[j-nsp] BGP session is not coming up
Alex
alex.arseniev at gmail.com
Wed Jul 22 14:51:48 EDT 2009
Matthias,
Check if netmask on the peer-facing interface covers the peer IP address. I
once configured wrong netmask (/32) on Ethernet interface connected to a
peer and got exactly the same BGP error message. If that's the case, you
should get more BGP-related messages in syslog, saying "interface/group not
found" or similar to that matter. Strange thing was that I could ping the
peer IP just fine.
When I reconfigured the netmask, BGP session went up immediately.
Rgds
Alex
----- Original Message -----
From: "Matthias Gelbhardt" <matthias at commy.de>
To: <hendrik.kahmann at ewetel.de>
Cc: <juniper-nsp at puck.nether.net>
Sent: Wednesday, July 22, 2009 2:58 PM
Subject: Re: [j-nsp] BGP session is not coming up
Hi!
I get an error message:
Jul 22 14:53:48.164226 BGP RECV Notification code 2 (Open Message
Error) subcode 5 (authentication failure)
And I think that explains itself. I have reconfigured the box so many
times now, that I am certain, that the problem is not on our side. The
MD5 key is the one, we have agreed upon. On the other side is a
provider, so we are unable to get a hold on the remote side.
Regards,
Matthias
Am 22.07.2009 um 09:32 schrieb Hendrik Kahmann:
>
> Hello Matthias,
>
> the log tells me, that there is a missing md5 key for this connection. In
> your config this part is "inactive". Maybe you should compare the
> eBGP-Config on both machines to check if md5 authentication is needed on
> one
> side. Why did you deactivate the authentication key in here? Did you
> specifiy your local AS in the config?
>
>
> Kind regards from Oldenburg,
>
> Hendrik
>
> -----Ursprüngliche Nachricht-----
> Von: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] Im Auftrag von Matthias
> Gelbhardt
> Gesendet: Mittwoch, 22. Juli 2009 08:56
> An: juniper-nsp
> Betreff: [j-nsp] BGP session is not coming up
>
> Hi!
>
> We have a problem with a BGP session. The session is not coming up, and I
> dont know why. It is a eBGP session:
>
> Log:
>
> Jul 22 08:30:08 muenster /kernel: tcp_auth_ok: Packet from x.x.x.x:
> 179 missing MD5 digest
>
> tracelog:
>
> Jul 22 08:50:16.426122 bgp_connect_complete: error connecting to x.x.x.x
> (External AS x): Socket is not connected
>
> tcpdump;
>
> 08:49:07.632649 Out IP x.x.x.x.60582 > x.x.x.x.179: S
> 594093001:594093001(0) win 16384 <mss 1460,nop,wscale
> 0,nop,nop,timestamp[|tcp]>
>
> config:
>
> group external {
> type external;
> neighbor xx {
> description uplink_;
> local-address xx;
> import import_bgp_;
> inactive: authentication-key "$9$u-xxx"; ## SECRET-DATA
> export [ export_prepend export_bgp_external ];
> peer-as xx;
> }
> }
>
> Any ideas?
>
> Leaving the MD5 does not work, I even have restartet the routing process
> with no luck.
>
> Matthias
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list