RARE user and assistance email list

[Xavier Jeannin <>]

Le 14/12/2021 à 13:23, mc36 a écrit :
> hi,
> excellent news, thanks so much for the effort! :)

Thank you Csaba for your responsiveness and work

Xavier

> regards,
> cs
>
>
> On 12/14/21 13:09, Eoin Kenny wrote:
> > Hi Csaba, all,
> >
> > Just to confirm that I have tested md5 ISIS hello authentication 
> > between a Juniper MX(19.2R3.5) and freeRouter v21.12.13-cur and all 
> > is working as expected.
> >
> > Many thanks for the fast turnaround.
> >
> > Regards
> > Eoin
> >
> >
> > -----Original Message-----
> > From:  
> > <> On Behalf Of mc36
> > Sent: Friday 3 December 2021 14:10
> > To: ; Eoin Kenny <>; 
> > Tim Chown <>; Fr  d  ric LOUI 
> > <>
> > Subject: Re: [RARE-users] ISIS MD5 hello config
> >
> > CAUTION[External]: This email originated from outside of the 
> > organisation. Do not click on links or open the attachments unless 
> > you recognise the sender and know the content is safe.
> >
> >
> > hi,
> >
> > thanks for the good words all...
> >
> > it was my shame that md5 auth was not around for ospf and isis... :)
> >
> > imho the secret of adding new stuff quickly depends on several factors:
> > first, the will... as i see, we in rare team really like networking 
> > so for us, having new features is not a burden but a new pokemon to 
> > catch... :) second, the freerouter-freerouter and freerouter-foreign 
> > box tests help a lot...
> > after a coding marathon, we can have some confidence if all the tests 
> > pass...
> > we have 2500 in tests total, 300 interop against cisco xe, xr, junos 
> > and frr, and another 300 just for the rare (dpdk/tofino/bmv2) 
> > dataplane... the remaining almost
> > 1800 are freerouter-freerouter, which serve some first round results 
> > quickly...
> >
> > finally, the new image should be out... as you mentioned junos 
> > beforehand, here are the tests i run with that guy for isis md5:
> > interface adjacency auth: http://sources.nop.hu/cfg/intop9-isis14.tst
> > level-wide lsp auth: http://sources.nop.hu/cfg/intop9-isis12.tst
> > that latter seemingly requires adjacency auth too, but it's just an 
> > observation, if there are junos gurus out there, i would like to know 
> > if i'm mistaken here... :)
> >
> > thanks,
> > cs
> >
> >
> >
> >
> >
> > On 12/3/21 12:39, Eoin Kenny wrote:
> > > Hi Csaba,
> > >
> > > Excellent, many thanks. Fastest feature request I have ever seen!
> > > Let me know when I can test it.
> > >
> > > Regards
> > > Eoin
> > >
> > > -----Original Message-----
> > > From: mc36 <>
> > > Sent: Thursday 2 December 2021 17:07
> > > To: ; Eoin Kenny <>
> > > Subject: Re: [RARE-users] ISIS MD5 hello config
> > >
> > > CAUTION[External]: This email originated from outside of the 
> > > organisation. Do not click on links or open the attachments unless 
> > > you recognise the sender and know the content is safe.
> > >
> > >
> > > hi,
> > > a decision is made here so i just added this md5 stuff for ospf with 
> > > these changes:
> > > https://github.com/mc36/freeRouter/commit/908ef281b3e26891c94ac0a1bfc0
> > > 9ce6f9765d46 now some test cases need to cover the functionality then
> > > i'll proceed to isis md5...
> > > regards,
> > > cs
> > >
> > >
> > > On 12/2/21 09:56, Eoin Kenny wrote:
> > > > Hi Csaba,
> > > >
> > > > Thanks for the links. I am using a Juniper at the other end. The 
> > > > ISIS group configuration contains the md5 config for the 
> > > > interfaces, but you can override the global config by explicitly 
> > > > configuring the interfaces under the protocol ISIS.
> > > > So the following works fine.
> > > > ekenny@edge1-testlab> show configuration protocols isis interface
> > > > ge-1/1/8.0 hello-padding disable; level 1 disable; level 2 {
> > > >        hello-authentication-key "$9removed"; ## SECRET-DATA
> > > >        hello-authentication-type simple; } ekenny@edge1-testlab>
> > > >
> > > > edge5-testlab#show running-config ethernet3 interface ethernet3
> > > >     description "Link to edge1-testlab"
> > > >     vrf forwarding isisvrf
> > > >     ipv4 address 192.168.1.1 255.255.255.254
> > > >     router isis4 1 enable
> > > >     router isis4 1 circuit level2
> > > >     router isis4 1 password $v10$removed==
> > > >     no shutdown
> > > >     no log-link-change
> > > >     exit
> > > >
> > > > Thank you for your help.
> > > >
> > > > Regards
> > > > Eoin
> > > >
> > > > -----Original Message-----
> > > > From: 
> > > > <> On Behalf Of mc36
> > > > Sent: Wednesday 1 December 2021 15:43
> > > > To: ; Eoin Kenny <>
> > > > Subject: Re: [RARE-users] ISIS MD5 hello config
> > > >
> > > > CAUTION[External]: This email originated from outside of the 
> > > > organisation. Do not click on links or open the attachments unless 
> > > > you recognise the sender and know the content is safe.
> > > >
> > > >
> > > > hi,
> > > > at the moment, freerouter can only do cleartext authentication on 
> > > > interface or lsp level:
> > > > http://sources.nop.hu/cfg/intop2-isis08.tst
> > > > http://sources.nop.hu/cfg/intop2-isis11.tst
> > > > in both tests, r1 is freerouter and r2 is xrv9k...
> > > > regards,
> > > > cs
> > > >
> > > >
> > > > On 12/1/21 14:23, Eoin Kenny wrote:
> > > > > Hi all,
> > > > >
> > > > > I maybe missing something obvious but I could not see how to 
> > > > > configure MD5 hello authentication for ISIS on freerouter. Any 
> > > > > suggestions or points would be appreciated.
> > > > >
> > > > > Thanks
> > > > > Eoin
--
Xavier JEANNIN
Network Dpt. - Innovation manager
GN4-3 Network technology evolution (WP6 T1) task leader
Tél. : +33 1 5394 2042
Mob. : +33 6 3017 0963
www.renater.fr