nanog mailing list archives

RE: BGP neighbor/configuration testing

From: "John Stuppi (jstuppi)" <jstuppi () cisco com>
Date: Mon, 25 Nov 2013 19:00:53 +0000

Here are a couple of examples of syslog messages that could be seen depending on the configuration of the MD5 passwords 
on each side:

Troubleshooting Examples

If BGP neighbor authentication is incorrectly configured (for example, it is either configured on only one peer or the 
MD5 shared secret (password) does not match on both peers), the following types of syslog messages will be generated:

No Password Set on Remote Peer

    Dec 3 15:01:52: %TCP-6-BADAUTH: 
    No MD5 digest from 192.0.2.2(179) to 192.0.2.1(51954)

Incorrect Password Set on Remote Peer

    Dec 3 15:01:57: %TCP-6-BADAUTH: 
    Invalid MD5 digest from 192.0.2.2(22285) to 192.0.2.1(179)


Thanks,
John

"We can't help everyone, but everyone can help someone."

 


John Stuppi, CISSP
Technical Leader
Strategic Security Research
jstuppi () cisco com
Phone: +1 732 516 5994
Mobile: 732 319 3886

CCIE, Security - 11154
Cisco Systems
Mail Stop INJ01/2/ 
111 Wood Avenue South 
Iselin, New Jersey 08830
United States
Cisco.com



Think before you print.
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, 
use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized 
to receive for the recipient), please contact the sender by reply email and delete all copies of this message.
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html





-----Original Message-----
From: Daniel Rohan [mailto:drohan () gmail com] 
Sent: Monday, November 25, 2013 1:56 PM
To: Eric A Louie
Cc: nanog () nanog org
Subject: Re: BGP neighbor/configuration testing

Seems like:

Nov 25 06:28:34.837 pacific: %BGP-3-NOTIFICATION: received from 
neighbor
xxx.118.92.149 2/5 (authentication failure) 0 bytes


should be a good starting place. I'm assuming you've already discussed auth keys with your provider and if everyone is 
putting that in correctly, I'd suggest turning on debugging to see what exactly that message is all about.

Dan

Current thread:

BGP neighbor/configuration testing Eric A Louie (Nov 20)
- Re: BGP neighbor/configuration testing Joe Abley (Nov 20)
  - Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
    - Re: BGP neighbor/configuration testing Daniel Rohan (Nov 25)
    - RE: BGP neighbor/configuration testing John Stuppi (jstuppi) (Nov 25)
    - Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
    - Re: BGP neighbor/configuration testing Chuck Anderson (Nov 25)
    - Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
    - Re: BGP neighbor/configuration testing Pedro Cavaca (Nov 25)
    - Re: BGP neighbor/configuration testing Chuck Anderson (Nov 25)
    - Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
    - Re: BGP neighbor/configuration testing Eric A Louie (Nov 26)
- Re: BGP neighbor/configuration testing joel jaeggli (Nov 20)