[j-nsp] BGP session is not coming up

Truman Boyes truman at suspicious.org
Wed Jul 22 11:18:23 EDT 2009


I think you will need to ask the provider to renter the key or remove  
it to verify that the session will come up. Possibly they changed it  
on their end.


On 22/07/2009, at 9:58 AM, Matthias Gelbhardt wrote:

> Hi!
>
> I get an error message:
>
> Jul 22 14:53:48.164226 BGP RECV Notification code 2 (Open Message  
> Error) subcode 5 (authentication failure)
>
> And I think that explains itself. I have reconfigured the box so  
> many times now, that I am certain, that the problem is not on our  
> side. The MD5 key is the one, we have agreed upon. On the other side  
> is a provider, so we are unable to get a hold on the remote side.
>
> Regards,
>
> Matthias
>
> Am 22.07.2009 um 09:32 schrieb Hendrik Kahmann:
>
>>
>> Hello Matthias,
>>
>> the log tells me, that there is a missing md5 key for this  
>> connection. In
>> your config this part is "inactive". Maybe you should compare the
>> eBGP-Config on both machines to check if md5 authentication is  
>> needed on one
>> side. Why did you deactivate the authentication key in here? Did you
>> specifiy your local AS in the config?
>>
>>
>> Kind regards from Oldenburg,
>>
>> Hendrik
>>
>> -----Ursprüngliche Nachricht-----
>> Von: juniper-nsp-bounces at puck.nether.net
>> [mailto:juniper-nsp-bounces at puck.nether.net] Im Auftrag von Matthias
>> Gelbhardt
>> Gesendet: Mittwoch, 22. Juli 2009 08:56
>> An: juniper-nsp
>> Betreff: [j-nsp] BGP session is not coming up
>>
>> Hi!
>>
>> We have a problem with a BGP session. The session is not coming up,  
>> and I
>> dont know why. It is a eBGP session:
>>
>> Log:
>>
>> Jul 22 08:30:08  muenster /kernel: tcp_auth_ok: Packet from x.x.x.x:
>> 179 missing MD5 digest
>>
>> tracelog:
>>
>> Jul 22 08:50:16.426122 bgp_connect_complete: error connecting to  
>> x.x.x.x
>> (External AS x): Socket is not connected
>>
>> tcpdump;
>>
>> 08:49:07.632649 Out IP x.x.x.x.60582 > x.x.x.x.179: S
>> 594093001:594093001(0) win 16384 <mss 1460,nop,wscale
>> 0,nop,nop,timestamp[|tcp]>
>>
>> config:
>>
>> group external {
>>    type external;
>>    neighbor xx {
>>        description uplink_;
>>        local-address xx;
>>        import import_bgp_;
>>        inactive: authentication-key "$9$u-xxx"; ## SECRET-DATA
>>        export [ export_prepend export_bgp_external ];
>>        peer-as xx;
>>    }
>> }
>>
>> Any ideas?
>>
>> Leaving the MD5 does not work, I even have restartet the routing  
>> process
>> with no luck.
>>
>> Matthias
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



More information about the juniper-nsp mailing list