|
Background :
FortiGate F7 and F6 are configured with BGP to learn dynamic routing.
172.16.20.0 F7 -- ISP------f6--172.16.30.0
After the BGP configuration, the below notification message in the FortiGate can appear when BGP peers are exchanging the messages.
f6 # BGP: 7.7.7.7-Outgoing [DECODE] Open: Invalid Router ID 6.6.6.6
BGP: 7.7.7.7-Outgoing [DECODE] Open: Invalid Router ID 6.6.6.6
f7 # BGP: 6.6.6.6-Outgoing [DECODE] Open: Invalid Router ID 6.6.6.6
BGP: 6.6.6.6-Outgoing [DECODE] Open: Invalid Router ID 6.6.6.6
The root cause of the issue here is F7 is configured with router ID as 6.6.6.6 which is also the router ID of F6 (F6 loopback interface IP).
F6 BGP configuration:
# config router bgp
set as 64500
config neighbor
edit "7.7.7.7"
set remote-as 64500
set update-source "loopback_F6"
next
end
# config network
edit 1
set prefix 172.16.30.0 255.255.255.0
next
end
F7 BGP configuration:
# config router bgp
set as 64500
set router-id 6.6.6.6 <-----
edit "6.6.6.6"
set shutdown enable
set remote-as 64500
set update-source "loopback_F7"
next
end
Debug will as below:
When F6 gets open message from F7 it will see the router id as 6.6.6.6 which is same as its Router ID and sends Notification Error Message:
'OPEN Message Error/Bad BGP Identifier'.
7 7.7.7.7 6.6.6.6 9954 → 179 [SYN] Seq=325784709 Win=65535 Len=0 MSS=1460 SACK_PERM=1 TSval=344223 TSecr=0 WS=16384
8 6.6.6.6 7.7.7.7 179 → 9954 [SYN, ACK] Seq=1393989951 Ack=325784710 Win=65535 Len=0 MSS=1460 SACK_PERM=1 TSval=344414 TSecr=344223 WS=16384
9 7.7.7.7 6.6.6.6 9954 → 179 [ACK] Seq=325784710 Ack=1393989952 Win=180224 Len=0 TSval=344223 TSecr=344414
10 7.7.7.7 6.6.6.6 OPEN Message
11 6.6.6.6 7.7.7.7 179 → 9954 [ACK] Seq=1393989952 Ack=325784771 Win=180224 Len=0 TSval=344414 TSecr=344223
12 6.6.6.6 7.7.7.7 OPEN Message
13 7.7.7.7 6.6.6.6 9954 → 179 [ACK] Seq=325784771 Ack=1393990013 Win=180224 Len=0 TSval=344223 TSecr=344415
14 6.6.6.6 7.7.7.7 NOTIFICATION Message
15 7.7.7.7 6.6.6.6 9954 → 179 [ACK] Seq=325784771 Ack=1393990038 Win=180224 Len=0 TSval=344223 TSecr=344415
16 6.6.6.6 7.7.7.7 179 → 9954 [FIN, ACK] Seq=1393990038 Ack=325784771 Win=180224 Len=0 TSval=344415 TSecr=344223
17 7.7.7.7 6.6.6.6 NOTIFICATION Message
18 7.7.7.7 6.6.6.6 9954 → 179 [FIN, ACK] Seq=325784796 Ack=1393990039 Win=180224 Len=0 TSval=344223 TSecr=344415
19 6.6.6.6 7.7.7.7 179 → 9954 [RST] Seq=1393990039 Win=0 Len=0
20 6.6.6.6 7.7.7.7 179 → 9954 [RST] Seq=1393990039 Win=0 Len=0
10th packet:
Packet comments
Frame 10: 127 bytes on wire (1016 bits), 127 bytes captured (1016 bits) on interface port1, id 0
Ethernet II, Src: 50:00:00:08:00:00 (50:00:00:08:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 7.7.7.7, Dst: 6.6.6.6
Transmission Control Protocol, Src Port: 9954, Dst Port: 179, Seq: 325784710, Ack: 1393989952, Len: 61
Border Gateway Protocol - OPEN Message
Marker: ffffffffffffffffffffffffffffffff
Length: 61
Type: OPEN Message (1)
Version: 4
My AS: 64500
Hold Time: 180
BGP Identifier: 6.6.6.6
Optional Parameters Length: 32
Optional Parameters
12th packet:
Packet comments
Frame 12: 127 bytes on wire (1016 bits), 127 bytes captured (1016 bits) on interface port1, id 0
Ethernet II, Src: 50:00:00:07:00:01 (50:00:00:07:00:01), Dst: 00:00:00_00:00:01 (00:00:00:00:00:01)
Internet Protocol Version 4, Src: 6.6.6.6, Dst: 7.7.7.7
Transmission Control Protocol, Src Port: 179, Dst Port: 9954, Seq: 1393989952, Ack: 325784771, Len: 61
Border Gateway Protocol - OPEN Message
Marker: ffffffffffffffffffffffffffffffff
Length: 61
Type: OPEN Message (1)
Version: 4
My AS: 64500
Hold Time: 180
BGP Identifier: 6.6.6.6
Optional Parameters Length: 32
Optional Parameters
14th packet:
Packet comments
Frame 14: 91 bytes on wire (728 bits), 91 bytes captured (728 bits) on interface port1, id 0
Ethernet II, Src: 50:00:00:07:00:01 (50:00:00:07:00:01), Dst: 00:00:00_00:00:01 (00:00:00:00:00:01)
Internet Protocol Version 4, Src: 6.6.6.6, Dst: 7.7.7.7
Transmission Control Protocol, Src Port: 179, Dst Port: 9954, Seq: 1393990013, Ack: 325784771, Len: 25
Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 25
Type: NOTIFICATION Message (3)
Major error Code: OPEN Message Error (2)
Minor error Code (Open Message): Bad BGP Identifier (3)
Data: 06060606
17th packet:
Packet comments
Frame 17: 91 bytes on wire (728 bits), 91 bytes captured (728 bits) on interface port1, id 0
Ethernet II, Src: 50:00:00:08:00:00 (50:00:00:08:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 7.7.7.7, Dst: 6.6.6.6
Transmission Control Protocol, Src Port: 9954, Dst Port: 179, Seq: 325784771, Ack: 1393990039, Len: 25
Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 25
Type: NOTIFICATION Message (3)
Major error Code: OPEN Message Error (2)
Minor error Code (Open Message): Bad BGP Identifier (3)
Data: 06060606
F6;
BGP: 7.7.7.7-Outgoing [FSM] State: Active Event: 14
BGP: 7.7.7.7-Outgoing [FSM] InConnReq: Accepting...
BGP: 7.7.7.7-Outgoing [NETWORK] FD=28, Sock Status: 0-Success
BGP: 7.7.7.7-Outgoing [FSM] State: Active Event: 17
BGP: 7.7.7.7-Outgoing [ENCODE] Msg-Hdr: Type 1
BGP: 7.7.7.7-Outgoing [ENCODE] Open: Ver 4 MyAS 64500 Holdtime 180
BGP: 7.7.7.7-Outgoing [ENCODE] Open: Msg-Size 61
BGP: 7.7.7.7-Outgoing [DECODE] Msg-Hdr: type 1, length 61
BGP: 7.7.7.7-Outgoing [DECODE] Open: Invalid Router ID 6.6.6.6 <<<<<<<<<<<<
BGP: 7.7.7.7-Outgoing [FSM] State: OpenSent Event: 22
BGP: 7.7.7.7-Outgoing [ENCODE] Msg-Hdr: Type 3
BGP: %BGP-3-NOTIFICATION: sending to 7.7.7.7 2/3 (OPEN Message Error/Bad BGP Identifier.) 4 data-bytes [06 06 06 06]
========================
Due to this we will see continues notification message in the CLI.
Solution.
F6:
Configure the correct router-id or leave it blank so that fortigate will choose the highest loopback interface ip or highest interface ip as router ID.
Make sure Router ID is not get conflict with remote peer router ID
|
