Unreachability Information SAFI
Overview
BGP Unreachability Information SAFI provides a mechanism to propagate prefix unreachability information through BGP without affecting the installation or removal of routes in the Routing Information Base (RIB) or Forwarding Information Base (FIB). This creates a parallel information plane for sharing unreachability data for monitoring, debugging, and coordination purposes.
The implementation is based on the IETF draft: draft-tantsura-idr-unreachability-safi
Key characteristics:
Maintains a separate Unreachability Information RIB (UI-RIB)
Does NOT install routes in Loc-RIB or affect forwarding
Uses standard BGP path selection for UI-RIB entries
Supports IPv4 (AFI=1) and IPv6 (AFI=2) address families
Uses SAFI=81 (IANA-assigned)
Design Principles
FRR implements the core Unreachability Information SAFI functionality:
NLRI Structure
The NLRI is uniquely identified by the combination of Prefix Length and Prefix. Reporter TLVs are NOT part of the NLRI key but provide information about each reporting speaker.
Each Unreachability NLRI is carried in a length-prefixed envelope
(draft-tantsura-idr-unreachability-safi-06):
+-----------------------------------+
| NLRI Length (2 octets) |
+-----------------------------------+
| Prefix Length (1 octet) |
+-----------------------------------+
| Prefix (variable) |
+-----------------------------------+
| Reporter TLV(s) (variable) | (MP_REACH only)
+-----------------------------------+
The 2-octet NLRI Length counts every octet that follows it (Prefix Length, Prefix, and any Reporter TLVs) but does NOT include the AddPath Path Identifier, when present, which precedes the NLRI Length. This explicit length removes the parsing ambiguity of earlier draft revisions, where the octet following a Reporter TLV was indistinguishable from the next NLRI’s Prefix Length, and makes the NLRI boundary unambiguous regardless of how many Reporter TLVs an aggregating peer packs into a single NLRI. Withdrawals (MP_UNREACH_NLRI) use the same envelope but carry only the Prefix (no Reporter TLV).
Each Unreachability NLRI contains:
Prefix (IPv4 or IPv6)
Reporter TLV containing:
Reporter Identifier (BGP Router-ID of the reporting speaker)
Reporter AS Number (4-octet AS number of the reporting speaker)
Sub-TLVs (one or more):
Sub-TLV Type 1: Reason Code (2 octets) - Indicates why the prefix is unreachable
0: Unspecified
1: Policy Blocked
2: Security Filtered
3: RPKI Invalid
4: No Export Policy
5: Martian Address
6: Bogon Prefix
7: Maintenance
8: Local Administrative Action
9: Local Link Down
10-64535: Reserved
64536-65535: Reserved for Private Use
Sub-TLV Type 2: Timestamp (8 octets) - Unix timestamp (seconds since epoch) in network byte order, indicates when the unreachability event occurred or was detected by this reporter
Next Hop Handling
For Unreachability SAFI, the Next Hop Length in MP_REACH_NLRI is set to 0, as this information is purely for monitoring and does not affect forwarding decisions.
Implementation Scope
The current implementation includes:
Length-prefixed NLRI envelope (2-octet NLRI Length)
Single Reporter TLV per originated NLRI (no aggregation). A received NLRI that carries multiple Reporter TLVs is tolerated: the first Reporter TLV is retained and any additional ones are ignored without resetting the session.
Capability negotiation via AFI/SAFI
Standard BGP path attributes (AS_PATH, ORIGIN, etc.)
Graceful Restart support
Show commands with detailed reporting information
Not Implemented:
Origination of multiple Reporter TLVs (aggregation)
Individual reporter withdrawal
Enhanced capability with aggregation (A) bit
Configuration Guide
Basic Address Family Configuration
To enable Unreachability Information SAFI with a neighbor:
router bgp 65001
neighbor 192.0.2.1 remote-as 65002
!
address-family ipv4 unreachability
neighbor 192.0.2.1 activate
exit-address-family
!
address-family ipv6 unreachability
neighbor 2001:db8::1 activate
exit-address-family
exit
Show Commands
- show bgp [ipv4|ipv6] unreachability [PREFIX] [detail] [json]
Display unreachability information from the UI-RIB.
Basic output shows a table with Network, Metric, Local Preference, Weight, Reason Code, Reporter (ID/AS), and AS Path.
Detail output includes additional information:
Reporter details (Router-ID and AS number)
Reason code with descriptive name
Timestamp of unreachability event
Full BGP path attributes
Example - Basic output:
router# show bgp ipv6 unreachability BGP table version is 1, local router ID is 6.1.1.1, vrf id 0 Default local pref 100, local AS 65011 Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, i internal, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Note: Unreachability routes are informational only and not installed in RIB/FIB Reason: Unreachability reason code Reporter: BGP router ID of the original reporter Network Metric LocPrf Weight Reason Reporter Path *> 2001:1:2:3::/127 0 0 Security-Filtered 6.1.2.3/65021 65200 65100 65200 65021 i * 0 0 Security-Filtered 6.1.2.3/65021 65200 65100 65200 65021 i Total: 2 unreachability entries
Example - Detail output:
router# show bgp ipv6 unreachability detail BGP routing table entry for 2001:1:2:3::/127, version 1 Paths: (2 available, best #1) Advertised to peers: peer1(2001:db8:12::) peer2(2001:db8:16::) 65200 65100 65200 65021 from peer1(2001:db8:12::) (7.1.1.1) Origin IGP, valid, external, bestpath-from-AS 65200, best (Router ID) Reporter: 6.1.2.3 AS 65021 Reason Code: 2 (Security-Filtered) Timestamp: Wed Dec 24 08:23:15 2025 Last update: Wed Dec 24 08:23:15 2025 BGP routing table entry for 2001:1:2:3::/127, version 1 Paths: (2 available, best #1) Advertised to peers: peer1(2001:db8:12::) peer2(2001:db8:16::) 65200 65100 65200 65021 from peer2(2001:db8:16::) (7.1.2.1) Origin IGP, valid, external Reporter: 6.1.2.3 AS 65021 Reason Code: 2 (Security-Filtered) Timestamp: Wed Dec 24 08:23:15 2025 Last update: Wed Dec 24 08:23:15 2025 Total: 2 unreachability entries
- show bgp [ipv4|ipv6] unreachability summary [json]
Display BGP neighbor summary for unreachability address family.
Example output:
router# show bgp ipv6 unreachability summary BGP router identifier 6.1.1.1, local AS number 65011 VRF default vrf-id 0 BGP table version 1 RIB entries 1, using 128 bytes of memory Peers 2, using 44 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc peer1(2001:db8:12::) 4 65200 339 339 1 0 0 00:16:21 1 1 FRRouting/10.0.3 peer2(2001:db8:16::) 4 65200 339 339 1 0 0 00:16:21 1 1 FRRouting/10.0.3 Total number of neighbors 2
- show bgp [ipv4|ipv6] unreachability statistics
Display statistical information about the Unreachability RIB.
Example output:
router# show bgp ipv6 unreachability statistics BGP IPv6 Unreachability RIB statistics (VRF default) Total Advertisements : 2 Total Prefixes : 1 Average prefix length : 127.00 Unaggregateable prefixes : 1 Maximum aggregateable prefixes: 0 BGP Aggregate advertisements : 0 Address space advertised : 2 /32 equivalent %s : 2.52435e-29 /48 equivalent %s : 1.65436e-24 Advertisements with paths : 2 Longest AS-Path (hops) : 4 Average AS-Path length (hops) : 4.00 Largest AS-Path (bytes) : 18 Average AS-Path size (bytes) : 18.00 Highest public ASN : 0
show bgp interface [IFNAME] [detail] [json]
Display interface information from BGP’s perspective, including cached addresses for unreachability tracking when interfaces are down.
show bgp neighbors [NEIGHBOR] [established]
Display BGP neighbor information including capability negotiation for unreachability SAFI. When viewing established neighbors, shows active AFI/SAFI combinations.
Example output showing capability negotiation:
leaf1# show bgp neighbors 2001:db8:12:: BGP neighbor is 2001:db8:12::, remote AS 65200, local AS 65011, external link Hostname: peer1 Member of peer-group PEER-GROUP for session parameters BGP version 4, remote router ID 7.1.1.1, local router ID 6.1.1.1 BGP state = Established, up for 00:24:52 Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv6 Unicast: RX advertised and received IPv6 Unreachability: RX advertised and received Address Family IPv6 Unicast: advertised and received Address Family IPv6 Unreachability: advertised and received Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Graceful restart information: End-of-RIB send: IPv6 Unicast, IPv6 Unreachability End-of-RIB received: IPv6 Unicast, IPv6 Unreachability IPv6 Unreachability: F bit: False End-of-RIB sent: Yes End-of-RIB received: Yes Configured Stale Path Time(sec): 360 For address family: IPv6 Unreachability PEER-GROUP peer-group member Update group 2, subgroup 2 Packet Queue length 0 1 accepted prefixesExample - Established neighbors with AFI/SAFI:
leaf1# show bgp neighbors established Neighbor AS MsgRcvd MsgSent ResetTime State Afi/Safi PfxRcd PfxSnt peer1(2001:db8:12::) 65200 429 429 00:20:57 Established IPv6 Unicast 7 7 IPv6 Unreachability 1 1 peer2(2001:db8:16::) 65200 429 429 00:20:57 Established IPv6 Unicast 7 7 IPv6 Unreachability 1 1
Operational Aspects
Capability Negotiation
Unreachability Information SAFI is negotiated like any other AFI/SAFI using the Multiprotocol Extensions capability (RFC 5492). The capability exchange includes:
AFI: 1 (IPv4) or 2 (IPv6)
SAFI: 81 (Unreachability Information SAFI)
Both peers must negotiate the capability before exchanging unreachability NLRIs.
Graceful Restart
Graceful Restart (RFC 4724) is supported for Unreachability SAFI:
Forwarding State (F) bit is set to 0 (no forwarding state to preserve)
Stale marking applies during peer restart
End-of-RIB marker signals completion of re-advertisement
Stale entries are removed after End-of-RIB or timeout
Path Selection
Standard BGP path selection applies to UI-RIB entries:
Considers Weight, Local Preference, AS_PATH length, ORIGIN, MED, etc.
Reporter TLV content does NOT influence path selection
Maximum paths is hardcoded to 1 (single best path)
Route Filtering
Standard BGP filtering mechanisms apply:
Route-maps for import/export policies
Prefix-lists for prefix filtering
Community matching for policy control
AS-path filtering
Example with route-map:
router bgp 65001
neighbor 198.51.100.1 remote-as 65002
!
address-family ipv4 unreachability
neighbor 198.51.100.1 activate
neighbor 198.51.100.1 route-map UNREACH-IN in
neighbor 198.51.100.1 route-map UNREACH-OUT out
exit-address-family
!
route-map UNREACH-IN permit 10
set local-preference 50
!
route-map UNREACH-OUT permit 10
match community NO-EXPORT-UNREACH
!
Limitations / Known Issues
Not Implemented:
Multiple Reporter TLV Aggregation: The current implementation supports only a single Reporter TLV per NLRI. The draft’s aggregation mechanism for combining multiple reporters into one NLRI is not implemented.
Individual Reporter Withdrawal: Cannot selectively withdraw individual reporters from an aggregated NLRI (since aggregation is not implemented).
Enhanced Capability: The aggregation (A) bit in the enhanced capability is not implemented.
ADD-PATH: ADD-PATH extension for unreachability SAFI is not supported.
Operational Limits:
Maximum paths is hardcoded to 1 (no multipath for unreachability)
UI-RIB size should be monitored to prevent memory exhaustion
Rate limiting on unreachability updates is recommended
Debugging & Troubleshooting
debug bgp updates
Enable debugging of BGP update messages, including unreachability NLRIs.
debug bgp zebra
Enable debugging of Zebra integration for unreachability SAFI, including interface state changes.
Monitoring UI-RIB:
You can verify unreachability information is being processed correctly:
router# show bgp ipv4 unreachability
router# show bgp ipv6 unreachability detail
router# show bgp interface detail
Logs:
Unreachability events are logged via syslog when:
Interface state changes occur
Test commands are executed
Unreachability NLRIs are received from peers
Security Considerations
Deployment Recommendations:
Enable unreachability SAFI only with trusted peers
Use BGP TCP-AO (RFC 5925) or MD5 authentication for session protection
Implement prefix filtering using route-maps
Monitor UI-RIB size and growth patterns
Configure maximum-prefix limits for unreachability address-family
Consider information leakage implications (reveals network topology)
Potential Risks:
State Exhaustion: Malicious peers could advertise excessive unreachable prefixes. Use maximum-prefix limits.
False Information: Peers could advertise incorrect unreachability data. This does not affect routing but may impact monitoring systems.
Information Disclosure: Unreachability reports reveal internal network state. Use careful peering policies.
Use Cases
Inter-AS Debugging
Share unreachability information between cooperating ASes for troubleshooting without affecting production traffic:
router bgp 65001
neighbor 198.51.100.1 remote-as 65002
neighbor 198.51.100.1 description "Peer for debugging"
!
address-family ipv4 unreachability
neighbor 198.51.100.1 activate
neighbor 198.51.100.1 maximum-prefix 10000
exit-address-family
Route Collector Integration
Deploy on route collector sessions for enhanced telemetry:
router bgp 65001
neighbor 203.0.113.1 remote-as 65001
neighbor 203.0.113.1 description "Route Collector"
!
address-family ipv4 unreachability
neighbor 203.0.113.1 activate
exit-address-family
!
address-family ipv6 unreachability
neighbor 203.0.113.1 activate
exit-address-family
DDoS Target Coordination
Share attack target information across network boundaries without null-routing:
router bgp 65001
neighbor 198.51.100.1 remote-as 65002
!
address-family ipv4 unreachability
neighbor 198.51.100.1 activate
neighbor 198.51.100.1 route-map DDOS-TARGETS-OUT out
exit-address-family
!
route-map DDOS-TARGETS-OUT permit 10
match community DDOS-TARGET
!
References
IETF Draft: draft-tantsura-idr-unreachability-safi
RFC 4271: Border Gateway Protocol 4 (BGP-4)
RFC 4760: Multiprotocol Extensions for BGP-4
RFC 5492: Capabilities Advertisement with BGP-4
RFC 4724: Graceful Restart Mechanism for BGP