All Cisco/Cisco, I don't have a Juniper here to test with mismatch AS *Apr 9 00:31:47.691: %BGP-3-NOTIFICATION: received from neighbor 10.250.254.253 2/2 (peer in wrong AS) 2 bytes 6A39
mismatch neighbor IP address no logged error MTU mismatch no logged error, session remained up Subnet mask mismatch session remained up, no logged error I haven't created the multihop scenario to see the error messages. None of these issues caused the (authentication failure). >________________________________ > From: Chuck Anderson <c...@wpi.edu> >To: nanog@nanog.org >Sent: Monday, November 25, 2013 11:10 AM >Subject: Re: BGP neighbor/configuration testing > > >Authentication failure might mean (without knowing for sure which on >Cisco): > >- mismatch AS numbers >- mismatch neighbor IP addresses >- multihop/TTL issues >- MTU issues > >On Mon, Nov 25, 2013 at 11:06:33AM -0800, Eric A Louie wrote: >> That's a natural first impression but there are no passwords configured on >> the BGP session on either router. I know it looks like an authentication >> error but it's a "misnomer" (at least from the searches I did on the error >> message). From the sequence of messages, we get Established and 2 seconds >> later the session Closes. The reason for the Close may lead us to the >> solution. >> >> I'm reluctant to turn on debug bgp because this is a live production router, >> and if I hose it, there will be a lot of 'splainin to do [1] >> >> [1] >> http://www.quotecounterquote.com/2011/05/lucy-you-got-some-splainin-to-do.html >> >> >> >> >> >> >________________________________ >> > From: Daniel Rohan <dro...@gmail.com> >> >To: Eric A Louie <elo...@yahoo.com> >> >Cc: Joe Abley <jab...@hopcount.ca>; "nanog@nanog.org" <nanog@nanog.org> >> >Sent: Monday, November 25, 2013 10:55 AM >> >Subject: Re: BGP neighbor/configuration testing >> > >> > >> > >> >Seems like: >> > >> >Nov 25 06:28:34.837 pacific: %BGP-3-NOTIFICATION: received from neighbor >> >xxx.118.92.149 2/5 (authentication failure) 0 bytes >> >> >> >should be a good starting place. I'm assuming you've already discussed auth >> >keys with your provider and if everyone is putting that in correctly, I'd >> >suggest turning on debugging to see what exactly that message is all about. >> > >> > >> >Dan > > > >
