[j-nsp] ISIS between ERX 1440 and MX960

david.roy at orange-ftgroup.com david.roy at orange-ftgroup.com
Fri May 20 07:59:25 EDT 2011


I don't know how to go on with the ERX. I tried many things without success. More traces below. Thanks for your help : May be a bug ?!?



interface loopback 50
 ip address x.x.x.x
 no ip redirects        
interface gigabitEthernet 12/0
 mtu 4488
 ip address y.y.y.1
 no ip redirects
 ip router isis 31337
 isis circuit-type level-2-only
 isis authentication-key level-2 foo123
router isis 31337
 is-type level-2-only
 passive-interface loopback50
 net 49.0001.xxxx.xxxx.xxxx.00
 domain-authentication psnp
 domain-authentication csnp
 domain-message-digest-key 1 hmac-md5 foo123 
 metric-style wide

MX : 

ge-2/2/2 {
    mtu 4484;
    unit 0 {
        family inet {
            address y.y.y.2/30;
        family iso;

isis {
    level 2 {
        authentication-key "xxxxxxxx"; ## SECRET-DATA = foo123
        authentication-type md5;
    interface ge-2/2/2.0 {
      level 1 disable;
      level 2 {
          hello-authentication-key "$9$fQ39yrv8xdBIs4aJDjCtpBhS"; ## SECRET-DATA = foo123
          hello-authentication-type simple;

Trace on MX : 

show interfaces ge-2/2/2  
Physical interface: ge-2/2/2, Enabled, Physical link is Up
  Interface index: 251, SNMP ifIndex: 556
  Description: Connection To LNS
  Link-level type: Ethernet, MTU: 4484, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
  Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  Link flags     : None
  CoS queues     : 8 supported, 8 maximum usable queues
  Schedulers     : 0
  Current address: 84:18:88:e8:c9:9e, Hardware address: 84:18:88:e8:c9:9e
  Last flapped   : 2011-05-20 11:54:46 EEST (01:08:11 ago)
  Input rate     : 6144 bps (8 pps)
  Output rate    : 0 bps (0 pps)
  Active alarms  : None
  Active defects : None

  Logical interface ge-2/2/2.0 (Index 75) (SNMP ifIndex 656) 
    Flags: SNMP-Traps 0x4000000 Encapsulation: ENET2
    Input packets : 27981 
    Output packets: 600
    Protocol inet, MTU: 4470
      Flags: Sendbcast-pkt-to-re
      Addresses, Flags: Is-Preferred Is-Primary
        Destination: x.x.x.x/30, Local: x.x.x.x, Broadcast: x.x.x.x
    Protocol iso, MTU: 4467  <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<ISO MTU 
    Protocol multiservice, MTU: Unlimited

monitor traffic interface ge-2/2/2.0 layer2-headers no-resolve size 4488 
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on ge-2/2/2.0, capture size 4488 bytes


13:04:34.156857 Out 84:18:88:e8:c9:9e > 1:80:c2:0:0:15, 802.3, length 1509: LLC, dsap OSI (0xfe) Individual, ssap OSI (0xfe) Command, ctrl 0x03: OSI NLPID IS-IS (0x83): L2 Lan IIH, src-id 2131.3905.5002, lan-id 2131.3905.5002.00, prio 64, length 1492  <<< PDU length including hello padding of the MX


13:04:35.450255  In 0:90:1a:41:fa:f5 > 1:80:c2:0:0:15, 802.3, length 1514: LLC, dsap OSI (0xfe) Individual, ssap OSI (0xfe) Command, ctrl 0x03: OSI NLPID IS-IS (0x83): L2 Lan IIH, src-id 1921.6801.6029, lan-id 1921.6801.6029.01, prio 64, length 1497  <<< PDU length including hello padding of the ERX

Trace on ERX :

sho int gi 12/0
GigabitEthernet12/0 is Up, Administrative status is Up
  Hardware is PMC 3386, address is 0090.1a41.faf5
  Primary MAU is 1000BASE-LX 10km, secondary MAU is 1000BASE-LX 10km
  MTU: Operational 4488, Administrative 4488 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< MTU seems good
  Duplex Mode: Operational Full Duplex, Administrative Auto Negotiate
  Speed: Operational 1000 Mbps, Administrative Auto Negotiate
  Debounce: State is Disabled 
  Link: Operational Primary Link Selected,
        Administrative Link Selected Automatically
  Link Failover Timeout: Operational 727 ms, Administrative default
  Primary link selected 258 times, Secondary link selected 252 times
  Primary link signal detected, Secondary link signal not detected

  No baseline has been set
  5 minute input rate 1024 bits/sec, 0 packets/sec 
  5 minute output rate 19456 bits/sec, 12 packets/sec 

  In: Bytes 789821048435, Unicast 4769999720
   Multicast 2224876, Broadcast 2088
   Errors 0, Discards 36549, Mac Errors 0, Alignment 0  <<<<<<<<<<<<<<<<< IIH coming from MX are discarded
   CRC 0, Too Longs 0, Symbol Errors 0
  Out: Bytes 6824490336601, Unicast 6292729944
   Multicast 4577411, Broadcast 103
   Errors 0, Discards 0, Mac Errors 0, Deferred 0, No Carrier 0
   Collisions: Single 0, Multiple 0, Late 0, Excessive 0
Policed Statistics:
  In: 0, Out: 0
ARP Statistics:
  In: ARP requests 211, ARP responses 8
   Errors 0, Discards 6
  Out: ARP requests 103, ARP responses 204
   Errors 0, Discards 7

Administrative qos-shaping-mode: none
Operational qos-shaping-mode: frame
queue 0: traffic class best-effort, bound to ethernet GigabitEthernet12/0
  Queue length 0 bytes 
  Forwarded packets 0, bytes 0
  Dropped committed packets 0, bytes 0
  Dropped conformed packets 0, bytes 0
  Dropped exceeded packets 0, bytes 0
queue 1: traffic class control, bound to GigabitEthernet12/0
  Queue length 0 bytes 
  Forwarded packets 22347807, bytes 1630937549
  Dropped committed packets 0, bytes 0
  Dropped conformed packets 0, bytes 0
  Dropped exceeded packets 0, bytes 0

sho clns interface gi 12/0
GigabitEthernet12/0 is up, line protocol is up
  Checksums Enabled, MTU 4470, Encapsulation SNAP  <<<<<<<<<< MTU ISO
  Next ESH/ISH is 7 seconds
  Routing Protocol: IS-IS
    Circuit Type: level-2
    Interface number 0x495886, local circuit ID 0x1
    Level-1 Metric: 10, DIS Priority: 0, Priority: 64,
            Circuit ID: BRAS3-WDOO.01
            L1 Designated IS: Disabled
    Number of active level-1 adjacencies: 0
    Level-2 Metric: 10, DIS Priority: 64, Priority: 64,
            Circuit ID: BRAS3-WDOO.01

            L2 Designated IS: BRAS3-WDOO:default.01 (not us)
    Number of active level-2 adjacencies: 0
    Next IS-IS LAN Level-1 Hello in 0 seconds
    Next IS-IS LAN Level-2 Hello in 6 seconds
    BFD disabled
    Mesh Group Inactive
    Authentication Level-2:
      Key-id:   0 Type: password*
        Start Accept:   THU MAY 19 18:08:31 2011
        Start Generate: THU MAY 19 18:08:31 2011
        Stop Accept:    0
        Stop Generate:  0

sho clns traffic detail 
IS-IS: Baseline last set 28 days, 22 hours, 11 minutes, 17 seconds
IS-IS: Corrupted LSPs: 0
IS-IS: L1 LSP Database Overloads: 0
IS-IS: L2 LSP Database Overloads: 0
IS-IS: Area Addresses Dropped: 0
IS-IS: Attempts to Exceed Max Sequence: 0
IS-IS: Sequence Numbers Skipped: 0
IS-IS: Total LSPs Purged: 414
IS-IS: Own LSPs Purged: 0
IS-IS: System ID Length Mismatches: 0
IS-IS: Maximum Area Mismatches: 0
IS-IS: Area/Domain Authentication Failures: 0
IS-IS: Level-1 LSPs Sent: 0 Rcvd: 0 Dropped: 0
IS-IS: Level-2 LSPs Sent: 3086 Rcvd: 529403 Dropped: 0
IS-IS: LSP checksum errors received: 0

Interface: GigabitEthernet12/0
IS-IS: Baseline last set 28 days, 22 hours, 11 minutes, 17 seconds
IS-IS: Protocol PDUs (in/out): 0/0
IS-IS: Init Failures: 0
IS-IS: Adjacencies Changes: 0
IS-IS: Adjacencies Rejected: 0
IS-IS: Bad LSPs: 0
IS-IS: Level-1 Designated IS Changes: 2
IS-IS: Level-2 Designated IS Changes: 11
IS-IS: Invalid 9542s: 0
IS-IS: Malformed PDU reecived: 0
IS-IS: Authentication Failures: 0
IS-IS: Level-1 Hellos (in/out/dropped): 0/0/0
IS-IS: Level-2 Hellos (in/out/dropped): 0/300/0   <<<<<<<<<<<<< ONLY SENT IIH
IS-IS: Level-1 CSNPs (in/out): 0/0
IS-IS: Level-2 CSNPs (in/out): 0/0
IS-IS: Level-1 PSNPs (in/out): 0/0
IS-IS: Level-2 PSNPs (in/out): 0/0
IS-IS: LSPs Retransmitted : 0 

David Roy
Orange - IP Domestic Backbone - TAC
Tel.   +33(0)299876472
Mob. +33(0)685522213
Email. david.roy at orange-ftgroup.com

-----Message d'origine-----
De : sthaug at nethelp.no [mailto:sthaug at nethelp.no] 
Envoyé : jeudi 19 mai 2011 21:35
Cc : kalirajv at gmail.com; juniper-nsp at puck.nether.net
Objet : Re: [j-nsp] ISIS between ERX 1440 and MX960

> 2. I tried but without success. I believe that the ISO MTU is less 
> than the padded hello of the MX. I will try to set mtu of the gi 12/0 
> of the ERX to 1518 : I will update you if it works

We have IS-IS running between MX and ERX with no problem. Use 4 byte more for the ERX MTU than the MX MTU on the physical interfaces, and you should be all set.

Example of working config below, lightly anonymized.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

interface gigabitEthernet 2/0
 mtu 4488
 ip address a.b.2.202
 ip router isis
 isis network point-to-point
 isis circuit-type level-2-only

interface loopback 0
 ip address a.b.0.75
 ip router isis
 isis circuit-type level-2-only

router isis
 is-type level-2-only
 net 47.0001.0000.0000.0075.00
 metric-style wide level-2

interfaces {
    ge-0/0/3 {
        mtu 4484;
        unit 0 {
            family inet {
                address a.b.2.201/30;
            family iso;
    lo0 {
        unit 0 {
            family inet {
                address a.b.0.78/32;
            family iso {
                address 47.0001.0000.0000.0078.00;

protocols {
    isis {
        level 2 wide-metrics-only;
        level 1 disable;
        interface ge-0/0/3.0 {
        interface lo0.0 {
            level 2 passive;

IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles
et peuvent etre protegees par la loi.
Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus.
Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler  a l expediteur et effacer ce message 
et tous les fichiers eventuellement attaches.
Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite.
Tout message electronique est susceptible d alteration.
A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie.
De meme, il appartient au destinataire de s assurer de l absence de tout virus.

IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is
intended only for the named recipient(s) above.
If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message.
Any unauthorized view, usage or disclosure ofthis message is prohibited.
Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified.
Additionally the recipient should ensure they are actually virus free.

More information about the juniper-nsp mailing list