More MD5 fun: Cisco uses wrong MD5 key for old session after key change
Simon Lockhart
simon.lockhart at bbc.co.uk
Sat Apr 24 20:25:46 UTC 2004
On Sat Apr 24, 2004 at 10:21:03PM +0200, sthaug at nethelp.no wrote:
> Meanwhile, the new session (with the new MD5 key) is up and all is
> well *on that session*. But because the Cisco side keeps logging
> these messages, it *looks* like the new session is somehow not
> working.
>
> As far as I can see, the bug here is clearly on the Cisco side. We
> will definitely be logging a TAC case about this.
Yes - I've noticed this when configuring MD5 on sessions. If I let the
old session timeout due to md5 mismatch, and then let it re-establish,
then the session seems to work, but continues to log the MD5 errors.
Doing a "clear ip bgp <nei>" on my side removes the problem.
Simon
--
Simon Lockhart | Tel: +44 (0)1628 407720 (x(01)37720) | Si fractum
Technology Manager | Fax: +44 (0)1628 407701 (x(01)37701) | non sit, noli
BBC Internet Ops | Email: Simon.Lockhart at bbc.co.uk | id reficere
BBC Technology, Maiden House, Vanwall Road, Maidenhead. SL6 4UB. UK
More information about the NANOG
mailing list