[j-nsp] BGP over GRE

Kristian Larsson kristian at spritelink.se
Fri May 4 02:18:27 EDT 2007 

Could we please have som configuration excerpts?
Right now the only similar scenario I can come up
with was when I was doing iBGP over GRE, but then
I made the mistake of terminating both the GRE and
the iBGP session on the other routers loopback and
so it failed. Since this is an eBGP session it's
even less complicated. But please, provide some
configurations and some more log messages wouldn't
hurt.

  Kristian.

On Fri, May 04, 2007 at 12:34:37AM -0400, Scott Morris wrote:
> This is a very strange question, and very strange scenario...  but I'm also
> getting some very strange errors, so I'm hoping that someone here may have
> seen this before and can give me some hint of whatever I'm apparantly not
> thinking of!
>  
> I have a GRE tunnel from a J2300 to a Cisco router.  The GRE is very simple,
> and it works just fine (at least as far as pinging the other end of the
> tunnel or telnetting to it goes!).  However, BGP over this tunnel does not
> work.  Again, it SHOULD be a very simple setup, directly connected ebgp
> peers, no multihop, nothing strange.
>  
> It's not working.  On the Cisco side, it shows as an authentication error
> (at first we weren't doing any, but then turned it on just to see if it made
> a difference which it did not).  But on the Juniper side, the error shows up
> ONLY in the /var/log/messages file.
>  
> May  4 00:31:01  Emanon-Edge rpd[2797]: bgp_pp_recv: NOTIFICATION sent to
> 10.255.255.2+34211 (proto): code 2 (Open Message Error) subcode 5
> (authentication failure), Reason: no group for 10.255.255.2+34211 (proto)
> from AS 7963 found (peer idled), dropping him
> 
> This was the same message with or without authentication enabled on the BGP
> portion.  When I do a "monitor interface" to try to watch the traffic, I
> don't even SEE any outbound bgp traffic.  Same thing with traceoptions
> detail.  This "no group" message is quite vexing.
>  
> Anyone seen anything like this before?  I'm hoping it's something simple and
> driven by lack of sleep, but nothing is leaping at me.
>  
> TIA,
>  
> Scott
>  
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

-- 
Kristian Larsson                                   KLL-RIPE
Network Engineer                       SpriteLink [AS39525]
+46 704 910401			     kristian at spritelink.se

More information about the juniper-nsp mailing list