In this blog we will talk about the BGP capabilities. If you
have ever noticed any bgp neighbors show outputs, you might have seen something of the
following;
(show ip bgp
neighbor cisco IOS )
Neighbor capabilities:
Route refresh: advertised and received(new)
Four-octets ASN Capability:
advertised and received
Address family IPv4 Unicast: advertised and received
Multisession Capability: and
received
Within a BGP speaker start-up, their's a negotiation stage done at the
bgp open request. A few things happens here.
- Both peers will announce their AS
- capabilities
- ( 4byte ASN support, route-refresh, multiprotocol support for any SAFI, graceful-restart, and any private use values )
Note: IANA maintains
the common assigned capabilities codes and range for reserves and
for-private-use
One thing to keep in mind, not all BGP speakers supports all
well-known capabilities, that why we
negotiate and announce what we support at the bgp open.
During this open message,
these capabilities will be sent and possible ack & received via the peers. If
a cisco router for example send & receives a capabilities, it will flag it as
received & negotiated.
NOTE: For any 4byte ASN enabled routers, they announce a AS23456 to the peer since it does not know
yet if the neighbor is 2byte ASN or 4byte ASN aware ( a classic chicken and egg scenario )
Let’s look at a BGP_OPEN messages between a pair or
routers;
Type: OPEN Message (1)
Version: 4
My AS: 65002
Hold time: 90
BGP identifier: 192.0.1.1
Optional parameters length: 16 bytes
Optional parameters
Capabilities Advertisement (8 bytes)
Parameter type: Capabilities (2)
Parameter length: 6 bytes
Multiprotocol extensions capability (6 bytes)
Capability code: Multiprotocol extensions capability (1)
Capability length: 4 bytes
Capability value
Address family identifier: IPv4 (1)
Reserved: 1 byte
Subsequent address family identifier: Unicast (1)
Capabilities Advertisement (4 bytes)
Parameter type: Capabilities (2)
Parameter length: 2 bytes
Route refresh capability (2 bytes)
Capability code: Route refresh capability (128)
Capability length: 0 bytes
Capabilities Advertisement (4 bytes)
Parameter type: Capabilities (2)
Parameter length: 2 bytes
Route refresh capability (2 bytes)
Capability code: Route refresh capability (2)
Capability length: 0 bytes
Version: 4
My AS: 65002
Hold time: 90
BGP identifier: 192.0.1.1
Optional parameters length: 16 bytes
Optional parameters
Capabilities Advertisement (8 bytes)
Parameter type: Capabilities (2)
Parameter length: 6 bytes
Multiprotocol extensions capability (6 bytes)
Capability code: Multiprotocol extensions capability (1)
Capability length: 4 bytes
Capability value
Address family identifier: IPv4 (1)
Reserved: 1 byte
Subsequent address family identifier: Unicast (1)
Capabilities Advertisement (4 bytes)
Parameter type: Capabilities (2)
Parameter length: 2 bytes
Route refresh capability (2 bytes)
Capability code: Route refresh capability (128)
Capability length: 0 bytes
Capabilities Advertisement (4 bytes)
Parameter type: Capabilities (2)
Parameter length: 2 bytes
Route refresh capability (2 bytes)
Capability code: Route refresh capability (2)
Capability length: 0 bytes
and
Type: OPEN Message (1)
Version: 4
My AS: 65001
Hold time: 90
BGP identifier: 192.0.2.2
Optional parameters length: 16 bytes
Optional parameters
Capabilities Advertisement (8 bytes)
Parameter type: Capabilities (2)
Parameter length: 6 bytes
Multiprotocol extensions capability (6 bytes)
Capability code: Multiprotocol extensions capability (1)
Capability length: 4 bytes
Capability value
Address family identifier: IPv4 (1)
Reserved: 1 byte
Subsequent address family identifier: Unicast (1)
Capabilities Advertisement (4 bytes)
Parameter type: Capabilities (2)
Parameter length: 2 bytes
Route refresh capability (2 bytes)
Capability code: Route refresh capability (128)
Capability length: 0 bytes
Capabilities Advertisement (4 bytes)
Parameter type: Capabilities (2)
Parameter length: 2 bytes
Route refresh capability (2 bytes)
Capability code: Route refresh capability (2)
Capability length: 0 bytes
Version: 4
My AS: 65001
Hold time: 90
BGP identifier: 192.0.2.2
Optional parameters length: 16 bytes
Optional parameters
Capabilities Advertisement (8 bytes)
Parameter type: Capabilities (2)
Parameter length: 6 bytes
Multiprotocol extensions capability (6 bytes)
Capability code: Multiprotocol extensions capability (1)
Capability length: 4 bytes
Capability value
Address family identifier: IPv4 (1)
Reserved: 1 byte
Subsequent address family identifier: Unicast (1)
Capabilities Advertisement (4 bytes)
Parameter type: Capabilities (2)
Parameter length: 2 bytes
Route refresh capability (2 bytes)
Capability code: Route refresh capability (128)
Capability length: 0 bytes
Capabilities Advertisement (4 bytes)
Parameter type: Capabilities (2)
Parameter length: 2 bytes
Route refresh capability (2 bytes)
Capability code: Route refresh capability (2)
Capability length: 0 bytes
and here's a BGP_OPEN from a BGPspeaker that supports 4byte ASNs ( notice the BOLD sections )
Border Gateway Protocol - OPEN Message
Marker: ffffffffffffffffffffffffffffffff
Length: 61
Type: OPEN Message (1)
Version: 4
My AS: 23456
Hold Time: 180
BGP Identifier: 192.XX.219.1 (192.XX.219.1)
Optional Parameters Length: 32
Optional Parameters
Optional Parameter: Capability
Parameter Type: Capability (2)
Parameter Length: 6
Capability: Multiprotocol extensions capability
Type: Multiprotocol extensions capability (1)
Length: 4
AFI: IPv4 (1)
Reserved: 00
SAFI: Unicast (1)
Optional Parameter: Capability
Parameter Type: Capability (2)
Parameter Length: 6
Capability: Multiprotocol extensions capability
Type: Multiprotocol extensions capability (1)
Length: 4
AFI: IPv6 (2)
Reserved: 00
SAFI: Unicast (1)
Optional Parameter: Capability
Parameter Type: Capability (2)
Parameter Length: 2
Capability: Route refresh capability
Type: Route refresh capability (128)
Length: 0
Optional Parameter: Capability
Parameter Type: Capability (2)
Parameter Length: 2
Capability: Route refresh capability
Type: Route refresh capability (2)
Length: 0
Optional Parameter: Capability
Parameter Type: Capability (2)
Parameter Length: 6
Capability: Support for 4-octet AS number capability
Type: Support for 4-octet AS number capability (65)
Length: 4
AS Number: 65540
As you can see these these peers provided a few details between
each other during the negotiation process. Sometimes ( rarely ) do we get into problems with the negotiation, and have to take direct action to ease the negotiation process along.
Per the rfc5492 { http://tools.ietf.org/html/rfc5492 }
[START QUOTE]
A BGP speaker that supports a particular capability may use this capability with its peer after the speaker determines (as described above) that the peer supports this capability. Simply put, a given capability can be used on a peering if that capability has been advertised by both peers. If either peer has not advertised it, the capability cannot be used. A BGP speaker determines that its peer doesn't support capabilities advertisement if, in response to an OPEN message that carries the Capabilities Optional Parameter, the speaker receives a NOTIFICATION message with the Error Subcode set to Unsupported Optional Parameter. (This is a consequence of the base BGP-4 specification [RFC4271] and not a new requirement.) In this case, the speaker SHOULD attempt to re-establish a BGP connection with the peer without sending to the peer the Capabilities Optional Parameter.
[END QUOTE]
I bold out some key issues above, that comes up with this process. And some times this feature and function does not work. So if you have negotiation issues, you can use a "dont capability negotiation" for that peer.
(cisco configuration )
config t
router bgp 65501
neighbor 1.1.1.1 remote-as 65502
neighbor 1.1.1.1 description "my problematic upstream that can;'t negotiate correctly"
neighbor 1.1.1.1 dont-capability-negotiate
end
Here's a show bgp neighbor output from OpenBGP for a bgp peer of mine running FreeBSD that peer's with an older cisco device.
# bgpctl show neighbor
BGP neighbor is 174.136.xxx.1, remote AS 25795
Description: MyUPLINK
BGP version 4, remote router-id 10.0.0.1
BGP state = Established, up for 05w1d17h
Last read 00:00:18, holdtime 90s, keepalive interval 30s
Neighbor capabilities:
Multiprotocol extensions: IPv4 unicast
Route Refresh
Message statistics:
Sent Received
Opens 3 3
Notifications 2 0
Updates 4 1255318
Keepalives 200198 157689
Route Refresh 0 0
Total 200207 1413010
Update statistics:
Sent Received
Updates 8 2049608
Withdraws 0 799229
Local host: 174.136.xxx.2, Local port: 30780
Remote host: 174.136.xxx.1, Remote port: 179
Most show commands will show you the capabilities negotiated between peers. So remember to use the show commands or tshark/wireshark if you have BGP issues & trying to get 2 peers to establish a session
Ken Felix
Freelance Network/Security Engineer
kfelix /at/ hyperfeed /./ com
^ ^
=( O O ) =
o
~
No comments:
Post a Comment