[166996] in North American Network Operators' Group
Re: BGP neighbor/configuration testing
daemon@ATHENA.MIT.EDU (Eric A Louie)
Mon Nov 25 18:09:46 2013
Date: Mon, 25 Nov 2013 15:07:28 -0800 (PST)
From: Eric A Louie <elouie@yahoo.com>
To: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <20131125191052.GH16082@angus.ind.WPI.EDU>
Reply-To: Eric A Louie <elouie@yahoo.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
All Cisco/Cisco, I don't have a Juniper here to test with=0A=0Amismatch AS=
=0A*Apr=A0 9 00:31:47.691: %BGP-3-NOTIFICATION: received from neighbor 10.2=
50.254.253 2/2 (peer in wrong AS) 2 bytes 6A39=0A=0Amismatch neighbor IP ad=
dress=0Ano logged error=0A=0AMTU mismatch=0Ano logged error, session remain=
ed up=0A=0ASubnet mask mismatch=0Asession remained up, no logged error=0A=
=0AI haven't created the multihop scenario to see the error messages.=0A=0A=
=0ANone of these issues caused the (authentication failure).=0A=0A=0A=0A=0A=
=0A>________________________________=0A> From: Chuck Anderson <cra@WPI.EDU>=
=0A>To: nanog@nanog.org =0A>Sent: Monday, November 25, 2013 11:10 AM=0A>Sub=
ject: Re: BGP neighbor/configuration testing=0A> =0A>=0A>Authentication fai=
lure might mean (without knowing for sure which on=0A>Cisco):=0A>=0A>- mism=
atch AS numbers=0A>- mismatch neighbor IP addresses=0A>- multihop/TTL issue=
s=0A>- MTU issues=0A>=0A>On Mon, Nov 25, 2013 at 11:06:33AM -0800, Eric A L=
ouie wrote:=0A>> That's a natural first impression but there are no passwor=
ds configured on the BGP session on either router.=A0 I know it looks like =
an authentication error but it's a "misnomer" (at least from the searches I=
did on the error message).=A0 From the sequence of messages, we get Establ=
ished and 2 seconds later the session Closes.=A0 The reason for the Close m=
ay lead us to the solution.=0A>> =0A>> I'm reluctant to turn on debug bgp b=
ecause this is a live production router, and if I hose it, there will be a =
lot of 'splainin to do [1]=0A>> =0A>> [1]=A0http://www.quotecounterquote.co=
m/2011/05/lucy-you-got-some-splainin-to-do.html=0A>> =0A>> =0A>> =0A>> =0A>=
> =0A>> >________________________________=0A>> > From: Daniel Rohan <drohan=
@gmail.com>=0A>> >To: Eric A Louie <elouie@yahoo.com> =0A>> >Cc: Joe Abley =
<jabley@hopcount.ca>; "nanog@nanog.org" <nanog@nanog.org> =0A>> >Sent: Mond=
ay, November 25, 2013 10:55 AM=0A>> >Subject: Re: BGP neighbor/configuratio=
n testing=0A>> > =0A>> >=0A>> >=0A>> >Seems like:=0A>> >=A0=0A>> >Nov 25 06=
:28:34.837 pacific: %BGP-3-NOTIFICATION: received from neighbor xxx.118.92.=
149 2/5 (authentication failure) 0 bytes=0A>> >>=0A>> >should be a good sta=
rting place. I'm assuming you've already discussed auth keys with your prov=
ider and if everyone is putting that in correctly, I'd suggest turning on d=
ebugging to see what exactly that message is all about.=A0=0A>> >=0A>> >=0A=
>> >Dan=A0=0A>=0A>=0A>=0A>
