Re: Cannot Get BGP peering to come up!!

From: spduo (frenzeus@streamyx.com)
Date: Sat Sep 29 2007 - 14:11:26 ART

 Rack1R2(config)#do sh run | s bgp
 router bgp 2
 no synchronization
 bgp log-neighbor-changes
 network 2.2.2.2 mask 255.255.255.255
 neighbor 10.1.0.1 remote-as 1
> neighbor 10.1.0.1 password IE

is the above not the md5 authentication required?

----- Original Message -----
From: "Narbik Kocharians" <narbikk@gmail.com>
To: "spduo" <frenzeus@streamyx.com>
Cc: "Ben" <bmunyao@gmail.com>; "dee" <devecchio.turner@sbcglobal.net>; "Ajay
Prakash" <ajay.prakash@networkpeople.co.in>; <ccielab@groupstudy.com>
Sent: Saturday, September 29, 2007 7:19 PM
Subject: Re: Cannot Get BGP peering to come up!!

>I don't see authentication configuration on the second router.
>
> On 9/28/07, spduo <frenzeus@streamyx.com> wrote:
>>
>> R1's BGP is indeed initiating a TCP session over to R2 and from the
>> debugs
>> on R1 it clearly tells that it times out due to remote host (R2) not
>> responding. Whereas on R2, it is configured to do md5 authentication on
>> the
>> TCP segments for BGP; upon receipt of those BGP TCP segments from R1, the
>> validation fails on R2 but R2 does not complain to R1 about the
>> invalidity
>> of the digest - this is in accordance to RFC2385.
>>
>> -K
>>
>>
>> ----- Original Message -----
>> From: "Ben" <bmunyao@gmail.com>
>> To: "dee" <devecchio.turner@sbcglobal.net>
>> Cc: "Ajay Prakash" <ajay.prakash@networkpeople.co.in>;
>> <ccielab@groupstudy.com>
>> Sent: Thursday, September 27, 2007 9:38 PM
>> Subject: Re: Cannot Get BGP peering to come up!!
>>
>>
>> > Here is what I get with mismatched BGP authentication
>> >
>> > R1----------------------R2
>> > server(179) client
>> >
>> > Configuration and error on the client side (possibly BB):
>> >
>> > Rack1R2(config)#do sh run | s bgp
>> > router bgp 2
>> > no synchronization
>> > bgp log-neighbor-changes
>> > network 2.2.2.2 mask 255.255.255.255
>> > neighbor 10.1.0.1 remote-as 1
>> > neighbor 10.1.0.1 password IE
>> > no auto-summary
>> > Rack1R2(config)#
>> >
>> > .2(24344)
>> > *Mar 1 00:52:25.483: %TCP-6-BADAUTH: No MD5 digest from 10.1.0.1(179)
>> to
>> > 10.1.0.2(24344)
>> > Rack1R2(config-router)#
>> > *Mar 1 00:52:31.151: %TCP-6-BADAUTH: No MD5 digest from
>> > 10.1.0.1(64659)
>> > to
>> > 10.1.0.2(179)
>> >
>> >
>> > Configuration and error on the BGP server side:
>> >
>> > Rack1R1(config)#do sh run | s bgp
>> > router bgp 1
>> > no synchronization
>> > bgp log-neighbor-changes
>> > neighbor 10.1.0.2 remote-as 2
>> > no auto-summary
>> > ip bgp-community new-format
>> > Rack1R1(config)#
>> >
>> > Rack1R1(config-if)#
>> > *Mar 1 02:36:38.743: BGP: 10.1.0.2 open active, local address 10.1.0.1
>> > Rack1R1(config-if)#
>> > *Mar 1 02:37:08.751: BGP: 10.1.0.2 open failed: Connection timed out;
>> > remote host not responding, open active delayed 31212ms (35000ms max,
>> 28%
>> > jitter)
>> > Rack1R1(config-if)#
>> >
>> > On R1, there is no clue on the reason for not peering. The error
>> > message
>> > is
>> > cryptic. Perhaps if we could get R1 to initiate the BGP TCP session, we
>> > may
>> > get to see TCP-BADAUTH error. Anyone has an idea how to force a router
>> to
>> > initiate a BGP session?
>> >
>> > TIA
>> >
>> > Ben
>> >
>> >
>> >
>> >
>> > On 9/27/07, dee <devecchio.turner@sbcglobal.net> wrote:
>> >>
>> >> Based on the ip address you gave..assuming this is internetwork expert
>> >> and
>> >> from what I remember bb2 has a password of (md5) CISCO... Debug ip bgp
>> >> events and even without the debug it should tell you invalid hsh or
>> >> something similar?
>> >>
>> >>
>> >> On 9/27/07 2:15 AM, "Ajay Prakash" <ajay.prakash@networkpeople.co.in>
>> >> wrote:
>> >>
>> >> > Hello,
>> >> >
>> >> >
>> >> >
>> >> > I am kind of stuck while trying to get the BGP peering up between R2
>> >> > (192.10.2.2) and BB1 (192.10.2.254). Please give me some tips as to
>> how
>> >> to
>> >> > troubleshoot this
>> >> >
>> >> >
>> >> >
>> >> > R2 Fa0/0 ---------------- BB2
>> >> >
>> >> >
>> >> >
>> >> > Rack2R2(config-router)#do sh run | s bgp
>> >> >
>> >> > router bgp 200
>> >> >
>> >> > no synchronization
>> >> >
>> >> > bgp log-neighbor-changes
>> >> >
>> >> > neighbor 154.2.23.3 remote-as 300
>> >> >
>> >> > neighbor 154.2.23.3 send-community
>> >> >
>> >> > neighbor 192.10.2.1 remote-as 200
>> >> >
>> >> > neighbor 192.10.2.1 send-community
>> >> >
>> >> > neighbor 192.10.2.254 remote-as 254
>> >> >
>> >> > neighbor 192.10.2.254 ebgp-multihop 255 <<------ I dont think
>> >> > required,
>> >> > but just put in while trying to troubleshoot
>> >> >
>> >> > neighbor 192.10.2.254 update-source BVI1
>> >> >
>> >> > neighbor 192.10.2.254 send-community
>> >> >
>> >> > no auto-summary
>> >> >
>> >> >
>> >> >
>> >> > Rack2R2#sh run int bvi1
>> >> >
>> >> > interface BVI1
>> >> >
>> >> > ip address 192.10.2.2 255.255.255.0
>> >> >
>> >> > end
>> >> >
>> >> >
>> >> >
>> >> > Rack2R2#sh run int fa0/0
>> >> >
>> >> > interface FastEthernet0/0
>> >> >
>> >> > no ip address
>> >> >
>> >> > duplex auto
>> >> >
>> >> > speed auto
>> >> >
>> >> > bridge-group 1
>> >> >
>> >> > end
>> >> >
>> >> >
>> >> >
>> >> > Rack2R2(config-router)#do sh ip bgp summ
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
>> >> > State/PfxRcd
>> >> >
>> >> > 154.2.23.3 4 300 21 21 13 0 0
>> >> 00:14:24 0
>> >> >
>> >> > 192.10.2.1 4 200 23 20 13 0 0
>> >> 00:16:27 10
>> >> >
>> >> > 192.10.2.254 4 254 0 0 0 0 0
>> >> never Active
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > Rack2R2#p 192.10.2.254
>> >> >
>> >> >
>> >> >
>> >> > Type escape sequence to abort.
>> >> >
>> >> > Sending 5, 100-byte ICMP Echos to 192.10.2.254, timeout is 2
>> >> > seconds:
>> >> >
>> >> > !!!!!
>> >> >
>> >> > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
>> >> >
>> >> >
>> >> >
>> >> > Rack2R2#traceroute 192.10.2.254
>> >> >
>> >> >
>> >> >
>> >> > Type escape sequence to abort.
>> >> >
>> >> > Tracing the route to 192.10.2.254
>> >> >
>> >> >
>> >> >
>> >> > 1 192.10.2.254 4 msec
>> >> >
>> >> >
>> >> >
>> >> > Rack2R2(config-router)#
>> >> >
>> >> > *Dec 17 08:42:26.950: BGP: 192.10.2.254 open failed: Connection
>> >> > timed
>> >> out;
>> >> > remote host not responding, open active delayed 34335ms (35000ms
>> >> > max,
>> >> 28%
>> >> > jitter)
>> >> >
>> >> >
>> >> >
>> >> > Rack2R2#debu ip bgp
>> >> >
>> >> > *Dec 17 08:35:15.482: BGP: Regular scanner event timer
>> >> >
>> >> > *Dec 17 08:35:15.482: BGP: Import timer expired. Walking from 1 to 1
>> >> >
>> >> > Rack2R2#debu ip bgp
>> >> >
>> >> > *Dec 17 08:35:29.926: BGP: 192.10.2.254 open failed: Connection
>> >> > timed
>> >> out;
>> >> > remote host not responding, open active delayed 31912ms (35000ms
>> >> > max,
>> >> 28%
>> >> > jitter)
>> >> >
>> >> > *Dec 17 08:35:30.482: BGP: Regular scanner event timer
>> >> >
>> >> > *Dec 17 08:35:30.482: BGP: Import timer expired. Walking from 1 to 1
>> >> >
>> >> >
>> _______________________________________________________________________
>> >> > Subscription information may be found at:
>> >> > http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
>
>
> --
> Narbik Kocharians
> CCIE# 12410 (R&S, SP, Security)
> CCSI# 30832
> www.Net-WorkBooks.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART