[FROG] IS-IS HMAC-MD5 Authentication Not Working

Mark Tinka mark.tinka at seacom.mu
Wed Apr 8 08:06:47 EDT 2020 


On 8/Apr/20 13:40, Donald Sharp wrote:

> Chriztoffer -
>
> The `lsp-mtu (128-4352)` command has never been 'hidden' ( this
> connotates you can't see it in the vtysh cli if you look for it, you
> have to know it exists ), it has always been visible just not
> documented.  Quentin's commit is trying to document the command in our
> documentation.
>
> This command was introduced in Nov 2015:
>
> commit b20ccb3aa94ff96e8d32e5206d8b16fa3b081908
> Author: Christian Franke <nobody at nowhere.ws>
> Date:   Tue Nov 10 18:43:31 2015 +0100

So when I first used "lsp-mtu", I assumed it needed go on the physical
interface. Reading your e-mail now and trying this again, I see it needs
to go under "router isis" mode.

That said, if I use it and remove Hello Padding, IS-IS can't start:

2020/04/08 12:04:39 ISIS: isis_send_pdu_bcast: sock_buff size 8192 is
less than output pdu size 9014 on circuit em0
2020/04/08 12:04:39 ISIS: [EC 67108865] ISIS-Adj (1): Send L2 IIH on em0
failed

So looks like "lsp-mtu" doesn't actually work, per se, and disabling
Hello Padding is still needed (even though I consider it best practice
anyway).



> I would like to apologize for the state of our documentation.  For
> many years the community accepted new code without a requirement that
> it also be documented in our docs.  This has led to a gap where there
> is a large number of knobs/commands that are not documented very well
> at all.  This has changed recently as that all new cli changes (
> semantically if you touch a DEFUN/DEFPY function ) must also come with
> documentation.  In addition people have been trickling in missed cli
> documentation changes pretty regularly over the last year( I like
> Quentin have been hitting missed commands when I notice it from
> community interaction ).  It's a large effort that takes away from
> what developers see as their day job, so missed documentation has
> taken a small back seat to new functionality and bug fixes.  Having
> said that this is one of those areas where you don't need to be a `c`
> coder at all and we would appreciate help from anyone who uses FRR.

Very happy to help where I can with documentation clean-up, as I get my
arms around IS-IS in FRR.


>
> I think, Mark's question now, is how to get authentication working
> properly using isisd.  I've included Christian Franke on the email
> since he was one of the primary authors of isisd.  Hopefully he can
> shed some light on what is going on here?

Yes please, thanks :-). I'm kind of stuck there now.

Mark.

More information about the frog mailing list