[j-nsp] keyadmin error

Eric Van Tol eric at atlantech.net
Fri Mar 23 05:35:11 EST 2007


Strange.  I do not have HAKR enabled, and in fact, had never even heard
of it until you mentioned it.  I'll do a bit more reading on it this
afternoon.  Luckily, this box is not yet in production and I have the
ability to do whatever I want with it at the moment.

There is one MD5 key configured on the router for a single BGP session.
If I remove it, the error goes away.  Add it back in, the error returns.


eric


-----Original Message-----
From: Harry Reynolds [mailto:harry at juniper.net] 
Sent: Thursday, March 22, 2007 6:28 PM
To: Eric Van Tol; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] keyadmin error

I've never seen that error, but its likely related to 7.5 feature called
hitless authentication key-chain reuse . Does this box have HAKR enabled
for either bgp or ldp? Seems that at commit keyadmin is tasked with
dumping the current keychain to the kernel and its encountering an
unexpected value. If HAKR is setup on this box, is it working?

Not sure if you are aware but keyadmin can be executed from a root shell
(only use shell commands under jtac guidance, or course) to dump
existing keychains and to view various parameters. You might try a
keyadmin dump to see if it spits out any extra details regarding the
problem. IIRC dump will show active security associations and
dump_keychain does what it sounds like.

Let me see if I can get any more info.

root at foo% keyadmin 
key> help
        add <type> <spi/port> <src> <dst> <transform> <key> [iv]
        del <type> <spi/port> <src> <dst>
        get <type> <spi/port> <src> <dst>
        dump  
        load { <filename> | - }
        unload { <filename> | - }
        save { <filename> | - }
        help [command]
        flush
        ! [command]
        exit
        quit
        revise <filename>
        dump_keychain  
        flush_keychain

Regards



> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Eric Van Tol
> Sent: Thursday, March 22, 2007 1:18 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] keyadmin error
> 
> Anyone know what this means?
> 
> keyadmin[11805]: dump_assn: encountered end of stream. errno
> 
> This error appears upon each commit.  This is an M10i with 
> 8.2 recently installed on it, however, the same occurred with 8.0.
> 
> Thanks in advance,
> eric
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list