View Only


This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.

  • 1.  Can BGP be Completely Disabled for neighbors?

    Posted 04-18-2022 16:03
    Was wondering if anyone else has come across this. I thought I had disabled BGP peering and communication with a peer by using the command:
    deactivate protocol bgp group groupname neighbor neighbor
    However the peer informed me that he was still seeing BGP notification messages in his router log from my router, so I tried:
    set protocol bgp group groupname neighbor neighbor shutdown
    Finally I had to disable the IRB interface for the log messages to stop appearing.
    There was no peer establishment during any of this, but I was suprised my router was still sending out notifications to my neighbor.
    When I lab tested these commands I never looked at the neighbor logs -  just used the "show bgp summary" output for confirmation of peer non-establishment, so I assumed all BGP communication had stopped when the deactivate or shutdown commands were issued.

  • 2.  RE: Can BGP be Completely Disabled for neighbors?

    Posted 04-19-2022 12:59

    both commands will disable BGP, but the problem with those notifications is that your router will still receive connections request, if you want to prevent a neighbor to try to connect with you, what you need to do is block it using a firewall filter, it can be on the IRB you had for the BGP neighborship, or directly in the loopback, either will cause the connection request to be drop preventing notifications to be send out. 



  • 3.  RE: Can BGP be Completely Disabled for neighbors?

    Posted 04-19-2022 14:31

    The issue is not that I am receiving the notifications from my  neighbor, but that my neighbor is receiving them from my router which is supposed to have BGP disabled to that neighhbor.

  • 4.  RE: Can BGP be Completely Disabled for neighbors?

    Posted 04-19-2022 16:17
    Yes, I understand, and the answer is the same. As long as your control plane is listening to port 179, you will send notifications to any non-configured/disabled/deactivated neighbor that tries to connect.

    Blocking the non-configured neighbors is the best practice.



  • 5.  RE: Can BGP be Completely Disabled for neighbors?

    Posted 04-19-2022 16:17
    i meant to say port 179*


  • 6.  RE: Can BGP be Completely Disabled for neighbors?

    Posted 04-20-2022 10:59
    Does the peer have a BGP configuration pointing towards your router? 
    If yes, then this is expected behaviour. 
    In this case, the peer (that is receiving BGP Notification messages) will send an OPEN message after the initial TCP handshake. As on your router, the BGP neighbor is deactivated/shutdown, it will send a NOTIFICATION message rejecting the connection, as shown below. SEND and RECEIVE are from the peer's perspective.

    BGP SEND ->
    BGP SEND message type 1 (Open) length 63
    BGP SEND version 4 as 65300 holdtime 90 id parmlen 34
    BGP SEND MP capability AFI=1, SAFI=1
    BGP SEND Refresh capability, code=128
    BGP SEND Refresh capability, code=2
    BGP SEND Restart capability, code=64, time=120, flags=Notification
    BGP SEND 4 Byte AS-Path capability (65), as_num 65300
    BGP SEND Long-Lived Graceful Restart capability, code=71
    BGP_65301. send proc: writev 63/63 bytes, rc 1

    BGP RECV ->
    BGP RECV message type 3 (Notification) length 21
    BGP RECV Notification code 6 (Cease) subcode 5 (Connection Rejected)
    bgp_handle_notify:4439: NOTIFICATION received from (External AS 65301): code 6 (Cease) subcode 5 (Connection Rejected)


    Sheetanshu Shekhar