BGP question... (SOT)
Rich Sena
ras at thick.net
Sat Jul 27 18:29:06 UTC 2002
On Jul 26, 2002 Gerardo A. Gregory spake:
>
> On a serious note...I imagine the Nokia is in front of one of the
> Cisco's....(my assumption since the poster is as vague as a capitol hill
> politician)
Yeah sorry - vagueness is an art... it's pretty much a DMZ set up we have
an outside border (CISCO 7206VXR) and an inside border/distribution border
(CISCO 6513 MSFC) The NOKIA is running a flavor of GateD that I have seen
this problem with before - I did find a work around. The problem is that
the CISCO is sedning a version identifier (4) that GateD is identifying as
an authentication string. The error that the 7206vxr is receiving is a
'BGP-3 Authentification failure' I cludged it by setting a MD5 auth
string on the NOKIA as "4" - that solved the prob on that side - but I
think I am still having an issue with the 6513. It was an upgrade that
our firewall group had rolled into production - to replace a
Solaris/Checkpoint setup that was running iBGP with Zebra. All we are
really passing is default in and accepting some routes from a secure
server farm connected to the 6513. The Farm will be dual homed to 2 of our
campuses in the near future (otherwise since it is now stub we could
static it.)
Anyway - thanks...
> If this is the case, then take the stinking firewall and place it behind the
> router, let the routers do their Peering, and even place some Bogon-lists on
> the router, and some basic bogon filtering for your ingress traffic. (take
> as much illegitimate traffic of the firewall).
Yeah it is see above..
> But hey, does this belong in the NANOG anyway.......?
Prolly not - I asked for replys to me directyl and did get quite a few
helpful ones - I'm replying back to the nog cuz I got spanked a little by
Sue for the beer off-shoot to this and to provide the little bit more
detail that you were asking for... Anyway I took a mulligan on teh beer
thread and am now playing through... thanks...
>
> my 2 cashings!!!
Kaching - thanks again...
>
> ----- Original Message -----
> From: "Manolo Hernandez" <manolo at dialtoneinternet.com>
> To: "Rich Sena" <ras at thick.net>
> Cc: "Martin Hannigan" <hannigan at fugawi.net>; "NANOG" <nanog at merit.edu>
> Sent: Friday, July 26, 2002 8:53 AM
> Subject: Re: BGP question... (SOT)
>
>
> >
> > This has got to be the strangest setup of BGP I have seen yet. A
> > firewall running an inherently insecure protocol all I can say is have
> > fun.
> >
> > On Fri, 2002-07-26 at 09:31, Rich Sena wrote:
> > >
> > > Noice...
> > >
> > > There has got to be some sort of health code against you and I at the
> same
> > > bug pulling off the same tap - the laws of gravity etc...
> > >
> > > On Jul 26, 2002 Martin Hannigan spake:
> > >
> > > >
> > > >
> > > >
> > > > On Thu, 25 Jul 2002, Rich Sena wrote:
> > > >
> > > > >
> > > > > OK trying to get a BGP session up between a pair of CISCO routers
> and a
> > > > > NOKIA running Checkpoint. Coming across an issue I had with GateD
> where
> > > > > the NOKIA is choking on a version indentifier sent by the CISCO and
> > > > > reporting back a BGP-3 authentification failure for the OPEN message
> (it's
> > > > > interpreting the version ID as a authentification attempt...
> > > > >
> > > > > Any ideas?
> > > > >
> > > > > Please respond off list...
> > > >
> > > >
> > > > Yeah, ok Sena.
> > > >
> > > > Uh, how about calling me back about beers you slacker ass?
> > > >
> > > >
> > > >
> > >
> > > --
> > > Rich Sena - ras at thick.net
> > > ThickNET Consulting
> > > "On the way to understanding; you understand, and forget."
> > >
> > >
> > >
> >
> >
>
--
Rich Sena - ras at thick.net
ThickNET Consulting
"On the way to understanding; you understand, and forget."
More information about the NANOG
mailing list