Thursday, May 2, 2013

Decoding BGP Notification Error

Following Log messages are normal in the IX scenario but decode the error message is quite interesting:
We will see why this error message popped up :


: %BGP-3-NOTIFICATION: sent to neighbor 10.10.194.236 2/7 (unsupported/disjoint capability) 0 bytes  FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0039 0104 xx0D 00B4 C06A 1102 1C02 0601 0400 0200 0102 0280 0002 0202 0002 0246 0002 0641 0400 00C4 0D

its a raw hex out  of the BGP open message and starts from the marker  16byte FF so the actual output starts from 0039 
2 byte length value : 00 39 - 57
1 byte Type : 01 open message
1 byte Version : 04
2 byte ASN : xx0D  [ modified to remove the relevant information ]
2 byte holdtime : 00 B4 - 180 Seconds
4 byte BGP identifier : C06A 1102 [ modified ]
1 byte Optional parameter length : 1C   - 28 bytes
Refer RFC: http://tools.ietf.org/html/rfc5492

http://tools.ietf.org/html/draft-ietf-idr-ext-opt-param-02
http://www.iana.org/assignments/capability-codes/capability-codes.xml
02 0601 0400 0200 01   - 02 parameter type , capability 06 -length   01 : Multiprotocol Extensions for BGP-4
 02 0280 00  - 128 : route refresh
02 0202 00  - 02 : route refresh
02 0246 00  -   70 : enhanced route refresh
 02 0641 0400 00C4 0D :65 Support for 4-octet AS number capability

So the IOS i'm working with doesn't support enhanced route-refresh therefore its dropping the connection .