Re: BGP neighbor/configuration testing

[Chuck Anderson <cra () WPI EDU>]

Authentication failure might mean (without knowing for sure which on
Cisco):

- mismatch AS numbers
- mismatch neighbor IP addresses
- multihop/TTL issues
- MTU issues

On Mon, Nov 25, 2013 at 11:06:33AM -0800, Eric A Louie wrote:
> That's a natural first impression but there are no passwords configured on the BGP session on either router.  I know 
> it looks like an authentication error but it's a "misnomer" (at least from the searches I did on the error message).  
> From the sequence of messages, we get Established and 2 seconds later the session Closes.  The reason for the Close 
> may lead us to the solution.
>
> I'm reluctant to turn on debug bgp because this is a live production router, and if I hose it, there will be a lot of 
> 'splainin to do [1]
>
> [1] http://www.quotecounterquote.com/2011/05/lucy-you-got-some-splainin-to-do.html
>
>
>
>
>
> > ________________________________
> > From: Daniel Rohan <drohan () gmail com>
> > To: Eric A Louie <elouie () yahoo com> 
> > Cc: Joe Abley <jabley () hopcount ca>; "nanog () nanog org" <nanog () nanog org> 
> > Sent: Monday, November 25, 2013 10:55 AM
> > Subject: Re: BGP neighbor/configuration testing
> >
> >
> >
> > Seems like:
> >  
> > Nov 25 06:28:34.837 pacific: %BGP-3-NOTIFICATION: received from neighbor xxx.118.92.149 2/5 (authentication failure) 
> > 0 bytes
> > >
> > should be a good starting place. I'm assuming you've already discussed auth keys with your provider and if everyone 
> > is putting that in correctly, I'd suggest turning on debugging to see what exactly that message is all about. 
> >
> >
> > Dan