Re: Touble ospf md5 authentication
On Fri, Mar 19, 2010 at 05:52:04PM +0159, Vitaliy Kolodinsky wrote:
Hmm, it seems that Cisco just sends some trash after the end of OSPF packet. Perhaps it would suffice to remove the check in BIRD, but i personally don't test this compatibility.
In area 0.0.0.2 works some Cisco routers, Quagga and experimental BIRD. Cisco and Quagga work perfectly together. Cisco at the end of OSPF Hello packet sent LLS Data Block. Quagga this unit is not sending. LLS Data Block is mentioned in the IETF RFC 4813 May participate in the testing.
Yes, LLS data blocks in OSPF packets is the cause of the problem. Thank you for a note, i didn't know about RFC 4813. I will look at this issue and send you the patch for BIRD to be able to handle LLS data blocks. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello! In my opinion, this is the same issue that i reported at 2009.10.05 in this list. Then i disabled LLS in the cisco side, and after everything works well. ip ospf lls disable 2010/3/19 Ondrej Zajicek <santiago@crfreenet.org>:
On Fri, Mar 19, 2010 at 05:52:04PM +0159, Vitaliy Kolodinsky wrote:
Hmm, it seems that Cisco just sends some trash after the end of OSPF packet. Perhaps it would suffice to remove the check in BIRD, but i personally don't test this compatibility.
In area 0.0.0.2 works some Cisco routers, Quagga and experimental BIRD. Cisco and Quagga work perfectly together. Cisco at the end of OSPF Hello packet sent LLS Data Block. Quagga this unit is not sending. LLS Data Block is mentioned in the IETF RFC 4813 May participate in the testing.
Yes, LLS data blocks in OSPF packets is the cause of the problem. Thank you for a note, i didn't know about RFC 4813. I will look at this issue and send you the patch for BIRD to be able to handle LLS data blocks.
-- Elen sila lumenn' omentielvo
Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkujrW8ACgkQw1GB2RHercNN4gCeJttuETRAYSEE7Qczl6pYNCMh YysAn0YWM1ENwQbzx2KJ4lG1hRqUjsUn =f0t3 -----END PGP SIGNATURE-----
Dear, Csaba Szép. Вы писали 19 марта 2010 г., 19:11:51:
In my opinion, this is the same issue that i reported at 2009.10.05 in this list.
Then i disabled LLS in the cisco side, and after everything works well.
ip ospf lls disable
Using the ip ospf lls disable probably quite a good temporary solution, but the old IOS, this command is not bras7 (config-subif) # ip ospf lls disa ^ % Invalid input detected at '^' marker. bras7 (config-subif) # do sh ver Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-JS-M), Version 12.3 (21), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport With pleasure I will see a patch from the author and with no less pleasure test the patch work. -- Best regards, Vitaliy Kolodinsky BYVK-RIPE ISP Atlant Telecom kolodinsky@telecom.by
Hello! Of course this is only a workaround But..... I use this command with Cisco 7200 12.2(28)SB5 software, which is older than 12.3(21) Another temporaly solution is to disable lls globally . router ospf 1 router-id 10.0.0.2 no capability lls 2010/3/19 Vitaliy Kolodinsky <kolodinsky@telecom.by>:
Dear, Csaba Szép.
Вы писали 19 марта 2010 г., 19:11:51:
In my opinion, this is the same issue that i reported at 2009.10.05 in this list.
Then i disabled LLS in the cisco side, and after everything works well.
ip ospf lls disable
Using the ip ospf lls disable probably quite a good temporary solution, but the old IOS, this command is not
bras7 (config-subif) # ip ospf lls disa ^ % Invalid input detected at '^' marker.
bras7 (config-subif) # do sh ver Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-JS-M), Version 12.3 (21), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport
With pleasure I will see a patch from the author and with no less pleasure test the patch work.
--
Best regards, Vitaliy Kolodinsky BYVK-RIPE ISP Atlant Telecom kolodinsky@telecom.by
On Fri, Mar 19, 2010 at 06:11:51PM +0100, Csaba Szép wrote:
Hello!
In my opinion, this is the same issue that i reported at 2009.10.05 in this list.
Hello It is similar (also related to LLS) but not the same issue. The problem you reported (with error message 'received: options mismatch') was fixed in version 1.2.0 (i hope). This one is specific to usage of MD5 auth together with LLS. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (3)
-
Csaba Szép -
Ondrej Zajicek -
Vitaliy Kolodinsky