[Troubleshooting sharing]the Router show "BGP MD5 Auth error" when it try to establish BGP peer with both switches that run VRRP

Created Jun 17, 2018 20:24:41Latest reply Dec 24, 2018 09:25:07 377 3 0 0
I have a troubleshooting case to share for you.


the topology is so simple, 2 Switches are running VRRP and use VRRP virtual IP address to establish BGP peer with a Router, and configure MD5 authentication for BGP.

but we found that the Routes show "BGP MD5 Auth error" on it, and after configure the command“peer listen-only" on the VRRP Slave switch, the error message terminated.

the analysis for this issue is below:

The root cause for the “BGP MD5 Auth error" is that VRRP slave couldn’t receive TCP response packets from peer device, so VRRP slave will try to send TCP request packets with MD5 digest continuously. And peer device only can response packets to VRRP master, since VRRP Master and VRRP Slave were using different source TCP port, so VRRP Master will verify the packets failed when it received the packets which should be sent to VRRP Slave.

If VRRP Master verified the packet failed, VRRP will notice the peer device, in this case, peer device will get the error message “BGP MD5 Auth error”.

after cutomer configure "peer linten-only" on VRRP Slave switch, the slave switch will stop sending TCP packets. and the error message will terminated.


From group: Switch
  • x
  • convention:

wissal     Created Jun 17, 2018 20:43:16 Helpful(0) Helpful(0)

thanks for sharing this nice doc
  • x
  • convention:

YOO  Novice   Created Dec 22, 2018 11:30:56 Helpful(0) Helpful(0)

It is very helpful for the learner in the first stage.
  • x
  • convention:

xiaomumu  Novice   Created Dec 24, 2018 09:25:07 Helpful(0) Helpful(0)


Very helpful
  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top