The auth error was transient, forget about it. Now you're getting 6/1 - maximum number of prefixes reached. http://tools.ietf.org/html/rfc4486 (or http://backupsalmanaja.blogspot.ie/2009/12/bgp-cease-notification-messages.h... you prefer). HTH On 25 November 2013 23:07, Eric A Louie <elouie@yahoo.com> wrote:
All Cisco/Cisco, I don't have a Juniper here to test with
mismatch AS *Apr 9 00:31:47.691: %BGP-3-NOTIFICATION: received from neighbor 10.250.254.253 2/2 (peer in wrong AS) 2 bytes 6A39
mismatch neighbor IP address no logged error
MTU mismatch no logged error, session remained up
Subnet mask mismatch session remained up, no logged error
I haven't created the multihop scenario to see the error messages.
None of these issues caused the (authentication failure).
________________________________ From: Chuck Anderson <cra@WPI.EDU> To: nanog@nanog.org Sent: Monday, November 25, 2013 11:10 AM Subject: Re: BGP neighbor/configuration testing
Authentication failure might mean (without knowing for sure which on Cisco):
- mismatch AS numbers - mismatch neighbor IP addresses - multihop/TTL issues - MTU issues
On Mon, Nov 25, 2013 at 11:06:33AM -0800, Eric A Louie wrote:
That's a natural first impression but there are no passwords configured on the BGP session on either router. I know it looks like an authentication error but it's a "misnomer" (at least from the searches I did on the error message). From the sequence of messages, we get Established and 2 seconds later the session Closes. The reason for the Close may lead us to the solution.
I'm reluctant to turn on debug bgp because this is a live production router, and if I hose it, there will be a lot of 'splainin to do [1]
[1] http://www.quotecounterquote.com/2011/05/lucy-you-got-some-splainin-to-do.ht...
________________________________ From: Daniel Rohan <drohan@gmail.com> To: Eric A Louie <elouie@yahoo.com> Cc: Joe Abley <jabley@hopcount.ca>; "nanog@nanog.org" <nanog@nanog.org
Sent: Monday, November 25, 2013 10:55 AM Subject: Re: BGP neighbor/configuration testing
Seems like:
Nov 25 06:28:34.837 pacific: %BGP-3-NOTIFICATION: received from neighbor xxx.118.92.149 2/5 (authentication failure) 0 bytes
should be a good starting place. I'm assuming you've already discussed auth keys with your provider and if everyone is putting that in correctly, I'd suggest turning on debugging to see what exactly that message is all about.
Dan