My BGP Notes – Part 1

My BGP notes. It’s going to be a series of posts here….My BGP Notes 1,2,3,……

I have been keeping BGP notes on many scattered places. A lot of times when I want to refresh my BGP knowledges – I could not find the notes I kept earlier easily and end up Googling (yes, BGP references are everywhere but I prefer my own way of taking notes). Hence, I am adding my BGP notes on my blog page.

To me, BGP is not only a routing protocol but rather BGP is a big “network application” I use in designing network in enterprise connectivity, data centre networking and ISP connectivities.

This is the “part 1” of my notes; I will start with the fundamentals of BGP.

The Basics

-RFC 1654 defines BGP as an EGP path-vector routing protocol.
-BGP is designed for IPv4. (But Multiprotocol BGP – MP-BGP works with IPv6).
-BGP configuration requires Autonomous System Numbers (ASN).
-ASN numbering was originally 16-bits long number (2-bytes); 1-65,535.
-Extended ASN ranges are 32-bits (4-bytes) number up to 4,294,967,294.
-ASN 64,512–65,535 are private within 2-bytes range.
-ASN 4,200,000,000–4,294,967,294 are private within 4-bytes range.
-The BGP version we use is BGP v4.
-Multiprotocol BGP (MP-BGP) supports wide range of address families beside IP (l2vpn, l3vpn, even, unicast, multicast….)

BGP Sessions

-A BGP session refers to the established adjacency between two BGP speaker routers. BGP sessions are always point-to-point between two BGP speakers.
-A BGP session can be iBGP, when a BGP session established within same ASN number; both BGP speakers belongs to the same ASN.
-A BGP session can be eBGP, when BGP speakers are belongs to different ASN number.
-iBGP administrative distance is 200 whereas eBGP administrative distance is 20.
-BGP speakers do not use Hello packets to discover neighbours like IGP routing protocols.
-A BGP session can not be discovered automatically like OSPF/EIGRP/RIP.
-BGP use TCP port 179 to communicate with neighbors.
-A BGP session starts with TCP 3-way handshake.

BGP Messages

BGP speakers use four (04) messages to communicate between themselves.

(01)OPEN message
(02)KEEPALIVE message
(03)UPDATE message
(04)NOTIFICATION message

Some vendor implementation use a fifth message – this is called “Route Refresh” message; however, this is found in OPEN message for Cisco routers (part of optional capabilities).

BGP messages are easy to identify in captured packets using Wireshark. Let’s see what we found in different BGP messages.

OPEN Message

After the 3 way TCP handshake, the very first BGP message is called “Open”. Both BGP speakers negotiate session capabilities before a BGP peerin established.

Screenshot of OPEN message following.

Based on the OPEN message captured, we found the following items here –

-BGP version
-ASN number
-Hold Time
-BGP identifier (RID)
-BGP capabilities (Multiprotocol extensions, Route refresh capabilities, Graceful Restart capabilities, support for Extended ASN 4-bytes octet)

Notes on Hold Time: BGP default hold time suggested is 90 second (3x of keepalive) and keepalives is 30 seconds. BGP default keepalive and hold time are vendor specific these days.


Although BGP use TCP 3-way handshake, it does not rely on TCP connection states (ack mechanism) to check if the peer is still alive.

BGP KEEPALIVE is simple message format sent every 1/3 of configured Hold Time interval. BGP configuration with 90 seconds Hold Time will send KEEPALIVE every 30 seconds. If Hold Time is set to zero second – then there is no KEEPALIVE!

Screenshot of KEEPALIVE message following.

UPDATE Message

BGP network advertisement are includes in UPDATE messages. BGP send both feasible routes and withdrawn routes (previously advertised). Route prefixes and BGP Path Attributes (PA) are found in BGP NLRI. MP_REACH_NLRI and MP_UNREACH_NLRI along with AFI and SAFI details are found in UPDATE messages.

UPDATE message can act as KEEPALIVE to reduce noise in BGP communications.

Screenshot of UPDATE message following.


NOTIFICATION message is sent if there is an error found in BGP communication between BGP speakers. Notification codes includes “Cease”, “Hard Reset” etc.

Screenshot of NOTIFICATION message following.

BGP Message Header

BGP messages header has following three items –

(01)Marker; this is filled with all fffffffff……16-octets for all message types.
(02)Length; length can be different for different types of the message and also based on what information are in the message. Total length is mentioned on the top of the header; breakdowns are in each path attributes section. Min length size is 19 bytes and max size is 4096 bytes.
(03)Type; Open/Update/Keepalive/Notificaiton.