BGP (Border Gateway Protocol)

Border Gateway Protocol (BGP) is a routing protocol, that works on an application level. BGP chooses the most efficient routes to deliver Internet traffic.

Contents:

How BGP works

BGP can be called an Internet delivery service. When you send something to someone, the fastest and most efficient route is chosen to send your parcel. BGP works in a very similar way, when someone sends data over the Internet, BGP checks all the available paths that the data can travel and chooses the best route. For example, when a user in Cork loads a website with source servers somewhere in Texas, BGP provides the fastest and most efficient interaction.

Read also: BGP’s Role in DDoS Mitigation.

BGP neighbors

BGP neighbors are peer-to-peer nodes that are manually installed between routers. To maintain the BGP connection, the speaker sends keepalive messages every 60 seconds. The main difference between BGP and other routing protocols is that it uses TCP as the transport protocol.

There are two types of BGP: internal or iBGP and external eBGP. It is called internal when it works in one autonomous system (AS), and external when it works in different autonomous systems.

iBGP and eBGP also differ in how routes received from one neighbor propagate to other neighbors. For example, new routes received from eBGP are usually redistributed between all iBGP nodes and all other eBGP neighbors. However, if new routes are advertised on an iBGP peer, they are only re-advertised to all BGP peers. This means that all iBGP neighbors must be connected to the same network.

BGP message format

A header and a data part are two essential parts of a BGP message. BGP is triggered by sending the four message types: open, update, notification and keepalive. The header format is the same for all types. Messages are transferred based on TCP (port 179). The length can be from 19 to 4096 octets. The header of each BGP message consists of three fields and is 19 octets.

BGP message types

BGP starts its work with four message types:

  1. OPEN – sets and configures BGP adjacency.
    The OPEN message is used to set the BGP adjacency. Both parties agree on the session probabilities before the peering is set up. The OPEN message contains the BGP version number, the ASN of the source router, the hold time, the BGP ID, and other additional parameters that determine the session capabilities.
  2. UPDATE – announces, updates, or cancels routes.
    The UPDATE message declares any possible routes, cancels previously declared routes, or can do both. The UPDATE message includes Network Layer Reachability Information (NLRI) that combines the prefix and its associated BGP PA when announcing prefixes. The withdrawn NLRIs include only the prefix. The UPDATE message can act to reduce irrelevant traffic.
  3. NOTIFICATION – indicates the error status to the BGP neighbor.
    A NOTIFICATION message is sent when an error is detected in a BGP session, such as a hold timer expiration, a change in neighbor capabilities, or a request to reset the BGP session. This message closes the BGP connection.
  4. KEEPALIVE – ensures the serviceability of BGP neighbors.
    BGP does not rely on the state of the TCP connection to ensure that the neighbors are still working. KEEPALIVE messages are returned every third of the hold timer agreed between the two BGP routers. If the hold time is set to zero, Keepalive messages between BGP neighbors are not sent.

BGP neighbor states

BGP forms a TCP session with neighboring routers, known as local peers. BGP uses a Finite State Machine (FSM) to maintain a table of all BGP peers and their serviceability status. A BGP session can report the following states:

  • Idle: This is the first stage of BGP FSM.
    BGP detects the start event, attempts to initiate a TCP connection to the peer, and waits for a new connection from the peer router.
  • Connect: In this state, BGP starts a TCP connection.
    If the three-way TCP confirmation is successful, the set BGP session process resets the ConnectRetryTimer and sends an OPEN message to the neighbor, and then switches to the OpenSent state.
  • Active: In this state, BGP starts a new three-way TCP confirmation.
    If the connection is set, then an OPEN message is sent and the timer is set to 4 minutes, and the state switches to OpenSent. If a further TCP connection attempts fail, the state returns to the CONNECT state and resets the ConnectRetryTimer.
  • OpenSent: In this state, the source router sends an OPEN message and is waiting for an OPEN message from the other router.
    After the source router receives the OPEN message from the other router both messages are verified for errors.
  • OpenConfirm: In this state, BGP expects a KEEPALIVE or NOTIFICATION message.
    After receiving the KEEPALIVE message from a neighbor, the state changes to Established. If the hold timer expires, a stop event occurs or a NOTIFICATION message is received, and BGP switches to the IDLE state.
  • Established: In this state, the BGP session is established.
    BGP neighbors exchange routes via UPDATE messages. When the UPDATE and KEEPALIVE messages are received, the hold timer is reset. If the hold timer expires, an error is detected, and BGP puts the neighbor back in the IDLE state.

Explore StormWall’s service: Network Protection from DDoS Attacks Using BGP.