Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: Enabling Packet Checksums on IS-IS Interfaces

Understanding Checksums on IS-IS Interfaces

The checksum enables IS-IS to check at the receiver if the IS-IS protocol frames have become corrupted while traversing the network.

Sometimes corrupt IS-IS protocol frames can go undetected. If routing control traffic becomes corrupted, it is likely that user payload traffic might be corrupted, too. This can lead to unacceptable throughput. To prevent corrupt frames from going undetected, we recommend enabling checksumming on the IS-IS interfaces.

To review, IS-IS hello (IIH) PDUs establish adjacencies with other routing devices. A partial sequence number PDU (PSNP) is used by an IS-IS router to request link-state PDU information from a neighboring router. The complete sequence number PDU (CSNP) lists all the link-state PDUs in the link-state database.

The original specification for IS-IS does not provide checksums for IIHs, CSNPs, and PSNPs.

RFC 3358, Optional Checksums in Intermediate System to Intermediate System (ISIS) introduced an optional type, length, and value (TLV) tuple that provides checksums for IIHs, PSNPs, and CSNPs.

Junos OS supports the checksumming TLV on a per-interface basis.

Example: Enabling Packet Checksums on IS-IS Interfaces

This example shows how to enable packet checksums for IS-IS interfaces.

Requirements

Before you begin, configure IS-IS on both routers. See Example: Configuring IS-IS for information about the sample IS-IS configuration.

Overview

Junos OS supports IS-IS checksums as documented in RFC 3358, Optional Checksums in Intermediate System to Intermediate System (ISIS).

IS-IS protocol data units (PDUs) include link-state PDUs, complete sequence number PDUs (CSNPs), partial sequence number PDUs (PSNPs), and IS-IS hello (IIH) packets. These PDUs can be corrupt due to faulty implementations of Layer 2 hardware or lack of checksums on a specific network technology. Corruption of length or type, length, and value (TLV) fields can lead to the generation of extensive numbers of empty link-state PDUs in the receiving node. Because authentication is not a replacement for a checksum mechanism, you might want to enable the optional checksum TLV on your IS-IS interfaces.

The checksum cannot be enabled with MD5 hello authentication on the same interface.

Figure 1 shows the topology used in this example.

Figure 1: IS-IS Checksum Topology

IS-IS Checksum Topology

This example describes the steps on Device R1.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Device R1

set protocols isis traceoptions file isisset protocols isis traceoptions flag allset protocols isis interface fe-1/2/0.1 checksum

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure IS-IS checksums:

  1. Enable checksums.
    [edit protocols isis interface fe-1/2/0.1]user@R1# set checksum
  2. (Optional) Enable tracing for tracking checksum operations.
    [edit protocols isis traceoptions]user@R1# set file isisuser@R1# set flag all

Results

From configuration mode, confirm your configuration by entering the show protocols commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

user@R1# show protocols
isis {traceoptions {file isis;flag all;}interface fe-1/2/0.1 {checksum;}}

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying Checksums

Purpose

Verify that checksums are performed.

Action

From operational mode, enter the show log isis | match checksum command.

user@R1> show log isis | match checksum
May 31 16:47:39.513267     sequence 0x49 checksum 0x8e64
May 31 16:47:39.513394     sequence 0x4e checksum 0x34b3
May 31 16:47:39.513517     sequence 0x50 checksum 0x9dcb
May 31 16:47:46.563781     sequence 0x45 checksum 0x7e1a
May 31 16:47:46.563970     sequence 0x46 checksum 0x226d
May 31 16:47:46.564104     sequence 0x52 checksum 0x99cd
May 31 16:47:46.581087     sequence 0x49 checksum 0x8e64
May 31 16:47:46.581222     sequence 0x4e checksum 0x34b3
May 31 16:47:46.581353     sequence 0x50 checksum 0x9dcb
May 31 16:47:55.799090     sequence 0x45 checksum 0x7e1a
May 31 16:47:55.799223     sequence 0x46 checksum 0x226d
May 31 16:47:55.799347     sequence 0x52 checksum 0x99cd
May 31 16:47:55.818255     sequence 0x49 checksum 0x8e64
May 31 16:47:55.818473     sequence 0x4e checksum 0x34b3
May 31 16:47:55.818606     sequence 0x50 checksum 0x9dcb
May 31 16:48:03.455816     sequence 0x49 checksum 0x8e64
May 31 16:48:03.455973     sequence 0x4e checksum 0x34b3

Meaning

The output shows that checksum information is captured in the IS-IS trace log file.

 

Related Documentation

 

Published: 2013-02-04

Previous Page Next Page