BGP建立邻居采用有限状态机,共有6种状态。BGP的运行流程就是在这6种状态之间根据资源和事件的要求作转换。它们分别是:
1.Idle
BGP协议初始时是处于Idle状态。在这个状态时,系统不分配任何资源,也拒绝所有进入的BGP连接。只有收到Start Event时,才分配BGP资源,启动ConnectRetry计时器,启动对其它BGP对等体的传输层连接,同时也侦听是否有来自其它对等体的连接请求。
2.Connect
这个状态下,BGP等待TCP完成连接。若连接成功,本地清空ConnectRetry计时器,并向对等体发送OPEN报文,然后状态改变为OpenSent状态;否则,本地重置ConnectRetry计时器,侦听是否有对等体启动连接,并移至Active状态。
3.Active
这个状态下, BGP初始化TCP连接来获得一个对等体。如果连接成功,本地清空ConnectRetry计时器,并向对等体发送OPEN报文,并转至OpenSent状态。
4.OpenSent
这个状态下,BGP等待对等体的OPEN报文。收到报文后对报文进行检查,如果发现错误,本地发送NOTIFICATION报文给对等体,并改变状态为IDLE。如果报文正确,BGP发送KEEPALIVE报文,并转至OpenConfirm状态。
5.OpenConfirm
这个状态下,BGP等待KEEPALIVE或NOTIFICATION报文。如果收到KEEPALIVE报文,则进入Established状态,如果收到NOTIFICATION报文,则变为Idle状态。
6.Established
这个状态下, BGP可以和其他对等体交换UPDATE,NOTIFICATION,KEEPALIVE报文。如果收到了正确的UPDATE或KEEPALIVE报文,就认为对端处于正常运行状态,本地重置HoldTimer。如果收到NOTIFICATION报文,本地转到Idle状态。如果收到错误的UPDATE报文,本地发送NOTIFICATION报文通知对端,并改变本地状态为Idle。如果收到了TCP拆链通知,本地关闭BGP连接,并回到Idle状态。
上面的说法基本上和RFC描述的很类似,总是看明白还是比较困难的。我们结合路由器的Debug输出来看看BGP邻居状态。
R1和R2通过接口相连,地址分别为192.168.12.1和192.168.12.2。R1在AS100同时R2在AS200内。
R1上先配置到达R2的邻居,R2此时开启BGP但并未配置邻居关系。
以下是R1上的输出,注意,这时R2上什么也看不到。
R1#
*Mar
1 00:04:10.087: BGP: 192.168.12.2 went from Idle to Active
*Mar
1 00:04:10.095: BGP: 192.168.12.2 open active delayed 31102ms (35000ms max, 28% jitter)
R1#
*Mar
1 00:04:41.199: BGP: 192.168.12.2 open active, local address 192.168.12.1
*Mar
1 00:04:41.307: BGP: 192.168.12.2 open failed: Connection refused by remote host, open active delayed 26850ms (35000ms max, 28% jitter)
R1#
*Mar
1 00:05:08.159: BGP: 192.168.12.2 open active, local address 192.168.12.1
*Mar
1 00:05:08.215: BGP: 192.168.12.2 open failed: Connection refused by remote host, open active delayed 27235ms (35000ms max, 28% jitter)
R1#
*Mar
1 00:05:35.451: BGP: 192.168.12.2 open active, local address 192.168.12.1
*Mar
1 00:05:35.543: BGP: 192.168.12.2 open failed: Connection refused by remote host, open active delayed 31343ms (35000ms max, 28% jitter)
R1#
*Mar
1 00:06:06.887: BGP: 192.168.12.2 open active, local address 192.168.12.1
*Mar
1 00:06:06.963: BGP: 192.168.12.2 open failed: Connection refused by remote host, open active delayed 28854ms (35000ms max, 28% jitter)
复制代码
这里要注意的是当R1向R2发起TCP连接时,状态由Idle变为Active, 但是马上会收到来自对方的RST报文,Debug中可以显示出为Connection refused by remote host。抓包显示为:
由于对方无法验证本段地址,所以发送RST报文。
这里要证明的是Active状态强调的是主动发起三次握手端的状态,和状态机描述有些不太一样,状态机说必须要经过Connect才能到达Active,不知是CISCO可以的跳过了这个环节还是Debug信息中没有提及。
那么Connect又是个什么状态呢?
这里R1已发起到达对端的TCP握手连接,对端无法验证地址所以直接RST,那么后续如果对端也成功的配置了BGP邻居呢?
R2(config-router)#nei 192.168.12.1 remote 100
*Mar
1 00:11:30.171: BGP: 192.168.12.1 passive open to 192.168.12.2
*Mar
1 00:11:30.175: BGP: 192.168.12.1 went from Idle to Connect
*Mar
1 00:11:30.207: BGP: 192.168.12.1 rcv message type 1, length (excl. header) 26
*Mar
1 00:11:30.207: BGP: 192.168.12.1 rcv OPEN, version 4, holdtime 180 seconds
*Mar
1 00:11:30.211: BGP: 192.168.12.1 went from Connect to OpenSent
复制代码
R1#
*Mar
1 00:11:30.323: BGP: 192.168.12.2 open active, local address 192.168.12.1
*Mar
1 00:11:30.395: BGP: 192.168.12.2 went from Active to OpenSent
*Mar
1 00:11:30.395: BGP: 192.168.12.2 sending OPEN, version 4, my as: 100, holdtime 180 seconds
复制代码
这里,由于R1事先发起SYN连接,那么R2会被动接收连接。注意,有的书上写的是会建立两次连接(R1-R2,R2-R1。由于是双向Neighbor)然后放弃一个,这里我们可以看到仅仅只有一次连接,保留的是先发起端的连接。
可以看看抓包输出:
那么此时被动接收连接的一端会由Idle变为Connect,继而由Connect变为Opensent。
上述描述和RFC里面写的有点出入,不过RFC关于邻居这一块讲的也太多了点,小马没心情看完了。细说到BGP邻居关系的建立,RFC里讲的状态更加的多。具体可以参考:BGP学习篇-RFC索引
后续的Opensent到Openconfirm可以继续查看Debug输出:
R1#
*Mar
1 00:11:30.323: BGP: 192.168.12.2 open active, local address 192.168.12.1
*Mar
1 00:11:30.395: BGP: 192.168.12.2 went from Active to OpenSent
*Mar
1 00:11:30.395: BGP: 192.168.12.2 sending OPEN, version 4, my as: 100, holdtime 180 seconds
*Mar
1 00:11:30.403: BGP: 192.168.12.2 send message type 1, length (incl. header) 45
*Mar
1 00:11:30.503: BGP: 192.168.12.2 rcv message type 1, length (excl. header) 26
*Mar
1 00:11:30.507: BGP: 192.168.12.2 rcv OPEN, version 4, holdtime 180 seconds
*Mar
1 00:11:30.507: BGP: 192.168.12.2 rcv OPEN w/ OPTION parameter len: 16
*Mar
1 00:11:30.507: BGP: 192.168.12.2 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
*Mar
1 00:11:30.507: BGP: 192.168.12.2 OPEN has CAPABILITY code: 1, length 4
*Mar
1 00:11:30.507: BGP: 192.168.12.2 OPEN has MP_EXT CAP for afi/safi: 1/1
*Mar
1 00:11:30.511: BGP: 192.168.12.2 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar
1 00:11:30.511: BGP: 192.168.12.2 OPEN has CAPABILITY code: 128, length 0
*Mar
1 00:11:30.511: BGP: 192.168.12.2 OPEN has ROUTE-REFRESH capability(old) for all address-families
*Mar
1 00:11:30.511: BGP: 192.168.12.2 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar
1 00:11:30.515: BGP: 192.168.12.2 OPEN has CAPABILITY code: 2, length 0
*Mar
1 00:11:30.515: BGP: 192.168.12.2 OPEN has ROUTE-REFRESH capability(new) for all address-families
BGP: 192.168.12.2 rcvd OPEN w/ remote AS 200
*Mar
1 00:11:30.515: BGP: 192.168.12.2 went from OpenSent to OpenConfirm
*Mar
1 00:11:30.527: BGP: 192.168.12.2 went from OpenConfirm to Established
*Mar
1 00:11:30.527: %BGP-5-ADJCHANGE: neighbor 192.168.12.2 Up
复制代码
R2(config-router)#
*Mar
1 00:11:30.171: BGP: 192.168.12.1 passive open to 192.168.12.2
*Mar
1 00:11:30.175: BGP: 192.168.12.1 went from Idle to Connect
*Mar
1 00:11:30.207: BGP: 192.168.12.1 rcv message type 1, length (excl. header) 26
*Mar
1 00:11:30.207: BGP: 192.168.12.1 rcv OPEN, version 4, holdtime 180 seconds
*Mar
1 00:11:30.211: BGP: 192.168.12.1 went from Connect to OpenSent
*Mar
1 00:11:30.211: BGP: 192.168.12.1 sending OPEN, version 4, my as: 200, holdtime 180 seconds
*Mar
1 00:11:30.211: BGP: 192.168.12.1 rcv OPEN w/ OPTION parameter len: 16
*Mar
1 00:11:30.211: BGP: 192.168.12.1 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
*Mar
1 00:11:30.211: BGP: 192.168.12.1 OPEN has CAPABILITY code: 1, length 4
*Mar
1 00:11:30.215: BGP: 192.168.12.1 OPEN has MP_EXT CAP for afi/safi: 1/1
*Mar
1 00:11:30.215: BGP: 192.168.12.1 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar
1 00:11:30.215: BGP: 192.168.12.1 OPEN has CAPABILITY code: 128, length 0
*Mar
1 00:11:30.215: BGP: 192.168.12.1 OPEN has ROUTE-REFRESH capability(old) for all address-families
*Mar
1 00:11:30.219: BGP: 192.168.12.1 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar
1 00:11:30.219: BGP: 192.168.12.1 OPEN has CAPABILITY code: 2, length 0
*Mar
1 00:11:30.219: BGP: 192.168.12.1 OPEN has ROUTE-REFRESH capability(new) for all address-families
BGP: 192.168.12.1 rcvd OPEN w/ remote AS 100
*Mar
1 00:11:30.219: BGP: 192.168.12.1 went from OpenSent to OpenConfirm
*Mar
1 00:11:30.219: BGP: 192.168.12.1 send message type 1, length (incl. header) 45
*Mar
1 00:11:30.303: BGP: 192.168.12.1 went from OpenConfirm to Established
*Mar
1 00:11:30.303: %BGP-5-ADJCHANGE: neighbor 192.168.12.1 Up
复制代码
通过两台路由器给出的Debug输出可以发现,Opensent标志着路由器开始进行参数和能力协商,那么当这里协商完全正确,会进入到Openconfirm状态。具体路由器在协商哪些参数我们待会儿就会提及,接下来路由器会发送一个叫做Type 1的消息长度为45,这个其实就是个Open。协商完成后,状态变为Established。
这里可以看看抓包输出:
抓包显示了两个Open报文发送后会交互几个Keepalive,这几个报文在文档中并未提及。从debug的显示来看有点儿类似一个Open的回复报文:
R1#
*Mar
1 00:40:14.863: BGP: 192.168.12.2 sending KEEPALIVE (rcv_open)
*Mar
1 00:40:14.867: BGP: 192.168.12.2 received KEEPALIVE, length (excl. header) 0
R1#
*Mar
1 00:40:14.871: %BGP-5-ADJCHANGE: neighbor 192.168.12.2 Up
R1#
*Mar
1 00:40:44.935: BGP: 192.168.12.2 sending KEEPALIVE (io)
*Mar
1 00:40:45.015: BGP: 192.168.12.2 received KEEPALIVE, length (excl. header) 0
R1#
*Mar
1 00:41:14.935: BGP: 192.168.12.2 sending KEEPALIVE (io)
*Mar
1 00:41:14.979: BGP: 192.168.12.2 received KEEPALIVE, length (excl. header) 0
复制代码
R2#
*Mar
1 00:40:14.603: BGP: 192.168.12.1 sending KEEPALIVE (rcv_open)
*Mar
1 00:40:14.695: BGP: 192.168.12.1 received KEEPALIVE, length (excl. header) 0
R2#
*Mar
1 00:40:14.695: %BGP-5-ADJCHANGE: neighbor 192.168.12.1 Up
R2#
R2#
*Mar
1 00:40:44.759: BGP: 192.168.12.1 sending KEEPALIVE (io)
*Mar
1 00:40:44.767: BGP: 192.168.12.1 received KEEPALIVE, length (excl. header) 0
R2#
*Mar
1 00:41:14.743: BGP: 192.168.12.1 sending KEEPALIVE (io)
*Mar
1 00:41:14.747: BGP: 192.168.12.1 received KEEPALIVE, length (excl. header) 0
复制代码
在邻居起来之前,发送Keepalive的原因是(rcv_open)而后周期的Keepalive是(io)
意义还是比较直白的,虽然也解释不出来个所以然。。。。。。回头查文档确认一下。
啰嗦了这么长时间,那么回到正题!BGP建立邻居不成功可能的问题是哪些呢?我们就从邻居建立的过程说起!
小马总结BGP建立连接的问题可以分为:
三次握手问题
如果三次握手无法建立,后续的BGP邻居关系也就是说笑了。
如果路由器的状态一直是停留在Idle,说明BGP完全没有Active的意思,而Active是三次握手的标志,所以说此时的问题极有可能是由于邻居地址不可达造成的。注意,这里提及的不可达不是说发送数据无回应,而是完全无法发送数据。典型的情况就是路由器没有到达指定地址的路由,那么一方面是直连接口状态失效,另一方面是非直连邻居没有在内部运行IGP。如果是非直连EBGP的情况,在没有做多跳的情况下,邻居也会一直停留在Idle状态,因为默认情况下EBGP协议保温TTL为1,那么当他检测无法到达远端非直连EBGP邻居时,也会干脆的不发报文。
如果说通过Debug可以发现状态可以从Idle变为Active,说明路由器最起码是可以发送报文的,那么这里又要分两种情况讨论:
1,发送了Syn,得不到任何回应,这种情况基本上是由于出现了类似将192.168.1.1配置成了192.168.1.2这样的问题,也就是说路由器检测路由表发现邻居地址可达,但是发出去的报文压根不存在或者不是个BGP路由器,那么显然得不到回应。
2,发送了Syn,但马上被RST掉,这种情况我们在上面分析到了,可能的原因是对方无法验证这个连接的合法性。这是什么意思呢?当一个BGP路由器收到了来自对端的一个Syn请求,它是否相应要看这个Syn请求的源地址自己是否有通过neighbor命令定义出来。那么当对方完全没有配置Neighbor,或者说配置的地址和发送Syn报文的源地址不匹配(典型的Update source没做),此时会马上发送RST重置TCP连接,根本没有后续的Syn+Ack,所以,连接固然也建立不起来。所以需要大家用到debug命令。这里还要补充一点,CISCO的show命令对于这个问题上的输出结论是一直Active,但是从debug上看是Idle和Active的切换。如果通过show命令就可以看到状态在Idle和Active间切换,那就不是TCP连接建不起来这么简单的问题了。
还有一种关于TCP三次握手无法建立的情况,状态上讲也是长期Active的话,那么还需要考虑的是BGP的TCP验证。
BGP如果实现验证的话,在三次握手时利用了TCP的Option字段中包含的验证字进行的。
这里我们刻意的将验证密码配置为两端不一致,此时大家可以发现这个Syc过去之后连一点回应也没有,如下:
那么得出结论,当BGP的验证不匹配的时候,也无法建立三次握手。
小马在这里想多说两句,BGP一旦开启了验证,他会在所有的TCP报文中将MD5摘要放在TCP的Option中,个人觉得这个无比蛋疼。。。。。。
参数协商问题
一旦TCP能够建立起三次握手连接,是不是意味着万事大吉了呢?
根据邻居建立的流程来看,三次握手仅仅是能够进行连通性协商,后面就要开始交换Open了,Open报文中携带了很多BGP的信息:
Open头部中的Version,My AS,Holdtime,BGP ID如果设置不对,均可能造成邻居关系无法建立。
另外,BGP报文中的16字节Marker设置不匹配也会出现这样的情况,这种情况极其少见,软件Bug,硬件失效都有可能。
总结一下:
对等体IP地址和AS配置错误,常为大意所致;
BGP的Router ID冲突
以上的情况在实验环境中是如何体现的呢?我们模拟一下:
R4和R5建立EBGP连接,R4在AS200,R5在AS500。R4指定R5时使用remote-as 5。
看看debug输出
R4(config-router)#neighbor 192.168.45.5 remote 5
*Mar
1 02:33:46.511: BGP: 192.168.45.5 went from Idle to Active
*Mar
1 02:33:46.519: BGP: 192.168.45.5 open active delayed 32949ms (35000ms max, 28% jitter
*Mar
1 02:34:19.471: BGP: 192.168.45.5 open active, local address 192.168.45.4
*Mar
1 02:34:19.555: BGP: 192.168.45.5 went from Active to OpenSent
*Mar
1 02:34:19.555: BGP: 192.168.45.5 sending OPEN, version 4, my as: 200, holdtime 180 seconds
*Mar
1 02:34:19.563: BGP: 192.168.45.5 send message type 1, length (incl. header) 45
*Mar
1 02:34:19.631: BGP: 192.168.45.5 rcv message type 1, length (excl. header) 26
*Mar
1 02:34:19.635: BGP: 192.168.45.5 rcv OPEN, version 4, holdtime 180 seconds
*Mar
1 02:34:19.635: BGP: 192.168.45.5 rcv OPEN w/ OPTION parameter len: 16
*Mar
1 02:34:19.635: BGP: 192.168.45.5 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
*Mar
1 02:34:19.635: BGP: 192.168.45.5 OPEN has CAPABILITY code: 1, length 4
*Mar
1 02:34:19.635: BGP: 192.168.45.5 OPEN has MP_EXT CAP for afi/safi: 1/1
*Mar
1 02:34:19.635: BGP: 192.168.45.5 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar
1 02:34:19.635: BGP: 192.168.45.5 OPEN has CAPABILITY code: 128, length 0
*Mar
1 02:34:19.635: BGP: 192.168.45.5 OPEN has ROUTE-REFRESH capability(old) for all address-families
*Mar
1 02:34:19.635: BGP: 192.168.45.5 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar
1 02:34:19.635: BGP: 192.168.45.5 OPEN has CAPABILITY code: 2, length 0
*Mar
1 02:34:19.635: BGP: 192.168.45.5 OPEN has ROUTE-REFRESH capability(new) for all address-families
*Mar
1 02:34:19.635: BGP: 192.168.45.5 bad OPEN, remote AS is 500, expected 5
*Mar
1 02:34:19.635: BGP: 192.168.45.5 went from OpenSent to Closing
*Mar
1 02:34:19.635: %BGP-3-NOTIFICATION: sent to neighbor 192.168.45.5 2/2 (peer in wrong AS) 2 bytes 01F4 FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 002D 0104 01F4 00B4 0505 0505 1002 0601 0400 0100 0102 0280 0002 0202 00
*Mar
1 02:34:19.635: BGP: 192.168.45.5 send message type 3, length (incl. header) 23
*Mar
1 02:34:19.743: BGP: 192.168.45.5 local error close after sending NOTIFICATION
*Mar
1 02:34:19.747: BGPNSF state: 192.168.45.5 went from nsf_not_active to nsf_not_active
*Mar
1 02:34:19.747: BGP: 192.168.45.5 went from Closing to Idle
*Mar
1 02:34:19.747: BGP: 192.168.45.5 closing
*Mar
1 02:34:21.751: BGP: 192.168.45.5 went from Idle to Active
*Mar
1 02:34:21.759: BGP: 192.168.45.5 open active delayed 31254ms (35000ms max, 28% jitter)
复制代码
R5(config-router)#nei 192.168.45.4 remote 200
*Mar
1 02:34:04.331: BGP: 192.168.45.4 went from Idle to Active
*Mar
1 02:34:04.339: BGP: 192.168.45.4 open active delayed 32805ms (35000ms max, 28% jitter)
*Mar
1 02:34:19.375: BGP: 192.168.45.4 passive open to 192.168.45.5
*Mar
1 02:34:19.379: BGP: 192.168.45.4 went from Active to Idle
*Mar
1 02:34:19.379: BGP: 192.168.45.4 went from Idle to Connect
*Mar
1 02:34:19.391: BGP: 192.168.45.4 rcv message type 1, length (excl. header) 26
*Mar
1 02:34:19.391: BGP: 192.168.45.4 rcv OPEN, version 4, holdtime 180 seconds
*Mar
1 02:34:19.391: BGP: 192.168.45.4 went from Connect to OpenSent
*Mar
1 02:34:19.391: BGP: 192.168.45.4 sending OPEN, version 4, my as: 500, holdtime 180 seconds
*Mar
1 02:34:19.395: BGP: 192.168.45.4 rcv OPEN w/ OPTION parameter len: 16
*Mar
1 02:34:19.395: BGP: 192.168.45.4 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
*Mar
1 02:34:19.395: BGP: 192.168.45.4 OPEN has CAPABILITY code: 1, length 4
*Mar
1 02:34:19.395: BGP: 192.168.45.4 OPEN has MP_EXT CAP for afi/safi: 1/1
*Mar
1 02:34:19.399: BGP: 192.168.45.4 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar
1 02:34:19.399: BGP: 192.168.45.4 OPEN has CAPABILITY code: 128, length 0
*Mar
1 02:34:19.399: BGP: 192.168.45.4 OPEN has ROUTE-REFRESH capability(old) for all address-families
*Mar
1 02:34:19.399: BGP: 192.168.45.4 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar
1 02:34:19.399: BGP: 192.168.45.4 OPEN has CAPABILITY code: 2, length 0
*Mar
1 02:34:19.403: BGP: 192.168.45.4 OPEN has ROUTE-REFRESH capability(new) for all address-families
BGP: 192.168.45.4 rcvd OPEN w/ remote AS 200
*Mar
1 02:34:19.403: BGP: 192.168.45.4 went from OpenSent to OpenConfirm
*Mar
1 02:34:19.403: BGP: 192.168.45.4 send message type 1, length (incl. header) 45
*Mar
1 02:34:19.439: BGP: 192.168.45.4 rcv message type 3, length (excl. header) 4
*Mar
1 02:34:19.443: %BGP-3-NOTIFICATION: received from neighbor 192.168.45.4 2/2 (peer in wrong AS) 2 bytes 01F4
*Mar
1 02:34:19.443: BGP: 192.168.45.4 went from OpenConfirm to Closing
*Mar
1 02:34:19.447: BGPNSF state: 192.168.45.4 went from nsf_not_active to nsf_not_active
*Mar
1 02:34:19.447: BGP: 192.168.45.4 went from Closing to Idle
*Mar
1 02:34:19.447: BGP: 192.168.45.4 closing
复制代码
可以发现,R4指定了错误的AS,那么R5发送了Open报文说自己的AS是500,而R4认为R5在AS 5内。所以R4直接在Opensent状态后变为Closing。而R5上的配置是正确的,所以他进入到了OpenConfirm,但是又收到了对方的Notification报文,所以一样的Closing。
抓包的显示可以发现有明显的Notification,然后出现了FIN,说明此时BGP是主动通过Notification断开的邻居关系,注意,和RST是完全不一样的。此时,通过show ip bgp summary查看邻居状态才会发现邻居状态在Idle和Active状态间进行切换。
另外,若Router-id配置重复,和上述情况一样。
这里可以稍稍总结一下,如果说能够建立TCP连接,那么BGP会通过Notification断开连接,方式是使用FIN三次握手,而如果是无法建立连接,要么是超时,要么是TCP的RST。这个特性对排错非常有用。
能力协商问题
如果说Open报文头部参数协商OK,后续还会存在BGP的能力协商,BGP的能力协商的内容其实在前面的Debug和抓包输出都已体现的非常明显:
*Mar
1 02:34:19.395: BGP: 192.168.45.4 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
*Mar
1 02:34:19.395: BGP: 192.168.45.4 OPEN has CAPABILITY code: 1, length 4
*Mar
1 02:34:19.395: BGP: 192.168.45.4 OPEN has MP_EXT CAP for afi/safi: 1/1
*Mar
1 02:34:19.399: BGP: 192.168.45.4 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar
1 02:34:19.399: BGP: 192.168.45.4 OPEN has CAPABILITY code: 128, length 0
*Mar
1 02:34:19.399: BGP: 192.168.45.4 OPEN has ROUTE-REFRESH capability(old) for all address-families
*Mar
1 02:34:19.399: BGP: 192.168.45.4 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar
1 02:34:19.399: BGP: 192.168.45.4 OPEN has CAPABILITY code: 2, length 0
*Mar
1 02:34:19.403: BGP: 192.168.45.4 OPEN has ROUTE-REFRESH capability(new) for all address-families
复制代码
主要是两个Route-Refresh和MP-extension。关于这里,借鉴一下网络之路:
在实际应用过程中,设备在与其他厂商设备进行BGP能力协商过程中遇到无法识别和支持的能力参数,比如有的是最新RFC规定而本地没有实现的,有的是其他厂商自定义的能力,在类似情况处理过程中会忽略无法识别的能力,打出信息并继续建立邻居。
在RFC 2842中BGP协议要求BGP speaker在收到的OPEN报文中带有一个或多个不认识的可选项参数时,它会中断BGP的会话连接,然后对方会继续进行BGP连接,此时不带上上述不认识的选项参数。不过此RFC已经被RFC3392(Capabilities Advertisement with BGP-4)所废除。
根据RFC3392的要求,当一个支持能力通告的BGP speaker向其BGP peer发送OPEN消息时,其消息可以包含称之为能力的选项参数,该参数列出它所支持的所有能力:
1) BGP speaker通过检查从其BGP对等体收到的OPEN消息中的能力列表来确定对方所支持的所有能力;
2) 如果BGP speaker支持上述能力列表中的一种能力后直接使用该能力并保持BGP连接,这样不用发送NOTIFICATION并再次进行协商;
3) 如果BGP speaker在收到对方对于本端发出的OPEN消息的响应是NOTIFICATION 并且其Error Subcode为Unsupported Optional Parameter,此时认为对方不支持先前的能力通告。本端将试图重新和对方建立连接,此时本端发送的OPEN消息中将不再携带对端不支持的能力选项参数Capabilities Optional Parameter。
4) 如果一个BGP speaker支持某一特定能力发现对方不支持该能力,该BGP speaker可以向对方发送NOTIFICATION消息并终止该会话;此时的ErrorSubcode设定为Unsupported Capability,该NOTIFICATION消息将在Data域中包含引起会话中断的能力。而是否发送消息并中断会话,取决于本端BGP speaker,并且一旦中断将不再重新自动连接。
BGP的能力参数类型有两种,即多协议能力和路由刷新能力;针对地址族的定义就比较多了,不同厂商实现也可能不一样。比如根据最新RFC4761,针对VPLS的能力已经定义为25/65(L2***也是25/65)。具体情况见下表。
| Type | Code | AFI | SAFI |
| IPv4 Unicast | Multiprotocol (1) | 1 | 1 |
| IPv4 Multicast | Multiprotocol (1) | 1 | 2 |
| IPv4 ×××v4 | Multiprotocol (1) | 1 | 128 |
| Label IPv4 | Multiprotocol (1) | 1 | 4 |
| M××× | Multiprotocol (1) | 1 | 66 |
| L2*** | Multiprotocol (1) | 196 | 128 |
| IPv6 Unicast | Multiprotocol (1) | 2 | 1 |
| IPv6 Multicast | Multiprotocol (1) | 2 | 2 |
| IPv6 ×××v4 | Multiprotocol (1) | 2 | 128 |
| Label IPv6 | Multiprotocol (1) | 2 | 4 |
| VPLS (RFC 4761) | Multiprotocol (1) | 25 | 65 |
| Route Refresh | Route Refresh (2) | ||
| Graceful Restart | Graceful Restart (64) | ||
| 4 Bytes AS | (65) | ||
| Dynamic Capability | (67) |
转载于:https://blog.51cto.com/12633577/1978426
2422
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
