Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A TCP session between two BGP routers that exchanges routing prefixes between autonomous systems, the foundation of internet path selection.
BGP Peering Definition: A TCP session between two BGP routers that exchanges routing prefixes between autonomous systems, the foundation of internet path selection.
BGP peering is the establishment of a session between two Border Gateway Protocol routers so they can exchange routing information between autonomous systems (AS). Running over TCP port 179, the peering forms either an internal (iBGP) session within one AS or an external (eBGP) session between different AS, and it underpins how traffic finds paths across the internet.
A peering begins with a TCP connection followed by BGP OPEN messages in which routers agree on parameters and AS numbers; the session progresses through states up to Established. Peers then exchange UPDATE messages advertising reachable prefixes with attributes such as AS_PATH, NEXT_HOP, LOCAL_PREF, and MED, and send periodic KEEPALIVEs. eBGP peering connects organizations and ISPs directly or across an Internet Exchange Point, while iBGP distributes externally learned routes inside an AS. Routers choose best paths from advertised attributes.
This matters because BGP has little inherent trust, so peering security is critical to internet integrity. A misconfigured or malicious peer can announce prefixes it doesn't own, causing route hijacks or accidental leaks that blackhole or reroute traffic, as seen in real outages affecting major services. Protections include TCP-AO or MD5 authentication on the session, prefix filtering and maximum-prefix limits, RPKI route origin validation, and the GTSM TTL-security mechanism to defeat spoofed BGP packets.
For example, a regional ISP sets up an eBGP peering with a content provider at an IXP. They configure the neighbor's IP and AS number, apply an inbound prefix filter that accepts only the provider's RPKI-valid prefixes, set a maximum-prefix limit to tear down the session if the peer suddenly floods routes, and enable session authentication, so a leaked or hijacked announcement from the peer is rejected rather than propagated.
BGP Peering is one of the topics you'll master in the CCNA Boot Camp.
CCNA Boot Camp →