Why is the BGP base on TCP 1027 rather than 179?











up vote
5
down vote

favorite












Why is the BGP foreign address port 1027?



I use BGP to connect Router1 and Router2, but when I show the TCP progress:



Router1>show tcp brief 

TCB       Local Address           Foreign Address        (state)

4E976890  10.0.0.1.179           10.0.0.2.1027         ESTABLISHED


We say the BGP is based on TCP port 179. Why is Router2's BGP on port 1027?






cisco router bgp







share|improve this question




























    up vote
    5
    down vote

    favorite












    Why is the BGP foreign address port 1027?



    I use BGP to connect Router1 and Router2, but when I show the TCP progress:



    Router1>show tcp brief 
    
TCB       Local Address           Foreign Address        (state)
    
4E976890  10.0.0.1.179           10.0.0.2.1027         ESTABLISHED


    We say the BGP is based on TCP port 179. Why is Router2's BGP on port 1027?






    cisco router bgp







    share|improve this question


























      up vote
      5
      down vote

      favorite









      up vote
      5
      down vote

      favorite











      Why is the BGP foreign address port 1027?



      I use BGP to connect Router1 and Router2, but when I show the TCP progress:



      Router1>show tcp brief 
      
TCB       Local Address           Foreign Address        (state)
      
4E976890  10.0.0.1.179           10.0.0.2.1027         ESTABLISHED


      We say the BGP is based on TCP port 179. Why is Router2's BGP on port 1027?






      cisco router bgp







      share|improve this question















      Why is the BGP foreign address port 1027?



      I use BGP to connect Router1 and Router2, but when I show the TCP progress:



      Router1>show tcp brief 
      
TCB       Local Address           Foreign Address        (state)
      
4E976890  10.0.0.1.179           10.0.0.2.1027         ESTABLISHED


      We say the BGP is based on TCP port 179. Why is Router2's BGP on port 1027?






      cisco router bgp




      cisco router bgp






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 26 at 10:09









      jonathanjo

      9,5211631




      9,5211631










      asked Nov 26 at 9:43









      three-blocks

      3306




      3306






















          3 Answers
          3






          active

          oldest

          votes

















          up vote
          9
          down vote



          accepted










          One side of the connection will have an arbitrary port number, the other will be on 179.



          Cisco Press "BGP Fundamentals" has a good explanation (link)




          the neighbor with the higher IP address manages the connection. The router initiating the request uses a dynamic source port, but the destination port is always 179.



          Example 1-1 shows an established BGP session using the command show tcp brief to display the active TCP sessions between routers. Notice that the TCP source port is 179 and the destination port is 59884 on R1, and the ports are opposite on R2.




          Example 1-1: Established BGP session
          

          
RP/0/0/CPU0:R1# show tcp brief | exc "LISTEN|CLOSED"
          
   PCB     VRF-ID     Recv-Q Send-Q Local Address    Foreign Address      State
          
0x088bcbb8 0x60000000      0      0  10.1.12.1:179    10.1.12.2:59884     ESTAB
          

          
R2# show tcp brief
          
TCB       Local Address               Foreign Address             (state)
          
EF153B88  10.1.12.2. 59884            10.1.12.1.179               ESTAB


          This is just the same as any other TCP connection: the passive open side sits and waits on a well-known port number; the active open side uses an arbitary port. This makes it much easier to manage many-to-many TCP links.






          share|improve this answer























          • What's the correct way to protect these random ports in iptables?
            – bswinnerton
            Dec 1 at 16:57












          • Question is about Cisco routers, what are you wanting to protect with iptables?
            – jonathanjo
            Dec 1 at 17:39


















          up vote
          4
          down vote













          TCP source vs. destination ports.



          To give a different example: HTTP servers listen on TCP port 80. So when you are connecting to a web server, you will automatically use TCP/80 as the destination port. However, the source port is a random one above 1024.



          The exact same thing happens with BGP - the client (the router initiating the connection) will connect to TCP destination port 179. But the source port for that connection will be a random high port.






          share|improve this answer




























            up vote
            2
            down vote













            In general, the BGP use TCP 179 port as the BGP service. the client connect BGP service port there is no limit.



            such as the SSH server use 22 as its port, there is no limit for the client port.






            share|improve this answer





















              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "496"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              convertImagesToLinks: false,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              noCode: true, onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54979%2fwhy-is-the-bgp-base-on-tcp-1027-rather-than-179%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              3 Answers
              3






              active

              oldest

              votes








              3 Answers
              3






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes








              up vote
              9
              down vote



              accepted










              One side of the connection will have an arbitrary port number, the other will be on 179.



              Cisco Press "BGP Fundamentals" has a good explanation (link)




              the neighbor with the higher IP address manages the connection. The router initiating the request uses a dynamic source port, but the destination port is always 179.



              Example 1-1 shows an established BGP session using the command show tcp brief to display the active TCP sessions between routers. Notice that the TCP source port is 179 and the destination port is 59884 on R1, and the ports are opposite on R2.




              Example 1-1: Established BGP session
              

              
RP/0/0/CPU0:R1# show tcp brief | exc "LISTEN|CLOSED"
              
   PCB     VRF-ID     Recv-Q Send-Q Local Address    Foreign Address      State
              
0x088bcbb8 0x60000000      0      0  10.1.12.1:179    10.1.12.2:59884     ESTAB
              

              
R2# show tcp brief
              
TCB       Local Address               Foreign Address             (state)
              
EF153B88  10.1.12.2. 59884            10.1.12.1.179               ESTAB


              This is just the same as any other TCP connection: the passive open side sits and waits on a well-known port number; the active open side uses an arbitary port. This makes it much easier to manage many-to-many TCP links.






              share|improve this answer























              • What's the correct way to protect these random ports in iptables?
                – bswinnerton
                Dec 1 at 16:57












              • Question is about Cisco routers, what are you wanting to protect with iptables?
                – jonathanjo
                Dec 1 at 17:39















              up vote
              9
              down vote



              accepted










              One side of the connection will have an arbitrary port number, the other will be on 179.



              Cisco Press "BGP Fundamentals" has a good explanation (link)




              the neighbor with the higher IP address manages the connection. The router initiating the request uses a dynamic source port, but the destination port is always 179.



              Example 1-1 shows an established BGP session using the command show tcp brief to display the active TCP sessions between routers. Notice that the TCP source port is 179 and the destination port is 59884 on R1, and the ports are opposite on R2.




              Example 1-1: Established BGP session
              

              
RP/0/0/CPU0:R1# show tcp brief | exc "LISTEN|CLOSED"
              
   PCB     VRF-ID     Recv-Q Send-Q Local Address    Foreign Address      State
              
0x088bcbb8 0x60000000      0      0  10.1.12.1:179    10.1.12.2:59884     ESTAB
              

              
R2# show tcp brief
              
TCB       Local Address               Foreign Address             (state)
              
EF153B88  10.1.12.2. 59884            10.1.12.1.179               ESTAB


              This is just the same as any other TCP connection: the passive open side sits and waits on a well-known port number; the active open side uses an arbitary port. This makes it much easier to manage many-to-many TCP links.






              share|improve this answer























              • What's the correct way to protect these random ports in iptables?
                – bswinnerton
                Dec 1 at 16:57












              • Question is about Cisco routers, what are you wanting to protect with iptables?
                – jonathanjo
                Dec 1 at 17:39













              up vote
              9
              down vote



              accepted







              up vote
              9
              down vote



              accepted






              One side of the connection will have an arbitrary port number, the other will be on 179.



              Cisco Press "BGP Fundamentals" has a good explanation (link)




              the neighbor with the higher IP address manages the connection. The router initiating the request uses a dynamic source port, but the destination port is always 179.



              Example 1-1 shows an established BGP session using the command show tcp brief to display the active TCP sessions between routers. Notice that the TCP source port is 179 and the destination port is 59884 on R1, and the ports are opposite on R2.




              Example 1-1: Established BGP session
              

              
RP/0/0/CPU0:R1# show tcp brief | exc "LISTEN|CLOSED"
              
   PCB     VRF-ID     Recv-Q Send-Q Local Address    Foreign Address      State
              
0x088bcbb8 0x60000000      0      0  10.1.12.1:179    10.1.12.2:59884     ESTAB
              

              
R2# show tcp brief
              
TCB       Local Address               Foreign Address             (state)
              
EF153B88  10.1.12.2. 59884            10.1.12.1.179               ESTAB


              This is just the same as any other TCP connection: the passive open side sits and waits on a well-known port number; the active open side uses an arbitary port. This makes it much easier to manage many-to-many TCP links.






              share|improve this answer














              One side of the connection will have an arbitrary port number, the other will be on 179.



              Cisco Press "BGP Fundamentals" has a good explanation (link)




              the neighbor with the higher IP address manages the connection. The router initiating the request uses a dynamic source port, but the destination port is always 179.



              Example 1-1 shows an established BGP session using the command show tcp brief to display the active TCP sessions between routers. Notice that the TCP source port is 179 and the destination port is 59884 on R1, and the ports are opposite on R2.




              Example 1-1: Established BGP session
              

              
RP/0/0/CPU0:R1# show tcp brief | exc "LISTEN|CLOSED"
              
   PCB     VRF-ID     Recv-Q Send-Q Local Address    Foreign Address      State
              
0x088bcbb8 0x60000000      0      0  10.1.12.1:179    10.1.12.2:59884     ESTAB
              

              
R2# show tcp brief
              
TCB       Local Address               Foreign Address             (state)
              
EF153B88  10.1.12.2. 59884            10.1.12.1.179               ESTAB


              This is just the same as any other TCP connection: the passive open side sits and waits on a well-known port number; the active open side uses an arbitary port. This makes it much easier to manage many-to-many TCP links.







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Nov 26 at 10:06

























              answered Nov 26 at 9:58









              jonathanjo

              9,5211631




              9,5211631












              • What's the correct way to protect these random ports in iptables?
                – bswinnerton
                Dec 1 at 16:57












              • Question is about Cisco routers, what are you wanting to protect with iptables?
                – jonathanjo
                Dec 1 at 17:39


















              • What's the correct way to protect these random ports in iptables?
                – bswinnerton
                Dec 1 at 16:57












              • Question is about Cisco routers, what are you wanting to protect with iptables?
                – jonathanjo
                Dec 1 at 17:39
















              What's the correct way to protect these random ports in iptables?
              – bswinnerton
              Dec 1 at 16:57






              What's the correct way to protect these random ports in iptables?
              – bswinnerton
              Dec 1 at 16:57














              Question is about Cisco routers, what are you wanting to protect with iptables?
              – jonathanjo
              Dec 1 at 17:39




              Question is about Cisco routers, what are you wanting to protect with iptables?
              – jonathanjo
              Dec 1 at 17:39










              up vote
              4
              down vote













              TCP source vs. destination ports.



              To give a different example: HTTP servers listen on TCP port 80. So when you are connecting to a web server, you will automatically use TCP/80 as the destination port. However, the source port is a random one above 1024.



              The exact same thing happens with BGP - the client (the router initiating the connection) will connect to TCP destination port 179. But the source port for that connection will be a random high port.






              share|improve this answer

























                up vote
                4
                down vote













                TCP source vs. destination ports.



                To give a different example: HTTP servers listen on TCP port 80. So when you are connecting to a web server, you will automatically use TCP/80 as the destination port. However, the source port is a random one above 1024.



                The exact same thing happens with BGP - the client (the router initiating the connection) will connect to TCP destination port 179. But the source port for that connection will be a random high port.






                share|improve this answer























                  up vote
                  4
                  down vote










                  up vote
                  4
                  down vote









                  TCP source vs. destination ports.



                  To give a different example: HTTP servers listen on TCP port 80. So when you are connecting to a web server, you will automatically use TCP/80 as the destination port. However, the source port is a random one above 1024.



                  The exact same thing happens with BGP - the client (the router initiating the connection) will connect to TCP destination port 179. But the source port for that connection will be a random high port.






                  share|improve this answer












                  TCP source vs. destination ports.



                  To give a different example: HTTP servers listen on TCP port 80. So when you are connecting to a web server, you will automatically use TCP/80 as the destination port. However, the source port is a random one above 1024.



                  The exact same thing happens with BGP - the client (the router initiating the connection) will connect to TCP destination port 179. But the source port for that connection will be a random high port.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 26 at 14:45









                  Bogd

                  411




                  411






















                      up vote
                      2
                      down vote













                      In general, the BGP use TCP 179 port as the BGP service. the client connect BGP service port there is no limit.



                      such as the SSH server use 22 as its port, there is no limit for the client port.






                      share|improve this answer

























                        up vote
                        2
                        down vote













                        In general, the BGP use TCP 179 port as the BGP service. the client connect BGP service port there is no limit.



                        such as the SSH server use 22 as its port, there is no limit for the client port.






                        share|improve this answer























                          up vote
                          2
                          down vote










                          up vote
                          2
                          down vote









                          In general, the BGP use TCP 179 port as the BGP service. the client connect BGP service port there is no limit.



                          such as the SSH server use 22 as its port, there is no limit for the client port.






                          share|improve this answer












                          In general, the BGP use TCP 179 port as the BGP service. the client connect BGP service port there is no limit.



                          such as the SSH server use 22 as its port, there is no limit for the client port.







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Nov 26 at 9:53









                          aircraft

                          544111




                          544111






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Network Engineering Stack Exchange!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.





                              Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                              Please pay close attention to the following guidance:


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54979%2fwhy-is-the-bgp-base-on-tcp-1027-rather-than-179%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              -

                              Popular posts from this blog

                              Сан-Квентин

                              Image
                              Сан-Квентин Местоположение Сан-Квентин, Калифорния Координаты 37°56′13″ с. ш. 122°29′20″ з. д. H G Я O L Текущий статус Действует Режим безопасности минимальный и максимальный Количество мест 3 302 Открытие Июнь 1852 Находится в ведомстве California Department of Corrections and Rehabilitation Начальник Mike Martel, начальник  Сан-Квентин на Викискладе Сан-Квентин (англ.  San Quentin ) — тюрьма, располагающаяся на 432 акрах (около 1,7 км²), на мысе Сан-Квентин, в округе Марин, штат Калифорния, США. Тюрьма штата Калифорния Сан-Квентин была открыта в июле 1852 года и является старейшей в штате. Она была построена заключёнными, которые проживали в течение строительства на тюремном судне Вабан. В Сан-Квентине отбывали наказание и мужчины, и женщины до 1934 года, когда построили женскую тюрьму в Техачапи и туда перевели всех заключённых женщин. В Сан-Квентине приводятся в исполнение смертные казни, для этого имеется газовая камера, но
                              Read more

                              Алькесар

                              Image
                              Муниципалитет Алькесар Alquézar Герб 42°10′16″ с. ш. 0°01′27″ в. д. H G Я O L Страна Испания   Испания Автономное сообщество Арагон Провинция Уэска Комарка Сомонтано-де-Барбастро Алькальд Хосе Марияно Альтемир Ласкорс (ИСРП) История и география Площадь 32,36 км² Высота НУМ 660 м Часовой пояс UTC+1, летом UTC+2 Население Население 313 человек ( 2010 ) Плотность 9,92 чел./км² Этнохороним alquezarano/-a Цифровые идентификаторы Телефонный код +34 974 Почтовые индексы 22112 Автомобильный код HU alquezar.org   (исп.) Показать/скрыть карты Алькесар Алькесар Алькесар  Аудио, фото и видео на Викискладе Алькесар (исп.  Alquézar ) — муниципалитет в Испании, входит в провинцию Уэска, в составе автономного сообщества Арагон. Муниципалитет находится в составе района (комарки) Сомонтано-де-Барбастро. Занимает площадь 32,36 км². Население — 321 челове
                              Read more

                              Josef Freinademetz

                              Image
                              San Ujöp (Giuseppe/Josef) Freinademetz Josef Freinademetz in abiti cinesi   Religioso e missionario   Nascita 15 aprile 1852 Morte 28 gennaio 1908 Venerato da Chiesa cattolica Beatificazione 1975 Canonizzazione 5 ottobre 2003 Ricorrenza 28 gennaio Manuale Ujöp Freinademetz noto anche come Giuseppe o Josef Freinademetz (Oies, 15 aprile 1852 – Taikia, 28 gennaio 1908) è stato un presbitero austriaco, membro della Società del Verbo Divino, fu missionario in Cina; è venerato come santo dalla Chiesa cattolica. .mw-parser-output .citazione-table{margin-bottom:.5em;font-size:95%}.mw-parser-output .citazione-table td{padding:0 1.2em 0 2.4em}.mw-parser-output .citazione-lang{vertical-align:top}.mw-parser-output .citazione-lang td{width:50%}.mw-parser-output .citazione-lang td:first-child{padding:0 0 0 2.4em}.mw-parser-output .citazione-lang td:nth-child(2){padding:0 1.2em} «Io amo la Cina e i cinesi; voglio morire in mezzo a loro, e tra loro
                              Read more