This chapter covers Border Gateway Protocol (BGP), the de facto exterior gateway protocol used to route traffic between autonomous systems on the internet. For the N10-009 exam, BGP concepts are tested under Objective 1.5 (Routing Technologies) and typically appear in 2-3 questions. You need to understand BGP's role, its path-vector nature, AS numbers, and basic path selection. This chapter provides a deep dive into BGP mechanics, configuration, and exam-critical details.
Jump to a section
BGP is like the global postal service for the internet. Autonomous Systems (ASes) are like countries, each with its own internal postal system. BGP routers are the international post offices at borders. When a letter (packet) needs to go from one country to another, the border post offices exchange routing information using BGP. They tell each other which destinations they can reach and the path (list of countries) to get there. This is done via BGP updates, which are like postal route maps. The path includes the AS numbers, just as a postal route might list countries. The best route is chosen based on policies (like trade agreements) and path length (number of countries). If a country's post office goes down, BGP withdraws that route, and traffic is rerouted. Unlike OSPF or EIGRP, which are like local courier services within a city, BGP is designed for global scale, handling hundreds of thousands of routes. It uses TCP port 179 for reliable updates, ensuring no route information is lost in transit.
What is BGP and Why Does It Exist?
BGP (Border Gateway Protocol) is a standardized exterior gateway protocol (EGP) defined in RFC 4271. Its primary purpose is to exchange routing information between autonomous systems (ASes) on the internet. An autonomous system is a collection of networks under a single administrative domain, identified by a unique 16-bit or 32-bit AS number. BGP is classified as a path-vector protocol, meaning it maintains the path (sequence of AS numbers) to reach a destination network. This path information is used to detect and prevent routing loops.
Unlike interior gateway protocols (IGPs) like OSPF and EIGRP, which are designed for fast convergence within a single AS, BGP is designed for scalability and policy-based routing across the global internet. BGP can handle hundreds of thousands of routes, whereas IGPs typically handle a few thousand. BGP uses TCP port 179 for reliable transport, ensuring that routing updates are not lost. This reliance on TCP makes BGP slower to converge than IGPs, but reliability is prioritized over speed.
How BGP Works: The Path-Vector Mechanism
BGP routers (speakers) establish TCP connections (port 179) with peers in other ASes (eBGP) or within the same AS (iBGP). Once the TCP session is established, the peers exchange complete routing tables. After the initial exchange, only incremental updates are sent. BGP uses four message types:
OPEN: Establishes and initializes a BGP session. Includes BGP version, AS number, hold time, and router ID.
UPDATE: Advertises new routes or withdraws existing ones. Contains path attributes (e.g., AS_PATH, NEXT_HOP) and Network Layer Reachability Information (NLRI).
KEEPALIVE: Sent periodically to maintain the session (default 60 seconds). If no KEEPALIVE or UPDATE is received within the hold time (default 180 seconds), the session is considered down.
NOTIFICATION: Sent when an error condition is detected (e.g., malformed message, session reset).
BGP Path Selection Algorithm
When a BGP router receives multiple routes to the same destination, it must choose the best path. The BGP best path selection algorithm is a step-by-step process that evaluates routes based on attributes. The default order is: 1. Prefer the route with the highest WEIGHT (Cisco proprietary, local to router). 2. Prefer the route with the highest LOCAL_PREF (local preference, used within AS). 3. Prefer the route that was originated locally via network or aggregate command. 4. Prefer the route with the shortest AS_PATH. 5. Prefer the route with the lowest ORIGIN type (IGP < EGP < incomplete). 6. Prefer the route with the lowest MED (Multi-Exit Discriminator). 7. Prefer eBGP over iBGP. 8. Prefer the route with the lowest IGP metric to the NEXT_HOP. 9. If both are eBGP, prefer the oldest route (to minimize route flapping). 10. Prefer the route from the peer with the lowest router ID. 11. Prefer the route from the peer with the lowest peer IP address.
BGP Attributes
BGP uses attributes to describe routes. Attributes are classified as well-known mandatory, well-known discretionary, optional transitive, and optional non-transitive. Key attributes include:
AS_PATH: Lists the AS numbers a route has traversed. Used for loop detection and path selection.
NEXT_HOP: The IP address of the next-hop router. For eBGP, this is usually the peer's interface IP.
LOCAL_PREF: Used within an AS to indicate preference (higher value preferred). Default is 100.
MED: Used to influence inbound traffic from a neighboring AS (lower value preferred). Default is 0.
ORIGIN: Indicates how the route was learned (IGP, EGP, or incomplete).
COMMUNITY: A tag (32-bit value) used to apply policies (e.g., no-export, local-AS).
BGP States
A BGP session goes through several states before becoming established:
IDLE: Initial state; BGP waits for a start event (e.g., neighbor configuration).
CONNECT: BGP initiates a TCP connection. If successful, moves to OPEN_SENT.
ACTIVE: If TCP connection fails, BGP retries. This state indicates connection attempts.
OPEN_SENT: OPEN message sent; waiting for OPEN from peer.
OPEN_CONFIRM: OPEN received; sends KEEPALIVE.
ESTABLISHED: Session is up; routes are exchanged.
BGP Configuration and Verification (Cisco IOS)
Basic eBGP configuration example:
router bgp 65001
neighbor 10.0.0.2 remote-as 65002
network 192.168.1.0 mask 255.255.255.0Verification commands:
- show ip bgp summary – displays BGP neighbor status, uptime, and route counts.
- show ip bgp – shows the BGP table.
- show ip route bgp – shows BGP routes in the routing table.
- show ip bgp neighbors – detailed neighbor information.
- debug ip bgp updates – monitors BGP updates (use with caution).
BGP and Related Technologies
BGP interacts with IGPs through route redistribution. Typically, BGP routes are redistributed into an IGP (e.g., OSPF) only for iBGP sessions to avoid full mesh requirements. BGP also supports route reflectors and confederations to scale iBGP. MPLS VPNs use BGP to transport VPNv4 routes. BGP is also used in data center environments for EVPN (Ethernet VPN).
BGP Timers
KEEPALIVE interval: 60 seconds (default)
Hold time: 180 seconds (default)
Connect-retry interval: 120 seconds (default)
Advertisement interval (eBGP): 30 seconds (Cisco default, per RFC)
Advertisement interval (iBGP): 0 seconds (immediate)
BGP Scalability
BGP is designed for the internet's scale. As of 2025, the global BGP table has over 900,000 routes. BGP routers must have sufficient memory to store these routes. Route aggregation (summarization) reduces table size. BGP also supports route filtering using prefix-lists, AS-path access-lists, and route-maps.
Establish TCP Connection
BGP peers initiate a TCP connection on port 179. The router in the IDLE state transitions to CONNECT and attempts to establish a TCP session. If successful, it sends an OPEN message. If the TCP connection fails, it moves to ACTIVE and retries. This ensures reliable transport for BGP messages.
Exchange OPEN Messages
Each peer sends an OPEN message containing the BGP version (typically 4), its AS number, hold time (default 180 seconds), BGP identifier (router ID, usually the highest loopback IP), and optional parameters. The peers negotiate the hold time (use the smaller value). If parameters are acceptable, they send a KEEPALIVE message.
Exchange Complete Routing Tables
After the session is ESTABLISHED, peers exchange their entire BGP tables using UPDATE messages. Each UPDATE contains NLRI (prefixes) and path attributes. The initial exchange can be large (hundreds of thousands of routes). After this, only incremental updates are sent.
Send KEEPALIVE Messages
KEEPALIVE messages are sent every 60 seconds (default) to maintain the session. If no KEEPALIVE or UPDATE is received within the hold time (180 seconds), the session is considered down, and all routes from that peer are withdrawn. This ensures liveness detection.
Apply Best Path Selection
When multiple routes to the same prefix exist, the BGP process runs the best path selection algorithm. It evaluates attributes in order: highest WEIGHT, highest LOCAL_PREF, locally originated, shortest AS_PATH, lowest ORIGIN, lowest MED, eBGP over iBGP, lowest IGP metric to NEXT_HOP, oldest route for eBGP, lowest router ID, lowest peer IP. The best route is installed in the routing table.
Advertise Best Routes to Peers
The router advertises its best path to each neighbor (unless filtered). For eBGP, it prepends its own AS number to the AS_PATH. For iBGP, it does not modify AS_PATH. Routes learned from an eBGP peer are advertised to iBGP peers (and vice versa, but with split-horizon rules).
Enterprise Multihoming
A company with a single AS (e.g., 65001) connects to two ISPs (AS 100 and AS 200) for redundancy. BGP is configured on the border routers. The enterprise advertises its public IP prefix (e.g., 203.0.113.0/24) to both ISPs. Inbound traffic is influenced by setting MED or AS_PATH prepending. For example, to prefer ISP1, the enterprise may prepend its AS three times on routes sent to ISP2: set as-path prepend 65001 65001 65001. Outbound traffic is controlled by setting LOCAL_PREF higher for the preferred ISP. BGP timers are tuned: hold time increased to 240 seconds to avoid flapping during brief outages. Memory considerations: the BGP table from both ISPs may contain 900k+ routes; the router must have sufficient RAM (at least 2 GB for full tables).
MPLS VPN Provider
A service provider uses BGP to transport VPNv4 routes between Provider Edge (PE) routers. Each PE runs iBGP with route reflectors to avoid a full mesh. The provider uses BGP communities to tag routes for different customers (e.g., community 100:100 for gold service). Route maps apply QoS or bandwidth policies based on communities. Misconfiguration: forgetting to set the next-hop-self on iBGP peers causes reachability issues. Common fix: neighbor x.x.x.x next-hop-self.
BGP in Data Center (EVPN)
Modern data centers use BGP for EVPN (Ethernet VPN) to provide VXLAN control plane. Spine switches run BGP with leaf switches. Each leaf advertises MAC/IP addresses via BGP EVPN routes. This replaces traditional flooding and learning. Scalability: BGP EVPN can handle thousands of tenants. Misconfiguration: incorrect route-target import/export leads to black holes. Troubleshooting involves checking show bgp l2vpn evpn.
N10-009 Exam Focus
The CompTIA Network+ exam tests BGP concepts under Objective 1.5 (Routing Technologies). You are expected to:
Identify BGP as an exterior gateway protocol (EGP) used between autonomous systems.
Understand the concept of autonomous system numbers (ASN) and that BGP is a path-vector protocol.
Know basic BGP path selection: shortest AS_PATH is preferred.
Recognize that BGP uses TCP port 179.
Differentiate between eBGP and iBGP (eBGP between ASes, iBGP within AS).
Understand BGP's role in the internet and its policy-based routing.
Common Wrong Answers
'BGP uses UDP port 179.' – Wrong. BGP uses TCP for reliable delivery. Candidates confuse it with RIP (UDP 520) or OSPF (IP 89).
'BGP is a link-state protocol.' – Wrong. BGP is path-vector. Candidates mix it up with OSPF (link-state) or EIGRP (hybrid/advanced distance-vector).
'BGP has fast convergence like OSPF.' – Wrong. BGP converges slower due to TCP and hold timers (180 seconds). OSPF converges in seconds.
'BGP uses hop count as metric.' – Wrong. BGP uses AS_PATH length, not hop count. Hop count is RIP's metric.
Exam Numbers and Terms
TCP port 179
Default hold time: 180 seconds
Default keepalive: 60 seconds
ASN: 16-bit (1-64511 public, 64512-65535 private) or 32-bit (AS4 notation)
BGP version 4
Path-vector protocol
eBGP vs iBGP
Edge Cases
The exam may ask: 'Which protocol is used between ISPs?' Answer: BGP.
'What attribute prevents loops?' Answer: AS_PATH.
'Which BGP state indicates a problem?' Answer: ACTIVE (stuck in active means TCP connection issues).
'What is the default administrative distance for eBGP?' Answer: 20 (for iBGP: 200).
Eliminating Wrong Answers
If an answer mentions 'link-state database' or 'SPF algorithm', it's not BGP. If it mentions 'UDP', it's not BGP. If it says 'fast convergence', it's likely not BGP. Focus on the path-vector nature and TCP reliability.
BGP is a path-vector protocol that uses TCP port 179 for reliable communication.
BGP is used between autonomous systems (eBGP) and within an AS (iBGP).
The AS_PATH attribute is used for loop prevention and path selection (shorter path preferred).
Default BGP timers: keepalive 60 seconds, hold time 180 seconds.
BGP best path selection considers WEIGHT, LOCAL_PREF, locally originated, AS_PATH length, ORIGIN, MED, eBGP vs iBGP, IGP metric to next-hop, age, router ID, and peer IP.
BGP states: IDLE, CONNECT, ACTIVE, OPEN_SENT, OPEN_CONFIRM, ESTABLISHED.
BGP is slower to converge than IGPs like OSPF.
Private AS numbers: 64512-65535 (16-bit) and 4200000000-4294967294 (32-bit).
These come up on the exam all the time. Here's how to tell them apart.
eBGP
Operates between different autonomous systems.
Default administrative distance is 20.
AS_PATH is prepended with the local AS number.
Typically uses directly connected interfaces for peering.
Routes learned from eBGP are advertised to iBGP peers by default.
iBGP
Operates within the same autonomous system.
Default administrative distance is 200.
AS_PATH is not modified.
Can peer over non-directly connected networks (loopbacks).
Requires full mesh of TCP connections or route reflectors to avoid loops (split horizon).
Mistake
BGP uses UDP for reliability.
Correct
BGP uses TCP port 179 for reliable transport. UDP is used by RIP and DHCP, not BGP.
Mistake
BGP is a link-state protocol.
Correct
BGP is a path-vector protocol. It does not maintain a link-state database; it uses path attributes and AS_PATH for loop prevention.
Mistake
BGP is used for routing within an autonomous system.
Correct
BGP is an exterior gateway protocol (EGP) designed for routing between autonomous systems. Within an AS, IGPs like OSPF or EIGRP are used.
Mistake
BGP uses hop count as its metric.
Correct
BGP uses AS_PATH length (number of ASes traversed) as a metric, not hop count. Hop count is used by RIP.
Mistake
BGP converges faster than OSPF.
Correct
BGP converges slower due to TCP overhead and default hold timers (180 seconds). OSPF converges in seconds using hello/dead intervals.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
BGP uses TCP port 179. This is a common exam question. Remember that BGP relies on TCP for reliable delivery of routing updates, unlike OSPF (IP 89) and RIP (UDP 520).
eBGP runs between routers in different autonomous systems, has an AD of 20, and prepends its AS number to the AS_PATH. iBGP runs within the same AS, has an AD of 200, does not modify AS_PATH, and requires a full mesh or route reflectors to avoid loops.
BGP uses the AS_PATH attribute. When a router receives an update, it checks if its own AS number is in the AS_PATH. If it is, the route is discarded to prevent loops. This is a key feature of path-vector protocols.
The default hold time is 180 seconds. The keepalive interval is 60 seconds. If no keepalive or update is received within the hold time, the BGP session is torn down. The exam may ask you to calculate the minimum number of keepalives needed to maintain a session.
The ACTIVE state indicates that the router is trying to establish a TCP connection with its peer. If a BGP session is stuck in ACTIVE, it usually means the peer is unreachable or there is a configuration mismatch (e.g., wrong AS number).
eBGP has an AD of 20; iBGP has an AD of 200. This means eBGP routes are preferred over iBGP routes and most IGPs (e.g., OSPF AD 110). The exam may test this in route selection scenarios.
Yes, iBGP is used within a single AS, but it is typically used to carry external routes (from eBGP) across the AS. iBGP requires a full mesh of TCP sessions or route reflectors to avoid routing loops due to the split-horizon rule.
You've just covered BGP Concepts — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?