Technical Tip: BGP unrecognized Capability code
Description
This article discusses about BGP capability Code 71 Long-Lived Graceful Restart (LLGR) and code 70 Enhanced route refresh capability.
Solution
Consider a scenario where the FortiGate has a BGP peering with an ISP (Ex., Cisco).
If BGP debugging is enabled, it is noticed sometimes that the remote end is responding back with the following:
*** If a BGP speaker decides to disallow a BGP connection (e.g., the peer is not configured locally) after the speaker accepts a transport protocol connection, then the BGP speaker SHOULD send a NOTIFICATION message with the Error Code Cease and the Error Subcode "Connection Rejected". ***
Code 71 stands for Long-Lived Graceful Restart (LLGR) Capability.
Code 70 stands for Enhanced Route Refresh Capability.
Note.
The log is received because this capability have been enabled on the remote BGP peer.
FortiGate does not support LLGR (code 71), ERR(code 70) capability in BGP.
The BGP session will not get disconnected due to lack of this feature. However, if the peer not responding then we might need to disable this feature.
Example, we can use the below commands to unset this in cisco router.
Cisco(config-router-neighbor)#
neighbor x.x.x.x dont-capability-negotiate enhanced-refresh
For LLGR, do not configure bgp long-lived-graceful-restart in the cisco.
To check the supported capabilities, run the below commands.
Hence, the timer settings can be controlled as per Graceful restart feature which is listed in documents below.
Related links:
https://www.ietf.org/archive/id/draft-uttaro-idr-bgp-persistence-05.txt
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-high-availability/HA_failoverGraceful.htm
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116189-problemsolution-technology-00.html
All BGP capability codes:
https://www.iana.org/assignments/capability-codes/capability-codes.xhtml
This article discusses about BGP capability Code 71 Long-Lived Graceful Restart (LLGR) and code 70 Enhanced route refresh capability.
Solution
Consider a scenario where the FortiGate has a BGP peering with an ISP (Ex., Cisco).
If BGP debugging is enabled, it is noticed sometimes that the remote end is responding back with the following:
msg="BGP: 173.243.128.1-Outgoing [DECODE] Open Cap: unrecognized capability code 71 len 0"According to RFC 4486, the following information is found for 'Cease/Connection Rejected"=' received from BGP neighbor 173.243.128.1.
msg="BGP: %BGP-3-NOTIFICATION: received from 173.243.128.1 6/5 (Cease/Connection Rejected.) 0 data-bytes []"
msg=”BGP: 10.177.250.1-Outgoing [DECODE] Open Cap: unrecognized capability code 70 len 0”
*** If a BGP speaker decides to disallow a BGP connection (e.g., the peer is not configured locally) after the speaker accepts a transport protocol connection, then the BGP speaker SHOULD send a NOTIFICATION message with the Error Code Cease and the Error Subcode "Connection Rejected". ***
Code 71 stands for Long-Lived Graceful Restart (LLGR) Capability.
Code 70 stands for Enhanced Route Refresh Capability.
Note.
The log is received because this capability have been enabled on the remote BGP peer.
FortiGate does not support LLGR (code 71), ERR(code 70) capability in BGP.
The BGP session will not get disconnected due to lack of this feature. However, if the peer not responding then we might need to disable this feature.
Example, we can use the below commands to unset this in cisco router.
Cisco(config-router-neighbor)#
neighbor x.x.x.x dont-capability-negotiate enhanced-refresh
For LLGR, do not configure bgp long-lived-graceful-restart in the cisco.
To check the supported capabilities, run the below commands.
boson-kvm13 # config router bgpAccording to RFC 4724, Graceful Restart Capability (code 64) is used by a BGP peer to indicate its ability to preserve its forwarding state during BGP restart.
boson-kvm13 (bgp) # config neighbor
boson-kvm13 (neighbor) # edit 1.1.1.1
boson-kvm13 (1.1.1.1) # show full-configuration | grep "set capability"
set capability-dynamic enable
set capability-orf none
set capability-orf6 none
set capability-graceful-restart disable
set capability-graceful-restart6 disable
set capability-route-refresh enable
set capability-default-originate disable
set capability-default-originate6 disable
Hence, the timer settings can be controlled as per Graceful restart feature which is listed in documents below.
Related links:
https://www.ietf.org/archive/id/draft-uttaro-idr-bgp-persistence-05.txt
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-high-availability/HA_failoverGraceful.htm
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116189-problemsolution-technology-00.html
All BGP capability codes:
https://www.iana.org/assignments/capability-codes/capability-codes.xhtml
Related Articles