[j-nsp] BGP over GRE

Scott Morris swm at emanon.com
Fri May 4 00:34:37 EDT 2007


This is a very strange question, and very strange scenario...  but I'm also
getting some very strange errors, so I'm hoping that someone here may have
seen this before and can give me some hint of whatever I'm apparantly not
thinking of!
 
I have a GRE tunnel from a J2300 to a Cisco router.  The GRE is very simple,
and it works just fine (at least as far as pinging the other end of the
tunnel or telnetting to it goes!).  However, BGP over this tunnel does not
work.  Again, it SHOULD be a very simple setup, directly connected ebgp
peers, no multihop, nothing strange.
 
It's not working.  On the Cisco side, it shows as an authentication error
(at first we weren't doing any, but then turned it on just to see if it made
a difference which it did not).  But on the Juniper side, the error shows up
ONLY in the /var/log/messages file.
 
May  4 00:31:01  Emanon-Edge rpd[2797]: bgp_pp_recv: NOTIFICATION sent to
10.255.255.2+34211 (proto): code 2 (Open Message Error) subcode 5
(authentication failure), Reason: no group for 10.255.255.2+34211 (proto)
from AS 7963 found (peer idled), dropping him

This was the same message with or without authentication enabled on the BGP
portion.  When I do a "monitor interface" to try to watch the traffic, I
don't even SEE any outbound bgp traffic.  Same thing with traceoptions
detail.  This "no group" message is quite vexing.
 
Anyone seen anything like this before?  I'm hoping it's something simple and
driven by lack of sleep, but nothing is leaping at me.
 
TIA,
 
Scott
 


More information about the juniper-nsp mailing list