Solved: Re: ISIS 3 way handshake

Ratheesh mv · ‎05-13-2021

What is the difference between "isis three-way-handshake ietf" and "isis three-way-handshake cisco" ?

When I did packet capture with isis three-way-handshake ietf there were extended local circuit ID , Neighbor system-ID and neighbor extended local circuit ID fields in the TLV 240 but these fields were not present with isis three-way-handshake cisco.

Can someone explain the difference between those?

Thanks in advance

Harold Ritter · ‎05-13-2021

Hi @Ratheesh mv ,

"isis three-way-handshake ietf" enables the behavior describes in RFC5303.

"isis three-way-handshake cisco" is the default behavior and enables the pre RFC5303 behavior.

Please refer to RFC55303 for more information.

https://datatracker.ietf.org/doc/html/rfc5303

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

Giuseppe Larosa · ‎05-13-2021

Hello @Ratheesh mv ,

pre RFC 5303 behaviuor is described in RFC Abstract:

>>

The IS-IS routing protocol (Intermediate System to Intermediate
   System, ISO 10589) requires reliable protocols at the link layer for
   point-to-point links.  As a result, it does not use a three-way
   handshake when establishing adjacencies on point-to-point media.
   This paper defines a backward-compatible extension to the protocol
   that provides for a three-way handshake.  It is fully interoperable
   with systems that do not support the extension.

   Additionally, the extension allows the robust operation of more than
   256 point-to-point links on a single router.

So pre RFC5303 implementations have the following limitations:

no three way handshake is actually performed on point to point links by IS-IS itself

Note: Cisco may have had a 3 way handshake using standard circuit IDs.

The second important limitation is the original circuit descriptors allowed to describe up to 256 different p2p links ( a single octet was used to describe the circuit ID) on a single router and this limit is too low for modern routers that can have thousands of logical interfaces and hundreds of physical interfaces.

Your wireshark packet captures confirm the use of extended circuit IDs descriptors when using ietf option.

>> When I did packet capture with isis three-way-handshake ietf there were extended local circuit ID , Neighbor system-ID and neighbor extended local circuit ID fields in the TLV 240 but these fields were not present with isis three-way-handshake cisco.

Hope to help

Giuseppe

View solution in original post

balaji.bandi · ‎05-13-2021

check this information may helop you :

try command - isis three-way-handshake ietf

https://www.ciscopress.com/articles/article.asp?p=26850&seqNum=5

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Harold Ritter · ‎05-13-2021

Hi @Ratheesh mv ,

"isis three-way-handshake ietf" enables the behavior describes in RFC5303.

"isis three-way-handshake cisco" is the default behavior and enables the pre RFC5303 behavior.

Please refer to RFC55303 for more information.

https://datatracker.ietf.org/doc/html/rfc5303

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Ratheesh mv · ‎05-13-2021

Hi Harold Ritter

I have understood working of RFC 5303.

Can you briefly explain about pre RFC5303 behaviour in your words ? It will be appreciated.

Giuseppe Larosa · ‎05-13-2021

Hello @Ratheesh mv ,

pre RFC 5303 behaviuor is described in RFC Abstract:

>>

The IS-IS routing protocol (Intermediate System to Intermediate
   System, ISO 10589) requires reliable protocols at the link layer for
   point-to-point links.  As a result, it does not use a three-way
   handshake when establishing adjacencies on point-to-point media.
   This paper defines a backward-compatible extension to the protocol
   that provides for a three-way handshake.  It is fully interoperable
   with systems that do not support the extension.

   Additionally, the extension allows the robust operation of more than
   256 point-to-point links on a single router.

So pre RFC5303 implementations have the following limitations:

no three way handshake is actually performed on point to point links by IS-IS itself

Note: Cisco may have had a 3 way handshake using standard circuit IDs.

The second important limitation is the original circuit descriptors allowed to describe up to 256 different p2p links ( a single octet was used to describe the circuit ID) on a single router and this limit is too low for modern routers that can have thousands of logical interfaces and hundreds of physical interfaces.

Your wireshark packet captures confirm the use of extended circuit IDs descriptors when using ietf option.

>> When I did packet capture with isis three-way-handshake ietf there were extended local circuit ID , Neighbor system-ID and neighbor extended local circuit ID fields in the TLV 240 but these fields were not present with isis three-way-handshake cisco.

Hope to help

Giuseppe

ramoalva · ‎10-06-2022

Hi Harold,

What commando is equivalent in IOS XR 7.1.2??

RP/0/RP0/CPU0:Oct 6 02:20:00.782 CDT: isis[1012]: BFD TLV GigabitEthernet0/0/0/0: Adding MTID 0 IPv4 (NLPID 0xcc)
RP/0/RP0/CPU0:Oct 6 02:20:00.782 CDT: isis[1012]: BFD TLV GigabitEthernet0/0/0/0: Added BFD-enabled TLV length 3
RP/0/RP0/CPU0:Oct 6 02:20:00.782 CDT: isis[1012]: SEND P2P IIH (L2) on GigabitEthernet0/0/0/0: Holdtime 30s, Length 8983
RP/0/RP0/CPU0:Oct 6 02:20:00.782 CDT: isis[1012]: SCHED P2P IIH (L2) on GigabitEthernet0/0/0/0: Send IIH in 9.05s ... (requested non-jittered delay was 10.00s)
RP/0/RP0/CPU0:Oct 6 02:20:09.837 CDT: isis[1012]: SEND P2P IIH (L2) on GigabitEthernet0/0/0/0: Do IETF 3-way handshake: State DOWN; ifnum 0x1000018Local Ext Circuit Number 0x6; Nbor System ID N/A, Nbor Ext. Circuit Number N/A
RP/0/RP0/CPU0:Oct 6 02:20:09.837 CDT: isis[1012]: SEND P2P IIH (L2) on GigabitEthernet0/0/0/0: Add of HMAC-MD5 authentication succeeded
RP/0/RP0/CPU0:Oct 6 02:20:09.837 CDT: isis[1012]: SEND P2P IIH (L2) on GigabitEthernet0/0/0/0: SA bit set

thanks,

Harold Ritter · ‎10-06-2022

Hi @ramoalva ,

XR does not need a special knob to support the IETF 3 way hand shake. Does the session come up?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

ramoalva · ‎10-06-2022

Harold,

The session does not come up, but we are looking if there is any issue with the UCS C220 M6S ethernet card.

In these case we have a XRv9K with vRR profile connected to NCS5502.

Thanks for your help.