BGP Packets

BGP uses a variety of messages for establishing the connection, exchanging routing information, checking if the remote BGP neighbor is still there and/or notifying the remote side if any errors occur.

Type Name Description
1 OPEN After a TCP connection is Established, initiates and sets up BGP adjacency.
2 UPDATE Advertises, updates, or withdraws routes.
3 NOTIFICATION Indicates an error condition to a BGP neighbor.
4 KEEPALIVE Ensures that BGP neighbors are still alive.

OPEN Message

Once two BGP routers have completed a TCP 3-way handshake they will attempt to establish a BGP session, this is done using OPEN message.

In the OPEN message you will find some information about the BGP router, these have to be negotiated and accepted by both routers before they can exchange any routing information.

The OPEN message contains:

  • The BGP Version
  • ASN
  • Hold Time
  • BGP Identifier
  • Optional Parameters
BGP Open Message


The current version of BGP is version 4.


  • AS number of the BGP router.
  • The router need to agree on the AS number.
  • It also defines if it’s iBGP or eBGP session.

Hold Time

  • The Hold Time is a heartbeat mechanism for BGP neighbors to ensure that the neighbor is healthy and alive.
  • If the Hold Timer reaches zero, the BGP session is torn down, routes from that neighbor are removed, and an appropriate update route withdrawal message is sent to other BGP neighbors for the impacted prefixes.
  • Upon receipt of an UPDATE or KEEPALIVE, the Hold Timer resets to the initial value.
  • For Cisco routers the default hold timer is 180 seconds.

BGP Identifier

  • A 32-bit unique number that identifies the BGP router.
  • The RID can be used as a loop prevention mechanism for routers advertised within an AS.
  • The RID can be set manually or dynamically.
  • Highest IP address on a loopback interface / Highest IP address on a physical interface.
  • Setting a static BGP RID is a best practice. 

Optional Parameters

This field has been added so that new features could be added to BGP without having to create a new version.

  • Route Refresh
  • MP-BGP
  • 4-octet AS

UPDATE Message

Once two routers have become BGP neighbors, they can start exchanging routing information. This is done with the UPDATE message.

  • The UPDATE message includes the Network Layer Reachability Information (NLRI) that includes the prefix/prefix-length and associated BGP PAs when advertising prefixes.
  • Withdrawn NLRIs include only the NLRI.
  • An UPDATE message can act as a Keepalive to reduce unnecessary traffic.
Update Message - NLRI
Update Message - Withdrawn Routes


A Notification message is sent when an error is detected with the BGP session, such as a hold timer expiring, neighbor capabilities change, or a BGP session reset is requested. This causes the BGP connection to close.

The TCP session will be cleared, all entries from this BGP neighbor will be removed from the BGP table and UPDATE messages with route withdrawals will be sent to other BGP neighbors.

  • Unsupported version number
  • Bad peer AS
  • Bad BGP identifier
  • Unsupported optional parameter
  • Unacceptable hold time
Notification Message


To make sure the remote side is UP we use these periodic KEEPALIVE messages every 60 seconds.

  • BGP does not rely on the TCP connection state to ensure that the neighbors are still alive.
  • Cisco devices have a default Hold Time of 180 seconds, so the default Keepalive interval is 60 seconds.
  • If the Hold Time is set for zero, no Keepalive messages are sent between the BGP neighbors.
Keepalive Message
Tags: ,

Leave a Reply

Related Post

BGP FundamentalsBGP Fundamentals

BGP A router’s primary function is to move packets from one network to a different network. A router learns about unattached networks through static configuration or through dynamic routing protocols