What is BGP? A CCIE’s End-to-End Guide to Border Gateway Protocol

On October 4, 2021, BGP broke Facebook.

For about 6 hours, Facebook, Instagram, and WhatsApp vanished from the internet. Not slow. Not buggy. Gone. The outage cost Meta an estimated $60M in revenue and took 3.5 billion users offline at the same time. The cause? A single BGP misconfiguration that withdrew Facebook’s routes from the global routing table. The world’s largest social platform disappeared because of one routing protocol.

That’s the kind of power BGP holds over the internet.

What is BGP? (Quick Answer)

BGP (Border Gateway Protocol) is the standardised exterior gateway protocol that exchanges routing information between Autonomous Systems on the internet. It runs over TCP port 179, uses path-vector logic to prevent loops, and picks the best route using attributes like AS_PATH, LOCAL_PREF, and MED. BGP carries over 950,000 IPv4 prefixes worldwide in 2026 and is the only routing protocol built for internet-scale connectivity.

In plain English: BGP is how the internet’s networks talk to each other. Every ISP, cloud provider, data centre, and large enterprise runs BGP to decide where your data should go next.

If you’re studying for CCNP or CCIE, designing a multi-homed network, or just want to stop confusing BGP with OSPF in interviews, this guide walks you through every part of the protocol with real examples and configs.

---

📥 Free Download: BGP End-to-End Reference (148 Pages)

Built from real CCIE lab notes. Path selection, attributes, peering states, troubleshooting, working configs. The same reference our CCIE Enterprise students use.

Get the Free PDF

Enter your email to download instantly.

Thank you! Your PDF is ready.

Download PDF

---

Why BGP Runs the Internet

BGP isn’t just another routing protocol. It’s the protocol that holds the internet together.

Here’s why it matters in 2026:

• 950,000+ IPv4 prefixes are carried in the global BGP table (up from 814K in 2020)
• Over 75,000 Autonomous Systems announce routes via BGP today
• Every Tier-1 ISP runs BGP, including AT&T, Lumen, NTT, Telia, GTT, Deutsche Telekom
• AWS, Azure, Google Cloud, and Cloudflare use BGP for anycast routing and DDoS protection
• Every internet exchange point (IXP) like AMS-IX, DE-CIX, LINX uses BGP to peer hundreds of networks

When BGP breaks, the internet breaks. October 2021 Facebook. June 2019 Verizon. July 2020 Cloudflare. April 2022 Rogers Canada took 12M Canadians offline for 15 hours. All BGP. All preventable with proper configuration and monitoring.

If you’re aiming for a network engineer career, BGP is non-negotiable. It’s on every CCNP, CCIE, JNCIP, and AWS Advanced Networking exam. It’s also the #1 protocol asked about in senior network engineer interviews.

How BGP Works (The Real Mechanics)

BGP isn’t magic. Once you understand the 4 building blocks, the rest clicks into place.

1. Autonomous Systems (AS)

An Autonomous System is a network or group of networks under one administrative control. Your ISP is an AS. Cloudflare is an AS. The University of Toronto is an AS.

Each AS gets a unique number (ASN) from IANA/RIRs:

• AS15169 = Google
• AS32934 = Meta (Facebook)
• AS13335 = Cloudflare
• AS16509 = Amazon AWS

BGP runs between these ASes. That’s why it’s called the Border Gateway Protocol. It sits at the border.

2. TCP Port 179 (Not Multicast, Not UDP)

Unlike OSPF or EIGRP, BGP doesn’t auto-discover neighbours. You configure each BGP peer by hand, with an IP address and ASN. Once configured, BGP opens a reliable TCP session on port 179.

neighbor 203.0.113.1 remote-as 65001

That’s it. One line tells your router “talk BGP to this IP, and that IP is in AS 65001.” The TCP session handles retransmission, ordering, and error recovery. BGP doesn’t reinvent that wheel.

3. NLRI (Network Layer Reachability Information)

NLRI is BGP’s word for the actual route being advertised. It’s a prefix plus a set of attributes that describe how to reach that prefix.

Example NLRI: “Prefix 8.8.8.0/24, AS_PATH = 65003 65002 65001 15169, NEXT_HOP = 192.0.2.5”

That tells the receiving router: “To reach 8.8.8.0/24, send traffic to 192.0.2.5, and you’ll pass through AS 65003, 65002, 65001, and finally land in Google’s AS 15169.”

4. Path-Vector Logic (Loop Prevention)

BGP is a path-vector protocol. That means every route carries the full list of ASes it has traversed (the AS_PATH). Before accepting a route, BGP checks if its own ASN is already in the AS_PATH. If yes, it drops the route. Loop prevented.

This is why BGP scales to 950K+ prefixes when distance-vector protocols like RIP collapse at 15 hops.

iBGP vs eBGP (The First Thing CCIE Students Get Wrong)

BGP has two flavours, and mixing them up will break your network.

Type	Used Between	TTL Default	Next-Hop Behaviour
eBGP (External)	Routers in different ASes	1 (directly connected)	Changes on each hop
iBGP (Internal)	Routers in the same AS	255	Doesn’t change

The catch with iBGP: it requires a full mesh. Every iBGP router must peer with every other iBGP router in the AS. With 10 routers, that’s 45 sessions. With 100, that’s 4,950. Painful.

Two scaling fixes:

• Route Reflectors (RR): centralised iBGP hubs that re-advertise routes
• Confederations: split one large AS into smaller sub-ASes

Route reflectors are what 99% of real networks use. We cover RR design in detail in the CCIE Enterprise course.

BGP Path Attributes (Where the Real Power Lives)

BGP doesn’t pick routes by hop count. It picks them by attributes. There are dozens, but these 5 matter most:

LOCAL_PREF (Local Preference)

• Higher wins
• Used inside an AS to decide which exit point to use
• iBGP-only (doesn’t cross AS boundaries)
• Default value: 100
• Use case: “Prefer the cheaper transit provider”

AS_PATH

• Shorter wins
• The list of ASes a route has traversed
• Used for loop prevention AND path selection
• You can prepend your own ASN to make a path look longer (and less attractive)
• Use case: traffic engineering, primary/backup ISP

MED (Multi-Exit Discriminator)

• Lower wins
• A hint to your neighbour about which entry point to use
• Crosses one AS boundary, but not further
• Use case: “If you have two links to me, send traffic via link A”

NEXT_HOP

• The IP address to forward packets to
• Doesn’t change inside an AS (iBGP keeps it intact)
• Common trouble source: if the next-hop isn’t reachable, the route is invalid

COMMUNITIES

• Tags attached to routes
• Used for policy (e.g., “don’t export this”, “set MED to 50”, “blackhole this prefix”)
• The Swiss army knife of real-world BGP policy

If you want to drill deeper, check out our BGP vs OSPF guide for a side-by-side breakdown of how attribute-based path selection compares to OSPF’s cost metric.

BGP Best Path Selection Algorithm

When BGP receives multiple paths to the same prefix, it walks through a 13-step decision process. Memorise this. CCIE labs test it directly.

1. Highest WEIGHT (Cisco-only, local to the router)
2. Highest LOCAL_PREF
3. Locally originated (network or aggregate statement wins)
4. Shortest AS_PATH
5. Lowest ORIGIN type (IGP < EGP < Incomplete)
6. Lowest MED
7. eBGP over iBGP
8. Lowest IGP metric to NEXT_HOP
9. Oldest route (most stable)
10. Lowest Router-ID
11. Shortest Cluster List
12. Lowest neighbor IP address

That’s the order. Most real-world policy changes happen at steps 1, 2, and 4. The rest are tie-breakers.

💡 Memory trick: “We Love Oranges As Oranges Mean Pure Refreshment” = Weight, LOCAL_PREF, Originated, AS_PATH, Origin, MED, eBGP, IGP, Older, Router-ID.

The free PDF walks through all 13 steps with real show ip bgp output and lab topologies. Grab it below if you haven’t already.

BGP vs OSPF: The Quick Comparison

You probably already know this if you’ve read our full BGP vs OSPF guide, but here’s the one-liner:

• OSPF = inside your network, fast, automatic, link-state, single AS
• BGP = between networks, policy-driven, path-vector, scales to the whole internet

Most production networks run both. OSPF or IS-IS as the IGP for internal connectivity, BGP for everything that touches another network.

Real-World BGP Use Cases

Where do you actually run into BGP outside of a lab?

1. Multi-Homing to Two ISPs

Your business connects to two ISPs for redundancy. BGP picks the best path automatically and fails over if one ISP goes down. The most common enterprise BGP use case.

2. Internet Service Providers

Every ISP runs BGP. It’s how they exchange routes with peers, transit providers, and customers. If you work for an ISP, you live in BGP.

3. Data Centre Fabrics (BGP EVPN)

Modern spine-leaf data centres run BGP EVPN instead of traditional Layer 2. Used heavily in Cisco ACI, Arista, and Cumulus deployments. Our Cisco ACI course covers BGP EVPN end-to-end.

4. SD-WAN Overlays

SD-WAN solutions like Cisco SD-WAN use BGP (often with OMP) to advertise prefixes between branches. See our Cisco SD-WAN training and the application-aware routing guide for how this works in practice.

5. Cloud Connectivity

AWS Direct Connect, Azure ExpressRoute, GCP Interconnect. All use BGP for dynamic routing between your on-prem network and the cloud.

6. Anycast and DDoS Mitigation

Cloudflare, Google Public DNS (8.8.8.8), and CDN providers use BGP anycast to route users to the nearest server. Same IP, different physical location.

BGP Security: The Achilles Heel

BGP was designed in 1989. Trust between networks was assumed. That assumption is the root of every BGP outage.

Route Hijacking

Someone announces a prefix they don’t own. Traffic gets diverted. Famous case: April 2018, when MyEtherWallet users had their Ethereum stolen via a BGP hijack of Amazon Route 53.

Route Leaks

A network accidentally advertises routes from one peer to another. June 2019, Pennsylvania ISP leaked 70,000 routes from Verizon. Major outage across the US East Coast.

Misconfigurations

The Facebook 2021 outage. A maintenance script withdrew Facebook’s BGP routes. DNS servers became unreachable. Even Facebook employees couldn’t access internal tools to fix it.

Defences (What You Should Run)

• RPKI (Resource Public Key Infrastructure): cryptographic validation of route origins
• Route filtering: only accept prefixes you expect from each peer
• Max-prefix limits: drop sessions if a peer sends too many routes
• MANRS compliance: Mutually Agreed Norms for Routing Security

Our CCIE Security course covers BGP security in lab format with real RPKI and route-filtering scenarios.

Frequently Asked Questions About BGP

What’s Next?

You now know what BGP is, how it works, why it matters, and where it breaks. That’s the foundation.

If you want to go deeper, three paths from here:

1. Want the full reference? Grab the free 148-page PDF below.

1. Want hands-on labs? Join our CCIE Enterprise course with real Cisco gear and live instructor sessions.
2. Want a career roadmap? Start with the Network Engineer career program. It covers CCNA, CCNP, and BGP in one structured path.