ISIS

ISIS on IOS & IOS-XR by Sudeb Das

AD value – 115

Hello 10 seconds, dead 30 seconds, DR sends hello every 3 seconds.

IS-IS routers share an area topology through link-state packets (LSPs) that allows them to build an LSPDB. IS-IS uses NET addresses to build the LSPDB topology.

NET Addressing – For ISIS the AFI uses values between 00 and 99, and the AFI 49 is a private number.

Read the NET address from right to left – 1st byte is SEL, Next 6-bytes as the system ID, and the remaining 1 to 13 bytes are the Area Address including AFI.  49.0001.1234.AAAA.AAAA.AAAA.00  –

 Area address = 49.0001.1234, System ID = AAAA.AAAA.AAAA, NSEL = 00

 NET addressing guidelines -

Two adjacent IS-IS routers with the same area addresses belong to the same area.

Every device in the same area must have a unique system ID.

IS-IS routers can have multiple NET addresses assigned to them but can have only one system ID.

CLNS - The Connectionless Network Service (CLNS) provides the mechanism for transporting protocol data units (PDUs), also known as packets, between nodes. In the OSI model, CLNS PDUs transport CLNP (connectionless network protocol) datagrams between CLNS peers.

ISIS neighbor states – 1. Down, 2. Initializing, 3. UP

Areas – OSPF provides connectivity between areas by allowing a router to participate in multiple areas, whereas IS-IS places the entire router and all its interfaces in a specific area.

IS-IS Router Types:

L1 routers:  Level 1 routers have no direct connectivity with another area. These routers maintain L1 link-state database. To route a packet to another area, an L1 router must forward the packet to L1-L2 router. They are equals to OSPF nonbackbone internal routers.

L2 routers: Level 2 routers are connecting the areas. These routers maintain a L2 link-state database. These routers are equals to OSPF backbone routers. L2 router can communicate with L2 routers in the same or a different area.

L1/L2 routers: L1/L2 routers maintain a separate L1 & L2 link-state database. These routers can connect to L1 and L2 routers. L1/L2 routers are equal to OSPF ABRs. L1/L2 routers do not advertise L2 routes to L1 routers.

ISIS Configuration – on IOS

Router(config)# router isis

 Router(config)# net 49.0123.1921.6800.2002.00

Router(config)# Interface g0/0

Router(config-if)# Ip router isis

ISIS configuration – on IOS-XR   (ipv4)

RP/0/RP0/CPU0: router(config)# router isis SUDEB

RP/0/RP0/CPU0: router(config-isis)# net 49.0123.0000.0000.0001.00

RP/0/RP0/CPU0: router(config-isis)# interface  GigabitEthernet 0 /3/0/0

RP/0/RP0/CPU0: router(config-isis-if)# address-family ipv4 unicast

L1 router with L1-L2 router - Creates L1 adjacency at both end.

L1-L2 router with L1-L2 router – Creates L1 & L2 (two) adjacencies between them.

L2 router with L1-L2 router – Creates L2 adjacency between them.

L1-L2 Router will receive all the L1 & L2 routes in routing table in respective of L1 or L2 –  

L2 router will receive all the L1 & L2 routes in routing table as L2 

L1 router will receive only L1 route & will not receive any L2 route in routing table. 

Show clns neighbors detail will show the area which the router belongs – 

Show clns interface will show the circuit type, level, metric, priority, DR id, l1 & l2 hellos. 

DIS (Designated intermediate system) –

On broadcast multi-access networks, a single router is elected as the DIS. There is no backup DIS elected. The DIS is the router that creates the pseudonode and acts on behalf of the pseudonode.

What is the Pseudonode (PSN)?

In order to reduce the number of full mesh adjacencies between nodes on multiaccess links, the multiaccess link itself is modeled as a pseudonode. This is a virtual node, as the name implies. The DIS creates the pseudonode. All routers on the broadcast link, including the DIS, form adjacencies with the pseudonode.

In IS-IS, a DIS does not synchronize with its neighbors. After the DIS creates the pseudonode for the LAN, it sends hello packets for each Level (1 and 2) every three seconds and CSNPs (Complete sequence number PDU) every ten seconds. The hello packets indicate that it is the DIS on the LAN for that level, and the CSNPs describe the summary of all the LSPs, including the LSP ID, sequence number, checksum, and remaining lifetime.

Election of the DIS - On a LAN

1.       One of the router elects itself the DIS, based on interface priority (the default is 64).

2.       If all interface priorities are the same, the router with the highest MAC address on a LAN, and the local data link connection identifier (DLCI) on a Frame Relay network.

Every IS-IS router interface is assigned both a L1 priority and a L2 priority in the range from 0 to 127. The DIS election is preemptive (unlike OSPF). If a new router boots on the LAN with a higher interface priority, the new router becomes the DIS. It purges the old pseudonode LSP and floods a new set of LSPs.

ISIS Database – LSPDB (The link-state packet database) –

The LSPDB contains all the LSPs, for a specific level, and L1-L2 routers will have two LSPDBs. All routers within the same level maintain an identical LSPDB.

LSPDB are shown with the command - show isis database [level-1 | level-2]

There are six LSPs and five routers in the topology. This is because five of the LSPs are non-pseudonode LSPs, and one of the LSPs (R5.02-00) is a pseudonode LSP for the 10.235.1.0/24 broadcast network.

LSP Holdtime – The remaining lifetime that the LSP remains valid on the router.

ATT: (Attachment bit) - Indicate if the originating router is attached to more than one areas.

Overload (OL) bit: If the originating router is experiencing a memory over-utilization, it will set this bit to the receiving router will then not use this router as the transit.

Link-State Packets -

LSPs are similar to OSPF LSAs, where they advertise neighbors and attached networks, except that IS-IS uses only two types of LSPs. L1 LSP & L2 LSP. IS-IS defines an LSP type for each level. L1 LSPs are flooded throughout the area from which they originate, and L2 LSPs are flooded throughout the L2 network. New LSP sends every 15 minutes & Max age value for a LSP is 20 minutes.

LSP ID contains – System ID, Pseudeonode ID, fragment ID.

LSP sequence –

IS router increments the sequence number to 1 every time it floods a LSP. A router will process only LSPs that contain a sequence

number greater than the one in the LSPDB. Same as OSPF LSA seq.   

ISIS splitting into multiple levels & areas -

Level 1–Level 2 (L1-L2) routers maintain a separate LSPDB for both levels. L1-L2 routers set the attached bit to their L1 LSPs, providing L1 routers connectivity to networks in a different area. If an L1 router does not have a route for a destination network, it searches for the closest router with the attached bit set in the LSP to forwarding traffic. Dividing routing into multiple domain & areas (for L1 router) will – Shrink the LSPDB, Shorten the SPF calculation, Allow summarization between ISIS levels.

Route Leaking - A technique that redistributes the L2 level routes into the L1 level. Route leaking normally uses a restrictive route map or route policy to control which routes are leaked. Leaked routes are interarea and external to the L1 area

Route leaking on XR –

route-policy PASS-ALL

pass

end-policy

router isis SUDEB

propagate level 2 into level 1 route-policy PASS-ALL

Route leaking on IOS -

router isis

redistribute isis ip level-2 into level-1 route-map PASS-ALL

route-map PASS-ALL permit 10

Passive interface –

Making the network interface passive still adds the network segment into the LSPDB, but prohibits the interface from forming IS-IS

adjacencies. A passive interface does not send out IS-IS traffic and will not process any received ISIS packets.

XR1 router isis CISCO net 49.0012.0000.0000.0001.00 interface Loopback0 passive address-family ipv4 unicast

router isis net 49.0012.0000.0000.0002.00 passive-interface GigabitEthernet0/0 interface GigabitEthernet0/0 ip router isis

ISIS authentication – ISIS supports plaintext & MD5 hash authentication.

ISIS Circuit type –

ISIS supports different circuit type than the specific level configure globally for a router. If the router level set at L1-L2 & we configure one interface as level 1 or level 2 it will form the level 1 only or level 2 only adjacencies with neighbor. If the router level configure as L2 or L1 only then setting one interface as L1 or L2 or L1-L2 will not override the router level & restrict the interface as per router level.

ISIS route types –

L2 routes from same area doesn’t advertise to L1 router. Once L1-L2 router connects to a different area router, the L1 router receive a default route from L1-L2 router which helps it to reach the same area as well as different area L2 & L1 routes.

Intra-area routes are routes that are learned from another router within the same level and area address.

Interarea routes are routes that are learned from another L2 router that came from an L1 router or from an L2 router from a different area address.

External routes are routes that are redistributed into the IS-IS domain. External routes can choose between two metric types:

Internal metrics are less value. External metrics cannot be comparable with internal path metrics and must be set in a route

map or route policy during redistribution. Internal metrics are always preferred to external metrics.

IS-IS best-path selection -

identifying the route with the lowest path metric for each stage:

1. L1 intra-area routes

L1 external routes with internal metrics

2. L2 intra-area routes

L2 external routes with internal metric

L1 --> L2 interarea routes

L1 --> L2 interarea external routes with internal metrics

3. Leaked routes (L2 --> L1) with internal metrics

4. L1 external routes with external metrics

5. L2 external routes with external metric

L1 --> L2 interarea external routes with external metrics

6. Leaked routes (L2 --> L1) with external metrics

Metric & Metric style –

Every interface has by default cost set to 10. You can change metric from range 1 – 63 and total max. cost of the path can be 1023.

Two types of metric : narrow and wide. Narrow is default and has limitations. Interface metric can be maximum of 63 (6 bits) and total cost cannot be more than 1023 (10 bits). Wide metric increases number of bits to 24. So cost can be set up to 1677214.

There is also transition type, where router accepts both narrow and wide metric style. If 1 side has narrow & other has wide then it can create problem.  Configuration –

XR & Router -

router isis Sudeb

metric-style narrow level 1                          

metric-style wide level 2

metric 50 level 1                                                               *for narrow we can’t set more than 63

metric 5000 level 2

Overload Bit -

The overload bit indicates when a router is in an overloaded condition. During the IS-IS SPF calculation, routers avoid sending traffic through routers that set the overload bit in LSPDB. Configuring overload-bit on an advertising router manually will prevent neighbor from learning other area routes through it. The overloaded-Bit will show as 1 on the neighbor router. Configuration -

XR & Router -

router isis Sudeb

set-overload-bit

Summarization -

Because all routers within a level must maintain an identical copy of the LSPDB, summarization occurs when routers enter an IS-IS level, such as -

L1 routes entering the L2 backbone | L2 routes leaking into the L1 backbone | Redistribution of routes into an area

XR -

router isis CISCO

summary-prefix 172.16.0.0/16

Router -

router isis

summary-address 172.31.0.0 255.255.0.0

Default route –

IS-IS uses the attached bit to provide a route of last resort for L1 routers to locate an L1-L2 router attached to the backbone.

In case L2 router needs to send a default route – the default-information originate command required.

XR -

router isis SUDEB

default-information originate

Router -

router isis

default-information originate