BGP — the protocol that holds the internet together
12 min
BGP (Border Gateway Protocol, RFC 4271) is the routing protocol that runs between autonomous systems — between ISPs, between operators and large customers, and increasingly inside data center fabrics. Where OSPF builds a topology view, BGP builds a policy view: which paths am I willing to use, advertise, or prefer?
If the internet is a country of countries (autonomous systems), BGP is the treaty system that lets them route mail to each other.
The 30-second model
Each network with its own routing policy is an Autonomous System (AS), identified by an ASN (Autonomous System Number — 16-bit historically, now 32-bit). Cloudflare is AS 13335. Google is AS 15169. Your ISP has one too.
Two BGP speakers in different ASes peer by establishing a TCP session (port 179) and exchanging route advertisements:
- "I, AS 100, can reach 192.0.2.0/24."
- "I, AS 200, can reach 198.51.100.0/24 via AS 100."
Each receiver decides whether to install the route based on its own policy.
eBGP vs iBGP
- eBGP (external) — between routers in different ASes. The thing most people mean when they say "BGP."
- iBGP (internal) — between routers in the same AS. Used to carry external routes across an operator's internal network. Has stricter rules: a route learned via iBGP is not re-advertised to other iBGP peers (the "split-horizon" rule) — which is why operators run route reflectors to scale beyond a small full mesh.
Path attributes — how BGP decides
When BGP has multiple paths to the same prefix, it walks a priority list of attributes (this is partially Cisco-flavored but representative):
- Weight (Cisco-only, local) — highest wins.
- LOCAL_PREF — highest wins. Set by your edge to express "exit this way for this prefix."
- Locally originated — prefer routes you originated over those learned from peers.
- AS_PATH length — shortest wins. Each AS the route has traversed.
- Origin code — IGP > EGP > Incomplete.
- MED — lowest wins. A hint to neighbor ASes about which entrance you prefer.
- eBGP over iBGP.
- IGP metric to the next hop — lowest wins.
- Tie-breakers: oldest, lowest router-id, lowest cluster-list, lowest neighbor IP.
For CCNA: know AS_PATH and that BGP is policy-driven. The full decision tree is CCNP territory.
Why BGP, not OSPF, runs the internet
- Scale. OSPF maxes out around a few hundred routers in a single area. BGP handles tens of thousands.
- Policy. OSPF picks shortest path; BGP picks the policy-preferred path. Operators care more about "don't transit my competitor" than "shortest path."
- Aggregation. BGP advertises prefixes; operators aggregate ranges down to a single advertisement. The full internet table is ~1 million IPv4 prefixes — manageable.
- Loop prevention via AS_PATH: if I see my own ASN in the path, I drop the advertisement.
A minimal eBGP config
[object Object][object Object]Operational realities
- Filter rigorously. Without inbound/outbound prefix-list filters, you risk accepting (or sending) garbage. The 2008 Pakistan/YouTube incident, the 2021 Facebook outage, many others — all "we forgot to filter."
- RPKI (Resource Public Key Infrastructure) signs which AS is allowed to originate which prefix. The hard part is making routers actually check signatures — increasingly the norm at major IXPs.
- BGP communities are tags attached to advertisements ("this is a customer route," "blackhole this") used to drive policy without per-prefix config.
What to remember
- BGP runs between ASes over TCP/179.
- eBGP between ASes; iBGP within. iBGP needs full mesh or route reflectors.
- Decision is policy first (LOCAL_PREF, AS_PATH) — not shortest topology.
- Filter every neighbor. Always. Both directions.
- Look up RPKI; if you operate ASes, validate origins.