It isn’t my fault, they configured it that way before I got here! That was the entry level technician’s story Monday morning, and he was sticking to it.
Here is the rest of the story. Over the weekend, some testing had been done regarding a proposed BGP configuration. The objective was simple, R1 and R3 needed to ping each others loobacks at 184.108.40.206 and 220.127.116.11 respectively, with those 2 networks, being carried by BGP. R2 is performing NAT. The topology diagram looks like this:
The ping between loopbacks didn’t work, but R1 and R3 had these console messages:
R1# %TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST)
R1# %TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST) R1# R3# %TCP-6-BADAUTH: No MD5 digest from 18.104.22.168(179) to 22.214.171.124(59922) (RST) R3# %TCP-6-BADAUTH: No MD5 digest from 126.96.36.199(179) to 188.8.131.52(59922) (RST) R3#
The senior engineer looked at the configurations for R1, R2 and R3 and found 5 specific items, each of which was independently causing a failure.
Here is the challenge: Can you find 1 or more of them?
Let us know what your troubleshooting skills can find, and post your comments here on the blog.
Here are the configurations for the 3 routers:
R1#show run version 12.4 hostname R1 ! interface Loopback0 ip address 184.108.40.206 255.255.255.0 ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ! router ospf 1 network 10.0.0.0 0.0.0.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes network 220.127.116.11 mask 255.255.255.255 neighbor 10.0.0.3 remote-as 3 neighbor 10.0.0.3 password cisco no auto-summary ! end R1# R2#show run version 12.4 hostname R2 ! interface Loopback0 ip address 18.104.22.168 255.255.255.0 ! interface FastEthernet0/0 ip address 10.0.0.2 255.255.255.0 ip nat inside ip virtual-reassembly ! interface FastEthernet0/1 ip address 22.214.171.124 255.255.255.0 ip nat outside ip virtual-reassembly ! router ospf 1 network 126.96.36.199 0.0.0.0 area 0 network 10.0.0.2 0.0.0.0 area 0 network 188.8.131.52 0.0.0.0 area 0 ! ip nat inside source static 10.0.0.1 184.108.40.206 ip nat outside source static 220.127.116.11 10.0.0.3 ! end R3#show run version 12.4 hostname R3 ! interface Loopback0 ip address 18.104.22.168 255.255.255.0 ! interface FastEthernet0/1 ip address 22.214.171.124 255.255.255.0 ! router ospf 1 log-adjacency-changes network 126.96.36.199 0.0.0.255 area 0 ! router bgp 3 no synchronization bgp log-neighbor-changes network 188.8.131.52 mask 255.255.255.255 neighbor 184.108.40.206 remote-as 1 neighbor 220.127.116.11 password cisco123 no auto-summary ! end R3#
Let us know what you find!
Your contributions and input is great. You ROCK!
I have summarized the 5 specific errors/issues with the configuration, and here they are:
- R2: NAT isn’t fully baked. Can fix with “ip nat outside source static 18.104.22.168 10.0.0.3 add-route” (or we could manually add the route as well).
- R1 & R3: The BGP passwords don’t match, but it doesn’t matter. BGP authentication doesn’t work between NAT’d BGP neighbors, so it would have to be removed.
- R1 & R3: Incorrect network statements for loopback addresses on both BGP routers (incorrect mask)
- R1 & R3: Ebgp-multihop statements are needed on both neighbors (not directly connected EBGP)
- R2: R2 doesn’t know how to reach 22.214.171.124 or 126.96.36.199 (non-BGP routing issue)
Again, thanks for the time and effort invested in this solution, and in learning in general. I appreciate you!
66 Responses to “BGP: The Big Gory Protocol (Can you troubleshoot it?)”
Leave a Reply