CCNP Enterprise Core (350-401) Cisco Routing

Receiving and Viewing BGP Routes

Three tables are used in BGP for maintaining network prefixes and path attributes.


The Adj-RIB-In contains the Network Layer Reachability Information (NLRIs) in their original form before any inbound routing policies were applied. This table is purged once all route policies have been processed to save memory.


The Loc-RIB contains all the Network Layer Reachability Information data that were generated locally or originated from other BGP peers. Once NLRI have passed the next-hop reachability check and are deemed valid, the BGP algorithm selects the best NLRI. The Loc-RIB table is used when it comes to presenting routes to the routers routing table.


The Adj-RIB-Out table contains network layer reachability information after the route policies have been processed.

Route Processing

Not every route will be injected into the routing table, or advertised out to other peers. BGP performs a process when it comes to route processing:

The route will initially be stored in the Adj-RIB-In table in its original state, and any inbound route policies will be applied if applicable for that neighbour.

Once processing on the Adj-RIB-In table is complete, the route will be moved to the Loc-RIB table with the processing result attached.

If the newly added route in the Loc-RIB table is valid and the next hop address is resolvable in the routers routing information base (RIB), it will be good to be processed further. The process stops here and the route remains in the Loc-RIB if these two checks fail.

Out of all the routes that passed the checks, the best path and its attributes are passed on to the final step.

The best path is installed in the routers RIB/routing table, any outbound routes as a result of this are processed by policy, and non discarded routes are copied into the Adj-RIB-Out table for advertisement to peers.

Displaying Database Contents

To show database contents in BGP, the command show bgp ipv4 unicast can be used. Adding detail to the end of the command will show the entire BGP table will all path attributes.

NetworkList of network prefixes processed by BGP. If multiple NLRIs existed for the same prefix, only the first one is identified and others are blank. The best path is selected with a > and valid paths are displayed with a *
Next HopThe next hop for that specific NLRI
MetricThe MED, multi exit discriminator, for that specific NLRI
LocPrfUsed in BGP best-path algorithm for that specific NLRI
WeightLocally significant Cisco attribute used in BGP best-path algorithm
Path and OriginAS_Path: Used for loop preventation and used in BGP best-path algorithm
Origin: Used in best-path algorithm. i means IGP, e means EGP, and ? means redistributed into BGP.
Colums used in the show bgp command

Running the command show bgp ipv4 unicast will show all the paths for the specific route

The Adj-RIB-Out can be viewed with the command show ip bgp ipv4 unicast neighbour advertised routes to display the contents of the Adj-RIB-Out table for that peer.

CCNP Enterprise Core (350-401) Cisco Routing

BGP Prefix Advertisement

By entering network statements into the BGP configuration, it only identifies specific network prefixes to be advertised into the BGP table (Loc-RIB)

The network statement is under the address family configuration section of the BGP process configuration. A route-map can be used to tailor routes advertised or setting path attributes to neighbours.

The BGP process searches in the local RIB to find a match to any network statement configured. It can be for a connected, or not directly connected network from any routing protocol or statically configured.

If a match is found, it is advertised into the Loc-RIB, and some path attributes are set depending on the prefix type:

  • If the prefix is a connected network, the next-hop BGP attribute is set to, origin attribute is set to IGP (i) and weight set to 32,768.
  • If the prefix is a static or routing protocol network, the next-hop attribute is set to the next-hop IP address in the routing information base, origin set to IGP (i), weight set to 32,768 and the Multi-exit discriminator (MED) is set to the same metric as the IGP.

Every route in the LOC-RIB goes under a validity check, to ensure it is suitable for advertisement to other BGP peers:

  • Verify that the network layer reachability information is correct and the next-hop address is resolvable in the global RIB.
  • Process outbound neighbour route policies. If the route was not denied by outbound route policies, it can be maintined in the Adj-RIB-Out table for later use.
  • Advertise the network reachability information (NLRI) to BGP peers. If the next-hop address is set to, then the next-hop address is changed to the IP address of the source of the BGP session.
CCNP Enterprise Core (350-401) Cisco Routing

Verifying BGP Sessions

To verify the status of a BGP session, the comand show ip bgp summary or show bgp ipv4 unicast summary can show the current status of sessions with neighbours.

The fields in this summary command are defined as follows:

  • Neighbor – The IP address of the peer
  • V – BGP Version used by the peer
  • AS – AS Number of the peer
  • MsgRcvd – Number of messages received from the peer
  • MsgSent – Number of messages sent to the peer
  • TblVer – The last version of the BGP database sent to that peer
  • InQ – Number of messages received to be processed by that peer
  • OutQ – Number of messages sent to be processed that by that peer.
  • Up/Down – The length of time the BGP session has been established for.
  • State/PfxRcd – The current state of the BGP peer or number of prefixes received by that peer

Further information such as session state, timers and more can be showen with the command show bgp ipv4 unicast neighbours

CCNP Enterprise Core (350-401) Cisco Routing

BGP Configuration

To begin, the BGP routing process needs to be initialised on the router with the command router bgp followed by the ASN, for example router bgp 65512

It is essential that a router ID (RID) is configured on the router, either statically or dynamically. The dynamic router ID uses the highest IP address of any online loopback interfaces, if none are available, it uses the highest IP address of any active online other interfaces.

If a static router ID is preferred, it can be configured with the command bgp router-id followed by the RID in an IP address format.

Next is to include the address families that will be used in the BGP process, use the command address-family followed by either ipv4 and ipv6, and whether the protocol will be unicast or multicast

Finally, the configuration can be put into use by specifiying a neighbour, with the command neighbor followed by the neighbours ip address, then the suffix activate

CCNP Enterprise Core (350-401) Cisco Routing

BGP Neighbour States

BGP sessions with neighbours may report one of six states:

  1. Idle
  2. Connect
  3. Active
  4. OpenSent
  5. OpenConfirm
  6. Established


Idle is the first stage in the BGP neighbour state. BGP tries to initiate a TCP connection to the BGP peer and also listens for any incoming connections.

If an error causes the BGP session to go the idle state, it must wait until the ConenctRetryTimer reaches zero from 60 seconds. If repeated failures occur it can cause the ConnectRetry to double in size from the previous timer.


In the Connect state, BGP is initiating the TCP connection to the neighbour. If the TCP three way handshake completes, the session resets the ConnectRetryTimer and sends an Open message to the neighbour before changing to the OpenSent state.

If a ConnectRetryTimer reaches zero before the Connect stage completes, a new TCP connection is attempted, the ConnectRetryTimer is reset and the state is moved to Active. If any other input is received, the state is changed to Idle.

In this stage, it is the router with the higher IP address that manages the connection. The router initiating the request will use destination port 179, but a randomised source port.


In this state, the BGP process starts a new three way TCP handshake. If a connection establishes an Open message to sent with a holder timer set to four minutes, and the overal state moves to OpenSent. If the TCP connection attempts the session moves back to the Connect state with a reset ConnectRetryTimer.


In the OpenSent state, an Open message had been sent from the source router which is awaiting a response from the destination router.

When an Open message is sent back to the original router, several examinations are made:

  • The BGP versions must match
  • The source IP address of the OPEN message must match the IP address that is configured for the neighbour
  • The AS number in the OPEN message must be be identical to what is configured in the router
  • BGP identifiers, or router IDs, must be unique.
  • Security parameters such as password and TTL must be set.

If the OPEN message does not contain any issues, a hold time is negioated using the lower value between the two routers, with a KEEPALIVE being sent if the value is higher than zero.

The connection state is then moved to OpenConfirm. If an error is found, a NOTIFICATION is sent and the state is moved back to Idle.


In this state, BGP is awaiting a KEEPALIVE or NOTIFICATION message. If a KEEPALIVE message is received, the BGP state moves to Established. If a NOTIFICATION message is received, the state moves to Idle.


In the established state, it essentially means the BGP session has established. BGP neighbours will exchange routes using UPDATE messages. As UPDATE and KEEPALIVE messages are exchanged, the hold timer gets reset. If the hold timer expires, or an error is detected, the session moves back to an Idle state.

CCNP Enterprise Core (350-401) Cisco Routing

BGP Packet Types

TypeNameFunctional Overview
1OPENSets up the BGP adjacency
2UPDATEAdvertises, updates or removes routes
3NOTIFICATIONIndicates an error to a BGP neighbour
4KEEPALIVEEnsures that the BGP neighbours are still reachable
Summary table of BGP Packet Types


This message is used to establish and set up the BGP adjacency. Each side of the connection will negotiate capabilities before a peering is established. The message will contain information such as the BGP version number, ASN of the originating router, hold time, BGP identifier and other parameters.

One parameter is the hold time, which sets the hold time in seconds for each BGP neighbour. The first couple of OPEN messages sent by the router have a smaller hold time value, which then increases to the default value of 180 seconds on Cisco routers. When an UPDATE or KEEPALIVE message is received the hold timer gets reset. If the hold timer reaches zero the session is removed, and an UPDATE message is sent to other BGP neighbours.

OPEN messages are attached with a BGP router ID (RID) which is a unique 32-bit number identifying the router that is sending the BGP messages that can be set statically or dynamically. It can also be used in addition to AS_PATH as a route loop prevention method.


These messages are exchanged every third of the hold time set on the session between the two routers. With a default hold time of 180 seconds on a Cisco router, BGP KEEPALIVE packets are sent every 60 seconds. BGP does not rely on the TCP connection state to ensure a BGP session remains online.


The UPDATE message advertises any feasible routers, or can withdraw any previously advertised routes. The message also contaisn network layer reachability information, or NLRI, including the prefix and any associated BGP policy accounting. An UPDATE message can act as a keepalive to reduce unnecessary traffic.


A NOTIFICATION message is sent when a error is detected with the BGP session, such as a hold timer expiring, capabilities with the neighbour changing or a BGP session reset being requested. Any of these notifications will cause the connection to close.

CCNP Enterprise Core (350-401) Cisco Routing

BGP Session Types

There are two types of BGP Sessions, the configuration is similar expect eBGPs a unique AS in the remote-as suffix

Internal BGP (iBGP)

Sessions that established within the same AS are classified as internal BGP sessions. The administrative distance assigned upon placement in the routers table is 200. The TTL on packets from iBGP routers are set to 255.

iBGP can be implemented where transit connectivity is required through between two AS networks. By implementing a full mesh iBGP network, problems such as scalability can be prevented. If an internal routing protocol is used such as EIGRP or OSPF, problems may occur due to high amount of routes required to be injected into the routing protocols databases.

iBGP will allow preservation of path attributes too, and custom routing for values other than metric can be used to determine where traffic should go.

External BGP (eBGP)

Sessions that established outside of the AS of the originating router are classified as External BGP (eBGP) sessions. When assigned into the routing table, prefixes are marked with an administrative distance of 20.

The time to live on eBGP packets are set to one by default. This means that packets drop in transit if they need to reach another router via a hop.

Each advertising hop updates the next-hop address to the IP address sourcing the eBGP connection, and the advertisers ASN is added to the AS_Path attribute. This helps prevent any network loops in BGP, as if the AS_Patch is detected, it will discard the packet.

CCNP Enterprise Core (350-401) Cisco Routing

BGP Inter Router Communication

To communicate with other BGP routers, BGP unlike other routing protocols does not use hello packets or discover neighbours dynamically.

BGP was designed to not support neighbours changing frequently, and configuration to bring up sessions between routers to be co-ordinated by their network administrators.

To communicate with other routers, BGP uses TCP port 179 to communicate with other routers. TCP helps in connections where fragmentation could occur, as well as providing sequencing and reliability of transferred network packets. Modern implementations of BGP set the do not fragment flag on their packets, and utilise path mtu discovery to avoid fragmentation.

BGP can go beyond a single hop, different to other router protocols, with the use of TCP to cross network segments to reach other routers. This is not to say that BGP can not form relationships with directly connected routers, it can. Where directly connected BGP routers exist, the ARP table is used to reach the neighbour. For multi hop sessions it is essential that an underlying route is in place in the routing table for the remote router to be reachable, as the router uses the routing information base to reach remote devices.

A session in BGP is the established adjacency between two BGP routers.

CCNP Enterprise Core (350-401) Cisco Routing

BGP Address Families

BGP was originally intended just for IPv4 support. Multi Protocol BGP, or MP-BGP, was introduced in RFC 2858 with an extension called the address family identifier.

The address family identifier allows multiple specific network protocols in BGP to be supported, such as IPv4 and IPv6. Each address family maintains its own database and configuration information in the router. This permits different routing policies whilst maintaining the same BGP session with other routers.

Further granularity can be added with the use of subsequent family identifiers in these protocols to support additional protocols such as multicast.

Multiprotocol BGP seperates the protocols via the use of path attributes MP_REACH_NLRI and MP_UNREACH_NLRI. They are carried inside BGP update messages and contain information of network reachability of different address families.

CCNP Enterprise Core (350-401) Cisco Routing

BGP Loop Prevention

As BGP is a path vector routing protocol, it does not keep a complete map of the network topology.

BGP behaves like a distance vector protocol in ensuring that paths are loop free.

The well-known mandatory attribute, AS_PATH, includes a complete list of all the ASNs that the prefix advertisement has transmitted through up to that point. If a BGP router recieves an advertisement which contains its own ASN in the AS_PATH attribute, it will discard the routing advertisement due to the router thinking that the packet has already traversed through its network.