Topology
Objectives
Objective is to understand how bgp initialize when you enable interfaces and bgp parameters. We will check it by sniffing tool Wireshark to know what happening behind the scene. Wireshark will be enabled on f0/0 on R2.
Currently both F0/0 port is shut no ip address, bgp configured on node.
Steps:
Let’s start the capture on port f0/0 on R2. There is nothing in packets.
Now let’s un shut the port
We see some packets for Loop protocols and cdp packets , but this is not what we are looking for lets go ahead.
Now I will configured IP address on F0/0 R2 and check the capture
No effect the packet is as it is ,no extra header is initialized.Let’s enable BGP on R2 and see the effect.
Let’s also check the arp on R2.
As soon as we enabled BGP with neighbor command BGP , and application has been enabled , as we have defined 10.10.10.2 as neighbor BGP first need to check the normal reach-ability for TCP session and further action.
For checking TCP session R2 must know the L2 address of 10.10.10.2, hence it has done ARP broadcast. But since the R1 interface is down and not configured with any IP add, hence R2 not getting any reply from 10.10.10.2 for ARP request.
Now let’s un shut R1 port and see the capture.
No change in capture .Now let’s assigned IP 10.10.10.2 on R1.
As soon as we assigned IP on F0/0 on R1 , we can see R2 initiated ARP request and got the reply for ARP.
Transport can be seen between R1-R2 , we also see R2 send TCP packet to R1 for 10.10.10.2 on destination port 179[bgp port]. Since application[bgp ] is configured with neighbor 10.10.10.2 command hence R2 will send packet for Destination port 179 to check if any reply from other side application[BGP].
Once the packet has arrived to R1 with destination port as 179 from R2 , R1 send RST flag under TCP to R2 , to reset the connection. As no application running(no bgp enabled) on R1 with port 179 . Thus three –way handshake cannot be completed as R2 sent [RST,ACK] instead of [SYN, ACK]
Now let configured BGP on R1, now again the capture is same and R1 is resetting TCP connection as we just enabled BGP. Not configured Neighbor command. Let’s configured neighbor command on R1
Now this time 3 way handshake completed. Once the 3 way handshake completed. BGP first message i.e OPEN message has been initiated with bi-direction.After OPEN- SENT , OPEN-CONFIRM , KEEPALIVE messages has been initiated, which will keep on initiated as periodically. Periodically R1-R2 will also check TCP socket bidirectionally.
Now let’s advertised some routes say loopback to see the update packets on R2.
Now as soon as we advertised network/prefix 2.2.2.2 & 4.4.4.4 on R2 , it send and update to R1 about these prefixes composed under UPDATE message.
Prefixes/Network are advertised under NLRI under UPDATE message. Update message also having some other detail like AS_Path, Origin, NEXT-HOP etc
Now let’s clear bgp session hardcore and see what message we get.We will clear BGP session from R1.
When we clear BGP session hardcore then node just reset the TCP connection by sending FIN & PSH flag to its neighbor( remember bgp is not sending any update for reset) its transport TCP flag initiated by R1 on request of BGP since peer is reseted.
Now let’s do soft reset and see what happens. Soft reset can be performed as inbound and outbound let’s try both one by one.The moment when you ran soft in then R1 send Route-Refresh message to 10.10.10.1 R2 , so that R2 send all the routes update again. Once R2 receive Route-Refresh message from R1 it send all the route update to R1 again.
Note: When using soft reset it do not tear down bgp neighbor as TCP do not send any FIN TCP flag to remote peer in this case, using soft reset just request/send all the update to its peer without terminating it.
Now let’s try soft reset out and see what happens. When you used out soft reset out then you are not requesting for Route-request to other, instead doing it itself. So R1 will send all the update to R1 without tearing the neighbor.
Summary:
- BGP need initial transport and reachability to start.
- Once you configured BGP with neighbor command , node try to check defined neighbor socket on TCP port 179.
- If other end bgp is not enabled or neighbor not defined or wrongly defined then the remote end node will send RST TCP flag while the other node tried to establish socket connection on port 179
- Once 3-way handshake completes on port 179 at both side , then bgp initiated OPEN messages bi direction. Once the parameter checked it will initiate keepalive message periodically. Also TCP socket check will keep going periodically
- Update will only send when you advertised some routes under BGP either via network or redistribute. NLRI consists of all the prefixes which we are advertising
- When you used Clear ip bgp * or Clear ip bgp x.x.x.x , it will tear down the BGP neighborship and re-established it again and send all update. This is called hard reset. Hard reset make TCP socket breakdown by sending FIN, PSH TCP flag to neighbor.
- When we use soft reset it only update the routes and do not tear down the neighborship. When you used soft reset in it send Route-Refresh message to peer. Then peer send its routes update without tearing down the neighbor.