Solved: BGP open Sent Issue

mautez_mah · ‎12-15-2021

Hi

I have watched a video in INE showing issue in BGP stuck in BGP open Sent ,
the issue was ACL allow only TCP ( Syn . syn ack ) and deny all for three way handshake ,
my question is :
I know BGP use TCP and as per Books if TCP is success it will go from Active/connect to open otherwise will stuck between Active/Down ,
but why it was showing in Video that if there is issue in TCP it stuck in open sent
official book mentioned TCP ( Idel/connect/active) ... BGP ( open , open confirm , Establish )

below is link for reference
https://networklessons.com/bgp/bgp-neighbor-adjacency-states

pman · ‎12-16-2021

Hi,

Usually BGP gets stuck on OpenSent because of incorrect details such as remote-as not defined correctly / MD5 password mismatch / BGP version mismatch or the routing is incorrect.

OpenSent:

In this state, BGP FSM waits for an OPEN message from its peer.

https://datatracker.ietf.org/doc/html/rfc4271#section-4.2

View solution in original post

pman · ‎12-21-2021

Hi,

I filtered cases where the status changed to OpenSent from other status or from OpenSent to another status

from rfc4271:

from connect State:

      If the DelayOpenTimer_Expires event (Event 12) occurs in the
      Connect state, the local system:
        - sends an OPEN message to its peer,
        - sets the HoldTimer to a large value, and
        - changes its state to OpenSent.

      If the DelayOpen attribute is set to FALSE, the local system:
        - stops the ConnectRetryTimer (if running) and sets the
          ConnectRetryTimer to zero,
        - completes BGP initialization
        - sends an OPEN message to its peer,
        - sets the HoldTimer to a large value, and
        - changes its state to OpenSent.

from Active State:

      In response to a ManualStop event (Event 2), the local system:
        - If the DelayOpenTimer is running and the
          SendNOTIFICATIONwithoutOPEN session attribute is set, the
          local system sends a NOTIFICATION with a Cease,
        - releases all BGP resources including stopping the
          DelayOpenTimer
        - drops the TCP connection,
        - sets ConnectRetryCounter to zero,
        - stops the ConnectRetryTimer and sets the ConnectRetryTimer to
          zero, and
        - changes its state to Idle.

      If the local system receives a DelayOpenTimer_Expires event (Event
      12), the local system:
        - sets the ConnectRetryTimer to zero,
        - stops and clears the DelayOpenTimer (set to zero),
        - completes the BGP initialization,
        - sends the OPEN message to its remote peer,
        - sets its hold timer to a large value, and
        - changes its state to OpenSent.

        If the DelayOpen attribute is set to FALSE, the local system:
          - sets the ConnectRetryTimer to zero,
          - completes the BGP initialization,
          - sends the OPEN message to its peer,
          - sets its HoldTimer to a large value, and
          - changes its state to OpenSent.

from OpenSent State:

      If a ManualStop event (Event 2) is issued in the OpenSent state,
      the local system:
        - sends the NOTIFICATION with a Cease,
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection,
        - sets the ConnectRetryCounter to zero, and
        - changes its state to Idle.

      If an AutomaticStop event (Event  is issued in the OpenSent
      state, the local system:
        - sends the NOTIFICATION with a Cease,
        - sets the ConnectRetryTimer to zero,
        - releases all the BGP resources,
        - drops the TCP connection,
        - increments the ConnectRetryCounter by 1,
        - (optionally) performs peer oscillation damping if the
          DampPeerOscillations attribute is set to TRUE, and
        - changes its state to Idle.

      If the HoldTimer_Expires (Event 10), the local system:
        - sends a NOTIFICATION message with the error code Hold Timer
          Expired,
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection,
        - increments the ConnectRetryCounter,
        - (optionally) performs peer oscillation damping if the
          DampPeerOscillations attribute is set to TRUE, and
        - changes its state to Idle.

      If a TcpConnectionFails event (Event 18) is received, the local
      system:
        - closes the BGP connection,
        - restarts the ConnectRetryTimer,
        - continues to listen for a connection that may be initiated by
          the remote BGP peer, and
        - changes its state to Active.

      When an OPEN message is received, all fields are checked for
      correctness.  If there are no errors in the OPEN message (Event
      19), the local system:
        - resets the DelayOpenTimer to zero,
        - sets the BGP ConnectRetryTimer to zero,
        - sends a KEEPALIVE message, and
        - sets a KeepaliveTimer (via the text below)
        - sets the HoldTimer according to the negotiated value (see
          Section 4.2),
        - changes its state to OpenConfirm.

      If the BGP message header checking (Event 21) or OPEN message
      checking detects an error (Event 22)(see Section 6.2), the local
      system:
        - sends a NOTIFICATION message with the appropriate error code,
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection,
        - increments the ConnectRetryCounter by 1,
        - (optionally) performs peer oscillation damping if the
          DampPeerOscillations attribute is TRUE, and
        - changes its state to Idle.

      If a connection in the OpenSent state is determined to be the
      connection that must be closed, an OpenCollisionDump (Event 23) is
      signaled to the state machine.  If such an event is received in
      the OpenSent state, the local system:
        - sends a NOTIFICATION with a Cease,
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection,
        - increments the ConnectRetryCounter by 1,
        - (optionally) performs peer oscillation damping if the
          DampPeerOscillations attribute is set to TRUE, and
        - changes its state to Idle.

      If a NOTIFICATION message is received with a version error (Event 24), the local system:
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection, and
        - changes its state to Idle.

     In response to any other event (Events 9, 11-13, 20, 25-28), the
      local system:
        - sends the NOTIFICATION with the Error Code Finite State
          Machine Error,
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection,
        - increments the ConnectRetryCounter by 1
        - (optionally) performs peer oscillation damping if the
          DampPeerOscillations attribute is set to TRUE, and
        - changes its state to Idle

View solution in original post

pman · ‎12-16-2021

Hi,

Usually BGP gets stuck on OpenSent because of incorrect details such as remote-as not defined correctly / MD5 password mismatch / BGP version mismatch or the routing is incorrect.

OpenSent:

In this state, BGP FSM waits for an OPEN message from its peer.

https://datatracker.ietf.org/doc/html/rfc4271#section-4.2

mautez_mah · ‎12-16-2021

hi @pman
many thanks

but why in Official book mentioned like below
Active: BGP will try another TCP three-way handshake to establish a connection with the remote BGP neighbor. If it is successful, it will move to the OpenSent state.
( IF TCP success ) but here TCP is not Success so it should still in Active right ?

pman · ‎12-16-2021

In Active state, the BGP device keeps trying to establish a TCP connection with the peer.

If the TCP connection established, the BGP device sends an Open message to the peer closes the Connect Retry timer, and changes to OpenSent state.
If the TCP connection fails to established the BGP device stays in the Active state.
If the BGP device does not receive a response from the peer before the Connect Retry timer expires the BGP device returns to Connect state.

mautez_mah · ‎12-19-2021

@pman

Thanks , could you share with me all tables that you shared in first comment,

it seems a good explanation

pman · ‎12-21-2021

Hi,

I filtered cases where the status changed to OpenSent from other status or from OpenSent to another status

from rfc4271:

from connect State:

      If the DelayOpenTimer_Expires event (Event 12) occurs in the
      Connect state, the local system:
        - sends an OPEN message to its peer,
        - sets the HoldTimer to a large value, and
        - changes its state to OpenSent.

      If the DelayOpen attribute is set to FALSE, the local system:
        - stops the ConnectRetryTimer (if running) and sets the
          ConnectRetryTimer to zero,
        - completes BGP initialization
        - sends an OPEN message to its peer,
        - sets the HoldTimer to a large value, and
        - changes its state to OpenSent.

from Active State:

      In response to a ManualStop event (Event 2), the local system:
        - If the DelayOpenTimer is running and the
          SendNOTIFICATIONwithoutOPEN session attribute is set, the
          local system sends a NOTIFICATION with a Cease,
        - releases all BGP resources including stopping the
          DelayOpenTimer
        - drops the TCP connection,
        - sets ConnectRetryCounter to zero,
        - stops the ConnectRetryTimer and sets the ConnectRetryTimer to
          zero, and
        - changes its state to Idle.

      If the local system receives a DelayOpenTimer_Expires event (Event
      12), the local system:
        - sets the ConnectRetryTimer to zero,
        - stops and clears the DelayOpenTimer (set to zero),
        - completes the BGP initialization,
        - sends the OPEN message to its remote peer,
        - sets its hold timer to a large value, and
        - changes its state to OpenSent.

        If the DelayOpen attribute is set to FALSE, the local system:
          - sets the ConnectRetryTimer to zero,
          - completes the BGP initialization,
          - sends the OPEN message to its peer,
          - sets its HoldTimer to a large value, and
          - changes its state to OpenSent.

from OpenSent State:

      If a ManualStop event (Event 2) is issued in the OpenSent state,
      the local system:
        - sends the NOTIFICATION with a Cease,
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection,
        - sets the ConnectRetryCounter to zero, and
        - changes its state to Idle.

      If an AutomaticStop event (Event  is issued in the OpenSent
      state, the local system:
        - sends the NOTIFICATION with a Cease,
        - sets the ConnectRetryTimer to zero,
        - releases all the BGP resources,
        - drops the TCP connection,
        - increments the ConnectRetryCounter by 1,
        - (optionally) performs peer oscillation damping if the
          DampPeerOscillations attribute is set to TRUE, and
        - changes its state to Idle.

      If the HoldTimer_Expires (Event 10), the local system:
        - sends a NOTIFICATION message with the error code Hold Timer
          Expired,
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection,
        - increments the ConnectRetryCounter,
        - (optionally) performs peer oscillation damping if the
          DampPeerOscillations attribute is set to TRUE, and
        - changes its state to Idle.

      If a TcpConnectionFails event (Event 18) is received, the local
      system:
        - closes the BGP connection,
        - restarts the ConnectRetryTimer,
        - continues to listen for a connection that may be initiated by
          the remote BGP peer, and
        - changes its state to Active.

      When an OPEN message is received, all fields are checked for
      correctness.  If there are no errors in the OPEN message (Event
      19), the local system:
        - resets the DelayOpenTimer to zero,
        - sets the BGP ConnectRetryTimer to zero,
        - sends a KEEPALIVE message, and
        - sets a KeepaliveTimer (via the text below)
        - sets the HoldTimer according to the negotiated value (see
          Section 4.2),
        - changes its state to OpenConfirm.

      If the BGP message header checking (Event 21) or OPEN message
      checking detects an error (Event 22)(see Section 6.2), the local
      system:
        - sends a NOTIFICATION message with the appropriate error code,
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection,
        - increments the ConnectRetryCounter by 1,
        - (optionally) performs peer oscillation damping if the
          DampPeerOscillations attribute is TRUE, and
        - changes its state to Idle.

      If a connection in the OpenSent state is determined to be the
      connection that must be closed, an OpenCollisionDump (Event 23) is
      signaled to the state machine.  If such an event is received in
      the OpenSent state, the local system:
        - sends a NOTIFICATION with a Cease,
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection,
        - increments the ConnectRetryCounter by 1,
        - (optionally) performs peer oscillation damping if the
          DampPeerOscillations attribute is set to TRUE, and
        - changes its state to Idle.

      If a NOTIFICATION message is received with a version error (Event 24), the local system:
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection, and
        - changes its state to Idle.

     In response to any other event (Events 9, 11-13, 20, 25-28), the
      local system:
        - sends the NOTIFICATION with the Error Code Finite State
          Machine Error,
        - sets the ConnectRetryTimer to zero,
        - releases all BGP resources,
        - drops the TCP connection,
        - increments the ConnectRetryCounter by 1
        - (optionally) performs peer oscillation damping if the
          DampPeerOscillations attribute is set to TRUE, and
        - changes its state to Idle