[j-nsp] ISIS between ERX 1440 and MX960
Payam Chychi
pchychi at gmail.com
Fri May 20 11:47:58 EDT 2011
correction:
point-to-point is configured under the interface on the erx
" interface blah/0
isis network point-to-point "
-Payam
Payam Chychi wrote:
> Hey,
>
> Have you tried setting each side up as a. Point-to-point network? Its
> done under protocol isis
>
> Try that and see if it works. If so, ur dst mac on one side is getting
> filtered (by the device itself or perhaps your provider)
>
>
> On 5/20/11, david.roy at orange-ftgroup.com <david.roy at orange-ftgroup.com> wrote:
>
>> Hi,
>>
>> I don't know how to go on with the ERX. I tried many things without success.
>> More traces below. Thanks for your help : May be a bug ?!?
>>
>> Regards,
>> David
>>
>>
>> ERX :
>> #######
>>
>> interface loopback 50
>> ip address x.x.x.x 255.255.255.255
>> no ip redirects
>> !
>> interface gigabitEthernet 12/0
>> mtu 4488
>> ip address y.y.y.1 255.255.255.252
>> no ip redirects
>> ip router isis 31337
>> isis circuit-type level-2-only
>> isis authentication-key level-2 foo123
>> !
>> router isis 31337
>> is-type level-2-only
>> passive-interface loopback50
>> net 49.0001.xxxx.xxxx.xxxx.00
>> domain-authentication psnp
>> domain-authentication csnp
>> domain-message-digest-key 1 hmac-md5 foo123
>> metric-style wide
>> !
>>
>>
>> MX :
>> #######
>>
>> ge-2/2/2 {
>> mtu 4484;
>> unit 0 {
>> family inet {
>> address y.y.y.2/30;
>> }
>> family iso;
>> }
>> }
>>
>> isis {
>> level 2 {
>> authentication-key "xxxxxxxx"; ## SECRET-DATA = foo123
>> authentication-type md5;
>> wide-metrics-only;
>> }
>> interface ge-2/2/2.0 {
>> level 1 disable;
>> level 2 {
>> hello-authentication-key "$9$fQ39yrv8xdBIs4aJDjCtpBhS"; ##
>> SECRET-DATA = foo123
>> hello-authentication-type simple;
>> }
>> }
>> }
>>
>>
>> Trace on MX :
>> ##############
>>
>> show interfaces ge-2/2/2
>> Physical interface: ge-2/2/2, Enabled, Physical link is Up
>> Interface index: 251, SNMP ifIndex: 556
>> Description: Connection To LNS
>> Link-level type: Ethernet, MTU: 4484, Speed: 1000mbps, BPDU Error: None,
>> MAC-REWRITE Error: None, Loopback: Disabled,
>> Source filtering: Disabled, Flow control: Enabled, Auto-negotiation:
>> Enabled, Remote fault: Online
>> Device flags : Present Running
>> Interface flags: SNMP-Traps Internal: 0x4000
>> Link flags : None
>> CoS queues : 8 supported, 8 maximum usable queues
>> Schedulers : 0
>> Current address: 84:18:88:e8:c9:9e, Hardware address: 84:18:88:e8:c9:9e
>> Last flapped : 2011-05-20 11:54:46 EEST (01:08:11 ago)
>> Input rate : 6144 bps (8 pps)
>> Output rate : 0 bps (0 pps)
>> Active alarms : None
>> Active defects : None
>>
>> Logical interface ge-2/2/2.0 (Index 75) (SNMP ifIndex 656)
>> Flags: SNMP-Traps 0x4000000 Encapsulation: ENET2
>> Input packets : 27981
>> Output packets: 600
>> Protocol inet, MTU: 4470
>> Flags: Sendbcast-pkt-to-re
>> Addresses, Flags: Is-Preferred Is-Primary
>> Destination: x.x.x.x/30, Local: x.x.x.x, Broadcast: x.x.x.x
>> Protocol iso, MTU: 4467
>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<ISO MTU
>> Protocol multiservice, MTU: Unlimited
>>
>>
>> monitor traffic interface ge-2/2/2.0 layer2-headers no-resolve size 4488
>> verbose output suppressed, use <detail> or <extensive> for full protocol
>> decode
>> Address resolution is OFF.
>> Listening on ge-2/2/2.0, capture size 4488 bytes
>>
>> TO ERX :
>>
>> 13:04:34.156857 Out 84:18:88:e8:c9:9e > 1:80:c2:0:0:15, 802.3, length 1509:
>> LLC, dsap OSI (0xfe) Individual, ssap OSI (0xfe) Command, ctrl 0x03: OSI
>> NLPID IS-IS (0x83): L2 Lan IIH, src-id 2131.3905.5002, lan-id
>> 2131.3905.5002.00, prio 64, length 1492 <<< PDU length including hello
>> padding of the MX
>>
>> FROM ERX :
>>
>> 13:04:35.450255 In 0:90:1a:41:fa:f5 > 1:80:c2:0:0:15, 802.3, length 1514:
>> LLC, dsap OSI (0xfe) Individual, ssap OSI (0xfe) Command, ctrl 0x03: OSI
>> NLPID IS-IS (0x83): L2 Lan IIH, src-id 1921.6801.6029, lan-id
>> 1921.6801.6029.01, prio 64, length 1497 <<< PDU length including hello
>> padding of the ERX
>>
>>
>>
>> Trace on ERX :
>> ##############
>>
>>
>>
>> sho int gi 12/0
>> GigabitEthernet12/0 is Up, Administrative status is Up
>> Hardware is PMC 3386, address is 0090.1a41.faf5
>> Primary MAU is 1000BASE-LX 10km, secondary MAU is 1000BASE-LX 10km
>> MTU: Operational 4488, Administrative 4488
>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< MTU seems good
>> Duplex Mode: Operational Full Duplex, Administrative Auto Negotiate
>> Speed: Operational 1000 Mbps, Administrative Auto Negotiate
>> Debounce: State is Disabled
>> Link: Operational Primary Link Selected,
>> Administrative Link Selected Automatically
>> Link Failover Timeout: Operational 727 ms, Administrative default
>> Primary link selected 258 times, Secondary link selected 252 times
>> Primary link signal detected, Secondary link signal not detected
>>
>> No baseline has been set
>> 5 minute input rate 1024 bits/sec, 0 packets/sec
>> 5 minute output rate 19456 bits/sec, 12 packets/sec
>>
>> In: Bytes 789821048435, Unicast 4769999720
>> Multicast 2224876, Broadcast 2088
>> Errors 0, Discards 36549, Mac Errors 0, Alignment 0 <<<<<<<<<<<<<<<<<
>> IIH coming from MX are discarded
>> CRC 0, Too Longs 0, Symbol Errors 0
>> Out: Bytes 6824490336601, Unicast 6292729944
>> Multicast 4577411, Broadcast 103
>> Errors 0, Discards 0, Mac Errors 0, Deferred 0, No Carrier 0
>> Collisions: Single 0, Multiple 0, Late 0, Excessive 0
>> Policed Statistics:
>> In: 0, Out: 0
>> ARP Statistics:
>> In: ARP requests 211, ARP responses 8
>> Errors 0, Discards 6
>> Out: ARP requests 103, ARP responses 204
>> Errors 0, Discards 7
>>
>> Administrative qos-shaping-mode: none
>> Operational qos-shaping-mode: frame
>> queue 0: traffic class best-effort, bound to ethernet GigabitEthernet12/0
>> Queue length 0 bytes
>> Forwarded packets 0, bytes 0
>> Dropped committed packets 0, bytes 0
>> Dropped conformed packets 0, bytes 0
>> Dropped exceeded packets 0, bytes 0
>> queue 1: traffic class control, bound to GigabitEthernet12/0
>> Queue length 0 bytes
>> Forwarded packets 22347807, bytes 1630937549
>> Dropped committed packets 0, bytes 0
>> Dropped conformed packets 0, bytes 0
>> Dropped exceeded packets 0, bytes 0
>>
>>
>>
>> sho clns interface gi 12/0
>> GigabitEthernet12/0 is up, line protocol is up
>> Checksums Enabled, MTU 4470, Encapsulation SNAP <<<<<<<<<< MTU ISO
>> Next ESH/ISH is 7 seconds
>> Routing Protocol: IS-IS
>> Circuit Type: level-2
>> Interface number 0x495886, local circuit ID 0x1
>> Level-1 Metric: 10, DIS Priority: 0, Priority: 64,
>> Circuit ID: BRAS3-WDOO.01
>> L1 Designated IS: Disabled
>> Number of active level-1 adjacencies: 0
>> Level-2 Metric: 10, DIS Priority: 64, Priority: 64,
>> Circuit ID: BRAS3-WDOO.01
>>
>> L2 Designated IS: BRAS3-WDOO:default.01 (not us)
>> Number of active level-2 adjacencies: 0
>> Next IS-IS LAN Level-1 Hello in 0 seconds
>> Next IS-IS LAN Level-2 Hello in 6 seconds
>> BFD disabled
>> Mesh Group Inactive
>> Authentication Level-2:
>> Key-id: 0 Type: password*
>> Start Accept: THU MAY 19 18:08:31 2011
>> Start Generate: THU MAY 19 18:08:31 2011
>> Stop Accept: 0
>> Stop Generate: 0
>>
>>
>> sho clns traffic detail
>> IS-IS: Baseline last set 28 days, 22 hours, 11 minutes, 17 seconds
>> IS-IS: Corrupted LSPs: 0
>> IS-IS: L1 LSP Database Overloads: 0
>> IS-IS: L2 LSP Database Overloads: 0
>> IS-IS: Area Addresses Dropped: 0
>> IS-IS: Attempts to Exceed Max Sequence: 0
>> IS-IS: Sequence Numbers Skipped: 0
>> IS-IS: Total LSPs Purged: 414
>> IS-IS: Own LSPs Purged: 0
>> IS-IS: System ID Length Mismatches: 0
>> IS-IS: Maximum Area Mismatches: 0
>> IS-IS: Area/Domain Authentication Failures: 0
>> IS-IS: Level-1 LSPs Sent: 0 Rcvd: 0 Dropped: 0
>> IS-IS: Level-2 LSPs Sent: 3086 Rcvd: 529403 Dropped: 0
>> IS-IS: LSP checksum errors received: 0
>>
>> Interface: GigabitEthernet12/0
>> IS-IS: Baseline last set 28 days, 22 hours, 11 minutes, 17 seconds
>> IS-IS: Protocol PDUs (in/out): 0/0
>> IS-IS: Init Failures: 0
>> IS-IS: Adjacencies Changes: 0
>> IS-IS: Adjacencies Rejected: 0
>> IS-IS: Bad LSPs: 0
>> IS-IS: Level-1 Designated IS Changes: 2
>> IS-IS: Level-2 Designated IS Changes: 11
>> IS-IS: Invalid 9542s: 0
>> IS-IS: Malformed PDU reecived: 0
>> IS-IS: Authentication Failures: 0
>> IS-IS: Level-1 Hellos (in/out/dropped): 0/0/0
>> IS-IS: Level-2 Hellos (in/out/dropped): 0/300/0 <<<<<<<<<<<<< ONLY SENT
>> IIH
>> IS-IS: Level-1 CSNPs (in/out): 0/0
>> IS-IS: Level-2 CSNPs (in/out): 0/0
>> IS-IS: Level-1 PSNPs (in/out): 0/0
>> IS-IS: Level-2 PSNPs (in/out): 0/0
>> IS-IS: LSPs Retransmitted : 0
>>
>>
>>
>> David Roy
>> Orange - IP Domestic Backbone - TAC
>> Tel. +33(0)299876472
>> Mob. +33(0)685522213
>> Email. david.roy at orange-ftgroup.com
>> JNCIE-M/T #703 ; JNCIS-ENT
>>
>> -----Message d'origine-----
>> De : sthaug at nethelp.no [mailto:sthaug at nethelp.no]
>> Envoyé : jeudi 19 mai 2011 21:35
>> À : ROY David DTF/DERX
>> Cc : kalirajv at gmail.com; juniper-nsp at puck.nether.net
>> Objet : Re: [j-nsp] ISIS between ERX 1440 and MX960
>>
>>
>>> 2. I tried but without success. I believe that the ISO MTU is less
>>> than the padded hello of the MX. I will try to set mtu of the gi 12/0
>>> of the ERX to 1518 : I will update you if it works
>>>
>> We have IS-IS running between MX and ERX with no problem. Use 4 byte more
>> for the ERX MTU than the MX MTU on the physical interfaces, and you should
>> be all set.
>>
>> Example of working config below, lightly anonymized.
>>
>> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
>> ----------------------------------------------------------------------
>>
>> interface gigabitEthernet 2/0
>> mtu 4488
>> ip address a.b.2.202 255.255.255.252
>> ip router isis
>> isis network point-to-point
>> isis circuit-type level-2-only
>>
>> interface loopback 0
>> ip address a.b.0.75 255.255.255.255
>> ip router isis
>> isis circuit-type level-2-only
>>
>> router isis
>> is-type level-2-only
>> net 47.0001.0000.0000.0075.00
>> metric-style wide level-2
>>
>> interfaces {
>> ge-0/0/3 {
>> mtu 4484;
>> unit 0 {
>> family inet {
>> address a.b.2.201/30;
>> }
>> family iso;
>> }
>> }
>> lo0 {
>> unit 0 {
>> family inet {
>> address a.b.0.78/32;
>> }
>> family iso {
>> address 47.0001.0000.0000.0078.00;
>> }
>> }
>> }
>> }
>>
>> protocols {
>> isis {
>> level 2 wide-metrics-only;
>> level 1 disable;
>> interface ge-0/0/3.0 {
>> point-to-point;
>> }
>> interface lo0.0 {
>> level 2 passive;
>> }
>> }
>> }
>>
>>
>> ********************************************************************************
>> IMPORTANT.Les informations contenues dans ce message electronique y compris
>> les fichiers attaches sont strictement confidentielles
>> et peuvent etre protegees par la loi.
>> Ce message electronique est destine exclusivement au(x) destinataire(s)
>> mentionne(s) ci-dessus.
>> Si vous avez recu ce message par erreur ou s il ne vous est pas destine,
>> veuillez immediatement le signaler a l expediteur et effacer ce message
>> et tous les fichiers eventuellement attaches.
>> Toute lecture, exploitation ou transmission des informations contenues dans
>> ce message est interdite.
>> Tout message electronique est susceptible d alteration.
>> A ce titre, le Groupe France Telecom decline toute responsabilite notamment
>> s il a ete altere, deforme ou falsifie.
>> De meme, il appartient au destinataire de s assurer de l absence de tout
>> virus.
>>
>> IMPORTANT.This e-mail message and any attachments are strictly confidential
>> and may be protected by law. This message is
>> intended only for the named recipient(s) above.
>> If you have received this message in error, or are not the named
>> recipient(s), please immediately notify the sender and delete this e-mail
>> message.
>> Any unauthorized view, usage or disclosure ofthis message is prohibited.
>> Since e-mail messages may not be reliable, France Telecom Group shall not be
>> liable for any message if modified, changed or falsified.
>> Additionally the recipient should ensure they are actually virus free.
>> ********************************************************************************
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>
>
More information about the juniper-nsp
mailing list