Here's a UPDATE message, notice how big, and how much information is within the message?
Border Gateway Protocol
UPDATE Message
Marker: 16 bytes
Length: 70 bytes
Type: UPDATE Message (2)
Unfeasible routes length: 0 bytes
Total path attribute length: 43 bytes
Path attributes
ORIGIN: EGP (4 bytes)
Flags: 0x40 (Well-known, Transitive, Complete)
0... .... = Well-known
.1.. .... = Transitive
..0. .... = Complete
...0 .... = Regular length
Type code: ORIGIN (1)
Length: 1 byte
Origin: EGP (1)
AS_PATH: 29816 16967 7018 2914 9318 38402 (17 bytes)
Flags: 0x40 (Well-known, Transitive, Complete)
0... .... = Well-known
.1.. .... = Transitive
..0. .... = Complete
...0 .... = Regular length
Type code: AS_PATH (2)
Length: 14 bytes
AS path: 29816 16967 7018 2914 9318 38402
AS path segment: 29816 16967 7018 2914 9318 38402
Path segment type: AS_SEQUENCE (2)
Path segment length: 6 ASs
Path segment value: 29816 16967 7018 2914 9318 38402
NEXT_HOP: 144.223.130.2 (7 bytes)
Flags: 0x40 (Well-known, Transitive, Complete)
0... .... = Well-known
.1.. .... = Transitive
..0. .... = Complete
...0 .... = Regular length
Type code: NEXT_HOP (3)
Length: 4 bytes
Next hop: 144.223.130.2 (144.223.130.2)
COMMUNITIES: 16967:666 16967:1001 16967:7018 (15 bytes)
Flags: 0xc0 (Optional, Transitive, Complete)
1... .... = Optional
.1.. .... = Transitive
..0. .... = Complete
...0 .... = Regular length
Type code: COMMUNITIES (8)
Length: 12 bytes
Communities: 16967:666 16967:1001 16967:7018
Community: 16967:666
Community AS: 16967
Community value: 666
Community: 16967:1001
Community AS: 16967
Community value: 1001
Community: 16967:7018
Community AS: 16967
Community value: 7018
Network layer reachability information: 4 bytes
1.238.7.0/24
NLRI prefix length: 24
NLRI prefix: 1.238.7.0 (1.238.7.0)
Also the common well known bgp attributes are present, ORIGIN, COMMUNITIES,AS_PATH, NLRI information.
Here's a route -withdrawn message;
Border Gateway Protocol
UPDATE Message
Marker: 16 bytes
Length: 27 bytes
Type: UPDATE Message (2)
Unfeasible routes length: 4 bytes
Withdrawn routes:
2.93.232.0/24
Withdrawn route prefix length: 24
Withdrawn prefix: 2.93.232.0 (2.93.232.0)
Total path attribute length: 0 bytes
and a KeepAlive;
Border Gateway Protocol
KEEPALIVE Message
Marker: 16 bytes
Length: 19 bytes
Type: KEEPALIVE Message (4)
Notice how simple sweet this last 2 message type are ? ( not too much involved in a KA )
Typically a full internet view, will generate a lot of BGP message handling. Every message will generate a increment within the bgp table revision and a bgp speaker could stay busy with handling path changes and updates.
Due to the above, we need to select higher CPU routers models and with globs of memory in order to managed the bgp-table.
For example, the BGP table is way over 400K prefixes, as seen by this Hurricane Electric route-server;
( output trunacated )
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
216.218.252.147 4 6939 202075 729 0 0 0 12:13:18 440036
216.218.252.148 4 6939 0 0 0 0 0 never Active
216.218.252.150 4 6939 181951 731 0 0 0 12:15:37 439869
216.218.252.151 4 6939 183015 1158 0 0 0 11:50:31 443386
216.218.252.153 4 6939 202289 727 0 0 0 12:09:02 440032
216.218.252.154 4 6939 239474 729 0 0 0 12:13:05 440039
216.218.252.155 4 6939 0 0 0 0 0 never Active
216.218.252.156 4 6939 207788 731 0 0 0 12:15:37 440034
216.218.252.157 4 6939 182187 883 0 0 0 12:01:02 439953
216.218.252.158 4 6939 0 0 0 0 0 never Active
216.218.252.159 4 6939 194688 832 0 0 0 11:56:47 440032
vrs the ipv6 table is way under 20K;
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:470:0:d::1 4 6939 29017 1272 0 0 0 11:46:48 11915
2001:470:0:e::1 4 6939 25214 732 0 0 0 12:16:39 11915
2001:470:0:12::1
4 6939 0 0 0 0 0 never Active
2001:470:0:13::1
4 6939 26106 732 0 0 0 12:16:37 11915
2001:470:0:16::1
4 6939 24880 728 0 0 0 12:10:03 11915
2001:470:0:17::1
4 6939 24497 1081 0 0 0 12:05:38 11915
2001:470:0:19::1
4 6939 26330 730 0 0 0 12:14:29 11915
2001:470:0:1a::1
4 6939 24978 729 0 0 0 12:13:30 11915
2001:470:0:1b::1
Bgp support the following message types;
- Open= means just that's, we open a connection, here we pass the router peer info, and capabilities
- Update= update ( path change,communities,nexthop,etc....)
- Notification = Only seen if errors or some other events termination event
- Route-Refresh = Typically only see when we reconfig a policy and during any soft resets
- KeepAlive = Helps ensure the Neighbor are Alive ( cisco defaults to 60sec most of the time )
Ken Felix
Freelance Network/Security Engineer
kfelix hyperfeed com
No comments:
Post a Comment