Internal BGP (Border Gateway Protocol) explained

Thank you


1 Like

I’m just curios if my assumption is correct.

I have two simple router interconnected and has a loopbacks for their iBGP peering set it as an update-source loopback to be able to establish well the peering. With an underlay static routes /32 to each other with an AD of 220

R1 - LO-0
R2 - LO-0

Now. iBGP peering is already established, Then I advertised their local loopback’s IP’s /32 in iBGP via network command and already present in the BGP table as * valid , and > best

Now. My question is. In RIB - Why static route is still the best path given the AD of static was set 220? and the AD of iBGP is 200.

My assumption is - Since it was used as an underlay connectivity. Static will win here? As the BGP runs on top of static routes. Since BGP is an application/overlay layer? not really a L3 protocol.

Thanks in advance! Let me know if I’m making sense here.

Hello Adrian

Your assumption is correct. An iBGP peering can only be established if routing exists between the BGP source interfaces on each router. That routing cannot be established using a method other than the iBGP peering that has been created. It’s kind of like a chicken and egg problem. You can’t use the BGP-learned routes to establish a BGP peering.

I hope this has been helpful!


Hi Renee,
Regarding the reasoning of running iBGP within an ASN - amount of routes on the internet routing table.

This reasoning may not be valid within certain data center networks these days, ie, where eBGP and multiple ASNs are used for things like SDN.

Let’s take NSX for example, it is recommended to run eBGP between the NSX environment and the physical network / ToRs, and iBGP between the physical fabric. In this case, the internal data center or even cross DC links will not have the internet routing table. Would another valid reason to use iBGP in this case be; with redistribution into another protocol, all the path attributes are also removed.

Therefore, when reditributing back into eBGP / BGP, rather than having full path data, we would have a ‘?’ ?.

Hopefully this makes sense.

Hello Shashank

Typically, the reasoning behind using BGP within an AS is indeed due to the fact that BGP is scalable and can handle many more routes than an IGP. But this is not the only reason. In addition, BGP is much more powerful in enforcing boundaries of trust and control. BGP has many more ways of filtering peers, and what networks are being advertised and received. BGP also has much more flexible data structures such as BGP communities, extended communities, local-pref, and others. These make BGP a versatile way to implement custom routing policies within an AS.

These are features that are useful in many environments, including NSX, as well as for SDN.

Yes, this is just one of the ways that BGP is very customizable in what is advertised and how it is advertised. You have many tools at your disposal to decide what attributes need modification when sharing routes etc…

I hope this has been helpful!


Hi rene,
Thanks for the lesson it was awesome, but I honestly don’t understand this image

If R1 advertise a prefix to R2, this will avoid this prefix because R2 see its own AS on the AS_PATH attribute.
Pls I need help, Its very difficult to me to understand if there is no a why?, so my next question is why do we need a Full-Mesh Topology?, I understand that point that SPLIT HORIZON is to avoid Loops within an AS, but this not imply to have a FULL MESH TOPOLOGY, or is just the rule of the BGP PROTOCOL.

Hello Michael

I understand your confusion, let me try to explain further.

The AS_PATH attribute is used only for eBGP. In this particular case, all three routers are in AS123, so their peerings are iBGP. By definition BGP peers in the same AS are iBGP peers.

Thus, the AS_PATH attribute will not help us in avoiding a routing loop here. That will only help us in a situation similar to this one:

For example, if the router in AS4 receives a BGP update that includes AS 4 in the AS_PATH, it rejects that update because it creates a loop.

Thus, there must be a different mechanism that must be employed here within a single AS to avoid loops. That mechanism is the split horizon rule.

The diagram you shared in your post simply says that when R2 receives an advertisement from R1, R2 should not re-advertise that route to other iBGP peers. (the AS_PATH attribute plays no role in this).

A full mesh topology is necessary for iBGP within a single AS exactly because of the split horizon rule. Every iBGP router must learn about the routes that every other iBGP router shares directly from each router itself.

That means that R2 must learn about R1’s routes directly from R1. And R3 must learn about R1’s routes directly from R1. If both routers don’t have iBGP peerings with all other routers, some routes will not be fully advertised to all iBGP routers in the AS. Does that make sense?

I hope this has been helpful!


1 Like

mmm, you mean that every iBGP router will learn prefixes that were originated just from directly connected routers?,
The others prefixes will no advertised, unless there is iBGP session between the source and the destination.

Hello Michael

Yes, that is correct, but remember, iBGP peerings can take place between routers that are not directly connected. It’s not like EIGRP or OSPF where neighbors must be physically directly connected.

Imagine you have an AS with eight routers like so:

You can see that they’re not all directly connected. Even so, for iBGP to function correctly, there must be an iBGP peering between each and every router in the AS. That’s the definition of full mesh iBGP peerings within an AS.

iBGP is able to create peerings between routers that are not directly connected. This is why in order for iBGP to operate within an AS, all routers must be reachable. In other words, an IGP (or static routing) must be employed within the AS so that all routers can reach each other to create this full mesh iBGP peering.

For more info, take a look at this Networklessons Note on iBGP full mesh peering.

I hope this has been helpful!


1 Like

Hi Rene, congrats for this amazing content
I appreciate if you could explain why wee need a full mesh when we are using IBPG, I have seen iBGP scenarios when only there is a single point to point iBP peering session,
Thanks in advance

Hello Josue

Take a look at this NetworkLessons note on the topic of a full mesh iBGP peering within an AS.

If you have any further questions, let us know!

I hope this has been helpful!



I am curious about the advertisement process. When R3 at the stage only runs OSPF, R4 already learned the advertised route via ibgp neighbor R2. So how does R2 deliver this advertised route to R4 via R3, especially how does R3 process this advertised route when it only runs OSPF?

Hello Tracy

In the specific scenario, R3 does not participate in BGP. It does, however, participate in OSPF. This means that it is only via R3 that R2 and R4 can communicate with each other. This connectivity is achieved via OSPF. So, when R2 sends a BGP update to R4, the next hop IP of the message is that of R4. R3 will simply forward that packet like it would any other packet on the network.

So to answer your question, R3 doesn’t process the advertised route at all! Indeed, R3 knows nothing about the routes found behind R1 in AS1 and behind R5 in AS5.

Take a look at this NetworkLessons note on why we need an IGP for iBGP to work for more information.

I hope this has been helpful!



I’m seeing some unexpected behavior with regard to peering using loopbacks.

From the labs I’ve been doing it seems that you can still establish an adjacency using loopbacks even if only one side has update-source loopback configured. For example:


If you have R1 configured to use a Lo0 as the update source but not on R2, but you are trying to peer using loopbacks, the following seems to happen (on packet captures):

R2 tries to peer with R1 using Gi0/1 as its source IP and R1’s Lo0 as its destination, the result is a TCP RST back from R1 - which makes sense, because it does have R2’s Gi0/1 IP configured as a neighbor.

However, when R1 tries to peer with R2 - and uses its Lo0 as its source and R2’s Lo0 as the destination - R2 replies (instead of also sending an RST) with Lo0 and not Gi0/1, and an adjacency continues to form.

I’m using OSPF for loopback reachability.

So it seems that BGP port 179 is listening on all IP addresses on the router, not just the update source. Is that correct?



Hello Samir

It’s an interesting situation! The truth is that a BGP session takes place in both directions. If the configuration is correct for one direction to be established, as is the case for your R1, you will see from R1’s perspective that the session is established. From R2’s perspective, it is not.

Yes, that is correct. Update source will tell a router from which interface it should send BGP messages, it does not affect which interfaces a BGP router will accept BGP messages.

I hope this has been helpful!


1 Like

in what context should iBGP be deployed, because it’s a bit complex.?

Hello Charles

Take a look at this NetworkLessons note on the topic of internal vs external BGP to get an idea of the differences and when/where to deploy each. For additional information, take a look at these notes about iBGP and eBGP.

BGP in general should be deployed only for large-scale networks, where it makes sense to separate the network into autonomous systems. Typically you will find that ISPs deploy BGP to route within their networks, and to route traffic between their networks and neighboring ISP networks. You may also deploy BGP on the edge of your network if you are advertising public IP addresses to allow users on the Internet to have access to your internal services (like web servers, email servers or others…) More about this can be found at the following lesson.

I hope this has been helpful!


Hello David

eBGP is used by BGP routers that exchange routes between ASes, while iBGP is used to exchange routes within ASes. The protocol is the same, but the “i” and the “e” are simply used to denote that the exchange of routes is taking place between BGP routers within the same AS or between different ASes respectively.

So if the edge network of your company uses BGP with an AS of 100, and it peers with the ISP’s BGP router in AS 200, then eBGP will be used to exchange that information. Now the ISP’s BGP router in turn will share its routes with other BGP peers within AS 200. So yes, in this case, it would use iBGP to further advertise the company’s BGP routes on the Internet. When those routes are advertised beyond the AS of the ISP with other ASes, then eBGP will be used. Does that make sense?

I hope this has been helpful!



It makes perfect sense, thank you. I have one more question. In the iBGP section, it was mentioned that we use IBGP on our routers in our transit AS. Question is, if we are already running iBGP, why should we also run an IGP like OSPF?

I understand that this would be to provide connectivity between the routers within the AS, but couldn’t we use just purely iBGP for that?

Thank you in advance!


Hello David

This is a good question and one that often comes up. It is one of the things that I had been most confused about when learning BGP.

Take a look at this NetworkLessons note on why we need an IGP for BGP to work.

Can you use only BGP within an AS for routing? Yes you can, however, it is less than ideal. This is because of BGP is not well suited for such implementations due to its slower convergence times. IGPs are designed to be used within ASes and that’s why it’s recommended. Does that make sense?

I hope this has been helpful!


1 Like