1. Five interactive messages of BGP
The five types of BGP messages are: Open, Keepalive, Update, Notification, Route-Refresh
BGP packets belong to the application layer, so all BGP packets are encapsulated by TCP and rely on TCP channels for transmission.
[Below: You can see that BGP packets are encapsulated in TCP]
1. The function of each message
How to Determine the BGP Packet Type Based on the BGP Header? [Through the Type field in the BGP header]
-
TYPE value message type 1 OPEN 2 UPDATE 3 NOTIFICATION 4 KEEPALIVE 5 REFRESH
1-Open : It is used to negotiate parameters and establish neighbors. After the TCP three-way handshake is established normally, the Open message will be sent.
2-Update : Used to update the routing information.
3-Notification : Report error information, used to disconnect the neighbor relationship.
4-Keepalive : sent periodically, used to maintain BGP neighbor relationship, the Keepalive message format only contains the message header, without any other fields.
5-Route-Refresh : Route refresh message, let the other party take the initiative to send me the latest routing information I need.
2. Important fields inside the message
For more specific field introductions, you can view the packet format encyclopedia by yourself: Network Protocol Message Format Encyclopedia v1.0.chm
Open:
- My AS, local AS number
- BGP Identifier, BGP identifier (Router-id of this device)
Update:
-
Withdrawn Routes, withdrawn routes.
1. If the value is 0, it means that the Update message is used to transmit BGP routes.
2. If the value is 4, it means to withdraw a BGP route:
(WRL=4 means that the 4-byte route is revoked, because the IP address is 32bit=4 bytes, so it means that a route is revoked)
-
Network Layer Reachability Information (NLRI) Network Layer Reachability Information, records BGP routing.
1. When WRL=0, the information in this field indicates the added routing entry information.
2. If there is an NLRI, there will be a route attribute field , which describes the route attribute of the corresponding route.
-
Path attributes Path attributes
Notification:
- Error Code, error error code, defines the type of error , and the non-specific error type is represented by zero.
- Data, detailed error information, specifies the error detail number , and the non-specific error detail number is represented by zero.
Keepalive:
- Only the BGP header, its Type field is set to 4.
Route-Refresh:
- AFI, address family identifier, identifies the route type to be transmitted, the default is IPv4, and IPv6, VPNv4, etc. can also be set.
- SAFI, sub-address family identifier, for NLRI network layer reachability information is divided into unicast NLRI (SAFI 1) and multicast NLRI (SAFI 2), the default is unicast.
2. Six state machines of BGP
The six state machines of BGP are:
Idle、Connect、Active、OpenSent、OpenConfirm、Established
1. Introduction of each state machine
Idle:
- After BGP is enabled, it starts to prepare for establishing a TCP connection.
- After receiving Error events such as Notification packets or TCP link disconnection notifications in any state, BGP will transfer to the Idle state.
Connect
-
After sending the TCP Syn message, BGP starts the connection retransmission timer (Connect Retry) and waits for the TCP to complete the connection.
(Connect Retry resets the connection timer, default 32S)
-
If the TCP connection is successful, BGP sends an Open message to the peer and goes to the OpenSent state.
-
If the TCP connection fails, then BGP goes to the Active state.
-
If the connection retransmission timer expires and BGP still does not receive a response from the BGP peer, BGP will continue to try to establish a TCP connection and stay in the Connect state.
1. That is, if the neighbor has not received a reply TCP message after 32 seconds, it will keep sending TCN SYN messages repeatedly, and the status will always be Connected.
2. Unless it receives TCP connection failure or other error messages, it will stay in this state and try to connect to TCP.
3. In this state, it can be determined that the neighbor has not configured BGP or the intermediate device has intercepted BGP packets.
Active
-
From Connect to this state, BGP continues to try to establish a TCP connection:
1. If the TCP connection is successful, BGP sends an Open message to the peer, closes the connection retransmission timer, and turns to the OpenSent state.
2. If the TCP connection fails, BGP will stay in the Active state and continue to initiate a TCP connection until the retransmission timer expires and returns to the Connect state.
Important: The retransmission timer will not be reset when it changes from the Connect state to the Active state and will keep counting down.
OpenSent
-
After the TCP connection is successfully established, it starts sending Open packets and waits for the peer to reply with Open packets.
1. If the received Open message is correct, BGP sends a Keepalive message and turns to the OpenConfirm state.
2. If an error is found in the received Open message, BGP sends a Notification message to the peer, and turns to the Idle state.
OpenConfirm
-
At this point, the Keepalive message has been sent and is waiting for the other party to reply.
1. If a Keepalive message is received, it will go to the Established state; if a Notification message is received, it will go to the Idle state.
Established
-
After the peer-to-peer relationship is established, the two parties start to exchange Update messages to exchange their respective routing information.
-
In order to maintain the Established state, keepalive packets need to be sent regularly.
(The default sending interval of Keepalive messages is 60s and the timeout period is 180s)
-
In addition to maintaining the Established state through the Keepalive message, it is also monitored through other messages such as Update:
1. If a correct Update or Keepalive message is received, BGP considers the peer end to be in normal operation and will maintain the BGP connection.
2. If an incorrect Update or Keepalive message is received, BGP sends a Notification message to notify the peer, and turns to the Idle state.
3. If the Notification message is received, BGP goes to the Idle state.
4. If a TCP disconnection notification is received, BGP will also disconnect and go to the Idle state.
2. Summarize the messages interacted between each state
(1) Interactive TCP packets
-
Idle
-
Connect
-
Active
(2) Interactive Open message
- OpenSent
(3) Interactive Keepalive message
- OpenConfirm
(4) Interactive Update, Keepalive
- Established
3. The association between each state machine
(1) Start from the Idle state on the left, send a TCP SYN request to establish a message, and then enter the Connect state. If the TCP failed establishment fails, it will enter Active and continue to establish TCP, until the retransmission timer expires and then return to the Connect state to continue repeating process.
(2) After the TCP three-way handshake, TCP Established successfully enters the Opensent state and sends an Open message.
(3) After receiving the correct Open message, it enters the OpenConfirm state and sends a Keepalive message.
(4) After receiving the normal Keepalive message, it enters the Established state and starts to exchange Update messages to learn routing entries from each other
In each state machine, if an Error occurs, it will return to the Idle state directly after receiving the Notification message.
3. BGP peer relationship establishment process
1. Treat object establishment process
2. Routing interaction process
3. Packet capture during BGP neighbor establishment
The Wireshark capture covers the BGP establishment process (TCP interaction, Open interaction, Keepalive interaction, Update interaction [including Update update and withdrawal]), route update (Route-Refresh), error report (Notification)
Wireshark packet capture information, download to view more content: BGP establishment process capture packet (wireshark version Version 3.6.6)
For more related notes, watch CSDN: HCIA~HCIE personal notes