DescriptionThis article discusses about BGP capability Code 71 Long-Lived Graceful Restart (LLGR) and code 70 Enhanced route refresh capability.SolutionConsider a scenario where the FortiGate has a BGP peering with an ISP (Ex., Cisco).If BGP debugging is enabled, it is noticed sometimes that the remote end is responding back with the following:msg="BGP: 173.243.128.1-Outgoing [DECODE] Open Cap: unrecognized capability code 71 len 0"
msg="BGP: %BGP-3-NOTIFICATION: received from 173.243.128.1 6/5 (Cease/Connection Rejected.) 0 data-bytes []"
msg=”BGP: 10.177.250.1-Outgoing [DECODE] Open Cap: unrecognized capability code 70 len 0”
According to RFC 4486, the following information is found for 'Cease/Connection Rejected"=' received from BGP neighbor 173.243.128.1.*** If a BGP speaker decides to disallow a BGP connection (e.g., the peer is not configured locally) after the speaker accepts a transport protocol connection, then the BGP speaker SHOULD send a NOTIFICATION message with the Error Code Cease and the Error Subcode "Connection Rejected". ***Code 71 stands for Long-Lived Graceful Restart (LLGR) Capability.Code 70 stands for Enhanced Route Refresh Capability.Note.
The log is received because this capability have been enabled on the remote BGP peer.FortiGate does not support LLGR (code 71), ERR(code 70) capability in BGP.The BGP session will not get disconnected due to lack of this feature. However, if the peer not responding then we might need to disable this feature. Example, we can use the below commands to unset this in cisco router.Cisco(config-router-neighbor)#neighbor x.x.x.x dont-capability-negotiate enhanced-refreshFor LLGR, do not configure bgp long-lived-graceful-restart in the cisco.To check the supported capabilities, run the below commands.boson-kvm13 # config router bgp
boson-kvm13 (bgp) # config neighbor
boson-kvm13 (neighbor) # edit 1.1.1.1
boson-kvm13 (1.1.1.1) # show full-configuration | grep "set capability"
set capability-dynamic enable
set capability-orf none
set capability-orf6 none
set capability-graceful-restart disable
set capability-graceful-restart6 disable
set capability-route-refresh enable
set capability-default-originate disable
set capability-default-originate6 disable
According to RFC 4724, Graceful Restart Capability (code 64) is used by a BGP peer to indicate its ability to preserve its forwarding state during BGP restart.Hence, the timer settings can be controlled as per Graceful restart feature which is listed in documents below.Related links:https://www.ietf.org/archive/id/draft-uttaro-idr-bgp-persistence-05.txthttps://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-high-availability/HA_failoverGracefu...https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116189-problemsolution-tec...All BGP capability codes:https://www.iana.org/assignments/capability-codes/capability-codes.xhtmlRelated Articles
Technical Note : Configuring FortiGate HA and BGP graceful-restart to avoid traffic interruption dur...