Вы находитесь на странице: 1из 8

8/8/2016 BGP Messages | NetworkLessons.

com

Search...

Table of Contents
BGP

Unit 1: Introduction to BGP


Unit 2: BGP Neighbor Adjacency
BGP Neighbor Adjacency States

BGP Messages

Troubleshooting BGP Neighbor Adjacency

Troubleshooting BGP Route Advertisement

Unit 3: BGP Attributes


Unit 4: BGP Communities
Unit 5: BGP Filtering
Unit 6: Advanced BGP Features

You are here: Home » BGP

BGP Messages
11 votes

https://networklessons.com/bgp/bgp­messages/ 1/14
8/8/2016 BGP Messages | NetworkLessons.com

BGP uses a variety of messages for establishing the connection, exchanging routing information,
checking if the remote BGP neighbor is still there and/or notifying the remote side if any errors
occur.

To do all of this, BGP uses 4 messages:


Open Message
Update Message
Keepalive Message
Noti᪗쩉cation Message

All of these BGP messages use a ᪗쩉xed-size header, it includes a type ᪗쩉eld that indicates what type
of message it is.

To explain these BGP messages I will show you some Wireshark captures. I will use the following
topology for this:

Open Message
Once two BGP routers have completed a TCP 3-way handshake they will attempt to establish a
BGP session, this is done using open messages. In the open message you will ᪗쩉nd some
information about the BGP router, these have to be negotiated and accepted by both routers
before we can exchange any routing information. Here are some of the items you will ᪗쩉nd in the
open message:

Version: this includes the BGP version that the router is using. The current version of BGP is
version 4 which is described in RFC 4271. Two BGP routers will try to negotiate a compatible
version, when there is a mismatch then there will be no BGP session.
My AS: this includes the AS number of the BGP router, the routers will have to agree on the AS
number(s) and it also de᪗쩉nes if they will be running iBGP or eBGP.
https://networklessons.com/bgp/bgp­messages/ 2/14
8/8/2016 BGP Messages | NetworkLessons.com

Hold Time: if BGP doesn’t receive any keepalive or update messages from the other side for the
duration of the hold time then it will declare the other side ‘dead’ and it will tear down the BGP
session. By default the hold time is set to 180 seconds on Cisco IOS routers, the keepalive
message is sent every 60 seconds. Both routers have to agree on the hold time or there won’t

be a BGP session.
BGP Identi᪗쩉er: this is the local BGP router ID which is elected just like OSPF does:
Use the router-ID that was con᪗쩉gured manually with the bgp router-id command.
Use the highest IP address on a loopback interface.
Use the highest IP address on a physical interface.
Optional Parameters: here you will ᪗쩉nd some optional capabilities of the BGP router. This ᪗쩉eld
has been added so that new features could be added to BGP without having to create a new
version.Things you might ᪗쩉nd here are:
support for MP-BGP (Multi Protocol BGP).
support for Route Refresh.
support for 4-octet AS numbers.

Here’s an example of a wireshark capture of an open message between R1 and R2:

Above you can see the open message from R1 to R2. You can see the things that we discussed, the
BGP version, AS number, hold time, BGP ID and the optional parameters (MP-BGP and route
refresh). The marker ᪗쩉eld on top is used to indicate if we use MD5 authentication or not. When it’s
᪗쩉lled with 1’s then we are not using authentication.

Update Message
https://networklessons.com/bgp/bgp­messages/ 3/14
8/8/2016 BGP Messages | NetworkLessons.com

Update Message
Once two routers have become BGP neighbors, they can start exchanging routing information.
This is done with the update message. In the update message you will ᪗쩉nd information about the
pre᪗쩉xes that are advertised.In “BGP language” a pre᪗쩉x is referred to as NLRI (Network Layer

Reachability Information). Here are some of the things you will ᪗쩉nd in an update message:

Withdrawn Route Length: this ᪗쩉eld shows the length of the Withdrawn Routes ᪗쩉eld in bytes.
When it is set to 0, there are no routes withdrawn and the Withdrawn Routes ᪗쩉eld will not show
up.
Withdrawn Routes: this ᪗쩉eld shows all the pre᪗쩉xes that should be removed from the BGP table.
Total Path Attribute Length: here you will ᪗쩉nd the total length of the Path Attributes ᪗쩉eld.
Path Attributes: the BGP attributes for the pre᪗쩉x are stored here, for example: origin, as_path,
next_hop, med, local preference, etc. These path attributes are stored in TLV-format (Type,
Length, Value).

Each of the BGP attributes also has an attribute 㦥卒ag that tells the BGP router how to treat the
attribute. Here are the di阱erent bit 㦥卒ags:

Optional: when the attribute is well-known this bit is set to 0, when its optional it is set to 1.
Transitive: when an optional attribute is non-transitive this bit is set to 0, when it is transitive it
is set to 1.
Partial: when an optional attribute is complete this bit is set to 0, when it’s partial it is set to 1.
Extended Length: when the attribute length is 1 octet it is set to 0, for 2 octets it is set to 1. This
extended length 㦥卒ag may only be used if the length of the attribute value is greater than 255
octets.

Let’s take a look at an update message from R1:

R1(config)#router bgp 1 
R1(config‐router)#network 1.1.1.1 mask 255.255.255.255

Here’s the capture:

https://networklessons.com/bgp/bgp­messages/ 4/14
8/8/2016 BGP Messages | NetworkLessons.com

Above you can see a update message from R1. No routes are withdrawn and there are a couple of
BGP attributes. You can see the ORIGIN, AS_PATH and MULTI_EXIT_DISC (MED). I also highlighted
some of the 㦥卒ags. The AS_PATH attribute is transitive while MULTI_EXIT_DISC is optional. At the
bottom you can ᪗쩉nd the NLRI information with our pre᪗쩉x.

Let’s remove the network command for the loopback interface on R1 so that we can see a
withdrawn in the update message:

R1(config)#interface loopback 0 
R1(config‐if)#shutdown

Here’s the capture:

https://networklessons.com/bgp/bgp­messages/ 5/14
8/8/2016 BGP Messages | NetworkLessons.com

Here you can see the withdrawn routes length which is 5 bytes. In the Withdrawn Routes ᪗쩉eld we
see our 1.1.1.1 /32 pre᪗쩉x that should be removed.

Keepalive Message
When there are no routes to be advertised or withdrawn, there's not much our BGP neighbors
have to share with each other. To make sure the other side is "still there" we use these periodic
keepalive messages. By default, BGP sends 19 byte long keepalive messages every 60 seconds.
When a remote BGP neighbor misses three keepalives (3 x 60 = 180 seconds, the value of the hold
time) it will 㦥卒ush the routes from the BGP neighbor.

Here's a capture of a keepalive message:

The keepalive message is really simple, it's just a basic header with the length (19 bytes) and the
type.

Notification Message
The noti᪗쩉cation message is used when an error occurs which will result in termination of the BGP
neighbor adjacency. When something goes wrong, the noti᪗쩉cation message will be sent and the
session will be terminated.

The TCP session will be cleared, all entries from this BGP neighbor will be removed from the BGP
table and update messages with route withdrawals will be sent to other BGP neighbors.

https://networklessons.com/bgp/bgp­messages/ 6/14
8/8/2016 BGP Messages | NetworkLessons.com

There is a list with BGP error codes and each error code has a sub-type. Here are some examples:

Message header error


Open message error
Update message error

For each of those there is a subtype that explains the exact error. For example for the open
message here are some of the subtypes:

Unsupported version number


Bad peer AS
Bad BGP identi᪗쩉er
Unsupported optional parameter
Unacceptable hold time

The list with all error codes and their subtypes is quite large. If you want to see all of them, take a
look at this list from IANA.

Let me show you an example of a noti᪗쩉cation message, we'll do something that BGP doesn't like:

R2(config)#no router bgp 2 
R2(config)#router bgp 22 
R2(config‐router)#neighbor 192.168.12.1 remote‐as 1

By changing the AS number on one of the routers we will have a mismatch. Here's the wireshark
capture:

R1 is sending R2 a noti᪗쩉cation message with a major error "open message error" and the minor
error code (subtype) is bad peer AS.

https://networklessons.com/bgp/bgp­messages/ 7/14
8/8/2016 BGP Messages | NetworkLessons.com

Wireshark Capture eBGP Neighbor Adjacency

These are the messages that BGP uses, I hope this lesson has been useful to you...if you have any
questions, just leave a comment! 

Rate this Lesson:

« Previous Lesson
BGP Neighbor Adjacency States
Next Lesson
Troubleshooting BGP Neighbor
Adjacency
»
Home › Forums › BGP Messages

This topic contains 10 replies, has 5 voices, and was last updated by   Dhanunjai N 2 months, 3
weeks ago.

Viewing 10 posts - 1 through 10 (of 10 total)


Author
Posts  | Subscribe
May 29, 2015 at 20:56 #10634 Reply

Rati J
Member
Nice summary , thanks

June 14, 2015 at 01:46 #10635 Reply

https://networklessons.com/bgp/bgp­messages/ 8/14

Вам также может понравиться