Skip to Content

Solved: How do I fix notification message ‘Open: Invalid Router ID’ in BGP debugs

This article discusses notification message ‘Open: Invalid Router ID’ in BGP debugs.

Background

FortiGate F7 and F6 are configured with BGP to learn dynamic routing.

172.16.20.0 F7 -- ISP------f6--172.16.30.0

After the BGP configuration, the below notification message in the FortiGate can appear when BGP peers are exchanging messages.

f6 # BGP: 7.7.7.7-Outgoing [DECODE] Open: Invalid Router ID 6.6.6.6
BGP: 7.7.7.7-Outgoing [DECODE] Open: Invalid Router ID 6.6.6.6
f7 # BGP: 6.6.6.6-Outgoing [DECODE] Open: Invalid Router ID 6.6.6.6
BGP: 6.6.6.6-Outgoing [DECODE] Open: Invalid Router ID 6.6.6.6

The root cause of the issue here is F7 is configured with router ID as 6.6.6.6 which is also the router ID of F6 (F6 loopback interface IP).

F6 BGP configuration

# config router bgp
set as 64500
config neighbor
edit "7.7.7.7"
set remote-as 64500
set update-source "loopback_F6"
next
end

# config network
edit 1
set prefix 172.16.30.0 255.255.255.0
next
end

F7 BGP configuration

# config router bgp
set as 64500
set router-id 6.6.6.6 <-----
edit "6.6.6.6"
set shutdown enable
set remote-as 64500
set update-source "loopback_F7"
next
end

Solution

Debug will as below:

When F6 gets the open message from F7 it will see the router id as 6.6.6.6 which is the same as its Router ID and sends Notification Error Message:

‘OPEN Message Error/Bad BGP Identifier’.

OPEN Message Error/Bad BGP Identifier

7 7.7.7.7 6.6.6.6 9954 → 179 [SYN] Seq=325784709 Win=65535 Len=0 MSS=1460 SACK_PERM=1 TSval=344223 TSecr=0 WS=16384
8 6.6.6.6 7.7.7.7 179 → 9954 [SYN, ACK] Seq=1393989951 Ack=325784710 Win=65535 Len=0 MSS=1460 SACK_PERM=1 TSval=344414 TSecr=344223 WS=16384
9 7.7.7.7 6.6.6.6 9954 → 179 [ACK] Seq=325784710 Ack=1393989952 Win=180224 Len=0 TSval=344223 TSecr=344414
10 7.7.7.7 6.6.6.6 OPEN Message
11 6.6.6.6 7.7.7.7 179 → 9954 [ACK] Seq=1393989952 Ack=325784771 Win=180224 Len=0 TSval=344414 TSecr=344223
12 6.6.6.6 7.7.7.7 OPEN Message
13 7.7.7.7 6.6.6.6 9954 → 179 [ACK] Seq=325784771 Ack=1393990013 Win=180224 Len=0 TSval=344223 TSecr=344415
14 6.6.6.6 7.7.7.7 NOTIFICATION Message
15 7.7.7.7 6.6.6.6 9954 → 179 [ACK] Seq=325784771 Ack=1393990038 Win=180224 Len=0 TSval=344223 TSecr=344415
16 6.6.6.6 7.7.7.7 179 → 9954 [FIN, ACK] Seq=1393990038 Ack=325784771 Win=180224 Len=0 TSval=344415 TSecr=344223
17 7.7.7.7 6.6.6.6 NOTIFICATION Message
18 7.7.7.7 6.6.6.6 9954 → 179 [FIN, ACK] Seq=325784796 Ack=1393990039 Win=180224 Len=0 TSval=344223 TSecr=344415
19 6.6.6.6 7.7.7.7 179 → 9954 [RST] Seq=1393990039 Win=0 Len=0
20 6.6.6.6 7.7.7.7 179 → 9954 [RST] Seq=1393990039 Win=0 Len=0

10th packet:

Packet comments
Frame 10: 127 bytes on wire (1016 bits), 127 bytes captured (1016 bits) on interface port1, id 0
Ethernet II, Src: 50:00:00:08:00:00 (50:00:00:08:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 7.7.7.7, Dst: 6.6.6.6
Transmission Control Protocol, Src Port: 9954, Dst Port: 179, Seq: 325784710, Ack: 1393989952, Len: 61
Border Gateway Protocol - OPEN Message
Marker: ffffffffffffffffffffffffffffffff
Length: 61
Type: OPEN Message (1)
Version: 4
My AS: 64500
Hold Time: 180
BGP Identifier: 6.6.6.6
Optional Parameters Length: 32
Optional Parameters

12th packet:

Packet comments
Frame 12: 127 bytes on wire (1016 bits), 127 bytes captured (1016 bits) on interface port1, id 0
Ethernet II, Src: 50:00:00:07:00:01 (50:00:00:07:00:01), Dst: 00:00:00_00:00:01 (00:00:00:00:00:01)
Internet Protocol Version 4, Src: 6.6.6.6, Dst: 7.7.7.7
Transmission Control Protocol, Src Port: 179, Dst Port: 9954, Seq: 1393989952, Ack: 325784771, Len: 61
Border Gateway Protocol - OPEN Message
Marker: ffffffffffffffffffffffffffffffff
Length: 61
Type: OPEN Message (1)
Version: 4
My AS: 64500
Hold Time: 180
BGP Identifier: 6.6.6.6
Optional Parameters Length: 32
Optional Parameters

14th packet:

Packet comments
Frame 14: 91 bytes on wire (728 bits), 91 bytes captured (728 bits) on interface port1, id 0
Ethernet II, Src: 50:00:00:07:00:01 (50:00:00:07:00:01), Dst: 00:00:00_00:00:01 (00:00:00:00:00:01)
Internet Protocol Version 4, Src: 6.6.6.6, Dst: 7.7.7.7
Transmission Control Protocol, Src Port: 179, Dst Port: 9954, Seq: 1393990013, Ack: 325784771, Len: 25
Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 25
Type: NOTIFICATION Message (3)
Major error Code: OPEN Message Error (2)
Minor error Code (Open Message): Bad BGP Identifier (3)
Data: 06060606

17th packet:

Packet comments
Frame 17: 91 bytes on wire (728 bits), 91 bytes captured (728 bits) on interface port1, id 0
Ethernet II, Src: 50:00:00:08:00:00 (50:00:00:08:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 7.7.7.7, Dst: 6.6.6.6
Transmission Control Protocol, Src Port: 9954, Dst Port: 179, Seq: 325784771, Ack: 1393990039, Len: 25
Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 25
Type: NOTIFICATION Message (3)
Major error Code: OPEN Message Error (2)
Minor error Code (Open Message): Bad BGP Identifier (3)
Data: 06060606

F6;

BGP: 7.7.7.7-Outgoing [FSM] State: Active Event: 14
BGP: 7.7.7.7-Outgoing [FSM] InConnReq: Accepting...
BGP: 7.7.7.7-Outgoing [NETWORK] FD=28, Sock Status: 0-Success
BGP: 7.7.7.7-Outgoing [FSM] State: Active Event: 17
BGP: 7.7.7.7-Outgoing [ENCODE] Msg-Hdr: Type 1
BGP: 7.7.7.7-Outgoing [ENCODE] Open: Ver 4 MyAS 64500 Holdtime 180
BGP: 7.7.7.7-Outgoing [ENCODE] Open: Msg-Size 61
BGP: 7.7.7.7-Outgoing [DECODE] Msg-Hdr: type 1, length 61
BGP: 7.7.7.7-Outgoing [DECODE] Open: Invalid Router ID 6.6.6.6 <<<<<<<<<<<<
BGP: 7.7.7.7-Outgoing [FSM] State: OpenSent Event: 22
BGP: 7.7.7.7-Outgoing [ENCODE] Msg-Hdr: Type 3
BGP: %BGP-3-NOTIFICATION: sending to 7.7.7.7 2/3 (OPEN Message Error/Bad BGP Identifier.) 4 data-bytes [06 06 06 06]

Due to this, we will see continuous notification messages in the CLI.

F6: Configure the correct router-id or leave it blank so that FortiGate will choose the highest loopback interface ip or highest interface ip as the router ID.

Make sure the Router ID does not get conflict with the remote peer router ID

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.