[166992] in North American Network Operators' Group
RE: BGP neighbor/configuration testing
daemon@ATHENA.MIT.EDU (John Stuppi (jstuppi))
Mon Nov 25 14:01:45 2013
From: "John Stuppi (jstuppi)" <jstuppi@cisco.com>
To: Daniel Rohan <drohan@gmail.com>, Eric A Louie <elouie@yahoo.com>
Date: Mon, 25 Nov 2013 19:00:53 +0000
In-Reply-To: <CAJXc8RJOb7a26rGqbTNnMTQfHqU=Ajobo6SLi=w2GFGr7aXfAg@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Here are a couple of examples of syslog messages that could be seen dependi=
ng on the configuration of the MD5 passwords on each side:
Troubleshooting Examples
If BGP neighbor authentication is incorrectly configured (for example, it i=
s either configured on only one peer or the MD5 shared secret (password) do=
es not match on both peers), the following types of syslog messages will be=
generated:
No Password Set on Remote Peer
Dec 3 15:01:52: %TCP-6-BADAUTH:=20
No MD5 digest from 192.0.2.2(179) to 192.0.2.1(51954)
Incorrect Password Set on Remote Peer
Dec 3 15:01:57: %TCP-6-BADAUTH:=20
Invalid MD5 digest from 192.0.2.2(22285) to 192.0.2.1(179)
Thanks,
John
"We can't help everyone, but everyone can help someone."
=20
John Stuppi, CISSP
Technical Leader
Strategic Security Research
jstuppi@cisco.com
Phone: +1 732 516 5994
Mobile: 732 319 3886
CCIE, Security - 11154
Cisco Systems
Mail Stop INJ01/2/=20
111 Wood Avenue South=20
Iselin, New Jersey 08830
United States
Cisco.com
Think before you print.
This email may contain confidential and privileged material for the sole us=
e of the intended recipient. Any review, use, distribution or disclosure by=
others is strictly prohibited. If you are not the intended recipient (or a=
uthorized to receive for the recipient), please contact the sender by reply=
email and delete all copies of this message.
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html
-----Original Message-----
From: Daniel Rohan [mailto:drohan@gmail.com]=20
Sent: Monday, November 25, 2013 1:56 PM
To: Eric A Louie
Cc: nanog@nanog.org
Subject: Re: BGP neighbor/configuration testing
Seems like:
> Nov 25 06:28:34.837 pacific: %BGP-3-NOTIFICATION: received from=20
> neighbor
> xxx.118.92.149 2/5 (authentication failure) 0 bytes
>
should be a good starting place. I'm assuming you've already discussed auth=
keys with your provider and if everyone is putting that in correctly, I'd =
suggest turning on debugging to see what exactly that message is all about.
Dan
