[nsp] OSPF between Nokia Checkpoint FW and GSR Version 12.0(25.4)S1

Enno Rey erey at ernw.de
Wed Jul 23 20:17:19 EDT 2003


Hi,

you should config

"no capability lls" on the ospf process.
The latest IOS versions enable this feature (see cco for details on it) by default... I spent half a night troubleshooting until I found (rather by coincidence) Nokia KB 16909...
 
With lls enabled they never leave init state due to kind of packet size mismatch on the nokia (you can see this in monitor - ospf - errors).
I'll enclose the mentioned article below.

Thanks,

-- 
Enno Rey

ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg
Tel. +49 6221 480390 - Fax 6221 419008 - Mobil +49 173 6745902
www.ernw.de - PGP E5CB 9505 EA06 6380 6F12  DE3E 624E 1334 326B B70C

----
Resolution 16909: OSPF IO: x.x.x.x->224.0.0.5: packet length 64 disagrees with header field 52

Subject: OSPF IO: x.x.x.x->224.0.0.5: packet length 64 disagrees with header field 52
Product Line: IPSO (Operating System)
Category: OSPF
Version: All
Date Modified: 06/19/2003

Description: OSPF is a link-state intra-domain routing protocol used in IP networks. OSPF routers exchange information on a link using packets
+that follow a well-defined format. The format of OSPF packets is not flexible enough to enable applications exchange arbitrary data, which
+may be necessary in certain situations. Link-Local Signaling is a vendor specific, backward-compatible technique to exchange arbitrary data
+on a link.

To perform Link-Local signaling (LLS), OSPF routers add a special data block at the end of OSPF packets or right after the authentication data
+block when cryptographic authentication is used. The length of the LLS-block is not included into the length of OSPF packet, but is included
+in the IP packet length.

This error may show up when implementing OSPF with a Cisco router that has LLS enabled.

Solution: Currently IPSO does not support Link-Local Signaling. A Request for Enhancement (RFE) has been filed with engineering to include
+Link-Local Signaling support within IPSO's OSPF implementation.

Some other vendors now support Link-Local Signaling such as Cisco in IOS 12.3. However in order for OSPF to work between a Nokia and another
+vendor's equipment that supports this feature, Link Local Signaling must be turned OFF on the other unit, primarily since IPSO does not
+support this LSS. The command to do this, on the Cisco router, is under "router ospf", enter the "no capabilities lls" command.

Failure to turn off Link- Local Signaling will cause the OSPF not to establish itself.





On Wed, Jul 23, 2003 at 10:36:05AM +0200, Jan Olsson wrote:
> 
>  Hi 
> 
>  This morning I upgraded one of my GSR to IOS ver 12.0(25.4)S1
>  Have been running OSPF to a Nokia Checkpoint Firewall NG FP3 (on a Nokia 
>  IPSO 3.7 build 23) for years on previus IOS versions on a FastEthernet 
>  port. Since the upgrade it dosn't work
> 
>  Only goes to init state ;-(
> 
>  Does anybody have a clue
> 
>  Neighbor ID     Pri   State           Dead Time   Address         
> Interface
> xxx.xxx.xx.xx     1   INIT/DROTHER    00:00:37    xxx.xxx.xx.xx   
> FastEthernet3/3
> 
> 
> -- 
> 
>  /Jan
>  
>  Tele2 A/S - UNI2
> 
>  AS5492: Tele2 A/S      AS5491: Olsson(dot)net
>  URL : http://www.uni2.dk/ Phone: (+45) 77301200
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

-- 
Enno Rey

ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg
Tel. +49 6221 480390 - Fax 6221 419008 - Mobil +49 173 6745902
www.ernw.de - PGP E5CB 9505 EA06 6380 6F12  DE3E 624E 1334 326B B70C


More information about the cisco-nsp mailing list