It isn’t my fault, they configured it that way before I got here! That was the entry level technician’s story Monday morning, and he was sticking to it.
Here is the rest of the story. Over the weekend, some testing had been done regarding a proposed BGP configuration. The objective was simple, R1 and R3 needed to ping each others loobacks at 188.8.131.52 and 184.108.40.206 respectively, with those 2 networks, being carried by BGP. R2 is performing NAT. The topology diagram looks like this:
The ping between loopbacks didn’t work, but R1 and R3 had these console messages:
R1# %TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST)
R1# %TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST) R1# R3# %TCP-6-BADAUTH: No MD5 digest from 220.127.116.11(179) to 18.104.22.168(59922) (RST) R3# %TCP-6-BADAUTH: No MD5 digest from 22.214.171.124(179) to 126.96.36.199(59922) (RST) R3#
The senior engineer looked at the configurations for R1, R2 and R3 and found 5 specific items, each of which was independently causing a failure.
Here is the challenge: Can you find 1 or more of them?
Let us know what your troubleshooting skills can find, and post your comments here on the blog.
Here are the configurations for the 3 routers:
R1#show run version 12.4 hostname R1 ! interface Loopback0 ip address 188.8.131.52 255.255.255.0 ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ! router ospf 1 network 10.0.0.0 0.0.0.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 184.108.40.206 mask 255.255.255.255 neighbor 10.0.0.3 remote-as 3 neighbor 10.0.0.3 password cisco no auto-summary ! end R1# R2#show run version 12.4 hostname R2 ! interface Loopback0 ip address 220.127.116.11 255.255.255.0 ! interface FastEthernet0/0 ip address 10.0.0.2 255.255.255.0 ip nat inside ip virtual-reassembly ! interface FastEthernet0/1 ip address 18.104.22.168 255.255.255.0 ip nat outside ip virtual-reassembly ! router ospf 1 network 22.214.171.124 0.0.0.0 area 0 network 10.0.0.2 0.0.0.0 area 0 network 126.96.36.199 0.0.0.0 area 0 ! ip nat inside source static 10.0.0.1 188.8.131.52 ip nat outside source static 184.108.40.206 10.0.0.3 ! end R3#show run version 12.4 hostname R3 ! interface Loopback0 ip address 220.127.116.11 255.255.255.0 ! interface FastEthernet0/1 ip address 18.104.22.168 255.255.255.0 ! router ospf 1 log-adjacency-changes network 22.214.171.124 0.0.0.255 area 0 ! router bgp 3 no synchronization bgp log-neighbor-changes network 126.96.36.199 mask 255.255.255.255 neighbor 188.8.131.52 remote-as 1 neighbor 184.108.40.206 password cisco123 no auto-summary ! end R3#
Let us know what you find!
Your contributions and input is great. You ROCK!
I have summarized the 5 specific errors/issues with the configuration, and here they are:
- R2: NAT isn’t fully baked. Can fix with “ip nat outside source static 220.127.116.11 10.0.0.3 add-route” (or we could manually add the route as well).
- R1 & R3: The BGP passwords don’t match, but it doesn’t matter. BGP authentication doesn’t work between NAT’d BGP neighbors, so it would have to be removed.
- R1 & R3: Incorrect network statements for loopback addresses on both BGP routers (incorrect mask)
- R1 & R3: Ebgp-multihop statements are needed on both neighbors (not directly connected EBGP)
- R2: R2 doesn’t know how to reach 18.104.22.168 or 22.214.171.124 (non-BGP routing issue)
Again, thanks for the time and effort invested in this solution, and in learning in general. I appreciate you!
66 Responses to “BGP: The Big Gory Protocol (Can you troubleshoot it?)”
Leave a Reply