Friday, May 10, 2013

BGP capabilities


In this blog we will talk about the BGP capabilities. If you have ever noticed any bgp neighbors show outputs, you might have seen something of the following;


(show  ip bgp neighbor  cisco IOS )

    Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised and received
    Address family IPv4 Unicast: advertised and received
    Multisession Capability:  and received


Within a BGP speaker  start-up, their's a negotiation stage done at the bgp open request. A few things happens here.

  • Both peers will announce their AS
  • capabilities 
  • ( 4byte ASN support, route-refresh, multiprotocol support for any SAFI, graceful-restart, and any private use values )

Note: IANA maintains the common assigned capabilities codes and range for reserves and for-private-use


One thing to keep in mind, not all BGP speakers supports all well-known capabilities,  that  why we negotiate and announce what we support at the bgp open.

During this open message,  these capabilities will be sent and possible ack &  received via the peers. If a cisco router for example send & receives a capabilities, it will flag it as received & negotiated.

NOTE:  For any 4byte ASN enabled routers, they announce a  AS23456 to the peer since it does not know yet if the neighbor is 2byte ASN or 4byte ASN aware ( a classic chicken and egg scenario )


Let’s look at a  BGP_OPEN messages between a pair or routers;


      Type: OPEN Message (1)
        Version: 4
        My AS: 65002
        Hold time: 90
        BGP identifier: 192.0.1.1
        Optional parameters length: 16 bytes
        Optional parameters
            Capabilities Advertisement (8 bytes)
                Parameter type: Capabilities (2)
                Parameter length: 6 bytes
                Multiprotocol extensions capability (6 bytes)
                    Capability code: Multiprotocol extensions capability (1)
                    Capability length: 4 bytes
                    Capability value
                        Address family identifier: IPv4 (1)
                        Reserved: 1 byte
                        Subsequent address family identifier: Unicast (1)
            Capabilities Advertisement (4 bytes)
                Parameter type: Capabilities (2)
                Parameter length: 2 bytes
                Route refresh capability (2 bytes)
                    Capability code: Route refresh capability (128)
                    Capability length: 0 bytes
            Capabilities Advertisement (4 bytes)
                Parameter type: Capabilities (2)
                Parameter length: 2 bytes
                Route refresh capability (2 bytes)
                    Capability code: Route refresh capability (2)
                    Capability length: 0 bytes

 and

       Type: OPEN Message (1)
        Version: 4
        My AS: 65001
        Hold time: 90
        BGP identifier: 192.0.2.2
        Optional parameters length: 16 bytes
        Optional parameters
            Capabilities Advertisement (8 bytes)
                Parameter type: Capabilities (2)
                Parameter length: 6 bytes
                Multiprotocol extensions capability (6 bytes)
                    Capability code: Multiprotocol extensions capability (1)
                    Capability length: 4 bytes
                    Capability value
                        Address family identifier: IPv4 (1)
                        Reserved: 1 byte
                        Subsequent address family identifier: Unicast (1)
            Capabilities Advertisement (4 bytes)
                Parameter type: Capabilities (2)
                Parameter length: 2 bytes
                Route refresh capability (2 bytes)
                    Capability code: Route refresh capability (128)
                    Capability length: 0 bytes
            Capabilities Advertisement (4 bytes)
                Parameter type: Capabilities (2)
                Parameter length: 2 bytes
                Route refresh capability (2 bytes)
                    Capability code: Route refresh capability (2)
                    Capability length: 0 bytes

and here's a BGP_OPEN from a  BGPspeaker that supports 4byte ASNs ( notice the BOLD  sections )


Border Gateway Protocol - OPEN Message
    Marker: ffffffffffffffffffffffffffffffff
    Length: 61
    Type: OPEN Message (1)
    Version: 4
    My AS: 23456
    Hold Time: 180
    BGP Identifier: 192.XX.219.1 (192.XX.219.1)
    Optional Parameters Length: 32
    Optional Parameters
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 6
            Capability: Multiprotocol extensions capability
                Type: Multiprotocol extensions capability (1)
                Length: 4
                AFI: IPv4 (1)
                Reserved: 00
                SAFI: Unicast (1)
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 6
            Capability: Multiprotocol extensions capability
                Type: Multiprotocol extensions capability (1)
                Length: 4
                AFI: IPv6 (2)
                Reserved: 00
                SAFI: Unicast (1)
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 2
            Capability: Route refresh capability
                Type: Route refresh capability (128)
                Length: 0
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 2
            Capability: Route refresh capability
                Type: Route refresh capability (2)
                Length: 0
        Optional Parameter: Capability
            Parameter Type: Capability (2)
            Parameter Length: 6
            Capability: Support for 4-octet AS number capability
                Type: Support for 4-octet AS number capability (65)
                Length: 4
                AS Number: 65540



As you can see these these peers provided a few details between each other during the negotiation process. Sometimes ( rarely ) do we get into problems with the negotiation, and have to take direct action to ease the negotiation process along. 


Per the rfc5492 { http://tools.ietf.org/html/rfc5492 }

[START QUOTE]

   A BGP speaker that supports a particular capability may use this
   capability with its peer after the speaker determines (as described
   above) that the peer supports this capability.  Simply put, a given
   capability can be used on a peering if that capability has been
   advertised by both peers.  If either peer has not advertised it, the
   capability cannot be used.

   A BGP speaker determines that its peer doesn't support capabilities
   advertisement if, in response to an OPEN message that carries the
   Capabilities Optional Parameter, the speaker receives a NOTIFICATION
   message with the Error Subcode set to Unsupported Optional Parameter.
   (This is a consequence of the base BGP-4 specification [RFC4271] and
   not a new requirement.)  In this case, the speaker SHOULD attempt to
   re-establish a BGP connection with the peer without sending to the
   peer the Capabilities Optional Parameter. 
 
[END QUOTE] 

 I bold out some key issues above, that comes up with this process. And some times this feature and function does  not work. So if you have negotiation issues, you can use a "dont capability negotiation" for that peer.

(cisco configuration )

config t
   router bgp 65501
      neighbor  1.1.1.1 remote-as 65502
      neighbor  1.1.1.1 description "my problematic upstream that can;'t negotiate correctly"
      neighbor  1.1.1.1 dont-capability-negotiate 
end


Here's a show bgp neighbor output from OpenBGP for a bgp peer of mine running FreeBSD that peer's with an older cisco device.


# bgpctl show neighbor
BGP neighbor is 174.136.xxx.1, remote AS 25795
 Description: MyUPLINK
  BGP version 4, remote router-id 10.0.0.1
  BGP state = Established, up for 05w1d17h
  Last read 00:00:18, holdtime 90s, keepalive interval 30s
  Neighbor capabilities:
    Multiprotocol extensions: IPv4 unicast
    Route Refresh

  Message statistics:
                  Sent       Received 
  Opens                    3          3
  Notifications            2          0
  Updates                  4    1255318
  Keepalives          200198     157689
  Route Refresh            0          0
  Total               200207    1413010

  Update statistics:
                  Sent       Received 
  Updates                  8    2049608
  Withdraws                0     799229

  Local host:       174.136.xxx.2, Local port:  30780
  Remote host:      174.136.xxx.1, Remote port:   179


Most show commands will show you the capabilities negotiated between peers. So remember to  use the show commands or tshark/wireshark if you have BGP issues & trying  to get 2 peers to establish a session

Ken Felix
Freelance Network/Security Engineer
kfelix /at/  hyperfeed  /./ com

      ^   ^
=(  O  O ) =
        o
        ~

No comments:

Post a Comment