BGP Messages.

BGP peers exchange the following messages, among which Keepalive messages are periodically sent and other messages are triggered by events.

• Open message
• Update message
• Notification message
• Keepalive message
• Route-refresh message

Let’s consider the below topology and see this in action:

Open Message:

• BGP protocol is based on TCP. Once the TCP 3-way handshake is completed, they will attempt to establish a session. This will be done with the help of Open messages.
• BGP will negotiate with its neighbor to form in Open message to form a neighbor-ship
• Negotiation will occur based on AS number, neighbor IP, router ID, BGP version, Hold-down timer,..

R1 BGP Configuration:

R1(config)#router bgp 1
R1(config-router)#neighbor 192.168.12.2 remote-as 2
R1(config-router)#        

R2 BGP Configuration:

R2(config)#router bgp 2
R2(config-router)#neighbor 192.168.12.1 remote-as 1
R2(config-router)#        

As per above configuration I have configured the neighbor in both the routers. Now, once the negotiation is completed, they will form neighbor-ship. Below is the snap of Wireshark Open message from R1 to R2.

• Open messages type is 1.
• BGP version is 4
• Hold down timer (Default) = 180
• BGP identifier (BGP Router ID) = 1.1.1.1

• Version?– specifies the version (2, 3 or 4), default being version 4.
• Autonomous System?– provides AS number of the sender. It determines whether the BGP session is EBGP or IBPG (if the AS number are the same )
• Hold-Time?– indicates the maximum number of seconds that can elapse without receipt of message before transmitter is assumed to be nonfunctional. The default hold time is 180 sec. If the neighbors hold time differ, the lower of the two times become the accepted hold time.
• BGP Identifier?– Provides the BGP identifier of the sender (an IP address). IOS determines identifier in exactly the same way as OSPF router ID. The highest loopback interface address is used, if there is no loopback the numerically highest IP address on a physical interface is selected.
• Optional Parameters Length?– indicates the length or absence (with a zero value) of the optional parameters filed
• Optional Parameters?– contains a list of optional parameters as authentication, multiprotocol support and route refresh. It includes support for MP-BGP.

Update message:

• Once the router become neighbors, they can start exchanging routes. This is done with the update message.
• The prefix that are advertised/removed will be updated in the Update message.
• In BGP, prefix that are advertised is referred in the NLRI (Network Layer Reachability Information) and the prefix that are removed will be shown as Withdrawn routes.
• Now, I am going to advertise the 1.1.1.1/32 in R1 router.
• R1(config-router)#network 1.1.1.1 mask 255.255.255.255

You can see from the above screenshot,

• BGP message type is 2 (Update message)
• NLRI information is added with the prefix 1.1.1.1/32
• Withdrawn routes length is 0, because no routes are removed.

Now, going to shut the loopback 0 interface in R1.

R1(config)#interface loopback 0
R1(config-if)#sh
R1(config-if)#shutdown
R1(config-if)#        

After shutting the interface, update message was sent mentioning 1.1.1.1/32 route was withdrawn. Wireshark screenshot is as below

From the above screenshot,

• BGP message type is 2 (Update message)
• Withdrawn routes length is set as 5
• loopback 0 interface (1.1.1.1/32) was added in the withdrawn routes.

• Unfeasible Routes Length?– Indicates the total length of the withdrawn routes field or that the field is not present.
• Withdrawn Routes?— Contains a list of IP address prefixes for routes being withdrawn from. These are (Length, Prefix) tuples describing destinations that have become unreachable and are being withdrawn from service.
• Total Path Attribute Length?— Indicates the total length of the path attributes field or that the field is not present.
• Path Attributes?— Describes the characteristics of the advertised path. The following are possible attributes for a path.
• Origin: Mandatory attribute that defines the origin of the path information
• AS Path: Mandatory attribute composed of a sequence of autonomous system path segments
• Next Hop:?Mandatory attribute that defines the IP address of the border router that should be used as the next hop to destinations listed in the network layer reachability information field
• Multi Exit Disc:?Optional attribute used to discriminate between multiple exit points to a neighboring autonomous system
• Local Pref: Discretionary attribute used to specify the degree of preference for an advertised route
• Atomic Aggregate: Discretionary attribute used to disclose information about route selections
• Aggregator: Optional attribute that contains information about aggregate routes
• Network Layer Reachability Information (NLRI)?— Contains a list of IP address prefixes for the advertised routes.

Notification Message:

• When the BGP peer is down , it will be notified with the possible reason.
• Now, I am going to remove the AS_2 from R2 router and create a new AS as AS_22 in R2. Lets see what happens,

R2(config)#no router bgp 2
R2(config)#
R2(config)#router bgp 22
R2(config-router)#bgp log-neighbor-changes
R2(config-router)# network 2.2.2.2 mask 255.255.255.255
R2(config-router)# neighbor 192.168.12.1 remote-as 1
R2(config-router)#        

Now, we can see that the notification message will be sent.

From the above screenshot,

• BGP message type is 3 (Notification message)
• Major error code: Open message Error (2)
• Minor error code: Open message — Bad Peer AS (2) [ As the issue is due to AS number mismatch, AS number negotiation will be handled by Open message]
• Bad Peer AS: 22 [ Bad AS error occurred by the AS number 22]

• Error Code?— indicates the type of error that occurred. The following are the error types defined by the field:

• Message Header Error: Indicates a problem with a message header, such as unacceptable message length, unacceptable marker field value, or unacceptable message type.
• Open Message Error: Indicates a problem with an open message, such as unsupported version number, unacceptable autonomous system number or IP address, or unsupported authentication code.
• Update Message Error: Indicates a problem with an update message, such as a malformed attribute list, attribute list error, or invalid next-hop attribute.
• Hold Time Expired: Indicates that the hold-time has expired, after which time a BGP node will be considered nonfunctional.
• Finite State Machine Error: Indicates an unexpected event.
• Cease: Closes a BGP connection at the request of a BGP device in the absence of any fatal errors.

Keepalive Message:

• Keepalive message will be sent for every 60 seconds to check whether the peer is still alive or not.
• 3 keepalive message will be sent (3 * 60) = 180 seconds. If no response received after 3 keepalive message, peer will be inactive.
• From the below screenshot, BGP message type is 4 (Keepalive message)

Route-Refresh Messages

BGP systems send route-refresh messages to a peer only if they have received the route refresh capability advertisement from the peer. A BGP system must advertise the route refresh capability to its peers using BGP capabilities advertisement if it wants to receive route-refresh messages. This optional message is sent to request dynamic, inbound, BGP route updates from BGP peers or to send outbound route updates to a BGP peer.

Route-refresh messages consist of the following fields:

• AFI—Address Family Identifier (16-bit).
• Res—Reserved (8-bit) field, which must be set to 0 by the sender and ignored by the receiver.
• SAFI—Subsequent Address Family Identifier (8-bit).

If a peer without the route-refresh capability receives a route-refresh request message from a remote peer, the receiver ignores the message.

Sources

https://ipwithease.com/bgp-message-types/

https://medium.com/@gowthamraj.pgr/bgp-mes-41b2b8fac6b9

https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-overview.html