Strange Wireshark Capture XR Span

Evan Roggenkamp · ‎10-24-2014

Good afternoon. I am working on Inter-op with a brocade CER and an ASR 9001 and I am running into an issue getting ISIS adjacency up. I was able to solve this on our other systems by paying close attention to wireshark captures of the authentication of Hello and LSP adjacency.

However, when mirroring on the XR, I am getting some strange output. Here is my config:

monitor-session BROCADE ethernet
destination interface GigabitEthernet0/0/0/2

interface GigabitEthernet0/0/0/10
description UPLINK TO BOTTOM BROCADE ETHERNET 2
ipv4 address 10.9.0.94 255.255.255.252
monitor-session BROCADE ethernet
!
negotiation auto

Here is a screenshot of the packet capture:

http://goo.gl/7xDLxw

Ruben Cocheno · ‎10-26-2014

hi,

Can you share the config from both sides? if you disable the IS-IS authentication on this interface the adjacency comes up?

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

Evan Roggenkamp · ‎10-29-2014

Here is the brocade side:

router isis
net 49.0002.0100.0900.0200.00
auth-mode cleartext level-2
auth-key "********" level-2
bfd all-interfaces
log adjacency
log invalid-lsp-packets
set-overload-bit on-startup 30
address-family ipv4 unicast
default-metric 200
metric-style wide
exit-address-family

address-family ipv6 unicast
exit-address-family

interface ethernet 1/2
port-name P2P to West 9001
enable
route-only
ip router isis
ip address 10.9.0.93/30
isis auth-mode cleartext
isis auth-key "********"
isis circuit-type level-2
isis ipv6 metric 200
isis metric 200
isis point-to-point

Here is the Cisco side:

router isis lab
set-overload-bit on-startup 30
net 49.0002.0100.0900.0197.00
nsf ietf
lsp-gen-interval maximum-wait 30000 initial-wait 30000 secondary-wait 30000
lsp-password text encrypted 130232020F3901130F1D0C356205373D11362B425A level 2
address-family ipv4 unicast
metric-style wide
metric 16000000
ispf
default-information originate
!
address-family ipv6 unicast
metric-style wide
metric 16000000
!
interface Loopback0
passive
circuit-type level-2-only
address-family ipv4 unicast
metric 200
!
!
!
!
interface GigabitEthernet0/0/0/10
circuit-type level-2-only
point-to-point
hello-password text encrypted 121E2007163E093D0E12002E641206290023291555
address-family ipv4 unicast
metric 200

I have not disabled ISIS authentication because although it is a lab others are working in it and would interrupt some of what they are doing.

So far in the wireshark it looks like I can see hellos from the Cisco, but not from the brocade. Perhaps I am on the wrong support forums? :)

xthuijs · ‎10-29-2014

hey evan,

yeah I dont like the answer of contact someone different, but in this case it might seem like the best thing to do :).

Having said that, if you can pull an ISIS/CLNS debug from the 9k side maybe then potentially we can say something more.

But if there is nothing on the wire from the B side, yeah...

Also if they are not seen with the isis/clns debug on the a9k, then lets check the np counters of the a9k to see if they are dropped in the hardware just to make sure this side is "clean".

cheers!

xander

xthuijs · ‎10-27-2014

note that span messes with the L2 header if the desintation interface is not an l2transport.

make sure that that is set correctly also.

xander