[j-nsp] ISIS (Ref-BW L1 Metric)

[Jking T]

Hi Experts,

I have couple of queries on IS-IS

1) Just 
wondering what reference-bandwidth value in show isis overview 
indicates?? 
We have set reference-bandwidth as 1000g for ISIS. (We 
dont see this output with routers not having reference-bandwidth 
command)

l...@mumbdst1 show isis overview 
Instance: master
 
 Router ID: x.x.x.x
  Adjacency holddown: enabled
  Maximum Areas:
 3
  LSP life time: 65535
  Reference bandwidth: 3567587328  ---
 
 Attached bit evaluation: enabled
  SPF delay: 200 msec, SPF 
holddown: 5000 msec, SPF rapid runs: 3
  IPv4 is enabled, IPv6 is 
enabled
  Traffic engineering: enabled
  Restart: Enabled
    
Restart duration: 200
 sec
    Helper mode: Enabled
  Level 1
    Internal route 
preference: 15
    External route preference: 160
    Wide metrics are enabled, Narrow metrics are 
enabled
  Level 2
    Internal route preference: 18
    
External route preference: 165
    Wide metrics are enabled

2)
 We have few routers in the setup  all in Level-2. (Level1 
disabled). In that case, shouldnt we expect not to see Level1 Metric 
information in both the outputs???

l...@mumbdst1 show isis 
interface 
IS-IS interface database:
Interface L CirID
 Level 1 DR    Level 2 DR    L1/L2
 Metric
lo0.0    0   0x1 Passive   
Passive 0/0
xe-0/0/0.0    2   0x1 
Disabled  Point to Point    100/10 

 
ge-1/0/0.0    2   0x1 Disabled  Point to 
Point    100/1000

Any
 thoughts??

Thank you.

Regards,
JK

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] GRE tunnel - inbound traffic drops

[Volker D. Pallas]

To provide my solution in case someone finds this thread:

-I changed the tunnel to ip-0/0/0[.2] using the same config
-changed the linux end to:
 ip tunnel add tun-nc mode sit remote 87.79.237.76 local 80.237.249.84 
 ttl 255

 ip addr add 2a01:488:1000:1001:0:50ed:c910:aa00/127 dev tun-nc
 ip link set tun-nc up multicast on

The tunnel now works fine and both ends are ospfv3-neighbors.

Thank you,
Volker


On 05/23/2010 05:56 PM, Volker D. Pallas wrote:

Hi,

i'm trying to set up a simple gre-tunnel from an SRX-100 running JUNOS
10.1R2.8 to a remote linux host.
I verified using tcpdump on both sides:
-pings from linux to junos get sent but are never received.(no sign of
them in tcpdump of pp0.0/gre.0)
-pings from junos to linux arrive (also visible in tcpdump of pp0.0) and
are replied to, but the reply does not reach junos

This sounds like a problem with security zones or policies, but I have
tried about *everything* and it never worked - not even with extreme
measures. Temporarily allowed all inbound traffic for pp0.0, put all
involved interfaces into the 'trust'-zone and so on.

this is my basic tunnel-config:
# set interfaces gre unit 0 tunnel source 87.79.237.76
# set interfaces gre unit 0 tunnel destination 80.237.249.84
# set interfaces gre unit 0 family inet6 address
2a01:488:1000:1001:0:50ed:c910:aa01/127
# set security zones security-zone untrust interfaces gre.0
host-inbound-traffic system-services ping

I already switched to ipv4 which was also not working, so i can rule out
that this has something to do with ipv6.

A trace on 'security' also showed the following, which I don't really like:
May 23 15:58:32 15:58:31.1697039:CID-0:RT:pak_for_self: No handler
function found for proto:47, dst-port:2048, drop pkt

There is a second tunnel configured on that linux box to a remote cisco
device (same config) and this is working properly.

I would appreciate any help,
thanks in advance,
Volker
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp