It isn’t my fault, they configured it that way before I got here! That was the entry level technician’s story Monday morning, and he was sticking to it.
Here is the rest of the story. Over the weekend, some testing had been done regarding a proposed BGP configuration. The objective was simple, R1 and R3 needed to ping each others loobacks at 126.96.36.199 and 188.8.131.52 respectively, with those 2 networks, being carried by BGP. R2 is performing NAT. The topology diagram looks like this:
The ping between loopbacks didn’t work, but R1 and R3 had these console messages:
R1# %TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST)
R1# %TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST) R1# R3# %TCP-6-BADAUTH: No MD5 digest from 184.108.40.206(179) to 220.127.116.11(59922) (RST) R3# %TCP-6-BADAUTH: No MD5 digest from 18.104.22.168(179) to 22.214.171.124(59922) (RST) R3#
The senior engineer looked at the configurations for R1, R2 and R3 and found 5 specific items, each of which was independently causing a failure.
Here is the challenge: Can you find 1 or more of them?
Let us know what your troubleshooting skills can find, and post your comments here on the blog.
Here are the configurations for the 3 routers:
R1#show run version 12.4 hostname R1 ! interface Loopback0 ip address 126.96.36.199 255.255.255.0 ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ! router ospf 1 network 10.0.0.0 0.0.0.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 188.8.131.52 mask 255.255.255.255 neighbor 10.0.0.3 remote-as 3 neighbor 10.0.0.3 password cisco no auto-summary ! end R1# R2#show run version 12.4 hostname R2 ! interface Loopback0 ip address 184.108.40.206 255.255.255.0 ! interface FastEthernet0/0 ip address 10.0.0.2 255.255.255.0 ip nat inside ip virtual-reassembly ! interface FastEthernet0/1 ip address 220.127.116.11 255.255.255.0 ip nat outside ip virtual-reassembly ! router ospf 1 network 18.104.22.168 0.0.0.0 area 0 network 10.0.0.2 0.0.0.0 area 0 network 22.214.171.124 0.0.0.0 area 0 ! ip nat inside source static 10.0.0.1 126.96.36.199 ip nat outside source static 188.8.131.52 10.0.0.3 ! end R3#show run version 12.4 hostname R3 ! interface Loopback0 ip address 184.108.40.206 255.255.255.0 ! interface FastEthernet0/1 ip address 220.127.116.11 255.255.255.0 ! router ospf 1 log-adjacency-changes network 18.104.22.168 0.0.0.255 area 0 ! router bgp 3 no synchronization bgp log-neighbor-changes network 22.214.171.124 mask 255.255.255.255 neighbor 126.96.36.199 remote-as 1 neighbor 188.8.131.52 password cisco123 no auto-summary ! end R3#
Let us know what you find!
Your contributions and input is great. You ROCK!
I have summarized the 5 specific errors/issues with the configuration, and here they are:
- R2: NAT isn’t fully baked. Can fix with “ip nat outside source static 184.108.40.206 10.0.0.3 add-route” (or we could manually add the route as well).
- R1 & R3: The BGP passwords don’t match, but it doesn’t matter. BGP authentication doesn’t work between NAT’d BGP neighbors, so it would have to be removed.
- R1 & R3: Incorrect network statements for loopback addresses on both BGP routers (incorrect mask)
- R1 & R3: Ebgp-multihop statements are needed on both neighbors (not directly connected EBGP)
- R2: R2 doesn’t know how to reach 220.127.116.11 or 18.104.22.168 (non-BGP routing issue)
Again, thanks for the time and effort invested in this solution, and in learning in general. I appreciate you!
66 Responses to “BGP: The Big Gory Protocol (Can you troubleshoot it?)”
Leave a Reply