Re: Cannot Get BGP peering to come up!!

From: Narbik Kocharians (narbikk@gmail.com)
Date: Sat Sep 29 2007 - 08:19:44 ART

• Next message: Toh Soon, Lim: "FRTS & CBWFQ issue"
• Previous message: Farrukh Haroon: "Re: Cisco Documentation Moving to New Location"
• Maybe in reply to: Ajay Prakash: "Cannot Get BGP peering to come up!!"
• Next in thread: Ben: "Re: Cannot Get BGP peering to come up!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I don't see authentication configuration on the second router.

On 9/28/07, spduo <frenzeus@streamyx.com> wrote:
>
> R1's BGP is indeed initiating a TCP session over to R2 and from the debugs
> on R1 it clearly tells that it times out due to remote host (R2) not
> responding. Whereas on R2, it is configured to do md5 authentication on
> the
> TCP segments for BGP; upon receipt of those BGP TCP segments from R1, the
> validation fails on R2 but R2 does not complain to R1 about the invalidity
> of the digest - this is in accordance to RFC2385.
>
> -K
>
>
> ----- Original Message -----
> From: "Ben" <bmunyao@gmail.com>
> To: "dee" <devecchio.turner@sbcglobal.net>
> Cc: "Ajay Prakash" <ajay.prakash@networkpeople.co.in>;
> <ccielab@groupstudy.com>
> Sent: Thursday, September 27, 2007 9:38 PM
> Subject: Re: Cannot Get BGP peering to come up!!
>
>
> > Here is what I get with mismatched BGP authentication
> >
> > R1----------------------R2
> > server(179) client
> >
> > Configuration and error on the client side (possibly BB):
> >
> > Rack1R2(config)#do sh run | s bgp
> > router bgp 2
> > no synchronization
> > bgp log-neighbor-changes
> > network 2.2.2.2 mask 255.255.255.255
> > neighbor 10.1.0.1 remote-as 1
> > neighbor 10.1.0.1 password IE
> > no auto-summary
> > Rack1R2(config)#
> >
> > .2(24344)
> > *Mar 1 00:52:25.483: %TCP-6-BADAUTH: No MD5 digest from 10.1.0.1(179)
> to
> > 10.1.0.2(24344)
> > Rack1R2(config-router)#
> > *Mar 1 00:52:31.151: %TCP-6-BADAUTH: No MD5 digest from 10.1.0.1(64659)
> > to
> > 10.1.0.2(179)
> >
> >
> > Configuration and error on the BGP server side:
> >
> > Rack1R1(config)#do sh run | s bgp
> > router bgp 1
> > no synchronization
> > bgp log-neighbor-changes
> > neighbor 10.1.0.2 remote-as 2
> > no auto-summary
> > ip bgp-community new-format
> > Rack1R1(config)#
> >
> > Rack1R1(config-if)#
> > *Mar 1 02:36:38.743: BGP: 10.1.0.2 open active, local address 10.1.0.1
> > Rack1R1(config-if)#
> > *Mar 1 02:37:08.751: BGP: 10.1.0.2 open failed: Connection timed out;
> > remote host not responding, open active delayed 31212ms (35000ms max,
> 28%
> > jitter)
> > Rack1R1(config-if)#
> >
> > On R1, there is no clue on the reason for not peering. The error message
> > is
> > cryptic. Perhaps if we could get R1 to initiate the BGP TCP session, we
> > may
> > get to see TCP-BADAUTH error. Anyone has an idea how to force a router
> to
> > initiate a BGP session?
> >
> > TIA
> >
> > Ben
> >
> >
> >
> >
> > On 9/27/07, dee <devecchio.turner@sbcglobal.net> wrote:
> >>
> >> Based on the ip address you gave..assuming this is internetwork expert
> >> and
> >> from what I remember bb2 has a password of (md5) CISCO... Debug ip bgp
> >> events and even without the debug it should tell you invalid hsh or
> >> something similar?
> >>
> >>
> >> On 9/27/07 2:15 AM, "Ajay Prakash" <ajay.prakash@networkpeople.co.in>
> >> wrote:
> >>
> >> > Hello,
> >> >
> >> >
> >> >
> >> > I am kind of stuck while trying to get the BGP peering up between R2
> >> > (192.10.2.2) and BB1 (192.10.2.254). Please give me some tips as to
> how
> >> to
> >> > troubleshoot this
> >> >
> >> >
> >> >
> >> > R2 Fa0/0 ---------------- BB2
> >> >
> >> >
> >> >
> >> > Rack2R2(config-router)#do sh run | s bgp
> >> >
> >> > router bgp 200
> >> >
> >> > no synchronization
> >> >
> >> > bgp log-neighbor-changes
> >> >
> >> > neighbor 154.2.23.3 remote-as 300
> >> >
> >> > neighbor 154.2.23.3 send-community
> >> >
> >> > neighbor 192.10.2.1 remote-as 200
> >> >
> >> > neighbor 192.10.2.1 send-community
> >> >
> >> > neighbor 192.10.2.254 remote-as 254
> >> >
> >> > neighbor 192.10.2.254 ebgp-multihop 255 <<------ I dont think
> >> > required,
> >> > but just put in while trying to troubleshoot
> >> >
> >> > neighbor 192.10.2.254 update-source BVI1
> >> >
> >> > neighbor 192.10.2.254 send-community
> >> >
> >> > no auto-summary
> >> >
> >> >
> >> >
> >> > Rack2R2#sh run int bvi1
> >> >
> >> > interface BVI1
> >> >
> >> > ip address 192.10.2.2 255.255.255.0
> >> >
> >> > end
> >> >
> >> >
> >> >
> >> > Rack2R2#sh run int fa0/0
> >> >
> >> > interface FastEthernet0/0
> >> >
> >> > no ip address
> >> >
> >> > duplex auto
> >> >
> >> > speed auto
> >> >
> >> > bridge-group 1
> >> >
> >> > end
> >> >
> >> >
> >> >
> >> > Rack2R2(config-router)#do sh ip bgp summ
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
> >> > State/PfxRcd
> >> >
> >> > 154.2.23.3 4 300 21 21 13 0 0
> >> 00:14:24 0
> >> >
> >> > 192.10.2.1 4 200 23 20 13 0 0
> >> 00:16:27 10
> >> >
> >> > 192.10.2.254 4 254 0 0 0 0 0
> >> never Active
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > Rack2R2#p 192.10.2.254
> >> >
> >> >
> >> >
> >> > Type escape sequence to abort.
> >> >
> >> > Sending 5, 100-byte ICMP Echos to 192.10.2.254, timeout is 2 seconds:
> >> >
> >> > !!!!!
> >> >
> >> > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
> >> >
> >> >
> >> >
> >> > Rack2R2#traceroute 192.10.2.254
> >> >
> >> >
> >> >
> >> > Type escape sequence to abort.
> >> >
> >> > Tracing the route to 192.10.2.254
> >> >
> >> >
> >> >
> >> > 1 192.10.2.254 4 msec
> >> >
> >> >
> >> >
> >> > Rack2R2(config-router)#
> >> >
> >> > *Dec 17 08:42:26.950: BGP: 192.10.2.254 open failed: Connection timed
> >> out;
> >> > remote host not responding, open active delayed 34335ms (35000ms max,
> >> 28%
> >> > jitter)
> >> >
> >> >
> >> >
> >> > Rack2R2#debu ip bgp
> >> >
> >> > *Dec 17 08:35:15.482: BGP: Regular scanner event timer
> >> >
> >> > *Dec 17 08:35:15.482: BGP: Import timer expired. Walking from 1 to 1
> >> >
> >> > Rack2R2#debu ip bgp
> >> >
> >> > *Dec 17 08:35:29.926: BGP: 192.10.2.254 open failed: Connection timed
> >> out;
> >> > remote host not responding, open active delayed 31912ms (35000ms max,
> >> 28%
> >> > jitter)
> >> >
> >> > *Dec 17 08:35:30.482: BGP: Regular scanner event timer
> >> >
> >> > *Dec 17 08:35:30.482: BGP: Import timer expired. Walking from 1 to 1
> >> >
> >> >
> _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Narbik Kocharians
CCIE# 12410 (R&S, SP, Security)
CCSI# 30832
www.Net-WorkBooks.com

• Next message: Toh Soon, Lim: "FRTS & CBWFQ issue"
• Previous message: Farrukh Haroon: "Re: Cisco Documentation Moving to New Location"
• Maybe in reply to: Ajay Prakash: "Cannot Get BGP peering to come up!!"
• Next in thread: Ben: "Re: Cannot Get BGP peering to come up!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART