Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor <REMOTE PEER> active 2/5 (authentication failure) 0 bytes
Dec 18 15:46:33.615: BGP: ses global <REMOTE PEER> (0x7FB1CD209CF0:0) act Receive NOTIFICATION 2/5 (authentication failure) 0 bytes
Although I have seem this on the message boards I am little confused in that the ISP is telling me that there is no authentication enabled on the Juniper and I do not have authentication enabled on the ASR. So what is going on here?
Probably a TTL problem. Did you configure ebgp-multihop?
Eric Dugas
ZEROFAIL / AS40191
edugas@zerofail.com
yes I tried multihop
even though my peer is on the same /29
Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor <REMOTE PEER>
active 2/5 (authentication failure) 0 bytes
Dec 18 15:46:33.615: BGP: ses global <REMOTE PEER> (0x7FB1CD209CF0:0) act
Receive NOTIFICATION 2/5 (authentication failure) 0 bytes
Although I have seem this on the message boards I am little confused in
that the ISP is telling me that there is no authentication enabled on the
Juniper and I do not have authentication enabled on the ASR. So what is
going on here?
That's an error during the Open phase, so it can't be related to any MD5
authentication configuration - which is absent, as you say so yourself.
Make sure you're trying to initiate the BGP session from the right IP
address (eventually needing to use "neighbor X update-source <interface>")
and that their configuration matches your address correctly (i.e., they
have the right address on your side, without any typos on their
configuration).
It probably wouldn't hurt to confirm they have your peering session
configured as "type external".
HTH.
When I had that problem, it was because the max-prefixes on the Juniper router was being triggered. If I remember correctly. It's a strange return message for the wrong issue.
When I had that problem, it was because the max-prefixes on the Juniper router was being triggered. If I remember correctly. It's a strange return message for the wrong issue.
Whats the frequency of this message occurence ?
I was able to solve the issue by statically routing the connected /29 out the connected interface, that way it overrode the BGP learned route for the same subnet (unfortunately this might have been a multi-homing issue that resulted in asymmetrical routing to the primary peer via the secondary peer, since the secondary peer session was already established). I thought BGP was "intelligent" enough to run the TCP session over the directly connected interfaces on the same subnets. I can understand this being an issue with multihop but not multi-homing.
Whats the frequency of this message occurence ?
When I had that problem, it was because the max-prefixes on the Juniper router was being triggered. If I remember correctly. It's a strange return message for the wrong issue.