[j-nsp] BGP over GRE

Scott Morris swm at emanon.com
Fri May 4 08:59:40 EDT 2007


In theory, I'd agree with you, but that's not the case (I'd have to smack
myself for overlooking that one!):

        group STDIO {
            type external;
            traceoptions {
                file STDIO;
                flag packets send receive detail;
            }
            local-address 10.255.255.1;
            import No-Routes-In;
            authentication-key "$9$Opu01IcreWLxdhSs4aZq.5QF/A0IEy"; ##
SECRET-DATA
            export BadMyLinks;
            peer-as 7963;
            neighbor 10.255.255.2;
        }

Neighbor is there plain as day.  

Scott 

-----Original Message-----
From: Guy Davies [mailto:aguydavies at gmail.com] 
Sent: Friday, May 04, 2007 3:54 AM
To: swm at emanon.com
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] BGP over GRE

Hi Scott,

This error message means that the far end is sending packets with the source
of 10.255.255.2 and the AS number 7963.  In your config, there is no peer
with that config.  I suspect that you're probably using a different address
for that peer.  If you have direct connectivity to that peer on that
address, then simply update your config to use the correct neighbour address
and it should work.

Rgds,

Guy

On 04/05/07, Scott Morris <swm at emanon.com> wrote:
> This is a very strange question, and very strange scenario...  but I'm 
> also getting some very strange errors, so I'm hoping that someone here 
> may have seen this before and can give me some hint of whatever I'm 
> apparantly not thinking of!
>
> I have a GRE tunnel from a J2300 to a Cisco router.  The GRE is very 
> simple, and it works just fine (at least as far as pinging the other 
> end of the tunnel or telnetting to it goes!).  However, BGP over this 
> tunnel does not work.  Again, it SHOULD be a very simple setup, 
> directly connected ebgp peers, no multihop, nothing strange.
>
> It's not working.  On the Cisco side, it shows as an authentication 
> error (at first we weren't doing any, but then turned it on just to 
> see if it made a difference which it did not).  But on the Juniper 
> side, the error shows up ONLY in the /var/log/messages file.
>
> May  4 00:31:01  Emanon-Edge rpd[2797]: bgp_pp_recv: NOTIFICATION sent 
> to
> 10.255.255.2+34211 (proto): code 2 (Open Message Error) subcode 5 
> (authentication failure), Reason: no group for 10.255.255.2+34211 
> (proto) from AS 7963 found (peer idled), dropping him
>
> This was the same message with or without authentication enabled on 
> the BGP portion.  When I do a "monitor interface" to try to watch the 
> traffic, I don't even SEE any outbound bgp traffic.  Same thing with 
> traceoptions detail.  This "no group" message is quite vexing.
>
> Anyone seen anything like this before?  I'm hoping it's something 
> simple and driven by lack of sleep, but nothing is leaping at me.
>
> TIA,
>
> Scott
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



More information about the juniper-nsp mailing list