LearnNetwork
BGP introduction

BGP — the protocol that holds the internet together

12 min

BGP (Border Gateway Protocol, RFC 4271) is the routing protocol that runs between autonomous systems — between ISPs, between operators and large customers, and increasingly inside data center fabrics. Where OSPF builds a topology view, BGP builds a policy view: which paths am I willing to use, advertise, or prefer?

If the internet is a country of countries (autonomous systems), BGP is the treaty system that lets them route mail to each other.

The 30-second model

Each network with its own routing policy is an Autonomous System (AS), identified by an ASN (Autonomous System Number — 16-bit historically, now 32-bit). Cloudflare is AS 13335. Google is AS 15169. Your ISP has one too.

Two BGP speakers in different ASes peer by establishing a TCP session (port 179) and exchanging route advertisements:

  • "I, AS 100, can reach 192.0.2.0/24."
  • "I, AS 200, can reach 198.51.100.0/24 via AS 100."

Each receiver decides whether to install the route based on its own policy.

eBGP vs iBGP

  • eBGP (external) — between routers in different ASes. The thing most people mean when they say "BGP."
  • iBGP (internal) — between routers in the same AS. Used to carry external routes across an operator's internal network. Has stricter rules: a route learned via iBGP is not re-advertised to other iBGP peers (the "split-horizon" rule) — which is why operators run route reflectors to scale beyond a small full mesh.

Path attributes — how BGP decides

When BGP has multiple paths to the same prefix, it walks a priority list of attributes (this is partially Cisco-flavored but representative):

  1. Weight (Cisco-only, local) — highest wins.
  2. LOCAL_PREF — highest wins. Set by your edge to express "exit this way for this prefix."
  3. Locally originated — prefer routes you originated over those learned from peers.
  4. AS_PATH length — shortest wins. Each AS the route has traversed.
  5. Origin code — IGP > EGP > Incomplete.
  6. MED — lowest wins. A hint to neighbor ASes about which entrance you prefer.
  7. eBGP over iBGP.
  8. IGP metric to the next hop — lowest wins.
  9. Tie-breakers: oldest, lowest router-id, lowest cluster-list, lowest neighbor IP.

For CCNA: know AS_PATH and that BGP is policy-driven. The full decision tree is CCNP territory.

Why BGP, not OSPF, runs the internet

  • Scale. OSPF maxes out around a few hundred routers in a single area. BGP handles tens of thousands.
  • Policy. OSPF picks shortest path; BGP picks the policy-preferred path. Operators care more about "don't transit my competitor" than "shortest path."
  • Aggregation. BGP advertises prefixes; operators aggregate ranges down to a single advertisement. The full internet table is ~1 million IPv4 prefixes — manageable.
  • Loop prevention via AS_PATH: if I see my own ASN in the path, I drop the advertisement.

A minimal eBGP config

Cisco IOSCisco — eBGP to AS 65001
[object Object]
Nokia SR OSNokia SR OS — eBGP
[object Object]

Operational realities

  • Filter rigorously. Without inbound/outbound prefix-list filters, you risk accepting (or sending) garbage. The 2008 Pakistan/YouTube incident, the 2021 Facebook outage, many others — all "we forgot to filter."
  • RPKI (Resource Public Key Infrastructure) signs which AS is allowed to originate which prefix. The hard part is making routers actually check signatures — increasingly the norm at major IXPs.
  • BGP communities are tags attached to advertisements ("this is a customer route," "blackhole this") used to drive policy without per-prefix config.

What to remember

  • BGP runs between ASes over TCP/179.
  • eBGP between ASes; iBGP within. iBGP needs full mesh or route reflectors.
  • Decision is policy first (LOCAL_PREF, AS_PATH) — not shortest topology.
  • Filter every neighbor. Always. Both directions.
  • Look up RPKI; if you operate ASes, validate origins.