Re: Cannot Get BGP peering to come up!!

From: Ben (bmunyao@gmail.com)
Date: Sat Sep 29 2007 - 14:49:32 ART

Thats what I would like to think too :) All the same, if there's a way to
discover through troubleshooting, it would be worth knowing. Cisco throws
all sorts of surprises at you.

On 9/29/07, spduo <frenzeus@streamyx.com> wrote:
>
> IMHO, i believe that if there is a requirement to do authentication, it
> will tell you what is the shared password to use. Not that I'm aware of that
> there is a debug tool that tells what is the expected password from the
> backbone routers, though i do not doubt troubleshooting is always part of
> the CCIE lab and that is what keeps it really interesting!
>
> HTH.
>
> ----- Original Message -----
> *From:* Ben <bmunyao@gmail.com>
> *To:* spduo <frenzeus@streamyx.com>
> *Cc:* Narbik Kocharians <narbikk@gmail.com> ; dee<devecchio.turner@sbcglobal.net>; Ajay
> Prakash <ajay.prakash@networkpeople.co.in> ; ccielab@groupstudy.com
> *Sent:* Sunday, September 30, 2007 1:37 AM
> *Subject:* Re: Cannot Get BGP peering to come up!!
>
>
> spduo
>
> In the lab, we do not have access to the backbone routers (R2 in this
> case), and cannot therefore see whats configured. We have to depend no
> troubleshooting skills to establish cause of failure to peer for instance.
>
> Ben
>
>
> On 9/29/07, spduo <frenzeus@streamyx.com> wrote:
> >
> > Rack1R2(config)#do sh run | s bgp
> > router bgp 2
> > no synchronization
> > bgp log-neighbor-changes
> > network 2.2.2.2 mask 255.255.255.255
> > neighbor 10.1.0.1 remote-as 1
> > > neighbor 10.1.0.1 password IE
> >
> > is the above not the md5 authentication required?
> >
> >
> > ----- Original Message -----
> > From: "Narbik Kocharians" < narbikk@gmail.com>
> > To: "spduo" <frenzeus@streamyx.com>
> > Cc: "Ben" < bmunyao@gmail.com>; "dee" <devecchio.turner@sbcglobal.net>;
> > "Ajay
> > Prakash" <ajay.prakash@networkpeople.co.in >; <ccielab@groupstudy.com>
> > Sent: Saturday, September 29, 2007 7:19 PM
> > Subject: Re: Cannot Get BGP peering to come up!!
> >
> >
> > >I don't see authentication configuration on the second router.
> > >
> > > On 9/28/07, spduo <frenzeus@streamyx.com> wrote:
> > >>
> > >> R1's BGP is indeed initiating a TCP session over to R2 and from the
> > >> debugs
> > >> on R1 it clearly tells that it times out due to remote host (R2) not
> > >> responding. Whereas on R2, it is configured to do md5 authentication
> > on
> > >> the
> > >> TCP segments for BGP; upon receipt of those BGP TCP segments from R1,
> > the
> > >> validation fails on R2 but R2 does not complain to R1 about the
> > >> invalidity
> > >> of the digest - this is in accordance to RFC2385.
> > >>
> > >> -K
> > >>
> > >>
> > >> ----- Original Message -----
> > >> From: "Ben" <bmunyao@gmail.com>
> > >> To: "dee" <devecchio.turner@sbcglobal.net>
> > >> Cc: "Ajay Prakash" <ajay.prakash@networkpeople.co.in>;
> > >> <ccielab@groupstudy.com>
> > >> Sent: Thursday, September 27, 2007 9:38 PM
> > >> Subject: Re: Cannot Get BGP peering to come up!!
> > >>
> > >>
> > >> > Here is what I get with mismatched BGP authentication
> > >> >
> > >> > R1----------------------R2
> > >> > server(179) client
> > >> >
> > >> > Configuration and error on the client side (possibly BB):
> > >> >
> > >> > Rack1R2(config)#do sh run | s bgp
> > >> > router bgp 2
> > >> > no synchronization
> > >> > bgp log-neighbor-changes
> > >> > network 2.2.2.2 mask 255.255.255.255
> > >> > neighbor 10.1.0.1 remote-as 1
> > >> > neighbor 10.1.0.1 password IE
> > >> > no auto-summary
> > >> > Rack1R2(config)#
> > >> >
> > >> > .2(24344)
> > >> > *Mar 1 00:52:25.483: %TCP-6-BADAUTH: No MD5 digest from 10.1.0.1
> > (179)
> > >> to
> > >> > 10.1.0.2(24344)
> > >> > Rack1R2(config-router)#
> > >> > *Mar 1 00:52:31.151: %TCP-6-BADAUTH: No MD5 digest from
> > >> > 10.1.0.1(64659)
> > >> > to
> > >> > 10.1.0.2(179)
> > >> >
> > >> >
> > >> > Configuration and error on the BGP server side:
> > >> >
> > >> > Rack1R1(config)#do sh run | s bgp
> > >> > router bgp 1
> > >> > no synchronization
> > >> > bgp log-neighbor-changes
> > >> > neighbor 10.1.0.2 remote-as 2
> > >> > no auto-summary
> > >> > ip bgp-community new-format
> > >> > Rack1R1(config)#
> > >> >
> > >> > Rack1R1(config-if)#
> > >> > *Mar 1 02:36: 38.743: BGP: 10.1.0.2 open active, local address
> > 10.1.0.1
> > >> > Rack1R1(config-if)#
> > >> > *Mar 1 02:37:08.751: BGP: 10.1.0.2 open failed: Connection timed
> > out;
> > >> > remote host not responding, open active delayed 31212ms (35000ms
> > max,
> > >> 28%
> > >> > jitter)
> > >> > Rack1R1(config-if)#
> > >> >
> > >> > On R1, there is no clue on the reason for not peering. The error
> > >> > message
> > >> > is
> > >> > cryptic. Perhaps if we could get R1 to initiate the BGP TCP
> > session, we
> > >> > may
> > >> > get to see TCP-BADAUTH error. Anyone has an idea how to force a
> > router
> > >> to
> > >> > initiate a BGP session?
> > >> >
> > >> > TIA
> > >> >
> > >> > Ben
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > On 9/27/07, dee <devecchio.turner@sbcglobal.net> wrote:
> > >> >>
> > >> >> Based on the ip address you gave..assuming this is internetwork
> > expert
> > >> >> and
> > >> >> from what I remember bb2 has a password of (md5) CISCO... Debug ip
> > bgp
> > >> >> events and even without the debug it should tell you invalid hsh
> > or
> > >> >> something similar?
> > >> >>
> > >> >>
> > >> >> On 9/27/07 2:15 AM, "Ajay Prakash" <
> > ajay.prakash@networkpeople.co.in>
> > >> >> wrote:
> > >> >>
> > >> >> > Hello,
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > I am kind of stuck while trying to get the BGP peering up
> > between R2
> > >> >> > (192.10.2.2) and BB1 (192.10.2.254). Please give me some tips as
> > to
> > >> how
> > >> >> to
> > >> >> > troubleshoot this
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > R2 Fa0/0 ---------------- BB2
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > Rack2R2(config-router)#do sh run | s bgp
> > >> >> >
> > >> >> > router bgp 200
> > >> >> >
> > >> >> > no synchronization
> > >> >> >
> > >> >> > bgp log-neighbor-changes
> > >> >> >
> > >> >> > neighbor 154.2.23.3 remote-as 300
> > >> >> >
> > >> >> > neighbor 154.2.23.3 send-community
> > >> >> >
> > >> >> > neighbor 192.10.2.1 remote-as 200
> > >> >> >
> > >> >> > neighbor 192.10.2.1 send-community
> > >> >> >
> > >> >> > neighbor 192.10.2.254 remote-as 254
> > >> >> >
> > >> >> > neighbor 192.10.2.254 ebgp-multihop 255 <<------ I dont think
> > >> >> > required,
> > >> >> > but just put in while trying to troubleshoot
> > >> >> >
> > >> >> > neighbor 192.10.2.254 update-source BVI1
> > >> >> >
> > >> >> > neighbor 192.10.2.254 send-community
> > >> >> >
> > >> >> > no auto-summary
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > Rack2R2#sh run int bvi1
> > >> >> >
> > >> >> > interface BVI1
> > >> >> >
> > >> >> > ip address 192.10.2.2 255.255.255.0
> > >> >> >
> > >> >> > end
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > Rack2R2#sh run int fa0/0
> > >> >> >
> > >> >> > interface FastEthernet0/0
> > >> >> >
> > >> >> > no ip address
> > >> >> >
> > >> >> > duplex auto
> > >> >> >
> > >> >> > speed auto
> > >> >> >
> > >> >> > bridge-group 1
> > >> >> >
> > >> >> > end
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > Rack2R2(config-router)#do sh ip bgp summ
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
> > Up/Down
> > >> >> > State/PfxRcd
> > >> >> >
> > >> >> > 154.2.23.3 4 300 21 21 13 0 0
> > >> >> 00:14:24 0
> > >> >> >
> > >> >> > 192.10.2.1 4 200 23 20 13 0 0
> > >> >> 00:16:27 10
> > >> >> >
> > >> >> > 192.10.2.254 4 254 0 0 0 0 0
> > >> >> never Active
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > Rack2R2#p 192.10.2.254
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > Type escape sequence to abort.
> > >> >> >
> > >> >> > Sending 5, 100-byte ICMP Echos to 192.10.2.254, timeout is 2
> > >> >> > seconds:
> > >> >> >
> > >> >> > !!!!!
> > >> >> >
> > >> >> > Success rate is 100 percent (5/5), round-trip min/avg/max =
> > 1/2/4 ms
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > Rack2R2#traceroute 192.10.2.254
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > Type escape sequence to abort.
> > >> >> >
> > >> >> > Tracing the route to 192.10.2.254
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > 1 192.10.2.254 4 msec
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > Rack2R2(config-router)#
> > >> >> >
> > >> >> > *Dec 17 08:42:26.950: BGP: 192.10.2.254 open failed: Connection
> > >> >> > timed
> > >> >> out;
> > >> >> > remote host not responding, open active delayed 34335ms (35000ms
> >
> > >> >> > max,
> > >> >> 28%
> > >> >> > jitter)
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > Rack2R2#debu ip bgp
> > >> >> >
> > >> >> > *Dec 17 08:35:15.482: BGP: Regular scanner event timer
> > >> >> >
> > >> >> > *Dec 17 08:35:15.482: BGP: Import timer expired. Walking from 1
> > to 1
> > >> >> >
> > >> >> > Rack2R2#debu ip bgp
> > >> >> >
> > >> >> > *Dec 17 08:35:29.926: BGP: 192.10.2.254 open failed: Connection
> > >> >> > timed
> > >> >> out;
> > >> >> > remote host not responding, open active delayed 31912ms (35000ms
> > >> >> > max,
> > >> >> 28%
> > >> >> > jitter)
> > >> >> >
> > >> >> > *Dec 17 08:35:30.482: BGP: Regular scanner event timer
> > >> >> >
> > >> >> > *Dec 17 08:35:30.482: BGP: Import timer expired. Walking from 1
> > to 1
> > >> >> >
> > >> >> >
> > >>
> > _______________________________________________________________________
> > >> >> > Subscription information may be found at:
> > >> >> > http://www.groupstudy.com/list/CCIELab.html
> > >> >>
> > >> >>
> > _______________________________________________________________________
> > >> >> Subscription information may be found at:
> > >> >> http://www.groupstudy.com/list/CCIELab.html
> > >> >
> > >> >
> > _______________________________________________________________________
> > >> > Subscription information may be found at:
> > >> > http://www.groupstudy.com/list/CCIELab.html
> > >>
> > >>
> > _______________________________________________________________________
> > >> Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> > >>
> > >
> > >
> > >
> > > --
> > > Narbik Kocharians
> > > CCIE# 12410 (R&S, SP, Security)
> > > CCSI# 30832
> > > www.Net-WorkBooks.com
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART