Six states. One FSM. If you cannot name all six from memory and say what triggers each transition, you will be guessing during outages instead of diagnosing.
The six states
Idle. The router is not trying to connect. Either no neighbor is configured, the peer is administratively shut down, or a previous attempt just failed and the ConnectRetryTimer has not expired yet. This is the starting state.
Connect. The router is actively trying to open a TCP connection (port 179) to the peer. If the TCP SYN succeeds, it moves to OpenSent. If the SYN fails or times out, it moves to Active.
Active. This is the confusing one. "Active" does not mean "working." It means the router failed to connect and is now listening for the peer to call it instead. If neither side can reach the other, both sit in Active forever. RFC 4271 section 8.2.2.
OpenSent. TCP connection is up. The router sent its OPEN message and is waiting for the peer's OPEN. If the peer's OPEN arrives and validates (matching ASN, acceptable hold timer), the router sends KEEPALIVE and moves to OpenConfirm. If validation fails, it sends NOTIFICATION and drops back.
OpenConfirm. Both sides have exchanged OPEN messages. The router is waiting for a KEEPALIVE from the peer to confirm the session. One KEEPALIVE arrives, you move to Established.
Established. The session is up. UPDATE messages flow. The routing table is being exchanged. This is the only state where BGP is actually doing useful work.
Common failure patterns
Stuck in Idle → no neighbor configured, or admin shutdown
Stuck in Active → TCP cannot reach port 179 (ACL, no route, wrong IP)
Dies in OpenSent → ASN mismatch (NOTIFICATION code 2 subcode 2)
Dies in Established → Hold timer expired (NOTIFICATION code 4)Try it yourself
Open Lab 01: First Hello. Vancouver is stuck in Idle because the neighbor line is missing. Add it. Watch the FSM walk through all six states in front of you.