port 179 BGP exploit

BGP Port 179 exploit Metasploit


Border gateway protocol


BGP Port 179 Exploit Metasploit

Border Gateway Protocol (BGP) is a gateway protocol that enables the Internet to exchange routing information between autonomous systems (AS). This is accomplished through peering, and BGP uses TCP port 179 to communicate with other routers, known as BGP peers. Without it, networks would not be able to send and receive information with each other.

However, peering requires open ports to send and receive BGP updates that can be exploited. BGP port 179 exploit can be used with Metasploit, often referred to as port 179 BGP exploit Metasploit. Metasploit is a tool that can probe BGP to determine if there is a port 179 BGP exploit.

In the world of computer networking, Border Gateway Protocol (BGP) plays a crucial role in facilitating the exchange of routing information between different autonomous systems (ASes). At the heart of BGP lies port 179, which serves as the communication channel for BGP peers. In this blog post, we will dive into the significance of BGP port 179, exploring its functionality, its role in establishing BGP connections, and its importance in global routing.


Highlights: BGP Port 179 

  • BGP and internal routing protocols

Traditionally, BGP learns the prefixes to advertise from another routing protocol, usually Open Shortest Path First (OSPF), Intermediate System-to-Intermediate System (IS-IS), or Enhanced Interior Gateway Routing Protocol (EIGRP). In addition, internal routing protocols control routing within an organization. However, BGP can be used internally in the data center. It is more common to have BGP peerings work at the Internet edge, the network infrastructure that serves traffic to the Internet.

  • BGP at the Internet Edge

The Internet edge shares itself among other functional blocks known as Places-in-the-network ( PINs ), such as data centers, campuses, and remote branches. BGP’s WAN SDN edge includes several infrastructure components: Service provider edge (SP), demilitarized zone (DMZ), remote access, and edge Distribution.

  • Security Considerations

Despite its significance, BGP is susceptible to several security vulnerabilities. This section will explore the most common threats: route hijacking, route leaks, and distributed denial-of-service (DDoS) attacks. Network administrators can better prepare to mitigate potential risks by understanding these vulnerabilities.

BGP port 179 plays a significant role in securing BGP sessions. BGP routers implement various mechanisms to ensure the authenticity and integrity of the exchanged information. One such mechanism is TCP MD5 signatures, which provide a simple yet effective way to authenticate BGP peers. By enabling TCP MD5 signatures, routers can verify the source of BGP messages and prevent unauthorized entities from injecting false routing information into the network.

Related: Before you proceed, you may find the following posts helpful:

  1. IP Forwarding
  2. BGP SDN
  3. Redundant Links
  4. IPv6 Host Exposure
  5. Forwarding Routing Protocols
  6. Cisco DMVPN
  7. Dead Peer Detection


BGP Port 179 exploit Metasploit

Key BGP Security Discussion Points:

  • BGP requires open ports. BGP uses TCP port 179.

  • Metasploit can probe BGP neighbours.

  • Lack of a secure BGP control plane.

  • Bogus routing information or peers.

  • DoS BGP with SYN floods.

  • BGP TTL security check.


  • A key point – Video 1: Discussion on BGP operating over port 179

The following whiteboard sessions will discuss how BGP has evolved to be used for internet-connected sites and internal to the data center. First, we will address the basics of BGP operating over port 179 and compare EBGP and IBGP.

We will also discuss routing protocol, a set of predefined rules used by the routers that interconnect your network to maintain the communication between the source and the destination. These routing protocols help to find the routes between two nodes on the computer network.



Recap on the basics of Port 179

BGP Port 179: The Communication Channel

Port 179 is the well-known port for BGP communication, acting as the gateway for BGP messages to flow between BGP routers. BGP, a complex protocol, requires a reliable and dedicated port to establish connections and exchange routing information. By utilizing port 179, BGP ensures its communication is secure and efficient, enabling routers to establish and maintain BGP sessions effectively.

Establishing BGP Connections

When two BGP routers wish to connect, they initiate a TCP connection on port 179. This connection allows the routers to exchange BGP update messages containing routing information such as network prefixes, path attributes, and policies. Routers build a comprehensive view of the network’s topology by exchanging these updates and making informed decisions on route traffic.

Lab guide on BGP Port 179

In the following lab guide on port 179, we have two BGP peers labeled BGP Peer 1 and BGP Peer 2. These BGP peers have one Gigabit Ethernet link between them. I have created an iBGP peering between the two peers, where the AS numbering is the same on both Peers. 


Remember that a full mesh iBGP peering is required within an AS because iBGP routers do not re-advertise routes learned via iBGP to other iBGP peers. This is called the split horizon rule and is a routing-loop-prevention mechanism. Since we have two iBGP peers, this is fine. The BGP peerings are over TCP port 179, and I have redistributed connected so we have a route in the BGP table.


Port 179
Diagram: Port 179 with BGP peerings.


BGP Neighbor States

Now, let us delve into the various BGP neighbor states, their significance, and how they contribute to the stability and scalability of internet routing.

  1. Idle State:

The first state in BGP neighborship is the Idle state. In this state, a BGP router does not know any neighboring routers. It is waiting to establish a connection with a potential BGP peer. When a router is in the Idle state, it periodically sends out keepalive messages to potential peers, hoping to initiate the neighborship process.

  1. Connect State:

Once a router receives a keepalive message from a potential BGP neighbor, it transitions to the Connect state. The router attempts to establish a TCP connection with the neighboring router in this state. The Connect state lasts until the TCP connection setup is successful, after which the router moves to the OpenSent state.

  1. OpenSent State:

In the OpenSent state, the BGP router sends an Open message containing information about its capabilities and parameters to the neighboring router. The router waits for an Open message in response from the neighbor. If the received Open message is acceptable, the router moves to the OpenConfirm state.

  1. OpenConfirm State:

In the OpenConfirm state, BGP routers exchange Keepalive messages to confirm that the TCP connection works correctly. The routers also negotiate various BGP parameters during this state. Once both routers have confirmed the connection, they move to the Established state.

  1. Established State:

The Established state is the desired state for BGP neighborship. The routers have successfully established a BGP peering relationship in this state and are actively exchanging routing information. They exchange updates, keepalives, and notifications, enabling them to make informed routing decisions. This state is crucial for the stability and integrity of the overall BGP routing infrastructure.

BGP Neighbor Relationship


Below, the BGP state moves from Idle to Active and OpenSent. Some Open messages are sent and received; the BGP routers exchange some of their capabilities. From there, we move to the OpenConfirm and Established state. Finally, you see the BGP neighbor as up. The output of these debug messages is friendly and easy to read. If, for some reason, your neighbor’s adjacency doesn’t appear, these debugs can be helpful to solve the problem.


BGP neighbor Relationship

Lab on BGP Route Dampening

BGP dampening is a technique used to reduce the impact of unstable routes in the BGP routing table by temporarily suppressing the advertisement of such routes. It aims to prevent excessive route flapping, which can lead to suboptimal routing decisions, increased network overhead, and potential instability in the routing system.


  1. In the following, BGP dampening is configured only on R2. Both R2 and R1 are BGP peers. EBGP peers, as each BGP speaker is in their own AS.
  2. Notice the outputs below when we shut down the loopback interface address on R1.

Network administrators need to configure dampening parameters on BGP routers to implement BGP dampening. These parameters include the penalty values, the threshold at which a route is dampened, and the dampening duration. Careful consideration must be given to setting these parameters to balance stability and responsiveness. Fine-tuning the dampening parameters is crucial to achieve optimal results.

BGP dampening
Diagram: BGP Dampening

Port Numbers

Let’s go back to the basics for just a moment. First, we have port numbers that are used to represent communication endpoints. Port numbers are assigned 16-bit integers (see below) that identify a specific process or network service—running on your network. These are not assigned randomly, and IANA is responsible for internet protocol resources, including registering used port numbers for well-known internet services.

  • Well Known Ports: 0 through 1023.
  • Registered Ports: 1024 through 49151.
  • Dynamic/Private: 49152 through 65535.

So, we have TCP port numbers and UDP port numbers. We know TCP enables hosts to establish a connection and exchange data streams reliably. TCP Port 179 may use a defined protocol to communicate, depending on the application. For example, BGP is an application that uses TCP Port 179.

BGP chose this port for a good reason. TCP guarantees data delivery compared to UDP, and packets will be delivered on port 179 in the same order they were sent. So, we have guaranteed communication on TCP port 179, compared to UDP port 179. UDP port 179 would not have guaranteed communication in the same way as TCP.



UDP and TCP are internet protocols but have different features and applications. UDP, or User Datagram Protocol, is a lightweight and fast protocol used for applications that do not require reliable data transmission. UDP is a connectionless protocol that does not establish a dedicated end-to-end connection before sending data. Instead, UDP packets are sent directly to the recipient without any acknowledgment or error checking.

The TCP 3-Way Handshake

TCP, or Transmission Control Protocol, is a more reliable protocol for applications requiring error-free data transmission and guaranteed message delivery. TCP is a connection-oriented protocol that establishes a dedicated end-to-end connection between the sender and receiver before sending data. TCP uses a three-way handshake to establish a connection and provides error checking, retransmission, and flow control mechanisms to ensure data is transmitted reliably and efficiently.

In summary, UDP is a lightweight and fast protocol suitable for applications that do not require reliable data transmissions, such as real-time streaming media and online gaming. TCP is a more reliable protocol ideal for applications requiring error-free data transmissions and guaranteed message delivery, such as web browsing, email, and file transfer.

  • A key point – Video 2: Information on both TCP and UDP scanning

Port scanning can be performed against TCP and UDP ports. Identifying open ports on a target system is the stage that a bad actor has to carry out when understanding and defining the attack surface of a target. These open ports correspond to the networked services running on a system. And it’s something you want to protect your network against.



BGP and TCP Port 179

In the context of BGP, TCP is used to establish a connection between two routers and exchange routing information. When a BGP speaker wants to connect with another BGP speaker, it sends a TCP SYN message to the other speaker. If the other speaker is available and willing to join, it sends a SYN-ACK message. The first speaker then sends an ACK message to complete the connection.

Once the connection is established, the BGP speakers can exchange routing information. BGP uses a set of messages to exchange information about the networks that each speaker can reach. The messages include information about the network prefix, the path to the network, and various attributes that describe the network.

Lab guide on BGP update messages

In the following lab guide, you will see we have two BGP peers. There is also a packet capture that displays the BGP update messages. BGP uses source and destination ports other than 179, depending on who originates the session. BGP is a standard TCP-based protocol that runs on client and server computers.

Port 179
Diagram: BGP peering operating over TCP Port 179

To establish a connection with a TCP server, a TCP client first sends a TCP SYN packet with the destination port as the well-known port. In this first SYN, we are requesting to open a session. The server will reply with a TCP SYN ACK if it permits the session to open. It also wants to open a session. The source port of this SYN-ACK response is a well-known port, and the destination port is randomly chosen. After the three-way handshake, the client responds to the server with a TCP ACK, acknowledging the server’s response.

As far as BGP is concerned, TCP clients and servers are routers. When the “client” router initiates the BGP connection, it sends a request to the server with a destination port 179, and a random X source port. The server then responds with a source port of 179 and a destination port of X. Consequently, all client-to-server traffic uses destination 179, while all server-to-client traffic uses source 179.

You can see a sample BGP update message in the following Wireshark output. Notice the Dst Port: 179 that is highlighted in red.


BGP update message
Diagram: BGP update message. Source is Wireshark


What Is BGP Hijacking?

A BGP hijack occurs when attackers maliciously reroute Internet traffic. The attacker accomplishes this by falsely announcing ownership of IP prefixes they do not control, own, or route. When a BGP hijack occurs, all the signs on a stretch of the freeway are changed, and traffic is redirected to the wrong exit.

The BGP protocol assumes that interconnected networks are telling the truth about which IP addresses they own, so BGP hijacking is nearly impossible to stop – imagine if no one watched the freeway signs. The only way to tell if they had been maliciously changed was by observing that many cars ended up in the wrong neighborhoods. To hijack BGP, an attacker must control or compromise a BGP-enabled router that bridges two autonomous systems (AS), so not just anyone can do so.

Inject False Routing Information

BGP hijacking can occur when an attacker gains control over a BGP router and announces false routing information to neighboring routers. This misinformation causes the routers to redirect traffic to the attacker’s network instead of the intended destination. The attacker can then intercept, monitor, or manipulate the traffic for malicious purposes, such as eavesdropping, data theft, or launching distributed denial of service (DDoS) attacks.

Methods for BGP Hijacking

There are several methods that attackers can use to carry out BGP hijacking. One common technique is prefix hijacking, where the attacker announces a more specific IP address prefix for a given destination than the legitimate owner of that prefix. This causes traffic to be routed through the attacker’s network instead of the legitimate network.

Another method is AS path manipulation, where the attacker modifies the AS path attribute of BGP updates to make their route more appealing to neighboring routers. By doing so, the attacker can attract traffic to their network and then manipulate it as desired.

BGP hijacking
Diagram: BGP Hijacking. Source is catchpoint


Mitigate BGP Hijacking

Network operators can implement various security measures to mitigate the risk of BGP hijacking. One crucial step is validating BGP route announcements using Route Origin Validation (ROV) and Resource Public Key Infrastructure (RPKI). These mechanisms allow networks to verify the legitimacy of BGP updates and reject any malicious or unauthorized announcements.

Additionally, network operators should establish BGP peering relationships with trusted entities and implement secure access controls for their routers. Regular monitoring and analysis of BGP routing tables can also help detect and mitigate hijacking attempts in real-time.

BGP Exploit and Port 179

Exploiting Port 179

Port 179 is the designated port for BGP communication. Cybercriminals can exploit this port to manipulate BGP routing tables, redirecting traffic to unauthorized destinations. Attackers can potentially intercept and use sensitive data by impersonating a trusted BGP peer or injecting false routing information.

The consequences of a successful BGP exploit can be severe. Unauthorized rerouting of internet traffic can lead to data breaches, service disruptions, and even financial losses. The exploit can be particularly damaging for organizations that rely heavily on network connectivity, such as financial institutions and government agencies.

Protecting your network from BGP exploits requires a multi-layered approach. Here are some essential measures to consider:

1. Implement BGP Security Best Practices: Ensure your BGP routers are correctly configured and follow best practices, such as filtering and validating BGP updates.

2. BGP Monitoring and Alerting: Deploy robust monitoring tools to detect anomalies and suspicious activities in BGP routing. Real-time alerts can help you respond swiftly to potential threats.

3. Peer Authentication and Route Validation: Establish secure peering relationships and implement mechanisms to authenticate BGP peers. Additionally, consider implementing Resource Public Key Infrastructure (RPKI) to validate the legitimacy of BGP routes.


BGP Port 179 Exploit

What is BGP protocol in networking? The operation of the Internet Edge and BGP is crucial to ensure. Internet services are available. Unfortunately, this zone is a public-facing infrastructure exposed to various threats, such as denial-of-service, spyware, network intrusion, web-based phishing, and application-layer attacks. BGP is highly vulnerable to multiple security breaches due to the lack of a scalable means of verifying the authenticity and authorization of BGP control traffic.

As a result, a bad actor could compromise BGP and inject believable BGP messages into the communication between BGP peers. As a result, they were injecting bogus routing information or breaking the peer-to-peer connection.

In addition, outsider sources can also disrupt communications between BGP peers by breaking their TCP connection with spoofed RST packets. For this, you need to undergo BGP vulnerability testing. One option is to use the port 179 BGP exploit to collect data on the security posture of BGP implementations.

port 179 BGP exploit
Diagram: BGP at the WAN Edge. Port 179 BGP exploit


Metasploit: A Powerful Penetration Testing Tool:

Metasploit, developed by Rapid7, is an open-source penetration testing framework that provides a comprehensive set of tools for testing and exploiting vulnerabilities. One of its modules focuses specifically on BGP port 179, enabling ethical hackers and security professionals to assess the security posture of their networks.

Exploiting BGP with Metasploit:

Metasploit offers a wide range of BGP-related modules that can be leveraged to simulate attacks and identify potential vulnerabilities. These modules enable users to perform tasks such as BGP session hijacking, route injection, route manipulation, and more. By utilizing Metasploit’s BGP modules, network administrators can proactively identify weaknesses in their network infrastructure and implement appropriate mitigation strategies.

Benefits of Metasploit BGP Module:

The utilization of Metasploit’s BGP module brings several benefits to network penetration testing:

  1. Comprehensive Testing: Metasploit’s BGP module allows for thorough testing of BGP implementations, helping organizations identify and address potential security flaws.
  2. Real-World Simulation: By simulating real-world attacks, Metasploit enables security professionals to gain deeper insights into the impact of BGP vulnerabilities on their network infrastructure.
  3. Enhanced Risk Mitigation: Identifying and understanding BGP vulnerabilities using Metasploit helps organizations develop effective risk mitigation strategies, ensuring the integrity and availability of their networks.

Border Gateway Protocol Design

Service Provider ( SP ) Edge Block

Service Provider ( SP ) Edge comprises Internet-facing border routers. These routers are the first line of defense and will run external Border Gateway Protocol ( eBGP ) to the Internet through dual Internet Service Providers ( ISP ).

Border Gateway Protocol is a policy-based routing protocol deployed at the edges of networks connecting to 3rd-party networks and has redundancy and highly available methods such as BGP Multipath. However, as it faces the outside world, it must be secured and hardened to overcome numerous blind and semi-blind attacks it can face, such as DoS or Man-in-the-Middle Attacks.

 Man-in-the-middle attacks

Possible attacks against BGP could be BGP route injection from a bidirectional man-in-the-middle attack. In theory, BGP route injection seems simple if one compares it to a standard ARP spoofing man-in-the-middle attack, but in practice, it does not. For successfully inserting a “neighbor between neighbors,” a rogue router must successfully TCP hijack BGP.

 Requires the following:

  1. Correctly matching the source address and source port.
  2. Matching the destination port.
  3. Guess the TTL if a BGP TTL hacks if applied.
  4. Match the TCP sequence numbers.
  5. Bypassing MD5 authentication ( if any ).

 Although this might seem like a long list, it is possible. The first step would be to ARP Spoof the connection between BGP peers using Dsniff or Ettercap. After successfully spoofing the session, launch tools from CIAG BGP, such as TCP hijack. The payload is a BGP Update or a BGP Notification packet fed into the targeted session.

 Blind DoS attacks against BGP routers

DoS attack on BGP peer would devastate the overall network, more noticeably for exit traffic as BGP deployment occurs at the network’s edges. On the other hand, a DoS attack could bring down BGP peer and cause route flapping or dampening. A widespread DoS attack floods the target BGP service, enabling MD5 authentication using SYN TCP packets with MD5 signatures. The attack overloads the targeted peer with loads of MD5 authentication processing, which consumes all its resources that should process standard control and data plane function packets.


Countermeasures – Protecting the edge.

One way to lock down BGP is to implement the “BGP TTL hack,” known as the BGP TTL security check. This feature protects eBGP sessions ( not iBGP ) and compares the value in the received IP packet’s Time-to-Live ( TTL ) field with a hop count locally configured on each eBGP neighbor. All packets with values less than the expected value are silently discarded.

One of the security concerns with BGP is the possibility of a malicious attacker injecting false routing information into the network. A TTL (Time to Live) security check can be implemented to mitigate this risk.

TTL Security Check

The TTL security check involves verifying the TTL value of a BGP update message. The TTL value is a field in the IP header specifying the maximum number of hops a packet can travel before being discarded. When a BGP update message is received, the TTL value is checked to ensure that the message has traveled fewer hops than expected. If the TTL value is higher than expected, the message is discarded.

Implementing a TTL security check can help prevent attacks such as route hijacking and route leaks. Route hijacking is an attack where a malicious actor announces false routing information to redirect traffic to a different destination. Route leaks occur when a network announces routes that it does not control, leading to potential traffic congestion and instability.

BGP - TTL Security
BGP – TTL Security


Importance of BGP TTL Security Check:

1. Mitigating Route Leaks: Route leaks occur when BGP routers inadvertently advertise routes to unauthorized peers. By implementing TTL security checks, routers can verify the authenticity of received BGP packets, preventing unauthorized route advertisements and mitigating the risk of route leaks.

2. Preventing IP Spoofing: TTL security check is crucial in preventing IP spoofing attacks. By verifying the TTL value of incoming BGP packets, routers can ensure that the source IP address is legitimate and not spoofed. This helps maintain the trustworthiness of routing information and prevents potential network attacks.

3. Enhancing BGP Routing Security: BGP TTL security check adds an extra layer of security to BGP routing. By validating the TTL values of incoming packets, network operators can detect and discard packets with invalid TTL values, thus preventing potential attacks that manipulate TTL values.

Implementation of BGP TTL Security Check:

To implement BGP TTL security checks, network operators can configure BGP routers to verify the TTL values of received BGP packets. This can be done by setting a minimum TTL threshold, which determines the minimum acceptable TTL value for incoming BGP packets. Routers can then drop packets with TTL values below the configured threshold, ensuring that only valid packets are processed.

It is possible to forge the TTL field in the IP packet header. To forge accurately, the TTL count of matching the TTL count of the configured neighbor is nearly impossible. The trusted peer would most likely be compromised for this to take place. After you enable the check, the configured BGP peers send all their updates with a TTL of 255. This router only accepts BGP packets with a TTL value of 252 or more significant in the command syntax below.

port 179 bgp exploit metasploit
Diagram: BGP Security.


Neighbor TTL-security hops 2 The external BGP neighbor may be up to 2 hops away. 


Routers learned from SP 1 should not be leaked to SP 2 and vice versa. The following should be matched and applied to an outbound route map.


ip as-path access-list 10 permit ^$ Permit only if there is no as-path prepend
ip as-path access-list 10 deny .* Deny if there is an as-path prepend


A final note on BGP security

  • BGP MD5-based authentication should be used for eBGP neighbors.

  • Route flap dampening.

  • Layer 2 and ARP-related defense mechanism for shared media.

  • Bogon list and Infrastructure ACL to provide inbound packet filtering.

  • Packet filtering to block unauthorized hosts’ access to TCP port 179.

  • Implement extensions to BGP, including Secure BGP ( S-BGP ), Secure Origin BGP ( so-BGP ) and Pretty Secure BGP ( psBGP).


BGP is one of the protocols that make the Internet work. Most hackers and attackers worldwide target BGP due to its criticality and importance on the Internet. Attackers are primarily interested in finding vulnerabilities in systems, like BGP, and exploiting them. By finding a loophole in BGP, attackers can cause significant disruption to the Internet if they are successful. This is the primary reason to secure BGP.

Before securing BGP, there are a few primary areas to focus on:

  • Authentication: BGP neighbors in the same AS or two different ASs must be authenticated. BGP sessions and routing information should be shared only with authenticated BGP neighbors.
  • Message integrity: BGP messages should not be illegally modified during transport.
  • Availability: BGP speakers should be protected from Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks.
  • Prefix origination validation: Implementing a mechanism to distinguish between invalid and legitimate routes for BGP destinations is necessary.
  • AS path verification: Verify that no illegal entity falsifies an AS_PATH (modifies it with a wrong AS number or deletes it). This can result in traffic black holes for the destination prefix as the route selection process uses AS_PATH.


A Final Note on BGP Security

BGP (Border Gateway Protocol) is a protocol used to exchange routing information between different Autonomous Systems (AS) on the Internet. BGP is a crucial protocol for properly functioning the Internet, but it introduces various security challenges.

BGP Hijacking

One of the most significant security challenges with BGP is the possibility of BGP hijacking. BGP hijacking occurs when an attacker announces illegitimate routes to a BGP speaker, causing traffic to be diverted to the attacker’s network. This can lead to severe consequences, such as loss of confidentiality, integrity, and availability of the affected network.

To prevent BGP hijacking, various security mechanisms have been proposed. One of the most commonly used mechanisms is the Resource Public Key Infrastructure (RPKI). RPKI is a system that enables network operators to verify the legitimacy of BGP advertisements. RPKI associates a public key with a route object in the BGP routing table. If the public key associated with a route object matches the public key of the originating AS, the route is considered legitimate.


Another mechanism to prevent BGP hijacking is the use of BGPsec. BGPsec is a security extension to BGP that provides cryptographic protection to BGP messages. BGPsec ensures that BGP messages are not tampered with during transit and that the origin of the BGP messages can be verified.

In addition to BGP hijacking, BGP is also susceptible to other security threats, such as BGP route leaks and BGP route flaps. Various best practices should be followed to mitigate these threats, such as implementing route filtering, route reflectors, and deploying multiple BGP sessions.

In conclusion, BGP is a critical Internet protocol that introduces various security challenges. To ensure the security and stability of the Internet, network operators must implement appropriate security mechanisms and best practices to prevent BGP hijacking, route leaks, and other security threats.


A Final Note on BGP Port 179

BGP (Border Gateway Protocol) is a crucial component of the internet infrastructure, facilitating the exchange of routing information between different networks. One of the most critical aspects of BGP is its use of well-known port numbers to establish connections and exchange data. Among these port numbers, port 179 holds a significant role.

Port 179 is designated explicitly for BGP communication. It serves as the default port for establishing TCP connections between BGP routers. BGP routers utilize this port to exchange routing information and ensure the optimal flow of network traffic.

BGP Sessions

The importance of port 179 in BGP cannot be overstated. It acts as the gateway for BGP sessions to establish connections between routers. BGP routers use this port to communicate and share information about available routes, network prefixes, and other relevant data. This allows routers to make informed decisions about the most efficient path-forwarding traffic.

When a BGP router initiates a connection, it sends a TCP SYN packet to the destination router on port 179. If the destination router is configured to accept BGP connections, it responds with a SYN-ACK packet, establishing a TCP connection. Once the connection is established, BGP routers exchange updates and inform each other about network changes.

Port 179 is typically used for external BGP (eBGP) sessions, where BGP routers from different autonomous systems connect to exchange routing information. However, it can also be used for internal BGP (iBGP) sessions within the same autonomous system.

Port 179 is a well-known port.

It is worth noting that port 179 is a well-known port, meaning it is standardized and widely recognized across networking devices and software. This standardization ensures compatibility and allows BGP routers from different vendors to communicate seamlessly.

While port 179 is the default port for BGP, it is essential to remember that BGP can be configured to use other port numbers if necessary. This flexibility allows network administrators to adapt BGP to their specific requirements, although it is generally recommended to stick with the default port for consistency and ease of configuration.

In conclusion, port 179 enables BGP routers to establish connections and exchange routing information. It is the gateway for BGP sessions, ensuring efficient network traffic flow. Understanding the significance of port 179 is essential for network administrators working with BGP and plays a vital role in maintaining a robust and efficient internet infrastructure.


Border gateway protocol


Matt Conran
Latest posts by Matt Conran (see all)

Comments are closed.