[j-nsp] BGP session is not coming up

Alex alex.arseniev at gmail.com
Wed Jul 22 14:51:48 EDT 2009


Matthias,
Check if netmask on the peer-facing interface covers the peer IP address. I 
once configured wrong netmask (/32) on Ethernet interface connected to a 
peer and got exactly the same BGP error message. If that's the case, you 
should get more BGP-related messages in syslog, saying "interface/group not 
found" or similar to that matter. Strange thing was that I could ping the 
peer IP just fine.
When I reconfigured the netmask, BGP session went up immediately.
Rgds
Alex

----- Original Message ----- 
From: "Matthias Gelbhardt" <matthias at commy.de>
To: <hendrik.kahmann at ewetel.de>
Cc: <juniper-nsp at puck.nether.net>
Sent: Wednesday, July 22, 2009 2:58 PM
Subject: Re: [j-nsp] BGP session is not coming up


Hi!

I get an error message:

Jul 22 14:53:48.164226 BGP RECV Notification code 2 (Open Message
Error) subcode 5 (authentication failure)

And I think that explains itself. I have reconfigured the box so many
times now, that I am certain, that the problem is not on our side. The
MD5 key is the one, we have agreed upon. On the other side is a
provider, so we are unable to get a hold on the remote side.

Regards,

Matthias

Am 22.07.2009 um 09:32 schrieb Hendrik Kahmann:

>
> Hello Matthias,
>
> the log tells me, that there is a missing md5 key for this  connection. In
> your config this part is "inactive". Maybe you should compare the
> eBGP-Config on both machines to check if md5 authentication is  needed on 
> one
> side. Why did you deactivate the authentication key in here? Did you
> specifiy your local AS in the config?
>
>
> Kind regards from Oldenburg,
>
> Hendrik
>
> -----Ursprüngliche Nachricht-----
> Von: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] Im Auftrag von Matthias
> Gelbhardt
> Gesendet: Mittwoch, 22. Juli 2009 08:56
> An: juniper-nsp
> Betreff: [j-nsp] BGP session is not coming up
>
> Hi!
>
> We have a problem with a BGP session. The session is not coming up,  and I
> dont know why. It is a eBGP session:
>
> Log:
>
> Jul 22 08:30:08  muenster /kernel: tcp_auth_ok: Packet from x.x.x.x:
> 179 missing MD5 digest
>
> tracelog:
>
> Jul 22 08:50:16.426122 bgp_connect_complete: error connecting to  x.x.x.x
> (External AS x): Socket is not connected
>
> tcpdump;
>
> 08:49:07.632649 Out IP x.x.x.x.60582 > x.x.x.x.179: S
> 594093001:594093001(0) win 16384 <mss 1460,nop,wscale
> 0,nop,nop,timestamp[|tcp]>
>
> config:
>
> group external {
>     type external;
>     neighbor xx {
>         description uplink_;
>         local-address xx;
>         import import_bgp_;
>         inactive: authentication-key "$9$u-xxx"; ## SECRET-DATA
>         export [ export_prepend export_bgp_external ];
>         peer-as xx;
>     }
> }
>
> Any ideas?
>
> Leaving the MD5 does not work, I even have restartet the routing  process
> with no luck.
>
> Matthias
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list