[f-nsp] IPv6 OSPFv3 Brocade to Cisco

David Hubbard dhubbard at dino.hostasaurus.com
Mon Mar 21 21:05:17 EDT 2016 

I’ve got some MLXe’s talking to ASR’s with ospf/ospfv3.  I do seem to have a hard coded MTU in there but can’t remember why.  On the brocade side, ve interface:

 ip mtu 1500
 ip ospf area 0
 ip ospf md5-authentication key-id 111 key 1 yyyyyyy
 ipv6 mtu 1500
 ipv6 ospf area 0
 ipv6 ospf authentication ipsec spi 222 esp sha1 encryptb64 xxxxxxx


And on the cisco side vlan interface:

 ip ospf authentication message-digest
 ip ospf message-digest-key 111 md5 7 yyyyyyy
 ip ospf 65535 area 0
 ipv6 ospf authentication null
 ipv6 ospf 65535 area 0
 ipv6 ospf encryption ipsec spi 222 esp null sha1 7 xxxxxx



From: foundry-nsp <foundry-nsp-bounces at puck.nether.net<mailto:foundry-nsp-bounces at puck.nether.net>> on behalf of "Howard, Christopher" <Christopher-Howard at utc.edu<mailto:Christopher-Howard at utc.edu>>
Date: Monday, March 21, 2016 at 8:40 PM
To: foundry-nsp <foundry-nsp at puck.nether.net<mailto:foundry-nsp at puck.nether.net>>
Subject: [f-nsp] IPv6 OSPFv3 Brocade to Cisco

I’m having trouble getting OSPFv3 up between a Brocade ICX7750 and a Cisco 4500X.  I’ve found on cisco-nsp where someone else found a working config using the following:

Brocade side:

ipv6 ospf authentication ipsec spi #### esp sha1 KEY

Cisco side:

 ipv6 ospf authentication null
 ipv6 ospf encryption ipsec spi #### esp null sha1 KEY

Well, I’m already doing OSPFv3 between Brocades using the exact line in the example, which is good.  I also have OSPFv3 neighbors up with our firewall (not Cisco).  However, when I use the Cisco side of the example I don’t get a successful neighbor.  On the Brocade side, I see a neighbor in the neighbor table, but it’s stuck in INIT state.  On the Cisco side, the neighbor table is empty.

Normally when it’s stuck in INIT state, I’d check MTU sizes and general connectivity between both sides.  Both are 1500 bytes and both sides can ping each other.

Does any one have any ideas as to what I can look at next, or if they have a working config that’s different from mine?  I can’t remove the authentication without having to clear that out of my network everywhere.

-Christopher

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160322/ef8b8a9b/attachment.html>

More information about the foundry-nsp mailing list