Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] ISIS adjacency not showing hostname

0

0

Article ID: KB34570 KB Last Updated: 25 Jun 2019Version: 1.0
Summary:

When the show isis adjacency command is executed, it shows only the system ID but not the ISIS neighbor's hostname.

This article gives a possible reason and suggests what should be done to resolve the problem.

 

Symptoms:

ISIS adjacency is up but the show isis adjacency command output does not show the neighbor's hostname. It shows its system ID instead. Further, the local router is seen to have not learned the neighbor's hostname.

 

Example Topology

< R60 > ----- ISIS level 2 ------ < R69> 
 

Output of show isis adjacency

root@r69> show isis adjacency   
Interface             System         L State        Hold (secs) SNPA
ge-0/0/3.0            1280.4910.3060 2  Up                    6  0:5:86:68:b:4 . << System ID is showing here instead of hostname.


root@r69> run show isis hostname   
IS-IS hostname database:
System ID      Hostname                                         Type
1280.4910.3069 r69                                              Static  << Hostname cache has only the router's hostname.

 

Cause:

This symptom could be caused by mismatched authentication keys between the two routers. It can happen when establishing ISIS adjacencies between Juniper devices and devices from other vendors, which may configure the ISIS authentication key in a different location or at a different level.

In Junos OS, ISIS authentication keys can be configured under isis level or isis interface as shown in the example below:

set protocols isis level 2 authentication-key "$9$SvtyK87-wsgJ"
set protocols isis level 2 authentication-type md5
set protocols isis interface ge-0/0/3 level 2 hello-authentication-key "$9$90kxCpBcSe8X-IE7V"
set protocols isis interface ge-0/0/3 level 2 hello-authentication-type md5

In the above example, there are two authentication keys being used by R69 for ISIS domain level authentication and interface hello authentication. If the peer device can configure only one ISIS authentication key or one of the authentication keys does not match with R69, it may result in successful hello authentication but failed LSP authentication.

In such a scenario, ISIS adjacency will come up because the hello packets are being accepted. However, the R60's LSPs are dropped by R69 due to authentication failure. Because ISIS hostname is carried in ISIS LSP packets, R69 is not able to learn the peer device's hostname and the output described in the symptom section is observed.

 

Solution:

Check the ISIS LSP database on the local router to see if it has learned the peer's device's ISIS LSP.

user@host> show isis database
IS-IS level 2 link-state database:
LSP ID                          Sequence Checksum Lifetime Attributes
<peer device system ID or hostname>     0x644   0x53f7     2952 L1 L2 <<< Check if the peer device’s LSP is installed in the local ISIS LSP database.
 

If the peer device's LSP is not in the ISIS database, check the number of authentication keys required from both sides and make sure that all authentication keys are matching.

  • For example, if the peer device is a router that is configured with two different passwords for ISIS hello and ISIS LSP:

router isis <instance>
    lsp-password hmac-md5 encrypted  <key 2>
router isis <instance>
    interface <interface-name> hello-password hmac-md5 encrypted <key 1>
 
  • To match the peer device's ISIS config, two different passwords would be required on the Juniper device:

set protocols isis level 2 authentication-key <key 2>
set protocols isis interface <interface-name> level 2 hello-authentication-key  <key 1>

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search