101
0/228
Loading content...
Every time you access a website hosted on another continent, stream video from a content delivery network, or send an email to someone using a different ISP, your traffic traverses the boundaries between Autonomous Systems. These boundary crossings are governed by a single, remarkable protocol that has scaled from connecting a few dozen research networks in the 1980s to managing routes for the entire global Internet today.
That protocol is BGP—the Border Gateway Protocol.
Exterior Gateway Protocols (EGPs) are routing protocols designed to exchange routing information between Autonomous Systems. Unlike IGPs that optimize paths within a trusted domain, EGPs must handle the complex realities of the Internet: competing commercial interests, diverse routing policies, security threats from untrusted peers, and a scale that encompasses billions of routes.
By the end of this page, you will understand the historical evolution from the original EGP protocol to modern BGP, BGP's classification as a path vector protocol, how BGP fundamentally differs from IGPs philosophically and technically, the core concepts of eBGP vs iBGP, BGP sessions and messages, and why BGP is often called 'the glue that holds the Internet together.'
Before BGP, the Internet used a protocol literally named EGP (Exterior Gateway Protocol). Understanding this history illuminates why BGP evolved as it did.
The Original EGP (RFC 827, 1982):
The original EGP was designed for the nascent ARPANET/Internet when there were only a handful of interconnected networks. It had fundamental limitations:
| Protocol | RFC | Year | Key Development |
|---|---|---|---|
| EGP | RFC 827 | 1982 | First exterior routing protocol; tree-topology assumption |
| BGP-1 | RFC 1105 | 1989 | Path vector approach; policy routing capability |
| BGP-2 | RFC 1163 | 1990 | Incremental updates; reduced overhead |
| BGP-3 | RFC 1267 | 1991 | Aggregation improvements; clearer specification |
| BGP-4 | RFC 1771/4271 | 1995/2006 | CIDR support; current standard; extensive use |
The Birth of BGP:
By the late 1980s, the Internet's topology had evolved beyond a tree structure. Networks connected to multiple upstream providers, creating loops that EGP couldn't handle. BGP was developed with several key innovations:
Path Vector Protocol: BGP tracks the complete AS path to each destination, not just distance or next-hop. This enables loop detection (a router rejects routes containing its own AS) and policy decisions (prefer or avoid routes through specific ASes).
Policy-Based Routing: BGP allows operators to implement complex routing policies—prefer customer routes over peer routes, avoid certain transit providers, prepend AS paths to influence inbound traffic, etc.
Arbitrary Topology: BGP assumes nothing about network topology. It works correctly in any configuration of AS interconnections.
Stability Over Speed: Unlike IGPs that prioritize fast convergence, BGP deliberately converges slowly. Mechanisms like MRAI (Minimum Route Advertisement Interval), dampening, and holddown timers prevent local instability from cascading globally.
BGP-4 and CIDR:
BGP-4, the current version, introduced support for Classless Inter-Domain Routing (CIDR), enabling route aggregation that was essential for the Internet's address scalability. Without CIDR and BGP-4's support for it, the Internet routing table would have exploded beyond manageability decades ago.
While the term 'EGP' encompasses any exterior gateway protocol, in practice BGP is the only EGP in use on the modern Internet. When professionals talk about EGP, they almost always mean BGP specifically. The original EGP protocol has been obsolete for decades.
BGP is classified as a path vector protocol, distinct from both distance vector and link state protocols. Understanding this classification is essential for understanding BGP's behavior.
What Makes Path Vector Different:
| Aspect | Distance Vector | Link State | Path Vector (BGP) |
|---|---|---|---|
| Information shared | Distance to destinations | Complete topology | Full path (AS list) to destinations |
| Topology knowledge | None (only next-hop) | Complete network map | AS-level path only |
| Loop detection | Heuristics (split horizon, etc.) | Inherent (full knowledge) | Explicit (AS path check) |
| Metric basis | Hops, bandwidth, delay | Link costs | Policy + AS path length |
| Scalability | Limited | Moderate | Internet-scale |
| Update trigger | Periodic + changes | Topology changes | Policy or path changes |
The AS_PATH Attribute:
The most distinctive feature of path vector is the AS_PATH attribute. Every BGP route advertisement includes a list of all ASes the route has traversed:
Prefix: 8.8.8.0/24 (Google DNS)
AS_PATH: 15169 → Originated by Google (AS15169)
Prefix: 8.8.8.0/24
AS_PATH: 3356 15169 → Seen via Lumen transit
Prefix: 8.8.8.0/24
AS_PATH: 174 3356 15169 → Seen via Cogent → Lumen path
Loop Detection:
When a BGP router receives a route, it examines the AS_PATH. If the router's own ASN appears in the path, the route is rejected—it has already seen and propagated this route, so accepting it would create a loop. This is eleganly simple and foolproof, unlike the heuristic approaches of distance vector protocols.
Policy Implementation:
The AS_PATH enables sophisticated policy decisions:
The AS_PATH shows the sequence of Autonomous Systems, not individual routers. A packet traversing AS_PATH '174 3356 15169' might pass through dozens of physical routers across those three ASes. BGP operates at AS granularity, leaving intra-AS routing to IGPs. This abstraction is what makes BGP scale to the entire Internet.
BGP and IGPs solve different problems, which leads to fundamentally different designs. Understanding these differences prevents incorrect assumptions when configuring or troubleshooting BGP.
Why BGP Uses TCP:
Unlike IGPs that use specialized protocol headers (OSPF protocol 89, IS-IS on Layer 2) or UDP (RIP), BGP runs over TCP port 179. This design choice reflects BGP's requirements:
Reliability: TCP's guaranteed delivery eliminates the need for BGP to implement retransmission logic. Important in an environment where packets may traverse multiple networks.
Flow Control: TCP handles congestion and flow control, preventing BGP from overwhelming receivers during large table transfers.
Simplicity: Using TCP simplifies the BGP implementation—it focuses on routing logic, not transport mechanics.
Security: TCP's connection model enables authentication (MD5, TCP-AO) and stateful filtering at firewalls.
Cross-AS Transport: TC/IP works across AS boundaries where IGP-specific transports cannot.
Why BGP Converges Slowly:
BGP deliberately includes mechanisms that slow convergence:
These timers exist because Internet-scale instability is catastrophic. A flapping link between two ASes should not cause route oscillations across thousands of other networks. BGP sacrifices speed for global stability.
BGP convergence after a major event (upstream failure, policy change) can take minutes across the Internet. This is by design. However, it means BGP is not suitable for fast failover within a single network—that's what IGPs and BFD are for. BGP's job is ensuring the Internet remains stable, even if individual convergence is slow.
BGP is used in two distinct contexts with different rules:
External BGP (eBGP): Sessions between routers in different Autonomous Systems. This is "true" inter-domain routing—exchanging routes with external organizations.
Internal BGP (iBGP): Sessions between routers in the same Autonomous System. Used to distribute externally-learned routes throughout the AS.
Despite sharing the BGP protocol mechanics, eBGP and iBGP have critical behavioral differences:
| Behavior | eBGP | iBGP |
|---|---|---|
| Typical transport | Direct connection (TTL=1) | Via IGP (multi-hop, TTL=255) |
| AS_PATH modification | ASN prepended on advertisement | AS_PATH unchanged |
| NEXT_HOP modification | Changed to advertising router | Unchanged by default |
| Loop prevention | AS_PATH inspection | No re-advertisement to iBGP peers |
| Session topology | Point-to-point at AS edge | Full mesh or route reflectors |
| Administrative Distance | 20 (lower = preferred) | 200 (higher = less preferred) |
| MRAI default | 30 seconds | 0 seconds (immediate) |
The iBGP Full Mesh Problem:
A critical iBGP rule: Routes learned from one iBGP peer are NOT advertised to other iBGP peers. This prevents loops within the AS (since AS_PATH isn't modified for iBGP). However, it creates a requirement:
All iBGP speakers must be directly peered (full mesh).
With n routers, this means n×(n-1)/2 sessions:
Solutions to the Full Mesh Requirement:
Route Reflectors (RR):
Confederation:
A critical iBGP concept: iBGP doesn't change NEXT_HOP by default. If R1 learns a route from an eBGP peer with NEXT_HOP 203.0.113.1, it advertises that same NEXT_HOP to iBGP peers. Those peers need IGP reachability to 203.0.113.1, or the route is invalid. Common solutions: (1) Include eBGP peer subnets in IGP, (2) Use 'next-hop-self' to change NEXT_HOP to iBGP speaker's address, or (3) Redistribute connected routes.
BGP is a stateful protocol with explicit session establishment and maintenance. Understanding BGP message types and session lifecycle is essential for operations and troubleshooting.
BGP Message Types:
| Message | Purpose | When Used |
|---|---|---|
| OPEN | Initiate session; exchange capabilities | Session establishment |
| UPDATE | Advertise or withdraw routes | Route changes |
| KEEPALIVE | Maintain session (heartbeat) | Periodically (1/3 of holdtime) |
| NOTIFICATION | Report errors; terminate session | Fatal errors, shutdown |
| ROUTE-REFRESH | Request re-advertisement of routes | Policy changes (RFC 2918) |
BGP Session States (Finite State Machine):
BGP sessions progress through a well-defined state machine:
123456789101112131415161718
! Check BGP neighbor statusshow ip bgp summary! Output example:! Neighbor V AS MsgRcvd MsgSent TblVer State/PfxRcd! 192.168.1.1 4 65001 1543 1672 150 100 ← Established (shows prefix count)! 192.168.2.1 4 65002 0 0 0 Active ← Problem! Stuck in Active! 192.168.3.1 4 65003 15 16 0 Idle ← Administratively down or issue ! Detailed neighbor informationshow ip bgp neighbor 192.168.1.1! Shows: State, timers, capabilities, route counts, etc. ! Common Active state causes:! - TCP port 179 blocked by firewall/ACL! - No IP route to peer address! - Peer not configured or shutdown! - Authentication mismatch (MD5 key)! - eBGP multihop not configured when neededUPDATE Message Structure:
The UPDATE message is where route information is exchanged:
UPDATE Message:
├── Withdrawn Routes Length (2 bytes)
├── Withdrawn Routes (variable)
│ └── List of prefixes being removed
├── Total Path Attribute Length (2 bytes)
├── Path Attributes (variable)
│ ├── ORIGIN (IGP, EGP, INCOMPLETE)
│ ├── AS_PATH (list of ASes)
│ ├── NEXT_HOP (IP address)
│ ├── MULTI_EXIT_DISC (MED, optional)
│ ├── LOCAL_PREF (iBGP only)
│ ├── COMMUNITIES (optional tags)
│ └── [Many more optional attributes...]
└── Network Layer Reachability Information (NLRI)
└── List of prefixes being advertised
A single UPDATE can advertise multiple prefixes sharing the same attributes, and can simultaneously withdraw other prefixes.
During OPEN message exchange, BGP peers negotiate capabilities: IPv4/IPv6 address families, 32-bit ASN support, route refresh, graceful restart, etc. Mismatched capabilities can cause session failures. Always verify both peers support required features (e.g., both must support 32-bit ASNs if either uses one).
BGP routes carry path attributes that provide information about the route and influence path selection. Understanding these attributes is essential for implementing routing policy.
Attribute Categories:
| Category | Description | Examples |
|---|---|---|
| Well-known Mandatory | Must be recognized and included | ORIGIN, AS_PATH, NEXT_HOP |
| Well-known Discretionary | Must be recognized, optionally included | LOCAL_PREF, ATOMIC_AGGREGATE |
| Optional Transitive | May not be recognized; passed along if not | COMMUNITY, EXTENDED_COMMUNITY |
| Optional Non-transitive | May not be recognized; discarded if not | MED, ORIGINATOR_ID |
Key Path Attributes:
1. ORIGIN (Well-known Mandatory)
2. AS_PATH (Well-known Mandatory)
3. NEXT_HOP (Well-known Mandatory)
4. LOCAL_PREF (Well-known Discretionary, iBGP only)
5. MED (Multi-Exit Discriminator) (Optional Non-transitive)
1234567891011121314151617181920212223242526
! View detailed BGP route informationshow ip bgp 8.8.8.0/24 BGP routing table entry for 8.8.8.0/24, version 1543Paths: (3 available, best #1) Advertised to update-groups: 1 2 Path 1 (BEST): 15169 ← AS_PATH (direct from Google) 203.0.113.1 from 203.0.113.1 ← NEXT_HOP Origin IGP, metric 0, ← ORIGIN, MED localpref 150, ← LOCAL_PREF (we set this high) valid, external, best ← Status flags Community: 65000:100 ← COMMUNITY (optional) Path 2: 174 3356 15169 ← Longer AS_PATH (via Cogent→Lumen) 198.51.100.1 from 198.51.100.1 Origin IGP, localpref 100, ← Default LOCAL_PREF valid, external Path 3: 3356 15169 ← Via Lumen directly 192.0.2.1 from 192.0.2.1 Origin IGP, localpref 100, valid, external6. COMMUNITY (Optional Transitive)
7. ATOMIC_AGGREGATE (Well-known Discretionary)
8. AGGREGATOR (Optional Transitive)
9. ORIGINATOR_ID and CLUSTER_LIST (Optional Non-transitive)
Communities are BGP's most powerful policy tool. ISPs define community schemes: customers tag routes with communities indicating policies (blackhole, local preference, prepend length). The ISP's routers act on these communities. For example, tagging a route with '65000:666' might trigger blackhole routing for DDoS mitigation. Always document and publish your community scheme if accepting customer BGP.
When multiple paths exist to the same destination, BGP selects the "best" path using a well-defined decision process. Understanding this process is crucial for predicting BGP behavior and implementing effective routing policy.
The BGP Best Path Selection Algorithm:
BGP evaluates paths in order, using the first criterion that differentiates them:
Practical Path Selection Scenarios:
Scenario 1: Preferring a Specific Upstream You connect to ISP-A (customer, paying for transit) and ISP-B (peer, settlement-free). You want to prefer ISP-A for all outbound traffic.
Solution: Set higher LOCAL_PREF (e.g., 150) on routes from ISP-A, lower (100) on ISP-B. LOCAL_PREF is step 2, so it takes precedence over AS_PATH length.
Scenario 2: Traffic Engineering Inbound You want inbound traffic from AS65001 to prefer your Link-A over Link-B.
Solution: Advertise to AS65001 via Link-B with AS prepending (make AS_PATH longer), or advertise more specifics via Link-A. Note: You don't control their LOCAL_PREF, so use attributes they'll evaluate.
Scenario 3: Cold Potato vs Hot Potato
By default (step 8), BGP prefers routes with lower IGP cost to NEXT_HOP—"hot potato" routing (exit your network quickly). To implement "cold potato" (carry traffic longer in your network), disable this with bgp bestpath igp-metric ignore.
| Goal | Technique | Attribute Affected |
|---|---|---|
| Prefer one upstream for ALL destinations | Set higher LOCAL_PREF | LOCAL_PREF (step 2) |
| Prefer one upstream for SPECIFIC prefixes | Use route-map + prefix-list | LOCAL_PREF or WEIGHT |
| Influence inbound traffic from peers | AS prepending on backup links | AS_PATH length (step 4) |
| Discourage inbound on specific link | Announce less specific prefix | Longest match routing |
| Request peer's preference | Set MED on advertisements | MED (step 6) |
| Backup link (only if primary fails) | Set very low LOCAL_PREF (50) | LOCAL_PREF (step 2) |
MED is often misunderstood. By default, MED is only compared between routes from the same neighboring AS (routes from AS 65001 compared among themselves, not with routes from AS 65002). Enabling 'bgp always-compare-med' changes this but can cause routing instability if ASes use different MED conventions. Use MED carefully or not at all.
We've deeply explored Exterior Gateway Protocols and BGP's role as the Internet's routing backbone. Let's consolidate the essential knowledge:
What's Next:
With solid understanding of both IGP and EGP protocols, we'll now explore protocol selection—how network architects decide which routing protocols to deploy, when to use static routing, and how to design for specific requirements like redundancy, convergence, and scalability.
You now possess deep knowledge of BGP—the protocol that makes the global Internet function. From its path vector nature to session management to path selection, you understand how billions of routes are exchanged between autonomous systems worldwide. This knowledge is essential for anyone working with Internet connectivity, transit relationships, or multi-homed network designs.