BGP – Active open failed – tcb is not available

So i had an issue with BGP where it wouldn’t establish a neighbor relationship.  
I ran the usual ‘debug ip bgp’ but it only showed ‘connection timed out’
Here is a sample debug output of one of the neighbour setup attempts; active went from Idle to Active open active, local address open failed: Connection timed out; remote host not responding Active open failed - tcb is not available, open active delayed 12288ms (35000ms max, 60% jitter)
ses global act Reset (Active open failed). active went from Active to Idle

This output led me (wrongly) down various paths, checking ACL’s, layer 2 connectivity etc. all of which turned up nothing, all the while the BGP neighbour was attempting to establish but simply timing out.
I did at this point thing about MD5 authentication – but there was nothing in the debug…
So, as this is a new non-production install i thought lets go further down the stack and and see exactly whats going on with these packets with the command ‘debug ip tcp transactions’ command.
In amongst some random bits and pieces, i noticed this in one of the outputs;

Router1#debug ip tcp transactions address
MD5 received, but NOT expected from to

Bingo! The remote end is configured for MD5 but the local end wasn’t, I assume the reason why I didn’t see any authentication errors on my side is because authentication isn’t configured at all – the remote end would likely have received numerous authentication errors, however that ‘remote end’ was BT and it took 24 hours and for me to actually tell them they had MD5 configured and not told us the password to get this particular problem resolved.

One Comment

Add a Comment

Your email address will not be published. Required fields are marked *