Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor <REMOTE PEER> active 2/5 (authentication failure) 0 bytes Dec 18 15:46:33.615: BGP: ses global <REMOTE PEER> (0x7FB1CD209CF0:0) act Receive NOTIFICATION 2/5 (authentication failure) 0 bytes Although I have seem this on the message boards I am little confused in that the ISP is telling me that there is no authentication enabled on the Juniper and I do not have authentication enabled on the ASR. So what is going on here?
Probably a TTL problem. Did you configure ebgp-multihop? Eric Dugas ZEROFAIL / AS40191 edugas@zerofail.com -----Original Message----- From: Philip Lavine [mailto:source_route@yahoo.com] Sent: December 18, 2013 10:48 AM To: NANOG list Subject: BGP from Juniper to Cisco ASR Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor <REMOTE PEER> active 2/5 (authentication failure) 0 bytes Dec 18 15:46:33.615: BGP: ses global <REMOTE PEER> (0x7FB1CD209CF0:0) act Receive NOTIFICATION 2/5 (authentication failure) 0 bytes Although I have seem this on the message boards I am little confused in that the ISP is telling me that there is no authentication enabled on the Juniper and I do not have authentication enabled on the ASR. So what is going on here?
yes I tried multihop even though my peer is on the same /29 On Wednesday, December 18, 2013 8:10 AM, Eric Dugas <EDugas@zerofail.com> wrote: Probably a TTL problem. Did you configure ebgp-multihop? Eric Dugas ZEROFAIL / AS40191 edugas@zerofail.com -----Original Message----- From: Philip Lavine [mailto:source_route@yahoo.com] Sent: December 18, 2013 10:48 AM To: NANOG list Subject: BGP from Juniper to Cisco ASR Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor <REMOTE PEER> active 2/5 (authentication failure) 0 bytes Dec 18 15:46:33.615: BGP: ses global <REMOTE PEER> (0x7FB1CD209CF0:0) act Receive NOTIFICATION 2/5 (authentication failure) 0 bytes Although I have seem this on the message boards I am little confused in that the ISP is telling me that there is no authentication enabled on the Juniper and I do not have authentication enabled on the ASR. So what is going on here?
On 18 December 2013 15:48, Philip Lavine <source_route@yahoo.com> wrote:
Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor <REMOTE PEER> active 2/5 (authentication failure) 0 bytes Dec 18 15:46:33.615: BGP: ses global <REMOTE PEER> (0x7FB1CD209CF0:0) act Receive NOTIFICATION 2/5 (authentication failure) 0 bytes
Although I have seem this on the message boards I am little confused in
that the ISP is telling me that there is no authentication enabled on the Juniper and I do not have authentication enabled on the ASR. So what is going on here?
That's an error during the Open phase, so it can't be related to any MD5 authentication configuration - which is absent, as you say so yourself. Make sure you're trying to initiate the BGP session from the right IP address (eventually needing to use "neighbor X update-source <interface>") and that their configuration matches your address correctly (i.e., they have the right address on your side, without any typos on their configuration). It probably wouldn't hurt to confirm they have your peering session configured as "type external". HTH.
When I had that problem, it was because the max-prefixes on the Juniper router was being triggered. If I remember correctly. It's a strange return message for the wrong issue.
________________________________ From: Philip Lavine <source_route@yahoo.com> To: NANOG list <nanog@nanog.org> Sent: Wednesday, December 18, 2013 7:48 AM Subject: BGP from Juniper to Cisco ASR
Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor <REMOTE PEER> active 2/5 (authentication failure) 0 bytes Dec 18 15:46:33.615: BGP: ses global <REMOTE PEER> (0x7FB1CD209CF0:0) act Receive NOTIFICATION 2/5 (authentication failure) 0 bytes
Although I have seem this on the message boards I am little confused in that the ISP is telling me that there is no authentication enabled on the Juniper and I do not have authentication enabled on the ASR. So what is going on here?
When I had that problem, it was because the max-prefixes on the Juniper router was being triggered. If I remember correctly. It's a strange return message for the wrong issue.
________________________________ From: Philip Lavine <source_route@yahoo.com> To: NANOG list <nanog@nanog.org> Sent: Wednesday, December 18, 2013 7:48 AM Subject: BGP from Juniper to Cisco ASR
Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor <REMOTE PEER> active 2/5 (authentication failure) 0 bytes Dec 18 15:46:33.615: BGP: ses global <REMOTE PEER> (0x7FB1CD209CF0:0) act Receive NOTIFICATION 2/5 (authentication failure) 0 bytes
Although I have seem this on the message boards I am little confused in that the ISP is telling me that there is no authentication enabled on the Juniper and I do not have authentication enabled on the ASR. So what is going on here?
Whats the frequency of this message occurence ? On Thu, Dec 19, 2013 at 6:31 AM, Eric A Louie <elouie@yahoo.com> wrote:
When I had that problem, it was because the max-prefixes on the Juniper router was being triggered. If I remember correctly. It's a strange return message for the wrong issue.
________________________________ From: Philip Lavine <source_route@yahoo.com> To: NANOG list <nanog@nanog.org> Sent: Wednesday, December 18, 2013 7:48 AM Subject: BGP from Juniper to Cisco ASR
Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor <REMOTE PEER> active 2/5 (authentication failure) 0 bytes Dec 18 15:46:33.615: BGP: ses global <REMOTE PEER> (0x7FB1CD209CF0:0) act Receive NOTIFICATION 2/5 (authentication failure) 0 bytes
Although I have seem this on the message boards I am little confused in that the ISP is telling me that there is no authentication enabled on the Juniper and I do not have authentication enabled on the ASR. So what is going on here?
I was able to solve the issue by statically routing the connected /29 out the connected interface, that way it overrode the BGP learned route for the same subnet (unfortunately this might have been a multi-homing issue that resulted in asymmetrical routing to the primary peer via the secondary peer, since the secondary peer session was already established). I thought BGP was "intelligent" enough to run the TCP session over the directly connected interfaces on the same subnets. I can understand this being an issue with multihop but not multi-homing. On Wednesday, December 18, 2013 7:01 PM, Rakesh M <raaki.88@gmail.com> wrote: Whats the frequency of this message occurence ? On Thu, Dec 19, 2013 at 6:31 AM, Eric A Louie <elouie@yahoo.com> wrote: When I had that problem, it was because the max-prefixes on the Juniper router was being triggered. If I remember correctly. It's a strange return message for the wrong issue.
________________________________ From: Philip Lavine <source_route@yahoo.com> To: NANOG list <nanog@nanog.org> Sent: Wednesday, December 18, 2013 7:48 AM Subject: BGP from Juniper to Cisco ASR
Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor <REMOTE PEER> active 2/5 (authentication failure) 0 bytes Dec 18 15:46:33.615: BGP: ses global <REMOTE PEER> (0x7FB1CD209CF0:0) act Receive NOTIFICATION 2/5 (authentication failure) 0 bytes
Although I have seem this on the message boards I am little confused in that the ISP is telling me that there is no authentication enabled on the Juniper and I do not have authentication enabled on the ASR. So what is going on here?
participants (5)
-
Eric A Louie
-
Eric Dugas
-
Pedro Cavaca
-
Philip Lavine
-
Rakesh M