BGP (Border Gateway Protocol) is the routing protocol that connects autonomous systems—essentially, the glue holding the internet together. Unlike interior routing protocols like OSPF that work within single organizations, BGP enables different networks owned by ISPs, tech companies, and enterprises to exchange routing information and determine the best paths for data across the global internet.
BGP is an exterior gateway protocol (EGP) that operates at the network layer (Layer 3). When you access a website hosted on a server across the world, BGP routers negotiate the path your data takes through dozens of different networks. Without BGP, packets wouldn't know how to traverse between separate organizations' networks.
Here's the critical distinction: interior routing protocols like OSPF manage traffic within a single autonomous system (AS). BGP manages traffic between autonomous systems. An autonomous system is a network or group of networks under a single administrative authority—think of an ISP or large corporation.
BGP's intelligence comes from its policy-based routing. Instead of just choosing the shortest path, BGP can be configured to prefer or avoid certain routes based on business logic. An ISP might prefer to route traffic through their own networks even if another path is technically shorter, or they might block traffic from competitors entirely.
BGP routers establish TCP connections with neighboring routers (called peers or neighbors) on port 179. Once connected, these routers exchange routing information by advertising prefixes—essentially, the IP address ranges they can reach.
Here's a simplified workflow:
This process happens continuously as network conditions change, allowing BGP to adapt to link failures, congestion, or route withdrawals.
BGP communicates using four message types. Understanding these messages helps clarify how BGP actually operates:
These initiate BGP sessions. An Open message contains the sender's autonomous system number, BGP version, hold time, and BGP identifier. Both routers must agree on these parameters before exchanging routing information.
Updates carry the actual routing information. They list withdrawn routes (prefixes no longer reachable) and newly reachable prefixes along with their path attributes. A single Update message can advertise multiple prefixes or withdraw multiple routes.
BGP routers send Keepalive messages at regular intervals to confirm the session is still active. If a router doesn't receive a Keepalive or Update message within the hold time, it assumes the neighbor is unreachable and tears down the session.
When an error occurs, a router sends a Notification message to its neighbor and closes the session. Common errors include version mismatches, bad peer addresses, or invalid ASNs.
When multiple paths exist to the same destination, BGP selects the best one using a sequence of tiebreakers called attributes. The order matters—BGP checks them in a specific sequence until one path emerges as superior.
Weight (Cisco proprietary): Highest weight wins. Used locally on a single router to prefer certain routes. Default weight is 0, but Cisco routers typically set weight to 32768 for locally originated routes.
Local Preference: A value that influences route selection across an entire autonomous system. Higher local preference wins. Useful for preferring internal routes over external ones.
Originate: Routes locally originated by the router itself are preferred over routes learned from neighbors.
AS-Path Length: The number of autonomous systems the route has traversed. Shorter is better, reflecting the principle that fewer hops typically mean better performance and stability.
Origin Type: Routes learned through Interior Gateway Protocols (IGP) are preferred over those learned through External BGP (eBGP). This reflects the assumption that internal knowledge is more trustworthy.
Multi-Exit Discriminator (MED): Used when multiple paths exist to the same destination through the same neighboring AS. Lower MED is preferred. It's commonly used by customers to prefer certain entry points into an ISP's network.
eBGP vs. iBGP: Routes learned through external BGP (from other autonomous systems) are preferred over routes learned through internal BGP (from within the same AS).
IGP Metric: The cost to reach the next hop within your own AS. Lower metrics win, helping tie-break between otherwise equal eBGP routes.
BGP operates in two distinct flavors, and the distinction matters for network design.
External BGP (eBGP) runs between routers in different autonomous systems. This is the public internet's backbone. ISPs use eBGP to exchange routes, allowing traffic to flow between different companies' networks. eBGP sessions typically happen between directly connected routers.
Internal BGP (iBGP) runs between routers within the same autonomous system. Large organizations with multiple border routers use iBGP to distribute external routing information internally. Unlike iBGP, eBGP automatically reduces the TTL of incoming packets, preventing routing loops across autonomous system boundaries.
A crucial difference: when a router receives a route via iBGP, it won't advertise that route to other iBGP neighbors. This prevents loops and means large AS networks need a full mesh of iBGP connections or use route reflectors to distribute routes efficiently.
While configuration depends on your router vendor, the fundamental concepts remain consistent. Here's a basic example using Cisco IOS syntax:
router bgp 65001
bgp router-id 192.168.1.1
neighbor 10.0.0.2 remote-as 65002
neighbor 10.0.0.2 description ISP-Upstream
!
address-family ipv4
neighbor 10.0.0.2 activate
network 192.168.0.0 mask 255.255.255.0
redistribute connected
exit-address-family
This configuration:
In production environments, you'd add route maps for policy control, set attributes like local preference, and define prefix lists to control what routes are accepted or advertised.
Organizations implement BGP for several practical reasons:
Multihoming: Connecting to multiple ISPs simultaneously ensures redundancy. If one ISP fails, traffic automatically reroutes through the other. BGP announces your prefixes to all upstreams, and selects incoming routes from the most reliable provider.
Load Balancing: BGP can distribute traffic across multiple links. By manipulating attributes like AS-path prepending or MED values, you can influence how traffic enters and exits your network.
Traffic Engineering: Policy-based routing allows fine-grained control over traffic flow. You might prefer certain paths for latency-sensitive applications or route backup traffic through cheaper links.
Internet Exchange Points (IXPs): Organizations at IXPs use BGP to exchange routes directly with peers, reducing reliance on transit providers and improving performance.
BGP was designed in an era before internet security was a primary concern. Several vulnerabilities exist:
Route Hijacking: An attacker can advertise IP prefixes they don't actually own, intercepting traffic destined for legitimate networks. This requires only a BGP session with the internet.
Session Hijacking: TCP sequence number prediction attacks can disrupt active BGP sessions, causing route withdrawals and network instability.
Route Filtering Gaps: If routers don't filter BGP announcements properly, invalid routes can propagate across the internet.
Mitigation strategies include RPKI (Resource Public Key Infrastructure) for cryptographic validation of route origins, BGP route filtering, and TCP authentication options like MD5 and TCP-AO for securing BGP sessions.
Different routing protocols serve different purposes. OSPF routing protocol scales well within autonomous systems but isn't designed for internet-wide use. RIP is outdated and limited to 15 hops. BGP's real strength is supporting policy-based routing and managing thousands of routes across administrative boundaries without the scalability limits of protocols designed for single organizations.
For internal network routing, most organizations use OSPF or IS-IS alongside BGP. BGP at the edges (border routers) connects to the internet, while internal routing protocols manage traffic within the data center or campus.
Learning BGP requires hands-on lab work. Start with a virtual environment using GNS3 or containerized routers. Configure basic neighbor relationships, advertise some prefixes, and observe how routers exchange updates. Use debugging commands to watch BGP messages in real-time.
Most importantly, understand why BGP makes specific decisions. When a route isn't advertised as expected, trace through the attribute selection process. When failover doesn't happen as planned, examine your route filtering and local policies. BGP is powerful precisely because it's flexible—but that flexibility requires understanding the mechanics beneath.
Advanced topics like BGP route reflectors, confederation design, and advanced traffic engineering will make sense once you've mastered these fundamentals.
OSPF is an interior gateway protocol designed for routing within a single organization's network. It converges quickly and distributes information to all routers. BGP is an exterior gateway protocol for routing between different organizations (autonomous systems). It prioritizes stability over speed and uses policy-based decision-making rather than pure shortest-path calculations.
BGP uses TCP port 179 because routing information must arrive reliably and in order. UDP is connectionless and doesn't guarantee delivery or sequence. TCP's connection-oriented nature ensures that BGP sessions maintain state and that all route updates are received completely. The overhead of TCP is acceptable given BGP's role in internet infrastructure.
Technically yes, and some large organizations do use iBGP internally. However, it's overkill for most networks. OSPF converges faster, uses less bandwidth, and requires less configuration. BGP shines when you need policy control and scalability across multiple autonomous systems.