Thanks. I tried too, but I ve the same behavior ! IIH discarded at the ERX side.
Moreover when i configure my interface in point-to-point the ERX stops sending IIH ! So strange. The MX has already ISIS adjacencies with ALU 7750, other Juniper T and M series and Cisco boxes as well. I don't understand why I can't do it with ERX ! Maybe a bug ! ERX is in 10.2.1 David ________________________________________ De : David Lockuan [dlock...@gmail.com] Date d'envoi : vendredi 20 mai 2011 20:03 À : ROY David DTF/DERX Cc : sth...@nethelp.no; juniper-nsp@puck.nether.net Objet : Re: [j-nsp] ISIS between ERX 1440 and MX960 Hi David, Could you try to put the authentication with md5? I say this because when I was doing interoperability between JunOS and IOS, I noted that the simple authentication don't work correctly. Maybe the hash-key is not compatible when you use the simple authentication. Now we are using md5 as authentication-type and point-to-point configuration between equipments ERX, T1600, GSR and CRS. BR, --- David On Fri, May 20, 2011 at 10:47 AM, Payam Chychi <pchy...@gmail.com<mailto:pchy...@gmail.com>> wrote: correction: point-to-point is configured under the interface on the erx " interface blah/0 isis network point-to-point " -Payam Payam Chychi wrote: Hey, Have you tried setting each side up as a. Point-to-point network? Its done under protocol isis Try that and see if it works. If so, ur dst mac on one side is getting filtered (by the device itself or perhaps your provider) On 5/20/11, david....@orange-ftgroup.com<mailto:david....@orange-ftgroup.com> <david....@orange-ftgroup.com<mailto:david....@orange-ftgroup.com>> wrote: Hi, I don't know how to go on with the ERX. I tried many things without success. More traces below. Thanks for your help : May be a bug ?!? Regards, David ERX : ####### interface loopback 50 ip address x.x.x.x 255.255.255.255 no ip redirects ! interface gigabitEthernet 12/0 mtu 4488 ip address y.y.y.1 255.255.255.252 no ip redirects ip router isis 31337 isis circuit-type level-2-only isis authentication-key level-2 foo123 ! router isis 31337 is-type level-2-only passive-interface loopback50 net 49.0001.xxxx.xxxx.xxxx.00 domain-authentication psnp domain-authentication csnp domain-message-digest-key 1 hmac-md5 foo123 metric-style wide ! MX : ####### ge-2/2/2 { mtu 4484; unit 0 { family inet { address y.y.y.2/30; } family iso; } } isis { level 2 { authentication-key "xxxxxxxx"; ## SECRET-DATA = foo123 authentication-type md5; wide-metrics-only; } interface ge-2/2/2.0 { level 1 disable; level 2 { hello-authentication-key "$9$fQ39yrv8xdBIs4aJDjCtpBhS"; ## SECRET-DATA = foo123 hello-authentication-type simple; } } } Trace on MX : ############## show interfaces ge-2/2/2 Physical interface: ge-2/2/2, Enabled, Physical link is Up Interface index: 251, SNMP ifIndex: 556 Description: Connection To LNS Link-level type: Ethernet, MTU: 4484, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Schedulers : 0 Current address: 84:18:88:e8:c9:9e, Hardware address: 84:18:88:e8:c9:9e Last flapped : 2011-05-20 11:54:46 EEST (01:08:11 ago) Input rate : 6144 bps (8 pps) Output rate : 0 bps (0 pps) Active alarms : None Active defects : None Logical interface ge-2/2/2.0 (Index 75) (SNMP ifIndex 656) Flags: SNMP-Traps 0x4000000 Encapsulation: ENET2 Input packets : 27981 Output packets: 600 Protocol inet, MTU: 4470 Flags: Sendbcast-pkt-to-re Addresses, Flags: Is-Preferred Is-Primary Destination: x.x.x.x/30, Local: x.x.x.x, Broadcast: x.x.x.x Protocol iso, MTU: 4467 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<ISO MTU Protocol multiservice, MTU: Unlimited monitor traffic interface ge-2/2/2.0 layer2-headers no-resolve size 4488 verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is OFF. Listening on ge-2/2/2.0, capture size 4488 bytes TO ERX : 13:04:34.156857 Out 84:18:88:e8:c9:9e > 1:80:c2:0:0:15, 802.3, length 1509: LLC, dsap OSI (0xfe) Individual, ssap OSI (0xfe) Command, ctrl 0x03: OSI NLPID IS-IS (0x83): L2 Lan IIH, src-id 2131.3905.5002, lan-id 2131.3905.5002.00, prio 64, length 1492 <<< PDU length including hello padding of the MX FROM ERX : 13:04:35.450255 In 0:90:1a:41:fa:f5 > 1:80:c2:0:0:15, 802.3, length 1514: LLC, dsap OSI (0xfe) Individual, ssap OSI (0xfe) Command, ctrl 0x03: OSI NLPID IS-IS (0x83): L2 Lan IIH, src-id 1921.6801.6029, lan-id 1921.6801.6029.01, prio 64, length 1497 <<< PDU length including hello padding of the ERX Trace on ERX : ############## sho int gi 12/0 GigabitEthernet12/0 is Up, Administrative status is Up Hardware is PMC 3386, address is 0090.1a41.faf5 Primary MAU is 1000BASE-LX 10km, secondary MAU is 1000BASE-LX 10km MTU: Operational 4488, Administrative 4488 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< MTU seems good Duplex Mode: Operational Full Duplex, Administrative Auto Negotiate Speed: Operational 1000 Mbps, Administrative Auto Negotiate Debounce: State is Disabled Link: Operational Primary Link Selected, Administrative Link Selected Automatically Link Failover Timeout: Operational 727 ms, Administrative default Primary link selected 258 times, Secondary link selected 252 times Primary link signal detected, Secondary link signal not detected No baseline has been set 5 minute input rate 1024 bits/sec, 0 packets/sec 5 minute output rate 19456 bits/sec, 12 packets/sec In: Bytes 789821048435, Unicast 4769999720 Multicast 2224876, Broadcast 2088 Errors 0, Discards 36549, Mac Errors 0, Alignment 0 <<<<<<<<<<<<<<<<< IIH coming from MX are discarded CRC 0, Too Longs 0, Symbol Errors 0 Out: Bytes 6824490336601, Unicast 6292729944 Multicast 4577411, Broadcast 103 Errors 0, Discards 0, Mac Errors 0, Deferred 0, No Carrier 0 Collisions: Single 0, Multiple 0, Late 0, Excessive 0 Policed Statistics: In: 0, Out: 0 ARP Statistics: In: ARP requests 211, ARP responses 8 Errors 0, Discards 6 Out: ARP requests 103, ARP responses 204 Errors 0, Discards 7 Administrative qos-shaping-mode: none Operational qos-shaping-mode: frame queue 0: traffic class best-effort, bound to ethernet GigabitEthernet12/0 Queue length 0 bytes Forwarded packets 0, bytes 0 Dropped committed packets 0, bytes 0 Dropped conformed packets 0, bytes 0 Dropped exceeded packets 0, bytes 0 queue 1: traffic class control, bound to GigabitEthernet12/0 Queue length 0 bytes Forwarded packets 22347807, bytes 1630937549 Dropped committed packets 0, bytes 0 Dropped conformed packets 0, bytes 0 Dropped exceeded packets 0, bytes 0 sho clns interface gi 12/0 GigabitEthernet12/0 is up, line protocol is up Checksums Enabled, MTU 4470, Encapsulation SNAP <<<<<<<<<< MTU ISO Next ESH/ISH is 7 seconds Routing Protocol: IS-IS Circuit Type: level-2 Interface number 0x495886, local circuit ID 0x1 Level-1 Metric: 10, DIS Priority: 0, Priority: 64, Circuit ID: BRAS3-WDOO.01 L1 Designated IS: Disabled Number of active level-1 adjacencies: 0 Level-2 Metric: 10, DIS Priority: 64, Priority: 64, Circuit ID: BRAS3-WDOO.01 L2 Designated IS: BRAS3-WDOO:default.01 (not us) Number of active level-2 adjacencies: 0 Next IS-IS LAN Level-1 Hello in 0 seconds Next IS-IS LAN Level-2 Hello in 6 seconds BFD disabled Mesh Group Inactive Authentication Level-2: Key-id: 0 Type: password* Start Accept: THU MAY 19 18:08:31 2011 Start Generate: THU MAY 19 18:08:31 2011 Stop Accept: 0 Stop Generate: 0 sho clns traffic detail IS-IS: Baseline last set 28 days, 22 hours, 11 minutes, 17 seconds IS-IS: Corrupted LSPs: 0 IS-IS: L1 LSP Database Overloads: 0 IS-IS: L2 LSP Database Overloads: 0 IS-IS: Area Addresses Dropped: 0 IS-IS: Attempts to Exceed Max Sequence: 0 IS-IS: Sequence Numbers Skipped: 0 IS-IS: Total LSPs Purged: 414 IS-IS: Own LSPs Purged: 0 IS-IS: System ID Length Mismatches: 0 IS-IS: Maximum Area Mismatches: 0 IS-IS: Area/Domain Authentication Failures: 0 IS-IS: Level-1 LSPs Sent: 0 Rcvd: 0 Dropped: 0 IS-IS: Level-2 LSPs Sent: 3086 Rcvd: 529403 Dropped: 0 IS-IS: LSP checksum errors received: 0 Interface: GigabitEthernet12/0 IS-IS: Baseline last set 28 days, 22 hours, 11 minutes, 17 seconds IS-IS: Protocol PDUs (in/out): 0/0 IS-IS: Init Failures: 0 IS-IS: Adjacencies Changes: 0 IS-IS: Adjacencies Rejected: 0 IS-IS: Bad LSPs: 0 IS-IS: Level-1 Designated IS Changes: 2 IS-IS: Level-2 Designated IS Changes: 11 IS-IS: Invalid 9542s: 0 IS-IS: Malformed PDU reecived: 0 IS-IS: Authentication Failures: 0 IS-IS: Level-1 Hellos (in/out/dropped): 0/0/0 IS-IS: Level-2 Hellos (in/out/dropped): 0/300/0 <<<<<<<<<<<<< ONLY SENT IIH IS-IS: Level-1 CSNPs (in/out): 0/0 IS-IS: Level-2 CSNPs (in/out): 0/0 IS-IS: Level-1 PSNPs (in/out): 0/0 IS-IS: Level-2 PSNPs (in/out): 0/0 IS-IS: LSPs Retransmitted : 0 David Roy Orange - IP Domestic Backbone - TAC Tel. +33(0)299876472 Mob. +33(0)685522213 Email. david....@orange-ftgroup.com<mailto:david....@orange-ftgroup.com> JNCIE-M/T #703 ; JNCIS-ENT -----Message d'origine----- De : sth...@nethelp.no<mailto:sth...@nethelp.no> [mailto:sth...@nethelp.no<mailto:sth...@nethelp.no>] Envoyé : jeudi 19 mai 2011 21:35 À : ROY David DTF/DERX Cc : kalir...@gmail.com<mailto:kalir...@gmail.com>; juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net> Objet : Re: [j-nsp] ISIS between ERX 1440 and MX960 2. I tried but without success. I believe that the ISO MTU is less than the padded hello of the MX. I will try to set mtu of the gi 12/0 of the ERX to 1518 : I will update you if it works We have IS-IS running between MX and ERX with no problem. Use 4 byte more for the ERX MTU than the MX MTU on the physical interfaces, and you should be all set. Example of working config below, lightly anonymized. Steinar Haug, Nethelp consulting, sth...@nethelp.no<mailto:sth...@nethelp.no> ---------------------------------------------------------------------- interface gigabitEthernet 2/0 mtu 4488 ip address a.b.2.202 255.255.255.252 ip router isis isis network point-to-point isis circuit-type level-2-only interface loopback 0 ip address a.b.0.75 255.255.255.255 ip router isis isis circuit-type level-2-only router isis is-type level-2-only net 47.0001.0000.0000.0075.00 metric-style wide level-2 interfaces { ge-0/0/3 { mtu 4484; unit 0 { family inet { address a.b.2.201/30; } family iso; } } lo0 { unit 0 { family inet { address a.b.0.78/32; } family iso { address 47.0001.0000.0000.0078.00; } } } } protocols { isis { level 2 wide-metrics-only; level 1 disable; interface ge-0/0/3.0 { point-to-point; } interface lo0.0 { level 2 passive; } } } ******************************************************************************** IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles et peuvent etre protegees par la loi. Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus. Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler a l expediteur et effacer ce message et tous les fichiers eventuellement attaches. Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite. Tout message electronique est susceptible d alteration. A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie. De meme, il appartient au destinataire de s assurer de l absence de tout virus. IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is intended only for the named recipient(s) above. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message. Any unauthorized view, usage or disclosure ofthis message is prohibited. Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified. Additionally the recipient should ensure they are actually virus free. ******************************************************************************** _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net> https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net> https://puck.nether.net/mailman/listinfo/juniper-nsp ******************************************************************************** IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles et peuvent etre protegees par la loi. Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus. Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler a l expediteur et effacer ce message et tous les fichiers eventuellement attaches. Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite. Tout message electronique est susceptible d alteration. A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie. De meme, il appartient au destinataire de s assurer de l absence de tout virus. IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is intended only for the named recipient(s) above. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message. Any unauthorized view, usage or disclosure ofthis message is prohibited. Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified. Additionally the recipient should ensure they are actually virus free. ******************************************************************************** _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp