- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2025 04:09 PM
Hi, I've had 2 routers that are configured with iBGP. Each one of these routers are connected to an external provider with eBGP. I setup a new router with full mesh iBGP and when I connect it to the external provider i get logs saying that R1 and R2 are trying to establish a BGP session with R3 but source the traffic with their external IP addresses to are used toward external providers.
I've configured next-hop-self in the iBGP but it didn't help.
%KERN-3-SYSTEM_MSG: [116842.668031] TCP: Unexpected MD5 Hash found for (11.11.11.1, 25304)->(55.55.55.3, 179) S - kernel
%KERN-3-SYSTEM_MSG: [116842.668031] TCP: Unexpected MD5 Hash found for (22.22.22.1, 25304)->(55.55.55.3, 179) S - kernel
In R3 I don't have neighbors for 11.11.11.1 or 22.22.22.1
In R3 I have neighbors configured for 55.55.55.1 and 55.55.55.2
Does anyone know what could be the problem and how to solve it?
Solved! Go to Solution.
- Labels:
-
Routing Protocols
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2025 11:56 PM
Hello @Ab26
Based on the diagram and your logs, the issue is likely caused by R1 and R2 sourcing iBGP traffic using their external provider-facing IPs (11.11.11.1 and 22.22.22.1) instead of their internal-facing IPs (55.55.55.1 and 55.55.55.2).
Also you have MD5 authentication mismatch (either unexpected MD5 or missing configuration on R1/R2).
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2025 09:51 AM - edited 03-22-2025 09:52 AM
Hi @Ab26 ,
By default the update source that is selected is the egress interface leading to the peer. In your scenario, vlan55 should be the interface selected for the iBGP mesh between R1, R2 and R3. The configuration of the update-source should not be required for this reason.
You seem to be running NXOS, right? Can you confirm the version you use. Can you also provide the interface configuration for vlan55.
Harold Ritter, CCIE #4168 (EI, SP)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2025 04:36 PM
Hi @Ab26 ,
Could you please provide the BGP configuration section.
Harold Ritter, CCIE #4168 (EI, SP)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2025 11:56 PM
Hello @Ab26
Based on the diagram and your logs, the issue is likely caused by R1 and R2 sourcing iBGP traffic using their external provider-facing IPs (11.11.11.1 and 22.22.22.1) instead of their internal-facing IPs (55.55.55.1 and 55.55.55.2).
Also you have MD5 authentication mismatch (either unexpected MD5 or missing configuration on R1/R2).
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2025 12:06 AM
Hello @Ab26 ,
check the BGP configuration on all three routers R1, R2, R3 from what we see in the error messages it looks like you have a wrong configuration on R1, R2 using a neighbor 55.55.55.3 update-source command pointing to the external LAN interface.
Hope to help
Giuseppe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2025 07:03 AM - edited 03-22-2025 08:52 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2025 09:51 AM - edited 03-22-2025 09:52 AM
Hi @Ab26 ,
By default the update source that is selected is the egress interface leading to the peer. In your scenario, vlan55 should be the interface selected for the iBGP mesh between R1, R2 and R3. The configuration of the update-source should not be required for this reason.
You seem to be running NXOS, right? Can you confirm the version you use. Can you also provide the interface configuration for vlan55.
Harold Ritter, CCIE #4168 (EI, SP)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2025 11:53 AM
Thanks @Harold Ritter !
After looking deeper I found out the Vlan55 was down in R1 and R2. These 2 routers where there for awhile. I just added R3 recently. Just for the simplicity I only mentioned one VLAN and one VRF however I have many in this setup. I should've done BGP debugging from the beginning
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2025 12:34 PM
You are very welcome @Ab26 and thanks for the feedback
Harold Ritter, CCIE #4168 (EI, SP)
