BGP: The Big Gory Protocol (Can you troubleshoot it?)
It isn't my fault, they configured it that way before I got here! That was the entry level technician's story Monday morning, and he was sticking to it. :)
Here is the rest of the story. Over the weekend, some testing had been done regarding a proposed BGP configuration. The objective was simple, R1 and R3 needed to ping each others loobacks at 1.1.1.1 and 3.3.3.3 respectively, with those 2 networks, being carried by BGP. R2 is performing NAT. The topology diagram looks like this:
The ping between loopbacks didn't work, but R1 and R3 had these console messages:
R1#
%TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST)
R1#
%TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST)
R1#R3#
%TCP-6-BADAUTH: No MD5 digest from 23.0.0.1(179) to 23.0.0.3(59922) (RST)
R3#
%TCP-6-BADAUTH: No MD5 digest from 23.0.0.1(179) to 23.0.0.3(59922) (RST)
R3#
The senior engineer looked at the configurations for R1, R2 and R3 and found 5 specific items, each of which was independently causing a failure.
Here is the challenge: Can you find 1 or more of them?
Let us know what your troubleshooting skills can find, and post your comments here on the blog.
Here are the configurations for the 3 routers:
R1#show run
version 12.4
hostname R1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
!
router ospf 1
network 10.0.0.0 0.0.0.255 area 0
!
router bgp 1
no synchronization
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 10.0.0.3 remote-as 3
neighbor 10.0.0.3 password cisco
no auto-summary
!
end
R1#R2#show run
version 12.4
hostname R2
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
ip address 23.0.0.2 255.255.255.0
ip nat outside
ip virtual-reassembly
!
router ospf 1
network 2.2.2.2 0.0.0.0 area 0
network 10.0.0.2 0.0.0.0 area 0
network 23.0.0.2 0.0.0.0 area 0
!
ip nat inside source static 10.0.0.1 23.0.0.1
ip nat outside source static 23.0.0.3 10.0.0.3
!
endR3#show run
version 12.4
hostname R3
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/1
ip address 23.0.0.3 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 23.0.0.0 0.0.0.255 area 0
!
router bgp 3
no synchronization
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
neighbor 23.0.0.1 remote-as 1
neighbor 23.0.0.1 password cisco123
no auto-summary
!
end
R3#
Let us know what you find!
Best wishes.
UPDATE: ANSWERS
Your contributions and input is great. You ROCK!
I have summarized the 5 specific errors/issues with the configuration, and here they are:
- R2: NAT isn't fully baked. Can fix with "ip nat outside source static 23.0.0.3 10.0.0.3 add-route" (or we could manually add the route as well).
- R1 & R3: The BGP passwords don't match, but it doesn't matter. BGP authentication doesn't work between NAT'd BGP neighbors, so it would have to be removed. :)
- R1 & R3: Incorrect network statements for loopback addresses on both BGP routers (incorrect mask)
- R1 & R3: Ebgp-multihop statements are needed on both neighbors (not directly connected EBGP)
- R2: R2 doesn't know how to reach 1.1.1.1 or 3.3.3.3 (non-BGP routing issue)
Again, thanks for the time and effort invested in this solution, and in learning in general. I appreciate you!
Best wishes.
