[f-nsp] IPv6 OSPFv3 Brocade to Cisco

Howard, Christopher Christopher-Howard at utc.edu
Tue Mar 22 16:09:58 EDT 2016

Some more testing reveals that ospfv3 neighbors come up fine in the non-default vrf if I remove the authentication.

To summarize:
In default vrf, ospfv3 neighbors all come up with authentication enabled
In non-default vrf, ospfv3 neighbors never come up unless authentication is disabled. Cisco side appears it's ignoring any hellos received.
Both the default vrf and the non-default vrf are tagged across the same link between units (not using native vlan).

I'm considering a software upgrade on the Cisco, but release notes don't mention anything to do with resolved issues with ospfv3.


On Mar 21, 2016, at 10:24 PM, Howard, Christopher <Christopher-Howard at utc.edu<mailto:Christopher-Howard at utc.edu>> wrote:

Thanks for the reply and confirmation.  I tried the mtu settings on the Brocade side, but because they are default they don’t show in the running config (this is an ICX).

I'm using vrf-lite in this instance.  I started on a vrf, which maybe I shouldn’t have.  I tried the exact same config in the default vrf and it works perfectly.  However, in a non-default vrf it doesn’t.  Maybe I’m overlooking something, I’ll keep digging.


On Mar 21, 2016, at 9:05 PM, David Hubbard <dhubbard at dino.hostasaurus.com<mailto:dhubbard at dino.hostasaurus.com>> wrote:

I’ve got some MLXe’s talking to ASR’s with ospf/ospfv3.  I do seem to have a hard coded MTU in there but can’t remember why.  On the brocade side, ve interface:

 ip mtu 1500
 ip ospf area 0
 ip ospf md5-authentication key-id 111 key 1 yyyyyyy
 ipv6 mtu 1500
 ipv6 ospf area 0
 ipv6 ospf authentication ipsec spi 222 esp sha1 encryptb64 xxxxxxx

And on the cisco side vlan interface:

 ip ospf authentication message-digest
 ip ospf message-digest-key 111 md5 7 yyyyyyy
 ip ospf 65535 area 0
 ipv6 ospf authentication null
 ipv6 ospf 65535 area 0
 ipv6 ospf encryption ipsec spi 222 esp null sha1 7 xxxxxx

From: foundry-nsp <foundry-nsp-bounces at puck.nether.net<mailto:foundry-nsp-bounces at puck.nether.net>> on behalf of "Howard, Christopher" <Christopher-Howard at utc.edu<mailto:Christopher-Howard at utc.edu>>
Date: Monday, March 21, 2016 at 8:40 PM
To: foundry-nsp <foundry-nsp at puck.nether.net<mailto:foundry-nsp at puck.nether.net>>
Subject: [f-nsp] IPv6 OSPFv3 Brocade to Cisco

I’m having trouble getting OSPFv3 up between a Brocade ICX7750 and a Cisco 4500X.  I’ve found on cisco-nsp where someone else found a working config using the following:

Brocade side:

ipv6 ospf authentication ipsec spi #### esp sha1 KEY

Cisco side:

 ipv6 ospf authentication null
 ipv6 ospf encryption ipsec spi #### esp null sha1 KEY

Well, I’m already doing OSPFv3 between Brocades using the exact line in the example, which is good.  I also have OSPFv3 neighbors up with our firewall (not Cisco).  However, when I use the Cisco side of the example I don’t get a successful neighbor.  On the Brocade side, I see a neighbor in the neighbor table, but it’s stuck in INIT state.  On the Cisco side, the neighbor table is empty.

Normally when it’s stuck in INIT state, I’d check MTU sizes and general connectivity between both sides.  Both are 1500 bytes and both sides can ping each other.

Does any one have any ideas as to what I can look at next, or if they have a working config that’s different from mine?  I can’t remove the authentication without having to clear that out of my network everywhere.


foundry-nsp mailing list
foundry-nsp at puck.nether.net<mailto:foundry-nsp at puck.nether.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160322/88d638ce/attachment.html>

More information about the foundry-nsp mailing list