kyle
/
ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ansible/roles/dotfiles/files/.emacs.d/RFC/rfc4271.txt

5828 lines
218 KiB
Plaintext
Raw Permalink Normal View History

adding dotfiles
2023-04-11 14:32:07 +00:00
Network Working Group Y. Rekhter, Ed.
Request for Comments: 4271 T. Li, Ed.
Obsoletes: 1771 S. Hares, Ed.
Category: Standards Track January 2006
A Border Gateway Protocol 4 (BGP-4)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This document discusses the Border Gateway Protocol (BGP), which is
an inter-Autonomous System routing protocol.
The primary function of a BGP speaking system is to exchange network
reachability information with other BGP systems. This network
reachability information includes information on the list of
Autonomous Systems (ASes) that reachability information traverses.
This information is sufficient for constructing a graph of AS
connectivity for this reachability from which routing loops may be
pruned, and, at the AS level, some policy decisions may be enforced.
BGP-4 provides a set of mechanisms for supporting Classless Inter-
Domain Routing (CIDR). These mechanisms include support for
advertising a set of destinations as an IP prefix, and eliminating
the concept of network "class" within BGP. BGP-4 also introduces
mechanisms that allow aggregation of routes, including aggregation of
AS paths.
This document obsoletes RFC 1771.
Rekhter, et al. Standards Track [Page 1]
RFC 4271 BGP-4 January 2006
Table of Contents
1. Introduction ....................................................4
1.1. Definition of Commonly Used Terms ..........................4
1.2. Specification of Requirements ..............................6
2. Acknowledgements ................................................6
3. Summary of Operation ............................................7
3.1. Routes: Advertisement and Storage ..........................9
3.2. Routing Information Base ..................................10
4. Message Formats ................................................11
4.1. Message Header Format .....................................12
4.2. OPEN Message Format .......................................13
4.3. UPDATE Message Format .....................................14
4.4. KEEPALIVE Message Format ..................................21
4.5. NOTIFICATION Message Format ...............................21
5. Path Attributes ................................................23
5.1. Path Attribute Usage ......................................25
5.1.1. ORIGIN .............................................25
5.1.2. AS_PATH ............................................25
5.1.3. NEXT_HOP ...........................................26
5.1.4. MULTI_EXIT_DISC ....................................28
5.1.5. LOCAL_PREF .........................................29
5.1.6. ATOMIC_AGGREGATE ...................................29
5.1.7. AGGREGATOR .........................................30
6. BGP Error Handling. ............................................30
6.1. Message Header Error Handling .............................31
6.2. OPEN Message Error Handling ...............................31
6.3. UPDATE Message Error Handling .............................32
6.4. NOTIFICATION Message Error Handling .......................34
6.5. Hold Timer Expired Error Handling .........................34
6.6. Finite State Machine Error Handling .......................35
6.7. Cease .....................................................35
6.8. BGP Connection Collision Detection ........................35
7. BGP Version Negotiation ........................................36
8. BGP Finite State Machine (FSM) .................................37
8.1. Events for the BGP FSM ....................................38
8.1.1. Optional Events Linked to Optional Session
Attributes .........................................38
8.1.2. Administrative Events ..............................42
8.1.3. Timer Events .......................................46
8.1.4. TCP Connection-Based Events ........................47
8.1.5. BGP Message-Based Events ...........................49
8.2. Description of FSM ........................................51
8.2.1. FSM Definition .....................................51
8.2.1.1. Terms "active" and "passive" ..............52
8.2.1.2. FSM and Collision Detection ...............52
8.2.1.3. FSM and Optional Session Attributes .......52
8.2.1.4. FSM Event Numbers .........................53
Rekhter, et al. Standards Track [Page 2]
RFC 4271 BGP-4 January 2006
8.2.1.5. FSM Actions that are Implementation
Dependent .................................53
8.2.2. Finite State Machine ...............................53
9. UPDATE Message Handling ........................................75
9.1. Decision Process ..........................................76
9.1.1. Phase 1: Calculation of Degree of Preference .......77
9.1.2. Phase 2: Route Selection ...........................77
9.1.2.1. Route Resolvability Condition .............79
9.1.2.2. Breaking Ties (Phase 2) ...................80
9.1.3. Phase 3: Route Dissemination .......................82
9.1.4. Overlapping Routes .................................83
9.2. Update-Send Process .......................................84
9.2.1. Controlling Routing Traffic Overhead ...............85
9.2.1.1. Frequency of Route Advertisement ..........85
9.2.1.2. Frequency of Route Origination ............85
9.2.2. Efficient Organization of Routing Information ......86
9.2.2.1. Information Reduction .....................86
9.2.2.2. Aggregating Routing Information ...........87
9.3. Route Selection Criteria ..................................89
9.4. Originating BGP routes ....................................89
10. BGP Timers ....................................................90
Appendix A. Comparison with RFC 1771 .............................92
Appendix B. Comparison with RFC 1267 .............................93
Appendix C. Comparison with RFC 1163 .............................93
Appendix D. Comparison with RFC 1105 .............................94
Appendix E. TCP Options that May Be Used with BGP ................94
Appendix F. Implementation Recommendations .......................95
Appendix F.1. Multiple Networks Per Message .........95
Appendix F.2. Reducing Route Flapping ...............96
Appendix F.3. Path Attribute Ordering ...............96
Appendix F.4. AS_SET Sorting ........................96
Appendix F.5. Control Over Version Negotiation ......96
Appendix F.6. Complex AS_PATH Aggregation ...........96
Security Considerations ...........................................97
IANA Considerations ...............................................99
Normative References .............................................101
Informative References ...........................................101
Rekhter, et al. Standards Track [Page 3]
RFC 4271 BGP-4 January 2006
1. Introduction
The Border Gateway Protocol (BGP) is an inter-Autonomous System
routing protocol.
The primary function of a BGP speaking system is to exchange network
reachability information with other BGP systems. This network
reachability information includes information on the list of
Autonomous Systems (ASes) that reachability information traverses.
This information is sufficient for constructing a graph of AS
connectivity for this reachability, from which routing loops may be
pruned and, at the AS level, some policy decisions may be enforced.
BGP-4 provides a set of mechanisms for supporting Classless Inter-
Domain Routing (CIDR) [RFC1518, RFC1519]. These mechanisms include
support for advertising a set of destinations as an IP prefix and
eliminating the concept of network "class" within BGP. BGP-4 also
introduces mechanisms that allow aggregation of routes, including
aggregation of AS paths.
Routing information exchanged via BGP supports only the destination-
based forwarding paradigm, which assumes that a router forwards a
packet based solely on the destination address carried in the IP
header of the packet. This, in turn, reflects the set of policy
decisions that can (and cannot) be enforced using BGP. BGP can
support only those policies conforming to the destination-based
forwarding paradigm.
1.1. Definition of Commonly Used Terms
This section provides definitions for terms that have a specific
meaning to the BGP protocol and that are used throughout the text.
Adj-RIB-In
The Adj-RIBs-In contains unprocessed routing information that has
been advertised to the local BGP speaker by its peers.
Adj-RIB-Out
The Adj-RIBs-Out contains the routes for advertisement to specific
peers by means of the local speaker's UPDATE messages.
Autonomous System (AS)
The classic definition of an Autonomous System is a set of routers
under a single technical administration, using an interior gateway
protocol (IGP) and common metrics to determine how to route
packets within the AS, and using an inter-AS routing protocol to
determine how to route packets to other ASes. Since this classic
definition was developed, it has become common for a single AS to
Rekhter, et al. Standards Track [Page 4]
RFC 4271 BGP-4 January 2006
use several IGPs and, sometimes, several sets of metrics within an
AS. The use of the term Autonomous System stresses the fact that,
even when multiple IGPs and metrics are used, the administration
of an AS appears to other ASes to have a single coherent interior
routing plan, and presents a consistent picture of the
destinations that are reachable through it.
BGP Identifier
A 4-octet unsigned integer that indicates the BGP Identifier of
the sender of BGP messages. A given BGP speaker sets the value of
its BGP Identifier to an IP address assigned to that BGP speaker.
The value of the BGP Identifier is determined upon startup and is
the same for every local interface and BGP peer.
BGP speaker
A router that implements BGP.
EBGP
External BGP (BGP connection between external peers).
External peer
Peer that is in a different Autonomous System than the local
system.
Feasible route
An advertised route that is available for use by the recipient.
IBGP
Internal BGP (BGP connection between internal peers).
Internal peer
Peer that is in the same Autonomous System as the local system.
IGP
Interior Gateway Protocol - a routing protocol used to exchange
routing information among routers within a single Autonomous
System.
Loc-RIB
The Loc-RIB contains the routes that have been selected by the
local BGP speaker's Decision Process.
NLRI
Network Layer Reachability Information.
Route
A unit of information that pairs a set of destinations with the
attributes of a path to those destinations. The set of
Rekhter, et al. Standards Track [Page 5]
RFC 4271 BGP-4 January 2006
destinations are systems whose IP addresses are contained in one
IP address prefix carried in the Network Layer Reachability
Information (NLRI) field of an UPDATE message. The path is the
information reported in the path attributes field of the same
UPDATE message.
RIB
Routing Information Base.
Unfeasible route
A previously advertised feasible route that is no longer available
for use.
1.2. Specification of Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Acknowledgements
This document was originally published as [RFC1267] in October 1991,
jointly authored by Kirk Lougheed and Yakov Rekhter.
We would like to express our thanks to Guy Almes, Len Bosack, and
Jeffrey C. Honig for their contributions to the earlier version
(BGP-1) of this document.
We would like to specially acknowledge numerous contributions by
Dennis Ferguson to the earlier version of this document.
We would like to explicitly thank Bob Braden for the review of the
earlier version (BGP-2) of this document, and for his constructive
and valuable comments.
We would also like to thank Bob Hinden, Director for Routing of the
Internet Engineering Steering Group, and the team of reviewers he
assembled to review the earlier version (BGP-2) of this document.
This team, consisting of Deborah Estrin, Milo Medin, John Moy, Radia
Perlman, Martha Steenstrup, Mike St. Johns, and Paul Tsuchiya, acted
with a strong combination of toughness, professionalism, and
courtesy.
Certain sections of the document borrowed heavily from IDRP
[IS10747], which is the OSI counterpart of BGP. For this, credit
should be given to the ANSI X3S3.3 group chaired by Lyman Chapin and
to Charles Kunzinger, who was the IDRP editor within that group.
Rekhter, et al. Standards Track [Page 6]
RFC 4271 BGP-4 January 2006
We would also like to thank Benjamin Abarbanel, Enke Chen, Edward
Crabbe, Mike Craren, Vincent Gillet, Eric Gray, Jeffrey Haas, Dimitry
Haskin, Stephen Kent, John Krawczyk, David LeRoy, Dan Massey,
Jonathan Natale, Dan Pei, Mathew Richardson, John Scudder, John
Stewart III, Dave Thaler, Paul Traina, Russ White, Curtis Villamizar,
and Alex Zinin for their comments.
We would like to specially acknowledge Andrew Lange for his help in
preparing the final version of this document.
Finally, we would like to thank all the members of the IDR Working
Group for their ideas and the support they have given to this
document.
3. Summary of Operation
The Border Gateway Protocol (BGP) is an inter-Autonomous System
routing protocol. It is built on experience gained with EGP (as
defined in [RFC904]) and EGP usage in the NSFNET Backbone (as
described in [RFC1092] and [RFC1093]). For more BGP-related
information, see [RFC1772], [RFC1930], [RFC1997], and [RFC2858].
The primary function of a BGP speaking system is to exchange network
reachability information with other BGP systems. This network
reachability information includes information on the list of
Autonomous Systems (ASes) that reachability information traverses.
This information is sufficient for constructing a graph of AS
connectivity, from which routing loops may be pruned, and, at the AS
level, some policy decisions may be enforced.
In the context of this document, we assume that a BGP speaker
advertises to its peers only those routes that it uses itself (in
this context, a BGP speaker is said to "use" a BGP route if it is the
most preferred BGP route and is used in forwarding). All other cases
are outside the scope of this document.
In the context of this document, the term "IP address" refers to an
IP Version 4 address [RFC791].
Routing information exchanged via BGP supports only the destination-
based forwarding paradigm, which assumes that a router forwards a
packet based solely on the destination address carried in the IP
header of the packet. This, in turn, reflects the set of policy
decisions that can (and cannot) be enforced using BGP. Note that
some policies cannot be supported by the destination-based forwarding
paradigm, and thus require techniques such as source routing (aka
explicit routing) to be enforced. Such policies cannot be enforced
using BGP either. For example, BGP does not enable one AS to send
Rekhter, et al. Standards Track [Page 7]
RFC 4271 BGP-4 January 2006
traffic to a neighboring AS for forwarding to some destination
(reachable through but) beyond that neighboring AS, intending that
the traffic take a different route to that taken by the traffic
originating in the neighboring AS (for that same destination). On
the other hand, BGP can support any policy conforming to the
destination-based forwarding paradigm.
BGP-4 provides a new set of mechanisms for supporting Classless
Inter-Domain Routing (CIDR) [RFC1518, RFC1519]. These mechanisms
include support for advertising a set of destinations as an IP prefix
and eliminating the concept of a network "class" within BGP. BGP-4
also introduces mechanisms that allow aggregation of routes,
including aggregation of AS paths.
This document uses the term `Autonomous System' (AS) throughout. The
classic definition of an Autonomous System is a set of routers under
a single technical administration, using an interior gateway protocol
(IGP) and common metrics to determine how to route packets within the
AS, and using an inter-AS routing protocol to determine how to route
packets to other ASes. Since this classic definition was developed,
it has become common for a single AS to use several IGPs and,
sometimes, several sets of metrics within an AS. The use of the term
Autonomous System stresses the fact that, even when multiple IGPs and
metrics are used, the administration of an AS appears to other ASes
to have a single coherent interior routing plan and presents a
consistent picture of the destinations that are reachable through it.
BGP uses TCP [RFC793] as its transport protocol. This eliminates the
need to implement explicit update fragmentation, retransmission,
acknowledgement, and sequencing. BGP listens on TCP port 179. The
error notification mechanism used in BGP assumes that TCP supports a
"graceful" close (i.e., that all outstanding data will be delivered
before the connection is closed).
A TCP connection is formed between two systems. They exchange
messages to open and confirm the connection parameters.
The initial data flow is the portion of the BGP routing table that is
allowed by the export policy, called the Adj-Ribs-Out (see 3.2).
Incremental updates are sent as the routing tables change. BGP does
not require a periodic refresh of the routing table. To allow local
policy changes to have the correct effect without resetting any BGP
connections, a BGP speaker SHOULD either (a) retain the current
version of the routes advertised to it by all of its peers for the
duration of the connection, or (b) make use of the Route Refresh
extension [RFC2918].
Rekhter, et al. Standards Track [Page 8]
RFC 4271 BGP-4 January 2006
KEEPALIVE messages may be sent periodically to ensure that the
connection is live. NOTIFICATION messages are sent in response to
errors or special conditions. If a connection encounters an error
condition, a NOTIFICATION message is sent and the connection is
closed.
A peer in a different AS is referred to as an external peer, while a
peer in the same AS is referred to as an internal peer. Internal BGP
and external BGP are commonly abbreviated as IBGP and EBGP.
If a particular AS has multiple BGP speakers and is providing transit
service for other ASes, then care must be taken to ensure a
consistent view of routing within the AS. A consistent view of the
interior routes of the AS is provided by the IGP used within the AS.
For the purpose of this document, it is assumed that a consistent
view of the routes exterior to the AS is provided by having all BGP
speakers within the AS maintain IBGP with each other.
This document specifies the base behavior of the BGP protocol. This
behavior can be, and is, modified by extension specifications. When
the protocol is extended, the new behavior is fully documented in the
extension specifications.
3.1. Routes: Advertisement and Storage
For the purpose of this protocol, a route is defined as a unit of
information that pairs a set of destinations with the attributes of a
path to those destinations. The set of destinations are systems
whose IP addresses are contained in one IP address prefix that is
carried in the Network Layer Reachability Information (NLRI) field of
an UPDATE message, and the path is the information reported in the
path attributes field of the same UPDATE message.
Routes are advertised between BGP speakers in UPDATE messages.
Multiple routes that have the same path attributes can be advertised
in a single UPDATE message by including multiple prefixes in the NLRI
field of the UPDATE message.
Routes are stored in the Routing Information Bases (RIBs): namely,
the Adj-RIBs-In, the Loc-RIB, and the Adj-RIBs-Out, as described in
Section 3.2.
If a BGP speaker chooses to advertise a previously received route, it
MAY add to, or modify, the path attributes of the route before
advertising it to a peer.
Rekhter, et al. Standards Track [Page 9]
RFC 4271 BGP-4 January 2006
BGP provides mechanisms by which a BGP speaker can inform its peers
that a previously advertised route is no longer available for use.
There are three methods by which a given BGP speaker can indicate
that a route has been withdrawn from service:
a) the IP prefix that expresses the destination for a previously
advertised route can be advertised in the WITHDRAWN ROUTES
field in the UPDATE message, thus marking the associated route
as being no longer available for use,
b) a replacement route with the same NLRI can be advertised, or
c) the BGP speaker connection can be closed, which implicitly
removes all routes the pair of speakers had advertised to each
other from service.
Changing the attribute(s) of a route is accomplished by advertising a
replacement route. The replacement route carries new (changed)
attributes and has the same address prefix as the original route.
3.2. Routing Information Base
The Routing Information Base (RIB) within a BGP speaker consists of
three distinct parts:
a) Adj-RIBs-In: The Adj-RIBs-In stores routing information learned
from inbound UPDATE messages that were received from other BGP
speakers. Their contents represent routes that are available
as input to the Decision Process.
b) Loc-RIB: The Loc-RIB contains the local routing information the
BGP speaker selected by applying its local policies to the
routing information contained in its Adj-RIBs-In. These are
the routes that will be used by the local BGP speaker. The
next hop for each of these routes MUST be resolvable via the
local BGP speaker's Routing Table.
c) Adj-RIBs-Out: The Adj-RIBs-Out stores information the local BGP
speaker selected for advertisement to its peers. The routing
information stored in the Adj-RIBs-Out will be carried in the
local BGP speaker's UPDATE messages and advertised to its
peers.
In summary, the Adj-RIBs-In contains unprocessed routing information
that has been advertised to the local BGP speaker by its peers; the
Loc-RIB contains the routes that have been selected by the local BGP
Rekhter, et al. Standards Track [Page 10]
RFC 4271 BGP-4 January 2006
speaker's Decision Process; and the Adj-RIBs-Out organizes the routes
for advertisement to specific peers (by means of the local speaker's
UPDATE messages).
Although the conceptual model distinguishes between Adj-RIBs-In,
Loc-RIB, and Adj-RIBs-Out, this neither implies nor requires that an
implementation must maintain three separate copies of the routing
information. The choice of implementation (for example, 3 copies of
the information vs 1 copy with pointers) is not constrained by the
protocol.
Routing information that the BGP speaker uses to forward packets (or
to construct the forwarding table used for packet forwarding) is
maintained in the Routing Table. The Routing Table accumulates
routes to directly connected networks, static routes, routes learned
from the IGP protocols, and routes learned from BGP. Whether a
specific BGP route should be installed in the Routing Table, and
whether a BGP route should override a route to the same destination
installed by another source, is a local policy decision, and is not
specified in this document. In addition to actual packet forwarding,
the Routing Table is used for resolution of the next-hop addresses
specified in BGP updates (see Section 5.1.3).
4. Message Formats
This section describes message formats used by BGP.
BGP messages are sent over TCP connections. A message is processed
only after it is entirely received. The maximum message size is 4096
octets. All implementations are required to support this maximum
message size. The smallest message that may be sent consists of a
BGP header without a data portion (19 octets).
All multi-octet fields are in network byte order.
Rekhter, et al. Standards Track [Page 11]
RFC 4271 BGP-4 January 2006
4.1. Message Header Format
Each message has a fixed-size header. There may or may not be a data
portion following the header, depending on the message type. The
layout of these fields is shown below:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ +
| Marker |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Marker:
This 16-octet field is included for compatibility; it MUST be
set to all ones.
Length:
This 2-octet unsigned integer indicates the total length of the
message, including the header in octets. Thus, it allows one
to locate the (Marker field of the) next message in the TCP
stream. The value of the Length field MUST always be at least
19 and no greater than 4096, and MAY be further constrained,
depending on the message type. "padding" of extra data after
the message is not allowed. Therefore, the Length field MUST
have the smallest value required, given the rest of the
message.
Type:
This 1-octet unsigned integer indicates the type code of the
message. This document defines the following type codes:
1 - OPEN
2 - UPDATE
3 - NOTIFICATION
4 - KEEPALIVE
[RFC2918] defines one more type code.
Rekhter, et al. Standards Track [Page 12]
RFC 4271 BGP-4 January 2006
4.2. OPEN Message Format
After a TCP connection is established, the first message sent by each
side is an OPEN message. If the OPEN message is acceptable, a
KEEPALIVE message confirming the OPEN is sent back.
In addition to the fixed-size BGP header, the OPEN message contains
the following fields:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+
| Version |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| My Autonomous System |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hold Time |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| BGP Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Opt Parm Len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Optional Parameters (variable) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Version:
This 1-octet unsigned integer indicates the protocol version
number of the message. The current BGP version number is 4.
My Autonomous System:
This 2-octet unsigned integer indicates the Autonomous System
number of the sender.
Hold Time:
This 2-octet unsigned integer indicates the number of seconds
the sender proposes for the value of the Hold Timer. Upon
receipt of an OPEN message, a BGP speaker MUST calculate the
value of the Hold Timer by using the smaller of its configured
Hold Time and the Hold Time received in the OPEN message. The
Hold Time MUST be either zero or at least three seconds. An
implementation MAY reject connections on the basis of the Hold
Rekhter, et al. Standards Track [Page 13]
RFC 4271 BGP-4 January 2006
Time. The calculated value indicates the maximum number of
seconds that may elapse between the receipt of successive
KEEPALIVE and/or UPDATE messages from the sender.
BGP Identifier:
This 4-octet unsigned integer indicates the BGP Identifier of
the sender. A given BGP speaker sets the value of its BGP
Identifier to an IP address that is assigned to that BGP
speaker. The value of the BGP Identifier is determined upon
startup and is the same for every local interface and BGP peer.
Optional Parameters Length:
This 1-octet unsigned integer indicates the total length of the
Optional Parameters field in octets. If the value of this
field is zero, no Optional Parameters are present.
Optional Parameters:
This field contains a list of optional parameters, in which
each parameter is encoded as a <Parameter Type, Parameter
Length, Parameter Value> triplet.
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...
| Parm. Type | Parm. Length | Parameter Value (variable)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...
Parameter Type is a one octet field that unambiguously
identifies individual parameters. Parameter Length is a one
octet field that contains the length of the Parameter Value
field in octets. Parameter Value is a variable length field
that is interpreted according to the value of the Parameter
Type field.
[RFC3392] defines the Capabilities Optional Parameter.
The minimum length of the OPEN message is 29 octets (including the
message header).
4.3. UPDATE Message Format
UPDATE messages are used to transfer routing information between BGP
peers. The information in the UPDATE message can be used to
construct a graph that describes the relationships of the various
Autonomous Systems. By applying rules to be discussed, routing
Rekhter, et al. Standards Track [Page 14]
RFC 4271 BGP-4 January 2006
information loops and some other anomalies may be detected and
removed from inter-AS routing.
An UPDATE message is used to advertise feasible routes that share
common path attributes to a peer, or to withdraw multiple unfeasible
routes from service (see 3.1). An UPDATE message MAY simultaneously
advertise a feasible route and withdraw multiple unfeasible routes
from service. The UPDATE message always includes the fixed-size BGP
header, and also includes the other fields, as shown below (note,
some of the shown fields may not be present in every UPDATE message):
+-----------------------------------------------------+
| Withdrawn Routes Length (2 octets) |
+-----------------------------------------------------+
| Withdrawn Routes (variable) |
+-----------------------------------------------------+
| Total Path Attribute Length (2 octets) |
+-----------------------------------------------------+
| Path Attributes (variable) |
+-----------------------------------------------------+
| Network Layer Reachability Information (variable) |
+-----------------------------------------------------+
Withdrawn Routes Length:
This 2-octets unsigned integer indicates the total length of
the Withdrawn Routes field in octets. Its value allows the
length of the Network Layer Reachability Information field to
be determined, as specified below.
A value of 0 indicates that no routes are being withdrawn from
service, and that the WITHDRAWN ROUTES field is not present in
this UPDATE message.
Withdrawn Routes:
This is a variable-length field that contains a list of IP
address prefixes for the routes that are being withdrawn from
service. Each IP address prefix is encoded as a 2-tuple of the
form <length, prefix>, whose fields are described below:
+---------------------------+
| Length (1 octet) |
+---------------------------+
| Prefix (variable) |
+---------------------------+
Rekhter, et al. Standards Track [Page 15]
RFC 4271 BGP-4 January 2006
The use and the meaning of these fields are as follows:
a) Length:
The Length field indicates the length in bits of the IP
address prefix. A length of zero indicates a prefix that
matches all IP addresses (with prefix, itself, of zero
octets).
b) Prefix:
The Prefix field contains an IP address prefix, followed by
the minimum number of trailing bits needed to make the end
of the field fall on an octet boundary. Note that the value
of trailing bits is irrelevant.
Total Path Attribute Length:
This 2-octet unsigned integer indicates the total length of the
Path Attributes field in octets. Its value allows the length
of the Network Layer Reachability field to be determined as
specified below.
A value of 0 indicates that neither the Network Layer
Reachability Information field nor the Path Attribute field is
present in this UPDATE message.
Path Attributes:
A variable-length sequence of path attributes is present in
every UPDATE message, except for an UPDATE message that carries
only the withdrawn routes. Each path attribute is a triple
<attribute type, attribute length, attribute value> of variable
length.
Attribute Type is a two-octet field that consists of the
Attribute Flags octet, followed by the Attribute Type Code
octet.
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attr. Flags |Attr. Type Code|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The high-order bit (bit 0) of the Attribute Flags octet is the
Optional bit. It defines whether the attribute is optional (if
set to 1) or well-known (if set to 0).
Rekhter, et al. Standards Track [Page 16]
RFC 4271 BGP-4 January 2006
The second high-order bit (bit 1) of the Attribute Flags octet
is the Transitive bit. It defines whether an optional
attribute is transitive (if set to 1) or non-transitive (if set
to 0).
For well-known attributes, the Transitive bit MUST be set to 1.
(See Section 5 for a discussion of transitive attributes.)
The third high-order bit (bit 2) of the Attribute Flags octet
is the Partial bit. It defines whether the information
contained in the optional transitive attribute is partial (if
set to 1) or complete (if set to 0). For well-known attributes
and for optional non-transitive attributes, the Partial bit
MUST be set to 0.
The fourth high-order bit (bit 3) of the Attribute Flags octet
is the Extended Length bit. It defines whether the Attribute
Length is one octet (if set to 0) or two octets (if set to 1).
The lower-order four bits of the Attribute Flags octet are
unused. They MUST be zero when sent and MUST be ignored when
received.
The Attribute Type Code octet contains the Attribute Type Code.
Currently defined Attribute Type Codes are discussed in Section
5.
If the Extended Length bit of the Attribute Flags octet is set
to 0, the third octet of the Path Attribute contains the length
of the attribute data in octets.
If the Extended Length bit of the Attribute Flags octet is set
to 1, the third and fourth octets of the path attribute contain
the length of the attribute data in octets.
Rekhter, et al. Standards Track [Page 17]
RFC 4271 BGP-4 January 2006
The remaining octets of the Path Attribute represent the
attribute value and are interpreted according to the Attribute
Flags and the Attribute Type Code. The supported Attribute
Type Codes, and their attribute values and uses are as follows:
a) ORIGIN (Type Code 1):
ORIGIN is a well-known mandatory attribute that defines the
origin of the path information. The data octet can assume
the following values:
Value Meaning
0 IGP - Network Layer Reachability Information
is interior to the originating AS
1 EGP - Network Layer Reachability Information
learned via the EGP protocol [RFC904]
2 INCOMPLETE - Network Layer Reachability
Information learned by some other means
Usage of this attribute is defined in 5.1.1.
b) AS_PATH (Type Code 2):
AS_PATH is a well-known mandatory attribute that is composed
of a sequence of AS path segments. Each AS path segment is
represented by a triple <path segment type, path segment
length, path segment value>.
The path segment type is a 1-octet length field with the
following values defined:
Value Segment Type
1 AS_SET: unordered set of ASes a route in the
UPDATE message has traversed
2 AS_SEQUENCE: ordered set of ASes a route in
the UPDATE message has traversed
The path segment length is a 1-octet length field,
containing the number of ASes (not the number of octets) in
the path segment value field.
The path segment value field contains one or more AS
numbers, each encoded as a 2-octet length field.
Rekhter, et al. Standards Track [Page 18]
RFC 4271 BGP-4 January 2006
Usage of this attribute is defined in 5.1.2.
c) NEXT_HOP (Type Code 3):
This is a well-known mandatory attribute that defines the
(unicast) IP address of the router that SHOULD be used as
the next hop to the destinations listed in the Network Layer
Reachability Information field of the UPDATE message.
Usage of this attribute is defined in 5.1.3.
d) MULTI_EXIT_DISC (Type Code 4):
This is an optional non-transitive attribute that is a
four-octet unsigned integer. The value of this attribute
MAY be used by a BGP speaker's Decision Process to
discriminate among multiple entry points to a neighboring
autonomous system.
Usage of this attribute is defined in 5.1.4.
e) LOCAL_PREF (Type Code 5):
LOCAL_PREF is a well-known attribute that is a four-octet
unsigned integer. A BGP speaker uses it to inform its other
internal peers of the advertising speaker's degree of
preference for an advertised route.
Usage of this attribute is defined in 5.1.5.
f) ATOMIC_AGGREGATE (Type Code 6)
ATOMIC_AGGREGATE is a well-known discretionary attribute of
length 0.
Usage of this attribute is defined in 5.1.6.
g) AGGREGATOR (Type Code 7)
AGGREGATOR is an optional transitive attribute of length 6.
The attribute contains the last AS number that formed the
aggregate route (encoded as 2 octets), followed by the IP
address of the BGP speaker that formed the aggregate route
(encoded as 4 octets). This SHOULD be the same address as
the one used for the BGP Identifier of the speaker.
Usage of this attribute is defined in 5.1.7.
Rekhter, et al. Standards Track [Page 19]
RFC 4271 BGP-4 January 2006
Network Layer Reachability Information:
This variable length field contains a list of IP address
prefixes. The length, in octets, of the Network Layer
Reachability Information is not encoded explicitly, but can be
calculated as:
UPDATE message Length - 23 - Total Path Attributes Length
- Withdrawn Routes Length
where UPDATE message Length is the value encoded in the fixed-
size BGP header, Total Path Attribute Length, and Withdrawn
Routes Length are the values encoded in the variable part of
the UPDATE message, and 23 is a combined length of the fixed-
size BGP header, the Total Path Attribute Length field, and the
Withdrawn Routes Length field.
Reachability information is encoded as one or more 2-tuples of
the form <length, prefix>, whose fields are described below:
+---------------------------+
| Length (1 octet) |
+---------------------------+
| Prefix (variable) |
+---------------------------+
The use and the meaning of these fields are as follows:
a) Length:
The Length field indicates the length in bits of the IP
address prefix. A length of zero indicates a prefix that
matches all IP addresses (with prefix, itself, of zero
octets).
b) Prefix:
The Prefix field contains an IP address prefix, followed by
enough trailing bits to make the end of the field fall on an
octet boundary. Note that the value of the trailing bits is
irrelevant.
The minimum length of the UPDATE message is 23 octets -- 19 octets
for the fixed header + 2 octets for the Withdrawn Routes Length + 2
octets for the Total Path Attribute Length (the value of Withdrawn
Routes Length is 0 and the value of Total Path Attribute Length is
0).
Rekhter, et al. Standards Track [Page 20]
RFC 4271 BGP-4 January 2006
An UPDATE message can advertise, at most, one set of path attributes,
but multiple destinations, provided that the destinations share these
attributes. All path attributes contained in a given UPDATE message
apply to all destinations carried in the NLRI field of the UPDATE
message.
An UPDATE message can list multiple routes that are to be withdrawn
from service. Each such route is identified by its destination
(expressed as an IP prefix), which unambiguously identifies the route
in the context of the BGP speaker - BGP speaker connection to which
it has been previously advertised.
An UPDATE message might advertise only routes that are to be
withdrawn from service, in which case the message will not include
path attributes or Network Layer Reachability Information.
Conversely, it may advertise only a feasible route, in which case the
WITHDRAWN ROUTES field need not be present.
An UPDATE message SHOULD NOT include the same address prefix in the
WITHDRAWN ROUTES and Network Layer Reachability Information fields.
However, a BGP speaker MUST be able to process UPDATE messages in
this form. A BGP speaker SHOULD treat an UPDATE message of this form
as though the WITHDRAWN ROUTES do not contain the address prefix.
4.4. KEEPALIVE Message Format
BGP does not use any TCP-based, keep-alive mechanism to determine if
peers are reachable. Instead, KEEPALIVE messages are exchanged
between peers often enough not to cause the Hold Timer to expire. A
reasonable maximum time between KEEPALIVE messages would be one third
of the Hold Time interval. KEEPALIVE messages MUST NOT be sent more
frequently than one per second. An implementation MAY adjust the
rate at which it sends KEEPALIVE messages as a function of the Hold
Time interval.
If the negotiated Hold Time interval is zero, then periodic KEEPALIVE
messages MUST NOT be sent.
A KEEPALIVE message consists of only the message header and has a
length of 19 octets.
4.5. NOTIFICATION Message Format
A NOTIFICATION message is sent when an error condition is detected.
The BGP connection is closed immediately after it is sent.
Rekhter, et al. Standards Track [Page 21]
RFC 4271 BGP-4 January 2006
In addition to the fixed-size BGP header, the NOTIFICATION message
contains the following fields:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error code | Error subcode | Data (variable) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Error Code:
This 1-octet unsigned integer indicates the type of
NOTIFICATION. The following Error Codes have been defined:
Error Code Symbolic Name Reference
1 Message Header Error Section 6.1
2 OPEN Message Error Section 6.2
3 UPDATE Message Error Section 6.3
4 Hold Timer Expired Section 6.5
5 Finite State Machine Error Section 6.6
6 Cease Section 6.7
Error subcode:
This 1-octet unsigned integer provides more specific
information about the nature of the reported error. Each Error
Code may have one or more Error Subcodes associated with it.
If no appropriate Error Subcode is defined, then a zero
(Unspecific) value is used for the Error Subcode field.
Message Header Error subcodes:
1 - Connection Not Synchronized.
2 - Bad Message Length.
3 - Bad Message Type.
Rekhter, et al. Standards Track [Page 22]
RFC 4271 BGP-4 January 2006
OPEN Message Error subcodes:
1 - Unsupported Version Number.
2 - Bad Peer AS.
3 - Bad BGP Identifier.
4 - Unsupported Optional Parameter.
5 - [Deprecated - see Appendix A].
6 - Unacceptable Hold Time.
UPDATE Message Error subcodes:
1 - Malformed Attribute List.
2 - Unrecognized Well-known Attribute.
3 - Missing Well-known Attribute.
4 - Attribute Flags Error.
5 - Attribute Length Error.
6 - Invalid ORIGIN Attribute.
7 - [Deprecated - see Appendix A].
8 - Invalid NEXT_HOP Attribute.
9 - Optional Attribute Error.
10 - Invalid Network Field.
11 - Malformed AS_PATH.
Data:
This variable-length field is used to diagnose the reason for
the NOTIFICATION. The contents of the Data field depend upon
the Error Code and Error Subcode. See Section 6 for more
details.
Note that the length of the Data field can be determined from
the message Length field by the formula:
Message Length = 21 + Data Length
The minimum length of the NOTIFICATION message is 21 octets
(including message header).
5. Path Attributes
This section discusses the path attributes of the UPDATE message.
Path attributes fall into four separate categories:
1. Well-known mandatory.
2. Well-known discretionary.
3. Optional transitive.
4. Optional non-transitive.
Rekhter, et al. Standards Track [Page 23]
RFC 4271 BGP-4 January 2006
BGP implementations MUST recognize all well-known attributes. Some
of these attributes are mandatory and MUST be included in every
UPDATE message that contains NLRI. Others are discretionary and MAY
or MAY NOT be sent in a particular UPDATE message.
Once a BGP peer has updated any well-known attributes, it MUST pass
these attributes to its peers in any updates it transmits.
In addition to well-known attributes, each path MAY contain one or
more optional attributes. It is not required or expected that all
BGP implementations support all optional attributes. The handling of
an unrecognized optional attribute is determined by the setting of
the Transitive bit in the attribute flags octet. Paths with
unrecognized transitive optional attributes SHOULD be accepted. If a
path with an unrecognized transitive optional attribute is accepted
and passed to other BGP peers, then the unrecognized transitive
optional attribute of that path MUST be passed, along with the path,
to other BGP peers with the Partial bit in the Attribute Flags octet
set to 1. If a path with a recognized, transitive optional attribute
is accepted and passed along to other BGP peers and the Partial bit
in the Attribute Flags octet is set to 1 by some previous AS, it MUST
NOT be set back to 0 by the current AS. Unrecognized non-transitive
optional attributes MUST be quietly ignored and not passed along to
other BGP peers.
New, transitive optional attributes MAY be attached to the path by
the originator or by any other BGP speaker in the path. If they are
not attached by the originator, the Partial bit in the Attribute
Flags octet is set to 1. The rules for attaching new non-transitive
optional attributes will depend on the nature of the specific
attribute. The documentation of each new non-transitive optional
attribute will be expected to include such rules (the description of
the MULTI_EXIT_DISC attribute gives an example). All optional
attributes (both transitive and non-transitive), MAY be updated (if
appropriate) by BGP speakers in the path.
The sender of an UPDATE message SHOULD order path attributes within
the UPDATE message in ascending order of attribute type. The
receiver of an UPDATE message MUST be prepared to handle path
attributes within UPDATE messages that are out of order.
The same attribute (attribute with the same type) cannot appear more
than once within the Path Attributes field of a particular UPDATE
message.
Rekhter, et al. Standards Track [Page 24]
RFC 4271 BGP-4 January 2006
The mandatory category refers to an attribute that MUST be present in
both IBGP and EBGP exchanges if NLRI are contained in the UPDATE
message. Attributes classified as optional for the purpose of the
protocol extension mechanism may be purely discretionary,
discretionary, required, or disallowed in certain contexts.
attribute EBGP IBGP
ORIGIN mandatory mandatory
AS_PATH mandatory mandatory
NEXT_HOP mandatory mandatory
MULTI_EXIT_DISC discretionary discretionary
LOCAL_PREF see Section 5.1.5 required
ATOMIC_AGGREGATE see Section 5.1.6 and 9.1.4
AGGREGATOR discretionary discretionary
5.1. Path Attribute Usage
The usage of each BGP path attribute is described in the following
clauses.
5.1.1. ORIGIN
ORIGIN is a well-known mandatory attribute. The ORIGIN attribute is
generated by the speaker that originates the associated routing
information. Its value SHOULD NOT be changed by any other speaker.
5.1.2. AS_PATH
AS_PATH is a well-known mandatory attribute. This attribute
identifies the autonomous systems through which routing information
carried in this UPDATE message has passed. The components of this
list can be AS_SETs or AS_SEQUENCEs.
When a BGP speaker propagates a route it learned from another BGP
speaker's UPDATE message, it modifies the route's AS_PATH attribute
based on the location of the BGP speaker to which the route will be
sent:
a) When a given BGP speaker advertises the route to an internal
peer, the advertising speaker SHALL NOT modify the AS_PATH
attribute associated with the route.
b) When a given BGP speaker advertises the route to an external
peer, the advertising speaker updates the AS_PATH attribute as
follows:
Rekhter, et al. Standards Track [Page 25]
RFC 4271 BGP-4 January 2006
1) if the first path segment of the AS_PATH is of type
AS_SEQUENCE, the local system prepends its own AS number as
the last element of the sequence (put it in the leftmost
position with respect to the position of octets in the
protocol message). If the act of prepending will cause an
overflow in the AS_PATH segment (i.e., more than 255 ASes),
it SHOULD prepend a new segment of type AS_SEQUENCE and
prepend its own AS number to this new segment.
2) if the first path segment of the AS_PATH is of type AS_SET,
the local system prepends a new path segment of type
AS_SEQUENCE to the AS_PATH, including its own AS number in
that segment.
3) if the AS_PATH is empty, the local system creates a path
segment of type AS_SEQUENCE, places its own AS into that
segment, and places that segment into the AS_PATH.
When a BGP speaker originates a route then:
a) the originating speaker includes its own AS number in a path
segment, of type AS_SEQUENCE, in the AS_PATH attribute of all
UPDATE messages sent to an external peer. In this case, the AS
number of the originating speaker's autonomous system will be
the only entry the path segment, and this path segment will be
the only segment in the AS_PATH attribute.
b) the originating speaker includes an empty AS_PATH attribute in
all UPDATE messages sent to internal peers. (An empty AS_PATH
attribute is one whose length field contains the value zero).
Whenever the modification of the AS_PATH attribute calls for
including or prepending the AS number of the local system, the local
system MAY include/prepend more than one instance of its own AS
number in the AS_PATH attribute. This is controlled via local
configuration.
5.1.3. NEXT_HOP
The NEXT_HOP is a well-known mandatory attribute that defines the IP
address of the router that SHOULD be used as the next hop to the
destinations listed in the UPDATE message. The NEXT_HOP attribute is
calculated as follows:
1) When sending a message to an internal peer, if the route is not
locally originated, the BGP speaker SHOULD NOT modify the
NEXT_HOP attribute unless it has been explicitly configured to
announce its own IP address as the NEXT_HOP. When announcing a
Rekhter, et al. Standards Track [Page 26]
RFC 4271 BGP-4 January 2006
locally-originated route to an internal peer, the BGP speaker
SHOULD use the interface address of the router through which
the announced network is reachable for the speaker as the
NEXT_HOP. If the route is directly connected to the speaker,
or if the interface address of the router through which the
announced network is reachable for the speaker is the internal
peer's address, then the BGP speaker SHOULD use its own IP
address for the NEXT_HOP attribute (the address of the
interface that is used to reach the peer).
2) When sending a message to an external peer, X, and the peer is
one IP hop away from the speaker:
- If the route being announced was learned from an internal
peer or is locally originated, the BGP speaker can use an
interface address of the internal peer router (or the
internal router) through which the announced network is
reachable for the speaker for the NEXT_HOP attribute,
provided that peer X shares a common subnet with this
address. This is a form of "third party" NEXT_HOP attribute.
- Otherwise, if the route being announced was learned from an
external peer, the speaker can use an IP address of any
adjacent router (known from the received NEXT_HOP attribute)
that the speaker itself uses for local route calculation in
the NEXT_HOP attribute, provided that peer X shares a common
subnet with this address. This is a second form of "third
party" NEXT_HOP attribute.
- Otherwise, if the external peer to which the route is being
advertised shares a common subnet with one of the interfaces
of the announcing BGP speaker, the speaker MAY use the IP
address associated with such an interface in the NEXT_HOP
attribute. This is known as a "first party" NEXT_HOP
attribute.
- By default (if none of the above conditions apply), the BGP
speaker SHOULD use the IP address of the interface that the
speaker uses to establish the BGP connection to peer X in the
NEXT_HOP attribute.
3) When sending a message to an external peer X, and the peer is
multiple IP hops away from the speaker (aka "multihop EBGP"):
- The speaker MAY be configured to propagate the NEXT_HOP
attribute. In this case, when advertising a route that the
speaker learned from one of its peers, the NEXT_HOP attribute
of the advertised route is exactly the same as the NEXT_HOP
Rekhter, et al. Standards Track [Page 27]
RFC 4271 BGP-4 January 2006
attribute of the learned route (the speaker does not modify
the NEXT_HOP attribute).
- By default, the BGP speaker SHOULD use the IP address of the
interface that the speaker uses in the NEXT_HOP attribute to
establish the BGP connection to peer X.
Normally, the NEXT_HOP attribute is chosen such that the shortest
available path will be taken. A BGP speaker MUST be able to support
the disabling advertisement of third party NEXT_HOP attributes in
order to handle imperfectly bridged media.
A route originated by a BGP speaker SHALL NOT be advertised to a peer
using an address of that peer as NEXT_HOP. A BGP speaker SHALL NOT
install a route with itself as the next hop.
The NEXT_HOP attribute is used by the BGP speaker to determine the
actual outbound interface and immediate next-hop address that SHOULD
be used to forward transit packets to the associated destinations.
The immediate next-hop address is determined by performing a
recursive route lookup operation for the IP address in the NEXT_HOP
attribute, using the contents of the Routing Table, selecting one
entry if multiple entries of equal cost exist. The Routing Table
entry that resolves the IP address in the NEXT_HOP attribute will
always specify the outbound interface. If the entry specifies an
attached subnet, but does not specify a next-hop address, then the
address in the NEXT_HOP attribute SHOULD be used as the immediate
next-hop address. If the entry also specifies the next-hop address,
this address SHOULD be used as the immediate next-hop address for
packet forwarding.
5.1.4. MULTI_EXIT_DISC
The MULTI_EXIT_DISC is an optional non-transitive attribute that is
intended to be used on external (inter-AS) links to discriminate
among multiple exit or entry points to the same neighboring AS. The
value of the MULTI_EXIT_DISC attribute is a four-octet unsigned
number, called a metric. All other factors being equal, the exit
point with the lower metric SHOULD be preferred. If received over
EBGP, the MULTI_EXIT_DISC attribute MAY be propagated over IBGP to
other BGP speakers within the same AS (see also 9.1.2.2). The
MULTI_EXIT_DISC attribute received from a neighboring AS MUST NOT be
propagated to other neighboring ASes.
A BGP speaker MUST implement a mechanism (based on local
configuration) that allows the MULTI_EXIT_DISC attribute to be
removed from a route. If a BGP speaker is configured to remove the
Rekhter, et al. Standards Track [Page 28]
RFC 4271 BGP-4 January 2006
MULTI_EXIT_DISC attribute from a route, then this removal MUST be
done prior to determining the degree of preference of the route and
prior to performing route selection (Decision Process phases 1 and
2).
An implementation MAY also (based on local configuration) alter the
value of the MULTI_EXIT_DISC attribute received over EBGP. If a BGP
speaker is configured to alter the value of the MULTI_EXIT_DISC
attribute received over EBGP, then altering the value MUST be done
prior to determining the degree of preference of the route and prior
to performing route selection (Decision Process phases 1 and 2). See
Section 9.1.2.2 for necessary restrictions on this.
5.1.5. LOCAL_PREF
LOCAL_PREF is a well-known attribute that SHALL be included in all
UPDATE messages that a given BGP speaker sends to other internal
peers. A BGP speaker SHALL calculate the degree of preference for
each external route based on the locally-configured policy, and
include the degree of preference when advertising a route to its
internal peers. The higher degree of preference MUST be preferred.
A BGP speaker uses the degree of preference learned via LOCAL_PREF in
its Decision Process (see Section 9.1.1).
A BGP speaker MUST NOT include this attribute in UPDATE messages it
sends to external peers, except in the case of BGP Confederations
[RFC3065]. If it is contained in an UPDATE message that is received
from an external peer, then this attribute MUST be ignored by the
receiving speaker, except in the case of BGP Confederations
[RFC3065].
5.1.6. ATOMIC_AGGREGATE
ATOMIC_AGGREGATE is a well-known discretionary attribute.
When a BGP speaker aggregates several routes for the purpose of
advertisement to a particular peer, the AS_PATH of the aggregated
route normally includes an AS_SET formed from the set of ASes from
which the aggregate was formed. In many cases, the network
administrator can determine if the aggregate can safely be advertised
without the AS_SET, and without forming route loops.
If an aggregate excludes at least some of the AS numbers present in
the AS_PATH of the routes that are aggregated as a result of dropping
the AS_SET, the aggregated route, when advertised to the peer, SHOULD
include the ATOMIC_AGGREGATE attribute.
Rekhter, et al. Standards Track [Page 29]
RFC 4271 BGP-4 January 2006
A BGP speaker that receives a route with the ATOMIC_AGGREGATE
attribute SHOULD NOT remove the attribute when propagating the route
to other speakers.
A BGP speaker that receives a route with the ATOMIC_AGGREGATE
attribute MUST NOT make any NLRI of that route more specific (as
defined in 9.1.4) when advertising this route to other BGP speakers.
A BGP speaker that receives a route with the ATOMIC_AGGREGATE
attribute needs to be aware of the fact that the actual path to
destinations, as specified in the NLRI of the route, while having the
loop-free property, may not be the path specified in the AS_PATH
attribute of the route.
5.1.7. AGGREGATOR
AGGREGATOR is an optional transitive attribute, which MAY be included
in updates that are formed by aggregation (see Section 9.2.2.2). A
BGP speaker that performs route aggregation MAY add the AGGREGATOR
attribute, which SHALL contain its own AS number and IP address. The
IP address SHOULD be the same as the BGP Identifier of the speaker.
6. BGP Error Handling.
This section describes actions to be taken when errors are detected
while processing BGP messages.
When any of the conditions described here are detected, a
NOTIFICATION message, with the indicated Error Code, Error Subcode,
and Data fields, is sent, and the BGP connection is closed (unless it
is explicitly stated that no NOTIFICATION message is to be sent and
the BGP connection is not to be closed). If no Error Subcode is
specified, then a zero MUST be used.
The phrase "the BGP connection is closed" means the TCP connection
has been closed, the associated Adj-RIB-In has been cleared, and all
resources for that BGP connection have been deallocated. Entries in
the Loc-RIB associated with the remote peer are marked as invalid.
The local system recalculates its best routes for the destinations of
the routes marked as invalid. Before the invalid routes are deleted
from the system, it advertises, to its peers, either withdraws for
the routes marked as invalid, or the new best routes before the
invalid routes are deleted from the system.
Unless specified explicitly, the Data field of the NOTIFICATION
message that is sent to indicate an error is empty.
Rekhter, et al. Standards Track [Page 30]
RFC 4271 BGP-4 January 2006
6.1. Message Header Error Handling
All errors detected while processing the Message Header MUST be
indicated by sending the NOTIFICATION message with the Error Code
Message Header Error. The Error Subcode elaborates on the specific
nature of the error.
The expected value of the Marker field of the message header is all
ones. If the Marker field of the message header is not as expected,
then a synchronization error has occurred and the Error Subcode MUST
be set to Connection Not Synchronized.
If at least one of the following is true:
- if the Length field of the message header is less than 19 or
greater than 4096, or
- if the Length field of an OPEN message is less than the minimum
length of the OPEN message, or
- if the Length field of an UPDATE message is less than the
minimum length of the UPDATE message, or
- if the Length field of a KEEPALIVE message is not equal to 19,
or
- if the Length field of a NOTIFICATION message is less than the
minimum length of the NOTIFICATION message,
then the Error Subcode MUST be set to Bad Message Length. The Data
field MUST contain the erroneous Length field.
If the Type field of the message header is not recognized, then the
Error Subcode MUST be set to Bad Message Type. The Data field MUST
contain the erroneous Type field.
6.2. OPEN Message Error Handling
All errors detected while processing the OPEN message MUST be
indicated by sending the NOTIFICATION message with the Error Code
OPEN Message Error. The Error Subcode elaborates on the specific
nature of the error.
If the version number in the Version field of the received OPEN
message is not supported, then the Error Subcode MUST be set to
Unsupported Version Number. The Data field is a 2-octet unsigned
integer, which indicates the largest, locally-supported version
number less than the version the remote BGP peer bid (as indicated in
Rekhter, et al. Standards Track [Page 31]
RFC 4271 BGP-4 January 2006
the received OPEN message), or if the smallest, locally-supported
version number is greater than the version the remote BGP peer bid,
then the smallest, locally-supported version number.
If the Autonomous System field of the OPEN message is unacceptable,
then the Error Subcode MUST be set to Bad Peer AS. The determination
of acceptable Autonomous System numbers is outside the scope of this
protocol.
If the Hold Time field of the OPEN message is unacceptable, then the
Error Subcode MUST be set to Unacceptable Hold Time. An
implementation MUST reject Hold Time values of one or two seconds.
An implementation MAY reject any proposed Hold Time. An
implementation that accepts a Hold Time MUST use the negotiated value
for the Hold Time.
If the BGP Identifier field of the OPEN message is syntactically
incorrect, then the Error Subcode MUST be set to Bad BGP Identifier.
Syntactic correctness means that the BGP Identifier field represents
a valid unicast IP host address.
If one of the Optional Parameters in the OPEN message is not
recognized, then the Error Subcode MUST be set to Unsupported
Optional Parameters.
If one of the Optional Parameters in the OPEN message is recognized,
but is malformed, then the Error Subcode MUST be set to 0
(Unspecific).
6.3. UPDATE Message Error Handling
All errors detected while processing the UPDATE message MUST be
indicated by sending the NOTIFICATION message with the Error Code
UPDATE Message Error. The error subcode elaborates on the specific
nature of the error.
Error checking of an UPDATE message begins by examining the path
attributes. If the Withdrawn Routes Length or Total Attribute Length
is too large (i.e., if Withdrawn Routes Length + Total Attribute
Length + 23 exceeds the message Length), then the Error Subcode MUST
be set to Malformed Attribute List.
If any recognized attribute has Attribute Flags that conflict with
the Attribute Type Code, then the Error Subcode MUST be set to
Attribute Flags Error. The Data field MUST contain the erroneous
attribute (type, length, and value).
Rekhter, et al. Standards Track [Page 32]
RFC 4271 BGP-4 January 2006
If any recognized attribute has an Attribute Length that conflicts
with the expected length (based on the attribute type code), then the
Error Subcode MUST be set to Attribute Length Error. The Data field
MUST contain the erroneous attribute (type, length, and value).
If any of the well-known mandatory attributes are not present, then
the Error Subcode MUST be set to Missing Well-known Attribute. The
Data field MUST contain the Attribute Type Code of the missing,
well-known attribute.
If any of the well-known mandatory attributes are not recognized,
then the Error Subcode MUST be set to Unrecognized Well-known
Attribute. The Data field MUST contain the unrecognized attribute
(type, length, and value).
If the ORIGIN attribute has an undefined value, then the Error Sub-
code MUST be set to Invalid Origin Attribute. The Data field MUST
contain the unrecognized attribute (type, length, and value).
If the NEXT_HOP attribute field is syntactically incorrect, then the
Error Subcode MUST be set to Invalid NEXT_HOP Attribute. The Data
field MUST contain the incorrect attribute (type, length, and value).
Syntactic correctness means that the NEXT_HOP attribute represents a
valid IP host address.
The IP address in the NEXT_HOP MUST meet the following criteria to be
considered semantically correct:
a) It MUST NOT be the IP address of the receiving speaker.
b) In the case of an EBGP, where the sender and receiver are one
IP hop away from each other, either the IP address in the
NEXT_HOP MUST be the sender's IP address that is used to
establish the BGP connection, or the interface associated with
the NEXT_HOP IP address MUST share a common subnet with the
receiving BGP speaker.
If the NEXT_HOP attribute is semantically incorrect, the error SHOULD
be logged, and the route SHOULD be ignored. In this case, a
NOTIFICATION message SHOULD NOT be sent, and the connection SHOULD
NOT be closed.
The AS_PATH attribute is checked for syntactic correctness. If the
path is syntactically incorrect, then the Error Subcode MUST be set
to Malformed AS_PATH.
Rekhter, et al. Standards Track [Page 33]
RFC 4271 BGP-4 January 2006
If the UPDATE message is received from an external peer, the local
system MAY check whether the leftmost (with respect to the position
of octets in the protocol message) AS in the AS_PATH attribute is
equal to the autonomous system number of the peer that sent the
message. If the check determines this is not the case, the Error
Subcode MUST be set to Malformed AS_PATH.
If an optional attribute is recognized, then the value of this
attribute MUST be checked. If an error is detected, the attribute
MUST be discarded, and the Error Subcode MUST be set to Optional
Attribute Error. The Data field MUST contain the attribute (type,
length, and value).
If any attribute appears more than once in the UPDATE message, then
the Error Subcode MUST be set to Malformed Attribute List.
The NLRI field in the UPDATE message is checked for syntactic
validity. If the field is syntactically incorrect, then the Error
Subcode MUST be set to Invalid Network Field.
If a prefix in the NLRI field is semantically incorrect (e.g., an
unexpected multicast IP address), an error SHOULD be logged locally,
and the prefix SHOULD be ignored.
An UPDATE message that contains correct path attributes, but no NLRI,
SHALL be treated as a valid UPDATE message.
6.4. NOTIFICATION Message Error Handling
If a peer sends a NOTIFICATION message, and the receiver of the
message detects an error in that message, the receiver cannot use a
NOTIFICATION message to report this error back to the peer. Any such
error (e.g., an unrecognized Error Code or Error Subcode) SHOULD be
noticed, logged locally, and brought to the attention of the
administration of the peer. The means to do this, however, lies
outside the scope of this document.
6.5. Hold Timer Expired Error Handling
If a system does not receive successive KEEPALIVE, UPDATE, and/or
NOTIFICATION messages within the period specified in the Hold Time
field of the OPEN message, then the NOTIFICATION message with the
Hold Timer Expired Error Code is sent and the BGP connection is
closed.
Rekhter, et al. Standards Track [Page 34]
RFC 4271 BGP-4 January 2006
6.6. Finite State Machine Error Handling
Any error detected by the BGP Finite State Machine (e.g., receipt of
an unexpected event) is indicated by sending the NOTIFICATION message
with the Error Code Finite State Machine Error.
6.7. Cease
In the absence of any fatal errors (that are indicated in this
section), a BGP peer MAY choose, at any given time, to close its BGP
connection by sending the NOTIFICATION message with the Error Code
Cease. However, the Cease NOTIFICATION message MUST NOT be used when
a fatal error indicated by this section does exist.
A BGP speaker MAY support the ability to impose a locally-configured,
upper bound on the number of address prefixes the speaker is willing
to accept from a neighbor. When the upper bound is reached, the
speaker, under control of local configuration, either (a) discards
new address prefixes from the neighbor (while maintaining the BGP
connection with the neighbor), or (b) terminates the BGP connection
with the neighbor. If the BGP speaker decides to terminate its BGP
connection with a neighbor because the number of address prefixes
received from the neighbor exceeds the locally-configured, upper
bound, then the speaker MUST send the neighbor a NOTIFICATION message
with the Error Code Cease. The speaker MAY also log this locally.
6.8. BGP Connection Collision Detection
If a pair of BGP speakers try to establish a BGP connection with each
other simultaneously, then two parallel connections well be formed.
If the source IP address used by one of these connections is the same
as the destination IP address used by the other, and the destination
IP address used by the first connection is the same as the source IP
address used by the other, connection collision has occurred. In the
event of connection collision, one of the connections MUST be closed.
Based on the value of the BGP Identifier, a convention is established
for detecting which BGP connection is to be preserved when a
collision occurs. The convention is to compare the BGP Identifiers
of the peers involved in the collision and to retain only the
connection initiated by the BGP speaker with the higher-valued BGP
Identifier.
Upon receipt of an OPEN message, the local system MUST examine all of
its connections that are in the OpenConfirm state. A BGP speaker MAY
also examine connections in an OpenSent state if it knows the BGP
Identifier of the peer by means outside of the protocol. If, among
these connections, there is a connection to a remote BGP speaker
Rekhter, et al. Standards Track [Page 35]
RFC 4271 BGP-4 January 2006
whose BGP Identifier equals the one in the OPEN message, and this
connection collides with the connection over which the OPEN message
is received, then the local system performs the following collision
resolution procedure:
1) The BGP Identifier of the local system is compared to the BGP
Identifier of the remote system (as specified in the OPEN
message). Comparing BGP Identifiers is done by converting them
to host byte order and treating them as 4-octet unsigned
integers.
2) If the value of the local BGP Identifier is less than the
remote one, the local system closes the BGP connection that
already exists (the one that is already in the OpenConfirm
state), and accepts the BGP connection initiated by the remote
system.
3) Otherwise, the local system closes the newly created BGP
connection (the one associated with the newly received OPEN
message), and continues to use the existing one (the one that
is already in the OpenConfirm state).
Unless allowed via configuration, a connection collision with an
existing BGP connection that is in the Established state causes
closing of the newly created connection.
Note that a connection collision cannot be detected with connections
that are in Idle, Connect, or Active states.
Closing the BGP connection (that results from the collision
resolution procedure) is accomplished by sending the NOTIFICATION
message with the Error Code Cease.
7. BGP Version Negotiation
BGP speakers MAY negotiate the version of the protocol by making
multiple attempts at opening a BGP connection, starting with the
highest version number each BGP speaker supports. If an open attempt
fails with an Error Code, OPEN Message Error, and an Error Subcode,
Unsupported Version Number, then the BGP speaker has available the
version number it tried, the version number its peer tried, the
version number passed by its peer in the NOTIFICATION message, and
the version numbers it supports. If the two peers do support one or
more common versions, then this will allow them to rapidly determine
the highest common version. In order to support BGP version
negotiation, future versions of BGP MUST retain the format of the
OPEN and NOTIFICATION messages.
Rekhter, et al. Standards Track [Page 36]
RFC 4271 BGP-4 January 2006
8. BGP Finite State Machine (FSM)
The data structures and FSM described in this document are conceptual
and do not have to be implemented precisely as described here, as
long as the implementations support the described functionality and
they exhibit the same externally visible behavior.
This section specifies the BGP operation in terms of a Finite State
Machine (FSM). The section falls into two parts:
1) Description of Events for the State machine (Section 8.1)
2) Description of the FSM (Section 8.2)
Session attributes required (mandatory) for each connection are:
1) State
2) ConnectRetryCounter
3) ConnectRetryTimer
4) ConnectRetryTime
5) HoldTimer
6) HoldTime
7) KeepaliveTimer
8) KeepaliveTime
The state session attribute indicates the current state of the BGP
FSM. The ConnectRetryCounter indicates the number of times a BGP
peer has tried to establish a peer session.
The mandatory attributes related to timers are described in Section
10. Each timer has a "timer" and a "time" (the initial value).
The optional Session attributes are listed below. These optional
attributes may be supported, either per connection or per local
system:
1) AcceptConnectionsUnconfiguredPeers
2) AllowAutomaticStart
3) AllowAutomaticStop
4) CollisionDetectEstablishedState
5) DampPeerOscillations
6) DelayOpen
7) DelayOpenTime
8) DelayOpenTimer
9) IdleHoldTime
10) IdleHoldTimer
11) PassiveTcpEstablishment
12) SendNOTIFICATIONwithoutOPEN
13) TrackTcpState
Rekhter, et al. Standards Track [Page 37]
RFC 4271 BGP-4 January 2006
The optional session attributes support different features of the BGP
functionality that have implications for the BGP FSM state
transitions. Two groups of the attributes which relate to timers
are:
group 1: DelayOpen, DelayOpenTime, DelayOpenTimer
group 2: DampPeerOscillations, IdleHoldTime, IdleHoldTimer
The first parameter (DelayOpen, DampPeerOscillations) is an optional
attribute that indicates that the Timer function is active. The
"Time" value specifies the initial value for the "Timer"
(DelayOpenTime, IdleHoldTime). The "Timer" specifies the actual
timer.
Please refer to Section 8.1.1 for an explanation of the interaction
between these optional attributes and the events signaled to the
state machine. Section 8.2.1.3 also provides a short overview of the
different types of optional attributes (flags or timers).
8.1. Events for the BGP FSM
8.1.1. Optional Events Linked to Optional Session Attributes
The Inputs to the BGP FSM are events. Events can either be mandatory
or optional. Some optional events are linked to optional session
attributes. Optional session attributes enable several groups of FSM
functionality.
The linkage between FSM functionality, events, and the optional
session attributes are described below.
Group 1: Automatic Administrative Events (Start/Stop)
Optional Session Attributes: AllowAutomaticStart,
AllowAutomaticStop,
DampPeerOscillations,
IdleHoldTime, IdleHoldTimer
Option 1: AllowAutomaticStart
Description: A BGP peer connection can be started and stopped
by administrative control. This administrative
control can either be manual, based on operator
intervention, or under the control of logic that
is specific to a BGP implementation. The term
"automatic" refers to a start being issued to the
BGP peer connection FSM when such logic determines
that the BGP peer connection should be restarted.
Rekhter, et al. Standards Track [Page 38]
RFC 4271 BGP-4 January 2006
The AllowAutomaticStart attribute specifies that
this BGP connection supports automatic starting of
the BGP connection.
If the BGP implementation supports
AllowAutomaticStart, the peer may be repeatedly
restarted. Three other options control the rate
at which the automatic restart occurs:
DampPeerOscillations, IdleHoldTime, and the
IdleHoldTimer.
The DampPeerOscillations option specifies that the
implementation engages additional logic to damp
the oscillations of BGP peers in the face of
sequences of automatic start and automatic stop.
IdleHoldTime specifies the length of time the BGP
peer is held in the Idle state prior to allowing
the next automatic restart. The IdleHoldTimer is
the timer that holds the peer in Idle state.
An example of DampPeerOscillations logic is an
increase of the IdleHoldTime value if a BGP peer
oscillates connectivity (connected/disconnected)
repeatedly within a time period. To engage this
logic, a peer could connect and disconnect 10
times within 5 minutes. The IdleHoldTime value
would be reset from 0 to 120 seconds.
Values: TRUE or FALSE
Option 2: AllowAutomaticStop
Description: This BGP peer session optional attribute indicates
that the BGP connection allows "automatic"
stopping of the BGP connection. An "automatic"
stop is defined as a stop under the control of
implementation-specific logic. The
implementation-specific logic is outside the scope
of this specification.
Values: TRUE or FALSE
Option 3: DampPeerOscillations
Description: The DampPeerOscillations optional session
attribute indicates that the BGP connection is
using logic that damps BGP peer oscillations in
the Idle State.
Rekhter, et al. Standards Track [Page 39]
RFC 4271 BGP-4 January 2006
Value: TRUE or FALSE
Option 4: IdleHoldTime
Description: The IdleHoldTime is the value that is set in the
IdleHoldTimer.
Values: Time in seconds
Option 5: IdleHoldTimer
Description: The IdleHoldTimer aids in controlling BGP peer
oscillation. The IdleHoldTimer is used to keep
the BGP peer in Idle for a particular duration.
The IdleHoldTimer_Expires event is described in
Section 8.1.3.
Values: Time in seconds
Group 2: Unconfigured Peers
Optional Session Attributes: AcceptConnectionsUnconfiguredPeers
Option 1: AcceptConnectionsUnconfiguredPeers
Description: The BGP FSM optionally allows the acceptance of
BGP peer connections from neighbors that are not
pre-configured. The
"AcceptConnectionsUnconfiguredPeers" optional
session attribute allows the FSM to support the
state transitions that allow the implementation to
accept or reject these unconfigured peers.
The AcceptConnectionsUnconfiguredPeers has
security implications. Please refer to the BGP
Vulnerabilities document [RFC4272] for details.
Value: True or False
Group 3: TCP processing
Optional Session Attributes: PassiveTcpEstablishment,
TrackTcpState
Option 1: PassiveTcpEstablishment
Rekhter, et al. Standards Track [Page 40]
RFC 4271 BGP-4 January 2006
Description: This option indicates that the BGP FSM will
passively wait for the remote BGP peer to
establish the BGP TCP connection.
value: TRUE or FALSE
Option 2: TrackTcpState
Description: The BGP FSM normally tracks the end result of a
TCP connection attempt rather than individual TCP
messages. Optionally, the BGP FSM can support
additional interaction with the TCP connection
negotiation. The interaction with the TCP events
may increase the amount of logging the BGP peer
connection requires and the number of BGP FSM
changes.
Value: TRUE or FALSE
Group 4: BGP Message Processing
Optional Session Attributes: DelayOpen, DelayOpenTime,
DelayOpenTimer,
SendNOTIFICATIONwithoutOPEN,
CollisionDetectEstablishedState
Option 1: DelayOpen
Description: The DelayOpen optional session attribute allows
implementations to be configured to delay sending
an OPEN message for a specific time period
(DelayOpenTime). The delay allows the remote BGP
Peer time to send the first OPEN message.
Value: TRUE or FALSE
Option 2: DelayOpenTime
Description: The DelayOpenTime is the initial value set in the
DelayOpenTimer.
Value: Time in seconds
Option 3: DelayOpenTimer
Description: The DelayOpenTimer optional session attribute is
used to delay the sending of an OPEN message on a
Rekhter, et al. Standards Track [Page 41]
RFC 4271 BGP-4 January 2006
connection. The DelayOpenTimer_Expires event
(Event 12) is described in Section 8.1.3.
Value: Time in seconds
Option 4: SendNOTIFICATIONwithoutOPEN
Description: The SendNOTIFICATIONwithoutOPEN allows a peer to
send a NOTIFICATION without first sending an OPEN
message. Without this optional session attribute,
the BGP connection assumes that an OPEN message
must be sent by a peer prior to the peer sending a
NOTIFICATION message.
Value: True or False
Option 5: CollisionDetectEstablishedState
Description: Normally, a Detect Collision (see Section 6.8)
will be ignored in the Established state. This
optional session attribute indicates that this BGP
connection processes collisions in the Established
state.
Value: True or False
Note: The optional session attributes clarify the BGP FSM
description for existing features of BGP implementations.
The optional session attributes may be pre-defined for an
implementation and not readable via management interfaces
for existing correct implementations. As newer BGP MIBs
(version 2 and beyond) are supported, these fields will be
accessible via a management interface.
8.1.2. Administrative Events
An administrative event is an event in which the operator interface
and BGP Policy engine signal the BGP-finite state machine to start or
stop the BGP state machine. The basic start and stop indications are
augmented by optional connection attributes that signal a certain
type of start or stop mechanism to the BGP FSM. An example of this
combination is Event 5, AutomaticStart_with_PassiveTcpEstablishment.
With this event, the BGP implementation signals to the BGP FSM that
the implementation is using an Automatic Start with the option to use
a Passive TCP Establishment. The Passive TCP establishment signals
that this BGP FSM will wait for the remote side to start the TCP
establishment.
Rekhter, et al. Standards Track [Page 42]
RFC 4271 BGP-4 January 2006
Note that only Event 1 (ManualStart) and Event 2 (ManualStop) are
mandatory administrative events. All other administrative events are
optional (Events 3-8). Each event below has a name, definition,
status (mandatory or optional), and the optional session attributes
that SHOULD be set at each stage. When generating Event 1 through
Event 8 for the BGP FSM, the conditions specified in the "Optional
Attribute Status" section are verified. If any of these conditions
are not satisfied, then the local system should log an FSM error.
The settings of optional session attributes may be implicit in some
implementations, and therefore may not be set explicitly by an
external operator action. Section 8.2.1.5 describes these implicit
settings of the optional session attributes. The administrative
states described below may also be implicit in some implementations
and not directly configurable by an external operator.
Event 1: ManualStart
Definition: Local system administrator manually starts the peer
connection.
Status: Mandatory
Optional
Attribute
Status: The PassiveTcpEstablishment attribute SHOULD be set
to FALSE.
Event 2: ManualStop
Definition: Local system administrator manually stops the peer
connection.
Status: Mandatory
Optional
Attribute
Status: No interaction with any optional attributes.
Event 3: AutomaticStart
Definition: Local system automatically starts the BGP
connection.
Status: Optional, depending on local system
Rekhter, et al. Standards Track [Page 43]
RFC 4271 BGP-4 January 2006
Optional
Attribute
Status: 1) The AllowAutomaticStart attribute SHOULD be set
to TRUE if this event occurs.
2) If the PassiveTcpEstablishment optional session
attribute is supported, it SHOULD be set to
FALSE.
3) If the DampPeerOscillations is supported, it
SHOULD be set to FALSE when this event occurs.
Event 4: ManualStart_with_PassiveTcpEstablishment
Definition: Local system administrator manually starts the peer
connection, but has PassiveTcpEstablishment
enabled. The PassiveTcpEstablishment optional
attribute indicates that the peer will listen prior
to establishing the connection.
Status: Optional, depending on local system
Optional
Attribute
Status: 1) The PassiveTcpEstablishment attribute SHOULD be
set to TRUE if this event occurs.
2) The DampPeerOscillations attribute SHOULD be set
to FALSE when this event occurs.
Event 5: AutomaticStart_with_PassiveTcpEstablishment
Definition: Local system automatically starts the BGP
connection with the PassiveTcpEstablishment
enabled. The PassiveTcpEstablishment optional
attribute indicates that the peer will listen prior
to establishing a connection.
Status: Optional, depending on local system
Optional
Attribute
Status: 1) The AllowAutomaticStart attribute SHOULD be set
to TRUE.
2) The PassiveTcpEstablishment attribute SHOULD be
set to TRUE.
3) If the DampPeerOscillations attribute is
supported, the DampPeerOscillations SHOULD be
set to FALSE.
Rekhter, et al. Standards Track [Page 44]
RFC 4271 BGP-4 January 2006
Event 6: AutomaticStart_with_DampPeerOscillations
Definition: Local system automatically starts the BGP peer
connection with peer oscillation damping enabled.
The exact method of damping persistent peer
oscillations is determined by the implementation
and is outside the scope of this document.
Status: Optional, depending on local system.
Optional
Attribute
Status: 1) The AllowAutomaticStart attribute SHOULD be set
to TRUE.
2) The DampPeerOscillations attribute SHOULD be set
to TRUE.
3) The PassiveTcpEstablishment attribute SHOULD be
set to FALSE.
Event 7: AutomaticStart_with_DampPeerOscillations_and_
PassiveTcpEstablishment
Definition: Local system automatically starts the BGP peer
connection with peer oscillation damping enabled
and PassiveTcpEstablishment enabled. The exact
method of damping persistent peer oscillations is
determined by the implementation and is outside the
scope of this document.
Status: Optional, depending on local system
Optional
Attributes
Status: 1) The AllowAutomaticStart attribute SHOULD be set
to TRUE.
2) The DampPeerOscillations attribute SHOULD be set
to TRUE.
3) The PassiveTcpEstablishment attribute SHOULD be
set to TRUE.
Event 8: AutomaticStop
Definition: Local system automatically stops the BGP
connection.
An example of an automatic stop event is exceeding
the number of prefixes for a given peer and the
local system automatically disconnecting the peer.
Rekhter, et al. Standards Track [Page 45]
RFC 4271 BGP-4 January 2006
Status: Optional, depending on local system
Optional
Attribute
Status: 1) The AllowAutomaticStop attribute SHOULD be TRUE.
8.1.3. Timer Events
Event 9: ConnectRetryTimer_Expires
Definition: An event generated when the ConnectRetryTimer
expires.
Status: Mandatory
Event 10: HoldTimer_Expires
Definition: An event generated when the HoldTimer expires.
Status: Mandatory
Event 11: KeepaliveTimer_Expires
Definition: An event generated when the KeepaliveTimer expires.
Status: Mandatory
Event 12: DelayOpenTimer_Expires
Definition: An event generated when the DelayOpenTimer expires.
Status: Optional
Optional
Attribute
Status: If this event occurs,
1) DelayOpen attribute SHOULD be set to TRUE,
2) DelayOpenTime attribute SHOULD be supported,
3) DelayOpenTimer SHOULD be supported.
Event 13: IdleHoldTimer_Expires
Definition: An event generated when the IdleHoldTimer expires,
indicating that the BGP connection has completed
waiting for the back-off period to prevent BGP peer
oscillation.
Rekhter, et al. Standards Track [Page 46]
RFC 4271 BGP-4 January 2006
The IdleHoldTimer is only used when the persistent
peer oscillation damping function is enabled by
setting the DampPeerOscillations optional attribute
to TRUE.
Implementations not implementing the persistent
peer oscillation damping function may not have the
IdleHoldTimer.
Status: Optional
Optional
Attribute
Status: If this event occurs:
1) DampPeerOscillations attribute SHOULD be set to
TRUE.
2) IdleHoldTimer SHOULD have just expired.
8.1.4. TCP Connection-Based Events
Event 14: TcpConnection_Valid
Definition: Event indicating the local system reception of a
TCP connection request with a valid source IP
address, TCP port, destination IP address, and TCP
Port. The definition of invalid source and invalid
destination IP address is determined by the
implementation.
BGP's destination port SHOULD be port 179, as
defined by IANA.
TCP connection request is denoted by the local
system receiving a TCP SYN.
Status: Optional
Optional
Attribute
Status: 1) The TrackTcpState attribute SHOULD be set to
TRUE if this event occurs.
Event 15: Tcp_CR_Invalid
Definition: Event indicating the local system reception of a
TCP connection request with either an invalid
source address or port number, or an invalid
destination address or port number.
Rekhter, et al. Standards Track [Page 47]
RFC 4271 BGP-4 January 2006
BGP destination port number SHOULD be 179, as
defined by IANA.
A TCP connection request occurs when the local
system receives a TCP SYN.
Status: Optional
Optional
Attribute
Status: 1) The TrackTcpState attribute should be set to
TRUE if this event occurs.
Event 16: Tcp_CR_Acked
Definition: Event indicating the local system's request to
establish a TCP connection to the remote peer.
The local system's TCP connection sent a TCP SYN,
received a TCP SYN/ACK message, and sent a TCP ACK.
Status: Mandatory
Event 17: TcpConnectionConfirmed
Definition: Event indicating that the local system has received
a confirmation that the TCP connection has been
established by the remote site.
The remote peer's TCP engine sent a TCP SYN. The
local peer's TCP engine sent a SYN, ACK message and
now has received a final ACK.
Status: Mandatory
Event 18: TcpConnectionFails
Definition: Event indicating that the local system has received
a TCP connection failure notice.
The remote BGP peer's TCP machine could have sent a
FIN. The local peer would respond with a FIN-ACK.
Another possibility is that the local peer
indicated a timeout in the TCP connection and
downed the connection.
Status: Mandatory
Rekhter, et al. Standards Track [Page 48]
RFC 4271 BGP-4 January 2006
8.1.5. BGP Message-Based Events
Event 19: BGPOpen
Definition: An event is generated when a valid OPEN message has
been received.
Status: Mandatory
Optional
Attribute
Status: 1) The DelayOpen optional attribute SHOULD be set
to FALSE.
2) The DelayOpenTimer SHOULD not be running.
Event 20: BGPOpen with DelayOpenTimer running
Definition: An event is generated when a valid OPEN message has
been received for a peer that has a successfully
established transport connection and is currently
delaying the sending of a BGP open message.
Status: Optional
Optional
Attribute
Status: 1) The DelayOpen attribute SHOULD be set to TRUE.
2) The DelayOpenTimer SHOULD be running.
Event 21: BGPHeaderErr
Definition: An event is generated when a received BGP message
header is not valid.
Status: Mandatory
Event 22: BGPOpenMsgErr
Definition: An event is generated when an OPEN message has been
received with errors.
Status: Mandatory
Event 23: OpenCollisionDump
Definition: An event generated administratively when a
connection collision has been detected while
processing an incoming OPEN message and this
Rekhter, et al. Standards Track [Page 49]
RFC 4271 BGP-4 January 2006
connection has been selected to be disconnected.
See Section 6.8 for more information on collision
detection.
Event 23 is an administrative action generated by
implementation logic that determines whether this
connection needs to be dropped per the rules in
Section 6.8. This event may occur if the FSM is
implemented as two linked state machines.
Status: Optional
Optional
Attribute
Status: If the state machine is to process this event in
the Established state,
1) CollisionDetectEstablishedState optional
attribute SHOULD be set to TRUE.
Please note: The OpenCollisionDump event can occur
in Idle, Connect, Active, OpenSent, and OpenConfirm
without any optional attributes being set.
Event 24: NotifMsgVerErr
Definition: An event is generated when a NOTIFICATION message
with "version error" is received.
Status: Mandatory
Event 25: NotifMsg
Definition: An event is generated when a NOTIFICATION message
is received and the error code is anything but
"version error".
Status: Mandatory
Event 26: KeepAliveMsg
Definition: An event is generated when a KEEPALIVE message is
received.
Status: Mandatory
Rekhter, et al. Standards Track [Page 50]
RFC 4271 BGP-4 January 2006
Event 27: UpdateMsg
Definition: An event is generated when a valid UPDATE message
is received.
Status: Mandatory
Event 28: UpdateMsgErr
Definition: An event is generated when an invalid UPDATE
message is received.
Status: Mandatory
8.2. Description of FSM
8.2.1. FSM Definition
BGP MUST maintain a separate FSM for each configured peer. Each BGP
peer paired in a potential connection will attempt to connect to the
other, unless configured to remain in the idle state, or configured
to remain passive. For the purpose of this discussion, the active or
connecting side of the TCP connection (the side of a TCP connection
sending the first TCP SYN packet) is called outgoing. The passive or
listening side (the sender of the first SYN/ACK) is called an
incoming connection. (See Section 8.2.1.1 for information on the
terms active and passive used below.)
A BGP implementation MUST connect to and listen on TCP port 179 for
incoming connections in addition to trying to connect to peers. For
each incoming connection, a state machine MUST be instantiated.
There exists a period in which the identity of the peer on the other
end of an incoming connection is known, but the BGP identifier is not
known. During this time, both an incoming and outgoing connection
may exist for the same configured peering. This is referred to as a
connection collision (see Section 6.8).
A BGP implementation will have, at most, one FSM for each configured
peering, plus one FSM for each incoming TCP connection for which the
peer has not yet been identified. Each FSM corresponds to exactly
one TCP connection.
There may be more than one connection between a pair of peers if the
connections are configured to use a different pair of IP addresses.
This is referred to as multiple "configured peerings" to the same
peer.
Rekhter, et al. Standards Track [Page 51]
RFC 4271 BGP-4 January 2006
8.2.1.1. Terms "active" and "passive"
The terms active and passive have been in the Internet operator's
vocabulary for almost a decade and have proven useful. The words
active and passive have slightly different meanings when applied to a
TCP connection or a peer. There is only one active side and one
passive side to any one TCP connection, per the definition above and
the state machine below. When a BGP speaker is configured as active,
it may end up on either the active or passive side of the connection
that eventually gets established. Once the TCP connection is
completed, it doesn't matter which end was active and which was
passive. The only difference is in which side of the TCP connection
has port number 179.
8.2.1.2. FSM and Collision Detection
There is one FSM per BGP connection. When the connection collision
occurs prior to determining what peer a connection is associated
with, there may be two connections for one peer. After the
connection collision is resolved (see Section 6.8), the FSM for the
connection that is closed SHOULD be disposed.
8.2.1.3. FSM and Optional Session Attributes
Optional Session Attributes specify either attributes that act as
flags (TRUE or FALSE) or optional timers. For optional attributes
that act as flags, if the optional session attribute can be set to
TRUE on the system, the corresponding BGP FSM actions must be
supported. For example, if the following options can be set in a BGP
implementation: AutoStart and PassiveTcpEstablishment, then Events 3,
4 and 5 must be supported. If an Optional Session attribute cannot
be set to TRUE, the events supporting that set of options do not have
to be supported.
Each of the optional timers (DelayOpenTimer and IdleHoldTimer) has a
group of attributes that are:
- flag indicating support,
- Time set in Timer
- Timer.
The two optional timers show this format:
DelayOpenTimer: DelayOpen, DelayOpenTime, DelayOpenTimer
IdleHoldTimer: DampPeerOscillations, IdleHoldTime,
IdleHoldTimer
Rekhter, et al. Standards Track [Page 52]
RFC 4271 BGP-4 January 2006
If the flag indicating support for an optional timer (DelayOpen or
DampPeerOscillations) cannot be set to TRUE, the timers and events
supporting that option do not have to be supported.
8.2.1.4. FSM Event Numbers
The Event numbers (1-28) utilized in this state machine description
aid in specifying the behavior of the BGP state machine.
Implementations MAY use these numbers to provide network management
information. The exact form of an FSM or the FSM events are specific
to each implementation.
8.2.1.5. FSM Actions that are Implementation Dependent
At certain points, the BGP FSM specifies that BGP initialization will
occur or that BGP resources will be deleted. The initialization of
the BGP FSM and the associated resources depend on the policy portion
of the BGP implementation. The details of these actions are outside
the scope of the FSM document.
8.2.2. Finite State Machine
Idle state:
Initially, the BGP peer FSM is in the Idle state. Hereafter, the
BGP peer FSM will be shortened to BGP FSM.
In this state, BGP FSM refuses all incoming BGP connections for
this peer. No resources are allocated to the peer. In response
to a ManualStart event (Event 1) or an AutomaticStart event (Event
3), the local system:
- initializes all BGP resources for the peer connection,
- sets ConnectRetryCounter to zero,
- starts the ConnectRetryTimer with the initial value,
- initiates a TCP connection to the other BGP peer,
- listens for a connection that may be initiated by the remote
BGP peer, and
- changes its state to Connect.
The ManualStop event (Event 2) and AutomaticStop (Event 8) event
are ignored in the Idle state.
Rekhter, et al. Standards Track [Page 53]
RFC 4271 BGP-4 January 2006
In response to a ManualStart_with_PassiveTcpEstablishment event
(Event 4) or AutomaticStart_with_PassiveTcpEstablishment event
(Event 5), the local system:
- initializes all BGP resources,
- sets the ConnectRetryCounter to zero,
- starts the ConnectRetryTimer with the initial value,
- listens for a connection that may be initiated by the remote
peer, and
- changes its state to Active.
The exact value of the ConnectRetryTimer is a local matter, but it
SHOULD be sufficiently large to allow TCP initialization.
If the DampPeerOscillations attribute is set to TRUE, the
following three additional events may occur within the Idle state:
- AutomaticStart_with_DampPeerOscillations (Event 6),
- AutomaticStart_with_DampPeerOscillations_and_
PassiveTcpEstablishment (Event 7),
- IdleHoldTimer_Expires (Event 13).
Upon receiving these 3 events, the local system will use these
events to prevent peer oscillations. The method of preventing
persistent peer oscillation is outside the scope of this document.
Any other event (Events 9-12, 15-28) received in the Idle state
does not cause change in the state of the local system.
Connect State:
In this state, BGP FSM is waiting for the TCP connection to be
completed.
The start events (Events 1, 3-7) are ignored in the Connect state.
In response to a ManualStop event (Event 2), the local system:
- drops the TCP connection,
- releases all BGP resources,
Rekhter, et al. Standards Track [Page 54]
RFC 4271 BGP-4 January 2006
- sets ConnectRetryCounter to zero,
- stops the ConnectRetryTimer and sets ConnectRetryTimer to
zero, and
- changes its state to Idle.
In response to the ConnectRetryTimer_Expires event (Event 9), the
local system:
- drops the TCP connection,
- restarts the ConnectRetryTimer,
- stops the DelayOpenTimer and resets the timer to zero,
- initiates a TCP connection to the other BGP peer,
- continues to listen for a connection that may be initiated by
the remote BGP peer, and
- stays in the Connect state.
If the DelayOpenTimer_Expires event (Event 12) occurs in the
Connect state, the local system:
- sends an OPEN message to its peer,
- sets the HoldTimer to a large value, and
- changes its state to OpenSent.
If the BGP FSM receives a TcpConnection_Valid event (Event 14),
the TCP connection is processed, and the connection remains in the
Connect state.
If the BGP FSM receives a Tcp_CR_Invalid event (Event 15), the
local system rejects the TCP connection, and the connection
remains in the Connect state.
If the TCP connection succeeds (Event 16 or Event 17), the local
system checks the DelayOpen attribute prior to processing. If the
DelayOpen attribute is set to TRUE, the local system:
- stops the ConnectRetryTimer (if running) and sets the
ConnectRetryTimer to zero,
- sets the DelayOpenTimer to the initial value, and
Rekhter, et al. Standards Track [Page 55]
RFC 4271 BGP-4 January 2006
- stays in the Connect state.
If the DelayOpen attribute is set to FALSE, the local system:
- stops the ConnectRetryTimer (if running) and sets the
ConnectRetryTimer to zero,
- completes BGP initialization
- sends an OPEN message to its peer,
- sets the HoldTimer to a large value, and
- changes its state to OpenSent.
A HoldTimer value of 4 minutes is suggested.
If the TCP connection fails (Event 18), the local system checks
the DelayOpenTimer. If the DelayOpenTimer is running, the local
system:
- restarts the ConnectRetryTimer with the initial value,
- stops the DelayOpenTimer and resets its value to zero,
- continues to listen for a connection that may be initiated by
the remote BGP peer, and
- changes its state to Active.
If the DelayOpenTimer is not running, the local system:
- stops the ConnectRetryTimer to zero,
- drops the TCP connection,
- releases all BGP resources, and
- changes its state to Idle.
If an OPEN message is received while the DelayOpenTimer is running
(Event 20), the local system:
- stops the ConnectRetryTimer (if running) and sets the
ConnectRetryTimer to zero,
- completes the BGP initialization,
Rekhter, et al. Standards Track [Page 56]
RFC 4271 BGP-4 January 2006
- stops and clears the DelayOpenTimer (sets the value to zero),
- sends an OPEN message,
- sends a KEEPALIVE message,
- if the HoldTimer initial value is non-zero,
- starts the KeepaliveTimer with the initial value and
- resets the HoldTimer to the negotiated value,
else, if the HoldTimer initial value is zero,
- resets the KeepaliveTimer and
- resets the HoldTimer value to zero,
- and changes its state to OpenConfirm.
If the value of the autonomous system field is the same as the
local Autonomous System number, set the connection status to an
internal connection; otherwise it will be "external".
If BGP message header checking (Event 21) or OPEN message checking
detects an error (Event 22) (see Section 6.2), the local system:
- (optionally) If the SendNOTIFICATIONwithoutOPEN attribute is
set to TRUE, then the local system first sends a NOTIFICATION
message with the appropriate error code, and then
- stops the ConnectRetryTimer (if running) and sets the
ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If a NOTIFICATION message is received with a version error (Event
24), the local system checks the DelayOpenTimer. If the
DelayOpenTimer is running, the local system:
Rekhter, et al. Standards Track [Page 57]
RFC 4271 BGP-4 January 2006
- stops the ConnectRetryTimer (if running) and sets the
ConnectRetryTimer to zero,
- stops and resets the DelayOpenTimer (sets to zero),
- releases all BGP resources,
- drops the TCP connection, and
- changes its state to Idle.
If the DelayOpenTimer is not running, the local system:
- stops the ConnectRetryTimer and sets the ConnectRetryTimer to
zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- performs peer oscillation damping if the DampPeerOscillations
attribute is set to True, and
- changes its state to Idle.
In response to any other events (Events 8, 10-11, 13, 19, 23,
25-28), the local system:
- if the ConnectRetryTimer is running, stops and resets the
ConnectRetryTimer (sets to zero),
- if the DelayOpenTimer is running, stops and resets the
DelayOpenTimer (sets to zero),
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- performs peer oscillation damping if the DampPeerOscillations
attribute is set to True, and
- changes its state to Idle.
Rekhter, et al. Standards Track [Page 58]
RFC 4271 BGP-4 January 2006
Active State:
In this state, BGP FSM is trying to acquire a peer by listening
for, and accepting, a TCP connection.
The start events (Events 1, 3-7) are ignored in the Active state.
In response to a ManualStop event (Event 2), the local system:
- If the DelayOpenTimer is running and the
SendNOTIFICATIONwithoutOPEN session attribute is set, the
local system sends a NOTIFICATION with a Cease,
- releases all BGP resources including stopping the
DelayOpenTimer
- drops the TCP connection,
- sets ConnectRetryCounter to zero,
- stops the ConnectRetryTimer and sets the ConnectRetryTimer to
zero, and
- changes its state to Idle.
In response to a ConnectRetryTimer_Expires event (Event 9), the
local system:
- restarts the ConnectRetryTimer (with initial value),
- initiates a TCP connection to the other BGP peer,
- continues to listen for a TCP connection that may be initiated
by a remote BGP peer, and
- changes its state to Connect.
If the local system receives a DelayOpenTimer_Expires event (Event
12), the local system:
- sets the ConnectRetryTimer to zero,
- stops and clears the DelayOpenTimer (set to zero),
- completes the BGP initialization,
- sends the OPEN message to its remote peer,
Rekhter, et al. Standards Track [Page 59]
RFC 4271 BGP-4 January 2006
- sets its hold timer to a large value, and
- changes its state to OpenSent.
A HoldTimer value of 4 minutes is also suggested for this state
transition.
If the local system receives a TcpConnection_Valid event (Event
14), the local system processes the TCP connection flags and stays
in the Active state.
If the local system receives a Tcp_CR_Invalid event (Event 15),
the local system rejects the TCP connection and stays in the
Active State.
In response to the success of a TCP connection (Event 16 or Event
17), the local system checks the DelayOpen optional attribute
prior to processing.
If the DelayOpen attribute is set to TRUE, the local system:
- stops the ConnectRetryTimer and sets the ConnectRetryTimer
to zero,
- sets the DelayOpenTimer to the initial value
(DelayOpenTime), and
- stays in the Active state.
If the DelayOpen attribute is set to FALSE, the local system:
- sets the ConnectRetryTimer to zero,
- completes the BGP initialization,
- sends the OPEN message to its peer,
- sets its HoldTimer to a large value, and
- changes its state to OpenSent.
A HoldTimer value of 4 minutes is suggested as a "large value" for
the HoldTimer.
If the local system receives a TcpConnectionFails event (Event
18), the local system:
- restarts the ConnectRetryTimer (with the initial value),
Rekhter, et al. Standards Track [Page 60]
RFC 4271 BGP-4 January 2006
- stops and clears the DelayOpenTimer (sets the value to zero),
- releases all BGP resource,
- increments the ConnectRetryCounter by 1,
- optionally performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If an OPEN message is received and the DelayOpenTimer is running
(Event 20), the local system:
- stops the ConnectRetryTimer (if running) and sets the
ConnectRetryTimer to zero,
- stops and clears the DelayOpenTimer (sets to zero),
- completes the BGP initialization,
- sends an OPEN message,
- sends a KEEPALIVE message,
- if the HoldTimer value is non-zero,
- starts the KeepaliveTimer to initial value,
- resets the HoldTimer to the negotiated value,
else if the HoldTimer is zero
- resets the KeepaliveTimer (set to zero),
- resets the HoldTimer to zero, and
- changes its state to OpenConfirm.
If the value of the autonomous system field is the same as the
local Autonomous System number, set the connection status to an
internal connection; otherwise it will be external.
If BGP message header checking (Event 21) or OPEN message checking
detects an error (Event 22) (see Section 6.2), the local system:
Rekhter, et al. Standards Track [Page 61]
RFC 4271 BGP-4 January 2006
- (optionally) sends a NOTIFICATION message with the appropriate
error code if the SendNOTIFICATIONwithoutOPEN attribute is set
to TRUE,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If a NOTIFICATION message is received with a version error (Event
24), the local system checks the DelayOpenTimer. If the
DelayOpenTimer is running, the local system:
- stops the ConnectRetryTimer (if running) and sets the
ConnectRetryTimer to zero,
- stops and resets the DelayOpenTimer (sets to zero),
- releases all BGP resources,
- drops the TCP connection, and
- changes its state to Idle.
If the DelayOpenTimer is not running, the local system:
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
Rekhter, et al. Standards Track [Page 62]
RFC 4271 BGP-4 January 2006
In response to any other event (Events 8, 10-11, 13, 19, 23,
25-28), the local system:
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by one,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
OpenSent:
In this state, BGP FSM waits for an OPEN message from its peer.
The start events (Events 1, 3-7) are ignored in the OpenSent
state.
If a ManualStop event (Event 2) is issued in the OpenSent state,
the local system:
- sends the NOTIFICATION with a Cease,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- sets the ConnectRetryCounter to zero, and
- changes its state to Idle.
If an AutomaticStop event (Event 8) is issued in the OpenSent
state, the local system:
- sends the NOTIFICATION with a Cease,
- sets the ConnectRetryTimer to zero,
- releases all the BGP resources,
- drops the TCP connection,
Rekhter, et al. Standards Track [Page 63]
RFC 4271 BGP-4 January 2006
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If the HoldTimer_Expires (Event 10), the local system:
- sends a NOTIFICATION message with the error code Hold Timer
Expired,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If a TcpConnection_Valid (Event 14), Tcp_CR_Acked (Event 16), or a
TcpConnectionConfirmed event (Event 17) is received, a second TCP
connection may be in progress. This second TCP connection is
tracked per Connection Collision processing (Section 6.8) until an
OPEN message is received.
A TCP Connection Request for an Invalid port (Tcp_CR_Invalid
(Event 15)) is ignored.
If a TcpConnectionFails event (Event 18) is received, the local
system:
- closes the BGP connection,
- restarts the ConnectRetryTimer,
- continues to listen for a connection that may be initiated by
the remote BGP peer, and
- changes its state to Active.
Rekhter, et al. Standards Track [Page 64]
RFC 4271 BGP-4 January 2006
When an OPEN message is received, all fields are checked for
correctness. If there are no errors in the OPEN message (Event
19), the local system:
- resets the DelayOpenTimer to zero,
- sets the BGP ConnectRetryTimer to zero,
- sends a KEEPALIVE message, and
- sets a KeepaliveTimer (via the text below)
- sets the HoldTimer according to the negotiated value (see
Section 4.2),
- changes its state to OpenConfirm.
If the negotiated hold time value is zero, then the HoldTimer and
KeepaliveTimer are not started. If the value of the Autonomous
System field is the same as the local Autonomous System number,
then the connection is an "internal" connection; otherwise, it is
an "external" connection. (This will impact UPDATE processing as
described below.)
If the BGP message header checking (Event 21) or OPEN message
checking detects an error (Event 22)(see Section 6.2), the local
system:
- sends a NOTIFICATION message with the appropriate error code,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is TRUE, and
- changes its state to Idle.
Collision detection mechanisms (Section 6.8) need to be applied
when a valid BGP OPEN message is received (Event 19 or Event 20).
Please refer to Section 6.8 for the details of the comparison. A
Rekhter, et al. Standards Track [Page 65]
RFC 4271 BGP-4 January 2006
CollisionDetectDump event occurs when the BGP implementation
determines, by means outside the scope of this document, that a
connection collision has occurred.
If a connection in the OpenSent state is determined to be the
connection that must be closed, an OpenCollisionDump (Event 23) is
signaled to the state machine. If such an event is received in
the OpenSent state, the local system:
- sends a NOTIFICATION with a Cease,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If a NOTIFICATION message is received with a version error (Event
24), the local system:
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection, and
- changes its state to Idle.
In response to any other event (Events 9, 11-13, 20, 25-28), the
local system:
- sends the NOTIFICATION with the Error Code Finite State
Machine Error,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
Rekhter, et al. Standards Track [Page 66]
RFC 4271 BGP-4 January 2006
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
OpenConfirm State:
In this state, BGP waits for a KEEPALIVE or NOTIFICATION message.
Any start event (Events 1, 3-7) is ignored in the OpenConfirm
state.
In response to a ManualStop event (Event 2) initiated by the
operator, the local system:
- sends the NOTIFICATION message with a Cease,
- releases all BGP resources,
- drops the TCP connection,
- sets the ConnectRetryCounter to zero,
- sets the ConnectRetryTimer to zero, and
- changes its state to Idle.
In response to the AutomaticStop event initiated by the system
(Event 8), the local system:
- sends the NOTIFICATION message with a Cease,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If the HoldTimer_Expires event (Event 10) occurs before a
KEEPALIVE message is received, the local system:
Rekhter, et al. Standards Track [Page 67]
RFC 4271 BGP-4 January 2006
- sends the NOTIFICATION message with the Error Code Hold Timer
Expired,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If the local system receives a KeepaliveTimer_Expires event (Event
11), the local system:
- sends a KEEPALIVE message,
- restarts the KeepaliveTimer, and
- remains in the OpenConfirmed state.
In the event of a TcpConnection_Valid event (Event 14), or the
success of a TCP connection (Event 16 or Event 17) while in
OpenConfirm, the local system needs to track the second
connection.
If a TCP connection is attempted with an invalid port (Event 15),
the local system will ignore the second connection attempt.
If the local system receives a TcpConnectionFails event (Event 18)
from the underlying TCP or a NOTIFICATION message (Event 25), the
local system:
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
Rekhter, et al. Standards Track [Page 68]
RFC 4271 BGP-4 January 2006
- changes its state to Idle.
If the local system receives a NOTIFICATION message with a version
error (NotifMsgVerErr (Event 24)), the local system:
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection, and
- changes its state to Idle.
If the local system receives a valid OPEN message (BGPOpen (Event
19)), the collision detect function is processed per Section 6.8.
If this connection is to be dropped due to connection collision,
the local system:
- sends a NOTIFICATION with a Cease,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection (send TCP FIN),
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If an OPEN message is received, all fields are checked for
correctness. If the BGP message header checking (BGPHeaderErr
(Event 21)) or OPEN message checking detects an error (see Section
6.2) (BGPOpenMsgErr (Event 22)), the local system:
- sends a NOTIFICATION message with the appropriate error code,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
Rekhter, et al. Standards Track [Page 69]
RFC 4271 BGP-4 January 2006
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If, during the processing of another OPEN message, the BGP
implementation determines, by a means outside the scope of this
document, that a connection collision has occurred and this
connection is to be closed, the local system will issue an
OpenCollisionDump event (Event 23). When the local system
receives an OpenCollisionDump event (Event 23), the local system:
- sends a NOTIFICATION with a Cease,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If the local system receives a KEEPALIVE message (KeepAliveMsg
(Event 26)), the local system:
- restarts the HoldTimer and
- changes its state to Established.
In response to any other event (Events 9, 12-13, 20, 27-28), the
local system:
- sends a NOTIFICATION with a code of Finite State Machine
Error,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
Rekhter, et al. Standards Track [Page 70]
RFC 4271 BGP-4 January 2006
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
Established State:
In the Established state, the BGP FSM can exchange UPDATE,
NOTIFICATION, and KEEPALIVE messages with its peer.
Any Start event (Events 1, 3-7) is ignored in the Established
state.
In response to a ManualStop event (initiated by an operator)
(Event 2), the local system:
- sends the NOTIFICATION message with a Cease,
- sets the ConnectRetryTimer to zero,
- deletes all routes associated with this connection,
- releases BGP resources,
- drops the TCP connection,
- sets the ConnectRetryCounter to zero, and
- changes its state to Idle.
In response to an AutomaticStop event (Event 8), the local system:
- sends a NOTIFICATION with a Cease,
- sets the ConnectRetryTimer to zero
- deletes all routes associated with this connection,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
Rekhter, et al. Standards Track [Page 71]
RFC 4271 BGP-4 January 2006
One reason for an AutomaticStop event is: A BGP receives an UPDATE
messages with a number of prefixes for a given peer such that the
total prefixes received exceeds the maximum number of prefixes
configured. The local system automatically disconnects the peer.
If the HoldTimer_Expires event occurs (Event 10), the local
system:
- sends a NOTIFICATION message with the Error Code Hold Timer
Expired,
- sets the ConnectRetryTimer to zero,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
If the KeepaliveTimer_Expires event occurs (Event 11), the local
system:
- sends a KEEPALIVE message, and
- restarts its KeepaliveTimer, unless the negotiated HoldTime
value is zero.
Each time the local system sends a KEEPALIVE or UPDATE message, it
restarts its KeepaliveTimer, unless the negotiated HoldTime value
is zero.
A TcpConnection_Valid (Event 14), received for a valid port, will
cause the second connection to be tracked.
An invalid TCP connection (Tcp_CR_Invalid event (Event 15)) will
be ignored.
In response to an indication that the TCP connection is
successfully established (Event 16 or Event 17), the second
connection SHALL be tracked until it sends an OPEN message.
Rekhter, et al. Standards Track [Page 72]
RFC 4271 BGP-4 January 2006
If a valid OPEN message (BGPOpen (Event 19)) is received, and if
the CollisionDetectEstablishedState optional attribute is TRUE,
the OPEN message will be checked to see if it collides (Section
6.8) with any other connection. If the BGP implementation
determines that this connection needs to be terminated, it will
process an OpenCollisionDump event (Event 23). If this connection
needs to be terminated, the local system:
- sends a NOTIFICATION with a Cease,
- sets the ConnectRetryTimer to zero,
- deletes all routes associated with this connection,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations is set to TRUE, and
- changes its state to Idle.
If the local system receives a NOTIFICATION message (Event 24 or
Event 25) or a TcpConnectionFails (Event 18) from the underlying
TCP, the local system:
- sets the ConnectRetryTimer to zero,
- deletes all routes associated with this connection,
- releases all the BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- changes its state to Idle.
Rekhter, et al. Standards Track [Page 73]
RFC 4271 BGP-4 January 2006
If the local system receives a KEEPALIVE message (Event 26), the
local system:
- restarts its HoldTimer, if the negotiated HoldTime value is
non-zero, and
- remains in the Established state.
If the local system receives an UPDATE message (Event 27), the
local system:
- processes the message,
- restarts its HoldTimer, if the negotiated HoldTime value is
non-zero, and
- remains in the Established state.
If the local system receives an UPDATE message, and the UPDATE
message error handling procedure (see Section 6.3) detects an
error (Event 28), the local system:
- sends a NOTIFICATION message with an Update error,
- sets the ConnectRetryTimer to zero,
- deletes all routes associated with this connection,
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
In response to any other event (Events 9, 12-13, 20-22), the local
system:
- sends a NOTIFICATION message with the Error Code Finite State
Machine Error,
- deletes all routes associated with this connection,
- sets the ConnectRetryTimer to zero,
Rekhter, et al. Standards Track [Page 74]
RFC 4271 BGP-4 January 2006
- releases all BGP resources,
- drops the TCP connection,
- increments the ConnectRetryCounter by 1,
- (optionally) performs peer oscillation damping if the
DampPeerOscillations attribute is set to TRUE, and
- changes its state to Idle.
9. UPDATE Message Handling
An UPDATE message may be received only in the Established state.
Receiving an UPDATE message in any other state is an error. When an
UPDATE message is received, each field is checked for validity, as
specified in Section 6.3.
If an optional non-transitive attribute is unrecognized, it is
quietly ignored. If an optional transitive attribute is
unrecognized, the Partial bit (the third high-order bit) in the
attribute flags octet is set to 1, and the attribute is retained for
propagation to other BGP speakers.
If an optional attribute is recognized and has a valid value, then,
depending on the type of the optional attribute, it is processed
locally, retained, and updated, if necessary, for possible
propagation to other BGP speakers.
If the UPDATE message contains a non-empty WITHDRAWN ROUTES field,
the previously advertised routes, whose destinations (expressed as IP
prefixes) are contained in this field, SHALL be removed from the
Adj-RIB-In. This BGP speaker SHALL run its Decision Process because
the previously advertised route is no longer available for use.
If the UPDATE message contains a feasible route, the Adj-RIB-In will
be updated with this route as follows: if the NLRI of the new route
is identical to the one the route currently has stored in the Adj-
RIB-In, then the new route SHALL replace the older route in the Adj-
RIB-In, thus implicitly withdrawing the older route from service.
Otherwise, if the Adj-RIB-In has no route with NLRI identical to the
new route, the new route SHALL be placed in the Adj-RIB-In.
Once the BGP speaker updates the Adj-RIB-In, the speaker SHALL run
its Decision Process.
Rekhter, et al. Standards Track [Page 75]
RFC 4271 BGP-4 January 2006
9.1. Decision Process
The Decision Process selects routes for subsequent advertisement by
applying the policies in the local Policy Information Base (PIB) to
the routes stored in its Adj-RIBs-In. The output of the Decision
Process is the set of routes that will be advertised to peers; the
selected routes will be stored in the local speaker's Adj-RIBs-Out,
according to policy.
The BGP Decision Process described here is conceptual, and does not
have to be implemented precisely as described, as long as the
implementations support the described functionality and they exhibit
the same externally visible behavior.
The selection process is formalized by defining a function that takes
the attribute of a given route as an argument and returns either (a)
a non-negative integer denoting the degree of preference for the
route, or (b) a value denoting that this route is ineligible to be
installed in Loc-RIB and will be excluded from the next phase of
route selection.
The function that calculates the degree of preference for a given
route SHALL NOT use any of the following as its inputs: the existence
of other routes, the non-existence of other routes, or the path
attributes of other routes. Route selection then consists of the
individual application of the degree of preference function to each
feasible route, followed by the choice of the one with the highest
degree of preference.
The Decision Process operates on routes contained in the Adj-RIBs-In,
and is responsible for:
- selection of routes to be used locally by the speaker
- selection of routes to be advertised to other BGP peers
- route aggregation and route information reduction
The Decision Process takes place in three distinct phases, each
triggered by a different event:
a) Phase 1 is responsible for calculating the degree of preference
for each route received from a peer.
b) Phase 2 is invoked on completion of phase 1. It is responsible
for choosing the best route out of all those available for each
distinct destination, and for installing each chosen route into
the Loc-RIB.
Rekhter, et al. Standards Track [Page 76]
RFC 4271 BGP-4 January 2006
c) Phase 3 is invoked after the Loc-RIB has been modified. It is
responsible for disseminating routes in the Loc-RIB to each
peer, according to the policies contained in the PIB. Route
aggregation and information reduction can optionally be
performed within this phase.
9.1.1. Phase 1: Calculation of Degree of Preference
The Phase 1 decision function is invoked whenever the local BGP
speaker receives, from a peer, an UPDATE message that advertises a
new route, a replacement route, or withdrawn routes.
The Phase 1 decision function is a separate process,f which completes
when it has no further work to do.
The Phase 1 decision function locks an Adj-RIB-In prior to operating
on any route contained within it, and unlocks it after operating on
all new or unfeasible routes contained within it.
For each newly received or replacement feasible route, the local BGP
speaker determines a degree of preference as follows:
If the route is learned from an internal peer, either the value of
the LOCAL_PREF attribute is taken as the degree of preference, or
the local system computes the degree of preference of the route
based on preconfigured policy information. Note that the latter
may result in formation of persistent routing loops.
If the route is learned from an external peer, then the local BGP
speaker computes the degree of preference based on preconfigured
policy information. If the return value indicates the route is
ineligible, the route MAY NOT serve as an input to the next phase
of route selection; otherwise, the return value MUST be used as
the LOCAL_PREF value in any IBGP readvertisement.
The exact nature of this policy information, and the computation
involved, is a local matter.
9.1.2. Phase 2: Route Selection
The Phase 2 decision function is invoked on completion of Phase 1.
The Phase 2 function is a separate process, which completes when it
has no further work to do. The Phase 2 process considers all routes
that are eligible in the Adj-RIBs-In.
Rekhter, et al. Standards Track [Page 77]
RFC 4271 BGP-4 January 2006
The Phase 2 decision function is blocked from running while the Phase
3 decision function is in process. The Phase 2 function locks all
Adj-RIBs-In prior to commencing its function, and unlocks them on
completion.
If the NEXT_HOP attribute of a BGP route depicts an address that is
not resolvable, or if it would become unresolvable if the route was
installed in the routing table, the BGP route MUST be excluded from
the Phase 2 decision function.
If the AS_PATH attribute of a BGP route contains an AS loop, the BGP
route should be excluded from the Phase 2 decision function. AS loop
detection is done by scanning the full AS path (as specified in the
AS_PATH attribute), and checking that the autonomous system number of
the local system does not appear in the AS path. Operations of a BGP
speaker that is configured to accept routes with its own autonomous
system number in the AS path are outside the scope of this document.
It is critical that BGP speakers within an AS do not make conflicting
decisions regarding route selection that would cause forwarding loops
to occur.
For each set of destinations for which a feasible route exists in the
Adj-RIBs-In, the local BGP speaker identifies the route that has:
a) the highest degree of preference of any route to the same set
of destinations, or
b) is the only route to that destination, or
c) is selected as a result of the Phase 2 tie breaking rules
specified in Section 9.1.2.2.
The local speaker SHALL then install that route in the Loc-RIB,
replacing any route to the same destination that is currently being
held in the Loc-RIB. When the new BGP route is installed in the
Routing Table, care must be taken to ensure that existing routes to
the same destination that are now considered invalid are removed from
the Routing Table. Whether the new BGP route replaces an existing
non-BGP route in the Routing Table depends on the policy configured
on the BGP speaker.
The local speaker MUST determine the immediate next-hop address from
the NEXT_HOP attribute of the selected route (see Section 5.1.3). If
either the immediate next-hop or the IGP cost to the NEXT_HOP (where
the NEXT_HOP is resolved through an IGP route) changes, Phase 2 Route
Selection MUST be performed again.
Rekhter, et al. Standards Track [Page 78]
RFC 4271 BGP-4 January 2006
Notice that even though BGP routes do not have to be installed in the
Routing Table with the immediate next-hop(s), implementations MUST
take care that, before any packets are forwarded along a BGP route,
its associated NEXT_HOP address is resolved to the immediate
(directly connected) next-hop address, and that this address (or
multiple addresses) is finally used for actual packet forwarding.
Unresolvable routes SHALL be removed from the Loc-RIB and the routing
table. However, corresponding unresolvable routes SHOULD be kept in
the Adj-RIBs-In (in case they become resolvable).
9.1.2.1. Route Resolvability Condition
As indicated in Section 9.1.2, BGP speakers SHOULD exclude
unresolvable routes from the Phase 2 decision. This ensures that
only valid routes are installed in Loc-RIB and the Routing Table.
The route resolvability condition is defined as follows:
1) A route Rte1, referencing only the intermediate network
address, is considered resolvable if the Routing Table contains
at least one resolvable route Rte2 that matches Rte1's
intermediate network address and is not recursively resolved
(directly or indirectly) through Rte1. If multiple matching
routes are available, only the longest matching route SHOULD be
considered.
2) Routes referencing interfaces (with or without intermediate
addresses) are considered resolvable if the state of the
referenced interface is up and if IP processing is enabled on
this interface.
BGP routes do not refer to interfaces, but can be resolved through
the routes in the Routing Table that can be of both types (those that
specify interfaces or those that do not). IGP routes and routes to
directly connected networks are expected to specify the outbound
interface. Static routes can specify the outbound interface, the
intermediate address, or both.
Note that a BGP route is considered unresolvable in a situation where
the BGP speaker's Routing Table contains no route matching the BGP
route's NEXT_HOP. Mutually recursive routes (routes resolving each
other or themselves) also fail the resolvability check.
It is also important that implementations do not consider feasible
routes that would become unresolvable if they were installed in the
Routing Table, even if their NEXT_HOPs are resolvable using the
current contents of the Routing Table (an example of such routes
Rekhter, et al. Standards Track [Page 79]
RFC 4271 BGP-4 January 2006
would be mutually recursive routes). This check ensures that a BGP
speaker does not install routes in the Routing Table that will be
removed and not used by the speaker. Therefore, in addition to local
Routing Table stability, this check also improves behavior of the
protocol in the network.
Whenever a BGP speaker identifies a route that fails the
resolvability check because of mutual recursion, an error message
SHOULD be logged.
9.1.2.2. Breaking Ties (Phase 2)
In its Adj-RIBs-In, a BGP speaker may have several routes to the same
destination that have the same degree of preference. The local
speaker can select only one of these routes for inclusion in the
associated Loc-RIB. The local speaker considers all routes with the
same degrees of preference, both those received from internal peers,
and those received from external peers.
The following tie-breaking procedure assumes that, for each candidate
route, all the BGP speakers within an autonomous system can ascertain
the cost of a path (interior distance) to the address depicted by the
NEXT_HOP attribute of the route, and follow the same route selection
algorithm.
The tie-breaking algorithm begins by considering all equally
preferable routes to the same destination, and then selects routes to
be removed from consideration. The algorithm terminates as soon as
only one route remains in consideration. The criteria MUST be
applied in the order specified.
Several of the criteria are described using pseudo-code. Note that
the pseudo-code shown was chosen for clarity, not efficiency. It is
not intended to specify any particular implementation. BGP
implementations MAY use any algorithm that produces the same results
as those described here.
a) Remove from consideration all routes that are not tied for
having the smallest number of AS numbers present in their
AS_PATH attributes. Note that when counting this number, an
AS_SET counts as 1, no matter how many ASes are in the set.
b) Remove from consideration all routes that are not tied for
having the lowest Origin number in their Origin attribute.
Rekhter, et al. Standards Track [Page 80]
RFC 4271 BGP-4 January 2006
c) Remove from consideration routes with less-preferred
MULTI_EXIT_DISC attributes. MULTI_EXIT_DISC is only comparable
between routes learned from the same neighboring AS (the
neighboring AS is determined from the AS_PATH attribute).
Routes that do not have the MULTI_EXIT_DISC attribute are
considered to have the lowest possible MULTI_EXIT_DISC value.
This is also described in the following procedure:
for m = all routes still under consideration
for n = all routes still under consideration
if (neighborAS(m) == neighborAS(n)) and (MED(n) < MED(m))
remove route m from consideration
In the pseudo-code above, MED(n) is a function that returns the
value of route n's MULTI_EXIT_DISC attribute. If route n has
no MULTI_EXIT_DISC attribute, the function returns the lowest
possible MULTI_EXIT_DISC value (i.e., 0).
Similarly, neighborAS(n) is a function that returns the
neighbor AS from which the route was received. If the route is
learned via IBGP, and the other IBGP speaker didn't originate
the route, it is the neighbor AS from which the other IBGP
speaker learned the route. If the route is learned via IBGP,
and the other IBGP speaker either (a) originated the route, or
(b) created the route by aggregation and the AS_PATH attribute
of the aggregate route is either empty or begins with an
AS_SET, it is the local AS.
If a MULTI_EXIT_DISC attribute is removed before re-advertising
a route into IBGP, then comparison based on the received EBGP
MULTI_EXIT_DISC attribute MAY still be performed. If an
implementation chooses to remove MULTI_EXIT_DISC, then the
optional comparison on MULTI_EXIT_DISC, if performed, MUST be
performed only among EBGP-learned routes. The best EBGP-
learned route may then be compared with IBGP-learned routes
after the removal of the MULTI_EXIT_DISC attribute. If
MULTI_EXIT_DISC is removed from a subset of EBGP-learned
routes, and the selected "best" EBGP-learned route will not
have MULTI_EXIT_DISC removed, then the MULTI_EXIT_DISC must be
used in the comparison with IBGP-learned routes. For IBGP-
learned routes, the MULTI_EXIT_DISC MUST be used in route
comparisons that reach this step in the Decision Process.
Including the MULTI_EXIT_DISC of an EBGP-learned route in the
comparison with an IBGP-learned route, then removing the
MULTI_EXIT_DISC attribute, and advertising the route has been
proven to cause route loops.
Rekhter, et al. Standards Track [Page 81]
RFC 4271 BGP-4 January 2006
d) If at least one of the candidate routes was received via EBGP,
remove from consideration all routes that were received via
IBGP.
e) Remove from consideration any routes with less-preferred
interior cost. The interior cost of a route is determined by
calculating the metric to the NEXT_HOP for the route using the
Routing Table. If the NEXT_HOP hop for a route is reachable,
but no cost can be determined, then this step should be skipped
(equivalently, consider all routes to have equal costs).
This is also described in the following procedure.
for m = all routes still under consideration
for n = all routes in still under consideration
if (cost(n) is lower than cost(m))
remove m from consideration
In the pseudo-code above, cost(n) is a function that returns
the cost of the path (interior distance) to the address given
in the NEXT_HOP attribute of the route.
f) Remove from consideration all routes other than the route that
was advertised by the BGP speaker with the lowest BGP
Identifier value.
g) Prefer the route received from the lowest peer address.
9.1.3. Phase 3: Route Dissemination
The Phase 3 decision function is invoked on completion of Phase 2, or
when any of the following events occur:
a) when routes in the Loc-RIB to local destinations have changed
b) when locally generated routes learned by means outside of BGP
have changed
c) when a new BGP speaker connection has been established
The Phase 3 function is a separate process that completes when it has
no further work to do. The Phase 3 Routing Decision function is
blocked from running while the Phase 2 decision function is in
process.
All routes in the Loc-RIB are processed into Adj-RIBs-Out according
to configured policy. This policy MAY exclude a route in the Loc-RIB
from being installed in a particular Adj-RIB-Out. A route SHALL NOT
Rekhter, et al. Standards Track [Page 82]
RFC 4271 BGP-4 January 2006
be installed in the Adj-Rib-Out unless the destination, and NEXT_HOP
described by this route, may be forwarded appropriately by the
Routing Table. If a route in Loc-RIB is excluded from a particular
Adj-RIB-Out, the previously advertised route in that Adj-RIB-Out MUST
be withdrawn from service by means of an UPDATE message (see 9.2).
Route aggregation and information reduction techniques (see Section
9.2.2.1) may optionally be applied.
Any local policy that results in routes being added to an Adj-RIB-Out
without also being added to the local BGP speaker's forwarding table
is outside the scope of this document.
When the updating of the Adj-RIBs-Out and the Routing Table is
complete, the local BGP speaker runs the Update-Send process of 9.2.
9.1.4. Overlapping Routes
A BGP speaker may transmit routes with overlapping Network Layer
Reachability Information (NLRI) to another BGP speaker. NLRI overlap
occurs when a set of destinations are identified in non-matching
multiple routes. Because BGP encodes NLRI using IP prefixes, overlap
will always exhibit subset relationships. A route describing a
smaller set of destinations (a longer prefix) is said to be more
specific than a route describing a larger set of destinations (a
shorter prefix); similarly, a route describing a larger set of
destinations is said to be less specific than a route describing a
smaller set of destinations.
The precedence relationship effectively decomposes less specific
routes into two parts:
- a set of destinations described only by the less specific route,
and
- a set of destinations described by the overlap of the less
specific and the more specific routes
The set of destinations described by the overlap represents a portion
of the less specific route that is feasible, but is not currently in
use. If a more specific route is later withdrawn, the set of
destinations described by the overlap will still be reachable using
the less specific route.
If a BGP speaker receives overlapping routes, the Decision Process
MUST consider both routes based on the configured acceptance policy.
If both a less and a more specific route are accepted, then the
Decision Process MUST install, in Loc-RIB, either both the less and
Rekhter, et al. Standards Track [Page 83]
RFC 4271 BGP-4 January 2006
the more specific routes or aggregate the two routes and install, in
Loc-RIB, the aggregated route, provided that both routes have the
same value of the NEXT_HOP attribute.
If a BGP speaker chooses to aggregate, then it SHOULD either include
all ASes used to form the aggregate in an AS_SET, or add the
ATOMIC_AGGREGATE attribute to the route. This attribute is now
primarily informational. With the elimination of IP routing
protocols that do not support classless routing, and the elimination
of router and host implementations that do not support classless
routing, there is no longer a need to de-aggregate. Routes SHOULD
NOT be de-aggregated. In particular, a route that carries the
ATOMIC_AGGREGATE attribute MUST NOT be de-aggregated. That is, the
NLRI of this route cannot be more specific. Forwarding along such a
route does not guarantee that IP packets will actually traverse only
ASes listed in the AS_PATH attribute of the route.
9.2. Update-Send Process
The Update-Send process is responsible for advertising UPDATE
messages to all peers. For example, it distributes the routes chosen
by the Decision Process to other BGP speakers, which may be located
in either the same autonomous system or a neighboring autonomous
system.
When a BGP speaker receives an UPDATE message from an internal peer,
the receiving BGP speaker SHALL NOT re-distribute the routing
information contained in that UPDATE message to other internal peers
(unless the speaker acts as a BGP Route Reflector [RFC2796]).
As part of Phase 3 of the route selection process, the BGP speaker
has updated its Adj-RIBs-Out. All newly installed routes and all
newly unfeasible routes for which there is no replacement route SHALL
be advertised to its peers by means of an UPDATE message.
A BGP speaker SHOULD NOT advertise a given feasible BGP route from
its Adj-RIB-Out if it would produce an UPDATE message containing the
same BGP route as was previously advertised.
Any routes in the Loc-RIB marked as unfeasible SHALL be removed.
Changes to the reachable destinations within its own autonomous
system SHALL also be advertised in an UPDATE message.
If, due to the limits on the maximum size of an UPDATE message (see
Section 4), a single route doesn't fit into the message, the BGP
speaker MUST not advertise the route to its peers and MAY choose to
log an error locally.
Rekhter, et al. Standards Track [Page 84]
RFC 4271 BGP-4 January 2006
9.2.1. Controlling Routing Traffic Overhead
The BGP protocol constrains the amount of routing traffic (that is,
UPDATE messages), in order to limit both the link bandwidth needed to
advertise UPDATE messages and the processing power needed by the
Decision Process to digest the information contained in the UPDATE
messages.
9.2.1.1. Frequency of Route Advertisement
The parameter MinRouteAdvertisementIntervalTimer determines the
minimum amount of time that must elapse between an advertisement
and/or withdrawal of routes to a particular destination by a BGP
speaker to a peer. This rate limiting procedure applies on a per-
destination basis, although the value of
MinRouteAdvertisementIntervalTimer is set on a per BGP peer basis.
Two UPDATE messages sent by a BGP speaker to a peer that advertise
feasible routes and/or withdrawal of unfeasible routes to some common
set of destinations MUST be separated by at least
MinRouteAdvertisementIntervalTimer. This can only be achieved by
keeping a separate timer for each common set of destinations. This
would be unwarranted overhead. Any technique that ensures that the
interval between two UPDATE messages sent from a BGP speaker to a
peer that advertise feasible routes and/or withdrawal of unfeasible
routes to some common set of destinations will be at least
MinRouteAdvertisementIntervalTimer, and will also ensure that a
constant upper bound on the interval is acceptable.
Since fast convergence is needed within an autonomous system, either
(a) the MinRouteAdvertisementIntervalTimer used for internal peers
SHOULD be shorter than the MinRouteAdvertisementIntervalTimer used
for external peers, or (b) the procedure describe in this section
SHOULD NOT apply to routes sent to internal peers.
This procedure does not limit the rate of route selection, but only
the rate of route advertisement. If new routes are selected multiple
times while awaiting the expiration of
MinRouteAdvertisementIntervalTimer, the last route selected SHALL be
advertised at the end of MinRouteAdvertisementIntervalTimer.
9.2.1.2. Frequency of Route Origination
The parameter MinASOriginationIntervalTimer determines the minimum
amount of time that must elapse between successive advertisements of
UPDATE messages that report changes within the advertising BGP
speaker's own autonomous systems.
Rekhter, et al. Standards Track [Page 85]
RFC 4271 BGP-4 January 2006
9.2.2. Efficient Organization of Routing Information
Having selected the routing information it will advertise, a BGP
speaker may avail itself of several methods to organize this
information in an efficient manner.
9.2.2.1. Information Reduction
Information reduction may imply a reduction in granularity of policy
control - after information is collapsed, the same policies will
apply to all destinations and paths in the equivalence class.
The Decision Process may optionally reduce the amount of information
that it will place in the Adj-RIBs-Out by any of the following
methods:
a) Network Layer Reachability Information (NLRI):
Destination IP addresses can be represented as IP address
prefixes. In cases where there is a correspondence between the
address structure and the systems under control of an
autonomous system administrator, it will be possible to reduce
the size of the NLRI carried in the UPDATE messages.
b) AS_PATHs:
AS path information can be represented as ordered AS_SEQUENCEs
or unordered AS_SETs. AS_SETs are used in the route
aggregation algorithm described in Section 9.2.2.2. They
reduce the size of the AS_PATH information by listing each AS
number only once, regardless of how many times it may have
appeared in multiple AS_PATHs that were aggregated.
An AS_SET implies that the destinations listed in the NLRI can
be reached through paths that traverse at least some of the
constituent autonomous systems. AS_SETs provide sufficient
information to avoid routing information looping; however,
their use may prune potentially feasible paths because such
paths are no longer listed individually in the form of
AS_SEQUENCEs. In practice, this is not likely to be a problem
because once an IP packet arrives at the edge of a group of
autonomous systems, the BGP speaker is likely to have more
detailed path information and can distinguish individual paths
from destinations.
Rekhter, et al. Standards Track [Page 86]
RFC 4271 BGP-4 January 2006
9.2.2.2. Aggregating Routing Information
Aggregation is the process of combining the characteristics of
several different routes in such a way that a single route can be
advertised. Aggregation can occur as part of the Decision Process to
reduce the amount of routing information that will be placed in the
Adj-RIBs-Out.
Aggregation reduces the amount of information that a BGP speaker must
store and exchange with other BGP speakers. Routes can be aggregated
by applying the following procedure, separately, to path attributes
of the same type and to the Network Layer Reachability Information.
Routes that have different MULTI_EXIT_DISC attributes SHALL NOT be
aggregated.
If the aggregated route has an AS_SET as the first element in its
AS_PATH attribute, then the router that originates the route SHOULD
NOT advertise the MULTI_EXIT_DISC attribute with this route.
Path attributes that have different type codes cannot be aggregated
together. Path attributes of the same type code may be aggregated,
according to the following rules:
NEXT_HOP:
When aggregating routes that have different NEXT_HOP
attributes, the NEXT_HOP attribute of the aggregated route
SHALL identify an interface on the BGP speaker that performs
the aggregation.
ORIGIN attribute:
If at least one route among routes that are aggregated has
ORIGIN with the value INCOMPLETE, then the aggregated route
MUST have the ORIGIN attribute with the value INCOMPLETE.
Otherwise, if at least one route among routes that are
aggregated has ORIGIN with the value EGP, then the aggregated
route MUST have the ORIGIN attribute with the value EGP. In
all other cases,, the value of the ORIGIN attribute of the
aggregated route is IGP.
AS_PATH attribute:
If routes to be aggregated have identical AS_PATH attributes,
then the aggregated route has the same AS_PATH attribute as
each individual route.
For the purpose of aggregating AS_PATH attributes, we model
each AS within the AS_PATH attribute as a tuple <type, value>,
where "type" identifies a type of the path segment the AS
Rekhter, et al. Standards Track [Page 87]
RFC 4271 BGP-4 January 2006
belongs to (e.g., AS_SEQUENCE, AS_SET), and "value" identifies
the AS number. If the routes to be aggregated have different
AS_PATH attributes, then the aggregated AS_PATH attribute SHALL
satisfy all of the following conditions:
- all tuples of type AS_SEQUENCE in the aggregated AS_PATH
SHALL appear in all of the AS_PATHs in the initial set of
routes to be aggregated.
- all tuples of type AS_SET in the aggregated AS_PATH SHALL
appear in at least one of the AS_PATHs in the initial set
(they may appear as either AS_SET or AS_SEQUENCE types).
- for any tuple X of type AS_SEQUENCE in the aggregated
AS_PATH, which precedes tuple Y in the aggregated AS_PATH,
X precedes Y in each AS_PATH in the initial set, which
contains Y, regardless of the type of Y.
- No tuple of type AS_SET with the same value SHALL appear
more than once in the aggregated AS_PATH.
- Multiple tuples of type AS_SEQUENCE with the same value may
appear in the aggregated AS_PATH only when adjacent to
another tuple of the same type and value.
An implementation may choose any algorithm that conforms to
these rules. At a minimum, a conformant implementation SHALL
be able to perform the following algorithm that meets all of
the above conditions:
- determine the longest leading sequence of tuples (as
defined above) common to all the AS_PATH attributes of the
routes to be aggregated. Make this sequence the leading
sequence of the aggregated AS_PATH attribute.
- set the type of the rest of the tuples from the AS_PATH
attributes of the routes to be aggregated to AS_SET, and
append them to the aggregated AS_PATH attribute.
- if the aggregated AS_PATH has more than one tuple with the
same value (regardless of tuple's type), eliminate all but
one such tuple by deleting tuples of the type AS_SET from
the aggregated AS_PATH attribute.
- for each pair of adjacent tuples in the aggregated AS_PATH,
if both tuples have the same type, merge them together, as
long as doing so will not cause a segment with a length
greater than 255 to be generated.
Rekhter, et al. Standards Track [Page 88]
RFC 4271 BGP-4 January 2006
Appendix F, Section F.6 presents another algorithm that
satisfies the conditions and allows for more complex policy
configurations.
ATOMIC_AGGREGATE:
If at least one of the routes to be aggregated has
ATOMIC_AGGREGATE path attribute, then the aggregated route
SHALL have this attribute as well.
AGGREGATOR:
Any AGGREGATOR attributes from the routes to be aggregated MUST
NOT be included in the aggregated route. The BGP speaker
performing the route aggregation MAY attach a new AGGREGATOR
attribute (see Section 5.1.7).
9.3. Route Selection Criteria
Generally, additional rules for comparing routes among several
alternatives are outside the scope of this document. There are two
exceptions:
- If the local AS appears in the AS path of the new route being
considered, then that new route cannot be viewed as better than
any other route (provided that the speaker is configured to
accept such routes). If such a route were ever used, a routing
loop could result.
- In order to achieve a successful distributed operation, only
routes with a likelihood of stability can be chosen. Thus, an
AS SHOULD avoid using unstable routes, and it SHOULD NOT make
rapid, spontaneous changes to its choice of route. Quantifying
the terms "unstable" and "rapid" (from the previous sentence)
will require experience, but the principle is clear. Routes
that are unstable can be "penalized" (e.g., by using the
procedures described in [RFC2439]).
9.4. Originating BGP routes
A BGP speaker may originate BGP routes by injecting routing
information acquired by some other means (e.g., via an IGP) into BGP.
A BGP speaker that originates BGP routes assigns the degree of
preference (e.g., according to local configuration) to these routes
by passing them through the Decision Process (see Section 9.1).
These routes MAY also be distributed to other BGP speakers within the
local AS as part of the update process (see Section 9.2). The
decision of whether to distribute non-BGP acquired routes within an
AS via BGP depends on the environment within the AS (e.g., type of
IGP) and SHOULD be controlled via configuration.
Rekhter, et al. Standards Track [Page 89]
RFC 4271 BGP-4 January 2006
10. BGP Timers
BGP employs five timers: ConnectRetryTimer (see Section 8), HoldTimer
(see Section 4.2), KeepaliveTimer (see Section 8),
MinASOriginationIntervalTimer (see Section 9.2.1.2), and
MinRouteAdvertisementIntervalTimer (see Section 9.2.1.1).
Two optional timers MAY be supported: DelayOpenTimer, IdleHoldTimer
by BGP (see Section 8). Section 8 describes their use. The full
operation of these optional timers is outside the scope of this
document.
ConnectRetryTime is a mandatory FSM attribute that stores the initial
value for the ConnectRetryTimer. The suggested default value for the
ConnectRetryTime is 120 seconds.
HoldTime is a mandatory FSM attribute that stores the initial value
for the HoldTimer. The suggested default value for the HoldTime is
90 seconds.
During some portions of the state machine (see Section 8), the
HoldTimer is set to a large value. The suggested default for this
large value is 4 minutes.
The KeepaliveTime is a mandatory FSM attribute that stores the
initial value for the KeepaliveTimer. The suggested default value
for the KeepaliveTime is 1/3 of the HoldTime.
The suggested default value for the MinASOriginationIntervalTimer is
15 seconds.
The suggested default value for the
MinRouteAdvertisementIntervalTimer on EBGP connections is 30 seconds.
The suggested default value for the
MinRouteAdvertisementIntervalTimer on IBGP connections is 5 seconds.
An implementation of BGP MUST allow the HoldTimer to be configurable
on a per-peer basis, and MAY allow the other timers to be
configurable.
To minimize the likelihood that the distribution of BGP messages by a
given BGP speaker will contain peaks, jitter SHOULD be applied to the
timers associated with MinASOriginationIntervalTimer, KeepaliveTimer,
MinRouteAdvertisementIntervalTimer, and ConnectRetryTimer. A given
BGP speaker MAY apply the same jitter to each of these quantities,
regardless of the destinations to which the updates are being sent;
that is, jitter need not be configured on a per-peer basis.
Rekhter, et al. Standards Track [Page 90]
RFC 4271 BGP-4 January 2006
The suggested default amount of jitter SHALL be determined by
multiplying the base value of the appropriate timer by a random
factor, which is uniformly distributed in the range from 0.75 to 1.0.
A new random value SHOULD be picked each time the timer is set. The
range of the jitter's random value MAY be configurable.
Rekhter, et al. Standards Track [Page 91]
RFC 4271 BGP-4 January 2006
Appendix A. Comparison with RFC 1771
There are numerous editorial changes in comparison to [RFC1771] (too
many to list here).
The following list the technical changes:
Changes to reflect the usage of features such as TCP MD5
[RFC2385], BGP Route Reflectors [RFC2796], BGP Confederations
[RFC3065], and BGP Route Refresh [RFC2918].
Clarification of the use of the BGP Identifier in the AGGREGATOR
attribute.
Procedures for imposing an upper bound on the number of prefixes
that a BGP speaker would accept from a peer.
The ability of a BGP speaker to include more than one instance of
its own AS in the AS_PATH attribute for the purpose of inter-AS
traffic engineering.
Clarification of the various types of NEXT_HOPs.
Clarification of the use of the ATOMIC_AGGREGATE attribute.
The relationship between the immediate next hop, and the next hop
as specified in the NEXT_HOP path attribute.
Clarification of the tie-breaking procedures.
Clarification of the frequency of route advertisements.
Optional Parameter Type 1 (Authentication Information) has been
deprecated.
UPDATE Message Error subcode 7 (AS Routing Loop) has been
deprecated.
OPEN Message Error subcode 5 (Authentication Failure) has been
deprecated.
Use of the Marker field for authentication has been deprecated.
Implementations MUST support TCP MD5 [RFC2385] for authentication.
Clarification of BGP FSM.
Rekhter, et al. Standards Track [Page 92]
RFC 4271 BGP-4 January 2006
Appendix B. Comparison with RFC 1267
All the changes listed in Appendix A, plus the following.
BGP-4 is capable of operating in an environment where a set of
reachable destinations may be expressed via a single IP prefix. The
concept of network classes, or subnetting, is foreign to BGP-4. To
accommodate these capabilities, BGP-4 changes the semantics and
encoding associated with the AS_PATH attribute. New text has been
added to define semantics associated with IP prefixes. These
abilities allow BGP-4 to support the proposed supernetting scheme
[RFC1518, RFC1519].
To simplify configuration, this version introduces a new attribute,
LOCAL_PREF, that facilitates route selection procedures.
The INTER_AS_METRIC attribute has been renamed MULTI_EXIT_DISC.
A new attribute, ATOMIC_AGGREGATE, has been introduced to insure that
certain aggregates are not de-aggregated. Another new attribute,
AGGREGATOR, can be added to aggregate routes to advertise which AS
and which BGP speaker within that AS caused the aggregation.
To ensure that Hold Timers are symmetric, the Hold Timer is now
negotiated on a per-connection basis. Hold Timers of zero are now
supported.
Appendix C. Comparison with RFC 1163
All of the changes listed in Appendices A and B, plus the following.
To detect and recover from BGP connection collision, a new field (BGP
Identifier) has been added to the OPEN message. New text (Section
6.8) has been added to specify the procedure for detecting and
recovering from collision.
The new document no longer restricts the router that is passed in the
NEXT_HOP path attribute to be part of the same Autonomous System as
the BGP Speaker.
The new document optimizes and simplifies the exchange of information
about previously reachable routes.
Rekhter, et al. Standards Track [Page 93]
RFC 4271 BGP-4 January 2006
Appendix D. Comparison with RFC 1105
All of the changes listed in Appendices A, B, and C, plus the
following.
Minor changes to the [RFC1105] Finite State Machine were necessary to
accommodate the TCP user interface provided by BSD version 4.3.
The notion of Up/Down/Horizontal relations presented in RFC 1105 has
been removed from the protocol.
The changes in the message format from RFC 1105 are as follows:
1. The Hold Time field has been removed from the BGP header and
added to the OPEN message.
2. The version field has been removed from the BGP header and
added to the OPEN message.
3. The Link Type field has been removed from the OPEN message.
4. The OPEN CONFIRM message has been eliminated and replaced with
implicit confirmation, provided by the KEEPALIVE message.
5. The format of the UPDATE message has been changed
significantly. New fields were added to the UPDATE message to
support multiple path attributes.
6. The Marker field has been expanded and its role broadened to
support authentication.
Note that quite often BGP, as specified in RFC 1105, is referred to
as BGP-1; BGP, as specified in [RFC1163], is referred to as BGP-2;
BGP, as specified in RFC 1267 is referred to as BGP-3; and BGP, as
specified in this document is referred to as BGP-4.
Appendix E. TCP Options that May Be Used with BGP
If a local system TCP user interface supports the TCP PUSH function,
then each BGP message SHOULD be transmitted with PUSH flag set.
Setting PUSH flag forces BGP messages to be transmitted to the
receiver promptly.
If a local system TCP user interface supports setting the DSCP field
[RFC2474] for TCP connections, then the TCP connection used by BGP
SHOULD be opened with bits 0-2 of the DSCP field set to 110 (binary).
An implementation MUST support the TCP MD5 option [RFC2385].
Rekhter, et al. Standards Track [Page 94]
RFC 4271 BGP-4 January 2006
Appendix F. Implementation Recommendations
This section presents some implementation recommendations.
Appendix F.1. Multiple Networks Per Message
The BGP protocol allows for multiple address prefixes with the same
path attributes to be specified in one message. Using this
capability is highly recommended. With one address prefix per
message there is a substantial increase in overhead in the receiver.
Not only does the system overhead increase due to the reception of
multiple messages, but the overhead of scanning the routing table for
updates to BGP peers and other routing protocols (and sending the
associated messages) is incurred multiple times as well.
One method of building messages that contain many address prefixes
per path attribute set from a routing table that is not organized on
a per path attribute set basis is to build many messages as the
routing table is scanned. As each address prefix is processed, a
message for the associated set of path attributes is allocated, if it
does not exist, and the new address prefix is added to it. If such a
message exists, the new address prefix is appended to it. If the
message lacks the space to hold the new address prefix, it is
transmitted, a new message is allocated, and the new address prefix
is inserted into the new message. When the entire routing table has
been scanned, all allocated messages are sent and their resources are
released. Maximum compression is achieved when all destinations
covered by the address prefixes share a common set of path
attributes, making it possible to send many address prefixes in one
4096-byte message.
When peering with a BGP implementation that does not compress
multiple address prefixes into one message, it may be necessary to
take steps to reduce the overhead from the flood of data received
when a peer is acquired or when a significant network topology change
occurs. One method of doing this is to limit the rate of updates.
This will eliminate the redundant scanning of the routing table to
provide flash updates for BGP peers and other routing protocols. A
disadvantage of this approach is that it increases the propagation
latency of routing information. By choosing a minimum flash update
interval that is not much greater than the time it takes to process
the multiple messages, this latency should be minimized. A better
method would be to read all received messages before sending updates.
Rekhter, et al. Standards Track [Page 95]
RFC 4271 BGP-4 January 2006
Appendix F.2. Reducing Route Flapping
To avoid excessive route flapping, a BGP speaker that needs to
withdraw a destination and send an update about a more specific or
less specific route should combine them into the same UPDATE message.
Appendix F.3. Path Attribute Ordering
Implementations that combine update messages (as described above in
Section 6.1) may prefer to see all path attributes presented in a
known order. This permits them to quickly identify sets of
attributes from different update messages that are semantically
identical. To facilitate this, it is a useful optimization to order
the path attributes according to type code. This optimization is
entirely optional.
Appendix F.4. AS_SET Sorting
Another useful optimization that can be done to simplify this
situation is to sort the AS numbers found in an AS_SET. This
optimization is entirely optional.
Appendix F.5. Control Over Version Negotiation
Because BGP-4 is capable of carrying aggregated routes that cannot be
properly represented in BGP-3, an implementation that supports BGP-4
and another BGP version should provide the capability to only speak
BGP-4 on a per-peer basis.
Appendix F.6. Complex AS_PATH Aggregation
An implementation that chooses to provide a path aggregation
algorithm retaining significant amounts of path information may wish
to use the following procedure:
For the purpose of aggregating AS_PATH attributes of two routes,
we model each AS as a tuple <type, value>, where "type" identifies
a type of the path segment the AS belongs to (e.g., AS_SEQUENCE,
AS_SET), and "value" is the AS number. Two ASes are said to be
the same if their corresponding <type, value> tuples are the same.
The algorithm to aggregate two AS_PATH attributes works as
follows:
a) Identify the same ASes (as defined above) within each
AS_PATH attribute that are in the same relative order within
both AS_PATH attributes. Two ASes, X and Y, are said to be
in the same order if either:
Rekhter, et al. Standards Track [Page 96]
RFC 4271 BGP-4 January 2006
- X precedes Y in both AS_PATH attributes, or
- Y precedes X in both AS_PATH attributes.
b) The aggregated AS_PATH attribute consists of ASes identified
in (a), in exactly the same order as they appear in the
AS_PATH attributes to be aggregated. If two consecutive
ASes identified in (a) do not immediately follow each other
in both of the AS_PATH attributes to be aggregated, then the
intervening ASes (ASes that are between the two consecutive
ASes that are the same) in both attributes are combined into
an AS_SET path segment that consists of the intervening ASes
from both AS_PATH attributes. This segment is then placed
between the two consecutive ASes identified in (a) of the
aggregated attribute. If two consecutive ASes identified in
(a) immediately follow each other in one attribute, but do
not follow in another, then the intervening ASes of the
latter are combined into an AS_SET path segment. This
segment is then placed between the two consecutive ASes
identified in (a) of the aggregated attribute.
c) For each pair of adjacent tuples in the aggregated AS_PATH,
if both tuples have the same type, merge them together if
doing so will not cause a segment of a length greater than
255 to be generated.
If, as a result of the above procedure, a given AS number appears
more than once within the aggregated AS_PATH attribute, all but
the last instance (rightmost occurrence) of that AS number should
be removed from the aggregated AS_PATH attribute.
Security Considerations
A BGP implementation MUST support the authentication mechanism
specified in RFC 2385 [RFC2385]. The authentication provided by this
mechanism could be done on a per-peer basis.
BGP makes use of TCP for reliable transport of its traffic between
peer routers. To provide connection-oriented integrity and data
origin authentication on a point-to-point basis, BGP specifies use of
the mechanism defined in RFC 2385. These services are intended to
detect and reject active wiretapping attacks against the inter-router
TCP connections. Absent the use of mechanisms that effect these
security services, attackers can disrupt these TCP connections and/or
masquerade as a legitimate peer router. Because the mechanism
defined in the RFC does not provide peer-entity authentication, these
connections may be subject to some forms of replay attacks that will
not be detected at the TCP layer. Such attacks might result in
delivery (from TCP) of "broken" or "spoofed" BGP messages.
Rekhter, et al. Standards Track [Page 97]
RFC 4271 BGP-4 January 2006
The mechanism defined in RFC 2385 augments the normal TCP checksum
with a 16-byte message authentication code (MAC) that is computed
over the same data as the TCP checksum. This MAC is based on a one-
way hash function (MD5) and use of a secret key. The key is shared
between peer routers and is used to generate MAC values that are not
readily computed by an attacker who does not have access to the key.
A compliant implementation must support this mechanism, and must
allow a network administrator to activate it on a per-peer basis.
RFC 2385 does not specify a means of managing (e.g., generating,
distributing, and replacing) the keys used to compute the MAC. RFC
3562 [RFC3562] (an informational document) provides some guidance in
this area, and provides rationale to support this guidance. It notes
that a distinct key should be used for communication with each
protected peer. If the same key is used for multiple peers, the
offered security services may be degraded, e.g., due to an increased
risk of compromise at one router that adversely affects other
routers.
The keys used for MAC computation should be changed periodically, to
minimize the impact of a key compromise or successful cryptanalytic
attack. RFC 3562 suggests a crypto period (the interval during which
a key is employed) of, at most, 90 days. More frequent key changes
reduce the likelihood that replay attacks (as described above) will
be feasible. However, absent a standard mechanism for effecting such
changes in a coordinated fashion between peers, one cannot assume
that BGP-4 implementations complying with this RFC will support
frequent key changes.
Obviously, each should key also be chosen to be difficult for an
attacker to guess. The techniques specified in RFC 1750 for random
number generation provide a guide for generation of values that could
be used as keys. RFC 2385 calls for implementations to support keys
"composed of a string of printable ASCII of 80 bytes or less." RFC
3562 suggests keys used in this context be 12 to 24 bytes of random
(pseudo-random) bits. This is fairly consistent with suggestions for
analogous MAC algorithms, which typically employ keys in the range of
16 to 20 bytes. To provide enough random bits at the low end of this
range, RFC 3562 also observes that a typical ACSII text string would
have to be close to the upper bound for the key length specified in
RFC 2385.
BGP vulnerabilities analysis is discussed in [RFC4272].
Rekhter, et al. Standards Track [Page 98]
RFC 4271 BGP-4 January 2006
IANA Considerations
All the BGP messages contain an 8-bit message type, for which IANA
has created and is maintaining a registry entitled "BGP Message
Types". This document defines the following message types:
Name Value Definition
---- ----- ----------
OPEN 1 See Section 4.2
UPDATE 2 See Section 4.3
NOTIFICATION 3 See Section 4.5
KEEPALIVE 4 See Section 4.4
Future assignments are to be made using either the Standards Action
process defined in [RFC2434], or the Early IANA Allocation process
defined in [RFC4020]. Assignments consist of a name and the value.
The BGP UPDATE messages may carry one or more Path Attributes, where
each Attribute contains an 8-bit Attribute Type Code. IANA is
already maintaining such a registry, entitled "BGP Path Attributes".
This document defines the following Path Attributes Type Codes:
Name Value Definition
---- ----- ----------
ORIGIN 1 See Section 5.1.1
AS_PATH 2 See Section 5.1.2
NEXT_HOP 3 See Section 5.1.3
MULTI_EXIT_DISC 4 See Section 5.1.4
LOCAL_PREF 5 See Section 5.1.5
ATOMIC_AGGREGATE 6 See Section 5.1.6
AGGREGATOR 7 See Section 5.1.7
Future assignments are to be made using either the Standards Action
process defined in [RFC2434], or the Early IANA Allocation process
defined in [RFC4020]. Assignments consist of a name and the value.
The BGP NOTIFICATION message carries an 8-bit Error Code, for which
IANA has created and is maintaining a registry entitled "BGP Error
Codes". This document defines the following Error Codes:
Name Value Definition
------------ ----- ----------
Message Header Error 1 Section 6.1
OPEN Message Error 2 Section 6.2
UPDATE Message Error 3 Section 6.3
Hold Timer Expired 4 Section 6.5
Finite State Machine Error 5 Section 6.6
Cease 6 Section 6.7
Rekhter, et al. Standards Track [Page 99]
RFC 4271 BGP-4 January 2006
Future assignments are to be made using either the Standards Action
process defined in [RFC2434], or the Early IANA Allocation process
defined in [RFC4020]. Assignments consist of a name and the value.
The BGP NOTIFICATION message carries an 8-bit Error Subcode, where
each Subcode has to be defined within the context of a particular
Error Code, and thus has to be unique only within that context.
IANA has created and is maintaining a set of registries, "Error
Subcodes", with a separate registry for each BGP Error Code. Future
assignments are to be made using either the Standards Action process
defined in [RFC2434], or the Early IANA Allocation process defined in
[RFC4020]. Assignments consist of a name and the value.
This document defines the following Message Header Error subcodes:
Name Value Definition
-------------------- ----- ----------
Connection Not Synchronized 1 See Section 6.1
Bad Message Length 2 See Section 6.1
Bad Message Type 3 See Section 6.1
This document defines the following OPEN Message Error subcodes:
Name Value Definition
-------------------- ----- ----------
Unsupported Version Number 1 See Section 6.2
Bad Peer AS 2 See Section 6.2
Bad BGP Identifier 3 See Section 6.2
Unsupported Optional Parameter 4 See Section 6.2
[Deprecated] 5 See Appendix A
Unacceptable Hold Time 6 See Section 6.2
This document defines the following UPDATE Message Error subcodes:
Name Value Definition
-------------------- --- ----------
Malformed Attribute List 1 See Section 6.3
Unrecognized Well-known Attribute 2 See Section 6.3
Missing Well-known Attribute 3 See Section 6.3
Attribute Flags Error 4 See Section 6.3
Attribute Length Error 5 See Section 6.3
Invalid ORIGIN Attribute 6 See Section 6.3
[Deprecated] 7 See Appendix A
Invalid NEXT_HOP Attribute 8 See Section 6.3
Optional Attribute Error 9 See Section 6.3
Invalid Network Field 10 See Section 6.3
Malformed AS_PATH 11 See Section 6.3
Rekhter, et al. Standards Track [Page 100]
RFC 4271 BGP-4 January 2006
Normative References
[RFC791] Postel, J., "Internet Protocol", STD 5, RFC 791, September
1981.
[RFC793] Postel, J., "Transmission Control Protocol", STD 7, RFC
793, September 1981.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2385] Heffernan, A., "Protection of BGP Sessions via the TCP MD5
Signature Option", RFC 2385, August 1998.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998.
Informative References
[RFC904] Mills, D., "Exterior Gateway Protocol formal
specification", RFC 904, April 1984.
[RFC1092] Rekhter, J., "EGP and policy based routing in the new
NSFNET backbone", RFC 1092, February 1989.
[RFC1093] Braun, H., "NSFNET routing architecture", RFC 1093,
February 1989.
[RFC1105] Lougheed, K. and Y. Rekhter, "Border Gateway Protocol
(BGP)", RFC 1105, June 1989.
[RFC1163] Lougheed, K. and Y. Rekhter, "Border Gateway Protocol
(BGP)", RFC 1163, June 1990.
[RFC1267] Lougheed, K. and Y. Rekhter, "Border Gateway Protocol 3
(BGP-3)", RFC 1267, October 1991.
[RFC1771] Rekhter, Y. and T. Li, "A Border Gateway Protocol 4 (BGP-
4)", RFC 1771, March 1995.
[RFC1772] Rekhter, Y. and P. Gross, "Application of the Border
Gateway Protocol in the Internet", RFC 1772, March 1995.
[RFC1518] Rekhter, Y. and T. Li, "An Architecture for IP Address
Allocation with CIDR", RFC 1518, September 1993.
Rekhter, et al. Standards Track [Page 101]
RFC 4271 BGP-4 January 2006
[RFC1519] Fuller, V., Li, T., Yu, J., and K. Varadhan, "Classless
Inter-Domain Routing (CIDR): an Address Assignment and
Aggregation Strategy", RFC 1519, September 1993.
[RFC1930] Hawkinson, J. and T. Bates, "Guidelines for creation,
selection, and registration of an Autonomous System (AS)",
BCP 6, RFC 1930, March 1996.
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities
Attribute", RFC 1997, August 1996.
[RFC2439] Villamizar, C., Chandra, R., and R. Govindan, "BGP Route
Flap Damping", RFC 2439, November 1998.
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field (DS Field)
in the IPv4 and IPv6 Headers", RFC 2474, December 1998.
[RFC2796] Bates, T., Chandra, R., and E. Chen, "BGP Route Reflection
- An Alternative to Full Mesh IBGP", RFC 2796, April 2000.
[RFC2858] Bates, T., Rekhter, Y., Chandra, R., and D. Katz,
"Multiprotocol Extensions for BGP-4", RFC 2858, June 2000.
[RFC3392] Chandra, R. and J. Scudder, "Capabilities Advertisement
with BGP-4", RFC 3392, November 2002.
[RFC2918] Chen, E., "Route Refresh Capability for BGP-4", RFC 2918,
September 2000.
[RFC3065] Traina, P., McPherson, D., and J. Scudder, "Autonomous
System Confederations for BGP", RFC 3065, February 2001.
[RFC3562] Leech, M., "Key Management Considerations for the TCP MD5
Signature Option", RFC 3562, July 2003.
[IS10747] "Information Processing Systems - Telecommunications and
Information Exchange between Systems - Protocol for
Exchange of Inter-domain Routeing Information among
Intermediate Systems to Support Forwarding of ISO 8473
PDUs", ISO/IEC IS10747, 1993.
[RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", RFC
4272, January 2006
[RFC4020] Kompella, K. and A. Zinin, "Early IANA Allocation of
Standards Track Code Points", BCP 100, RFC 4020, February
2005.
Rekhter, et al. Standards Track [Page 102]
RFC 4271 BGP-4 January 2006
Editors' Addresses
Yakov Rekhter
Juniper Networks
EMail: yakov@juniper.net
Tony Li
EMail: tony.li@tony.li
Susan Hares
NextHop Technologies, Inc.
825 Victors Way
Ann Arbor, MI 48108
Phone: (734)222-1610
EMail: skh@nexthop.com
Rekhter, et al. Standards Track [Page 103]
RFC 4271 BGP-4 January 2006
Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Rekhter, et al. Standards Track [Page 104]