TCP md5 authentication failures for almost on all the server's BGP peering

Harish Shetty harish23shetty at gmail.com
Tue Aug 22 09:24:19 CEST 2017


Hi All

I am using bird-1.4.5-1.el6, we are getting alerted for TCP md5
authentication failures for almost on all the server's BGP peering with
switches. Error we are seeing as mentioned below.

Jul 17 17:15:29 lca1-s1-csw02.nw.linkedin.com 2017 Jul 17 17:15:29 UTC:
%NETSTACK-3-TCP_MD5_AUTH_FAILURE: netstack [3617]
MD5_DIGEST_INVALID:Dropping packets from src:x.x.x.x.34987,dst:y.y.y.yy.179

Jul 17 07:24:28 lca1-e1-csw01-lo0.nw.linkedin.com 2017 Jul 17 07:24:28 UTC:
%NETSTACK-3-TCP_MD5_AUTH_FAILURE: netstack [3640]
MD5_DIGEST_INVALID:Dropping packets from
src:yyyy.yyyy.yyyy.35088,dst:xxxx.xxxx.xxx.179

lca1-s1-csw01.nw.linkedin.com 2017 Jul 17 05:01:25 UTC:
%NETSTACK-3-TCP_MD5_AUTH_FAILURE: netstack [3617]
MD5_DIGEST_INVALID:Dropping packets from
src:x.x.x.xx.55220,dst:1y.y.y.yy.179


we have raised a Case with Cisco and they are saying possible cause would
be " If received packet has got modified in transit, so hash computed at
origin is not matching at the destination".


Does anyone have seen this type of error before?  Is bird causing something
to corrupt the packet?  Any solution / way to check and confirm everything
fine at bird is  appreciated.


Regards

Harish Shetty
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20170822/9856b63c/attachment.html>


More information about the Bird-users mailing list