Skip to main content
BGP (Border Gateway Protocol) is a path-vector routing protocol used to exchange routing information between autonomous systems (AS) on the Internet (eBGP) or within a large organisation (iBGP). Defined in RFC 4271, it’s the backbone of the Internet and commonly used in hybrid cloud setups (e.g. AWS Direct Connect or VPN route propagation).

Key Characteristics

FeatureDescription
TypePath-vector
AlgorithmBased on AS-PATH, policy, and attributes
TransportTCP port 179
MetricMulti-attribute (weight, local-pref, AS-path, etc.)
ScalabilityVery high (Internet-grade)
ConvergenceSlower than OSPF but stable
AuthenticationMD5 optional
Use CaseISP peering, hybrid cloud, WAN, and data centre edge

BGP Concepts

Term / AttributeDescription
AS (Autonomous System)A group of routers under a single administrative domain
iBGP / eBGPiBGP (internal) within the same AS; eBGP (external) between ASes
Neighbor (Peer)Router that exchanges BGP updates with another
AS-PATHSequence of AS numbers a route has traversed (used for loop prevention)
NEXT_HOPIP address of the next hop for reaching a destination
LOCAL_PREFPreference for outbound routes within an AS (higher = preferred)
MED (Multi-Exit Discriminator)Suggests preferred inbound route from neighbouring AS
WeightCisco-specific, local to the router; higher = preferred
Prefix FilteringControls which prefixes are advertised or accepted

BGP Session Types

Session TypeDescriptionExample
eBGPBetween routers in different ASesAS 65001 ↔ AS 65002
iBGPBetween routers in the same ASAS 65001 ↔ AS 65001
Route ReflectoriBGP router that redistributes routes to clientsReduces iBGP full-mesh requirement

Configuration Examples

RouterA(config)# router bgp 65001
RouterA(config-router)# neighbor 192.168.100.2 remote-as 65002
RouterA(config-router)# network 10.0.0.0 mask 255.255.255.0
RouterA(config-router)# neighbor 192.168.100.2 description eBGP-to-RouterB
RouterA(config-router)# end

RouterA# show ip bgp summary
RouterA# show ip bgp
Explanation:
  • The router advertises 10.0.0.0/24 to its eBGP neighbour in AS 65002
  • BGP sessions use TCP port 179
  • eBGP default TTL = 1 (directly connected peers only)

BGP in AWS and Cloud Context

AWS uses BGP for route propagation between:
  • Customer Gateway (CGW) and Virtual Private Gateway (VGW) in VPN setups
  • Transit Gateway (TGW) and Direct Connect Gateways (DXGW)
  • Hybrid environments — enabling dynamic route exchange with on-prem routers

Example AWS BGP Sessions

Local DevicePeerTypeAS NumberNotes
pfSenseAWS VGWeBGP65001 ↔ 7224Routes advertised dynamically
Cisco ISRAWS DXGWeBGP65010 ↔ 64512Uses MD5 authentication over TCP 179

BGP Path Selection

BGP selects the best route using these attributes (in order):
1

Weight

Highest Weight (Cisco only)
2

Local Preference

Highest Local Preference
3

Locally Originated

Locally originated route (network or aggregate-address)
4

AS-PATH

Shortest AS-PATH
5

Origin Type

Lowest Origin type (IGP < EGP < Incomplete)
6

MED

Lowest MED
7

eBGP vs iBGP

eBGP learned routes preferred over iBGP
8

IGP Metric

Lowest IGP metric to the next hop
9

Router ID

Lowest Router ID

Security and Filtering

MechanismDescription
Prefix-lists / Route-mapsLimit which routes are advertised or received
MD5 AuthenticationProtects against session hijacking
TTL Security / GTSMPrevents spoofed packets from non-adjacent routers
Max-prefix LimitPrevents accidental large route advertisements
Route DampeningAvoids flapping route instability

Example Security Configuration (Cisco)

Router(config)# router bgp 65001
Router(config-router)# neighbor 192.168.100.2 password MySecureBGPkey
Router(config-router)# neighbor 192.168.100.2 ttl-security hops 1
Router(config-router)# neighbor 192.168.100.2 maximum-prefix 100

Lab Exercise

1

Setup Lab Environment

Use two routers or VMs (Cisco or FRR)
2

Configure ASNs

Configure AS 65001 on Router A and AS 65002 on Router B
3

Advertise Prefixes

Advertise unique prefixes (10.0.0.0/24, 10.1.0.0/24)
4

Establish Session

Establish an eBGP session
5

Verify

Verify using show ip bgp summary and confirm route exchange
6

Test Failover

Break the link — observe hold timers and session re-establishment
7

Advanced Testing

Optionally, integrate pfSense or AWS VPN to test hybrid propagation

Troubleshooting Commands

# Display session status and ASNs
show ip bgp summary

# Show BGP capabilities and state
show ip bgp neighbors

# Display learned and advertised routes
show ip bgp

Further Reading

Build docs developers (and LLMs) love

Get started for freeTalk to us