[j-nsp] RE : ISIS between ERX 1440 and MX960

david.roy at orange-ftgroup.com david.roy at orange-ftgroup.com
Fri May 20 14:31:23 EDT 2011


Thanks.

I tried too, but I ve the same behavior ! IIH discarded at the ERX side.  

Moreover when i configure my interface in point-to-point the ERX stops sending IIH ! So strange. The MX has already ISIS adjacencies with ALU 7750, other Juniper T and M series and Cisco boxes as well. I don't understand why I can't do it with ERX ! Maybe a bug ! ERX is in 10.2.1

David

________________________________________
De : David Lockuan [dlockuan at gmail.com]
Date d'envoi : vendredi 20 mai 2011 20:03
À : ROY David DTF/DERX
Cc : sthaug at nethelp.no; juniper-nsp at puck.nether.net
Objet : Re: [j-nsp] ISIS between ERX 1440 and MX960

Hi David,

Could you try to put the authentication with md5? I say this because when I was doing interoperability between JunOS and IOS, I noted that the simple authentication don't work correctly. Maybe the hash-key is not compatible when you use the simple authentication.

Now we are using md5 as authentication-type and point-to-point configuration between equipments ERX, T1600, GSR and CRS.

BR,

---
David


On Fri, May 20, 2011 at 10:47 AM, Payam Chychi <pchychi at gmail.com<mailto:pchychi at gmail.com>> wrote:
correction:
point-to-point is configured under the interface on the erx

" interface blah/0

isis network point-to-point "


-Payam


Payam Chychi wrote:
Hey,

Have you tried setting each side up as a. Point-to-point network? Its
done under protocol isis

Try that and see if it works. If so, ur dst mac on one side is getting
filtered (by the device itself or perhaps your  provider)


On 5/20/11, david.roy at orange-ftgroup.com<mailto:david.roy at orange-ftgroup.com> <david.roy at orange-ftgroup.com<mailto:david.roy at orange-ftgroup.com>> wrote:

Hi,

I don't know how to go on with the ERX. I tried many things without success.
More traces below. Thanks for your help : May be a bug ?!?

Regards,
David


ERX :
#######

interface loopback 50
 ip address x.x.x.x 255.255.255.255
 no ip redirects
!
interface gigabitEthernet 12/0
 mtu 4488
 ip address y.y.y.1 255.255.255.252
 no ip redirects
 ip router isis 31337
 isis circuit-type level-2-only
 isis authentication-key level-2 foo123
!
router isis 31337
 is-type level-2-only
 passive-interface loopback50
 net 49.0001.xxxx.xxxx.xxxx.00
 domain-authentication psnp
 domain-authentication csnp
 domain-message-digest-key 1 hmac-md5 foo123
 metric-style wide
!


MX :
#######

ge-2/2/2 {
   mtu 4484;
   unit 0 {
       family inet {
           address y.y.y.2/30;
       }
       family iso;
   }
}

isis {
   level 2 {
       authentication-key "xxxxxxxx"; ## SECRET-DATA = foo123
       authentication-type md5;
       wide-metrics-only;
   }
   interface ge-2/2/2.0 {
     level 1 disable;
     level 2 {
         hello-authentication-key "$9$fQ39yrv8xdBIs4aJDjCtpBhS"; ##
SECRET-DATA = foo123
         hello-authentication-type simple;
     }
  }
}


Trace on MX :
##############

show interfaces ge-2/2/2
Physical interface: ge-2/2/2, Enabled, Physical link is Up
 Interface index: 251, SNMP ifIndex: 556
 Description: Connection To LNS
 Link-level type: Ethernet, MTU: 4484, Speed: 1000mbps, BPDU Error: None,
MAC-REWRITE Error: None, Loopback: Disabled,
 Source filtering: Disabled, Flow control: Enabled, Auto-negotiation:
Enabled, Remote fault: Online
 Device flags   : Present Running
 Interface flags: SNMP-Traps Internal: 0x4000
 Link flags     : None
 CoS queues     : 8 supported, 8 maximum usable queues
 Schedulers     : 0
 Current address: 84:18:88:e8:c9:9e, Hardware address: 84:18:88:e8:c9:9e
 Last flapped   : 2011-05-20 11:54:46 EEST (01:08:11 ago)
 Input rate     : 6144 bps (8 pps)
 Output rate    : 0 bps (0 pps)
 Active alarms  : None
 Active defects : None

 Logical interface ge-2/2/2.0 (Index 75) (SNMP ifIndex 656)
   Flags: SNMP-Traps 0x4000000 Encapsulation: ENET2
   Input packets : 27981
   Output packets: 600
   Protocol inet, MTU: 4470
     Flags: Sendbcast-pkt-to-re
     Addresses, Flags: Is-Preferred Is-Primary
       Destination: x.x.x.x/30, Local: x.x.x.x, Broadcast: x.x.x.x
   Protocol iso, MTU: 4467
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<ISO MTU
   Protocol multiservice, MTU: Unlimited


monitor traffic interface ge-2/2/2.0 layer2-headers no-resolve size 4488
verbose output suppressed, use <detail> or <extensive> for full protocol
decode
Address resolution is OFF.
Listening on ge-2/2/2.0, capture size 4488 bytes

TO ERX :

13:04:34.156857 Out 84:18:88:e8:c9:9e > 1:80:c2:0:0:15, 802.3, length 1509:
LLC, dsap OSI (0xfe) Individual, ssap OSI (0xfe) Command, ctrl 0x03: OSI
NLPID IS-IS (0x83): L2 Lan IIH, src-id 2131.3905.5002, lan-id
2131.3905.5002.00, prio 64, length 1492  <<< PDU length including hello
padding of the MX

FROM ERX :

13:04:35.450255  In 0:90:1a:41:fa:f5 > 1:80:c2:0:0:15, 802.3, length 1514:
LLC, dsap OSI (0xfe) Individual, ssap OSI (0xfe) Command, ctrl 0x03: OSI
NLPID IS-IS (0x83): L2 Lan IIH, src-id 1921.6801.6029, lan-id
1921.6801.6029.01, prio 64, length 1497  <<< PDU length including hello
padding of the ERX



Trace on ERX :
##############



sho int gi 12/0
GigabitEthernet12/0 is Up, Administrative status is Up
 Hardware is PMC 3386, address is 0090.1a41.faf5
 Primary MAU is 1000BASE-LX 10km, secondary MAU is 1000BASE-LX 10km
 MTU: Operational 4488, Administrative 4488
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< MTU seems good
 Duplex Mode: Operational Full Duplex, Administrative Auto Negotiate
 Speed: Operational 1000 Mbps, Administrative Auto Negotiate
 Debounce: State is Disabled
 Link: Operational Primary Link Selected,
       Administrative Link Selected Automatically
 Link Failover Timeout: Operational 727 ms, Administrative default
 Primary link selected 258 times, Secondary link selected 252 times
 Primary link signal detected, Secondary link signal not detected

 No baseline has been set
 5 minute input rate 1024 bits/sec, 0 packets/sec
 5 minute output rate 19456 bits/sec, 12 packets/sec

 In: Bytes 789821048435, Unicast 4769999720
  Multicast 2224876, Broadcast 2088
  Errors 0, Discards 36549, Mac Errors 0, Alignment 0  <<<<<<<<<<<<<<<<<
IIH coming from MX are discarded
  CRC 0, Too Longs 0, Symbol Errors 0
 Out: Bytes 6824490336601, Unicast 6292729944
  Multicast 4577411, Broadcast 103
  Errors 0, Discards 0, Mac Errors 0, Deferred 0, No Carrier 0
  Collisions: Single 0, Multiple 0, Late 0, Excessive 0
Policed Statistics:
 In: 0, Out: 0
ARP Statistics:
 In: ARP requests 211, ARP responses 8
  Errors 0, Discards 6
 Out: ARP requests 103, ARP responses 204
  Errors 0, Discards 7

Administrative qos-shaping-mode: none
Operational qos-shaping-mode: frame
queue 0: traffic class best-effort, bound to ethernet GigabitEthernet12/0
 Queue length 0 bytes
 Forwarded packets 0, bytes 0
 Dropped committed packets 0, bytes 0
 Dropped conformed packets 0, bytes 0
 Dropped exceeded packets 0, bytes 0
queue 1: traffic class control, bound to GigabitEthernet12/0
 Queue length 0 bytes
 Forwarded packets 22347807, bytes 1630937549
 Dropped committed packets 0, bytes 0
 Dropped conformed packets 0, bytes 0
 Dropped exceeded packets 0, bytes 0



sho clns interface gi 12/0
GigabitEthernet12/0 is up, line protocol is up
 Checksums Enabled, MTU 4470, Encapsulation SNAP  <<<<<<<<<< MTU ISO
 Next ESH/ISH is 7 seconds
 Routing Protocol: IS-IS
   Circuit Type: level-2
   Interface number 0x495886, local circuit ID 0x1
   Level-1 Metric: 10, DIS Priority: 0, Priority: 64,
           Circuit ID: BRAS3-WDOO.01
           L1 Designated IS: Disabled
   Number of active level-1 adjacencies: 0
   Level-2 Metric: 10, DIS Priority: 64, Priority: 64,
           Circuit ID: BRAS3-WDOO.01

           L2 Designated IS: BRAS3-WDOO:default.01 (not us)
   Number of active level-2 adjacencies: 0
   Next IS-IS LAN Level-1 Hello in 0 seconds
   Next IS-IS LAN Level-2 Hello in 6 seconds
   BFD disabled
   Mesh Group Inactive
   Authentication Level-2:
     Key-id:   0 Type: password*
       Start Accept:   THU MAY 19 18:08:31 2011
       Start Generate: THU MAY 19 18:08:31 2011
       Stop Accept:    0
       Stop Generate:  0


sho clns traffic detail
IS-IS: Baseline last set 28 days, 22 hours, 11 minutes, 17 seconds
IS-IS: Corrupted LSPs: 0
IS-IS: L1 LSP Database Overloads: 0
IS-IS: L2 LSP Database Overloads: 0
IS-IS: Area Addresses Dropped: 0
IS-IS: Attempts to Exceed Max Sequence: 0
IS-IS: Sequence Numbers Skipped: 0
IS-IS: Total LSPs Purged: 414
IS-IS: Own LSPs Purged: 0
IS-IS: System ID Length Mismatches: 0
IS-IS: Maximum Area Mismatches: 0
IS-IS: Area/Domain Authentication Failures: 0
IS-IS: Level-1 LSPs Sent: 0 Rcvd: 0 Dropped: 0
IS-IS: Level-2 LSPs Sent: 3086 Rcvd: 529403 Dropped: 0
IS-IS: LSP checksum errors received: 0

Interface: GigabitEthernet12/0
IS-IS: Baseline last set 28 days, 22 hours, 11 minutes, 17 seconds
IS-IS: Protocol PDUs (in/out): 0/0
IS-IS: Init Failures: 0
IS-IS: Adjacencies Changes: 0
IS-IS: Adjacencies Rejected: 0
IS-IS: Bad LSPs: 0
IS-IS: Level-1 Designated IS Changes: 2
IS-IS: Level-2 Designated IS Changes: 11
IS-IS: Invalid 9542s: 0
IS-IS: Malformed PDU reecived: 0
IS-IS: Authentication Failures: 0
IS-IS: Level-1 Hellos (in/out/dropped): 0/0/0
IS-IS: Level-2 Hellos (in/out/dropped): 0/300/0   <<<<<<<<<<<<< ONLY SENT
IIH
IS-IS: Level-1 CSNPs (in/out): 0/0
IS-IS: Level-2 CSNPs (in/out): 0/0
IS-IS: Level-1 PSNPs (in/out): 0/0
IS-IS: Level-2 PSNPs (in/out): 0/0
IS-IS: LSPs Retransmitted : 0



David Roy
Orange - IP Domestic Backbone - TAC
Tel.   +33(0)299876472
Mob. +33(0)685522213
Email. david.roy at orange-ftgroup.com<mailto:david.roy at orange-ftgroup.com>
JNCIE-M/T  #703 ; JNCIS-ENT

-----Message d'origine-----
De : sthaug at nethelp.no<mailto:sthaug at nethelp.no> [mailto:sthaug at nethelp.no<mailto:sthaug at nethelp.no>]
Envoyé : jeudi 19 mai 2011 21:35
À : ROY David DTF/DERX
Cc : kalirajv at gmail.com<mailto:kalirajv at gmail.com>; juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
Objet : Re: [j-nsp] ISIS between ERX 1440 and MX960


2. I tried but without success. I believe that the ISO MTU is less
than the padded hello of the MX. I will try to set mtu of the gi 12/0
of the ERX to 1518 : I will update you if it works

We have IS-IS running between MX and ERX with no problem. Use 4 byte more
for the ERX MTU than the MX MTU on the physical interfaces, and you should
be all set.

Example of working config below, lightly anonymized.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no<mailto:sthaug at nethelp.no>
----------------------------------------------------------------------

interface gigabitEthernet 2/0
 mtu 4488
 ip address a.b.2.202 255.255.255.252
 ip router isis
 isis network point-to-point
 isis circuit-type level-2-only

interface loopback 0
 ip address a.b.0.75 255.255.255.255
 ip router isis
 isis circuit-type level-2-only

router isis
 is-type level-2-only
 net 47.0001.0000.0000.0075.00
 metric-style wide level-2

interfaces {
   ge-0/0/3 {
       mtu 4484;
       unit 0 {
           family inet {
               address a.b.2.201/30;
           }
           family iso;
       }
   }
   lo0 {
       unit 0 {
           family inet {
               address a.b.0.78/32;
           }
           family iso {
               address 47.0001.0000.0000.0078.00;
           }
       }
   }
}

protocols {
   isis {
       level 2 wide-metrics-only;
       level 1 disable;
       interface ge-0/0/3.0 {
           point-to-point;
       }
       interface lo0.0 {
           level 2 passive;
       }
   }
}


********************************************************************************
IMPORTANT.Les informations contenues dans ce message electronique y compris
les fichiers attaches sont strictement confidentielles
et peuvent etre protegees par la loi.
Ce message electronique est destine exclusivement au(x) destinataire(s)
mentionne(s) ci-dessus.
Si vous avez recu ce message par erreur ou s il ne vous est pas destine,
veuillez immediatement le signaler  a l expediteur et effacer ce message
et tous les fichiers eventuellement attaches.
Toute lecture, exploitation ou transmission des informations contenues dans
ce message est interdite.
Tout message electronique est susceptible d alteration.
A ce titre, le Groupe France Telecom decline toute responsabilite notamment
s il a ete altere, deforme ou falsifie.
De meme, il appartient au destinataire de s assurer de l absence de tout
virus.

IMPORTANT.This e-mail message and any attachments are strictly confidential
and may be protected by law. This message is
intended only for the named recipient(s) above.
If you have received this message in error, or are not the named
recipient(s), please immediately notify the sender and delete this e-mail
message.
Any unauthorized view, usage or disclosure ofthis message is prohibited.
Since e-mail messages may not be reliable, France Telecom Group shall not be
liable for any message if modified, changed or falsified.
Additionally the recipient should ensure they are actually virus free.
********************************************************************************


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp





_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp


********************************************************************************
IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles
et peuvent etre protegees par la loi.
Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus.
Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler  a l expediteur et effacer ce message 
et tous les fichiers eventuellement attaches.
Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite.
Tout message electronique est susceptible d alteration.
A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie.
De meme, il appartient au destinataire de s assurer de l absence de tout virus.

IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is
intended only for the named recipient(s) above.
If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message.
Any unauthorized view, usage or disclosure ofthis message is prohibited.
Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified.
Additionally the recipient should ensure they are actually virus free.
********************************************************************************




More information about the juniper-nsp mailing list