Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k

BGP Authentication .. TCP invalid packes

Dears
Would like your assistance please regarding below logs. Usually this should indicate bad authentication however here BGP session is up and not affected by these logs

What could be the reason for these logs. I believe one reason if BGP packets are fragmented in path and 1 fragment is lost however here this is not the case as BGP MSS is 556

*Apr  9 09:47:37.432 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 1.1.1.1(179) to 2.2.2.2(47214) tableid - 0
*Apr  9 10:10:44.376 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 1.1.1.1(179) to 2.2.2.2(47214) tableid - 0
*Apr  9 10:10:44.388 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 1.1.1.1(179) to 2.2.2.2(47214) tableid - 0
*Apr  9 10:56:07.964 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 1.1.1.1(179) to 2.2.2.2(47214) tableid - 0
*Apr 10 00:06:45.193 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 1.1.1.1(179) to 2.2.2.2(47214) tableid - 0
*Apr 10 03:27:16.928 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 1.1.1.1(179) to 2.2.2.2(47214) tableid - 0
*Apr 10 08:28:12.395 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 1.1.1.1(179) to 2.2.2.2(47214) tableid - 0
*Apr 10 09:15:25.779 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 1.1.1.1(179) to 2.2.2.2(47214) tableid - 0
*Apr 10 14:52:39.777 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 1.1.1.1(179) to 2.2.2.2(47214) tableid - 0

R1#show ip bgp vpnv4 all neighbors | i seg|md5
Maximum output segment queue size: 50
Option Flags: nagle, md5
Datagrams (max data segment is 556 bytes):

Thanks
Regards
Sherif Ismail

Everyone's tags (1)
2 REPLIES
VIP Super Bronze

Hi,Do you only have one BGP

Hi,

Do you only have one BGP peering?

What is the output of "sh ip bg sum"

HTH

Hi RezaThanks for your reply.

Hi Reza

Thanks for your reply. Actually there are 2 ibgp vpnv4 neighbors configured with same password.
What I noticed that out of order packets are incrementing however not sure how could this affect especially when packets are not fragmented

||||||||||||

R1#show ip bgp vpnv4 all summary
BGP router identifier 10.40.0.39, local AS number 64512
BGP table version is 4573197, main routing table version 4573197
2280 network entries using 346560 bytes of memory
4148 path entries using 215696 bytes of memory
55/45 BGP path/bestpath attribute entries using 7260 bytes of memory
75 BGP rrinfo entries using 1800 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
26 BGP extended community entries using 704 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 572116 total bytes of memory
BGP activity 43921/41641 prefixes, 2838944/2834796 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4        64512 5826409  228404  4573197    0    0 20w3d        1374
1.1.1.2         4        64512 1028955   29033  4573197    0    0 2w4d         1375
R1#
R1#


R1#show ip bgp vpnv4 all neighbors 1.1.1.1 | i order
Enqueued packets for retransmit: 0, input: 0  mis-ordered: 0 (0 bytes)
Rcvd: 3766435 (out of order: 3394), with data: 3542969, total data bytes: 697724328  <<<-- incrmenting
R1#

Note
Logs appear also for 2nd neighbor however here I only showed one only for simplicity


Many Thanks

Regards
Sherif Ismail

442
Views
0
Helpful
2
Replies
CreatePlease to create content