BGP Header Format
Understanding BGP Messages
All BGP messages share a common header format. Understanding this header is essential for packet analysis and troubleshooting.
BGP Message Structure
Every BGP message consists of a fixed-length header followed by a message-specific body. The header provides essential information about the message type, length, and validation.
BGP Header Format
| Field | Length (bytes) | Description | Values |
|---|---|---|---|
| Marker | 16 | Synchronization and authentication | All 1s (0xFF) for unauthenticated |
| Length | 2 | Total message length including header | 19-4096 bytes |
| Type | 1 | Message type identifier | 1-5 (Open, Update, Notification, Keepalive, Route Refresh) |
Header Visualization
BGP Header (19 bytes)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ +
| Marker |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Message Types Overview
OPEN Message
Initiates BGP session establishment. Contains BGP version, AS number, hold time, and capabilities.
When sent: Session establishment
Size: Variable (minimum 29 bytes)
UPDATE Message
Advertises or withdraws routes. Contains path attributes and Network Layer Reachability Information (NLRI).
When sent: Route changes
Size: Variable (minimum 23 bytes)
KEEPALIVE Message
Maintains BGP session. Contains only the BGP header with no additional data.
When sent: Periodically (default 60s)
Size: 19 bytes (header only)
NOTIFICATION Message
Reports errors and closes BGP session. Contains error code and subcode.
When sent: Error conditions
Size: Variable (minimum 21 bytes)
BGP Open Messages
Session Establishment
BGP Open messages are the first messages exchanged between BGP speakers to establish a session. They contain essential parameters for session negotiation.
Open Message Purpose
The Open message serves several critical functions in BGP session establishment:
Identity Exchange
Routers exchange their BGP identifier (router ID) and AS number to establish identity.
Parameter Negotiation
Session parameters like hold time and capabilities are negotiated between peers.
Open Message Format
Open Message Structure
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | My AS | Hold Time |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| BGP Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Opt Parm Len | |
+-+-+-+-+-+-+-+-+ Optional Parameters |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Open Message Fields
| Field | Length | Description | Values |
|---|---|---|---|
| Version | 1 byte | BGP protocol version | 4 (BGP-4) |
| My AS | 2 bytes | Sender's AS number | 1-65535 (16-bit) or extended in capabilities |
| Hold Time | 2 bytes | Proposed hold time in seconds | 0 or 3-65535 (0 = no keepalives) |
| BGP Identifier | 4 bytes | BGP router ID | IPv4 address format |
| Opt Parm Len | 1 byte | Optional parameters length | 0-255 |
| Optional Parameters | Variable | Capabilities and extensions | TLV format |
Configuration Examples
Basic BGP Configuration
# Configure BGP router ID
router bgp 65001
bgp router-id 1.1.1.1
# Configure neighbor with specific parameters
neighbor 192.168.1.2 remote-as 65002
neighbor 192.168.1.2 description "eBGP peer"
neighbor 192.168.1.2 timers 60 180BGP Update Messages
The Heart of BGP
Update messages carry the actual routing information in BGP. They can advertise new routes, withdraw existing routes, or modify route attributes.
Update Message Purpose
Update messages are used to:
Route Advertisement
Advertise new routes with associated path attributes to BGP peers.
Route Withdrawal
Withdraw previously advertised routes when they are no longer reachable.
Update Message Format
Update Message Structure
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Unfeasible Routes Length (2 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Withdrawn Routes (variable) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Total Path Attribute Length (2 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Path Attributes (variable) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Network Layer Reachability Information |
| (variable) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Path Attributes
Path attributes provide detailed information about routes:
Common Path Attributes
| Code | Attribute | Type | Description |
|---|---|---|---|
| 1 | ORIGIN | Well-known Mandatory | Route origin (IGP, EGP, Incomplete) |
| 2 | AS_PATH | Well-known Mandatory | AS path information |
| 3 | NEXT_HOP | Well-known Mandatory | Next hop IP address |
| 4 | MULTI_EXIT_DISC | Optional Non-transitive | Multi-exit discriminator (MED) |
| 5 | LOCAL_PREF | Well-known Discretionary | Local preference value |
| 8 | COMMUNITY | Optional Transitive | Community values |
BGP Keepalive Messages
Session Maintenance
Keepalive messages are the simplest BGP messages, used to maintain sessions and confirm that peers are still reachable.
Keepalive Message Purpose
Keepalive messages serve several critical functions:
Session Maintenance
Inform peers that the BGP speaker is still alive and the session should remain active.
Timer Reset
Reset the hold timer on the receiving peer, preventing session timeout.
Keepalive Message Format
Keepalive messages are the simplest BGP messages, consisting only of the BGP header:
Keepalive Message Structure
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ +
| Marker |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length = 19 | Type = 4 (KEEPALIVE) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Keepalive Timing
Keepalive messages are governed by two key timers:
Purpose: Determines when to send keepalive messages
Default: 60 seconds
Calculation: Hold time รท 3
Range: 1 - 21845 seconds
Behavior: Automatic transmission
Purpose: Determines when session times out
Default: 180 seconds
Reset: On any BGP message receipt
Range: 0 or 3 - 65535 seconds
Behavior: Session reset on expiry
Timer Configuration
Keepalive Timer Configuration
# Default timers (keepalive 60, hold 180)
router bgp 65001
neighbor 192.168.1.2 remote-as 65002
# Custom timers (keepalive 30, hold 90)
router bgp 65001
neighbor 192.168.1.2 remote-as 65002
neighbor 192.168.1.2 timers 30 90
# Disable keepalives (hold time 0)
router bgp 65001
neighbor 192.168.1.2 remote-as 65002
neighbor 192.168.1.2 timers 0 0BGP Notification Messages
Error Reporting and Session Termination
Notification messages are sent when BGP detects an error condition. They provide detailed error information and always result in session termination.
Notification Message Purpose
Notification messages serve several critical functions:
Error Reporting
Report specific error conditions that prevent normal BGP operation.
Session Termination
Gracefully terminate BGP sessions when errors are detected.
Notification Message Format
Notification Message Structure
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Code | Error Sub. | Data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data (variable) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
BGP Error Codes
| Code | Error Type | Description | Common Causes |
|---|---|---|---|
| 1 | Message Header Error | Problems with BGP header | Corrupted messages, sync issues |
| 2 | OPEN Message Error | Problems with Open message | Version mismatch, bad AS number |
| 3 | UPDATE Message Error | Problems with Update message | Malformed attributes, invalid NLRI |
| 4 | Hold Timer Expired | Hold timer expiry | Keepalive failure, network issues |
| 5 | Finite State Machine Error | Unexpected event in current state | Protocol violations, software bugs |
| 6 | Cease | Session termination | Administrative shutdown, resource limits |
Troubleshooting Notifications
Notification Troubleshooting
# Check last reset reason
show ip bgp neighbor 192.168.1.2 | include Last reset
# View detailed neighbor information
show ip bgp neighbor 192.168.1.2
# Monitor BGP events
show ip bgp events
# Debug BGP notifications
debug ip bgp events