Guest

Preview Tool

Cisco Bug: CSCua85239 - BGP flaps and IP-TCP-3-BADAUTH:Invalid MD5 digest error

Last Modified

Aug 07, 2020

Products (13)

  • Cisco IOS
  • Cisco 7301 Router
  • Cisco 7206 Router
  • Cisco 7206VXR Router
  • Cisco 7204 Router
  • Cisco 7202 Router
  • Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks
  • Cisco 7600 Series Route Switch Processor 720 with Multilayer Switch Feature Card
  • Cisco 7600 Series Supervisor Engine 32 with Multilayer Switch Feature Card
  • Cisco 7200 Series NPE-G2 Network Processing Engine
View all products in Bug Search Tool Login Required

Known Affected Releases

15.1(3)S2

Description (partial)

Symptoms: Flapping BGP sessions are seen if large BGP update messages are sent
out and BGP packets are fragmented because midpoint routers have the smaller
"mtu" or "ip mtu" configured.

*Jun  3 18:20:20.792 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 6.6.6.5(179)
to 2.2.2.5(17744) tableid - 0
*Jun  3 18:20:30.488 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 6.6.6.5(179)
to 2.2.2.5(17744) tableid - 0
*Jun  3 18:20:36.451 UTC: %BGP-5-ADJCHANGE: neighbor 6.6.6.5 Down BGP
Notification sent
*Jun  3 18:20:36.451 UTC: %BGP-3-NOTIFICATION: sent to neighbor 6.6.6.5 4/0
(hold time expired) 0 bytes 
*Jun  3 18:20:36.569 UTC: %BGP_SESSION-5-ADJCHANGE: neighbor 6.6.6.5 VPNv4
Unicast topology base removed from session  BGP Notification sent
*Jun  3 18:20:40.184 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 6.6.6.5(179)
to 2.2.2.5(17744) tableid - 0
*Jun  3 18:20:44.619 UTC: %BGP-5-ADJCHANGE: neighbor 6.6.6.5 Up 
*Jun  3 18:20:49.926 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 6.6.6.5(179)
to 2.2.2.5(17744) tableid - 0
*Jun  3 18:20:59.604 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 6.6.6.5(179)
to 2.2.2.5(17744) tableid - 0

Conditions: This symptom is observed between two BGP peers with matching MD5
passwords configured and can be triggered by the following conditions:

- If the midpoint path has the "mtu" or "ip mtu" setting that is smaller than
the outgoing interface on BGP routers, it will be force the BGP router to
fragment the BGP packet while sending packets through the outgoing interface.

- Peering down and the MD5 error do not always occur. They occur only once or
twice within 10 tests.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.