing: The IGP (OSPF/IS-IS) carries the route to 192.0.2.1
next-hop-self: R1 sets itself as next-hop when advertising to iBGP peers
Recursive lookup: R2/R3 recursively resolve 192.0.2.1 through IGP
# Problem: iBGP peers can't reach external next-hop # Solution 1: next-hop-self on edge routerrouter bgp 65001 neighbor 10.0.0.2 remote-as 65001 neighbor 10.0.0.2 next-hop-self ! All routes advertised to 10.0.0.2 will have next-hop = R1's IP # Solution 2: next-hop-self for route-reflector clientsrouter bgp 65001 neighbor 10.0.0.2 remote-as 65001 neighbor 10.0.0.2 route-reflector-client neighbor 10.0.0.2 next-hop-self # Solution 3: Ensure IGP carries external connectivity! On R1's external interface:interface GigabitEthernet0/0 ip address 192.0.2.2 255.255.255.0 ip ospf passive-interface ! Now 192.0.2.0/24 is in OSPF, making 192.0.2.1 reachableIf a router cannot reach the NEXT_HOP via its IGP, the BGP route is marked invalid and not used for forwarding. This is one of the most common BGP configuration errors. Always verify NEXT_HOP reachability when troubleshooting BGP route installation issues.
LOCAL_PREF is a well-known discretionary attribute used within an AS to indicate the degree of preference for a route. It is the most powerful policy tool in BGP because it appears early in the decision process (step 2, after weight).
Key Characteristics:
| Property | Value |
|---|---|
| Type Code | 5 |
| Category | Well-Known Discretionary |
| Scope | iBGP only (not sent to eBGP peers) |
| Value Range | 0 to 4,294,967,295 (32-bit) |
| Default | 100 (Cisco), varies by vendor |
| Preference | Higher is better |
LOCAL_PREF Scope:
Crucially, LOCAL_PREF is never sent to eBGP peers. It's an internal policy knob that tells your own AS which path to prefer. When advertising to external peers, LOCAL_PREF is stripped from the UPDATE.
Policy Application:
LOCAL_PREF is typically set on inbound route-maps to implement policy:
| Relationship | Typical LOCAL_PREF | Rationale |
|---|---|---|
| Customer routes | 200+ | Always prefer customers (they pay you) |
| Peer routes | 100-150 | Settlement-free, generally good |
| Provider routes | 80-100 | You pay them; last resort |
| Backup provider | 50-75 | Emergency only |
# Enterprise with Primary and Backup ISPs # Inbound from Primary ISP (AS 65100) - high preferenceroute-map PRIMARY-IN permit 10 set local-preference 150 # Inbound from Backup ISP (AS 65200) - lower preference route-map BACKUP-IN permit 10 set local-preference 75 router bgp 65001 neighbor 192.0.2.1 remote-as 65100 neighbor 192.0.2.1 route-map PRIMARY-IN in neighbor 192.0.2.2 remote-as 65200 neighbor 192.0.2.2 route-map BACKUP-IN in # Result:# All traffic exits via Primary ISP (higher LOCAL_PREF = 150)# Backup ISP is used only if Primary becomes unreachable# Note: This controls OUTBOUND traffic from your ASRemember the traffic engineering duality: LOCAL_PREF controls how traffic LEAVES your AS (which exit point you choose). AS_PATH prepending controls how traffic ENTERS your AS (which entry point others choose). Effective traffic engineering often requires manipulating both.
ISP Traffic Engineering with LOCAL_PREF:
ISPs use LOCAL_PREF to implement the customer > peer > provider preference hierarchy:
MED (also called METRIC in some implementations) is an optional non-transitive attribute used to influence inbound traffic across multiple entry points into an AS.
Key Characteristics:
| Property | Value |
|---|---|
| Type Code | 4 |
| Category | Optional Non-Transitive |
| Scope | Between directly connected ASes only |
| Value Range | 0 to 4,294,967,295 (32-bit) |
| Default | 0 (or IGP metric) |
| Preference | Lower is better |
MED Purpose:
MED allows an AS to tell its neighbor which entry point to prefer for reaching a specific prefix. It's the only standard mechanism for influencing an external AS's inbound path selection.
Non-Transitive Implication:
Because MED is non-transitive, it only influences the directly connected AS. That AS will not propagate the MED to its peers—they'll apply their own policies.
In this example, AS 65001 advertises the same prefix via two peering points with different MEDs. AS 65002 will prefer the path through the East Router (MED 100 < MED 200), sending traffic to the closer ingress point.
MED Comparison Rules:
By default, MED is only compared between routes received from the same neighboring AS. This prevents unfair comparisons—MEDs from different ASes may use different scales.
| Configuration | Behavior |
|---|---|
| Default | Compare MED only among routes from same AS |
bgp always-compare-med | Compare MED across all routes |
bgp deterministic-med | Group routes by AS before MED comparison |
bgp bestpath med missing-as-worst | Treat missing MED as maximum value |
# Setting MED based on IGP metricrouter bgp 65001 neighbor 192.0.2.1 remote-as 65002 ! Default: MED = IGP metric to the NEXT_HOP # Setting MED explicitly with route-maproute-map SET-MED-EAST permit 10 set metric 100 route-map SET-MED-WEST permit 10 set metric 200 router bgp 65001 neighbor 192.0.2.1 route-map SET-MED-EAST out neighbor 192.0.2.2 route-map SET-MED-WEST out # Result: Customer (65002) will prefer East link for all prefixes # Enabling comparison across ASes (use carefully!)router bgp 65002 bgp always-compare-med ! Now MED is compared even for routes from different ASesThe receiving AS can ignore MED entirely via local policy. MED is step 6 in the decision process—LOCAL_PREF, AS_PATH length, and ORIGIN all take precedence. Never assume MED will control external traffic; it's a hint that may or may not be honored.
The COMMUNITY attribute is one of BGP's most powerful and flexible features. It allows routes to be tagged with arbitrary labels that can trigger policy actions across multiple ASes.
Key Characteristics:
| Property | Value |
|---|---|
| Type Code | 8 |
| Category | Optional Transitive |
| Format | 32-bit value, often displayed as ASN:NN |
| Propagation | Transitive (propagates to all peers unless stripped) |
Community Format:
Communities are 32-bit values, typically displayed in two formats:
Well-Known Communities (RFC 1997):
| Community | Value | Effect |
|---|---|---|
| NO_EXPORT | 0xFFFFFF01 | Don't advertise outside this AS (or confederation) |
| NO_ADVERTISE | 0xFFFFFF02 | Don't advertise to any peer |
| NO_EXPORT_SUBCONFED | 0xFFFFFF03 | Don't advertise outside local confederation member |
| NOPEER | 0xFFFFFF04 | Don't advertise to peers (RFC 3765) |
Operator-Defined Communities:
Beyond well-known communities, operators define their own to signal intent. Common patterns include:
| Pattern | Example | Purpose |
|---|---|---|
| Informational | 65000:100 | Route type (customer, peer, transit) |
| Action | 65000:666 | Blackhole this prefix |
| Traffic Engineering | 65000:1XXX | Prepend X times to certain peers |
| Geographic | 65000:80XX | Learned in region XX |
| Selective Announcement | 65000:9XXX | Announce only to peer XXXX |
# Tagging routes with informational communitiesroute-map TAG-CUSTOMER-ROUTES permit 10 match ip address prefix-list CUSTOMER-PREFIXES set community 65000:100 65000:1000 additive ! 65000:100 = customer route ! 65000:1000 = full propagation allowed # Triggering action based on communityip community-list 10 permit 65000:666route-map ACCEPT-WITH-BLACKHOLE permit 10 match community 10 set ip next-hop 192.0.2.1 ! Null route # Preventing export with well-known communityroute-map INTERNAL-ONLY permit 10 set community no-export additive ! Route stays within AS # ISP community for customer traffic engineering! Many ISPs publish community schemes like:! ASN:0 = Do not announce to any peer! ASN:PEER = Do not announce to specific peer! ASN:1PEER = Prepend 1x to specific peer! ASN:2PEER = Prepend 2x to specific peerMost tier-1 and major tier-2 ISPs publish BGP community schemes. These let customers influence how their routes are announced. Check your provider's documentation—you may be able to achieve significant traffic engineering without any bilateral conversations.
Extended Communities and Large Communities:
Standard 32-bit communities have limitations (16-bit ASN field). Extensions address this:
| Type | Size | Purpose |
|---|---|---|
| Standard Community | 32 bits | General purpose tagging |
| Extended Community | 64 bits | VPN RT/RD, additional type encoding |
| Large Community (RFC 8092) | 96 bits | Full 32-bit ASN support |
Large Communities are essential for operators with 4-byte AS numbers (above 65535), as they provide proper 32-bit ASN fields in the community value.
Now that we've examined individual attributes, let's see how they combine in the BGP best path selection algorithm. This process runs whenever a router has multiple paths to the same prefix.
The Full Decision Algorithm:
BGP applies these criteria in order. As soon as one criterion produces a clear winner, the process stops.
| Step | Criterion | Preference | Attribute Type |
|---|---|---|---|
| 0 | Route validity (next-hop reachable, no AS loop) | Valid only | N/A |
| 1 | Weight (Cisco-specific) | Highest | Local to router |
| 2 | LOCAL_PREF | Highest | Well-known discretionary |
| 3 | Locally originated route | Prefer local | N/A |
| 4 | AS_PATH length | Shortest | Well-known mandatory |
| 5 | ORIGIN type | IGP < EGP < Incomplete | Well-known mandatory |
| 6 | MED | Lowest (same AS) | Optional non-transitive |
| 7 | eBGP vs iBGP | eBGP preferred | Session type |
| 8 | IGP metric to NEXT_HOP | Lowest | IGP-derived |
| 9 | Oldest route | Prefer older | Stability |
| 10 | Lowest Router ID | Tiebreaker | OPEN negotiated |
| 11 | Lowest peer IP address | Final tiebreaker | Session config |
Decision Process Example:
Router receives three paths to 10.0.0.0/8:
| Path | AS_PATH | LOCAL_PREF | Origin | MED | Learned From |
|---|---|---|---|---|---|
| A | 65001 65002 | 150 | IGP | 0 | eBGP |
| B | 65003 | 100 | IGP | 0 | eBGP |
| C | 65004 65005 65006 | 150 | Incomplete | 0 | eBGP |
Decision Steps:
Path A is selected. Note that even though C had the same LOCAL_PREF, AS_PATH length broke the tie.
The exact decision process order varies slightly between vendors. Cisco, Juniper, Arista, and others have minor differences. Always consult your vendor's documentation for the authoritative order. The conceptual principles remain the same across implementations.
BGP attributes form the vocabulary through which routing policy is expressed. Let's consolidate the key concepts:
What's Next:
In the final page of this module, we explore the critical distinction between eBGP and iBGP. You will learn why BGP uses different behaviors for internal and external sessions, how route reflectors and confederations solve iBGP scaling challenges, and the operational differences in configuring and troubleshooting each session type.
You now understand the rich ecosystem of BGP path attributes. From the mandatory AS_PATH and NEXT_HOP to the policy-enabling LOCAL_PREF and COMMUNITY, you can interpret route advertisements and design sophisticated routing policies. Next, we complete the BGP picture by examining eBGP vs iBGP.