bgp messages explained

BGP Messages Explained: A Beginner-Friendly Guide

by

BGP Messages Explained: A Beginner-Friendly Guide

If you’ve ever wondered “How does the internet know where to send my data?”, the answer is a protocol called BGP (Border Gateway Protocol).

Think of BGP as the GPS system of the internet. It helps your data find the best and most reliable path to its destination. But how does BGP actually work?

The secret lies in BGP messages — these are like the “texts” that routers send to each other to keep everything running smoothly.

In this blog, we’ll break down the four main BGP messages in plain English, with easy examples you can relate to. By the end, you’ll be able to imagine routers as friends chatting with each other!

What is BGP in Simple Terms?

Imagine the internet as a huge network of cities connected by roads.

  • Each city is a network (called an Autonomous System).
  • Your data is like a car that needs to travel from one city to another.
  • BGP is the traffic control system that decides the best road for your car to take.

Without BGP, your data would be lost, stuck in traffic, or go in circles forever.

Why Do BGP Messages Matter?

Routers (the devices that forward your data) need a way to talk to each other. They don’t just guess routes. Instead, they send structured messages to:

  • Start a conversation.
  • Share routes and updates.
  • Check if the other router is still alive.
  • Send error signals if something breaks.

So, if BGP is like a friendship, these messages are the hello, updates, “still here?”, and “oops, goodbye!” that keep the relationship healthy.

Meet the Four Main BGP Message Types

BGP uses four core messages to operate:

  • OPEN
  • UPDATE
  • KEEPALIVE
  • NOTIFICATION

To make this easier to understand, I’ve set up a lab in GNS3. The topology I built looks like this:

image

I configured BGP on R1 and R2, using the AS numbers and IP addresses shown in the image above. Once BGP was successfully established, I captured the message exchanges between the routers in Wireshark. Let’s take a look at those messages.

image

Let’s explore each one interactively!

OPEN Message — Saying Hello

When two routers meet, they first need to introduce themselves.

The OPEN message is that handshake. It shares:

  • Who they are (Autonomous System number).
  • Which BGP version they speak.
  • How long they’ll wait before assuming the other one is dead (hold time).
  • Their ID (like a name tag).

If everything matches, the routers become friends and can start talking.
If not, the session ends right away.

Analogy: Imagine calling someone. You say, “Hi, this is Alex, speaking English. Can we talk for 10 minutes?” If the other person agrees, the chat begins.

In the Wireshark snapshot below, you can see the OPEN message along with the fields it contains.

image

UPDATE Message — Sharing News

Now that they’re friends, routers start exchanging UPDATE messages.

This is where the real action happens. UPDATE messages share:

  • New routes they know about.
  • Old routes that no longer work.
  • Extra details (path info, next hop, etc.) to help choose the best route.

Analogy: It’s like calling your friend and saying:

  • “The main road to City A is open.”
  • “The bridge to City B is closed, don’t go that way.”

This way, both routers keep their maps updated.

In the Wireshark snapshot below, you can see the UPDATE message along with the details of the routes it shares and the attributes it carries.

image

KEEPALIVE Message — Just Checking In

Friendships need maintenance. That’s what KEEPALIVE messages do.

They’re tiny, simple messages that say:
“I’m still here, don’t worry!”

Routers send these regularly to prove they’re still alive and reachable. If a router doesn’t hear from its friend within the Hold Time, it assumes the connection is broken and resets it.

Analogy: Think of it like sending a quick “Hey, you still there?” text while chatting.

In the Wireshark snapshot below, you can see the KEEPALIVE message, which acts like a heartbeat to confirm that the BGP session is still active.

image

NOTIFICATION Message — When Something Goes Wrong

Sometimes things don’t go smoothly. If there’s a problem, routers send a NOTIFICATION message.

This means:

  • Something went wrong (wrong version, error in message, timer expired, etc.).
  • The session will close immediately.

Analogy: It’s like saying: “Oops, bad connection, I’m hanging up. Let’s try later.”

To capture a NOTIFICATION message, I deliberately changed the remote AS number. As a result, the BGP session went down and a NOTIFICATION message was exchanged between the routers. You can see this message in the Wireshark capture below.

image

How BGP Messages Work Together

Let’s picture this like a little role-play between two routers having a chat.

  1. OPEN Message → First, they shake hands and agree on the rules of the conversation.
  2. UPDATE Message → Next, they start exchanging information about which routes are available and which ones are no longer valid.
  3. KEEPALIVE Message → Every so often, they send a quick “still here?” signal to make sure the connection hasn’t dropped.
  4. NOTIFICATION Message → If something breaks, one of them raises a red flag, says “there’s a problem,” and ends the chat so it can be restarted properly.

This cycle repeats nonstop in the background, keeping routes fresh, accurate, and reliable — so your data always knows the best way to travel.

Putting It All Together

Let’s imagine the full conversation between two routers:

  1. OPEN: “Hi, I’m Router A from AS65001. Can we be friends?”
  2. KEEPALIVE: “Hi Router A, yes! I’m alive and ready.”
  3. UPDATE: “Cool! By the way, here are the routes I know. Also, avoid these broken paths.”
  4. KEEPALIVE (again): “Still alive?” → “Yes, me too.”
  5. NOTIFICATION (if needed): “Oops, something went wrong. Bye for now.”

And this cycle keeps going forever, making sure your data always finds the best path across the internet.

The Structure of a BGP Message

Every BGP message starts with a small 19-byte header that says:

  • A marker (for sync/security).
  • How long the message is.
  • What type of message it is (OPEN, UPDATE, etc.).

After that, the actual message details come in.

(If you open Wireshark and capture BGP traffic, you’ll see these clearly!)

Why Should You Care About BGP Messages?

If you’re learning networking or troubleshooting issues, knowing BGP messages helps you:

  • Quickly figure out why a session isn’t forming.
  • Detect if a router went down because KEEPALIVEs stopped.
  • Understand what route updates are being exchanged.
  • Solve problems faster using packet capture tools.

Pro tip: If you ever see “BGP Notification: Hold Timer Expired” in logs, it usually means KEEPALIVE messages were missing.

Final Thoughts

BGP messages may sound technical, but they’re really just four simple conversations:

  • OPEN → Hello, let’s be friends.
  • UPDATE → Here’s the news.
  • KEEPALIVE → I’m still here.
  • NOTIFICATION → Something’s wrong, goodbye.

That’s it! With these four, routers keep the internet stable and your data flowing smoothly.

Leave a Comment