nanog mailing list archives
Re: BGP neighbor/configuration testing
From: Eric A Louie <elouie () yahoo com>
Date: Mon, 25 Nov 2013 15:07:28 -0800 (PST)
All Cisco/Cisco, I don't have a Juniper here to test with mismatch AS *Apr 9 00:31:47.691: %BGP-3-NOTIFICATION: received from neighbor 10.250.254.253 2/2 (peer in wrong AS) 2 bytes 6A39 mismatch neighbor IP address no logged error MTU mismatch no logged error, session remained up Subnet mask mismatch session remained up, no logged error I haven't created the multihop scenario to see the error messages. None of these issues caused the (authentication failure).
________________________________ From: Chuck Anderson <cra () WPI EDU> To: nanog () nanog org Sent: Monday, November 25, 2013 11:10 AM Subject: Re: BGP neighbor/configuration testing Authentication failure might mean (without knowing for sure which on Cisco): - mismatch AS numbers - mismatch neighbor IP addresses - multihop/TTL issues - MTU issues On Mon, Nov 25, 2013 at 11:06:33AM -0800, Eric A Louie wrote:That's a natural first impression but there are no passwords configured on the BGP session on either router. I know it looks like an authentication error but it's a "misnomer" (at least from the searches I did on the error message). From the sequence of messages, we get Established and 2 seconds later the session Closes. The reason for the Close may lead us to the solution. I'm reluctant to turn on debug bgp because this is a live production router, and if I hose it, there will be a lot of 'splainin to do [1] [1] http://www.quotecounterquote.com/2011/05/lucy-you-got-some-splainin-to-do.html________________________________ From: Daniel Rohan <drohan () gmail com> To: Eric A Louie <elouie () yahoo com> Cc: Joe Abley <jabley () hopcount ca>; "nanog () nanog org" <nanog () nanog org> Sent: Monday, November 25, 2013 10:55 AM Subject: Re: BGP neighbor/configuration testing Seems like: Nov 25 06:28:34.837 pacific: %BGP-3-NOTIFICATION: received from neighbor xxx.118.92.149 2/5 (authentication failure) 0 bytesshould be a good starting place. I'm assuming you've already discussed auth keys with your provider and if everyone is putting that in correctly, I'd suggest turning on debugging to see what exactly that message is all about. Dan
Current thread:
- BGP neighbor/configuration testing Eric A Louie (Nov 20)
- Re: BGP neighbor/configuration testing Joe Abley (Nov 20)
- Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
- Re: BGP neighbor/configuration testing Daniel Rohan (Nov 25)
- RE: BGP neighbor/configuration testing John Stuppi (jstuppi) (Nov 25)
- Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
- Re: BGP neighbor/configuration testing Chuck Anderson (Nov 25)
- Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
- Re: BGP neighbor/configuration testing Pedro Cavaca (Nov 25)
- Re: BGP neighbor/configuration testing Chuck Anderson (Nov 25)
- Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
- Re: BGP neighbor/configuration testing Eric A Louie (Nov 26)
- Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
- Re: BGP neighbor/configuration testing Joe Abley (Nov 20)