[FROG] BGP NBR password

hongal hongal at gmail.com
Tue Sep 8 15:18:33 UTC 2020


Hi Quentin,
Do you need any more info.
Is it possible this issue is seen only when VRF is configured, or across
BGP NBR which are VRF nbrs.
Thanks

On Tue, Aug 25, 2020 at 6:24 AM hongal <hongal at gmail.com> wrote:

> Hi Quentin,
> I have attached a pcap file to this email, and also in git hub.
> Please let me know if you need any more details.
> Thanks
>
> On Fri, Aug 14, 2020 at 10:24 PM hongal <hongal at gmail.com> wrote:
>
>> Thanks Quentin,
>> I have created a new issue:
>> https://github.com/FRRouting/frr/issues/6921.
>>
>>
>> On Fri, Aug 14, 2020 at 8:42 PM Quentin Young <
>> qlyoung at cumulusnetworks.com> wrote:
>>
>>> Sounds like a bug, please file an issue on GitHub and we'll look into it
>>> next week.
>>>
>>> On Thu, Aug 13, 2020, 4:31 AM hongal <hongal at gmail.com> wrote:
>>>
>>>> Resending:
>>>>
>>>> On Wed, Aug 12, 2020 at 9:33 AM hongal <hongal at gmail.com> wrote:
>>>>
>>>>> Hi Folks,
>>>>>
>>>>> Starting FRR 7.2 we are seeing one issue with  bgp neighbor command.
>>>>>
>>>>> e.g
>>>>> R1  ---------------------------------------R2.
>>>>> (md5 password)                             (no password configured)
>>>>>
>>>>> R1
>>>>> router bgp 64707
>>>>>  bgp router-id 199.1.1.2
>>>>>  neighbor 100.17.6.1 remote-as 64708
>>>>>  neighbor 100.17.6.1 password ******
>>>>>
>>>>> R2
>>>>> router bgp 64708
>>>>>  bgp router-id 199.1.1.3
>>>>>  neighbor 100.17.6.2 remote-as 64707
>>>>>
>>>>> I do see BGP NBR come up with this configuration, even though password
>>>>> is not configured on the other side(R2).
>>>>>
>>>>>
>>>>> R1 starts sending  TCP syn packet with Tcp options(md5).
>>>>> R2 acks without md5 option.(as password is not configured)
>>>>> R1 drops md5 option and continue with TCP handshake ,  TCP is
>>>>> established without md5.
>>>>> This will continue towards BGP NBR UP.
>>>>>
>>>>> Would like to know if this is new behavior added or a bug.
>>>>>
>>>>> Note that,
>>>>> 1 if I configure password both side, it works ok, I see md5 option is
>>>>> exchanged.
>>>>> 2  If I mis-configure password value either side, it fails, which is
>>>>> expected.
>>>>>
>>>>> Thanks
>>>>> Thippanna
>>>>>
>>>>>
>>>>> _______________________________________________
>>>> frog mailing list
>>>> frog at lists.frrouting.org
>>>> https://lists.frrouting.org/listinfo/frog
>>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20200908/65b2c950/attachment.htm>


More information about the frog mailing list