It’s so simple I often forget. BGP only supports MD5 authentication hence the config is as follows:

neighbor <ip addr> password <password>

If afterwards the following error shows up then reset the peer on the other side, it hasn’t applied the MD5 authentication yet. Better yet do this standard at both sides of the neighborship during the lab!

%TCP-6-BADAUTH: No MD5 digest from to


RIB failures are shown in the BGP database:

R5#b (sh ip bgp)
BGP table version is 17, local router ID is
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
___Network__________Next Hop____________Metric LocPrf Weight Path
*>i10.0.0.0/8_______1.1.4.4__________________0____100______0 i
r>i10.1.4.4/32______1.1.4.4__________________0____100______0 i

To figure out what the cause is:

R5#b rib
Network____________Next Hop______________________RIB-failure___RIB-NH Matches admin distance______________n/a

The route has been learned by an IGP which has a lower AD than eBGP. Thus it is not installed into the routing table from the BGP table and as such this is classed as a RIB-failure.

%d bloggers like this: