BGP is layer 7...debate me

[sphbecker]

ChatGPT said it is layer 4 because it uses TCP (which if anything proves it is NOT layer 4).

Wikipedia says it is layer 3 because it is part of the IP routing standards.

 

I argue it is layer 7 because it is an application. BGP Peers exchange information with each other over TCP just like any other layer 7 application does. BGP itself has nothing to do with how its own messages get across the network, it expects TCP/IP to take care of that. The fact that the messages, once delivered, can cause layer-3 routing table changes is irrelevant.

 

If anyone is interested in a very nerdy debate, feel free to add your two cents.

[Lurick]

BGP is as much a layer 7 application as any other routing protocol.

[mynameisjuan]

Not the forum I expected to see this sort of thread. This has been argued to death over the past two decades enough where IETF has an RFC stating that not everything will fall neatly in the OSI model and the same goes for TCP/IP.

 

BGP is a routing protocol and an application and considered to be a L7. Because it leads to semantic arguments, a majority don't care if it's called L3 vs L7.

 

3 hours ago, sphbecker said:

ChatGPT said it is layer 4 because it uses TCP (which if anything proves it is NOT layer 4).

Technically correct if the argument is that it's at the application layer. BGP uses the TCP/IP model not OSI and as such, the application layer falls at L4.

[Eigenvektor]

You are correct that BGP requires an application to do the actual routing and make sense of the configuration data.

 

However, the important bit of a specification is what it allows you to do, not who does it. Meaning the application is interchangeable as long as it follows the spec, while the protocol is not (or at least needs to stay backwards compatible). So you could argue that the protocol's layer is more important/better defined than the application's.

 

In other words, its complicated. On the one hand you have the protocol itself, which runs at the network layer, on the other hand you have an application that uses said protocol. Ultimately, I'm not sure why a strict separation is absolutely necessary. Any attempt at strict classification in a complicated environment will yield exceptions sooner or later.

[sphbecker]

17 hours ago, Eigenvektor said:

the important bit of a specification is what it allows you to do, not who does it. Meaning the application is interchangeable as long as it follows the spec, while the protocol is not (or at least needs to stay backwards compatible). So you could argue that the protocol's layer is more important/better defined than the application's.

If by "what it allows you to do" you mean, at what layer its information is used, then yes, I agree with you. Ethernet MAC addresses are used by layer-2 switches to chose what port should be used, IP addresses are used by layer-3 routers to chose the correct next hop, TCP is a conversation from between the sender and receiver to ensure data is received, arranged in the correct order, and not sent too quickly, finally, BGP messages are not used by anything along the way, they are the network payload that needs to make it to the other side.

 

BGP, OSPF, and EIGRP are all interchangeable applications that all use TCP for transport, it just depends on what language the router's admin wants to configure for use. In very much the same way you could use SFTP, SMB, or NFS to transfer files.

[sphbecker]

On 12/28/2023 at 4:06 PM, Lurick said:

BGP is as much a layer 7 application as any other routing protocol.

Correct, all routing protocols are layer 7.

[sphbecker]

23 hours ago, mynameisjuan said:

Not the forum I expected to see this sort of thread. This has been argued to death over the past two decades enough where IETF has an RFC stating that not everything will fall neatly in the OSI model and the same goes for TCP/IP.

 

BGP is a routing protocol and an application and considered to be a L7. Because it leads to semantic arguments, a majority don't care if it's called L3 vs L7.

 

Technically correct if the argument is that it's at the application layer. BGP uses the TCP/IP model not OSI and as such, the application layer falls at L4.

You and I are on the same page here. I feel like the term "routing protocol" has led to a ton of confusion over the years. While it is arcuately named, it is also somewhat ambiguous. I feel like someone with a good understanding of networking but no knowledge of our terminology, who was asked to guess an example of a "routing protocol" is, might guess 'IP', because it is heavily used at the routing layer.

 

I had a Cisco teacher 20 years ago spend at least 10 minutes harping on the difference between a "routing protocol" and a "routed protocol." I felt like it was a dumb conversation. They are two entirely different things that could only confuse someone because of the choose to use such similar names. I feel like a name like "route exchange protocol" or "dynamic router protocol" would lead to less confusion. And as far as "routed protocol" (which thank god isn't a term that caught on), should just be called payload. If you are a layer 3 router, you really don't care what comes after the end of the IP header, everything after just gets passed along.

 

And yes, you are correct that in the TCP/IP model layer 4 is the application layer; different number, same concept as OSI 7.

 

The only thing I really disagree is the comment about "not everything fitting neatly." I guess some things don't, but this isn't an example of one of them. BGP messages fit neatly into OSI 7 and there is really no argument to be made that they are any other layer. Now if we talk about something like SSH, that gets more complicated, in some ways it is a layer 7 protocol while in other ways acts like a layer 4 protocol (due to its ability to transport arbitrary network traffic). SSL is another weird one. In some ways it is layer 7, but with heavy interaction at layer 4, and its ultimate goal belongs somewhere between 4 and 5 (OSI model didn't really have encryption in mind when it was created). BGP, nothing complex about it.

[mynameisjuan]

56 minutes ago, sphbecker said:

BGP, OSPF, and EIGRP are all interchangeable applications that all use TCP for transport

BGP and RIP/RIPv2 are the only protocols that use TCP/UDP respectively. OSPF, OSPFv3, EIGRP and even intermediate-system to intermediate-system (I don't know if the acronym would get flagged like the discord) do not use TCP/UDP, just L2/L3 and the protocol's headers, and thus are a "true" protocol.

 

1 hour ago, sphbecker said:

Correct, all routing protocols are layer 7.

I very much disagree. This has been argued and always leads to if that is the case, then almost every protocol must also be consider L7.

 

47 minutes ago, sphbecker said:

The only thing I really disagree is the comment about "not everything fitting neatly." I guess some things don't, but this isn't an example of one of them. BGP messages fit neatly into OSI 7 and there is really no argument to be made that they are any other layer

This is where the debate comes in as there are valid counter arguments which blurs the layer where it should fit in and focuses on soft-state (protocols that just use messages for keepalives, acknowledgements, etc and rely on timers) vs hard-state protocols (protocols that use reliable communication such as TCP).

 

Protocols like BGP and LDP use TCP for reliable transport for the adjacency and it's valid to argue that the transport does not really contribute to what layer the protocol falls into. Because it uses TCP for ACKs for efficiency instead of re-announcements like soft-state it now falls into a completely different layer? Valid IMO.

 

So yes, there are indeed arguments to be made but the majority settled on just placing it at L7 but also considering adjacent to the other routing protocols at L3.

[sphbecker]

1 hour ago, mynameisjuan said:

BGP and RIP/RIPv2 are the only protocols that use TCP/UDP respectively. OSPF, OSPFv3, EIGRP and even intermediate-system to intermediate-system (I don't know if the acronym would get flagged like the discord) do not use TCP/UDP, just L2/L3 and the protocol's headers, and thus are a "true" protocol.

Yep, I was wrong about the TCP bit. This is why I enjoy debating; I learn that some of my information I either learned wrong or got a bit switched in my head over the years. I still strongly argue that OSPF is layer 7. Yes, it runs directly on top of IP instead of using TCP, but other than the interesting sidenote that it doesn't use a transport protocol, that doesn't change the overall analysis.

 

I guess by "true" protocol you mean that it has its own IP protocol number, which sure, that is the official term, but that is not to say the term protocol is being used incorrectly in other contexts. HTTP is also a protocol by definition, but it isn't an IP protocol and doesn't have an IP number. I don't really understand your comment about it using L2/L3 headers. It really doesn't, it runs on IP just like TCP, GRE, or IPSec do, it isn't directly interacting with ethernet frames to get around IP.

 

1 hour ago, mynameisjuan said:

I very much disagree. This has been argued and always leads to if that is the case, then almost every protocol must also be consider L7.

I guess we can agree to disagree here. Not "every" protocol is L7; Ethernet, IP and TCP and examples of protocols that are not L7. However, every protocol that defines a conversation between software applications running on systems is L7. BGP/OSPF, when you look at the syntax of its messages, are all about passing information between software that will use that information to mange routes. I understand the software runs on a router, which adds some confusion, but I argue that BGP and others running on a router are an extended management services running on top of the router's OS, not a basic part of the router's L3 routing roles.

 

Think of it this way. It would be entirely possible (stupid, but possible) to have a Linux server connected to a router, BGP is off on the router, and instead running in Linux with all the router's peers configuration. It also runs a script that sends static route commands to the router over its console port to maintain the correct routing tables in the router. Yes, very stupid, but also very possible. In that example, you can't say BGP is anything but an L7. It is software running on a server to exchange information and take actions based on that information. So I ask, why does it change because the software runs on the router's OS instead of an external OS?

 

So in closing, I was wrong about OSPF and EIGRP running on TCP, but I still argue its layer 7. Its software to manage a router, it isn't the router itself. Therefore, like any other software that communicates across a network, it is communicating at layer 7.

[mynameisjuan]

2 hours ago, sphbecker said:

I don't really understand your comment about it using L2/L3 headers. It really doesn't, it runs on IP just like TCP, GRE, or IPSec do, it isn't directly interacting with ethernet frames to get around IP.

I mean yes, but that is steering away from the underlying concept and purpose of the OSI and TCP/IP model. Again, they are models, not strict guidelines in the same vein that RFCs are not standards. It's really intended associate functions to the layers that they are involved in on the wire or in the forwarding domain. This is what I was saying and leads into my next statement.

 

2 hours ago, sphbecker said:

I guess we can agree to disagree here. Not "every" protocol is L7; Ethernet, IP and TCP and examples of protocols that are not L7. However, every protocol that defines a conversation between software applications running on systems is L7. BGP/OSPF, when you look at the syntax of its messages, are all about passing information between software that will use that information to mange routes. I understand the software runs on a router, which adds some confusion

I said "almost every protocol" not every protocol which as you mentioned would leave only Eth, IP/ISO, TCP/UDP (debatable) and a handful of others.

 

I mentioned L2/L3 headers because the model is really in the forwarding domain. Once you ignore that and encapsulation as the headers are stripped off with the final payload being the protocol in question being processed by the software (this is the entire concept of networking fundamentals), almost every protocol is now L7. Every control or routing protocol is processed in software and ignoring where it exist in the forwarding domain and focusing purely on the protocol itself, literally anything that does not consist of only an Eth and/or IP header cannot be anything other than L7 by this concept.

 

STP, ARP, IGMP, etc., well they just have an Eth header which is stripped off and the software processes the protocol, now it's L7. ICMP/ICMPv6, now it's L7. And it goes on and on, hence why I said this argument always leads to this same conclusion. You cannot make that claim without applying it elsewhere.

 

That is why the model has to be view from the scope of the forwarding domain else it would be essentially useless.

 

2 hours ago, sphbecker said:

Its software to manage a router, it isn't the router itself. Therefore, like any other software that communicates across a network, it is communicating at layer 7.

And that's my point. A router/switch consist of a control-plane and forwarding-plane. The FP is a paper weight without the control-plane which is the software that manages it. Any protocol that the device is running would mean it would have to be also classified as L7 by this argument because even down at L2, STP is still software communication across the network.

[sphbecker]

12 hours ago, mynameisjuan said:

STP, ARP, IGMP, etc., well they just have an Eth header which is stripped off and the software processes the protocol, now it's L7. ICMP/ICMPv6, now it's L7. And it goes on and on, hence why I said this argument always leads to this same conclusion. You cannot make that claim without applying it elsewhere.

I would never argue that ICMP is layer 7. ICMP has no data. Yes, it technically has a payload, but that payload is meaningless bits never used by anything that you would call an application.

 

I'll be honest, I thought about this a lot last night and might be starting to change my mind. If I claim that BGP is L7, then I would also need to say DHCP is L7, and I never thought about DHCP as such, but by my own agreement, it is passing data to be used by an application service running on another system.

 

I guess my mindset for calling BGP layer 7 comes more from a TCP/IP model, in which case, yes, RFC1812 defines BGP, DHCP, and DNS all as application layer protocols, which made total sense to me yesterday, but I am not starting to see the other way of looking at it.

 

I am coming to realize that the OSI model uses a slightly different mindset, what it calls the Application layer, is the layer where actual "work" gets done. BGP might pass data around a network, but it doesn't do any real work, it is just used to maintain L3 routing tables. From a conceptual point of view, this makes sense.

 

I have always looked at the OSI model as layered prerequisites. From that point of view, I am comfortable calling BGP layer 7. However, I think the point you (and the OSI model) are making is that not every software system is L7. DHCP for example, is software that runs on a computer, but it is software with the sole purpose of managing L3 addresses, so therefor could be considered L3. From that point of view, BGP is also L3.

 

I guess I will say you convened me, at least partly. Great conversation! Thank you very much!

[Block0]

my netacad instructor chuckled and said "its layer 3 with some aspects of layer 7"