TCP md5 authentication failures for almost on all the server's BGP peering

Stanislaw me at nek0.net
Thu Sep 21 13:30:00 CEST 2017


Hi, 

Don't know if it is still actual for the original poster. 

I've been encountered with it in Centos 6. Actually those messages are
harmless since TCP just resends the packet with a correct checksum. 

It seems to be a rhel6 kernel bug to me, not BIRDs. Moving to the recent
version didn't help, but to Centos 7 did. 

Harish Shetty писал 2017-08-22 10:24:

> Hi All
> 
> I am using bird-1.4.5-1.el6, we are getting alerted for TCP md5 authentication failures for almost on all the server's BGP peering with switches. Error we are seeing as mentioned below.
> Jul 17 17:15:29 lca1-s1-csw02.nw.linkedin.com [1] 2017 Jul 17 17:15:29 UTC: %NETSTACK-3-TCP_MD5_AUTH_FAILURE: netstack [3617] MD5_DIGEST_INVALID:Dropping packets from src:x.x.x.x.34987,dst:y.y.y.yy.179 
> 
> Jul 17 07:24:28 lca1-e1-csw01-lo0.nw.linkedin.com [2] 2017 Jul 17 07:24:28 UTC: %NETSTACK-3-TCP_MD5_AUTH_FAILURE: netstack [3640] MD5_DIGEST_INVALID:Dropping packets from src:yyyy.yyyy.yyyy.35088,dst:xxxx.xxxx.xxx.179 
> 
> lca1-s1-csw01.nw.linkedin.com [3] 2017 Jul 17 05:01:25 UTC: %NETSTACK-3-TCP_MD5_AUTH_FAILURE: netstack [3617] MD5_DIGEST_INVALID:Dropping packets from src:x.x.x.xx.55220,dst:1y.y.y.yy.179 
> 
> we have raised a Case with Cisco and they are saying possible cause would be " If received packet has got modified in transit, so hash computed at origin is not matching at the destination". 
> 
> Does anyone have seen this type of error before?  Is bird causing something to corrupt the packet?  Any solution / way to check and confirm everything fine at bird is  appreciated. 
> 
> Regards 
> 
> Harish Shetty
 

Links:
------
[1] http://lca1-s1-csw02.nw.linkedin.com
[2] http://lca1-e1-csw01-lo0.nw.linkedin.com
[3] http://lca1-s1-csw01.nw.linkedin.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20170921/751bc352/attachment.html>


More information about the Bird-users mailing list