Tuesday, September 3, 2013

Knock Knock, BGP Open Again

To inspect BGP open-messages and the capabilities  you can debug the bgp open messages using cisco debug commands  <debug ip bgp >


R1#sh bgp sum                          
*Mar  1 00:10:13.839: %SYS-5-CONFIG_I: Configured from console by console
R1#clear ip bgp *      
R1#
*Mar  1 00:10:18.255: BGPNSF state: 2.2.2.2 went from nsf_not_active to nsf_not_active
*Mar  1 00:10:18.255: BGP: 2.2.2.2 went from OpenSent to Idle
*Mar  1 00:10:18.255: BGP: 2.2.2.2 closing
*Mar  1 00:10:18.255: BGP: 2.2.2.2 went from Idle to Active

*Mar  1 00:10:18.255: BGP: 2.2.2.2 open active delayed 26472ms (35000ms max, 28% jitter)
R1#
*Mar  1 00:10:44.727: BGP: 2.2.2.2 open active, local address 1.1.1.1
*Mar  1 00:10:44.739: BGP: 2.2.2.2 went from Active to OpenSent
*Mar  1 00:10:44.739: BGP: 2.2.2.2 sending OPEN, version 4, my as: 1, holdtime 180 seconds
*Mar  1 00:10:44.739: BGP: 2.2.2.2 send message type 1, length (incl. header) 45
*Mar  1 00:10:44.771: BGP: 2.2.2.2 rcv message type 1, length (excl. header) 26
*Mar  1 00:10:44.771: BGP: 2.2.2.2 rcv OPEN, version 4, holdtime 180 seconds
*Mar  1 00:10:44.771: BGP: 2.2.2.2 rcv OPEN w/ OPTION parameter len: 16
*Mar  1 00:10:44.771: BGP: 2.2.2.2 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
*Mar  1 00:10:44.771: BGP: 2.2.2.2 OPEN has CAPABILITY code: 1, length 4
*Mar  1 00:10:44.771: BGP: 2.2.2.2 OPEN has MP_EXT CAP for afi/safi: 1/1
*Mar  1 00:10:44.771: BGP: 2.2.2.2 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar  1 00:10:44.771: BGP: 2.2.2.2 OPEN has CAPABILITY code: 128, length 0
*Mar  1 00:10:44.771: BGP: 2.2.2.2 OPEN has ROUTE-REFRESH capability(old) for all address-families
*Mar  1 00:10:44.771: BGP: 2.2.2.2 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar  1 00:10:44.771: BGP: 2.2.2.2 OPEN has CAPABILITY code: 2, length 0
*Mar  1 00:10:44.775: BGP: 2.2.2.2 OPEN has ROUTE-REFRESH capability(new) for all address-families
BGP: 2.2.2.2 rcvd OPEN w/ remote AS 2
*Mar  1 00:10:44.775: BGP: 2.2.2.2 went from OpenSent to OpenConfirm
*Mar  1 00:10:44.775: BGP: 2.2.2.2 went from OpenConfirm to Established
*Mar  1 00:10:44.775: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up
R1#



Take heed of the above capabilities codes and compare that with IANA

http://www.iana.org/assignments/capability-codes/capability-codes.xhtml


NOTEs:


1: In a light used router, and with struggles upon establish bgp,  the debugs commands can be used with ease. if you have a ServiceProvider distribution router, your probably DO NOT want to use a debug bgp command due to the excessive traffic it will generate.

2: A packet capture and playback with  wireshark/tshark , will help you diagnose and analyze the BGP open-messages.



Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(  @   @ )=
          o
       /     \


No comments:

Post a Comment