[j-nsp] ISIS between ERX 1440 and MX960
David Lockuan
dlockuan at gmail.com
Fri May 20 14:03:09 EDT 2011
Hi David,
Could you try to put the authentication with md5? I say this because when I
was doing interoperability between JunOS and IOS, I noted that the simple
authentication don't work correctly. Maybe the hash-key is not compatible
when you use the simple authentication.
Now we are using md5 as authentication-type and point-to-point configuration
between equipments ERX, T1600, GSR and CRS.
BR,
---
David
On Fri, May 20, 2011 at 10:47 AM, Payam Chychi <pchychi at gmail.com> wrote:
> correction:
> point-to-point is configured under the interface on the erx
>
> " interface blah/0
>
> isis network point-to-point "
>
>
> -Payam
>
>
> Payam Chychi wrote:
>
>> Hey,
>>
>> Have you tried setting each side up as a. Point-to-point network? Its
>> done under protocol isis
>>
>> Try that and see if it works. If so, ur dst mac on one side is getting
>> filtered (by the device itself or perhaps your provider)
>>
>>
>> On 5/20/11, david.roy at orange-ftgroup.com <david.roy at orange-ftgroup.com>
>> wrote:
>>
>>
>>> Hi,
>>>
>>> I don't know how to go on with the ERX. I tried many things without
>>> success.
>>> More traces below. Thanks for your help : May be a bug ?!?
>>>
>>> Regards,
>>> David
>>>
>>>
>>> ERX :
>>> #######
>>>
>>> interface loopback 50
>>> ip address x.x.x.x 255.255.255.255
>>> no ip redirects
>>> !
>>> interface gigabitEthernet 12/0
>>> mtu 4488
>>> ip address y.y.y.1 255.255.255.252
>>> no ip redirects
>>> ip router isis 31337
>>> isis circuit-type level-2-only
>>> isis authentication-key level-2 foo123
>>> !
>>> router isis 31337
>>> is-type level-2-only
>>> passive-interface loopback50
>>> net 49.0001.xxxx.xxxx.xxxx.00
>>> domain-authentication psnp
>>> domain-authentication csnp
>>> domain-message-digest-key 1 hmac-md5 foo123
>>> metric-style wide
>>> !
>>>
>>>
>>> MX :
>>> #######
>>>
>>> ge-2/2/2 {
>>> mtu 4484;
>>> unit 0 {
>>> family inet {
>>> address y.y.y.2/30;
>>> }
>>> family iso;
>>> }
>>> }
>>>
>>> isis {
>>> level 2 {
>>> authentication-key "xxxxxxxx"; ## SECRET-DATA = foo123
>>> authentication-type md5;
>>> wide-metrics-only;
>>> }
>>> interface ge-2/2/2.0 {
>>> level 1 disable;
>>> level 2 {
>>> hello-authentication-key "$9$fQ39yrv8xdBIs4aJDjCtpBhS"; ##
>>> SECRET-DATA = foo123
>>> hello-authentication-type simple;
>>> }
>>> }
>>> }
>>>
>>>
>>> Trace on MX :
>>> ##############
>>>
>>> show interfaces ge-2/2/2
>>> Physical interface: ge-2/2/2, Enabled, Physical link is Up
>>> Interface index: 251, SNMP ifIndex: 556
>>> Description: Connection To LNS
>>> Link-level type: Ethernet, MTU: 4484, Speed: 1000mbps, BPDU Error: None,
>>> MAC-REWRITE Error: None, Loopback: Disabled,
>>> Source filtering: Disabled, Flow control: Enabled, Auto-negotiation:
>>> Enabled, Remote fault: Online
>>> Device flags : Present Running
>>> Interface flags: SNMP-Traps Internal: 0x4000
>>> Link flags : None
>>> CoS queues : 8 supported, 8 maximum usable queues
>>> Schedulers : 0
>>> Current address: 84:18:88:e8:c9:9e, Hardware address: 84:18:88:e8:c9:9e
>>> Last flapped : 2011-05-20 11:54:46 EEST (01:08:11 ago)
>>> Input rate : 6144 bps (8 pps)
>>> Output rate : 0 bps (0 pps)
>>> Active alarms : None
>>> Active defects : None
>>>
>>> Logical interface ge-2/2/2.0 (Index 75) (SNMP ifIndex 656)
>>> Flags: SNMP-Traps 0x4000000 Encapsulation: ENET2
>>> Input packets : 27981
>>> Output packets: 600
>>> Protocol inet, MTU: 4470
>>> Flags: Sendbcast-pkt-to-re
>>> Addresses, Flags: Is-Preferred Is-Primary
>>> Destination: x.x.x.x/30, Local: x.x.x.x, Broadcast: x.x.x.x
>>> Protocol iso, MTU: 4467
>>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<ISO MTU
>>> Protocol multiservice, MTU: Unlimited
>>>
>>>
>>> monitor traffic interface ge-2/2/2.0 layer2-headers no-resolve size 4488
>>> verbose output suppressed, use <detail> or <extensive> for full protocol
>>> decode
>>> Address resolution is OFF.
>>> Listening on ge-2/2/2.0, capture size 4488 bytes
>>>
>>> TO ERX :
>>>
>>> 13:04:34.156857 Out 84:18:88:e8:c9:9e > 1:80:c2:0:0:15, 802.3, length
>>> 1509:
>>> LLC, dsap OSI (0xfe) Individual, ssap OSI (0xfe) Command, ctrl 0x03: OSI
>>> NLPID IS-IS (0x83): L2 Lan IIH, src-id 2131.3905.5002, lan-id
>>> 2131.3905.5002.00, prio 64, length 1492 <<< PDU length including hello
>>> padding of the MX
>>>
>>> FROM ERX :
>>>
>>> 13:04:35.450255 In 0:90:1a:41:fa:f5 > 1:80:c2:0:0:15, 802.3, length
>>> 1514:
>>> LLC, dsap OSI (0xfe) Individual, ssap OSI (0xfe) Command, ctrl 0x03: OSI
>>> NLPID IS-IS (0x83): L2 Lan IIH, src-id 1921.6801.6029, lan-id
>>> 1921.6801.6029.01, prio 64, length 1497 <<< PDU length including hello
>>> padding of the ERX
>>>
>>>
>>>
>>> Trace on ERX :
>>> ##############
>>>
>>>
>>>
>>> sho int gi 12/0
>>> GigabitEthernet12/0 is Up, Administrative status is Up
>>> Hardware is PMC 3386, address is 0090.1a41.faf5
>>> Primary MAU is 1000BASE-LX 10km, secondary MAU is 1000BASE-LX 10km
>>> MTU: Operational 4488, Administrative 4488
>>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< MTU seems good
>>> Duplex Mode: Operational Full Duplex, Administrative Auto Negotiate
>>> Speed: Operational 1000 Mbps, Administrative Auto Negotiate
>>> Debounce: State is Disabled
>>> Link: Operational Primary Link Selected,
>>> Administrative Link Selected Automatically
>>> Link Failover Timeout: Operational 727 ms, Administrative default
>>> Primary link selected 258 times, Secondary link selected 252 times
>>> Primary link signal detected, Secondary link signal not detected
>>>
>>> No baseline has been set
>>> 5 minute input rate 1024 bits/sec, 0 packets/sec
>>> 5 minute output rate 19456 bits/sec, 12 packets/sec
>>>
>>> In: Bytes 789821048435, Unicast 4769999720
>>> Multicast 2224876, Broadcast 2088
>>> Errors 0, Discards 36549, Mac Errors 0, Alignment 0 <<<<<<<<<<<<<<<<<
>>> IIH coming from MX are discarded
>>> CRC 0, Too Longs 0, Symbol Errors 0
>>> Out: Bytes 6824490336601, Unicast 6292729944
>>> Multicast 4577411, Broadcast 103
>>> Errors 0, Discards 0, Mac Errors 0, Deferred 0, No Carrier 0
>>> Collisions: Single 0, Multiple 0, Late 0, Excessive 0
>>> Policed Statistics:
>>> In: 0, Out: 0
>>> ARP Statistics:
>>> In: ARP requests 211, ARP responses 8
>>> Errors 0, Discards 6
>>> Out: ARP requests 103, ARP responses 204
>>> Errors 0, Discards 7
>>>
>>> Administrative qos-shaping-mode: none
>>> Operational qos-shaping-mode: frame
>>> queue 0: traffic class best-effort, bound to ethernet GigabitEthernet12/0
>>> Queue length 0 bytes
>>> Forwarded packets 0, bytes 0
>>> Dropped committed packets 0, bytes 0
>>> Dropped conformed packets 0, bytes 0
>>> Dropped exceeded packets 0, bytes 0
>>> queue 1: traffic class control, bound to GigabitEthernet12/0
>>> Queue length 0 bytes
>>> Forwarded packets 22347807, bytes 1630937549
>>> Dropped committed packets 0, bytes 0
>>> Dropped conformed packets 0, bytes 0
>>> Dropped exceeded packets 0, bytes 0
>>>
>>>
>>>
>>> sho clns interface gi 12/0
>>> GigabitEthernet12/0 is up, line protocol is up
>>> Checksums Enabled, MTU 4470, Encapsulation SNAP <<<<<<<<<< MTU ISO
>>> Next ESH/ISH is 7 seconds
>>> Routing Protocol: IS-IS
>>> Circuit Type: level-2
>>> Interface number 0x495886, local circuit ID 0x1
>>> Level-1 Metric: 10, DIS Priority: 0, Priority: 64,
>>> Circuit ID: BRAS3-WDOO.01
>>> L1 Designated IS: Disabled
>>> Number of active level-1 adjacencies: 0
>>> Level-2 Metric: 10, DIS Priority: 64, Priority: 64,
>>> Circuit ID: BRAS3-WDOO.01
>>>
>>> L2 Designated IS: BRAS3-WDOO:default.01 (not us)
>>> Number of active level-2 adjacencies: 0
>>> Next IS-IS LAN Level-1 Hello in 0 seconds
>>> Next IS-IS LAN Level-2 Hello in 6 seconds
>>> BFD disabled
>>> Mesh Group Inactive
>>> Authentication Level-2:
>>> Key-id: 0 Type: password*
>>> Start Accept: THU MAY 19 18:08:31 2011
>>> Start Generate: THU MAY 19 18:08:31 2011
>>> Stop Accept: 0
>>> Stop Generate: 0
>>>
>>>
>>> sho clns traffic detail
>>> IS-IS: Baseline last set 28 days, 22 hours, 11 minutes, 17 seconds
>>> IS-IS: Corrupted LSPs: 0
>>> IS-IS: L1 LSP Database Overloads: 0
>>> IS-IS: L2 LSP Database Overloads: 0
>>> IS-IS: Area Addresses Dropped: 0
>>> IS-IS: Attempts to Exceed Max Sequence: 0
>>> IS-IS: Sequence Numbers Skipped: 0
>>> IS-IS: Total LSPs Purged: 414
>>> IS-IS: Own LSPs Purged: 0
>>> IS-IS: System ID Length Mismatches: 0
>>> IS-IS: Maximum Area Mismatches: 0
>>> IS-IS: Area/Domain Authentication Failures: 0
>>> IS-IS: Level-1 LSPs Sent: 0 Rcvd: 0 Dropped: 0
>>> IS-IS: Level-2 LSPs Sent: 3086 Rcvd: 529403 Dropped: 0
>>> IS-IS: LSP checksum errors received: 0
>>>
>>> Interface: GigabitEthernet12/0
>>> IS-IS: Baseline last set 28 days, 22 hours, 11 minutes, 17 seconds
>>> IS-IS: Protocol PDUs (in/out): 0/0
>>> IS-IS: Init Failures: 0
>>> IS-IS: Adjacencies Changes: 0
>>> IS-IS: Adjacencies Rejected: 0
>>> IS-IS: Bad LSPs: 0
>>> IS-IS: Level-1 Designated IS Changes: 2
>>> IS-IS: Level-2 Designated IS Changes: 11
>>> IS-IS: Invalid 9542s: 0
>>> IS-IS: Malformed PDU reecived: 0
>>> IS-IS: Authentication Failures: 0
>>> IS-IS: Level-1 Hellos (in/out/dropped): 0/0/0
>>> IS-IS: Level-2 Hellos (in/out/dropped): 0/300/0 <<<<<<<<<<<<< ONLY SENT
>>> IIH
>>> IS-IS: Level-1 CSNPs (in/out): 0/0
>>> IS-IS: Level-2 CSNPs (in/out): 0/0
>>> IS-IS: Level-1 PSNPs (in/out): 0/0
>>> IS-IS: Level-2 PSNPs (in/out): 0/0
>>> IS-IS: LSPs Retransmitted : 0
>>>
>>>
>>>
>>> David Roy
>>> Orange - IP Domestic Backbone - TAC
>>> Tel. +33(0)299876472
>>> Mob. +33(0)685522213
>>> Email. david.roy at orange-ftgroup.com
>>> JNCIE-M/T #703 ; JNCIS-ENT
>>>
>>> -----Message d'origine-----
>>> De : sthaug at nethelp.no [mailto:sthaug at nethelp.no]
>>> Envoyé : jeudi 19 mai 2011 21:35
>>> À : ROY David DTF/DERX
>>> Cc : kalirajv at gmail.com; juniper-nsp at puck.nether.net
>>> Objet : Re: [j-nsp] ISIS between ERX 1440 and MX960
>>>
>>>
>>>
>>>> 2. I tried but without success. I believe that the ISO MTU is less
>>>> than the padded hello of the MX. I will try to set mtu of the gi 12/0
>>>> of the ERX to 1518 : I will update you if it works
>>>>
>>>>
>>> We have IS-IS running between MX and ERX with no problem. Use 4 byte more
>>> for the ERX MTU than the MX MTU on the physical interfaces, and you
>>> should
>>> be all set.
>>>
>>> Example of working config below, lightly anonymized.
>>>
>>> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
>>> ----------------------------------------------------------------------
>>>
>>> interface gigabitEthernet 2/0
>>> mtu 4488
>>> ip address a.b.2.202 255.255.255.252
>>> ip router isis
>>> isis network point-to-point
>>> isis circuit-type level-2-only
>>>
>>> interface loopback 0
>>> ip address a.b.0.75 255.255.255.255
>>> ip router isis
>>> isis circuit-type level-2-only
>>>
>>> router isis
>>> is-type level-2-only
>>> net 47.0001.0000.0000.0075.00
>>> metric-style wide level-2
>>>
>>> interfaces {
>>> ge-0/0/3 {
>>> mtu 4484;
>>> unit 0 {
>>> family inet {
>>> address a.b.2.201/30;
>>> }
>>> family iso;
>>> }
>>> }
>>> lo0 {
>>> unit 0 {
>>> family inet {
>>> address a.b.0.78/32;
>>> }
>>> family iso {
>>> address 47.0001.0000.0000.0078.00;
>>> }
>>> }
>>> }
>>> }
>>>
>>> protocols {
>>> isis {
>>> level 2 wide-metrics-only;
>>> level 1 disable;
>>> interface ge-0/0/3.0 {
>>> point-to-point;
>>> }
>>> interface lo0.0 {
>>> level 2 passive;
>>> }
>>> }
>>> }
>>>
>>>
>>>
>>> ********************************************************************************
>>> IMPORTANT.Les informations contenues dans ce message electronique y
>>> compris
>>> les fichiers attaches sont strictement confidentielles
>>> et peuvent etre protegees par la loi.
>>> Ce message electronique est destine exclusivement au(x) destinataire(s)
>>> mentionne(s) ci-dessus.
>>> Si vous avez recu ce message par erreur ou s il ne vous est pas destine,
>>> veuillez immediatement le signaler a l expediteur et effacer ce message
>>> et tous les fichiers eventuellement attaches.
>>> Toute lecture, exploitation ou transmission des informations contenues
>>> dans
>>> ce message est interdite.
>>> Tout message electronique est susceptible d alteration.
>>> A ce titre, le Groupe France Telecom decline toute responsabilite
>>> notamment
>>> s il a ete altere, deforme ou falsifie.
>>> De meme, il appartient au destinataire de s assurer de l absence de tout
>>> virus.
>>>
>>> IMPORTANT.This e-mail message and any attachments are strictly
>>> confidential
>>> and may be protected by law. This message is
>>> intended only for the named recipient(s) above.
>>> If you have received this message in error, or are not the named
>>> recipient(s), please immediately notify the sender and delete this e-mail
>>> message.
>>> Any unauthorized view, usage or disclosure ofthis message is prohibited.
>>> Since e-mail messages may not be reliable, France Telecom Group shall not
>>> be
>>> liable for any message if modified, changed or falsified.
>>> Additionally the recipient should ensure they are actually virus free.
>>>
>>> ********************************************************************************
>>>
>>>
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>>
>>>
>>
>>
>>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list