[Troubleshooting sharing]the Router show "BGP MD5 Auth error" when it try to establish BGP peer with both switches that run VRRP

Latest reply: Dec 24, 2018 01:25:07 444 3 0 0
I have a troubleshooting case to share for you.


the topology is so simple, 2 Switches are running VRRP and use VRRP virtual IP address to establish BGP peer with a Router, and configure MD5 authentication for BGP.

but we found that the Routes show "BGP MD5 Auth error" on it, and after configure the command“peer listen-only" on the VRRP Slave switch, the error message terminated.

the analysis for this issue is below:

The root cause for the “BGP MD5 Auth error" is that VRRP slave couldn’t receive TCP response packets from peer device, so VRRP slave will try to send TCP request packets with MD5 digest continuously. And peer device only can response packets to VRRP master, since VRRP Master and VRRP Slave were using different source TCP port, so VRRP Master will verify the packets failed when it received the packets which should be sent to VRRP Slave.

If VRRP Master verified the packet failed, VRRP will notice the peer device, in this case, peer device will get the error message “BGP MD5 Auth error”.

after cutomer configure "peer linten-only" on VRRP Slave switch, the slave switch will stop sending TCP packets. and the error message will terminated.


From group: Switch
  • x
  • convention:

MVE Created Jun 17, 2018 12:43:16 Helpful(0) Helpful(0)

thanks for sharing this nice doc
  • x
  • convention:

Telecommunications%20Engineer%2C%20currently%20senior%20project%20manager%20of%20the%20radio%20access%20network%20and%20partner%20of%20Huawei%20de%20Tunisia.
Created Dec 22, 2018 03:30:56 Helpful(0) Helpful(0)

It is very helpful for the learner in the first stage.
  • x
  • convention:

Created Dec 24, 2018 01:25:07 Helpful(0) Helpful(0)


Very helpful
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top