Re: Cannot Get BGP peering to come up!!

From: Ben (bmunyao@gmail.com)
Date: Sat Sep 29 2007 - 14:37:19 ART

• Next message: Ben: "Re: what is wrong with SLA"
• Previous message: Narbik Kocharians: "Re: NLI R&S volume 7 Lab 3"
• Maybe in reply to: Ajay Prakash: "Cannot Get BGP peering to come up!!"
• Next in thread: spduo: "Re: Cannot Get BGP peering to come up!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

spduo

In the lab, we do not have access to the backbone routers (R2 in this case),
and cannot therefore see whats configured. We have to depend no
troubleshooting skills to establish cause of failure to peer for instance.

Ben

On 9/29/07, spduo <frenzeus@streamyx.com> wrote:
>
> Rack1R2(config)#do sh run | s bgp
> router bgp 2
> no synchronization
> bgp log-neighbor-changes
> network 2.2.2.2 mask 255.255.255.255
> neighbor 10.1.0.1 remote-as 1
> > neighbor 10.1.0.1 password IE
>
> is the above not the md5 authentication required?
>
>
> ----- Original Message -----
> From: "Narbik Kocharians" <narbikk@gmail.com>
> To: "spduo" <frenzeus@streamyx.com>
> Cc: "Ben" <bmunyao@gmail.com>; "dee" <devecchio.turner@sbcglobal.net>;
> "Ajay
> Prakash" <ajay.prakash@networkpeople.co.in>; <ccielab@groupstudy.com>
> Sent: Saturday, September 29, 2007 7:19 PM
> Subject: Re: Cannot Get BGP peering to come up!!
>
>
> >I don't see authentication configuration on the second router.
> >
> > On 9/28/07, spduo <frenzeus@streamyx.com> wrote:
> >>
> >> R1's BGP is indeed initiating a TCP session over to R2 and from the
> >> debugs
> >> on R1 it clearly tells that it times out due to remote host (R2) not
> >> responding. Whereas on R2, it is configured to do md5 authentication on
> >> the
> >> TCP segments for BGP; upon receipt of those BGP TCP segments from R1,
> the
> >> validation fails on R2 but R2 does not complain to R1 about the
> >> invalidity
> >> of the digest - this is in accordance to RFC2385.
> >>
> >> -K
> >>
> >>
> >> ----- Original Message -----
> >> From: "Ben" <bmunyao@gmail.com>
> >> To: "dee" <devecchio.turner@sbcglobal.net>
> >> Cc: "Ajay Prakash" <ajay.prakash@networkpeople.co.in>;
> >> <ccielab@groupstudy.com>
> >> Sent: Thursday, September 27, 2007 9:38 PM
> >> Subject: Re: Cannot Get BGP peering to come up!!
> >>
> >>
> >> > Here is what I get with mismatched BGP authentication
> >> >
> >> > R1----------------------R2
> >> > server(179) client
> >> >
> >> > Configuration and error on the client side (possibly BB):
> >> >
> >> > Rack1R2(config)#do sh run | s bgp
> >> > router bgp 2
> >> > no synchronization
> >> > bgp log-neighbor-changes
> >> > network 2.2.2.2 mask 255.255.255.255
> >> > neighbor 10.1.0.1 remote-as 1
> >> > neighbor 10.1.0.1 password IE
> >> > no auto-summary
> >> > Rack1R2(config)#
> >> >
> >> > .2(24344)
> >> > *Mar 1 00:52:25.483: %TCP-6-BADAUTH: No MD5 digest from 10.1.0.1
> (179)
> >> to
> >> > 10.1.0.2(24344)
> >> > Rack1R2(config-router)#
> >> > *Mar 1 00:52:31.151: %TCP-6-BADAUTH: No MD5 digest from
> >> > 10.1.0.1(64659)
> >> > to
> >> > 10.1.0.2(179)
> >> >
> >> >
> >> > Configuration and error on the BGP server side:
> >> >
> >> > Rack1R1(config)#do sh run | s bgp
> >> > router bgp 1
> >> > no synchronization
> >> > bgp log-neighbor-changes
> >> > neighbor 10.1.0.2 remote-as 2
> >> > no auto-summary
> >> > ip bgp-community new-format
> >> > Rack1R1(config)#
> >> >
> >> > Rack1R1(config-if)#
> >> > *Mar 1 02:36:38.743: BGP: 10.1.0.2 open active, local address
> 10.1.0.1
> >> > Rack1R1(config-if)#
> >> > *Mar 1 02:37:08.751: BGP: 10.1.0.2 open failed: Connection timed
> out;
> >> > remote host not responding, open active delayed 31212ms (35000ms max,
> >> 28%
> >> > jitter)
> >> > Rack1R1(config-if)#
> >> >
> >> > On R1, there is no clue on the reason for not peering. The error
> >> > message
> >> > is
> >> > cryptic. Perhaps if we could get R1 to initiate the BGP TCP session,
> we
> >> > may
> >> > get to see TCP-BADAUTH error. Anyone has an idea how to force a
> router
> >> to
> >> > initiate a BGP session?
> >> >
> >> > TIA
> >> >
> >> > Ben
> >> >
> >> >
> >> >
> >> >
> >> > On 9/27/07, dee <devecchio.turner@sbcglobal.net> wrote:
> >> >>
> >> >> Based on the ip address you gave..assuming this is internetwork
> expert
> >> >> and
> >> >> from what I remember bb2 has a password of (md5) CISCO... Debug ip
> bgp
> >> >> events and even without the debug it should tell you invalid hsh or
> >> >> something similar?
> >> >>
> >> >>
> >> >> On 9/27/07 2:15 AM, "Ajay Prakash" <ajay.prakash@networkpeople.co.in
> >
> >> >> wrote:
> >> >>
> >> >> > Hello,
> >> >> >
> >> >> >
> >> >> >
> >> >> > I am kind of stuck while trying to get the BGP peering up between
> R2
> >> >> > (192.10.2.2) and BB1 (192.10.2.254). Please give me some tips as
> to
> >> how
> >> >> to
> >> >> > troubleshoot this
> >> >> >
> >> >> >
> >> >> >
> >> >> > R2 Fa0/0 ---------------- BB2
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2(config-router)#do sh run | s bgp
> >> >> >
> >> >> > router bgp 200
> >> >> >
> >> >> > no synchronization
> >> >> >
> >> >> > bgp log-neighbor-changes
> >> >> >
> >> >> > neighbor 154.2.23.3 remote-as 300
> >> >> >
> >> >> > neighbor 154.2.23.3 send-community
> >> >> >
> >> >> > neighbor 192.10.2.1 remote-as 200
> >> >> >
> >> >> > neighbor 192.10.2.1 send-community
> >> >> >
> >> >> > neighbor 192.10.2.254 remote-as 254
> >> >> >
> >> >> > neighbor 192.10.2.254 ebgp-multihop 255 <<------ I dont think
> >> >> > required,
> >> >> > but just put in while trying to troubleshoot
> >> >> >
> >> >> > neighbor 192.10.2.254 update-source BVI1
> >> >> >
> >> >> > neighbor 192.10.2.254 send-community
> >> >> >
> >> >> > no auto-summary
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2#sh run int bvi1
> >> >> >
> >> >> > interface BVI1
> >> >> >
> >> >> > ip address 192.10.2.2 255.255.255.0
> >> >> >
> >> >> > end
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2#sh run int fa0/0
> >> >> >
> >> >> > interface FastEthernet0/0
> >> >> >
> >> >> > no ip address
> >> >> >
> >> >> > duplex auto
> >> >> >
> >> >> > speed auto
> >> >> >
> >> >> > bridge-group 1
> >> >> >
> >> >> > end
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2(config-router)#do sh ip bgp summ
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
> >> >> > State/PfxRcd
> >> >> >
> >> >> > 154.2.23.3 4 300 21 21 13 0 0
> >> >> 00:14:24 0
> >> >> >
> >> >> > 192.10.2.1 4 200 23 20 13 0 0
> >> >> 00:16:27 10
> >> >> >
> >> >> > 192.10.2.254 4 254 0 0 0 0 0
> >> >> never Active
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2#p 192.10.2.254
> >> >> >
> >> >> >
> >> >> >
> >> >> > Type escape sequence to abort.
> >> >> >
> >> >> > Sending 5, 100-byte ICMP Echos to 192.10.2.254, timeout is 2
> >> >> > seconds:
> >> >> >
> >> >> > !!!!!
> >> >> >
> >> >> > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4
> ms
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2#traceroute 192.10.2.254
> >> >> >
> >> >> >
> >> >> >
> >> >> > Type escape sequence to abort.
> >> >> >
> >> >> > Tracing the route to 192.10.2.254
> >> >> >
> >> >> >
> >> >> >
> >> >> > 1 192.10.2.254 4 msec
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2(config-router)#
> >> >> >
> >> >> > *Dec 17 08:42:26.950: BGP: 192.10.2.254 open failed: Connection
> >> >> > timed
> >> >> out;
> >> >> > remote host not responding, open active delayed 34335ms (35000ms
> >> >> > max,
> >> >> 28%
> >> >> > jitter)
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2#debu ip bgp
> >> >> >
> >> >> > *Dec 17 08:35:15.482: BGP: Regular scanner event timer
> >> >> >
> >> >> > *Dec 17 08:35:15.482: BGP: Import timer expired. Walking from 1 to
> 1
> >> >> >
> >> >> > Rack2R2#debu ip bgp
> >> >> >
> >> >> > *Dec 17 08:35:29.926: BGP: 192.10.2.254 open failed: Connection
> >> >> > timed
> >> >> out;
> >> >> > remote host not responding, open active delayed 31912ms (35000ms
> >> >> > max,
> >> >> 28%
> >> >> > jitter)
> >> >> >
> >> >> > *Dec 17 08:35:30.482: BGP: Regular scanner event timer
> >> >> >
> >> >> > *Dec 17 08:35:30.482: BGP: Import timer expired. Walking from 1 to
> 1
> >> >> >
> >> >> >
> >> _______________________________________________________________________
> >> >> > Subscription information may be found at:
> >> >> > http://www.groupstudy.com/list/CCIELab.html
> >> >>
> >> >>
> _______________________________________________________________________
> >> >> Subscription information may be found at:
> >> >> http://www.groupstudy.com/list/CCIELab.html
> >> >
> >> >
> _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >
> >
> >
> > --
> > Narbik Kocharians
> > CCIE# 12410 (R&S, SP, Security)
> > CCSI# 30832
> > www.Net-WorkBooks.com
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Ben: "Re: what is wrong with SLA"
• Previous message: Narbik Kocharians: "Re: NLI R&S volume 7 Lab 3"
• Maybe in reply to: Ajay Prakash: "Cannot Get BGP peering to come up!!"
• Next in thread: spduo: "Re: Cannot Get BGP peering to come up!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART