-
Notifications
You must be signed in to change notification settings - Fork 462
BGP State Machine
Understanding BGP's RFC 4271 State Machine
The BGP Finite State Machine (FSM) defines the behavior of BGP sessions as they progress through connection establishment, capability negotiation, and route exchange. Understanding the FSM is essential for troubleshooting BGP sessions and understanding ExaBGP's behavior.
- Overview
- State Machine States
- State Descriptions
- State Transitions
- Common State Transition Scenarios
- ExaBGP FSM Behavior
- Troubleshooting with State Machine Knowledge
- See Also
- References
Reference: RFC 4271 Section 8 - BGP Finite State Machine
The BGP FSM consists of six states that a BGP session transitions through:
ββββββββ Start βββββββββββ TCP Success ββββββββββββ OPEN Sent ββββββββββββ
β Idle βββββββββ>β Connect βββββββββββββββ>β Active βββββββββββββ>β OpenSent β
ββββββββ βββββββββββ ββββββββββββ ββββββββββββ
^ β β β
β β TCP Fail β β
β v β β
β βββββββββββ β β
β β Idle β<ββββββββββββββββββββ β
β βββββββββββ β
β β
β ββββββββββββββ KA Received βββββββββββββββ
β β OpenConfirmβ<βββββββββββββββ Established β
β<ββββββββββββββββββββββββββββββββββββββββββββββββββ βββββββββββββββ
(Any error) β
β
(Routes exchanged)
| State | Number | Description | Next State (Success) |
|---|---|---|---|
| Idle | 1 | Initial state, awaiting Start event | Connect |
| Connect | 2 | Attempting TCP connection | OpenSent |
| Active | 3 | Retrying TCP connection after failure | OpenSent |
| OpenSent | 4 | TCP connected, OPEN message sent | OpenConfirm |
| OpenConfirm | 5 | OPEN received, KEEPALIVE sent | Established |
| Established | 6 | Peering session active, routes exchanged | (Session active) |
Waiting for Start event, normally initiated by operator (establishing new BGP session or resetting an existing session). After errors, BGP falls back to the Idle state.
Characteristics:
- No resources allocated
- No TCP connection
- Waiting for administrative or automatic start
Transitions: After a Start event, BGP:
- Initializes all BGP resources
- Resets ConnectRetryTimer
- Initiates TCP transport connection
- Listens for connections initiated by remote peer
- Moves to Connect state
Triggers:
- Manual BGP session start
- Automatic restart after error
- Configuration change
BGP is waiting for transport protocol connection to complete.
Characteristics:
- TCP connection in progress
- ConnectRetryTimer running
- Listening for incoming connections
Possible Transitions:
- TCP connection succeeds β OpenSent state, send OPEN message
- TCP connection fails β Active state
- ConnectRetryTimer expires β Remain in Connect, reset timer, retry connection
- Other events β Idle state
Typical Duration: Milliseconds to seconds (depending on network latency)
BGP is trying to initiate a transport protocol connection and acquire a peer.
Characteristics:
- Previous TCP connection attempt failed
- Actively retrying connection
- Still listening for incoming connections
- ConnectRetryTimer running
Possible Transitions:
- TCP connection succeeds β OpenSent state, send OPEN message
- ConnectRetryTimer expires β Restart timer, fall back to Connect state
- Incoming connection from peer β OpenSent state
- Other events β Idle state
Common Causes:
- Network unreachable
- Firewall blocking connection
- Peer not listening
- Incorrect peer IP/port
TCP connection established, OPEN message sent, waiting for OPEN from peer.
Characteristics:
- TCP session active
- OPEN message sent to peer
- Waiting for peer's OPEN message
- Validating peer's OPEN parameters
OPEN Message Validation: BGP checks:
- BGP version (must be 4)
- Peer AS number (matches configuration)
- BGP Identifier (valid, non-zero)
- Optional Parameters (capabilities)
Possible Transitions:
- Valid OPEN received β OpenConfirm state, send KEEPALIVE
- Invalid OPEN received β Send NOTIFICATION, return to Idle
- TCP connection fails β Idle state
- HoldTimer expires β Send NOTIFICATION, return to Idle
OPEN messages exchanged, KEEPALIVE sent, waiting for KEEPALIVE from peer.
Characteristics:
- Both OPEN messages validated
- KEEPALIVE sent to peer
- Waiting for peer's KEEPALIVE
- Almost ready for route exchange
Possible Transitions:
- KEEPALIVE received β Established state (session UP!)
- TCP connection fails β Idle state
- NOTIFICATION received β Idle state
- HoldTimer expires β Send NOTIFICATION, return to Idle
Typical Duration: Very brief (milliseconds)
BGP session is fully established and operational.
Characteristics:
- Peering session active
- Routes being exchanged (UPDATE messages)
- KEEPALIVE messages sent periodically
- Monitoring peer liveness
Activities:
- Receive UPDATEs: Process route advertisements
- Send UPDATEs: Announce local routes
- Send KEEPALIVEs: Maintain session liveness
- Monitor HoldTimer: Detect peer failure
Possible Transitions:
- NOTIFICATION received β Idle state
- TCP connection fails β Idle state
- HoldTimer expires β Send NOTIFICATION, return to Idle
- Administrative shutdown β Send NOTIFICATION, return to Idle
| Event | Description |
|---|---|
| Start | Manual/automatic session initialization |
| TCP Connection Valid | TCP three-way handshake succeeds |
| TCP Connection Fails | TCP connection refused/times out |
| BGP Open (valid) | Valid OPEN message received |
| BGP Open (invalid) | Invalid OPEN message received |
| BGP Header Error | Malformed BGP message |
| Keepalive Message | KEEPALIVE received |
| Update Message | UPDATE received |
| Notification Message | NOTIFICATION received (error) |
| Hold Timer Expires | No message received within HoldTime |
| ConnectRetry Timer Expires | Connection retry timeout |
Idle β Connect β OpenSent β OpenConfirm β Established
(Start) (TCP OK) (OPEN OK) (KEEPALIVE)
Timeline (typical):
- Idle: 0ms - Administrator enables BGP
- Connect: 0-100ms - TCP SYN, SYN-ACK, ACK
- OpenSent: 0-10ms - Send OPEN, receive OPEN
- OpenConfirm: 0-5ms - Send KEEPALIVE, receive KEEPALIVE
- Established: Session active
Total time: 10ms - 200ms (typical)
Idle β Connect β Active β Connect β Active β ...
(Start) (TCP fail) (Retry) (Fail)
Behavior:
- Oscillates between Connect and Active states
- ConnectRetryTimer governs retry interval
- Eventually gives up or succeeds
Idle β Connect β OpenSent β Idle
(Start) (TCP OK) (Bad OPEN, NOTIFICATION)
Common Reasons:
- AS number mismatch
- Unsupported BGP version
- Bad BGP Identifier (0.0.0.0 or duplicate)
- Unsupported capabilities
Idle β ... β Established β Idle
(NOTIFICATION or TCP fail)
Common Causes:
- Invalid UPDATE message
- HoldTimer expiration (peer dead)
- TCP connection lost
- Administrative shutdown
Standard Compliance:
- β Fully RFC 4271 compliant FSM
- β All six states implemented
- β Proper timer handling (HoldTimer, ConnectRetryTimer)
ExaBGP-Specific Behavior:
- API Control: Your program can trigger Start events
- Graceful Restart: RFC 4724 extends FSM with restart state
- Connection Collision Detection: RFC 4271 Section 6.8
- API Notifications: ExaBGP sends FSM state changes to your program
State Change Notifications (Text API):
neighbor 192.0.2.1 state idle
neighbor 192.0.2.1 state connect
neighbor 192.0.2.1 state active
neighbor 192.0.2.1 state opensent
neighbor 192.0.2.1 state openconfirm
neighbor 192.0.2.1 state established
JSON API:
{
"exabgp": "5.0",
"time": 1699564800,
"neighbor": {
"address": {"peer": "192.0.2.1"},
"state": "established"
},
"type": "state"
}Symptom: BGP stays in Connect state
Possible Causes:
- Firewall blocking TCP/179
- Peer not reachable (routing issue)
- Peer not listening on TCP/179
- Wrong IP address configured
Debugging:
# Check TCP connectivity
telnet 192.0.2.1 179
# Check ExaBGP logs
env exabgp.log.level=DEBUG exabgp /etc/exabgp/exabgp.conf
# Look for:
# "connecting to peer 192.0.2.1"
# "connection refused" or "connection timeout"Symptom: BGP oscillates between Connect and Active
Possible Causes:
- Same as Connect state
- TCP connection fails repeatedly
Debugging:
# Check if peer is trying to connect to you
tcpdump -i eth0 'tcp port 179'
# Check firewall
iptables -L -n | grep 179Symptom: TCP connected, but no OPEN received
Possible Causes:
- Peer waiting for OPEN from you (version mismatch)
- Peer rejecting your OPEN (sending NOTIFICATION)
- HoldTimer too short
Debugging:
# ExaBGP logs show OPEN rejection reason
env exabgp.log.level=DEBUG exabgp /etc/exabgp/exabgp.conf
# Look for:
# "received notification"
# "bad peer as" or "unsupported version"Common Errors:
-
AS mismatch:
peer-as 65001in config doesn't match peer's AS - Router-ID conflict: Duplicate router-id (not unique)
- Capability mismatch: Peer doesn't support required capability
Symptom: Session goes Established β Idle repeatedly
Possible Causes:
- HoldTimer expiration (peer not sending KEEPALIVEs)
- Invalid UPDATE messages
- TCP connection instability
- Your API program crashes
Debugging:
# Check for NOTIFICATION messages
env exabgp.log.level=DEBUG exabgp /etc/exabgp/exabgp.conf
# Look for:
# "received notification"
# "hold timer expired"
# "invalid update message"
# Check if your API process is crashing
ps aux | grep your-api-program- RFC 4271 - BGP-4 - Complete BGP specification
- Operations: Debugging - Troubleshooting BGP sessions
- Configuration: Neighbor Configuration - BGP timers
- API: Error Handling - Handling FSM state changes
- Features: Graceful Restart - FSM extensions for restart
-
RFC 4271 - A Border Gateway Protocol 4 (BGP-4)
- Section 8: BGP Finite State Machine
- Section 6.8: BGP Connection Collision Detection
- RFC 4724 - Graceful Restart Mechanism for BGP
- Netcraftsmen BGP FSM Article - Classic FSM reference
-
ExaBGP Source:
src/exabgp/bgp/neighbor.py- FSM implementation
π» Ghost written by Claude (Anthropic AI)
π Home
π Getting Started
π§ API
π‘οΈ Use Cases
π Address Families
βοΈ Configuration
π Operations
π Reference
- Architecture
- BGP State Machine
- Communities (RFC)
- Extended Communities
- BGP Ecosystem
- Capabilities (AFI/SAFI)
- RFC Support
π Migration
π Community
π External
- GitHub Repo β
- Slack β
- Issues β
π» Ghost written by Claude (Anthropic AI)