Re: Cannot Get BGP peering to come up!!

From: Ben (bmunyao@gmail.com)
Date: Sun Sep 30 2007 - 00:57:24 ART

• Next message: Ben: "Re: BGP set community"
• Previous message: juvenn@hotmail.com: "duplex setting"
• Maybe in reply to: Ajay Prakash: "Cannot Get BGP peering to come up!!"
• Next in thread: Greg Wendel: "Re: Cannot Get BGP peering to come up!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Scott

If I may rephrase Ajay's original question, if you are asked to do ebgp
peering with a backbone router (BB), and you get the following error, how do
you figure out its cause?

Rack2R2(config-router)#

*Dec 17 08:42:26.950: BGP: 192.10.2.254 open failed: Connection timed out;
remote host not responding, open active delayed 34335ms (35000ms max, 28%
jitter)

I'm thinking the following are some of the potential causes:

1. Multihop reachability to backbone: troubleshoot with traceroute. Use
neighbor ebgp.
2. Authentication : ????
3. BB expects to be peering with a different AS: Need to use neighbor
local-as (task would probably mention this)
4. BB expects to be peering with a different IP: Need to use neighbor
update-source. Which interface????
5. ????

Faced with the above error message, you cannot tell which of the above is
the culprit. Any suggestions on how to proceed with such a problem? What
other troubleshooting tools can help narrow down the possible causes.

TIA

Ben

On 9/30/07, Ajay Prakash <ajay.prakash@networkpeople.co.in> wrote:
>
> The IE lab that I was working on when I faced this problem did not tell
> me to authenticate this peering, forget the password. Check out IE 4.1 lab
> 16.
>
>
>
> Ajay
>
>
> ------------------------------
>
> *From:* spduo [mailto:frenzeus@streamyx.com]
> *Sent:* Saturday, September 29, 2007 11:14 PM
> *To:* Ben
> *Cc:* Narbik Kocharians; dee; Ajay Prakash; ccielab@groupstudy.com
> *Subject:* Re: Cannot Get BGP peering to come up!!
>
>
>
> IMHO, i believe that if there is a requirement to do authentication, it
> will tell you what is the shared password to use. Not that I'm aware of that
> there is a debug tool that tells what is the expected password from the
> backbone routers, though i do not doubt troubleshooting is always part of
> the CCIE lab and that is what keeps it really interesting!
>
>
>
> HTH.
>
> ----- Original Message -----
>
> *From:* Ben <bmunyao@gmail.com>
>
> *To:* spduo <frenzeus@streamyx.com>
>
> *Cc:* Narbik Kocharians <narbikk@gmail.com> ; dee<devecchio.turner@sbcglobal.net>; Ajay
> Prakash <ajay.prakash@networkpeople.co.in> ; ccielab@groupstudy.com
>
> *Sent:* Sunday, September 30, 2007 1:37 AM
>
> *Subject:* Re: Cannot Get BGP peering to come up!!
>
>
>
>
> spduo
>
> In the lab, we do not have access to the backbone routers (R2 in this
> case), and cannot therefore see whats configured. We have to depend no
> troubleshooting skills to establish cause of failure to peer for instance.
>
> Ben
>
> On 9/29/07, *spduo* <frenzeus@streamyx.com> wrote:
>
> Rack1R2(config)#do sh run | s bgp
> router bgp 2
> no synchronization
> bgp log-neighbor-changes
> network 2.2.2.2 mask 255.255.255.255
> neighbor 10.1.0.1 remote-as 1
> > neighbor 10.1.0.1 password IE
>
> is the above not the md5 authentication required?
>
>
> ----- Original Message -----
> From: "Narbik Kocharians" < narbikk@gmail.com>
> To: "spduo" <frenzeus@streamyx.com>
> Cc: "Ben" < bmunyao@gmail.com>; "dee" <devecchio.turner@sbcglobal.net>;
> "Ajay
> Prakash" <ajay.prakash@networkpeople.co.in >; <ccielab@groupstudy.com>
> Sent: Saturday, September 29, 2007 7:19 PM
> Subject: Re: Cannot Get BGP peering to come up!!
>
>
> >I don't see authentication configuration on the second router.
> >
> > On 9/28/07, spduo <frenzeus@streamyx.com> wrote:
> >>
> >> R1's BGP is indeed initiating a TCP session over to R2 and from the
> >> debugs
> >> on R1 it clearly tells that it times out due to remote host (R2) not
> >> responding. Whereas on R2, it is configured to do md5 authentication on
> >> the
> >> TCP segments for BGP; upon receipt of those BGP TCP segments from R1,
> the
> >> validation fails on R2 but R2 does not complain to R1 about the
> >> invalidity
> >> of the digest - this is in accordance to RFC2385.
> >>
> >> -K
> >>
> >>
> >> ----- Original Message -----
> >> From: "Ben" <bmunyao@gmail.com>
> >> To: "dee" <devecchio.turner@sbcglobal.net>
> >> Cc: "Ajay Prakash" <ajay.prakash@networkpeople.co.in>;
> >> <ccielab@groupstudy.com>
> >> Sent: Thursday, September 27, 2007 9:38 PM
> >> Subject: Re: Cannot Get BGP peering to come up!!
> >>
> >>
> >> > Here is what I get with mismatched BGP authentication
> >> >
> >> > R1----------------------R2
> >> > server(179) client
> >> >
> >> > Configuration and error on the client side (possibly BB):
> >> >
> >> > Rack1R2(config)#do sh run | s bgp
> >> > router bgp 2
> >> > no synchronization
> >> > bgp log-neighbor-changes
> >> > network 2.2.2.2 mask 255.255.255.255
> >> > neighbor 10.1.0.1 remote-as 1
> >> > neighbor 10.1.0.1 password IE
> >> > no auto-summary
> >> > Rack1R2(config)#
> >> >
> >> > .2(24344)
> >> > *Mar 1 00:52:25.483: %TCP-6-BADAUTH: No MD5 digest from 10.1.0.1
> (179)
> >> to
> >> > 10.1.0.2(24344)
> >> > Rack1R2(config-router)#
> >> > *Mar 1 00:52:31.151: %TCP-6-BADAUTH: No MD5 digest from
> >> > 10.1.0.1(64659)
> >> > to
> >> > 10.1.0.2(179)
> >> >
> >> >
> >> > Configuration and error on the BGP server side:
> >> >
> >> > Rack1R1(config)#do sh run | s bgp
> >> > router bgp 1
> >> > no synchronization
> >> > bgp log-neighbor-changes
> >> > neighbor 10.1.0.2 remote-as 2
> >> > no auto-summary
> >> > ip bgp-community new-format
> >> > Rack1R1(config)#
> >> >
> >> > Rack1R1(config-if)#
> >> > *Mar 1 02:36: 38.743: BGP: 10.1.0.2 open active, local address
> 10.1.0.1
> >> > Rack1R1(config-if)#
> >> > *Mar 1 02:37:08.751: BGP: 10.1.0.2 open failed: Connection timed
> out;
> >> > remote host not responding, open active delayed 31212ms (35000ms max,
> >> 28%
> >> > jitter)
> >> > Rack1R1(config-if)#
> >> >
> >> > On R1, there is no clue on the reason for not peering. The error
> >> > message
> >> > is
> >> > cryptic. Perhaps if we could get R1 to initiate the BGP TCP session,
> we
> >> > may
> >> > get to see TCP-BADAUTH error. Anyone has an idea how to force a
> router
> >> to
> >> > initiate a BGP session?
> >> >
> >> > TIA
> >> >
> >> > Ben
> >> >
> >> >
> >> >
> >> >
> >> > On 9/27/07, dee <devecchio.turner@sbcglobal.net> wrote:
> >> >>
> >> >> Based on the ip address you gave..assuming this is internetwork
> expert
> >> >> and
> >> >> from what I remember bb2 has a password of (md5) CISCO... Debug ip
> bgp
> >> >> events and even without the debug it should tell you invalid hsh or
> >> >> something similar?
> >> >>
> >> >>
> >> >> On 9/27/07 2:15 AM, "Ajay Prakash" <ajay.prakash@networkpeople.co.in
> >
> >> >> wrote:
> >> >>
> >> >> > Hello,
> >> >> >
> >> >> >
> >> >> >
> >> >> > I am kind of stuck while trying to get the BGP peering up between
> R2
> >> >> > (192.10.2.2) and BB1 (192.10.2.254). Please give me some tips as
> to
> >> how
> >> >> to
> >> >> > troubleshoot this
> >> >> >
> >> >> >
> >> >> >
> >> >> > R2 Fa0/0 ---------------- BB2
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2(config-router)#do sh run | s bgp
> >> >> >
> >> >> > router bgp 200
> >> >> >
> >> >> > no synchronization
> >> >> >
> >> >> > bgp log-neighbor-changes
> >> >> >
> >> >> > neighbor 154.2.23.3 remote-as 300
> >> >> >
> >> >> > neighbor 154.2.23.3 send-community
> >> >> >
> >> >> > neighbor 192.10.2.1 remote-as 200
> >> >> >
> >> >> > neighbor 192.10.2.1 send-community
> >> >> >
> >> >> > neighbor 192.10.2.254 remote-as 254
> >> >> >
> >> >> > neighbor 192.10.2.254 ebgp-multihop 255 <<------ I dont think
> >> >> > required,
> >> >> > but just put in while trying to troubleshoot
> >> >> >
> >> >> > neighbor 192.10.2.254 update-source BVI1
> >> >> >
> >> >> > neighbor 192.10.2.254 send-community
> >> >> >
> >> >> > no auto-summary
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2#sh run int bvi1
> >> >> >
> >> >> > interface BVI1
> >> >> >
> >> >> > ip address 192.10.2.2 255.255.255.0
> >> >> >
> >> >> > end
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2#sh run int fa0/0
> >> >> >
> >> >> > interface FastEthernet0/0
> >> >> >
> >> >> > no ip address
> >> >> >
> >> >> > duplex auto
> >> >> >
> >> >> > speed auto
> >> >> >
> >> >> > bridge-group 1
> >> >> >
> >> >> > end
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2(config-router)#do sh ip bgp summ
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
> >> >> > State/PfxRcd
> >> >> >
> >> >> > 154.2.23.3 4 300 21 21 13 0 0
> >> >> 00:14:24 0
> >> >> >
> >> >> > 192.10.2.1 4 200 23 20 13 0 0
> >> >> 00:16:27 10
> >> >> >
> >> >> > 192.10.2.254 4 254 0 0 0 0 0
> >> >> never Active
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2#p 192.10.2.254
> >> >> >
> >> >> >
> >> >> >
> >> >> > Type escape sequence to abort.
> >> >> >
> >> >> > Sending 5, 100-byte ICMP Echos to 192.10.2.254, timeout is 2
> >> >> > seconds:
> >> >> >
> >> >> > !!!!!
> >> >> >
> >> >> > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4
> ms
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2#traceroute 192.10.2.254
> >> >> >
> >> >> >
> >> >> >
> >> >> > Type escape sequence to abort.
> >> >> >
> >> >> > Tracing the route to 192.10.2.254
> >> >> >
> >> >> >
> >> >> >
> >> >> > 1 192.10.2.254 4 msec
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2(config-router)#
> >> >> >
> >> >> > *Dec 17 08:42:26.950: BGP: 192.10.2.254 open failed: Connection
> >> >> > timed
> >> >> out;
> >> >> > remote host not responding, open active delayed 34335ms (35000ms
> >> >> > max,
> >> >> 28%
> >> >> > jitter)
> >> >> >
> >> >> >
> >> >> >
> >> >> > Rack2R2#debu ip bgp
> >> >> >
> >> >> > *Dec 17 08:35:15.482: BGP: Regular scanner event timer
> >> >> >
> >> >> > *Dec 17 08:35:15.482: BGP: Import timer expired. Walking from 1 to
> 1
> >> >> >
> >> >> > Rack2R2#debu ip bgp
> >> >> >
> >> >> > *Dec 17 08:35:29.926: BGP: 192.10.2.254 open failed: Connection
> >> >> > timed
> >> >> out;
> >> >> > remote host not responding, open active delayed 31912ms (35000ms
> >> >> > max,
> >> >> 28%
> >> >> > jitter)
> >> >> >
> >> >> > *Dec 17 08:35:30.482: BGP: Regular scanner event timer
> >> >> >
> >> >> > *Dec 17 08:35:30.482: BGP: Import timer expired. Walking from 1 to
> 1
> >> >> >
> >> >> >
> >> _______________________________________________________________________
> >> >> > Subscription information may be found at:
> >> >> > http://www.groupstudy.com/list/CCIELab.html
> >> >>
> >> >>
> _______________________________________________________________________
> >> >> Subscription information may be found at:
> >> >> http://www.groupstudy.com/list/CCIELab.html
> >> >
> >> >
> _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >>
> >> _______________________________________________________________________
>
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >
> >
> >
> > --
> > Narbik Kocharians
> > CCIE# 12410 (R&S, SP, Security)
> > CCSI# 30832
> > www.Net-WorkBooks.com
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Ben: "Re: BGP set community"
• Previous message: juvenn@hotmail.com: "duplex setting"
• Maybe in reply to: Ajay Prakash: "Cannot Get BGP peering to come up!!"
• Next in thread: Greg Wendel: "Re: Cannot Get BGP peering to come up!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:17 ART