blog
    BGP: The Big Gory Protoco ...
    25 May 10

    BGP: The Big Gory Protocol (Can you troubleshoot it?)

    Posted byINE
    facebooktwitterlinkedin
    news-featured

    It isn't my fault, they configured it that way before I got here! That was the entry level technician's story Monday morning, and he was sticking to it.  :)

    Here is the rest of the story.   Over the weekend, some testing had been done regarding a proposed BGP configuration.   The objective was simple, R1 and R3 needed to ping each others loobacks at 1.1.1.1 and 3.3.3.3 respectively, with those 2 networks, being carried by BGP.  R2 is performing NAT.    The topology diagram looks like this:

    3 routers in a row-NO-user

    The ping between loopbacks didn't work, but R1 and R3 had these console messages:

    R1#
    %TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST)

    R1#
    %TCP-6-BADAUTH: No MD5 digest from 10.0.0.3(179) to 10.0.0.1(28556) (RST)
    R1#

    R3#
    %TCP-6-BADAUTH: No MD5 digest from 23.0.0.1(179) to 23.0.0.3(59922) (RST)
    R3#
    %TCP-6-BADAUTH: No MD5 digest from 23.0.0.1(179) to 23.0.0.3(59922) (RST)
    R3#

    The senior engineer looked at the configurations for R1, R2 and R3 and found 5 specific items, each of which was independently causing a failure.

    Here is the challenge:  Can you find 1 or more of them?

    Let us know what your troubleshooting skills can find, and post your comments here on the blog.

    Here are the configurations for the 3 routers:

    R1#show run
    version 12.4
    hostname R1
    !
    interface Loopback0
    ip address 1.1.1.1 255.255.255.0
    !
    interface FastEthernet0/0
    ip address 10.0.0.1 255.255.255.0
    !
    router ospf 1
    network 10.0.0.0 0.0.0.255 area 0
    !
    router bgp 1
    no synchronization
    bgp log-neighbor-changes
    network 1.1.1.1 mask 255.255.255.255
    neighbor 10.0.0.3 remote-as 3
    neighbor 10.0.0.3 password cisco
    no auto-summary
    !
    end
    R1#

    R2#show run
    version 12.4
    hostname R2
    !
    interface Loopback0
    ip address 2.2.2.2 255.255.255.0
    !
    interface FastEthernet0/0
    ip address 10.0.0.2 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    interface FastEthernet0/1
    ip address 23.0.0.2 255.255.255.0
    ip nat outside
    ip virtual-reassembly
    !
    router ospf 1
    network 2.2.2.2 0.0.0.0 area 0
    network 10.0.0.2 0.0.0.0 area 0
    network 23.0.0.2 0.0.0.0 area 0
    !
    ip nat inside source static 10.0.0.1 23.0.0.1
    ip nat outside source static 23.0.0.3 10.0.0.3
    !
    end

    R3#show run
    version 12.4
    hostname R3
    !
    interface Loopback0
    ip address 3.3.3.3 255.255.255.0
    !
    interface FastEthernet0/1
    ip address 23.0.0.3 255.255.255.0
    !
    router ospf 1
    log-adjacency-changes
    network 23.0.0.0 0.0.0.255 area 0
    !
    router bgp 3
    no synchronization
    bgp log-neighbor-changes
    network 3.3.3.3 mask 255.255.255.255
    neighbor 23.0.0.1 remote-as 1
    neighbor 23.0.0.1 password cisco123
    no auto-summary
    !
    end
    R3#

    Let us know what you find!

    Best wishes.

     

     

     

    UPDATE:   ANSWERS

    Your contributions and input is great.  You ROCK!

    I have summarized the 5 specific errors/issues with the configuration, and here they are:

    • R2: NAT isn't fully baked. Can fix with  "ip nat outside source static 23.0.0.3 10.0.0.3 add-route" (or we could manually add the route as well).
    • R1 & R3: The BGP passwords don't match, but it doesn't matter. BGP authentication doesn't work between NAT'd BGP neighbors, so it would have to be removed. :)
    • R1 & R3: Incorrect network statements for loopback addresses on both BGP routers (incorrect mask)
    • R1 & R3: Ebgp-multihop statements are needed on both neighbors (not directly connected EBGP)
    • R2: R2 doesn't know how to reach 1.1.1.1 or 3.3.3.3 (non-BGP routing issue)

    Again, thanks for the time and effort invested in this solution, and in learning in general.   I appreciate you!

    Best wishes.

    Hey! Don’t miss anything - subscribe to our newsletter!

    © 2022 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
    instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo