BGP open message receives a TCP RST

On this micro post, I would like to show one reason why a BGP open message receives a TCP RST. For this test, I set up a BGP neighborship between two peers: PeerA(10.82.1.9) and PeerB(10.82.1.10)

PeerA initiates the connection and look what happens in the packet capture.

bgp-open-reset

According to the sequence, TCP seems to have established properly. 3WAY handshake is done and PeerA thinks it can send its capabilities in its OPEN message and it actually sends it but something weird happens. Remote side PeerB first closes the connection [FIN,ACK] and then sends a RST segment to our OPEN message but why does he do that?

The thing is that OPEN message is some sort of sync call towards the other peer. We try to understand what each peer supports and on this particular example, we sent e.g Graceful restart, Route Refresh capabilities etc. PeerB might not have liked them? If it did, then we should have received an application level error instead of a RST.

The real issue here is that PeerB’s BGP configuration is disabled 🙂

BGP daemon is actually running because of which we established the 3 way handshake but application(BGP) has to understand by sending OPEN message to see if the other side is willing to co-operate and if we look at PeerA’s BGP state, we can see that it actively tries to establish BGP.

In order to distinguish an application level error and transport level response, I enable BGP but put an incorrect AS number.

and see how the packet capture looks like this time.

bgp-open-error

hmm, now it is a different one. Now initiator is PeerB(10.82.1.10). It sends in its OPEN message that its AS number is 8500 and PeerA sends its own AS number as 600 but we put in the configuration that we expect 1000 not 600. This is causing BGP to send the NOTIFICATION in which you see the message “Bad Peer AS”

and if we check the neighbor status on the side that sent the NOTIFICATION, we can clearly see the OPEN Message Error.

From this, we can conclude that if we receive an OPEN response, we don’t have a problem with the neighbor IP address but some BGP parameter.

You have a feedback?