BGP

Posted: October 18, 2013 in Uncategorized
Router1(config)#router bgp 1           !–Autonomous system number
!– Flags a network as local to this autonomous system and enters it to the BGP table. Specify a network to announce via BGP
Router1(config)#network 150.1.1.1 mask 255.255.255.255  
!– Specify a neighbor router
Router1(config)#neighbor 136.1.13.3 remote-as 3  
! — Set a password
Router1(config)#neighbor 136.1.13.3 password PASSWORD
Router3(config)#router bgp 3
Router3(config)#network 150.1.3.3 mask 255.255.255.255
Router3(config)#neighbor 136.1.13.1 remote-as 1
Router3(config)#neighbor 136.1.23.2 remote-as 2
Router3(config)#neighbor 136.1.13.1 password PASSWORD   
Router3(config)#neighbor 136.1.23.2 password PASSWORDRouter1(config)#router ?
bgp       Border Gateway Protocol (BGP)
eigrp     Enhanced Interior Gateway Routing Protocol (EIGRP)
isis      ISO IS-IS
iso-igrp  IGRP for OSI networks
mobile    Mobile routes
odr       On Demand stub Routes
ospf      Open Shortest Path First (OSPF)
rip       Routing Information Protocol (RIP)*Oct 18 15:24:04.306: %TCP-6-BADAUTH: No MD5 digest from 136.1.13.3(179) to 136.1.13.1(19226)
*Oct 18 15:24:07.466: %TCP-6-BADAUTH: No MD5 digest from 136.1.13.3(16117) to 136.1.13.1(179)
*Oct 18 15:24:24.302: %BGP-5-ADJCHANGE: neighbor 136.1.13.3 UpRouter1#sh ip bgp summary
BGP router identifier 150.1.1.1, local AS number 1
BGP table version is 4, main routing table version 4
3 network entries using 360 bytes of memory
3 path entries using 156 bytes of memory
3/3 BGP path/bestpath attribute entries using 372 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 936 total bytes of memory
BGP activity 3/0 prefixes, 3/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
136.1.13.3      4            3       7       5        4    0    0 00:00:50                         2

!– To check BGP table
Router1#sh ip bgp
BGP table version is 4, local router ID is 150.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incompleteNetwork          Next Hop            Metric LocPrf Weight Path
*> 150.1.1.1/32     0.0.0.0                  0         32768 i
*> 150.1.2.2/32     136.1.13.3                             0 3 2 i
*> 150.1.3.3/32     136.1.13.3               0             0 3 i
Router1#
!– Wrong password entered:
Router1(config)#router bgp 1
Router1(config-router)#neighbor 136.1.13.3 password ee     !– wrong pass results
*Oct 18 15:27:45.802: %TCP-6-BADAUTH: Invalid MD5 digest from 136.1.13.3(179) to 136.1.13.1(41138)
*Oct 18 15:27:46.974: %TCP-6-BADAUTH: Invalid MD5 digest from 136.1.13.3(179) to 136.1.13.1(41138)
*Oct 18 15:27:49.318: %TCP-6-BADAUTH: Invalid MD5 digest from 136.1.13.3(179) toRouter3#sh ip bgp
%BGP-5-ADJCHANGE: neighbor 136.1.13.1 Up
Router3#sh ip bgp summary
BGP router identifier 150.1.3.3, local AS number 3
BGP table version is 3, main routing table version 3
2 network entries using 240 bytes of memory
2 path entries using 104 bytes of memory
2/2 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 616 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secsNeighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
136.1.13.1      4            1       5       5        2    0    0 00:00:02        1
136.1.23.2      4            2       0       0        1    0    0 never    Active

%BGP-5-ADJCHANGE: neighbor 136.1.23.2 Up

Router3#sh ip bgp summary
BGP router identifier 150.1.3.3, local AS number 3
…..

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
136.1.13.1      4            1       7       9        4    0    0 00:02:29        1
136.1.23.2      4            2       7       8        4    0    0 00:02:17        1

!– Verify authentication on per neighbour basis:
Router3#sh ip bgp neighbors 136.1.23.2
BGP neighbor is 136.1.23.2,  remote AS 2, external link
BGP version 4, remote router ID 150.1.2.2
BGP state = Established, up for 00:02:26
……
Option Flags: nagle, path mtu capable, md5, 0x1000000
IP Precedence value : 6Datagrams (max data segment is 1460 bytes):
Rcvd: 12 (out of order: 0), with data: 6, total data bytes: 212
Sent: 10 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 6, total data bytes: 297
Packets received in fast path: 0, fast processed: 0, slow path: 0
fast lock acquisition failures: 0, slow path: 0
Router3#sh ip bgp neighbors 136.1.13.1
BGP neighbor is 136.1.13.1,  remote AS 1, external link
BGP version 4, remote router ID 150.1.1.1
BGP state = Established, up for 00:02:50
Last read 00:00:01, last write 00:00:28, hold time is 180, keepalive interval is 60 seconds
Neighbor sessions:
1 active, is multisession capable
…….
Option Flags: nagle, path mtu capable, md5, 0x1000000
IP Precedence value : 6Datagrams (max data segment is 1460 bytes):
Rcvd: 13 (out of order: 0), with data: 7, total data bytes: 231
Sent: 12 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 7, total data bytes: 316
Packets received in fast path: 0, fast processed: 0, slow path: 0
fast lock acquisition failures: 0, slow path: 0
!– Failure in authentication
%TCP-6-BADAUTH: Invalid MD5 digest from 136.1.13.1(41138) to 136.1.13.3(179)
!– error message if authentication is not enabled on routers
%TCP-6-BADAUTH: No MD5 digest from 136.1.13.1(179) to 136.1.13.3(49376)
%TCP-6-BADAUTH: No MD5 digest from 136.1.13.1(179) to 136.1.13.3(49376)

##### Theory #####
BGP uses TCP for transport and specifically for authentication TCP option 19 which is MD5 signature option.

##############################################################################################################

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s