BGP Explained

The Building Blocks

BGP session establishment

BGP sessions run over TCP port 179. Two routers that want to exchange routes must first form a BGP session by exchanging OPEN messages, which carry the sender's AS number, BGP version (always 4 in modern deployments), BGP identifier (usually the router's highest loopback IP), and optional capabilities. Once both sides accept the OPEN, they exchange their full routing table in UPDATE messages, then transition to steady state. In steady state, KEEPALIVE messages are sent every 60 seconds by default; if three consecutive KEEPALIVEs are missed (the HOLD timer of 180 seconds expires), the session tears down and all routes learned from that peer are withdrawn. Operators tune these timers: faster timers mean quicker failure detection but more sensitivity to momentary packet loss.

BGP UPDATE message structure

Each UPDATE message contains three components. Withdrawn routes list prefixes that are no longer reachable and should be removed from the receiving router's table. Path attributes describe the characteristics of the routes being advertised. NLRI (Network Layer Reachability Information) lists the IP prefixes being announced as reachable via the described path. A single UPDATE can withdraw many routes, announce many prefixes, but can only carry one set of path attributes — prefixes with different attributes require separate UPDATEs.

Key path attributes

Path attributes are what make BGP a policy-driven protocol rather than a simple distance-vector algorithm. Each attribute influences route selection differently:

• NEXT_HOP: The IP address that should be used as the next hop to reach the advertised prefix. In eBGP, this is set to the advertising router's interface IP; in iBGP, it is often unchanged (requiring IGP reachability to the original next hop).
• AS_PATH: The ordered list of ASNs the route has traversed. BGP uses this for loop detection — a router will not accept a route whose AS_PATH already contains its own ASN. Shorter AS_PATH is preferred in best path selection (all else equal).
• LOCAL_PREF: Used within an AS (iBGP only) to indicate which exit point is preferred when multiple paths to the same prefix exist. Higher LOCAL_PREF wins. This is how an operator says "prefer the New York exit over the Los Angeles exit."
• MED (Multi-Exit Discriminator): Sent to a neighboring AS to suggest which of multiple entry points into your AS is preferred. Lower MED wins. Unlike LOCAL_PREF, MED crosses AS boundaries — but the receiving AS is free to ignore it.
• COMMUNITY: A tag (32-bit value) attached to routes for policy signaling. Communities can trigger actions at other networks: "blackhole this prefix," "do not export this route," or "apply a specific local pref." Well-known communities include NO_EXPORT and NO_ADVERTISE.

BGP best path selection

When a router has multiple paths to the same prefix from multiple BGP peers, it runs the best path selection algorithm. Steps are evaluated in order, stopping as soon as a tiebreaker is found:

1. Highest weight (Cisco-proprietary, local to router)
2. Highest LOCAL_PREF
3. Locally originated routes preferred over received routes
4. Shortest AS_PATH length
5. Lowest ORIGIN type (IGP < EGP < Incomplete)
6. Lowest MED (when comparing paths from the same neighboring AS)
7. eBGP-learned routes preferred over iBGP-learned routes
8. Lowest IGP metric to the NEXT_HOP
9. Lowest BGP router ID (the tiebreaker of last resort)

This ordering is why "shortest path" is often not what BGP chooses: LOCAL_PREF (controlled by the local operator) overrides AS_PATH length, so a longer-AS-path route through a preferred provider wins over a shorter path through a less-preferred one.

Route reflectors and iBGP scaling

Within a single AS, BGP requires every router to have a direct iBGP session with every other BGP router — a full mesh. For an AS with 10 BGP speakers that is 45 sessions; for 100 speakers it is 4,950. Route reflectors solve this: designated routers receive routes from iBGP clients and reflect them to other clients, breaking the full-mesh requirement. A route reflector adds the ORIGINATOR_ID and CLUSTER_LIST attributes to reflected routes to prevent loops. Large ISPs use hierarchical route reflector designs with multiple levels.

RPKI and route origin validation

RPKI (Resource Public Key Infrastructure) is the cryptographic framework for validating that an AS is authorized to originate a given IP prefix. Network operators create Route Origin Authorizations (ROAs) — signed records that specify which ASN is allowed to announce which prefix. Routers with RPKI-enabled validation can mark received routes as Valid, Invalid, or Not Found. An Invalid route (wrong AS announcing a prefix) can be dropped — this is what stops BGP hijack attacks where a rogue AS announces someone else's prefix. RPKI adoption has grown significantly since 2019 but remains incomplete across the global routing table.

Real-world BGP incidents

BGP's trust model — any AS can announce any prefix — has caused large outages. In 2010, China Telecom briefly announced routes for 50,000+ prefixes including those belonging to US government agencies, redirecting global traffic through Chinese infrastructure. In 2019, a misconfigured small ISP in Pennsylvania leaked routes learned from Verizon to Cloudflare and others, causing widespread outages because Verizon accepted the leak without filtering. In 2021, Facebook's own BGP withdrawal of its prefixes — caused by a configuration change that removed its own routes — made Facebook, Instagram, and WhatsApp unreachable globally for six hours. These incidents illustrate that BGP's correctness depends entirely on operators filtering, validating, and testing route changes carefully.

What BGP Means for Speed Tests

Your speed test does not only measure your access link. It also depends on the path between your ISP and the test server. BGP routing can decide whether that path stays local, crosses a congested transit provider, takes a long geographic detour, or lands on a nearby CDN or anycast node.

Frequently Asked Questions

What does BGP stand for?

BGP stands for Border Gateway Protocol. It is the inter-domain routing protocol used by autonomous systems to exchange reachability information on the internet.

Does home internet use BGP?

Most home routers do not run BGP. Your ISP uses BGP upstream to exchange routes with other networks, and your home traffic follows the paths those networks select.

Why can a BGP problem break websites?

If a network withdraws, leaks, or incorrectly announces routes, other networks may not know how to reach the affected IP prefixes or may send traffic to the wrong place.