[f-nsp] IPv6 OSPFv3 Brocade to Cisco

Mike Tindle mtindle at he.net
Mon Mar 21 22:29:52 EDT 2016 

ip/ipv6 mtu on the interface doesn’t have any impact on the OSPF frames since they’re purely layer 2.  Check 

	default-max-frame-size 9216

in your config.  I’m not sure if there’s a way to specifically limit the OSPF frame size. 

 
Regards,
Mike


> On Mar 21, 2016, at 7:24 PM, Howard, Christopher <Christopher-Howard at utc.edu> wrote:
> 
> Thanks for the reply and confirmation.  I tried the mtu settings on the Brocade side, but because they are default they don’t show in the running config (this is an ICX).
> 
> I'm using vrf-lite in this instance.  I started on a vrf, which maybe I shouldn’t have.  I tried the exact same config in the default vrf and it works perfectly.  However, in a non-default vrf it doesn’t.  Maybe I’m overlooking something, I’ll keep digging.
> 
> -Christopher
> 
>> On Mar 21, 2016, at 9:05 PM, David Hubbard <dhubbard at dino.hostasaurus.com <mailto:dhubbard at dino.hostasaurus.com>> wrote:
>> 
>> I’ve got some MLXe’s talking to ASR’s with ospf/ospfv3.  I do seem to have a hard coded MTU in there but can’t remember why.  On the brocade side, ve interface:
>> 
>>  ip mtu 1500
>>  ip ospf area 0
>>  ip ospf md5-authentication key-id 111 key 1 yyyyyyy
>>  ipv6 mtu 1500
>>  ipv6 ospf area 0
>>  ipv6 ospf authentication ipsec spi 222 esp sha1 encryptb64 xxxxxxx
>> 
>> 
>> And on the cisco side vlan interface:
>> 
>>  ip ospf authentication message-digest
>>  ip ospf message-digest-key 111 md5 7 yyyyyyy
>>  ip ospf 65535 area 0
>>  ipv6 ospf authentication null
>>  ipv6 ospf 65535 area 0
>>  ipv6 ospf encryption ipsec spi 222 esp null sha1 7 xxxxxx
>> 
>> 
>> 
>> From: foundry-nsp <foundry-nsp-bounces at puck.nether.net <mailto:foundry-nsp-bounces at puck.nether.net>> on behalf of "Howard, Christopher" <Christopher-Howard at utc.edu <mailto:Christopher-Howard at utc.edu>>
>> Date: Monday, March 21, 2016 at 8:40 PM
>> To: foundry-nsp <foundry-nsp at puck.nether.net <mailto:foundry-nsp at puck.nether.net>>
>> Subject: [f-nsp] IPv6 OSPFv3 Brocade to Cisco
>> 
>> I’m having trouble getting OSPFv3 up between a Brocade ICX7750 and a Cisco 4500X.  I’ve found on cisco-nsp where someone else found a working config using the following:
>> Brocade side:
>> 
>> ipv6 ospf authentication ipsec spi #### esp sha1 KEY
>> 
>> Cisco side:
>> 
>>  ipv6 ospf authentication null
>>  ipv6 ospf encryption ipsec spi #### esp null sha1 KEY
>> Well, I’m already doing OSPFv3 between Brocades using the exact line in the example, which is good.  I also have OSPFv3 neighbors up with our firewall (not Cisco).  However, when I use the Cisco side of the example I don’t get a successful neighbor.  On the Brocade side, I see a neighbor in the neighbor table, but it’s stuck in INIT state.  On the Cisco side, the neighbor table is empty.
>> 
>> Normally when it’s stuck in INIT state, I’d check MTU sizes and general connectivity between both sides.  Both are 1500 bytes and both sides can ping each other.
>> 
>> Does any one have any ideas as to what I can look at next, or if they have a working config that’s different from mine?  I can’t remove the authentication without having to clear that out of my network everywhere. 
>> 
>> -Christopher
>> 
> 
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

*----------- H U R R I C A N E - E L E C T R I C ---------->>
| Mike Tindle | Senior Network Engineer | mtindle at he.net
| ASN 6939 | http://www.he.net | 510-580-4126
*--------------------------------------------------->>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160321/001f0ed0/attachment.html>

More information about the foundry-nsp mailing list