These are chat archives for Exa-Networks/exabgp

7th
Jul 2015
Mat Wood
@thepacketgeek
Jul 07 2015 02:35
I'm seeing evidence of bugs #53 and #132 making it back in on 3.4.11 (Not sending MD5 in TCP). Should I reopen an old bug or make a new one. Running on OS X if that matters.
Thomas Mangin
@thomas-mangin
Jul 07 2015 06:49
@thepacketgeek is it from outgoing or incoming connections ?
For outgoing connection the global listen environment value can be used.
For incoming you need to use the per peer listen option
Also MD5 on FreeBSD is weird and different from Linux
It is not supported on OS X
It may work but then it is luck
It should be better documented

I keep seeing "could not connect to peer (if you use MD5, check your passwords): timed out" in the logs

OR your machine can not contact the router (firewall, routing issue, ...)
OR your MD5 passwords are not the same on both machines
OR you need to enable multi-hop BGP on your router
OR you are a FreeBSD user that has the incorrect password in /etc/ipsec.conf

I keep seeing "FreeBSD requires that you set your MD5 key via ipsec.conf." in the logs

You are attempting to configure a TCP MD5 Signature password from within the exabgp config file.
You must add 'md5 kernel;' to your configuration and follow the rest of the instructions on the
[examples] page.

Thomas Mangin
@thomas-mangin
Jul 07 2015 08:24
Exa-Networks/exabgp@b4645d9
and Exa-Networks/exabgp@9d03b4f
sorry - wrong window :smile:
Mat Wood
@thepacketgeek
Jul 07 2015 14:23
I was seeing that outbound connections didn't have the TCP MD5 option, but it's on OS X so that must be it. I had a neighbor configured and working then added md5 to both sides (other side is Cisco). Cisco complained about BAD-MD5-AUTH and when I sniffed I saw that ExaBGP was not sending anything. If I removed the password from the Cisco side, ExaBGP would still RST the router until I removed the password from ExaBGP side. So ExaBGP is still expecting it, even though it's not sending.
But, good to know it's just not supported in OS X. I didn't see any errors in ExaBGP logs other than 'Peer x failed to connect'
Thomas Mangin
@thomas-mangin
Jul 07 2015 15:46
MD5 is not obvious to program - it caused me grief when I had to add it for incoming connection.
sanjmonkey
@sanjmonkey
Jul 07 2015 16:02
+1 to that
Thomas Mangin
@thomas-mangin
Jul 07 2015 22:18
@tmmorin this change on my master may affect bagpipe-bgp
thomas-mangin/exabgp@062962a
I believe you are working of the 3.4 stable branch so I believe this is just for information