Professional Documents
Culture Documents
BRKRST-2315 (2019) (Is-Is)
BRKRST-2315 (2019) (Is-Is)
Definitive Intermediate
System to Intermediate
System (IS-IS)
Elvin Arias, CCIE R&S #57406
Technical Consulting Engineer, Customer Delivery, CX, AMER
BRKRST-2315
#CLUS
Agenda
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Introduction
L2
Initial Topology
L1-L2
49.BEEF
R7
R2 R4 R5 R6
R1
R3
L1-L2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
L2
Final Topology
R7
49.CC1E 49.CCDE
L1 L1-L2 L2 L1-L2 L1
R2 R4 R5 R6
R1
R3
L1-L2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
What is IS-IS?
• Currently defined in the ISO/IEC standard 10589:2002
• IS-IS is a routing protocol of the link-state protocol family
• Offers many benefits such as:
• High scalability
• Extensibility
• Fast convergence
• Operational flexibility
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
CLNS vs. CLNP
• ConnectionLess Network Services (CLNS)
• Set of formal services provided at the L3 layer of the OSI model
• Analogous to the set of services provided by IPv4/IPv6
• ConnectionLess Network Protocol (CLNP)
• ISO protocol implementing the set of services mandated by CLNS
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Networking Terminology: OSI vs. TCP
OSI TCP/IP
• System • Node
• End System • Host
• Intermediate System • Router
• Circuit • Interface / link
• Domain • Autonomous System
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
OSI Terminology on Display
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
OSI Address
Architecture and
Routing Overview
OSI Address Architecture
and Routing Overview
• OSI Address
Architecture
Network Service Access Point (NSAP)
Overview
• Defined in ISO/IEC 8348
• Addressing at the Network layer uses OSI Network Service Access
Point (NSAP)
• Represents a service in a particular system (node) in a domain
(autonomous system)
• A single NSAP address contains information about the node’s
autonomous system, area, node itself, and even the Layer4 service
• NSAP address has a variable length between 8-20 bytes,
depending on the chosen format
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
NSAP Characteristics
• NSAP address is assigned to the system as a whole, not to
individual interfaces (circuits), unlike IP addresses
• Consequence: There were no “networks of hosts”, just “hosts”
• Due to OSI heritage, IS-IS requires the use of NSAP address called
Network Entity Title (NET)
• NET is an NSAP address whose trailing byte (NSEL) is set to 0
• No two nodes residing within the same flooding scope can have
addresses in which the system ID fields are the same
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
NSAP Format
IDP DSP
20 bytes maximum
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
NSAP Fields
• Authority And Format Identifier (AFI)
• Identifies the overall format of the NSAP address
• Initial Domain Identifier (IDI)
• Identifies the domain or a set of domains
• High Order Domain Specific Part (HO-DSP)
• Identifies the particular domain or a part of it
• System Identifier (System ID)
• Uniquely identifies a node in a domain
• Network Selector (NSEL)
• Uniquely identifies a service on the node (00 = NET, no service, just the node itself)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
NSAP – Authority and Format Identifier
• Authority and Format Identifier (AFI) is 1 octet in length
• Identifies how the rest of the NSAP address should be interpreted
• AFI 49 (private) or 47 (International Code Designator) are most
commonly used
AFI Authority
36 Public network
39 ISO DCC
45 ISDN
47 ICD
48
49 Local
50
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Network Entity Title (NET)
Readability
• Start from right to left when reading NET
• IS-IS must always have a NET assigned for a node
net 49.0000.0000.0000.0001.00
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Configuring NET: IOS-XE, NX-OS, IOS-XR
IS(config)# router isis 1
IS(config-router)# net 49.0012.0000.0000.0002.00
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Configuring NET: NX-OS, IOS-[XR|XE]
router isis 1
Min length NET
net 00.0000.0000.0001.00
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Configuring NET: NX-OS, IOS-[XR|XE]
router isis 1
Other NET format
net 39.abcd.0012.0000.0000.0001.00
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Basic IS-IS Configuration, Prefix Advertisement
OSI Address Architecture
and Routing Overview
• Routing Overview
IS (Router) Types
• Level-1: Intra-area router – Single Level-1 LSDB
• Level-1-2 (default): Intra-area and inter-area (backbone) capable
router – Level-1 and Leve-2 LSDB
• Level 2-only: Backbone capable router – Single Level-2 LSDB
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Levels of Routing
• Level 1: Routing between ES nodes in a single area of a domain
(Intra-Area routing)
• Level 2: Routing between ES nodes in different areas of a domain
(Inter-Area routing – IS-IS backbone)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
IS Type, L1-L2 LSDB
ISO CLNP Routing IS1
clns routing
Example !
router isis
net 49.0000.1111.1111.1111.00
Area 49.0000 !
interface Ethernet0/0
clns router isis
1111.1111.1111 !
interface Ethernet0/1
clns router isis
IS1
ES[10|20]
E0/0 E0/1
clns net 49.0000.XXXX.YYYY.ZZZZ.00
!
interface ethernet0/0
ES10 ES20 clns enable
! ES20
1010.1010.1010 ES10
2020.2020.2020 clns route default 49.0000.1111.1111.1111.00
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
ISO CLNP Routing
Verifications
IS1
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
ISO CLNP Routing
Verifications
IS1# show isis database level-1 verbose
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
ISO CLNP Routing
Verifications
IS1# show clns route
Codes: C - connected, S - static, d - DecnetIV
I - ISO-IGRP, i - IS-IS, e - ES-IS
B - BGP, b - eBGP-neighbor
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
ISO CLNP Routing
Verifications
IS1# which-route 49.0000.2020.2020.2020.00
Route look-up for destination 49.0000.2020.2020.2020.00
Found route in IS-IS level-1 routing table
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
ISO CLNP Routing
Verifications IS CLNP NH Address
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
ISO CLNP Routing
Verifications
ES10# ping 49.0000.2020.2020.2020.00
Type escape sequence to abort.
Sending 5, 100-byte CLNS Echos with timeout 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
ISO CLNP Routing
CLNP Echo-Request (ERQ)
Echo-Request
Destination NET
Source NET
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
ISO CLNP Routing
CLNP Echo-Response (ERP)
Echo-Response
Destination NET
Source NET
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Deep Dive into IS-IS
Mechanics
Deep Dive into IS-IS Mechanics
L2 IP OSPF
OSPF
L2 IP EIGRP
EIGRP
L2 IP TCP BGP
BGP
IS-IS L2 IS-IS
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
IS-IS Packets
Communication
• IS-IS Packets are sent over Ethernet media using one of the following MAC
addresses:
Name Destination MAC
All ES 0900.2b00.0004
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
IS-IS Packets
Packet Types Overview
• IS-IS Hello (IIHs)
• LAN Level1 IIH (15)
• LAN Level2 IIH (16)
• P2P IIH (17)
• Link State Packets (LSPs)
• Sequence Number Packets (SNPs)
• Partial Sequence Number Protocol Data Unit (PSNP) – 26/27
• Complete Sequence Number Protocol Data Unit (CSNP) – 24/25
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
IS-IS Packets
Common fields
• Every IS-IS packet carries a common header
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
IS-IS Packets (1)
Common fields
• Protocol Discriminator
• Network–layer protocol ID (NLPI) by ISO 9577, identifying the rest of the packet
• Always set to 0x83 for IS-IS
• Length indicator
• Length of the fixed header in octets
• Version/Protocol ID
• Always set to 1
• ID Length
• Length of the System ID
• If set to 0, it implies 6 octets
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
IS-IS Packets (2)
Common fields
• PDU Type
• Indicates the IS-IS packet type
• Version
• Always set to 1
• Reserved
• 1 octet for future use, always set to 0
• Maximum Area Addresses
• The maximum number of addresses assignable to a single area
• If set to 0, it implies a maximum of 3 area addresses
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
(Code) Type-Length-Values (TLVs) (1)
• IS-IS uses TLVs to carry information in IS-IS PDUs
• Maximum length is 257 bytes
• TLVs are what makes IS-IS extendible
• TLVs that are not recognized are ignored and forwarded to other IS
neighbors without change
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
(Code) Type-Length-Values (TLVs) (2)
TLV 129 indicates the routed
protocols supported.
TLV 1 Area
TLV 132 IPv4 interface
address
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Common TLVs
Area Address (1) Area in which the System resides
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Sub-TLVs
• Sub-TLVs use the same concept as TLVs
• TLVs exist inside IS-IS packets while sub-TLVs exist inside TLVs
• TLVs are used to add extra information to IS-IS packets
• Sub-TLVs are used to add extra information to particular TLVs
• If unknown, sub-TLVs are ignored
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Sub-TLVs
MPLS-TE Sub-TLVs
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Encoding IP inside TLVs (1)
• RFC 1195 introduced TLVs for IP in IS-IS, hence Integrated IS-IS
• IS-IS packet types were introduced with:
• TLV 129: Protocols Supported (CLNS 0x81, IPv4 is 0xCC, IPv6 0x8E,
TRILL 0xC0)
• TLV 132: IPv4 Interface address
• TLV 128: IPv4 Internal Reachability Information
• TLV 130: IPv4 External Reachability Information
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Encoding IP in TLVs (1)
• IP (or any other routed information) is encoded and transported in TLVs
• IIH: • IIH:
• TLV 129 IIH: “I support • TLV 129 IIH: “I support
protocols: 0xCC - IPv4” .1 .2 protocols: 0xCC - IPv4”
• TLV 1: Area: 49.BEEF • TLV 1: Area: 49.BEEF
R1 12.0.0.0/24 R2
• LSP • LSP
• TLV 2: IS Reachability: R2 • TLV 2: IS Reachability: R1
• TLV 128 IPv4 Internal • TLV 128 IPv4 Internal
Reachability: (List of IPv4 Reachability: (List of IPv4
prefixes advertised by R1) prefixes advertised by this
• TLV 130 IPv4 External router)
Reachability: (List of IPv4 • TLV 130 IPv4 External
prefixes advertised by this Reachability: (List of IPv4
router via redistribution) prefixes advertised by this
router via redistribution)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
IS-IS Hello (IIH)
• IIHs are exchanged between IS neighbors on IS-IS enabled circuits
• Neighbor detection and maintenance
• Used for electing Designated Intermediate System (DIS) in
multiaccess networks
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Type 17 - P2P Hello
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
P2P IIH Configuration: IOS-XR
XR1
.1 .2
router isis 1 XR1 12.0.0.0/24 R2
net 49.0000.0000.0000.0001.00
log adjacency changes
log pdu drops
address-family ipv4 unicast
!
interface GigabitEthernet0/0/0/0.12 Hold down = hello_int * multiplier (39)
point-to-point
hello-interval 13
hello-multiplier 3
address-family ipv4 unicast
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
P2P IIH Configuration: IOS-XE
R2
.1 .2
router isis 1 XR1 12.0.0.0/24 R2
net 49.0000.0000.0000.0002.00
!
interface ethernet0/0.12
isis hello-interval 3
isis hello-multiplier 11
Hold down = hello_int * multiplier (33)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
P2P IIH
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
R2 Verification: IOS-XE
P2P IIH
R2# show isis neighbors (show clns neighbor)
Tag 1:
System Id Type Interface IP Address State Holdtime Circuit
XR1 L1L2 Et0/0.12 10.1.2.1 UP 35 00
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
LAN IIH
Type 15/16 - LAN IIH
• IS-IS uses a hello packet on a per level basis
• Sent every 10 seconds by default (range 1 - 65535 seconds)
• Default hello multiplier (hold down) is 3
• Designated Intermediate System (DIS) uses one-third (1/3) of the
configured timers for hello and hold intervals
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
IS-IS Hello (IIH)
LAN IIH
router isis 1 (XR)
DIS
net 49.0000.0000.0000.0001.00
.1 .2
address-family ipv4 unicast XR1 R2
12.0.0.0/24
!
interface GigabitEthernet0/0/0/0.12
hello-interval 4 level 1
Separate LAN IIHs per Level
hello-interval 5 level 2
hello-multiplier 4 level 1
hello-multiplier 5 level 2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Link State Packets (LSP)
• Advertisement of network layer reachability information (NLRI) and
topological information
• The smallest element of a link state database is the entire LSP
• Data is stored on TLV records inside LSP
• Level 1 LSP (packet type 18)
• Level 2 LSP (packet type 20)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Link State Packets (LSP)
LSP Identification
• System ID – Identifies the router originating the LSP (6 octets)
• Pseudonode ID – Differentiates router LSPs from pseudonode LSPs
on broadcast networks (1 octet)
• LSP Number – Fragment number for LSP (1 octet)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Link State Packets (LSP)
LSP Structure
LSP Lifetime
LSP-ID
LSP Area
NLRI
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
System ID
Link State Packets (LSP) Pseudonode ID
LSP Structure
Fragment ID
RP/0/0/CPU0:XR1#show isis database
Tue Apr 16 23:35:29.958 UTC
IS-IS 1 (Level-1) Link State Database
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
XR1.03-00 * 0x00000021 0xf681 983 0/0/0
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Link State Packets (LSP)
LSP Structure: Sequence Number
• To distinguish between various versions of the same LSP, each LSP
has a sequence number
• Unsigned 32-bit integer starting at 0x00000001 through
0xFFFFFFFF (136 years to reach maximum if originated every
second)
• Each modification of LSP increments the sequence number
• No sequence number wrap in IS-IS as opposed to OSPF
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Partition Repair Bit
• Indicates if router supports partition repair
• Potential broken Level-1 could be repair through Level-2 router
• Not implemented by Cisco or any other vendors
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Overload Bit (1)
• Initially designed for routers running out of system resources (CPU,
Memory)
• Potential transit blackhole routing through the particular router
• Set in the non-pseudonode LSP Fragment 0
• Reachability to the router should be achieve, but not through if
alternate paths exist
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
L2
Overload Bit (2)
R7
R2 - Out of service!
49.CC1E 49.CCDE
L1 L1-L2 L2 L1-L2 L1
R1 R2 R4 R5 R6
R3
L1-L2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Attachment Bit (1)
• Attached bit is the “magic bit” used for inter-area routing
• ATT-bit is set when Level-2 capable router connects to an area
other than the locally set on the IS
• Level-1 router generates a default route to the nearest Level-1-2
capable router
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
L2
Attachment Bit (2)
R7
R1 R2 R4 R5 R6
Default route
R3
L1-L2
ATT-bit L1 LSP
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Complete Sequence Number Packets (CSNP)
• Used to advertise a complete list of LSPs in router’s LSDB
• After receiving a CSNP, the receiving router may decide to flood
a newer LSP if it has one, or request an LSP if it misses it
• Exchange of CSNPs depends on circuit type (broadcast or point-to-
point)
• For point-to-point links, CSNPs are only sent initially at adjacency
establishment
• For broadcast links, CSNPs are sent periodically by DIS
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Complete Sequence Number Packets (CSNP)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Partial Sequence Number Packets (PSNP)
• Used to request or acknowledge a particular LSP
• “Sequence number” refers to the LSPID as an 8B unsigned
integer, not the LSP sequence number
• For point-to-point links, PSNPs are used as requests and
acknowledgments
• For broadcast links, PSNPs are used only for requests since
acknowledgments are done through CSNPs
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Partial Sequence Number Packets (PSNP)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Why Sequence Number Packets?
• If more than one CSNP needs to be sent, the LSPs listed in these
CSNPs need to be advertised in ascending order
• CSNP has a start and end sequence number for the advertised LSPIDs
• If the CSNP does not advertise a particular LSPID falling into the
start/end interval, the router does not know about that LSP at all,
hence the need to define the start/end range
• If all LSPs can be listed in a single CSNP, start/end sequence numbers
are 0000.0000.0000.00-00 and FFFF.FFFF.FFFF.FF-FF
• Sequencing and ascending ordering is reason why the packets are
named Sequence Number Packets
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Summary: CSNP vs. PSNP
• Both are used to facilitate LSDB sync
• CSNPs contain a list of all LSPs in sender’s LSDB (allowing the
recipient to compare this list to the index of its own LSDB)
• PSNP packets are used to request an LSP or acknowledge its
successful arrival
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
LSPID, TLVs, OL-bit
Deep Dive into IS-IS Mechanics
• Ideally, SPF would run independently for each of these metrics and
result in four different Routing Information Bases (RIBs)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
IS-IS Metrics (2)
10
E0/0
Ge1/0 10
R1 R2
Te2/0
10
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
IS-IS Metrics (3)
Default
• IOS-XE, IOS-XR assigns a default metric of 10 on interfaces
irrespective of their bandwidth
• NX-OS has automatic cost computation similar to OSPF
• Two types of default metrics exist: Narrow and Wide
• Routers with dissimilar metric types can become neighbors but will
ignore their common link during SPF computation
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Narrow Metrics
• Default metric type in IS-IS (metric-style narrow command)
• RFC 1195 specific interfaces to be assigned with metric of 6 bits
wide (0-63)
• End-to-end path can be up to 10 bits wide (0-1023)
Exceeding Narrow Metrics range
R2(config-subif)#isis metric 999
Warning: for metrics greater than 63, 'metric-style wide' should
be configured on level-1-2, or it will be capped at 63.
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Narrow Metrics (2) Narrow TLV 128
Default supported
.1 .2
XR1 12.0.0.0/24 R2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
IS-IS Metrics
R2#show isis protocol
Tag 1:
IS-IS Router: 1 (0x10000)
System Id: 0000.0000.0002.00 IS-Type: level-1-2
Generate narrow metrics: level-1-2
Accept narrow metrics: level-1-2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Wide Metrics
• Introduced as a part of RFC 3784 (now RFC 5305) to expand
Narrow metrics range, hence ”Wide metrics”
• Extended IP and Extended Reachability TLVs were introduced
• Metric on per-link basis can be up to 24 bits
• End-to-end path cost can be up to 32 bits
• MPLS-TE, Multi-Topology IS-IS, and Segment Routing require use
of Wide metrics to encode attributes
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Wide Metrics (2)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Wide Metrics (3)
XR XE
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Metric Mismatch
• Routers can have metric type mismatched, but still form adjacencies
• Mismatched metrics result in lack of reachability
• Topology is computed based on TLV 2 IIS Neighbors, neighbor will
be seen, but no metric will be interpreted between routers
• The metric-style transition command can be configured in
case of mixed metric environment to advertise both metrics
.1 .2
XR1
XR1 12.0.0.0/24 R2
router isis 1
address-family ipv4 unicast R2
metric-style wide
router isis
metric-style narrow
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Metric Mismatch
Deep Dive into IS-IS Mechanics
• Network Types
and Adjacencies
Network Types
• Two network interface types are supported:
• Broadcast – Default mode for Ethernet interfaces. DIS is required
• Point-to-Point – Only two IS can exist on the media. No DIS election
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Point-to-Point: IOS-XR
router isis 1
interface GigabitEthernet0/0/0/0.12 .1 .2
[no] point-to-point XR1 12.0.0.0/24 R2
address-family ipv4 unicast
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Point-to-Point: IOS-XE
interface Ethernet0/0.12
ip router isis .1 .2
[no] isis network point-to-point XR1 12.0.0.0/24 R2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Network Types
Adjacency States
• IS-IS only supports three possible adjacency states:
• Down (2) – Adjacency process starts here. No IIHs have been received
from neighbor
• Initializing (1) – IIHs are received from the neighbor, but it is not clear yet
if the neighbor receives our own IIHs
• Up (0) – IIHs are received from neighbor, and it is certain that the
neighbor is properly receiving this router’s IIHs
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Adjacencies
• In Broadcast networks
• Independent L1/L2 adjacencies are formed
• Separate per-level LAN IIH are sent independently
• DIS election is done on a per level basis
• In Point-to-Point networks
• A single adjacency is formed over the circuit
• A single P2P (serial) IIH is sent over the circuit
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Adjacency Requirements (1)
Levels
Router Type L1 L1-L2 L2-only
L1-L2 L1-L2 IS will form L1 L1-L2 IS will form L1-L2 L2 adjacency. Area ID
adjacency with L1 IS if adjacency if area doesn’t matter
their area ID match matches, otherwise only
L2 adjacency will be
established
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Adjacency Requirements (2)
How will the adjacency look like?
49.CC1E 49.CCDE
L1 L1
XR1 R2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Adjacency Requirements (3)
How will the adjacency look like?
49.CC1E 49.CCDE
L2 L2
XR1 R2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Adjacency Requirements (4)
How will the adjacency look like?
49.CC1E 49.CCDE
L1-L2 L1-L2
XR1 R2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Adjacency Requirements (5)
How will the adjacency look like?
49.CC1E
L1-L2 L1-L2
XR1 R2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Point-to-Point Adjacency (1)
• ISO 10589 assumed adjacency status Up as soon as a hello was
received
• Two-way handshake didn’t allow for detection of unidirectional link
issues over point-to-point networks prior adjacency establishment
Hello
• RFC 5303 introduced a three-way
handshake to solve this Up
.1 .2
XR1 12.0.0.0/24 R2
Down
Drop
Hello
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Point-to-Point Adjacency (2)
• IS-IS assign a locally significant circuit ID for every interface the
process is enabled
• Point-to-Point circuit ID is independent of Broadcast circuit ID
• Original circuit ID is 1 octet, limited amount of interfaces to 256
• Three-way handshake (RFC 5303) introduces Extended Local
Circuit ID of 4 octets in length (used for three-way handshake
procedure)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
Point-to-Point Adjacency - Three-way Handshake (1)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Point-to-Point Adjacency - Three-way Handshake (2)
• Cisco three-way handshake variant (isis three-way handshake
cisco)
1) IIH (Down)
.1 .2
XR1 12.0.0.0/24 R2
Down
2) IIH (Init)
3) IIH (Up)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Point-to-Point Adjacency - Three-way Handshake (3)
• IETF three-way handshake variant (isis three-way handshake ietf)
System ID: R2
• System ID: XR1 Down •
• Adjacency State: Init
• Adjacency State:
Down
1) • Ext. Local Circuit ID:
0x100
• Ext. Local Circuit ID:
0x101
.1 .2 • Neighbor System ID:
XR1
XR1 12.0.0.0/24 R2 • Neighbor Ext. Local
• System ID: XR1 Circuit ID: 0x101
• Adjacency State: Up
• Ext. Local Circuit ID: 2)
0x100
• Neighbor System ID: Init
XR1
• Neighbor Ext. Local 3) Up
Circuit ID: 0x101
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Point-to-Point Adjacency - Three-way Handshake (4)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Multiaccess Interface Limit
• No three-way handshake is needed since MAC addresses are listed
in LAN IIH for the segment TLV 6 - IS Neighbors(s)
• Broadcast interfaces still have the 256 interface limitation
R2(config)#interface Ethernet0/0.257
R2(config-subif)# encapsulation dot1Q 257
R2(config-subif)# ip address 10.0.25.7 255.255.255.0
R2(config-subif)# ip router isis
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Adjacency over Broadcast networks (1)
• Level 1 LAN IIHs are sent with multicast MAC of 0180.c200.0014
• Level 2 LAN IIHs are sent with multicast MAC of 0180.c200.0015
• A router lists the MACs (SNPA) of each accepted IS neighbor on the
segment in its LAN IIHs
• DIS election is also performed using LAN IIHs
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Adjacency over Broadcast networks (2)
• Neighbors are detected via LAN IIH
• IIH lists the routers MAC (SPNA) received in the hello packet
• System ID: XR1 • System ID: R2
1) • DIS: XR1 • DIS: R2
• Priority: 65 • Priority: 64
.1 .2
• System ID: XR1
• System ID: XR1 XR1 12.0.0.0/24 R2 • DIS: XR1
• DIS: XR1
• IS Neighbor(s): XR1 3)
IS Neighbor(s): R2
2) •
SPNA
SPNA
Up
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Designated Intermediate System (DIS) (1)
• Without the DIS the graph is more complex
R1
R2 R3
R1 R2 R3
R5
R4
R4 R5 R6
R6
Multiaccess segment No Pseudonode
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Designated Intermediate System (DIS) (2)
• With the DIS the graph is simplified to a collection of P2P links
towards the Pseudonode (PSN)
DIS
R1
R2 R3
PSN
R4 R5
R6
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Designated Intermediate System (DIS) (3)
• DIS election is deterministic (preemptive)
• Criteria of selection of DIS is:
• Highest priority (default 64, range 0 – 127)
• Subnetwork Point of Attachment (SPNA) - MAC, DLCI, VPI/VCI
• System ID
• No backup DIS is elected, why?
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Circuit Limit, DIS, Pseudonode LSP
Adjacency Requirements
Adjacency-check
• Network type .1 .2
• Max-area-addresses XR1 12.0.0.0/24 R2
• IS-Type
• Area ID
• IPv4 Subnet
• MTU
• Authentication
• System ID
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Adjacency Requirements
Network Type Mismatch .1 .2
XR1 12.0.0.0/24 R2
XE/R2
P2P Broadcast
ISIS-Adj: Sending L2 LAN IIH on Ethernet0/0.12, length 1497
ISIS-Adj: Rec serial IIH from 0cfb.128d.2001 (Ethernet0/0.12)
ISIS-Adj: cir type L1L2, cir id 00, length 1497
ISIS-Adj: Point-to-point IIH received on multi-point interface: ignored IIH
XR/XR1
%ROUTING-ISIS-7-ERR_RCV_PAKTYPE : Invalid IS-IS packet type 15 received on
GigabitEthernet0/0/0/0.12 SNPA aabb.cc00.0100 (inappropriate code)
%ROUTING-ISIS-7-ERR_RCV_PAKTYPE : Invalid IS-IS packet type 16 received on
GigabitEthernet0/0/0/0.12 SNPA aabb.cc00.0100 (inappropriate code)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Adjacency Requirements
Max-Area Mismatch .1 .2
XR1 12.0.0.0/24 R2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Adjacency Requirements
L1 L2
IS-Type .1 .2
XR1 12.0.0.0/24 R2
Broadcast Broadcast
XE/R2
ISIS-Adj: Sending L1 LAN IIH on Ethernet0/0.12, length 1497
ISIS-Adj: Rec L2 IIH from aabb.0000.0001 (Ethernet0/0.12)
ISIS-Adj: cir type L2, cir id 0000.0000.0001.03, length 1497, ht(39)
ISIS-Adj: is-type mismatch
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Adjacency Requirements
L1 L1
Area ID (L1) .1 .2
XR1 12.0.0.0/24 R2
49.0000 49.0002
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Adjacency Requirements
Same IPv4 Subnet .1 .2
XR1 R2
10.1.2.0/24 192.0.2.0/24
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Adjacency Requirements
IPv4 Subnet
• How can we solve this?
• The obvious and the best answer is to fix the configuration issue and put
both routers on the same subnet. Or…
• We can disable IS-IS adjacency-check As IS-IS does not run over IP,
we can form adjacencies without being in the same subnet if needed
• Note: Routes would not be installed in the RIB, but IS-IS adjacency will be
formed
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Adjacency Requirements
IPv4 Subnet
XR/XR1 XE/R2
router isis 1
router isis
address-family ipv4 unicast
adjacency-check disable no adjacency-check
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
R2 Gi0/0/0/0.12 aabb.0000.0002 Up 8 L1L2 Capable
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
MTU Mismatch
• If no MTU detection, LSDB synchronization can fail due to big LSP
exchanged over the link
• Hello padding can prevent this issue by avoiding adjacency to
established in the first place
LSP(>1500)
NLRI<1…>
NLRI<n…>
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Hello Padding (2)
• IOS XE • IOS XR
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Deep Dive into IS-IS Mechanics
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Level-1
• Intra-area routing, that is, routing between ES nodes that are
members of the same area
• Complete visibility of intra-area topology
• To achieve inter area routing, Level-1 capable routers connect to
L1-L2 capable routers
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Level-2 (1)
• Level-2 is inter-area routing in IS-IS
• Routing of between ES nodes that reside in different areas of the
same domain
• Complete visibility of the domain
• IS nodes do not advertise the list of connected ES, only the area
addresses (the NSAP part starting with AFI and ending just before
System ID) to connect between the areas
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
Level-2 (2)
• Level-2 is considered backbone for IS-IS
• A contiguous “chain” of Level-2 routers is required to maintain
backbone
• Loop prevention consists on Level-1 NLRI information passing to
Level-2 LSP, but not vice versa
• NLRI is hidden for Level-1; Level-2 capable routers will set the
ATT-bit if connected to other areas on the Level-1 LSP to achieve
inter-area routing
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 130
Level-1 Intra Area Routing
• Will R1 have R6 192.0.2.6/32 loopback in its RIB? L2
• Will R7 have R1 192.0.2.1/32 loopback in its RIB?
L2
49.CC1E R7
49.CCDE
L1 L1-L2 L2 L1-L2 L1
R1 R2 R4 R5 R6
R3
L1-L2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 131
Level-2 Inter Area Routing
• R2 and R5 will set ATT-bit in Level-1 LSP to achieve inter area
L2 routing
• R1 and R6 will generate a default route towards the nearest Level-2 capable
router
49.CC1E R7
49.CCDE
L1 L1-L2 L2 L1-L2 L1
R1 R2 R4 R5 R6
R3
L1-L2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
Areas, Levels, ATT-bit
Deep Dive into IS-IS Mechanics
• Link-State
Database under
Magnifying Glass
Flooding Events
• Event changes that cause flooding of new information is IS-IS
include:
• Adjacency state
• System ID
• Area ID
• DIS re-election
• Metric cost
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 135
Link State Database
• Link-State Database (LSDB) contents draw a detailed map of the
network topology within a particular scope
• IS-IS Level-1: The detailed topology (every single Level-1-capable
router and link) of an area
• IS-IS Level-2: The detailed topology of all Level-2-capable routers
and links in the domain, regardless of areas
• IS-IS maintains independent LSDBs for each level
• LSDB stores all Link State Packets (LSPs) of a particular level
• Level-1: All Level-1 LSPs originated by routers in the same area
• Level-2: All Level-2 LSPs originated by routers in the domain
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
Link-State Database Synchronization
• All routers operating at the same scope (Level-1 in the same area,
or Level-2) must have identical LSDB contents
• LSDB contents must be synchronized between routers at all times
• Synchronizing LSDB contents requires
• Exchanging LSPs during initial synchronization when a new
adjacency comes up, and anytime an LSP is updated
• Acknowledging exchanged LSPs using Partial SNPs
• On broadcast network types, using DIS as a synchronization
reference using Complete SNPs
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 137
LSDB Synchronization on point-to-point links (1)
• When a new adjacency comes up between two routers on a point-
to-point link, they synchronize their LSDBs in a simple way
• Each router schedules all LSPs to be sent to the neighbor
• If the received LSP is…
• New(er): Store it and schedule it for acknowledgment in a PSNP
• Identical: Schedule an acknowledgment in a PSNP
• Older: Schedule our own LSP to be flooded to the neighbor
• LSP stays scheduled for sending to the neighbor only if it is newer
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
LSDB Synchronization on point-to-point links (2)
• IS-IS specification in fact calls for an optimization of LSP flooding on
point-to-point links
• When the adjacency first comes up, routers should exchange
CSNPs once, in addition to scheduling all LSPs for sending
• Any LSP that is advertised as the same or newer in the CSNP
received from the neighbor should be unscheduled from sending
• As a result, each router will send only LSPs that are newer than the
neighbor’s, or are unknown by the neighbor entirely
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
LSDB Synchronization on broadcast networks (1)
• On broadcast networks, pairwise synchronization of a new router
with every existing neighbor would be both complex and useless
• Instead, DIS becomes the reference point for database
synchronization among all routers on the network
• Relying on transitivity: If I know the same as DIS, and if you know
the same as DIS, then I and you know the same, too
• Every router’s goal: Make the DIS LSDB and own LSDB identical
• As opposed to OSPF, all IS-IS routers on a broadcast network are
fully adjacent and accept LSPs from each other directly
• DIS is not a relay for LSPs, only a reference store
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
LSDB Synchronization on broadcast networks (2)
• DIS sends out an inventory of all its LSPs in periodic CSNPs
• Each router on the broadcast network compares its LSDB inventory
to the CSNP contents
• If the router knows about a(n)…
• Newer LSP: Just flood it onto the network. Other routers including
DIS will learn it, and DIS will advertise it in the upcoming CSNPs
• Identical LSP: Do nothing; treat the CSNP as an acknowledgment
of the flooded LSP
• Older LSP: Ask for an updated LSP using a PSNP; DIS will flood it
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
LSDB Synchronization – Closing remarks
• On point-to-point links
• All LSPs are scheduled for flooding unless unscheduled through one time
CSNPs (if the neighbor has the same or newer LSPs)
• PSNPs are used as acknowledgments
• On broadcast networks
• Only LSPs that are newer than the ones seen in periodic CSNPs, or missing
from them, are scheduled for flooding
• PSNPs are used to request newer LSPs from DIS
• LSPs are accepted between all neighbors directly
• LSPs are acknowledged only by DIS by including them in subsequent CSNPs
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
Deep Dive into IS-IS Mechanics
• Path Selection
and Route
Leaking
Path Selection
Route Types
• L1
• Internal
• External
• Inter-Area (ia)
• L2
• Internal
• External
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
Path Selection
Selection Criteria
• L1 route is always preferred over L2
• If routes are from the same Level, internal is preferred over external
• If routes are from the same Level, either internal or external, route
with lowest metric wins
• If routes are from the same Level, either internal or external and
same metric, load sharing will be performed
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 145
Route Leaking
• Two-level hierarchy rules must be followed, due to this, L1 routes
are leaked to L2 by default
• In certain scenarios, L2 routes should be leaked to L1 to avoid sub-
optimal routing or traffic engineering
• Route leaking TLVs 128 and 130 are defined for Narrow metrics
• Wide metrics uses TLV 135
• Up/down bits are set when route leaking is performed
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 146
Route Leaking
IPv6
IPv6 Routing in IS-IS (1)
• RFC 5308 introduced support for IPv6 routing with IS-IS
• New TLVs introduced to support IPv6
• IPv6 Reachability TLV, IPv6 Interface Address LTV, IPv6 NLPID
• Single topology and Multi topology operation
• Enabled with ipv6 router isis interface command
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 149
IPv6 Routing in IS-IS (2)
• IPv6 routing with IS-IS has two operation modes:
• Single Topology – IPv4/IPv6 topologies are directly mapped to each other,
single SPF run (default in XE) – mode multi-topology
• Multi Topology – IPv4/IPv6 topologies are independent to each other,
different SPF run (default in XR) – mode single-topology
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 150
IPv6
Security Hardening
Enhancements
Authentication (1)
• IIHs are authenticated independently from LSPs, CSNPs, and PSNPs
• Authentication is performed on each level independently
• All Level-1 capable routers within the same area must use the same
area password
• All Level-2 capable routers in any area must use the same domain
password
• Plain Text and HMAC-MD5 authentication modes are supported
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 153
Authentication (2)
• LSP
• The password used to authenticate a Level 1 LSP must be shared by all
Level 1 capable routers in the same area
• The password used to authenticate a Level 2 LSP must be shared by all
Level 2 capable routers across all areas
• IIH, SNP
• Packets are not flooded across area domain
• Can be different on different networks
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 154
Authentication (2) – LSPs, SNPs
• Legacy syntax (Plain Text Authentication Only)
• area-password
• domain-password
• Current syntax
• authentication mode (md5 | text) (level-1 | level-2)
• authentication key-chain <KEY CHAIN> (level-1 | level-2)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 155
Authentication (3) – IIH
• Legacy syntax (Plain Text Authentication)
• isis password <TEXT> [level-1 | level-2]
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 156
Authentication
Optimizations
Features
Summarization
• Level-1-2 routers in the area area allowed to summarize the NLRI
• Level-1 routes cannot be summarized within an area unless
originating router is redistributing the IP prefixes
• Lowest metric of component is used for metric of the summary
• Summary-address command under router isis is used to
configure summarization
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 159
Logging Events
• IS-IS adjacency and LSPDU events are not logged by default in IOS-
XE or IOS-XR
• Useful for troubleshooting purposes
IOS-XR IOS-XE
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 160
Dynamic Hostname
• TLV 137 identifies symbolic name of the router originating the LSPs
• Can be disabled if needed with the no dynamic hostname in IOS-XE
or hostname dynamic disable in IOS-XR under IS-IS router mode
• Use show isis hostname to check the list of System ID to hostname
mappings
RP/0/0/CPU0:XR1#show isis neighbors
Mon Jun 3 19:31:39.062 UTC
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-
NSF
0000.0000.0002 Gi0/0/0/0 0cfb.1241.8900 Up 20 L1L2 Capable
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 161
Prefix Suppression (1)
• If passive-interface feature is enabled, we can suppress
advertisement of prefixes by enabling advertise passive-only
in XE, XR
• Will suppress advertisement of all prefixes except the ones with
passive-interface command Prefix 1
Prefix 2
Prefix 3
Prefix <n…>
.1 .2
XR1 12.0.0.0/24 R2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
Prefix Suppression (2)
• Prefixes can also be suppressed by using the no isis advertise
prefix command
• This serves the purpose of selective prefix suppression in IS-IS, in
case required
Prefix 1
Prefix 2
Prefix 3
Prefix <n…>
.1 .2
XR1 12.0.0.0/24 R2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 163
Ignore-Attached-Bit
• In XE, this hidden command will not only ignore the ATT-bit
• XR uses the attached-bit receive ignore equivalent command
• IS will not use the ATT-bit to install default route towards nearest Level-
1-2 router
• Could be used in case route-leaking allows visibility of all prefixes in a
domain for Level-1
R2(config)#router isis 1
R2(config-router)#ignore-attached-bit
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 164
IS-IS Tags (1)
• IS-IS tags can be enabled if Wide metrics are enabled in the domain
• Tag value is set under sub-TLV 1 for TLV 135
• Use the isis tag command under the interface to tag the prefixes
• Tagging using route-maps (XE) or route policy language (XR) can be
used for tagging when redistributing or leaking prefixes
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 165
IS-IS Tags (2)
route-policy TAG RP/0/0/CPU0:XR1#show isis database XR1.00-00 level 2
verbose
if destination in (1.1.1.1/32) then
IS-IS 1 (Level-2) Link State Database
set tag 1
LSPID LSP Seq Num LSP Checksum LSP
endif Holdtime ATT/P/OL
XR1.00-00 * 0x00000019 0x346d
end-policy 1115 0/0/0
Area Address: 49.0000
!
NLPID: 0xcc
router isis 1 Hostname: XR1
IP Address: 10.0.0.1
address-family ipv4 unicast Metric: 10 IS-Extended R2.00
Metric: 0 IP-Extended 1.1.1.1/32
redistribute connected route-policy TAG Admin. Tag: 1
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 166
ATT-bit Advertisement Control
• We can set the ATT-bit based on route-map policies
• Often used if all Level-1 and Level-2 routers share the same area
• If all routers are in the same area domain, no ATT-bit will be set
49.CC1E
L1 L1-L2 L2 L1-L2 L1
R1 XR2 R3 R5 R6
XR2
router isis 1
address-family ipv4 unicast
attached-bit send always-set
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 167
L1-L2 Backdoor Router (1)
• Level-1 routers can only communicate with other Level-1 routers on
different areas through Level-2 (backbone)
• There are cases where backdoor links are configured between
Level-1 routers on different areas,
• We can set the is-type level-1-2 backdoor command to
allow Level-2 adjacency between backdoor routers
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 168
L1-L2 Backdoor Router (1)
L2
49.CC1E R7
49.CCDE
L1 L1-L2 L2 L1-L2 L1
R1 R2 R4 R5 R6
R3
L1-L2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 169
L1-L2 Backdoor Router
L2
49.CC1E R7
49.CCDE
L1 L1-L2 L2 L1-L2 L1
R1 R2 R4 R5 R6
R3
L1-L2
Backdoor
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 170
L1-L2 Backdoor Router (4)
• Initially, routing between area 49.0052 and 49.0056 must go
through L1-L2 R2 -> R3 -> R5 ->R6 and vice versa
• If a link is connected between R1 and R6, routing directly between
the two Level-1 areas is desirable
• Solution: Level-2 adjacency can be established between R1 and R6
without setting the ATT-bit, hence, is-type backdoor
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 171
L1-L2 Backdoor Router (5)
R1 R6
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Adjacency Filter
• CLNS Adjacency Filter can be used in situations where we want to
prohibit the router from forming adjacencies with other IS-IS
enabled routers
clns filter-set XR1_NET deny 49.0000.0000.0000.0001.00
clns filter-set XR1_NET permit default
!
interface gigabitethernet1
isis adjacency-filter XR1_NET
.1 .2
XR1 R2
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 173
CSNP over Point-to-Point
• IS-IS specification does not prohibit the periodic sending of CSNP
over P2P circuits
• XE, NX-OS, XR do not send periodic CSNP over P2P links by default
• The interface isis csnp-interval <0-65535> command can
be used in XE (In XR, under the interface under the router isis
<area-tag> mode)
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 174
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing on
demand after the event at ciscolive.cisco.com.
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 175
Continue your education
Demos in the
Walk-in labs
Cisco campus
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 176
Thank you
#CLUS
#CLUS