BRKRST-2315 (2019) (Is-Is)

#CLUS
Definitive Intermediate
System to Intermediate
System (IS-IS)
Elvin Arias, CCIE R&S #57406
Technical Consulting Engineer, Customer Delivery, CX, AMER
BRKRST-2315
#CLUS
Agenda
#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
Webex Teams will be moderated cs.co/ciscolivebot# BRKRST-2315

by the speaker until June 16, 2019.
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Introduction
L2
Initial Topology
L1-L2
49.BEEF
R7
L1-L2 L1-L2 L1-L2 L1-L2 L1-L2
R2 R4 R5 R6
R1
R3
L1-L2
L2
Final Topology
R7
49.CC1E 49.CCDE
L1 L1-L2 L2 L1-L2 L1
R2 R4 R5 R6
R1
R3
L1-L2
What is IS-IS? 
• Currently defined in the ISO/IEC standard 10589:2002
• IS-IS is a routing protocol of the link-state protocol family
• Offers many benefits such as:
• High scalability
• Extensibility
• Fast convergence
• Operational flexibility
CLNS vs. CLNP
• ConnectionLess Network Services (CLNS)
• Set of formal services provided at the L3 layer of the OSI model
• Analogous to the set of services provided by IPv4/IPv6
• ConnectionLess Network Protocol (CLNP)
• ISO protocol implementing the set of services mandated by CLNS
Note: Another L3 service exists, Connection-Oriented Network

Service (CONS), but there is no counterpart in the TCP/IP world
Networking Terminology: OSI vs. TCP
OSI TCP/IP
• System • Node
• End System • Host
• Intermediate System • Router
• Circuit • Interface / link
• Domain • Autonomous System
OSI Terminology on Display
OSI Address
Architecture and
Routing Overview
OSI Address Architecture
and Routing Overview
• OSI Address
Architecture
Network Service Access Point (NSAP)
Overview
• Defined in ISO/IEC 8348
• Addressing at the Network layer uses OSI Network Service Access
Point (NSAP)
• Represents a service in a particular system (node) in a domain
(autonomous system)
• A single NSAP address contains information about the node’s
autonomous system, area, node itself, and even the Layer4 service
• NSAP address has a variable length between 8-20 bytes,
depending on the chosen format
NSAP Characteristics
• NSAP address is assigned to the system as a whole, not to
individual interfaces (circuits), unlike IP addresses
• Consequence: There were no “networks of hosts”, just “hosts”
• Due to OSI heritage, IS-IS requires the use of NSAP address called
Network Entity Title (NET)
• NET is an NSAP address whose trailing byte (NSEL) is set to 0
• No two nodes residing within the same flooding scope can have
addresses in which the system ID fields are the same
NSAP Format
IDP DSP
AFI IDI HO-DSP System ID SEL
1 byte Variable length Variable length 8 bytes 1 byte
20 bytes maximum
• Note: AFI 49 is used for private addressing.
NSAP Fields
• Authority And Format Identifier (AFI)
• Identifies the overall format of the NSAP address
• Initial Domain Identifier (IDI)
• Identifies the domain or a set of domains
• High Order Domain Specific Part (HO-DSP)
• Identifies the particular domain or a part of it
• System Identifier (System ID)
• Uniquely identifies a node in a domain
• Network Selector (NSEL)
• Uniquely identifies a service on the node (00 = NET, no service, just the node itself)
NSAP – Authority and Format Identifier
• Authority and Format Identifier (AFI) is 1 octet in length
• Identifies how the rest of the NSAP address should be interpreted
• AFI 49 (private) or 47 (International Code Designator) are most
commonly used
AFI Authority
36 Public network
39 ISO DCC
45 ISDN
47 ICD
48
49 Local
50
Network Entity Title (NET)
Readability
• Start from right to left when reading NET
• IS-IS must always have a NET assigned for a node
• Note: Cisco IS-IS implementation requires at least 8 bytes of NET as

a minimum (1 octet for area, 6 bytes for system ID, 1 octet for NSEL)
net 49.0000.0000.0000.0001.00
AFI Area System ID NSEL

NSAP Format
• NSAPs are written in hex separated by dots, but the use of the dot is optional
and arbitrary
• The following NETs are the same:
1. 49.0000.0000.0000.0001.00
2. 49000000000000000100
3. 49.00.00.00.00.00.00.00.01.00
4. 4900.0000.0000.0000.0100
5. 4900.00000000.00000100
6. 4.900.0.000.000.000.000.100
Configuring NET: IOS-XE, NX-OS, IOS-XR
IS(config)# router isis 1
IS(config-router)# net 49.0012.0000.0000.0002.00
RP/0/0/CPU0:XR1# show isis protocol

IS-IS Router: 1
System Id: 0000.0000.0002
Instance Id: 0
IS Levels: level-1-2
Routing for area address(es):
49.0012
Configuring NET: NX-OS, IOS-[XR|XE]
router isis 1
Min length NET
net 00.0000.0000.0001.00
Area System ID SEL

RP/0/0/CPU0:XR1# show isis protocol
IS-IS Router: 1
System Id: 0000.0000.0001
IS Levels: level-1-2
Routing for area address(es):
00
Configuring NET: NX-OS, IOS-[XR|XE]
router isis 1
Other NET format
net 39.abcd.0012.0000.0000.0001.00
Area System ID SEL

R2# show isis protocol
Tag 1:
IS-IS Router: 1 (0x10000)
System Id: 0000.0000.0001.00 IS-Type: level-1-2
Manual area address(es):
39.abcd.0012
Basic IS-IS Configuration, Prefix Advertisement
OSI Address Architecture
and Routing Overview
• Routing Overview
IS (Router) Types
• Level-1: Intra-area router – Single Level-1 LSDB
• Level-1-2 (default): Intra-area and inter-area (backbone) capable
router – Level-1 and Leve-2 LSDB
• Level 2-only: Backbone capable router – Single Level-2 LSDB
• Note: By default, routers are Level-1-2 routers, if change is

required, is-type <LEVEL> can be used
Levels of Routing
• Level 1: Routing between ES nodes in a single area of a domain
(Intra-Area routing)
• Level 2: Routing between ES nodes in different areas of a domain
(Inter-Area routing – IS-IS backbone)
• Note: Per-level link state database (LSDB) is maintained
IS Type, L1-L2 LSDB
ISO CLNP Routing IS1
clns routing
Example !
router isis
net 49.0000.1111.1111.1111.00
Area 49.0000 !
interface Ethernet0/0
clns router isis
1111.1111.1111 !
interface Ethernet0/1
clns router isis
IS1
ES[10|20]
E0/0 E0/1
clns net 49.0000.XXXX.YYYY.ZZZZ.00
!
interface ethernet0/0
ES10 ES20 clns enable
! ES20
1010.1010.1010 ES10
2020.2020.2020 clns route default 49.0000.1111.1111.1111.00
ISO CLNP Routing
Verifications
IS1
IS1# show clns es-neighbors detail

System Id Interface State Type Format
1010.1010.1010 Et0/0 Up ES Phase V
Area Address(es): 49.0000
Uptime: 00:47:38
Interface name: Ethernet0/0
2020.2020.2020 Et0/1 Up ES Phase V
Uptime: 00:46:06
ISO CLNP Routing
Verifications
IS1# show isis database level-1 verbose
IS-IS Level-1 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
IS1.00-00 * 0x00000002 0x1BDB 755/* 0/0/0
Area Address: 49.0000
Hostname: IS1
Metric: 10 IS IS1.02
Metric: 10 IS IS1.01
Metric: 0 ES IS1
IS1.01-00 * 0x00000001 0x1D8D 755/* 0/0/0
Metric: 0 IS IS1.00
Metric: 0 ES 1010.1010.1010
IS1.02-00 * 0x00000001 0x77D6 755/* 0/0/0
Metric: 0 IS IS1.00
Metric: 0 ES 2020.2020.2020
ISO CLNP Routing
Verifications
IS1# show clns route
Codes: C - connected, S - static, d - DecnetIV
I - ISO-IGRP, i - IS-IS, e - ES-IS
B - BGP, b - eBGP-neighbor
C 49.0000.1111.1111.1111.00 [1/0], Local IS-IS NET

C 49.0000 [2/0], Local IS-IS Area
IS1# show clns cache

CLNS routing cache version 10
[Hash] Destination ->Next hop @ Interface : SNPA Address =>Rewrite / Length
[10] *49.0000.1010.1010.1010.00
->1010.1010.1010 @ Ethernet0/0 : aabb.cc00.0300
[20] *49.0000.2020.2020.2020.00
->2020.2020.2020 @ Ethernet0/1 : aabb.cc00.0100
ISO CLNP Routing
Verifications
IS1# which-route 49.0000.2020.2020.2020.00
Route look-up for destination 49.0000.2020.2020.2020.00
Found route in IS-IS level-1 routing table
Adjacency entry used:

System Id Interface SNPA State Holdtime Type Protocol
2020.2020.2020 Et0/1 aabb.cc00.0100 Up 268 IS ES-IS
Uptime: 00:18:25
ISO CLNP Routing
Verifications IS CLNP NH Address
ES10# show clns route default

Routing entry for Default Prefix
Known via "static", distance 10, metric 0, Dynamic Entry
Routing Descriptor Blocks:
via 49.0000.1111.1111.1111.00
CLNS FIB
static, route metric is 0
ES10# show clns cache

CLNS routing cache version 4
[Hash] Destination ->Next hop @ Interface : SNPA Address =>Rewrite / Length
[11] *49.0000.1111.1111.1111.00
->1111.1111.1111 @ Ethernet0/0 : aabb.cc00.0200
ISO CLNP Routing
Verifications
ES10# ping 49.0000.2020.2020.2020.00
Type escape sequence to abort.
Sending 5, 100-byte CLNS Echos with timeout 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
ES20# ping 49.0000.1010.1010.1010.00

Type escape sequence to abort.
Sending 5, 100-byte CLNS Echos with timeout 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
ES20#
ISO CLNP Routing
CLNP Echo-Request (ERQ)
Echo-Request
Destination NET
Source NET
ISO CLNP Routing
CLNP Echo-Response (ERP)
Echo-Response
Destination NET
Source NET
Deep Dive into IS-IS
Mechanics
Deep Dive into IS-IS Mechanics
• Packet Types and

Data Structures
(Type-Length-
Value)
IS-IS Packets
Packet Encapsulation
• IS-IS, unlike other routing protocols, is encapsulated directly into L2
• Wait… is it a L2 protocol? No! 
L2 IP OSPF
OSPF
L2 IP EIGRP
EIGRP
RIP L2 IP UDP RIP
L2 IP TCP BGP
BGP
IS-IS L2 IS-IS
IS-IS Packets
Communication
• IS-IS Packets are sent over Ethernet media using one of the following MAC
addresses:
Name Destination MAC
All L1 IS Devices 0180.c200.0014
All L2 IS Devices 0180.c200.0015
All IS Devices 0900.2b00.0005
All ES 0900.2b00.0004
• Note: Encapsulation is on top of L2, not IP or CLNP
IS-IS Packets
Packet Types Overview
• IS-IS Hello (IIHs)
• LAN Level1 IIH (15)
• LAN Level2 IIH (16)
• P2P IIH (17)
• Link State Packets (LSPs)
• Sequence Number Packets (SNPs)
• Partial Sequence Number Protocol Data Unit (PSNP) – 26/27
• Complete Sequence Number Protocol Data Unit (CSNP) – 24/25
IS-IS Packets
Common fields
• Every IS-IS packet carries a common header
IS-IS Packets (1)
Common fields
• Protocol Discriminator
• Network–layer protocol ID (NLPI) by ISO 9577, identifying the rest of the packet
• Always set to 0x83 for IS-IS
• Length indicator
• Length of the fixed header in octets
• Version/Protocol ID
• Always set to 1
• ID Length
• Length of the System ID
• If set to 0, it implies 6 octets
IS-IS Packets (2)
Common fields
• PDU Type
• Indicates the IS-IS packet type
• Version
• Always set to 1
• Reserved
• 1 octet for future use, always set to 0
• Maximum Area Addresses
• The maximum number of addresses assignable to a single area
• If set to 0, it implies a maximum of 3 area addresses
(Code) Type-Length-Values (TLVs) (1)
• IS-IS uses TLVs to carry information in IS-IS PDUs
• Maximum length is 257 bytes
• TLVs are what makes IS-IS extendible
• TLVs that are not recognized are ignored and forwarded to other IS
neighbors without change
Field Number of octets

Type 1
Length 1
Value LENGTH
(Code) Type-Length-Values (TLVs) (2)
TLV 129 indicates the routed
protocols supported.
TLV 1 Area
TLV 132 IPv4 interface
address
TLV 232 IPv6 interface address
Common TLVs
Area Address (1) Area in which the System resides
IS Reachability (2) A topological link to an adjacent IS
Padding (8) Primarily used to detect MTU

inconsistencies
Authentication (10) Authentication information for the PDU
IP Internal Reachability (128) Internal IPv4 prefixes router knows about
Protocols Supported (129) Network Layer Protocol Identifiers (NLPIs) of

Layer3 protocols supported by the router
IP External Reachability External IPv4 prefixes router knows
Dynamic Hostname (137) Name of router originating LSP
Sub-TLVs
• Sub-TLVs use the same concept as TLVs
• TLVs exist inside IS-IS packets while sub-TLVs exist inside TLVs
• TLVs are used to add extra information to IS-IS packets
• Sub-TLVs are used to add extra information to particular TLVs
• If unknown, sub-TLVs are ignored
Field Number of octets

Type 1
Length 1
Value Variable
Sub-TLVs
MPLS-TE Sub-TLVs
Encoding IP inside TLVs (1)
• RFC 1195 introduced TLVs for IP in IS-IS, hence Integrated IS-IS
• IS-IS packet types were introduced with:
• TLV 129: Protocols Supported (CLNS 0x81, IPv4 is 0xCC, IPv6 0x8E,
TRILL 0xC0)
• TLV 132: IPv4 Interface address
• TLV 128: IPv4 Internal Reachability Information
• TLV 130: IPv4 External Reachability Information
Encoding IP in TLVs (1)
• IP (or any other routed information) is encoded and transported in TLVs
• IIH: • IIH:
• TLV 129 IIH: “I support • TLV 129 IIH: “I support
protocols: 0xCC - IPv4” .1 .2 protocols: 0xCC - IPv4”
• TLV 1: Area: 49.BEEF • TLV 1: Area: 49.BEEF
R1 12.0.0.0/24 R2
• LSP • LSP
• TLV 2: IS Reachability: R2 • TLV 2: IS Reachability: R1
• TLV 128 IPv4 Internal • TLV 128 IPv4 Internal
Reachability: (List of IPv4 Reachability: (List of IPv4
prefixes advertised by R1) prefixes advertised by this
• TLV 130 IPv4 External router)
Reachability: (List of IPv4 • TLV 130 IPv4 External
prefixes advertised by this Reachability: (List of IPv4
router via redistribution) prefixes advertised by this
router via redistribution)
IS-IS Hello (IIH)
• IIHs are exchanged between IS neighbors on IS-IS enabled circuits
• Neighbor detection and maintenance
• Used for electing Designated Intermediate System (DIS) in
multiaccess networks
Type 17 - P2P Hello
• Bidirectional adjacency established via 3-way handshake

• IS-IS uses a single IIH packet type on point-to-point circuits
• Sent every 10 seconds by default (range 1 - 65535 seconds)
• Default hello multiplier (hold down) is 3
• Note: Timers do not need to match for adjacency to be established
P2P IIH Configuration: IOS-XR
XR1
.1 .2
router isis 1 XR1 12.0.0.0/24 R2
net 49.0000.0000.0000.0001.00
log adjacency changes
log pdu drops
address-family ipv4 unicast
!
interface GigabitEthernet0/0/0/0.12 Hold down = hello_int * multiplier (39)
point-to-point
hello-interval 13
hello-multiplier 3
P2P IIH Configuration: IOS-XE
R2
.1 .2
router isis 1 XR1 12.0.0.0/24 R2
net 49.0000.0000.0000.0002.00
!
interface ethernet0/0.12
isis hello-interval 3
isis hello-multiplier 11
Hold down = hello_int * multiplier (33)
P2P IIH
R2 Verification: IOS-XE
P2P IIH
R2# show isis neighbors (show clns neighbor)
Tag 1:
System Id Type Interface IP Address State Holdtime Circuit
XR1 L1L2 Et0/0.12 10.1.2.1 UP 35 00
Advertised holdtime from IS neighbor

P2P IIH
LAN IIH
Type 15/16 - LAN IIH
• IS-IS uses a hello packet on a per level basis
• Sent every 10 seconds by default (range 1 - 65535 seconds)
• Default hello multiplier (hold down) is 3
• Designated Intermediate System (DIS) uses one-third (1/3) of the
configured timers for hello and hold intervals
IS-IS Hello (IIH)
LAN IIH
router isis 1 (XR)
DIS
net 49.0000.0000.0000.0001.00
.1 .2
address-family ipv4 unicast XR1 R2
12.0.0.0/24
!
interface GigabitEthernet0/0/0/0.12
hello-interval 4 level 1
Separate LAN IIHs per Level
hello-interval 5 level 2
hello-multiplier 4 level 1
hello-multiplier 5 level 2
Link State Packets (LSP)
• Advertisement of network layer reachability information (NLRI) and
topological information
• The smallest element of a link state database is the entire LSP
• Data is stored on TLV records inside LSP
• Level 1 LSP (packet type 18)
• Level 2 LSP (packet type 20)
LSP Identification
• System ID – Identifies the router originating the LSP (6 octets)
• Pseudonode ID – Differentiates router LSPs from pseudonode LSPs
on broadcast networks (1 octet)
• LSP Number – Fragment number for LSP (1 octet)
• The combination of this triplet, System ID + Pseudonode ID +

Fragment ID is known as LSPID
• Every LSP must have a unique LSPID
LSP Structure
LSP Lifetime
LSP-ID
LSP Area
NLRI
System ID
Link State Packets (LSP) Pseudonode ID
LSP Structure
Fragment ID
RP/0/0/CPU0:XR1#show isis database
Tue Apr 16 23:35:29.958 UTC
IS-IS 1 (Level-1) Link State Database
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
XR1.03-00 * 0x00000021 0xf681 983 0/0/0
Seq # Chcksum Holdtime Attachment Partition repair Overload
LSP Structure: Sequence Number
• To distinguish between various versions of the same LSP, each LSP
has a sequence number
• Unsigned 32-bit integer starting at 0x00000001 through
0xFFFFFFFF (136 years to reach maximum if originated every
second) 
• Each modification of LSP increments the sequence number
• No sequence number wrap in IS-IS as opposed to OSPF
Partition Repair Bit
• Indicates if router supports partition repair
• Potential broken Level-1 could be repair through Level-2 router
• Not implemented by Cisco or any other vendors
Overload Bit (1)
• Initially designed for routers running out of system resources (CPU,
Memory)
• Potential transit blackhole routing through the particular router
• Set in the non-pseudonode LSP Fragment 0
• Reachability to the router should be achieve, but not through if
alternate paths exist
L2
Overload Bit (2)
R7
R2 - Out of service!
49.CC1E 49.CCDE
L1 L1-L2 L2 L1-L2 L1
R1 R2 R4 R5 R6
R3
L1-L2
Traffic goes through R3
Attachment Bit (1)
• Attached bit is the “magic bit”  used for inter-area routing
• ATT-bit is set when Level-2 capable router connects to an area
other than the locally set on the IS
• Level-1 router generates a default route to the nearest Level-1-2
capable router
L2
Attachment Bit (2)
R7
49.CC1E ATT-bit L1 LSP

49.CCDE
L1 L1-L2 L2 L1-L2 L1
R1 R2 R4 R5 R6
Default route
R3
L1-L2
ATT-bit L1 LSP
Complete Sequence Number Packets (CSNP)
• Used to advertise a complete list of LSPs in router’s LSDB
• After receiving a CSNP, the receiving router may decide to flood
a newer LSP if it has one, or request an LSP if it misses it
• Exchange of CSNPs depends on circuit type (broadcast or point-to-
point)
• For point-to-point links, CSNPs are only sent initially at adjacency
establishment
• For broadcast links, CSNPs are sent periodically by DIS
Complete Sequence Number Packets (CSNP)
Partial Sequence Number Packets (PSNP)
• Used to request or acknowledge a particular LSP
• “Sequence number” refers to the LSPID as an 8B unsigned
integer, not the LSP sequence number
• For point-to-point links, PSNPs are used as requests and
acknowledgments
• For broadcast links, PSNPs are used only for requests since
acknowledgments are done through CSNPs
Partial Sequence Number Packets (PSNP)
Why Sequence Number Packets?
• If more than one CSNP needs to be sent, the LSPs listed in these
CSNPs need to be advertised in ascending order
• CSNP has a start and end sequence number for the advertised LSPIDs
• If the CSNP does not advertise a particular LSPID falling into the
start/end interval, the router does not know about that LSP at all,
hence the need to define the start/end range
• If all LSPs can be listed in a single CSNP, start/end sequence numbers
are 0000.0000.0000.00-00 and FFFF.FFFF.FFFF.FF-FF
• Sequencing and ascending ordering is reason why the packets are
named Sequence Number Packets
Summary: CSNP vs. PSNP
• Both are used to facilitate LSDB sync
• CSNPs contain a list of all LSPs in sender’s LSDB (allowing the
recipient to compare this list to the index of its own LSDB)
• PSNP packets are used to request an LSP or acknowledge its
successful arrival
LSPID, TLVs, OL-bit
• Narrow and Wide

Metrics
IS-IS Metrics (1)
Metric types Only supported metric type
• Original IS-IS specification defines four different types of metrics:
• Default - Must be supported by all IS-IS implementations

• Delay – Transit delay of the link
• Expense – Monetary cost of transiting the link
• Error – Residual bit error of the link
• Ideally, SPF would run independently for each of these metrics and
result in four different Routing Information Bases (RIBs)
IS-IS Metrics (2)
10
E0/0
Ge1/0 10
R1 R2
Te2/0
10
Issue: Equal-cost multipath (ECMP)!

R2
IS-IS Metrics (3)
Default
• IOS-XE, IOS-XR assigns a default metric of 10 on interfaces
irrespective of their bandwidth
• NX-OS has automatic cost computation similar to OSPF
• Two types of default metrics exist: Narrow and Wide
• Routers with dissimilar metric types can become neighbors but will
ignore their common link during SPF computation
Narrow Metrics
• Default metric type in IS-IS (metric-style narrow command)
• RFC 1195 specific interfaces to be assigned with metric of 6 bits
wide (0-63)
• End-to-end path can be up to 10 bits wide (0-1023)
Exceeding Narrow Metrics range
R2(config-subif)#isis metric 999
Warning: for metrics greater than 63, 'metric-style wide' should
be configured on level-1-2, or it will be capped at 63.
Narrow Metrics (2) Narrow TLV 128
Default supported
.1 .2
XR1 12.0.0.0/24 R2
IS-IS Metrics
R2#show isis protocol
Tag 1:
IS-IS Router: 1 (0x10000)
System Id: 0000.0000.0002.00 IS-Type: level-1-2
Generate narrow metrics: level-1-2
Accept narrow metrics: level-1-2
Wide Metrics
• Introduced as a part of RFC 3784 (now RFC 5305) to expand
Narrow metrics range, hence ”Wide metrics”
• Extended IP and Extended Reachability TLVs were introduced
• Metric on per-link basis can be up to 24 bits
• End-to-end path cost can be up to 32 bits
• MPLS-TE, Multi-Topology IS-IS, and Segment Routing require use
of Wide metrics to encode attributes
Wide Metrics (2)
Wide Metrics TLV 135
Wide Metrics (3)
XR XE
router isis 1 router isis 1

address-family ipv4 unicast metric-style wide
metric-style wide
Metric Mismatch
• Routers can have metric type mismatched, but still form adjacencies
• Mismatched metrics result in lack of reachability
• Topology is computed based on TLV 2 IIS Neighbors, neighbor will
be seen, but no metric will be interpreted between routers
• The metric-style transition command can be configured in
case of mixed metric environment to advertise both metrics
.1 .2
XR1
XR1 12.0.0.0/24 R2
router isis 1
address-family ipv4 unicast R2
metric-style wide
router isis
metric-style narrow
Metric Mismatch
• Network Types
and Adjacencies
Network Types
• Two network interface types are supported:
• Broadcast – Default mode for Ethernet interfaces. DIS is required
• Point-to-Point – Only two IS can exist on the media. No DIS election
Note: Flooding is handled differently on broadcast vs. point-to-point

(more on this in the LSDB Sync section).
Point-to-Point: IOS-XR
router isis 1
interface GigabitEthernet0/0/0/0.12 .1 .2
[no] point-to-point XR1 12.0.0.0/24 R2
# Configuration in XR goes into the

# global router mode.
# Network type is a property of the
# interface.
# Negating point-to-point network
# means broadcast.
Point-to-Point: IOS-XE
interface Ethernet0/0.12
ip router isis .1 .2
[no] isis network point-to-point XR1 12.0.0.0/24 R2
# IOS, IOS-XE configuration for

# network type goes directly on the
# interface.
# Negating point-to-point network
# means broadcast.
Network Types
Adjacency States
• IS-IS only supports three possible adjacency states:
• Down (2) – Adjacency process starts here. No IIHs have been received
from neighbor
• Initializing (1) – IIHs are received from the neighbor, but it is not clear yet
if the neighbor receives our own IIHs
• Up (0) – IIHs are received from neighbor, and it is certain that the
neighbor is properly receiving this router’s IIHs
• Note: Adjacency process differs whether IS-IS circuit is broadcast or point-

to-point
Adjacencies
• In Broadcast networks
• Independent L1/L2 adjacencies are formed
• Separate per-level LAN IIH are sent independently
• DIS election is done on a per level basis
• In Point-to-Point networks
• A single adjacency is formed over the circuit
• A single P2P (serial) IIH is sent over the circuit
Adjacency Requirements (1)
Levels
Router Type L1 L1-L2 L2-only
L1 L1 IS will form L1 L1 IS will form L1 No adjacency

adjacency with L1 IS if adjacency with L1-L2 IS
their area ID match if their area ID match
L1-L2 L1-L2 IS will form L1 L1-L2 IS will form L1-L2 L2 adjacency. Area ID
adjacency with L1 IS if adjacency if area doesn’t matter
their area ID match matches, otherwise only
L2 adjacency will be
established
L2-only No adjacency L2 adjacency irrespective L2 adjacency irrespective

of their area ID of their area ID
How will the adjacency look like?
49.CC1E 49.CCDE
L1 L1
XR1 R2
49.CC1E 49.CCDE
L2 L2
XR1 R2
49.CC1E 49.CCDE
L1-L2 L1-L2
XR1 R2
49.CC1E
L1-L2 L1-L2
XR1 R2
Point-to-Point Adjacency (1)
• ISO 10589 assumed adjacency status Up as soon as a hello was
received
• Two-way handshake didn’t allow for detection of unidirectional link
issues over point-to-point networks prior adjacency establishment
Hello
• RFC 5303 introduced a three-way
handshake to solve this Up
.1 .2
XR1 12.0.0.0/24 R2
Down
Drop
Hello
Point-to-Point Adjacency (2)
• IS-IS assign a locally significant circuit ID for every interface the
process is enabled
• Point-to-Point circuit ID is independent of Broadcast circuit ID
• Original circuit ID is 1 octet, limited amount of interfaces to 256
• Three-way handshake (RFC 5303) introduces Extended Local
Circuit ID of 4 octets in length (used for three-way handshake
procedure)
Point-to-Point Adjacency - Three-way Handshake (1)
• Cisco (default) and IETF variants of the three-way handshake

• Fields used in the P2P IIH for three-way handshake are:
• Adjacency Three Way State
• Extended Local Circuit ID
• Neighbor System ID
• Neighbor Extended Local Circuit ID
• Cisco three-way handshake variant (isis three-way handshake
cisco)
1) IIH (Down)
.1 .2
XR1 12.0.0.0/24 R2
Down
2) IIH (Init)
3) IIH (Up)
• IETF three-way handshake variant (isis three-way handshake ietf)
System ID: R2
• System ID: XR1 Down •
• Adjacency State: Init
• Adjacency State:
Down
1) • Ext. Local Circuit ID:
0x100
• Ext. Local Circuit ID:
0x101
.1 .2 • Neighbor System ID:
XR1
XR1 12.0.0.0/24 R2 • Neighbor Ext. Local
• System ID: XR1 Circuit ID: 0x101
• Adjacency State: Up
• Ext. Local Circuit ID: 2)
0x100
• Neighbor System ID: Init
XR1
• Neighbor Ext. Local 3) Up
Circuit ID: 0x101
Multiaccess Interface Limit
• No three-way handshake is needed since MAC addresses are listed
in LAN IIH for the segment TLV 6 - IS Neighbors(s)
• Broadcast interfaces still have the 256 interface limitation
R2(config)#interface Ethernet0/0.257
R2(config-subif)# encapsulation dot1Q 257
R2(config-subif)# ip address 10.0.25.7 255.255.255.0
R2(config-subif)# ip router isis
ISIS: Maximum circuit limit (255) has reached.

ISIS: Cannot have more then 255 multi-point interfaces.
Adjacency over Broadcast networks (1)
• Level 1 LAN IIHs are sent with multicast MAC of 0180.c200.0014
• Level 2 LAN IIHs are sent with multicast MAC of 0180.c200.0015
• A router lists the MACs (SNPA) of each accepted IS neighbor on the
segment in its LAN IIHs
• DIS election is also performed using LAN IIHs
Adjacency over Broadcast networks (2)
• Neighbors are detected via LAN IIH
• IIH lists the routers MAC (SPNA) received in the hello packet
• System ID: XR1 • System ID: R2
1) • DIS: XR1 • DIS: R2
• Priority: 65 • Priority: 64
.1 .2
• System ID: XR1
• System ID: XR1 XR1 12.0.0.0/24 R2 • DIS: XR1
• DIS: XR1
• IS Neighbor(s): XR1 3)
IS Neighbor(s): R2
2) •
SPNA
SPNA
Up
Designated Intermediate System (DIS) (1)
• Without the DIS the graph is more complex
R1
R2 R3
R1 R2 R3
R5
R4
R4 R5 R6
R6
Multiaccess segment No Pseudonode
• With the DIS the graph is simplified to a collection of P2P links
towards the Pseudonode (PSN)
DIS
R1
R2 R3
PSN
R4 R5
R6
• DIS election is deterministic (preemptive)
• Criteria of selection of DIS is:
• Highest priority (default 64, range 0 – 127)
• Subnetwork Point of Attachment (SPNA) - MAC, DLCI, VPI/VCI
• System ID
• No backup DIS is elected, why? 
Circuit Limit, DIS, Pseudonode LSP
Adjacency Requirements
Adjacency-check
• Network type .1 .2
• Max-area-addresses XR1 12.0.0.0/24 R2
• IS-Type
• Area ID
• IPv4 Subnet
• MTU
• Authentication
• System ID
Network Type Mismatch .1 .2
XR1 12.0.0.0/24 R2
XE/R2
P2P Broadcast
ISIS-Adj: Sending L2 LAN IIH on Ethernet0/0.12, length 1497
ISIS-Adj: Rec serial IIH from 0cfb.128d.2001 (Ethernet0/0.12)
ISIS-Adj: cir type L1L2, cir id 00, length 1497
ISIS-Adj: Point-to-point IIH received on multi-point interface: ignored IIH
XR/XR1
%ROUTING-ISIS-7-ERR_RCV_PAKTYPE : Invalid IS-IS packet type 15 received on
GigabitEthernet0/0/0/0.12 SNPA aabb.cc00.0100 (inappropriate code)
%ROUTING-ISIS-7-ERR_RCV_PAKTYPE : Invalid IS-IS packet type 16 received on
GigabitEthernet0/0/0/0.12 SNPA aabb.cc00.0100 (inappropriate code)
Max-Area Mismatch .1 .2
XR1 12.0.0.0/24 R2
XE/R2 (debug isis adj-packets) 3 router isis

max-area-addresses 4
ISIS-Adj: Rec serial IIH from aabb.0000.0001 (Ethernet0/0.12)
ISIS-Adj: cir type L1L2, cir id 00, length 1497
ISIS-Adj: Max-area-addresses mismatch in serial IIH (cir type 3)
XR/XR1 (Terminal logging)

%ROUTING-ISIS-4-ERR_BAD_MAX_AREA_ADDR : Bad max area addresses (4, should be
0 or 3) from GigabitEthernet0/0/0/0.12 SNPA aabb.0000.0002
L1 L2
IS-Type .1 .2
XR1 12.0.0.0/24 R2
Broadcast Broadcast
XE/R2
ISIS-Adj: Sending L1 LAN IIH on Ethernet0/0.12, length 1497
ISIS-Adj: Rec L2 IIH from aabb.0000.0001 (Ethernet0/0.12)
ISIS-Adj: cir type L2, cir id 0000.0000.0001.03, length 1497, ht(39)
ISIS-Adj: is-type mismatch
L1 L1
Area ID (L1) .1 .2
XR1 12.0.0.0/24 R2
49.0000 49.0002
XE/R2(debug isis adj-packets)

ISIS-Adj: cir type L1, cir id 0000.0000.0001.05, length 1497, ht(39)
ISIS-Adj: Area mismatch, level 1 IIH on Ethernet0/0.12
Same IPv4 Subnet .1 .2
XR1 R2
10.1.2.0/24 192.0.2.0/24
XE/R2 (debug isis adj-packets)

ISIS-Adj: cir type L1L2, cir id 0000.0000.0001.05, length 1497, ht(39)
ISIS-Adj: No usable IP interface addresses in LAN IIH from Ethernet0/0.12
XR/XR1 (Terminal logging)

%ROUTING-ISIS-6-IIH_IF_ADDRESS : IIH received from GigabitEthernet0/0/0/0.12 SNPA
aabb.0000.0002 contains unusable IPv4 interface address: 192.0.2.2 not on same subnet as
local interface
IPv4 Subnet
• How can we solve this?
• The obvious and the best answer is to fix the configuration issue and put
both routers on the same subnet. Or…
• We can disable IS-IS adjacency-check  As IS-IS does not run over IP,
we can form adjacencies without being in the same subnet if needed
• Note: Routes would not be installed in the RIB, but IS-IS adjacency will be
formed
IPv4 Subnet
XR/XR1 XE/R2
router isis 1
router isis
adjacency-check disable no adjacency-check
RP/0/0/CPU0:XR1# show isis neighbors

Mon May 27 04:42:30.345 UTC
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
R2 Gi0/0/0/0.12 aabb.0000.0002 Up 8 L1L2 Capable
Total neighbor count: 1
MTU Mismatch
• If no MTU detection, LSDB synchronization can fail due to big LSP
exchanged over the link
• Hello padding can prevent this issue by avoiding adjacency to
established in the first place
LSP(>1500)
NLRI<1…>
NLRI<n…>
MTU 1500 Drop MTU 2000

.1 .2
XR1 12.0.0.0/24 R2
Hello Padding
• IS-IS pads hello packets to the
maximum MTU to detect MTU
mismatch issues
• Hello padding uses padding TLV 8 on
P2P IIH and LAN IIHs
• Padding is enabled by default, if
disabled, IOS still sends the first 5 IIHs
padded
Hello Padding (2)
• IOS XE • IOS XR
R1(config)#interface ethernet0/0.12 XR2(config)#router isis 1

XR2(config-isis)#interface gig0/0/0/0.12
R1(config-subif)#no isis hello padding XR2(config-isis-if)#hello-padding disable
#”sometimes” keyword sends hello’s padded at the

R1(config)#router isis adjacency formation only.
R1(config-router)#no hello padding
• Areas and Routing

Levels (Routing
Hierarchy)
Areas
• An area is an administrative partition of the subdomain
• Area membership is given by the configured NET
• Routers are part of an area as a whole
• A router with multiple NETs is not member of multiple areas, it is
member of a single area that has multiple area addresses (aliases)
• There are no special area types
Level-1
• Intra-area routing, that is, routing between ES nodes that are
members of the same area
• Complete visibility of intra-area topology
• To achieve inter area routing, Level-1 capable routers connect to
L1-L2 capable routers
Level-2 (1)
• Level-2 is inter-area routing in IS-IS
• Routing of between ES nodes that reside in different areas of the
same domain
• Complete visibility of the domain
• IS nodes do not advertise the list of connected ES, only the area
addresses (the NSAP part starting with AFI and ending just before
System ID) to connect between the areas
Level-2 (2)
• Level-2 is considered backbone for IS-IS
• A contiguous “chain” of Level-2 routers is required to maintain
backbone
• Loop prevention consists on Level-1 NLRI information passing to
Level-2 LSP, but not vice versa
• NLRI is hidden for Level-1; Level-2 capable routers will set the
ATT-bit if connected to other areas on the Level-1 LSP to achieve
inter-area routing
Level-1 Intra Area Routing
• Will R1 have R6 192.0.2.6/32 loopback in its RIB? L2
• Will R7 have R1 192.0.2.1/32 loopback in its RIB?
L2
49.CC1E R7
49.CCDE
L1 L1-L2 L2 L1-L2 L1
R1 R2 R4 R5 R6
R3
L1-L2
Level-2 Inter Area Routing
• R2 and R5 will set ATT-bit in Level-1 LSP to achieve inter area
L2 routing
• R1 and R6 will generate a default route towards the nearest Level-2 capable
router
49.CC1E R7
49.CCDE
L1 L1-L2 L2 L1-L2 L1
R1 R2 R4 R5 R6
R3
L1-L2
Areas, Levels, ATT-bit
• Link-State
Database under
Magnifying Glass
Flooding Events
• Event changes that cause flooding of new information is IS-IS
include:
• Adjacency state
• System ID
• Area ID
• DIS re-election
• Metric cost
• Note: If changes are triggered, entire LSP must be reflooded
Link State Database
• Link-State Database (LSDB) contents draw a detailed map of the
network topology within a particular scope
• IS-IS Level-1: The detailed topology (every single Level-1-capable
router and link) of an area
• IS-IS Level-2: The detailed topology of all Level-2-capable routers
and links in the domain, regardless of areas
• IS-IS maintains independent LSDBs for each level
• LSDB stores all Link State Packets (LSPs) of a particular level
• Level-1: All Level-1 LSPs originated by routers in the same area
• Level-2: All Level-2 LSPs originated by routers in the domain
Link-State Database Synchronization
• All routers operating at the same scope (Level-1 in the same area,
or Level-2) must have identical LSDB contents
• LSDB contents must be synchronized between routers at all times
• Synchronizing LSDB contents requires
• Exchanging LSPs during initial synchronization when a new
adjacency comes up, and anytime an LSP is updated
• Acknowledging exchanged LSPs using Partial SNPs
• On broadcast network types, using DIS as a synchronization
reference using Complete SNPs
LSDB Synchronization on point-to-point links (1)
• When a new adjacency comes up between two routers on a point-
to-point link, they synchronize their LSDBs in a simple way
• Each router schedules all LSPs to be sent to the neighbor
• If the received LSP is…
• New(er): Store it and schedule it for acknowledgment in a PSNP
• Identical: Schedule an acknowledgment in a PSNP
• Older: Schedule our own LSP to be flooded to the neighbor
• LSP stays scheduled for sending to the neighbor only if it is newer
LSDB Synchronization on point-to-point links (2)
• IS-IS specification in fact calls for an optimization of LSP flooding on
point-to-point links
• When the adjacency first comes up, routers should exchange
CSNPs once, in addition to scheduling all LSPs for sending
• Any LSP that is advertised as the same or newer in the CSNP
received from the neighbor should be unscheduled from sending
• As a result, each router will send only LSPs that are newer than the
neighbor’s, or are unknown by the neighbor entirely
LSDB Synchronization on broadcast networks (1)
• On broadcast networks, pairwise synchronization of a new router
with every existing neighbor would be both complex and useless
• Instead, DIS becomes the reference point for database
synchronization among all routers on the network
• Relying on transitivity: If I know the same as DIS, and if you know
the same as DIS, then I and you know the same, too
• Every router’s goal: Make the DIS LSDB and own LSDB identical
• As opposed to OSPF, all IS-IS routers on a broadcast network are
fully adjacent and accept LSPs from each other directly
• DIS is not a relay for LSPs, only a reference store
LSDB Synchronization on broadcast networks (2)
• DIS sends out an inventory of all its LSPs in periodic CSNPs
• Each router on the broadcast network compares its LSDB inventory
to the CSNP contents
• If the router knows about a(n)…
• Newer LSP: Just flood it onto the network. Other routers including
DIS will learn it, and DIS will advertise it in the upcoming CSNPs
• Identical LSP: Do nothing; treat the CSNP as an acknowledgment
of the flooded LSP
• Older LSP: Ask for an updated LSP using a PSNP; DIS will flood it
LSDB Synchronization – Closing remarks
• On point-to-point links
• All LSPs are scheduled for flooding unless unscheduled through one time
CSNPs (if the neighbor has the same or newer LSPs)
• PSNPs are used as acknowledgments
• On broadcast networks
• Only LSPs that are newer than the ones seen in periodic CSNPs, or missing
from them, are scheduled for flooding
• PSNPs are used to request newer LSPs from DIS
• LSPs are accepted between all neighbors directly
• LSPs are acknowledged only by DIS by including them in subsequent CSNPs
• Path Selection
and Route
Leaking
Path Selection
Route Types
• L1
• Internal
• External
• Inter-Area (ia)
• L2
• Internal
• External
Path Selection
Selection Criteria
• L1 route is always preferred over L2
• If routes are from the same Level, internal is preferred over external
• If routes are from the same Level, either internal or external, route
with lowest metric wins
• If routes are from the same Level, either internal or external and
same metric, load sharing will be performed
Route Leaking
• Two-level hierarchy rules must be followed, due to this, L1 routes
are leaked to L2 by default
• In certain scenarios, L2 routes should be leaked to L1 to avoid sub-
optimal routing or traffic engineering
• Route leaking TLVs 128 and 130 are defined for Narrow metrics
• Wide metrics uses TLV 135
• Up/down bits are set when route leaking is performed
Route Leaking
IPv6
IPv6 Routing in IS-IS (1)
• RFC 5308 introduced support for IPv6 routing with IS-IS
• New TLVs introduced to support IPv6
• IPv6 Reachability TLV, IPv6 Interface Address LTV, IPv6 NLPID
• Single topology and Multi topology operation
• Enabled with ipv6 router isis interface command
IPv6 Routing in IS-IS (2)
• IPv6 routing with IS-IS has two operation modes:
• Single Topology – IPv4/IPv6 topologies are directly mapped to each other,
single SPF run (default in XE) – mode multi-topology
• Multi Topology – IPv4/IPv6 topologies are independent to each other,
different SPF run (default in XR) – mode single-topology
• Note: Transition mode will describe both modes in the LSPs
IPv6
Security Hardening
Enhancements
Authentication (1)
• IIHs are authenticated independently from LSPs, CSNPs, and PSNPs
• Authentication is performed on each level independently
• All Level-1 capable routers within the same area must use the same
area password
• All Level-2 capable routers in any area must use the same domain
password
• Plain Text and HMAC-MD5 authentication modes are supported
Authentication (2)
• LSP
• The password used to authenticate a Level 1 LSP must be shared by all
Level 1 capable routers in the same area
• The password used to authenticate a Level 2 LSP must be shared by all
Level 2 capable routers across all areas
• IIH, SNP
• Packets are not flooded across area domain
• Can be different on different networks
Authentication (2) – LSPs, SNPs
• Legacy syntax (Plain Text Authentication Only)
• area-password
• domain-password
• Current syntax
• authentication mode (md5 | text) (level-1 | level-2)
• authentication key-chain <KEY CHAIN> (level-1 | level-2)
Authentication (3) – IIH
• Legacy syntax (Plain Text Authentication)
• isis password <TEXT> [level-1 | level-2]
• Current syntax (Cryptographic MD5)

• authentication mode {md5 | text} [level-1 | level-2]
• authentication key-chain <KEY-CHAIN> [level-1 | level-2]
Authentication
Optimizations
Features
Summarization
• Level-1-2 routers in the area area allowed to summarize the NLRI
• Level-1 routes cannot be summarized within an area unless
originating router is redistributing the IP prefixes
• Lowest metric of component is used for metric of the summary
• Summary-address command under router isis is used to
configure summarization
Logging Events
• IS-IS adjacency and LSPDU events are not logged by default in IOS-
XE or IOS-XR
• Useful for troubleshooting purposes
IOS-XR IOS-XE
router isis 1 router isis 1

log adjacency changes log-adjacency-changes all
log pdu drops
Dynamic Hostname
• TLV 137 identifies symbolic name of the router originating the LSPs
• Can be disabled if needed with the no dynamic hostname in IOS-XE
or hostname dynamic disable in IOS-XR under IS-IS router mode
• Use show isis hostname to check the list of System ID to hostname
mappings
RP/0/0/CPU0:XR1#show isis neighbors
Mon Jun 3 19:31:39.062 UTC
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-
NSF
0000.0000.0002 Gi0/0/0/0 0cfb.1241.8900 Up 20 L1L2 Capable
Prefix Suppression (1)
• If passive-interface feature is enabled, we can suppress
advertisement of prefixes by enabling advertise passive-only
in XE, XR
• Will suppress advertisement of all prefixes except the ones with
passive-interface command Prefix 1
Prefix 2
Prefix 3
Prefix <n…>
.1 .2
XR1 12.0.0.0/24 R2
Prefix Suppression (2)
• Prefixes can also be suppressed by using the no isis advertise
prefix command
• This serves the purpose of selective prefix suppression in IS-IS, in
case required
Prefix 1
Prefix 2
Prefix 3
Prefix <n…>
.1 .2
XR1 12.0.0.0/24 R2
Ignore-Attached-Bit
• In XE, this hidden command will not only ignore the ATT-bit
• XR uses the attached-bit receive ignore equivalent command
• IS will not use the ATT-bit to install default route towards nearest Level-
1-2 router
• Could be used in case route-leaking allows visibility of all prefixes in a
domain for Level-1
R2(config)#router isis 1
R2(config-router)#ignore-attached-bit
%PARSER-5-HIDDEN: Warning!!! ' ignore-attached-bit ' is a hidden

command. Use of this command is not recommended/supported and
will be removed in future.
IS-IS Tags (1)
• IS-IS tags can be enabled if Wide metrics are enabled in the domain
• Tag value is set under sub-TLV 1 for TLV 135
• Use the isis tag command under the interface to tag the prefixes
• Tagging using route-maps (XE) or route policy language (XR) can be
used for tagging when redistributing or leaking prefixes
IS-IS Tags (2)
route-policy TAG RP/0/0/CPU0:XR1#show isis database XR1.00-00 level 2
verbose
if destination in (1.1.1.1/32) then
IS-IS 1 (Level-2) Link State Database
set tag 1
LSPID LSP Seq Num LSP Checksum LSP
endif Holdtime ATT/P/OL
XR1.00-00 * 0x00000019 0x346d
end-policy 1115 0/0/0
Area Address: 49.0000
!
NLPID: 0xcc
router isis 1 Hostname: XR1
IP Address: 10.0.0.1
address-family ipv4 unicast Metric: 10 IS-Extended R2.00
Metric: 0 IP-Extended 1.1.1.1/32
redistribute connected route-policy TAG Admin. Tag: 1
ATT-bit Advertisement Control
• We can set the ATT-bit based on route-map policies
• Often used if all Level-1 and Level-2 routers share the same area
• If all routers are in the same area domain, no ATT-bit will be set
49.CC1E
L1 L1-L2 L2 L1-L2 L1
R1 XR2 R3 R5 R6
XR2
router isis 1
attached-bit send always-set
L1-L2 Backdoor Router (1)
• Level-1 routers can only communicate with other Level-1 routers on
different areas through Level-2 (backbone)
• There are cases where backdoor links are configured between
Level-1 routers on different areas,
• We can set the is-type level-1-2 backdoor command to
allow Level-2 adjacency between backdoor routers
• Note: ATT-bit will never be set when backdoor feature is enabled on

a router
L2
49.CC1E R7
49.CCDE
L1 L1-L2 L2 L1-L2 L1
R1 R2 R4 R5 R6
R3
L1-L2
L1-L2 Backdoor Router
L2
49.CC1E R7
49.CCDE
L1 L1-L2 L2 L1-L2 L1
R1 R2 R4 R5 R6
R3
L1-L2
Backdoor
• Initially, routing between area 49.0052 and 49.0056 must go
through L1-L2 R2 -> R3 -> R5 ->R6 and vice versa
• If a link is connected between R1 and R6, routing directly between
the two Level-1 areas is desirable
• Solution: Level-2 adjacency can be established between R1 and R6
without setting the ATT-bit, hence, is-type backdoor 
R1 R6
Interface ethernet0/0.16 Interface ethernet0/0.16
description backdoor description backdoor
ip address 10.1.6.1 255.255.255.0 ip address 10.1.6.6 255.255.255.0

isis circuit-type level-2 isis circuit-type level-2
router isis router isis
is-type level-1-2 backdoor is-type level-1-2 backdoor
Note: Same feature can be applied to XR by configuring the

attached-bit send never-set command under the IS-IS process
Adjacency Filter
• CLNS Adjacency Filter can be used in situations where we want to
prohibit the router from forming adjacencies with other IS-IS
enabled routers
clns filter-set XR1_NET deny 49.0000.0000.0000.0001.00
clns filter-set XR1_NET permit default
!
interface gigabitethernet1
isis adjacency-filter XR1_NET
%CLNS-5-ADJCHANGE: ISIS: Adjacency to XR1 (GigabitEthernet1) Down, hold

time expired
.1 .2
XR1 R2
CSNP over Point-to-Point
• IS-IS specification does not prohibit the periodic sending of CSNP
over P2P circuits
• XE, NX-OS, XR do not send periodic CSNP over P2P links by default
• The interface isis csnp-interval <0-65535> command can
be used in XE (In XR, under the interface under the router isis
<area-tag> mode)
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing on
demand after the event at ciscolive.cisco.com.
Continue your education
Demos in the
Walk-in labs
Cisco campus
Meet the engineer

1:1 meetings Related sessions
Thank you
#CLUS
#CLUS

BRKRST-2315 (2019) (Is-Is)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKRST-2315 (2019) (Is-Is)

Uploaded by

Copyright:

Available Formats

#CLUS

Webex Teams will be moderated cs.co/ciscolivebot# BRKRST-2315

L1-L2 L1-L2 L1-L2 L1-L2 L1-L2

Note: Another L3 service exists, Connection-Oriented Network

AFI IDI HO-DSP System ID SEL

1 byte Variable length Variable length 8 bytes 1 byte

• Note: AFI 49 is used for private addressing.

• Note: Cisco IS-IS implementation requires at least 8 bytes of NET as

AFI Area System ID NSEL

RP/0/0/CPU0:XR1# show isis protocol

Area System ID SEL

Area System ID SEL

• Note: By default, routers are Level-1-2 routers, if change is

• Note: Per-level link state database (LSDB) is maintained

IS1# show clns es-neighbors detail

IS-IS Level-1 Link State Database:

C 49.0000.1111.1111.1111.00 [1/0], Local IS-IS NET

IS1# show clns cache

Adjacency entry used:

ES10# show clns route default

ES10# show clns cache

ES20# ping 49.0000.1010.1010.1010.00

• Packet Types and

RIP L2 IP UDP RIP

All L1 IS Devices 0180.c200.0014

All L2 IS Devices 0180.c200.0015

All IS Devices 0900.2b00.0005

• Note: Encapsulation is on top of L2, not IP or CLNP

Field Number of octets

TLV 232 IPv6 interface address

IS Reachability (2) A topological link to an adjacent IS

Padding (8) Primarily used to detect MTU

IP Internal Reachability (128) Internal IPv4 prefixes router knows about

Protocols Supported (129) Network Layer Protocol Identifiers (NLPIs) of

Dynamic Hostname (137) Name of router originating LSP

Field Number of octets

• Bidirectional adjacency established via 3-way handshake

• Note: Timers do not need to match for adjacency to be established

Advertised holdtime from IS neighbor

• The combination of this triplet, System ID + Pseudonode ID +

Seq # Chcksum Holdtime Attachment Partition repair Overload

Traffic goes through R3

49.CC1E ATT-bit L1 LSP

• Narrow and Wide

• Original IS-IS specification defines four different types of metrics:

• Default - Must be supported by all IS-IS implementations

Issue: Equal-cost multipath (ECMP)!

Wide Metrics TLV 135

router isis 1 router isis 1

Note: Flooding is handled differently on broadcast vs. point-to-point

# Configuration in XR goes into the

# IOS, IOS-XE configuration for

• Note: Adjacency process differs whether IS-IS circuit is broadcast or point-

L1 L1 IS will form L1 L1 IS will form L1 No adjacency

L2-only No adjacency L2 adjacency irrespective L2 adjacency irrespective

• Cisco (default) and IETF variants of the three-way handshake

ISIS: Maximum circuit limit (255) has reached.

XE/R2 (debug isis adj-packets) 3 router isis

XR/XR1 (Terminal logging)

XE/R2(debug isis adj-packets)

XE/R2 (debug isis adj-packets)

XR/XR1 (Terminal logging)

RP/0/0/CPU0:XR1# show isis neighbors