[Troubleshooting sharing]the Router show "BGP MD5 Auth error" when it try to establish BGP peer with both switches that run VRRP

Created: Jun 17, 2018 20:24:41Latest reply: Dec 24, 2018 09:25:07 396 3 0 0
I have a troubleshooting case to share for you.


the topology is so simple, 2 Switches are running VRRP and use VRRP virtual IP address to establish BGP peer with a Router, and configure MD5 authentication for BGP.

but we found that the Routes show "BGP MD5 Auth error" on it, and after configure the command“peer listen-only" on the VRRP Slave switch, the error message terminated.

the analysis for this issue is below:

The root cause for the “BGP MD5 Auth error" is that VRRP slave couldn’t receive TCP response packets from peer device, so VRRP slave will try to send TCP request packets with MD5 digest continuously. And peer device only can response packets to VRRP master, since VRRP Master and VRRP Slave were using different source TCP port, so VRRP Master will verify the packets failed when it received the packets which should be sent to VRRP Slave.

If VRRP Master verified the packet failed, VRRP will notice the peer device, in this case, peer device will get the error message “BGP MD5 Auth error”.

after cutomer configure "peer linten-only" on VRRP Slave switch, the slave switch will stop sending TCP packets. and the error message will terminated.


From group: Switch
  • x
  • convention:

wissal  Visitor   Created Jun 17, 2018 20:43:16 Helpful(0) Helpful(0)

thanks for sharing this nice doc
  • x
  • convention:

YOO  Visitor   Created Dec 22, 2018 11:30:56 Helpful(0) Helpful(0)

It is very helpful for the learner in the first stage.
  • x
  • convention:

xiaomumu  Visitor   Created Dec 24, 2018 09:25:07 Helpful(0) Helpful(0)


Very helpful
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top