Hi, Don't know if it is still actual for the original poster. I've been encountered with it in Centos 6. Actually those messages are harmless since TCP just resends the packet with a correct checksum. It seems to be a rhel6 kernel bug to me, not BIRDs. Moving to the recent version didn't help, but to Centos 7 did. Harish Shetty писал 2017-08-22 10:24:

Hi All

I am using bird-1.4.5-1.el6, we are getting alerted for TCP md5 authentication failures for almost on all the server's BGP peering with switches. Error we are seeing as mentioned below. Jul 17 17:15:29 lca1-s1-csw02.nw.linkedin.com [1] 2017 Jul 17 17:15:29 UTC: %NETSTACK-3-TCP_MD5_AUTH_FAILURE: netstack [3617] MD5_DIGEST_INVALID:Dropping packets from src:x.x.x.x.34987,dst:y.y.y.yy.179

Jul 17 07:24:28 lca1-e1-csw01-lo0.nw.linkedin.com [2] 2017 Jul 17 07:24:28 UTC: %NETSTACK-3-TCP_MD5_AUTH_FAILURE: netstack [3640] MD5_DIGEST_INVALID:Dropping packets from src:yyyy.yyyy.yyyy.35088,dst:xxxx.xxxx.xxx.179

lca1-s1-csw01.nw.linkedin.com [3] 2017 Jul 17 05:01:25 UTC: %NETSTACK-3-TCP_MD5_AUTH_FAILURE: netstack [3617] MD5_DIGEST_INVALID:Dropping packets from src:x.x.x.xx.55220,dst:1y.y.y.yy.179

we have raised a Case with Cisco and they are saying possible cause would be " If received packet has got modified in transit, so hash computed at origin is not matching at the destination".

Does anyone have seen this type of error before? Is bird causing something to corrupt the packet? Any solution / way to check and confirm everything fine at bird is appreciated.

Regards

Harish Shetty

Links: ------ [1] http://lca1-s1-csw02.nw.linkedin.com [2] http://lca1-e1-csw01-lo0.nw.linkedin.com [3] http://lca1-s1-csw01.nw.linkedin.com