Screen version
Adjacent Node
Networking, explained. No BS.

BGP

What It Is

Border Gateway Protocol is a path-vector routing protocol used to exchange reachability between autonomous systems and to apply routing policy. BGP is less about fastest path and more about controlled path selection: who you accept routes from, what you advertise, and which attributes you use to prefer or de-prefer paths.

Core Attributes

Attribute Type Purpose Path Selection Use
Weight Cisco local Local-only preference Higher wins, not advertised
Local Preference Well-known discretionary Preference inside your AS Higher wins
AS Path Well-known mandatory AS sequence a route traversed Shorter often wins
Origin Well-known mandatory How route entered BGP IGP beats EGP beats incomplete
MED Optional nontransitive Suggest inbound path to neighboring AS Lower wins when compared
Next Hop Well-known mandatory Next router to reach prefix Must be reachable
Community Optional transitive Policy tag Depends on policy
Large Community Optional transitive 12-octet policy tag Useful for 4-byte ASNs and scale
Atomic Aggregate Well-known discretionary Indicates aggregation lost path detail Informational and policy-dependent
Aggregator Optional transitive Router and AS that aggregated Informational and troubleshooting

Modern note: Communities are where real BGP policy usually lives. Treat them like an API contract with peers, transit providers, IXPs, and internal route-reflector policy.

Message Types And States

Message Purpose
Open Establishes session parameters
Update Advertises and withdraws routes
Keepalive Keeps session alive
Notification Reports error and closes session
Route Refresh Requests re-advertisement without hard reset
State Meaning Common Issue
Idle BGP is waiting or administratively down Neighbor config, shutdown, policy
Connect Trying TCP connection TCP/179 reachability
Active Connection attempt failed, retrying ACL, source interface, remote AS
OpenSent Open message sent AS number, version, auth
OpenConfirm Waiting for keepalive Timers, auth, policy
Established Session is up Check routes and policy next

Watch out: "Active" does not mean healthy traffic is flowing. In BGP state language, Active usually means the TCP session is not establishing.

Path Selection

Cisco IOS/IOS-XE commonly evaluates best path in this practical order:

Order Decision Preferred
1 Weight Highest
2 Local preference Highest
3 Locally originated Local
4 AS path length Shortest
5 Origin type IGP, then EGP, then incomplete
6 MED Lowest
7 eBGP over iBGP eBGP
8 IGP metric to next hop Lowest
9 Older eBGP path Oldest
10 Router ID / peer address tie breakers Lowest

Design note: Use policy deliberately. Local preference is usually the cleanest knob for outbound path choice inside your AS. AS path prepending and MED are weaker signals for influencing inbound traffic.

Policy Building Blocks

Tool Use Example Policy
Prefix list Match exact or ranged prefixes Allow only owned routes outbound
AS path ACL Match AS path regex Reject routes transiting a peer AS
Community list Match route tags Apply provider policy
Route map Match and set attributes Set local-pref, prepend AS path, tag community
Maximum prefix Limit accepted route count Shut or warn when peer leaks
RPKI origin validation Validate prefix origin AS Reject or de-prefer invalids
Default route Provide fallback route Customer edge or lab designs

Modern note: RFC 8212 changed the expected eBGP default posture: no explicit import or export policy means routes should not be used or advertised. Many real devices still vary, so configure policies explicitly.

Security And Safety

Control Why It Matters
Explicit import/export policy Prevents accidental full-table leaks or customer leaks
Prefix limits Contains peer mistakes
Prefix filters Accept and advertise only expected networks
RPKI origin validation Detects invalid origin AS for signed resources
Session authentication Protects BGP TCP session from spoofing or reset attacks
TTL security / GTSM Limits off-path session attacks where supported
Route flap damping Use carefully because it can suppress legitimate recovery; often less favored now
Communities documentation Prevents accidental blackhole, no-export, or local-pref changes

Watch out: BGP will do what policy says, even when policy is wrong. Always test inbound and outbound route policy before turning up a real peer.

Cisco IOS/IOS-XE Examples

Basic eBGP with explicit filters:

ip prefix-list CUSTOMER-OUT seq 10 permit 203.0.113.0/24
ip prefix-list TRANSIT-IN seq 10 permit 0.0.0.0/0 le 24
!
route-map TRANSIT-IN permit 10
 match ip address prefix-list TRANSIT-IN
 set local-preference 150
!
route-map CUSTOMER-OUT permit 10
 match ip address prefix-list CUSTOMER-OUT
 set community 65000:100 additive
!
router bgp 65000
 bgp log-neighbor-changes
 neighbor 198.51.100.1 remote-as 64500
 neighbor 198.51.100.1 description Transit-A
 neighbor 198.51.100.1 password ExampleSecret
 neighbor 198.51.100.1 maximum-prefix 900000 90 restart 5
 neighbor 198.51.100.1 route-map TRANSIT-IN in
 neighbor 198.51.100.1 route-map CUSTOMER-OUT out
 network 203.0.113.0 mask 255.255.255.0

iBGP route reflector client:

router bgp 65000
 neighbor 10.0.0.11 remote-as 65000
 neighbor 10.0.0.11 update-source Loopback0
 neighbor 10.0.0.11 route-reflector-client

RPKI origin validation:

router bgp 65000
 bgp rpki server tcp 192.0.2.10 port 3323 refresh 600

Notes:

  • Use documentation prefixes here only for examples. Replace them with real assigned space.
  • maximum-prefix values must match the peer type. A full-table peer and customer peer should not have the same limit.
  • Route maps should have deliberate deny or permit behavior. Empty or missing policy is a common outage cause.
  • Route reflector designs need consistent next-hop reachability through the IGP or underlay.

Troubleshooting

Symptom Check Likely Cause
Neighbor stuck Active TCP/179, ACL, source IP, remote AS Cannot establish TCP session
Neighbor flaps Logs, hold timer, interface errors, CPU Transport instability or timers
Session established, no routes Address family, route policy, prefix list Policy blocking everything
Route received, not installed Next hop, RPKI state, better route Unreachable next hop or best path lost
Wrong outbound path Local-pref, weight, AS path, IGP cost Policy or next-hop metric
Inbound traffic enters wrong link Communities, prepending, provider policy Remote AS policy wins
Sudden huge route count Prefix limits, peer changes Route leak or full table accepted

Commands

show ip bgp summary
show ip bgp neighbors 198.51.100.1
show ip bgp 203.0.113.0
show ip route bgp
show ip bgp regexp _64500_
show ip bgp neighbors 198.51.100.1 received-routes
show ip bgp neighbors 198.51.100.1 advertised-routes
clear ip bgp 198.51.100.1 soft in

Expected clues:

  • Neighbor state is Established.
  • Prefix counts match expected peer type.
  • Inbound and outbound policy names are attached.
  • Next hop is reachable in the RIB.
  • Best path reason matches the intended policy.
  • Advertised routes are only the prefixes you meant to send.

Watch Out

  • Do not turn up eBGP without explicit import and export policy.
  • Do not accept a default route or full table unless the design calls for it.
  • Do not redistribute an IGP into BGP without filters and tags.
  • Do not advertise RFC 1918, documentation, bogon, or internal-only routes to transit.
  • Do not assume AS path prepending will control inbound traffic predictably.
  • Do not clear sessions hard when a soft refresh will do.

References