[f-nsp] IPv6 OSPFv3 Brocade to Cisco
Howard, Christopher
Christopher-Howard at utc.edu
Mon Mar 21 22:24:45 EDT 2016
Thanks for the reply and confirmation. I tried the mtu settings on the Brocade side, but because they are default they don’t show in the running config (this is an ICX).
I'm using vrf-lite in this instance. I started on a vrf, which maybe I shouldn’t have. I tried the exact same config in the default vrf and it works perfectly. However, in a non-default vrf it doesn’t. Maybe I’m overlooking something, I’ll keep digging.
-Christopher
On Mar 21, 2016, at 9:05 PM, David Hubbard <dhubbard at dino.hostasaurus.com<mailto:dhubbard at dino.hostasaurus.com>> wrote:
I’ve got some MLXe’s talking to ASR’s with ospf/ospfv3. I do seem to have a hard coded MTU in there but can’t remember why. On the brocade side, ve interface:
ip mtu 1500
ip ospf area 0
ip ospf md5-authentication key-id 111 key 1 yyyyyyy
ipv6 mtu 1500
ipv6 ospf area 0
ipv6 ospf authentication ipsec spi 222 esp sha1 encryptb64 xxxxxxx
And on the cisco side vlan interface:
ip ospf authentication message-digest
ip ospf message-digest-key 111 md5 7 yyyyyyy
ip ospf 65535 area 0
ipv6 ospf authentication null
ipv6 ospf 65535 area 0
ipv6 ospf encryption ipsec spi 222 esp null sha1 7 xxxxxx
From: foundry-nsp <foundry-nsp-bounces at puck.nether.net<mailto:foundry-nsp-bounces at puck.nether.net>> on behalf of "Howard, Christopher" <Christopher-Howard at utc.edu<mailto:Christopher-Howard at utc.edu>>
Date: Monday, March 21, 2016 at 8:40 PM
To: foundry-nsp <foundry-nsp at puck.nether.net<mailto:foundry-nsp at puck.nether.net>>
Subject: [f-nsp] IPv6 OSPFv3 Brocade to Cisco
I’m having trouble getting OSPFv3 up between a Brocade ICX7750 and a Cisco 4500X. I’ve found on cisco-nsp where someone else found a working config using the following:
Brocade side:
ipv6 ospf authentication ipsec spi #### esp sha1 KEY
Cisco side:
ipv6 ospf authentication null
ipv6 ospf encryption ipsec spi #### esp null sha1 KEY
Well, I’m already doing OSPFv3 between Brocades using the exact line in the example, which is good. I also have OSPFv3 neighbors up with our firewall (not Cisco). However, when I use the Cisco side of the example I don’t get a successful neighbor. On the Brocade side, I see a neighbor in the neighbor table, but it’s stuck in INIT state. On the Cisco side, the neighbor table is empty.
Normally when it’s stuck in INIT state, I’d check MTU sizes and general connectivity between both sides. Both are 1500 bytes and both sides can ping each other.
Does any one have any ideas as to what I can look at next, or if they have a working config that’s different from mine? I can’t remove the authentication without having to clear that out of my network everywhere.
-Christopher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160322/7d68e6ce/attachment-0001.html>
More information about the foundry-nsp
mailing list