nanog mailing list archives

Re: BGP neighbor/configuration testing

From: Pedro Cavaca <pmsac.nanog () gmail com>
Date: Mon, 25 Nov 2013 23:26:41 +0000

The auth error was transient, forget about it.

Now you're getting 6/1 - maximum number of prefixes reached.

http://tools.ietf.org/html/rfc4486
(or
http://backupsalmanaja.blogspot.ie/2009/12/bgp-cease-notification-messages.htmlif
you prefer).

HTH



On 25 November 2013 23:07, Eric A Louie <elouie () yahoo com> wrote:

All Cisco/Cisco, I don't have a Juniper here to test with

mismatch AS
*Apr  9 00:31:47.691: %BGP-3-NOTIFICATION: received from neighbor
10.250.254.253 2/2 (peer in wrong AS) 2 bytes 6A39

mismatch neighbor IP address
no logged error

MTU mismatch
no logged error, session remained up

Subnet mask mismatch
session remained up, no logged error

I haven't created the multihop scenario to see the error messages.


None of these issues caused the (authentication failure).

________________________________
From: Chuck Anderson <cra () WPI EDU>
To: nanog () nanog org
Sent: Monday, November 25, 2013 11:10 AM
Subject: Re: BGP neighbor/configuration testing


Authentication failure might mean (without knowing for sure which on
Cisco):

- mismatch AS numbers
- mismatch neighbor IP addresses
- multihop/TTL issues
- MTU issues

On Mon, Nov 25, 2013 at 11:06:33AM -0800, Eric A Louie wrote:

That's a natural first impression but there are no passwords configured

on the BGP session on either router.  I know it looks like an
authentication error but it's a "misnomer" (at least from the searches I
did on the error message).  From the sequence of messages, we get
Established and 2 seconds later the session Closes.  The reason for the
Close may lead us to the solution.


I'm reluctant to turn on debug bgp because this is a live production

router, and if I hose it, there will be a lot of 'splainin to do [1]

[1]

http://www.quotecounterquote.com/2011/05/lucy-you-got-some-splainin-to-do.html

________________________________
From: Daniel Rohan <drohan () gmail com>
To: Eric A Louie <elouie () yahoo com>
Cc: Joe Abley <jabley () hopcount ca>; "nanog () nanog org" <nanog () nanog org

Sent: Monday, November 25, 2013 10:55 AM
Subject: Re: BGP neighbor/configuration testing



Seems like:

Nov 25 06:28:34.837 pacific: %BGP-3-NOTIFICATION: received from

neighbor xxx.118.92.149 2/5 (authentication failure) 0 bytes

should be a good starting place. I'm assuming you've already discussed

auth keys with your provider and if everyone is putting that in correctly,
I'd suggest turning on debugging to see what exactly that message is all
about.

Dan

Current thread:

BGP neighbor/configuration testing Eric A Louie (Nov 20)
- Re: BGP neighbor/configuration testing Joe Abley (Nov 20)
  - Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
    - Re: BGP neighbor/configuration testing Daniel Rohan (Nov 25)
    - RE: BGP neighbor/configuration testing John Stuppi (jstuppi) (Nov 25)
    - Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
    - Re: BGP neighbor/configuration testing Chuck Anderson (Nov 25)
    - Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
    - Re: BGP neighbor/configuration testing Pedro Cavaca (Nov 25)
    - Re: BGP neighbor/configuration testing Chuck Anderson (Nov 25)
    - Re: BGP neighbor/configuration testing Eric A Louie (Nov 25)
    - Re: BGP neighbor/configuration testing Eric A Louie (Nov 26)
- Re: BGP neighbor/configuration testing joel jaeggli (Nov 20)