BGP MD5 Authentication

Stefan Casucci · ‎04-10-2013

Hi,

I had a problem ( I think I fixed it) I just don't understand the reason why It happened. I have built a BGP config to use MD5 authentication (basic at first, then after BGP was up and running I added the authentication commands). BGP was up and running until today when we had to cut over our power for the racks one of the devices lives in. Upon rebooting I received the message " %TCP-6-BADAUTH: Invalid MD5 digest". I removed the authentication on both devices, BGP came back up, and then I re-added the authentication. Just for testing I cleared the peers, received the same message and then used the same procedure to fix it. So what I am trying to understand is why it did/ will do that, and if there is something I can do to prevent it or if I did something incorrectly to make this happen?

I do apologize, if I am not using all the correct terms, if something is not clear, please let me know and I will try to explain it better.

Thank you.

- Stefan

blau grana · ‎04-10-2013

Hello Stefan,

BGP session did not go UP at all without your help or you just did not wait what will happen and try to solve the problem?

I think that you could receive BADAUTH message because rebooted peer tried to establish new session but on other peer BGP session did not time out yet. Rebooted peer use other ports to establish BGP session (other than previous session) so MD5 hash did not match.

This is just a theoretical possibility, but this should not cause to BGP session will never come UP, maybe just convergence will last longer.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions