Unreachability Information SAFI ================================ Overview -------- BGP Unreachability Information SAFI provides a mechanism to propagate prefix unreachability information through BGP without affecting the installation or removal of routes in the Routing Information Base (RIB) or Forwarding Information Base (FIB). This creates a parallel information plane for sharing unreachability data for monitoring, debugging, and coordination purposes. The implementation is based on the IETF draft: `draft-tantsura-idr-unreachability-safi `_ Key characteristics: - Maintains a separate Unreachability Information RIB (UI-RIB) - Does NOT install routes in Loc-RIB or affect forwarding - Uses standard BGP path selection for UI-RIB entries - Supports IPv4 (AFI=1) and IPv6 (AFI=2) address families - Uses SAFI=81 (IANA-assigned) Design Principles ----------------- FRR implements the core Unreachability Information SAFI functionality: **NLRI Structure** The NLRI is uniquely identified by the combination of Prefix Length and Prefix. Reporter TLVs are NOT part of the NLRI key but provide information about each reporting speaker. Each Unreachability NLRI is carried in a length-prefixed envelope (``draft-tantsura-idr-unreachability-safi-06``):: +-----------------------------------+ | NLRI Length (2 octets) | +-----------------------------------+ | Prefix Length (1 octet) | +-----------------------------------+ | Prefix (variable) | +-----------------------------------+ | Reporter TLV(s) (variable) | (MP_REACH only) +-----------------------------------+ The 2-octet NLRI Length counts every octet that follows it (Prefix Length, Prefix, and any Reporter TLVs) but does NOT include the AddPath Path Identifier, when present, which precedes the NLRI Length. This explicit length removes the parsing ambiguity of earlier draft revisions, where the octet following a Reporter TLV was indistinguishable from the next NLRI's Prefix Length, and makes the NLRI boundary unambiguous regardless of how many Reporter TLVs an aggregating peer packs into a single NLRI. Withdrawals (MP_UNREACH_NLRI) use the same envelope but carry only the Prefix (no Reporter TLV). Each Unreachability NLRI contains: - Prefix (IPv4 or IPv6) - Reporter TLV containing: - Reporter Identifier (BGP Router-ID of the reporting speaker) - Reporter AS Number (4-octet AS number of the reporting speaker) - Sub-TLVs (one or more): - **Sub-TLV Type 1: Reason Code** (2 octets) - Indicates why the prefix is unreachable - 0: Unspecified - 1: Policy Blocked - 2: Security Filtered - 3: RPKI Invalid - 4: No Export Policy - 5: Martian Address - 6: Bogon Prefix - 7: Maintenance - 8: Local Administrative Action - 9: Local Link Down - 10-64535: Reserved - 64536-65535: Reserved for Private Use - **Sub-TLV Type 2: Timestamp** (8 octets) - Unix timestamp (seconds since epoch) in network byte order, indicates when the unreachability event occurred or was detected by this reporter **Next Hop Handling** For Unreachability SAFI, the Next Hop Length in MP_REACH_NLRI is set to 0, as this information is purely for monitoring and does not affect forwarding decisions. **Implementation Scope** The current implementation includes: - Length-prefixed NLRI envelope (2-octet NLRI Length) - Single Reporter TLV per originated NLRI (no aggregation). A received NLRI that carries multiple Reporter TLVs is tolerated: the first Reporter TLV is retained and any additional ones are ignored without resetting the session. - Capability negotiation via AFI/SAFI - Standard BGP path attributes (AS_PATH, ORIGIN, etc.) - Graceful Restart support - Show commands with detailed reporting information **Not Implemented:** - Origination of multiple Reporter TLVs (aggregation) - Individual reporter withdrawal - Enhanced capability with aggregation (A) bit Configuration Guide ------------------- Basic Address Family Configuration ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ To enable Unreachability Information SAFI with a neighbor: .. code-block:: frr router bgp 65001 neighbor 192.0.2.1 remote-as 65002 ! address-family ipv4 unreachability neighbor 192.0.2.1 activate exit-address-family ! address-family ipv6 unreachability neighbor 2001:db8::1 activate exit-address-family exit Show Commands ------------- .. clicmd:: show bgp [ipv4|ipv6] unreachability [PREFIX] [detail] [json] Display unreachability information from the UI-RIB. **Basic output** shows a table with Network, Metric, Local Preference, Weight, Reason Code, Reporter (ID/AS), and AS Path. **Detail output** includes additional information: - Reporter details (Router-ID and AS number) - Reason code with descriptive name - Timestamp of unreachability event - Full BGP path attributes **Example - Basic output:** .. code-block:: frr router# show bgp ipv6 unreachability BGP table version is 1, local router ID is 6.1.1.1, vrf id 0 Default local pref 100, local AS 65011 Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, i internal, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Note: Unreachability routes are informational only and not installed in RIB/FIB Reason: Unreachability reason code Reporter: BGP router ID of the original reporter Network Metric LocPrf Weight Reason Reporter Path *> 2001:1:2:3::/127 0 0 Security-Filtered 6.1.2.3/65021 65200 65100 65200 65021 i * 0 0 Security-Filtered 6.1.2.3/65021 65200 65100 65200 65021 i Total: 2 unreachability entries **Example - Detail output:** .. code-block:: frr router# show bgp ipv6 unreachability detail BGP routing table entry for 2001:1:2:3::/127, version 1 Paths: (2 available, best #1) Advertised to peers: peer1(2001:db8:12::) peer2(2001:db8:16::) 65200 65100 65200 65021 from peer1(2001:db8:12::) (7.1.1.1) Origin IGP, valid, external, bestpath-from-AS 65200, best (Router ID) Reporter: 6.1.2.3 AS 65021 Reason Code: 2 (Security-Filtered) Timestamp: Wed Dec 24 08:23:15 2025 Last update: Wed Dec 24 08:23:15 2025 BGP routing table entry for 2001:1:2:3::/127, version 1 Paths: (2 available, best #1) Advertised to peers: peer1(2001:db8:12::) peer2(2001:db8:16::) 65200 65100 65200 65021 from peer2(2001:db8:16::) (7.1.2.1) Origin IGP, valid, external Reporter: 6.1.2.3 AS 65021 Reason Code: 2 (Security-Filtered) Timestamp: Wed Dec 24 08:23:15 2025 Last update: Wed Dec 24 08:23:15 2025 Total: 2 unreachability entries .. clicmd:: show bgp [ipv4|ipv6] unreachability summary [json] Display BGP neighbor summary for unreachability address family. **Example output:** .. code-block:: frr router# show bgp ipv6 unreachability summary BGP router identifier 6.1.1.1, local AS number 65011 VRF default vrf-id 0 BGP table version 1 RIB entries 1, using 128 bytes of memory Peers 2, using 44 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc peer1(2001:db8:12::) 4 65200 339 339 1 0 0 00:16:21 1 1 FRRouting/10.0.3 peer2(2001:db8:16::) 4 65200 339 339 1 0 0 00:16:21 1 1 FRRouting/10.0.3 Total number of neighbors 2 .. clicmd:: show bgp [ipv4|ipv6] unreachability statistics Display statistical information about the Unreachability RIB. **Example output:** .. code-block:: frr router# show bgp ipv6 unreachability statistics BGP IPv6 Unreachability RIB statistics (VRF default) Total Advertisements : 2 Total Prefixes : 1 Average prefix length : 127.00 Unaggregateable prefixes : 1 Maximum aggregateable prefixes: 0 BGP Aggregate advertisements : 0 Address space advertised : 2 /32 equivalent %s : 2.52435e-29 /48 equivalent %s : 1.65436e-24 Advertisements with paths : 2 Longest AS-Path (hops) : 4 Average AS-Path length (hops) : 4.00 Largest AS-Path (bytes) : 18 Average AS-Path size (bytes) : 18.00 Highest public ASN : 0 ``show bgp interface [IFNAME] [detail] [json]`` Display interface information from BGP's perspective, including cached addresses for unreachability tracking when interfaces are down. ``show bgp neighbors [NEIGHBOR] [established]`` Display BGP neighbor information including capability negotiation for unreachability SAFI. When viewing established neighbors, shows active AFI/SAFI combinations. **Example output showing capability negotiation:** .. code-block:: frr leaf1# show bgp neighbors 2001:db8:12:: BGP neighbor is 2001:db8:12::, remote AS 65200, local AS 65011, external link Hostname: peer1 Member of peer-group PEER-GROUP for session parameters BGP version 4, remote router ID 7.1.1.1, local router ID 6.1.1.1 BGP state = Established, up for 00:24:52 Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv6 Unicast: RX advertised and received IPv6 Unreachability: RX advertised and received Address Family IPv6 Unicast: advertised and received Address Family IPv6 Unreachability: advertised and received Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Graceful restart information: End-of-RIB send: IPv6 Unicast, IPv6 Unreachability End-of-RIB received: IPv6 Unicast, IPv6 Unreachability IPv6 Unreachability: F bit: False End-of-RIB sent: Yes End-of-RIB received: Yes Configured Stale Path Time(sec): 360 For address family: IPv6 Unreachability PEER-GROUP peer-group member Update group 2, subgroup 2 Packet Queue length 0 1 accepted prefixes **Example - Established neighbors with AFI/SAFI:** .. code-block:: frr leaf1# show bgp neighbors established Neighbor AS MsgRcvd MsgSent ResetTime State Afi/Safi PfxRcd PfxSnt peer1(2001:db8:12::) 65200 429 429 00:20:57 Established IPv6 Unicast 7 7 IPv6 Unreachability 1 1 peer2(2001:db8:16::) 65200 429 429 00:20:57 Established IPv6 Unicast 7 7 IPv6 Unreachability 1 1 Operational Aspects ------------------- Capability Negotiation ^^^^^^^^^^^^^^^^^^^^^^ Unreachability Information SAFI is negotiated like any other AFI/SAFI using the Multiprotocol Extensions capability (RFC 5492). The capability exchange includes: - AFI: 1 (IPv4) or 2 (IPv6) - SAFI: 81 (Unreachability Information SAFI) Both peers must negotiate the capability before exchanging unreachability NLRIs. Graceful Restart ^^^^^^^^^^^^^^^^ Graceful Restart (RFC 4724) is supported for Unreachability SAFI: - Forwarding State (F) bit is set to 0 (no forwarding state to preserve) - Stale marking applies during peer restart - End-of-RIB marker signals completion of re-advertisement - Stale entries are removed after End-of-RIB or timeout Path Selection ^^^^^^^^^^^^^^ Standard BGP path selection applies to UI-RIB entries: - Considers Weight, Local Preference, AS_PATH length, ORIGIN, MED, etc. - Reporter TLV content does NOT influence path selection - Maximum paths is hardcoded to 1 (single best path) Route Filtering ^^^^^^^^^^^^^^^ Standard BGP filtering mechanisms apply: - Route-maps for import/export policies - Prefix-lists for prefix filtering - Community matching for policy control - AS-path filtering **Example with route-map:** .. code-block:: frr router bgp 65001 neighbor 198.51.100.1 remote-as 65002 ! address-family ipv4 unreachability neighbor 198.51.100.1 activate neighbor 198.51.100.1 route-map UNREACH-IN in neighbor 198.51.100.1 route-map UNREACH-OUT out exit-address-family ! route-map UNREACH-IN permit 10 set local-preference 50 ! route-map UNREACH-OUT permit 10 match community NO-EXPORT-UNREACH ! Limitations / Known Issues -------------------------- **Not Implemented:** - **Multiple Reporter TLV Aggregation**: The current implementation supports only a single Reporter TLV per NLRI. The draft's aggregation mechanism for combining multiple reporters into one NLRI is not implemented. - **Individual Reporter Withdrawal**: Cannot selectively withdraw individual reporters from an aggregated NLRI (since aggregation is not implemented). - **Enhanced Capability**: The aggregation (A) bit in the enhanced capability is not implemented. - **ADD-PATH**: ADD-PATH extension for unreachability SAFI is not supported. **Operational Limits:** - Maximum paths is hardcoded to 1 (no multipath for unreachability) - UI-RIB size should be monitored to prevent memory exhaustion - Rate limiting on unreachability updates is recommended Debugging & Troubleshooting ---------------------------- ``debug bgp updates`` Enable debugging of BGP update messages, including unreachability NLRIs. ``debug bgp zebra`` Enable debugging of Zebra integration for unreachability SAFI, including interface state changes. **Monitoring UI-RIB:** You can verify unreachability information is being processed correctly: .. code-block:: frr router# show bgp ipv4 unreachability router# show bgp ipv6 unreachability detail router# show bgp interface detail **Logs:** Unreachability events are logged via syslog when: - Interface state changes occur - Test commands are executed - Unreachability NLRIs are received from peers Security Considerations ----------------------- **Deployment Recommendations:** - Enable unreachability SAFI only with trusted peers - Use BGP TCP-AO (RFC 5925) or MD5 authentication for session protection - Implement prefix filtering using route-maps - Monitor UI-RIB size and growth patterns - Configure maximum-prefix limits for unreachability address-family - Consider information leakage implications (reveals network topology) **Potential Risks:** - **State Exhaustion**: Malicious peers could advertise excessive unreachable prefixes. Use maximum-prefix limits. - **False Information**: Peers could advertise incorrect unreachability data. This does not affect routing but may impact monitoring systems. - **Information Disclosure**: Unreachability reports reveal internal network state. Use careful peering policies. Use Cases --------- **Inter-AS Debugging** Share unreachability information between cooperating ASes for troubleshooting without affecting production traffic: .. code-block:: frr router bgp 65001 neighbor 198.51.100.1 remote-as 65002 neighbor 198.51.100.1 description "Peer for debugging" ! address-family ipv4 unreachability neighbor 198.51.100.1 activate neighbor 198.51.100.1 maximum-prefix 10000 exit-address-family **Route Collector Integration** Deploy on route collector sessions for enhanced telemetry: .. code-block:: frr router bgp 65001 neighbor 203.0.113.1 remote-as 65001 neighbor 203.0.113.1 description "Route Collector" ! address-family ipv4 unreachability neighbor 203.0.113.1 activate exit-address-family ! address-family ipv6 unreachability neighbor 203.0.113.1 activate exit-address-family **DDoS Target Coordination** Share attack target information across network boundaries without null-routing: .. code-block:: frr router bgp 65001 neighbor 198.51.100.1 remote-as 65002 ! address-family ipv4 unreachability neighbor 198.51.100.1 activate neighbor 198.51.100.1 route-map DDOS-TARGETS-OUT out exit-address-family ! route-map DDOS-TARGETS-OUT permit 10 match community DDOS-TARGET ! References ---------- - IETF Draft: `draft-tantsura-idr-unreachability-safi `_ - RFC 4271: Border Gateway Protocol 4 (BGP-4) - RFC 4760: Multiprotocol Extensions for BGP-4 - RFC 5492: Capabilities Advertisement with BGP-4 - RFC 4724: Graceful Restart Mechanism for BGP