BGP: Border Gateway Protocol

The path vector routing protocol that connects Autonomous Systems across the internet. BGP is the glue that holds the global routing system together, enabling ISPs, cloud providers, and large enterprises to exchange reachability information at scale.

Type

Path Vector (Application Layer)

Port

179

Transport

TCP

Standard

RFC 4271

What is BGP?

BGP (Border Gateway Protocol) is the routing protocol responsible for exchanging reachability information between Autonomous Systems (ASes) on the internet. Often called "the protocol that makes the internet work," BGP is the mechanism by which ISPs, cloud providers, content delivery networks, and large enterprises discover how to reach every publicly routable IP prefix on the planet.

BGP is classified as a path vector protocol. Unlike distance vector protocols that track only hop count, or link-state protocols that build a complete topology map, BGP maintains the full AS-level path to each destination. This path information allows operators to make sophisticated routing decisions and detect loops by checking whether their own AS number already appears in the path.

The current version, BGP-4, was formalized in RFC 4271 (2006) and operates over TCP port 179. By running on top of TCP, BGP benefits from reliable, ordered delivery without needing to implement its own transport mechanisms. Every major ISP, every cloud platform (AWS, Azure, GCP), and every internet exchange point relies on BGP to function.

BGP Peering: eBGP and iBGP

BGP sessions fall into two categories depending on whether the peers belong to the same Autonomous System or different ones.

eBGP (External BGP) refers to sessions between routers in different Autonomous Systems. These sessions exchange routes across organizational boundaries, such as between two ISPs or between an enterprise and its upstream provider. eBGP peers are typically directly connected and use a TTL of 1 by default, although multihop eBGP is possible when peers are not directly adjacent.

iBGP (Internal BGP) refers to sessions between routers within the same Autonomous System. iBGP distributes routes learned from external peers throughout the internal network. A key rule of iBGP is that a router does not re-advertise routes learned from one iBGP peer to another iBGP peer. This prevents loops but means that every iBGP router must peer with every other iBGP router in a full mesh, or the network must use route reflectors or confederations to scale.

Route reflectors are the most common solution. A designated route reflector receives routes from its iBGP clients and re-advertises them to other clients and peers, eliminating the need for a full mesh. Large networks typically deploy multiple route reflectors for redundancy.

AS 64500R1R2R3AS 64501R4R5AS 64502R6R7R8eBGPeBGPeBGPiBGP
BGP peering: eBGP sessions exchange routes between Autonomous Systems, while iBGP sessions distribute external routes within an AS.

BGP Path Selection

When a BGP router learns multiple paths to the same destination prefix, it must select a single best path to install in the routing table and advertise to its peers. BGP uses a deterministic sequence of tiebreakers, evaluated in order from highest to lowest priority. The first attribute that produces a clear winner determines the selected path.

BGP Best Path Selection (Simplified)Highest LOCAL_PREFtie?Shortest AS_PATHtie?Lowest ORIGIN typetie?Lowest MEDtie?eBGP over iBGPtie?Lowest Router ID→ Best Path
BGP selects the best path using a series of tiebreakers. LOCAL_PREF is evaluated first, and the process continues until a single best path is chosen.
PriorityAttributeDescription
1LOCAL_PREFLocally configured preference (higher wins). Used to prefer one ISP or path over another within your own AS.
2AS_PATH LengthNumber of AS hops to reach the destination (shorter wins). This is the most intuitive metric in BGP.
3ORIGINHow the route was learned: IGP (i) is preferred over EGP (e), which is preferred over Incomplete (?).
4MEDMulti-Exit Discriminator, a hint from the neighboring AS about its preferred entry point (lower wins).
5eBGP over iBGPPrefer routes learned from external peers over routes learned from internal peers.
6Lowest IGP MetricPrefer the nearest eBGP next-hop based on the internal routing cost (the IGP metric to the next-hop address).
7Lowest Router IDFinal tiebreaker using the router's BGP identifier, typically derived from a loopback address.

Autonomous Systems and AS Numbers

An Autonomous System (AS) is a network or group of networks under a single administrative domain that presents a unified routing policy to the internet. Each AS is identified by a unique AS Number (ASN), assigned by IANA through the five Regional Internet Registries (RIRs): ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC.

Originally, AS numbers were 16-bit values ranging from 0 to 65535. As the internet grew and the pool of available numbers shrank, 32-bit AS numbers (0 to 4,294,967,295) were introduced in RFC 6793. The range 64512 to 65534 (16-bit) and 4200000000 to 4294967294 (32-bit) are reserved for private use, similar to private IP address ranges.

Some well-known ASNs include Google (AS15169), Cloudflare (AS13335), Amazon (AS16509), and Microsoft (AS8075). You can look up any ASN using tools like PeeringDB, RIPE Stat, or BGP Looking Glass servers to see the routes it announces and its peering relationships.

BGP Message Types

BGP communication uses four message types, all carried over a persistent TCP connection on port 179. Each message begins with a 16-byte marker (all ones) followed by a 2-byte length and a 1-byte type field.

MessagePurpose
OPENEstablish a peering session by exchanging BGP version, AS number, hold time, and optional capabilities
UPDATEAdvertise new routes (with path attributes) or withdraw previously announced routes
KEEPALIVEMaintain the session by confirming the peer is still alive (sent every 60 seconds by default)
NOTIFICATIONReport an error condition and close the session (includes an error code and subcode)

BGP Route Attributes

Every BGP route carries a set of path attributes that describe the characteristics of the path. Attributes are categorized into four types based on whether they are required and how they propagate between peers.

Well-known mandatory attributes must be recognized by all BGP implementations and must be present in every UPDATE. These include AS_PATH (the sequence of ASes the route has traversed), NEXT_HOP (the IP address of the next router toward the destination), and ORIGIN (how the route was originally injected into BGP).

Well-known discretionary attributes must be recognized by all implementations but are not required in every UPDATE. LOCAL_PREF (used only within iBGP to indicate the preferred exit point) and ATOMIC_AGGREGATE (signals that route aggregation has occurred) fall into this category.

Optional transitive attributes may not be recognized by every implementation, but they must be passed along to other peers even if not understood. COMMUNITY and EXTENDED_COMMUNITY are the most important examples. BGP communities are 32-bit tags attached to routes that enable sophisticated traffic engineering. For instance, an ISP might define community values that instruct peers to lower LOCAL_PREF, prepend the AS_PATH, or blackhole traffic to a specific prefix.

Optional non-transitive attributes are dropped if not recognized. MED (Multi-Exit Discriminator) is the primary example, used to suggest a preferred entry point into an AS when multiple links exist between two neighbors.

BGP Security

BGP was designed in an era when the internet was a trusted, cooperative network. The protocol has no built-in mechanism to verify that a router is authorized to announce a particular prefix. This fundamental trust model has led to several categories of attacks and incidents.

BGP hijacking occurs when a network announces prefixes it does not own, either intentionally (to intercept or blackhole traffic) or accidentally (due to misconfiguration). Notable incidents include the 2008 Pakistan Telecom hijack of YouTube and the 2018 BGP hijack that redirected Amazon Route 53 traffic to steal cryptocurrency. Route leaks happen when a network re-advertises routes it received from one provider to another provider, violating the intended routing policy. These leaks can cause widespread outages, as seen in the 2019 Cloudflare outage caused by a route leak through a small ISP.

Several mitigation strategies have been developed. RPKI (Resource Public Key Infrastructure) allows prefix holders to cryptographically sign Route Origin Authorizations (ROAs) that bind a prefix to an authorized ASN. Networks that perform RPKI validation can reject routes with invalid origins. IRR (Internet Routing Registry) databases contain published routing policies that operators can use to build prefix filters. MANRS (Mutually Agreed Norms for Routing Security) is an industry initiative promoting filtering, anti-spoofing, coordination, and global validation. BGPsec extends RPKI to validate the entire AS_PATH, not just the origin, but adoption remains limited due to computational overhead and deployment complexity.

Common Use Cases for BGP

  • ISP interconnection: BGP is the standard protocol for exchanging routes between internet service providers, forming the backbone of global internet routing
  • Multi-homed enterprise: organizations that connect to multiple ISPs use BGP to advertise their prefixes and control inbound and outbound traffic paths for redundancy and performance
  • Cloud provider networking: AWS Direct Connect, Azure ExpressRoute, and GCP Cloud Interconnect all use BGP to exchange routes between customer networks and cloud environments
  • Internet exchange points (IXPs): IXPs provide a shared fabric where hundreds of networks peer using BGP, reducing latency and transit costs by enabling direct traffic exchange
  • Content delivery networks: CDNs like Cloudflare and Akamai use BGP (often with anycast) to direct users to the nearest edge server for faster content delivery
  • Traffic engineering: operators use BGP attributes such as LOCAL_PREF, AS_PATH prepending, MED, and communities to fine-tune how traffic enters and leaves their network

Frequently Asked Questions About BGP

What happens when BGP goes wrong?

BGP incidents can cause widespread internet outages. When a major network misconfigures its BGP announcements, traffic can be blackholed (dropped), rerouted through unintended paths, or directed to malicious destinations. The October 2021 Facebook outage, which took the platform offline for over six hours, was caused by a BGP configuration change that withdrew all of Facebook's routes from the global routing table.

What is BGP hijacking?

BGP hijacking is the illegitimate announcement of IP prefixes that a network does not own. Because BGP relies on trust between operators, any AS can announce any prefix, and neighboring networks may accept and propagate the announcement. This can be used to intercept traffic, perform man-in-the-middle attacks, or disrupt services. RPKI and prefix filtering are the primary defenses against hijacking.

What is the difference between eBGP and iBGP?

eBGP runs between routers in different Autonomous Systems and is used to exchange routes across organizational boundaries. iBGP runs between routers in the same AS and distributes externally learned routes internally. Key differences include the default TTL (1 for eBGP, 255 for iBGP), the next-hop behavior (eBGP changes the next-hop, iBGP preserves it by default), and the loop prevention mechanism (AS_PATH for eBGP, split-horizon rule for iBGP).

How many BGP routes are in the global routing table?

As of early 2026, the global BGP routing table contains over one million IPv4 prefixes and continues to grow steadily. The IPv6 table is smaller but expanding rapidly. Routers that carry the full global table need sufficient memory and processing power to handle this scale, which is why BGP routers at ISPs and IXPs tend to be high-end hardware.

What is a BGP community?

A BGP community is a 32-bit tag attached to a route that carries additional routing policy information. Communities allow operators to signal intent to their peers without modifying other attributes. For example, a customer might tag a route with a community that tells the upstream ISP to prepend the AS_PATH when advertising it to a specific peer. Well-known communities include NO_EXPORT (do not advertise outside the AS) and NO_ADVERTISE (do not advertise to any peer).

Do I need BGP for my network?

Most small and medium networks do not need BGP. If you connect to a single ISP with a single link, a default route is sufficient. BGP becomes necessary when you need to connect to multiple ISPs (multi-homing) for redundancy, when you own your own IP address space (provider-independent addresses), or when you need granular control over how traffic enters and exits your network. Cloud interconnect services (AWS Direct Connect, Azure ExpressRoute) also require BGP.

Related Protocols

  • OSPF: link-state interior gateway protocol commonly used alongside BGP within an AS
  • TCP: the transport protocol that BGP relies on for reliable session communication
  • ICMP: used for network diagnostics and error reporting, often useful when troubleshooting BGP reachability issues
  • DNS: the Domain Name System, which depends on BGP for global reachability of its servers