It isn’t my fault, they configured it that way before I got here! That was the entry level technician’s story Monday morning, and he was sticking to it.
Here is the rest of the story. Over the weekend, some testing had been done regarding a proposed BGP configuration. The objective was simple, R1 and R3 needed to ping each others loobacks at 22.214.171.124 and 126.96.36.199 respectively, with those 2 networks, being carried by BGP. R2 is performing NAT. The topology diagram looks like this:
The ping between loopbacks didn’t work, but R1 and R3 had these console messages:
R1# %TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST)
R1# %TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST) R1# R3# %TCP-6-BADAUTH: No MD5 digest from 188.8.131.52(179) to 184.108.40.206(59922) (RST) R3# %TCP-6-BADAUTH: No MD5 digest from 220.127.116.11(179) to 18.104.22.168(59922) (RST) R3#
The senior engineer looked at the configurations for R1, R2 and R3 and found 5 specific items, each of which was independently causing a failure.
Here is the challenge: Can you find 1 or more of them?
Let us know what your troubleshooting skills can find, and post your comments here on the blog.
Here are the configurations for the 3 routers:
R1#show run version 12.4 hostname R1 ! interface Loopback0 ip address 22.214.171.124 255.255.255.0 ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ! router ospf 1 network 10.0.0.0 0.0.0.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 126.96.36.199 mask 255.255.255.255 neighbor 10.0.0.3 remote-as 3 neighbor 10.0.0.3 password cisco no auto-summary ! end R1# R2#show run version 12.4 hostname R2 ! interface Loopback0 ip address 188.8.131.52 255.255.255.0 ! interface FastEthernet0/0 ip address 10.0.0.2 255.255.255.0 ip nat inside ip virtual-reassembly ! interface FastEthernet0/1 ip address 184.108.40.206 255.255.255.0 ip nat outside ip virtual-reassembly ! router ospf 1 network 220.127.116.11 0.0.0.0 area 0 network 10.0.0.2 0.0.0.0 area 0 network 18.104.22.168 0.0.0.0 area 0 ! ip nat inside source static 10.0.0.1 22.214.171.124 ip nat outside source static 126.96.36.199 10.0.0.3 ! end R3#show run version 12.4 hostname R3 ! interface Loopback0 ip address 188.8.131.52 255.255.255.0 ! interface FastEthernet0/1 ip address 184.108.40.206 255.255.255.0 ! router ospf 1 log-adjacency-changes network 220.127.116.11 0.0.0.255 area 0 ! router bgp 3 no synchronization bgp log-neighbor-changes network 18.104.22.168 mask 255.255.255.255 neighbor 22.214.171.124 remote-as 1 neighbor 126.96.36.199 password cisco123 no auto-summary ! end R3#
Let us know what you find!
Your contributions and input is great. You ROCK!
I have summarized the 5 specific errors/issues with the configuration, and here they are:
- R2: NAT isn’t fully baked. Can fix with “ip nat outside source static 188.8.131.52 10.0.0.3 add-route” (or we could manually add the route as well).
- R1 & R3: The BGP passwords don’t match, but it doesn’t matter. BGP authentication doesn’t work between NAT’d BGP neighbors, so it would have to be removed.
- R1 & R3: Incorrect network statements for loopback addresses on both BGP routers (incorrect mask)
- R1 & R3: Ebgp-multihop statements are needed on both neighbors (not directly connected EBGP)
- R2: R2 doesn’t know how to reach 184.108.40.206 or 220.127.116.11 (non-BGP routing issue)
Again, thanks for the time and effort invested in this solution, and in learning in general. I appreciate you!
66 Responses to “BGP: The Big Gory Protocol (Can you troubleshoot it?)”
Leave a Reply