I acquired this query from Paul:
Have you ever ever seen a BGP peer within the “Join” state? In 20 years, I’ve by no means been in a position to see or reproduce this state, nor any point out in a debug/log. I’m beginning to imagine that every one the documentation is BS, and this doesn’t exist.
The BGP Finite State Machine (FSM) (a minimum of the one outlined in RFC 4271 and amended in RFC 9687) is “a bit” exhausting to know however the fundamentals haven’t modified from the historic days of RFC 1771:
- When a router decides to connect with a BGP neighbor, it sends a TCP SYN and transitions from the Idle to the Join state.
- As soon as the TCP session is established, the router sends the BGP OPEN message and strikes to the OpenSent state
- If the TCP session can’t be established, the router transitions to the Lively state, the place it waits for an incoming TCP session (transitioning to OpenSent) or for the ConnectRetry timer (transitioning to Join)
You’ll by no means see the Join state on Cisco IOS. Cisco applied BGP within the days of the (unique) RFC 1105 when the state machine didn’t have Join and Lively states. The Join state was added in RFC 1163, however Cisco by no means modified the printouts.
To see the states of the latest BGP FSMs, use FRR or Arista EOS (the best ones to get began in a digital lab).
Primarily based on the above, how might we preserve a BGP speaker within the Join state lengthy sufficient to watch it? Not configuring a BGP neighbor on one facet of the BGP session doesn’t assist – most routers getting an incoming TCP SYN packet would instantly reply with an RST (with a notable miserable exception). Configuring an EBGP neighbor with an invalid IP tackle additionally doesn’t carry us a lot – the ARP/ND processing would fail fairly shortly, bringing down the TCP session.
To get caught within the Join state for an observable period of time, we want the TCP SYN packet to vanish with no hint. Listed below are some concepts on the best way to get that finished:
- Configure GTSM on one finish of the EBGP session (doesn’t work on some platforms)
- Configure an IBGP neighbor (or a multi-hop EBGP neighbor) with a bogus IP tackle.
- Break the end-to-end path between IBGP neighbors (for instance, mess up an MPLS LSP)
- Drop BGP packets with an ACL that doesn’t generate ICMP unreachables.
Subsequent, sit again and revel in watching the BGP Join state 😉
