Re: [j-nsp] BGP session is not coming up

Wed, 22 Jul 2009 07:01:21 -0700 

Hi!

I get an error message:
Jul 22 14:53:48.164226 BGP RECV Notification code 2 (Open Message Error) subcode 5 (authentication failure)
And I think that explains itself. I have reconfigured the box so many times now, that I am certain, that the problem is not on our side. The MD5 key is the one, we have agreed upon. On the other side is a provider, so we are unable to get a hold on the remote side. 

Regards,

Matthias

Am 22.07.2009 um 09:32 schrieb Hendrik Kahmann:



Hello Matthias,
the log tells me, that there is a missing md5 key for this connection. In 
your config this part is "inactive". Maybe you should compare the
eBGP-Config on both machines to check if md5 authentication is needed on one 
side. Why did you deactivate the authentication key in here? Did you
specifiy your local AS in the config?


Kind regards from Oldenburg,

Hendrik

-----Ursprüngliche Nachricht-----
Von: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] Im Auftrag von Matthias
Gelbhardt
Gesendet: Mittwoch, 22. Juli 2009 08:56
An: juniper-nsp
Betreff: [j-nsp] BGP session is not coming up

Hi!
We have a problem with a BGP session. The session is not coming up, and I 
dont know why. It is a eBGP session:

Log:

Jul 22 08:30:08  muenster /kernel: tcp_auth_ok: Packet from x.x.x.x:
179 missing MD5 digest

tracelog:
Jul 22 08:50:16.426122 bgp_connect_complete: error connecting to x.x.x.x 
(External AS x): Socket is not connected

tcpdump;

08:49:07.632649 Out IP x.x.x.x.60582 > x.x.x.x.179: S
594093001:594093001(0) win 16384 <mss 1460,nop,wscale
0,nop,nop,timestamp[|tcp]>

config:

group external {
    type external;
    neighbor xx {
        description uplink_;
        local-address xx;
        import import_bgp_;
        inactive: authentication-key "$9$u-xxx"; ## SECRET-DATA
        export [ export_prepend export_bgp_external ];
        peer-as xx;
    }
}

Any ideas?
Leaving the MD5 does not work, I even have restartet the routing process 
with no luck.

Matthias

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Reply via email to