RARE user and assistance email list

[Eoin Kenny <>]

Hi Csaba, all,

Just to confirm that I have tested md5 ISIS hello authentication between a 
Juniper MX(19.2R3.5) and freeRouter v21.12.13-cur and all is working as 
expected. 

Many thanks for the fast turnaround. 

Regards
Eoin


-----Original Message-----
From:  <> 
On Behalf Of mc36
Sent: Friday 3 December 2021 14:10
To: ; Eoin Kenny <>; Tim Chown 
<>; Frédéric LOUI <>
Subject: Re: [RARE-users] ISIS MD5 hello config

CAUTION[External]: This email originated from outside of the organisation. Do 
not click on links or open the attachments unless you recognise the sender 
and know the content is safe.


hi,

thanks for the good words all...

it was my shame that md5 auth was not around for ospf and isis... :)

imho the secret of adding new stuff quickly depends on several factors:
first, the will... as i see, we in rare team really like networking so for 
us, having new features is not a burden but a new pokemon to catch... :) 
second, the freerouter-freerouter and freerouter-foreign box tests help a 
lot...
after a coding marathon, we can have some confidence if all the tests pass...
we have 2500 in tests total, 300 interop against cisco xe, xr, junos and frr, 
and another 300 just for the rare (dpdk/tofino/bmv2) dataplane... the 
remaining almost
1800 are freerouter-freerouter, which serve some first round results 
quickly...

finally, the new image should be out... as you mentioned junos beforehand, 
here are the tests i run with that guy for isis md5:
interface adjacency auth: http://sources.nop.hu/cfg/intop9-isis14.tst
level-wide lsp auth: http://sources.nop.hu/cfg/intop9-isis12.tst
that latter seemingly requires adjacency auth too, but it's just an 
observation, if there are junos gurus out there, i would like to know if i'm 
mistaken here... :)

thanks,
cs





On 12/3/21 12:39, Eoin Kenny wrote:
> Hi Csaba,
>
> Excellent, many thanks. Fastest feature request I have ever seen!
> Let me know when I can test it.
>
> Regards
> Eoin
>
> -----Original Message-----
> From: mc36 <>
> Sent: Thursday 2 December 2021 17:07
> To: ; Eoin Kenny <>
> Subject: Re: [RARE-users] ISIS MD5 hello config
>
> CAUTION[External]: This email originated from outside of the organisation. 
> Do not click on links or open the attachments unless you recognise the 
> sender and know the content is safe.
>
>
> hi,
> a decision is made here so i just added this md5 stuff for ospf with these 
> changes:
> https://github.com/mc36/freeRouter/commit/908ef281b3e26891c94ac0a1bfc0
> 9ce6f9765d46 now some test cases need to cover the functionality then 
> i'll proceed to isis md5...
> regards,
> cs
>
>
> On 12/2/21 09:56, Eoin Kenny wrote:
>> Hi Csaba,
>>
>> Thanks for the links. I am using a Juniper at the other end. The ISIS 
>> group configuration contains the md5 config for the interfaces, but you 
>> can override the global config by explicitly configuring the interfaces 
>> under the protocol ISIS.
>> So the following works fine.
>> ekenny@edge1-testlab> show configuration protocols isis interface
>> ge-1/1/8.0 hello-padding disable; level 1 disable; level 2 {
>>       hello-authentication-key "$9removed"; ## SECRET-DATA
>>       hello-authentication-type simple; } ekenny@edge1-testlab>
>>
>> edge5-testlab#show running-config ethernet3 interface ethernet3
>>    description "Link to edge1-testlab"
>>    vrf forwarding isisvrf
>>    ipv4 address 192.168.1.1 255.255.255.254
>>    router isis4 1 enable
>>    router isis4 1 circuit level2
>>    router isis4 1 password $v10$removed==
>>    no shutdown
>>    no log-link-change
>>    exit
>>
>> Thank you for your help.
>>
>> Regards
>> Eoin
>>
>> -----Original Message-----
>> From: 
>> <> On Behalf Of mc36
>> Sent: Wednesday 1 December 2021 15:43
>> To: ; Eoin Kenny <>
>> Subject: Re: [RARE-users] ISIS MD5 hello config
>>
>> CAUTION[External]: This email originated from outside of the organisation. 
>> Do not click on links or open the attachments unless you recognise the 
>> sender and know the content is safe.
>>
>>
>> hi,
>> at the moment, freerouter can only do cleartext authentication on 
>> interface or lsp level:
>> http://sources.nop.hu/cfg/intop2-isis08.tst
>> http://sources.nop.hu/cfg/intop2-isis11.tst
>> in both tests, r1 is freerouter and r2 is xrv9k...
>> regards,
>> cs
>>
>>
>> On 12/1/21 14:23, Eoin Kenny wrote:
>>> Hi all,
>>>
>>> I maybe missing something obvious but I could not see how to configure 
>>> MD5 hello authentication for ISIS on freerouter. Any suggestions or 
>>> points would be appreciated.
>>>
>>> Thanks
>>> Eoin
>>>