#

Tuesday, December 18, 2018

Analyzing BGP Neighbor Establishing Packets

Let's just take 2 routers and configure very basic BGP and take a look at how the packets are exchanged to form the neighbor relationship.







For iBGP

Forming iBGP neighbors using the following configuration..








Download the packet capture file from here.









You can see the TCP connection establishing packets and then the OPEN sent messages and then the KEEP ALIVES.

As you can see in the capture, router 2.2.2.2 is sending the 1st TCP SYN to initiate the connection from its random source port 47655 to the destination source port 179.

You can see who initiated the connection from the following command in IOS..


In the above output, the router with the random port is always the initiator..

As you can see in the config of R1, there is an NLRI configured to advertise. It is going through an UPDATE message which is not showing in the above screenshot. The contents of that message is like the following.. (click on the image to view in full size)





















For eBGP

Forming eBGP neighbors using the following configuration..







Download the packet capture file from here.







Looks like there is nothing much different in iBGP & eBGP packet flow..
by at
Tags

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)