Technical Articles
F5 SMEs share good practice.
Showing results for 
Search instead for 
Did you mean: 

1 Quick Facts

  • BGP uses TCP port 179 and is path vector protocol, rather than distance vector or link-state
  • Keep-alive is 60s by default and Hold time is 180s 
  • Only hold time is negotiated in Open message
  • Lowest hold time is used
  • Routes are only installed in the routing table and advertised to peer is deemed valid (*) and best (>)
  • For BGP to advertise a route using network command such route has to be in the routing table first
  • BGP transport and route advertisement (known as NLRI in BGP) are independent
  • Transport can use either IPv4 or IPv6
  • IPv6 NLRI can be advertised over an IPv4 BGP connection and vice-versa

2. The BGP peering for IPv4


BIG-IP establishes TCP connection on port 179 with peer and each one exchange OPEN Message:


Here's BIG-IP's OPEN Message:


Here's Cisco's OPEN Message:


Marker is always the same value and is just to signal the beginning of BGP message so don't worry about it.

Length is just the total length of this BGP message

Type could be UPDATE (2), KEEPALIVE (4) but in this case it is an OPEN Message (1).

Version is always the same as this is BGPv4.

My AS is the same because this is iBGP but if it was eBGP My AS on both sides would differ.

Hold Time picked value is the lowest one and this is negotiated. Since lowest value on BIG-IP's side is 90 seconds then both peers will send KEEPALIVE messages at 30 seconds interval.

BGP Identifier is the bgp router-id that we typed in.

Optional Parameters Length is the total length combined of all BGP extensions 

Optional Parameters are BGP extensions.

At this point, if something goes wrong with peering, we should see BGP sending a NOTIFICATION message to terminate peering process:


The above one was issued because I shutdown the neighbour relationship manually but other types of error would reveal a different message.

In a running packet capture, we should see KEEPALIVE messages and corresponding TCP ACKs at agreed interval based on Hold Time:


Other than that, UPDATE messages are also common and I will show them right now.

3. The UPDATE message for IPv4

It's kind of built-in. For IPv4 we will see Type 2 message (UPDATE) and the NLRI (routes).

The 2 prefixes below share the same attributes and this is why they're grouped together:


4. The BGP peering for IPv6

It's the same thing as IPv4 but an additional capability is negotiated called Multiprotocol extensions capability with IPv6 as AFI value:


In case you never heard of AFI/SAFI here's what they mean:

If you ever configured BGP and typed in address-family commands then you've touched AFI/SAFI already.

5. BONUS! Carrying IPv4 prefixes over an IPv6 BGP connection (WHAT?)

Yes, it's possible but next-hop of an IPv4 route is going to be IPv4 so make sure there is connectivity or create the relevant route-map.


Notice that we're transporting BGP packets over IPv6 but routes advertised are IPv4 prefixes:


You can also carry IPv6 prefixes over IPv4 if we do the other way round.

F5 Employee
F5 Employee

fantastic article!

Thank you 🙂



Great article! Hope you will continue this topic. Will be great to have something about real life best practices for BGP config related to cluster. Another topic could be about BIG-IP redistributing routes from upstream do downstream routers.


Will take into consideration your suggestion, Piotr. Thank you! 🙂


Very well explained, congratulations!

Thank you, Guilherme!


Hi Rodrigo,

Slightly off topic but can you by chance advice about BGP/BFD configuration. As far as I know those protocols can be configured via imish and tmsh/iControl, but you have to choose one (no way to use both ways at the same time). What would be your advice for new config - go for tmsh/iControl or stay with imish?

tmsh/iControl looks as more friendly and elastic (especially ability to use iControl) but maybe this way is less powerful that imish and not enough for more complicated configurations?

Is that possible to manage BGP/BFD via tmsh/iControl and at the same time (for the same Route Domain) to manage other protocols using imish? Not sure after reading manual - it suggests that all protocols should be removed from RD config but maybe this is not a case?


Hi Piotr,


As far as I know, tmsh is supposed to completely replace imish. If they left imi as read-only in later versions that's likely because all the features are now available via tmsh. So, for new config, I'd stick to tmsh. You can even do automation with iControl and that's much better than imish alone. Regarding your last question about using both tmsh and imish I never tried myself so I can't answer it. I'd need to test it and see if it works.






Thanks for info. Do you mean that there will be (or already is in v15) support for other protocols than BFD/BGP? Latest documentation about this topic I can find is for v14.1.2 - There seems to be no such manual (BIG-IP Dynamic Routing with tmsh and iControl REST) for v15 😞


Hi Piotr


I'm trying to get an authoritative response for you on that. Stay tuned.


Thanks a lot!!!

Version history
Last update:
‎08-Oct-2019 07:16
Updated by: