Professional Documents
Culture Documents
Intermediate System-2-
Intermediate System
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
▪ IS-IS Introduction
▪ IS-IS Operation
▪ IS-IS LSDB
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
▪ Overlay Technologies and IS-IS (GRE, mGRE, DMVPN, GETVPN LISP)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Path Vector
BGP
Protocol
RIP
Distance Vector
Routing
Protocol
IGRP EIGRP
OSPF
Link State
Routing Protocol
IS-IS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
▪ Integrated Intermediate System-to-Intermediate System (IS-IS) routing protocol is a link-state Interior
▪ It is still very much alive and is used in the service provider environments and next-generation
networks of today.
▪ IS-IS was originally designed as the IGP for the Connectionless Network Service (CLNS), part of the OSI
protocol suite.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
▪ Types of nodes in OSI:
▪ IS-IS operates directly on Layer 2, using the Connectionless Network Protocol (CLNP) for
communication between intermediate systems. It is also a very flexible protocol and has been
extended to incorporate leading-edge features, such as Cisco Multiprotocol Label Switching Traffic
Engineering (MPLS TE).
▪ The Cisco IS-IS implementation is based on the IP routing capabilities described in the International
Organization for Standardization (ISO) / International Engineering Consortium (IEC) 10589 and Request
for Comment (RFC) 1195. IS-IS development began before the development of Open Shortest Path
First (OSPF), a protocol that has many similarities to IS-IS.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
▪ ISO specifications refer to routers as intermediate systems. Thus, IS-IS is a protocol that allows
routers to communicate with other routers. OSI CLNS is a network layer service similar to bare IP
service. A CLNS entity communicates over CLNP with its peer CLNS entity. IS-IS uses CLNS addresses to
identify the routers and to build the link-state database (LSDB).
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
▪ Level 2 area with Level 2-only routers in the core
▪ Level 2 area edge with Level 1-2 routers to connect to other areas using Level 1
▪ Level 1 areas with Level 1-only routers © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
▪ Each router then runs the Dijkstra's Shortest Path First (SPF) algorithm against its LSDB to choose the best paths. There is a
minimal amount of information that is communicated between areas, which reduces the burden on routers supporting the
protocol.
▪ IS-IS routing takes place at two levels within an AS—Level 1 and Level 2:
▪ Level 1 routing occurs within an IS-IS area. It recognizes the location of the end systems and intermediate systems,
and then it builds a routing table to reach each system. All devices in a Level 1 routing area have the same area
address. Routing within an area is accomplished by looking at the locally significant address portion (known as the
system ID) and choosing the lowest-cost path.
▪ Level 2 routers learn the locations of Level 1 routing areas and build an interarea routing table. All intermediate
systems on a Level 2 routing area use the destination area address to route traffic, using the lowest-cost path.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
▪ Each router holds the topology information for its own area only.
▪ IS-IS is part of OSI and was originally used with CLNS only; extended later for use with IP.
▪ IS-IS still uses CLNS to maintain adjacencies and build an SPF tree.
▪ Integrated IS-IS can also carry IPv4 and IPv6 routing information.
▪ The wide-style metric is used for large, high-speed service provider networks versus the legacy narrow-style
metric.
▪ Wide-style metric: New style, allowing 24-bit link metric and 32-bit path metric.
▪ Narrow-style metric: Old style, metric allowing 6-bit link metric and 10-bit path metric.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
▪ Adjacencies can be formed based on area assignment:
• Level 1 and Level 2 adjacencies can be formed between routers in the same area.
• Only Level 2 adjacencies can be formed between routers in different areas.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Type TLV Description
IP Internal Reachability
128 List IP addr/mask within the routing domain
Information
129 Protocols Supported Protocols supported by the originator (v4, v6,…)
IP External Reachability
130 List IP addr/mask external to the routing domain
Information
Inter
Carry information from external routing protocols
131 Domain Routing Protocol
transparently through the IS-IS domain
Information
132 IP Interface Address IP address of the interface out which the PDU was sent
133 Authentication Information Authentication type and information
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
▪ IS IS is a Layer 2 protocol and is not encapsulated in IP, thus it is hard if not impossible to attack Layer2 networks
remotely, IS IS is considered as more secure than OSPF.
▪ IS IS uses NET (Network Entity Title) address similar to OSPF Router ID.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
▪ When designing your IS-IS network, consider these points:
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Similarities Between
IS-IS and OSPF
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
▪ They are open-standard link-state routing protocols.
▪ They use similar mechanisms, such as link-state advertisements (LSAs), link-state aging timers, and LSDB
synchronization, to maintain the health of the LSDB.
▪ They use the SPF algorithm, with similar update, decision, and flooding processes.
▪ They are successful in the largest and most demanding deployments (service provider networks).
▪ Both can be deployed in enterprise and service provider environments. OSPF is a more likely candidate for
enterprise environments, while IS-IS realizes its advantages in large service provider networks.
▪ Both use the concept of areas and hierarchical architecture.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
OSPF ISIS
Host End System (ES)
Router Intermediate System (IS)
Link Circuit
Packet Protocol Data Unit (PDU)
Designated router (DR) Designated IS (DIS)
Backup DR (BDR) N/A (no BDIS is used)
Hello packet
IIH PDU
Database Description (DBD) Complete sequence number
PDU (CSNP)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
OSPF ISIS
Area Sub domain Level
Non backbone area Level 1 domain
Backbone area Level 2 domain (backbone)
Area border Router (ABR) L1 | L2 router
Autonomous System Boundary
Any IS
Router (ASBR)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
▪ Unlike IP addresses, CLNS addresses apply to entire nodes and not to interfaces. Because IS-IS was originally designed
for CLNS, IS-IS requires CLNS addresses, even if the router is only used for routing IP. CLNS addresses that are used by
routers are called NSAPs. One part of an NSAP address is the NSAP selector (NSEL) byte. When an NSAP is specified
with an NSEL of 0, the NSAP is called NET.
▪ An NSAP address identifies a system in the OSI network; an address represents an entire node, not an interface.
▪ Various NSAP formats are used in various systems, because different protocols may use different representations
of NSAP.
▪ NSAP addresses are a maximum of 20 bytes:
Higher-order bits identify the interarea structure.
Lower-order bits identify systems within an area.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
▪ IS-IS LSPs use NSAP addresses to identify the router and build the topology table and the underlying IS-IS routing tree;
therefore, IS-IS requires NSAP addresses to function properly, even if it is used only for routing IP.
▪ The NSAP address is equivalent to the combination of the IP address and upper-layer protocol in an IP header.
▪ NSAP addresses have a maximum size of 20 bytes. The higher-order bits identify the interarea structure, and the
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
▪ The Cisco implementation of Integrated IS-IS divides the NSAP address into three fields: the area address, system ID,
and NSEL. Cisco routers routing CLNS use addressing that conforms to the ISO 10589 standard.
▪ The authority and format identifier (AFI) and the initial domain identifier (IDI) make up the initial domain part
(IDP) of the NSAP address.
▪ The domain specific part (DSP) contributes to routing within an IS-IS routing domain. The DSP comprises the
high-order domain specific part (HO-DSP), the system ID, and the NSEL
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
▪ The simplest NSAP format, used by most companies that are running IS-IS as their IGP, comprises the following:
▪ The AFI, set to 49, which signifies that the AFI is locally administered and; therefore, individual addresses can
be assigned by the company
▪ The area identifier (ID); the octets of the area address following the AFI.
▪ System ID: Cisco routers that are compliant with the U.S. Government Open Systems Interconnection Profile (GOSIP)
▪ NSEL: NSEL must always be set to 0 for a router. NET is an NSAP address with an NSEL of 0.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
▪ The simplest NSAP format, used by most companies that are running IS-IS as their IGP, comprises the following:
▪ The AFI, set to 49, which signifies that the AFI is locally administered and; therefore, individual addresses can
be assigned by the company
▪ The area identifier (ID); the octets of the area address following the AFI.
▪ System ID: Cisco routers that are compliant with the U.S. Government Open Systems Interconnection Profile (GOSIP)
▪ NSEL: NSEL must always be set to 0 for a router. NET is an NSAP address with an NSEL of 0.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
IS-IS Routing Logic
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
• Level 1 router: For a destination address, compare
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
▪ Route leaking is a feature that allows selected Level 2 routes to leak in a controlled manner to Level 1 routers, which
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
▪ Route leaking helps reduce suboptimal routing by providing a mechanism for leaking, or redistributing, Level 2
information into Level 1 areas. With more detail about interarea routes, a Level 1 router is able to make a better
choice about which Level 1-2 router should receive the packet.
▪ The importance of the up/down bit in IS-IS loop prevention is demonstrated in the operation of router B. Because the
up/down bit is set, router B will not insert the route from the L1 database into its L2 database and, therefore, the
route will not be re-advertised into the backbone. This in turn will prevent possible routing loops for this route since
all areas are already getting that route via Level 2 routing.
▪ Leaked routes are referred to as interarea routes in the routing table and the IS-IS database. When you are viewing
the routing table, all the leaked routes are marked with an "IA" designation.
▪ Route leaking is defined in RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS, for use with the narrow
metric TLV types 128 and 130. The IETF has also defined route leaking for use with the wide metric (using TLV type
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
135).
▪ To implement route leaking, an up/down bit in the TLV is used to indicate whether the route that is identified in the
TLV has been leaked. If the up/down bit is set to 0, the route originated within that Level 1 area.
▪ If the up/down bit is set to 1, the route has been redistributed into the area from Level 2. The up/down bit is used
to prevent routing loops; a Level 1-2 router does not re-advertise (into Level 2) any Level 1 routes that have the
up/down bit set to 1.
▪ Route leaking should be planned and deployed carefully to avoid a situation in which any topology change in one area
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
IS-IS Operation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
• Generally, physical links can be placed in these two groups:
• Broadcast: Multiaccess subnetworks that support the addressing of a group of attached systems.
• Point-to-point: Permanent or dynamically established links.
— Broadcast Point-to-point
PPP, High-Level Data Link
Usage LAN, full-mesh WAN Control, partial-mesh
WAN
Hello timer 3.3 sec for Designated Intermediate System (DIS), else 10 sec 10 sec
Adjacencies n*(n-1)/2 n-1
Uses DIS Yes No
LSP and IS-IS Hello (IIH) Sent as multicast Sent as unicast
IIH type Level 1 IIH, Level 2 IIH Point-to-point IIH
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
▪ Hello PDU: This type of PDU is used to establish and maintain adjacencies:
▪ End system hello (ESH): Announces the presence of an end system. ESHs are sent by all end systems.
Intermediate systems (routers) listen for these hellos to discover the end systems.
▪ Intermediate system hello (ISH): Announces the presence of an intermediate system (router). ISHs are sent by
all intermediate systems. End systems listen for these hellos to discover the intermediate systems.
▪ IS-IS Hello (IIH): Enables the intermediate systems to detect IS-IS neighbors and form adjacencies.
▪ Partial sequence number PDU (PSNP): Used to acknowledge and request missing pieces of link-state information.
▪ Complete sequence number PDU (CSNP): Used to describe the complete list of LSPs in the LSDB of a router.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
▪ Link-state packet:
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
TLV Type Code Length Field Value Variable Length
Area address 1 Area ID length+1 Areas
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
• An LSP header includes these elements:
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
• It is used for LAN and multipoint WAN interfaces.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
• Level 1 and Level 2 LSP—IS-IS uses a two-level area hierarchy. • Level 1 and Level 2 IIH—IIHs are used to establish and
▪ The default hello interval for the DIS is three times faster (that
is, three times smaller) than the interval for the other routers
so that DIS failures can be quickly detected.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
IS-IS LSDB
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
▪ Routers in an IS-IS network flood LSPs to all their neighbors. All valid LSPs received by a router are stored in LSDB,
and they describe the topology of an area. Routers use this LSDB to calculate the shortest-path tree.
▪ Each router floods its LSPs to adjacent neighbors, and the LSPs are passed along unchanged to other adjacent routers
until all the routers in the area have received them. All the Level 1 LSPs received by one router in an area describe
the topology of the area. When a router receives a new LSP, it floods this LSP to its neighbors except the neighbor
that sent the new LSP.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
▪ Single-level routers maintain a single LSDB and one SPF calculation takes place, while Level 1 and Level 2 routers
maintain two LSDBs and two SPF calculations take place, which poses larger router resource requirements. This is not
very impactful on modern routers, which typically have plenty of RAM and CPU resources for such calculations.
▪ An IS-IS update process is responsible for flooding the LSPs throughout the IS-IS domain. An LSP is typically flooded to
all adjacent neighbors except the neighbor from which it was received. Level 1 LSPs are flooded within their local
areas. Level 2 LSPs are flooded throughout the backbone.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
▪ SNPs are used to acknowledge the receipt of LSPs and to
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Building an IP Routing Table
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
IS-IS Fast Convergence
▪ Similar convergence characteristic with OSPF, SPF,LSA
1. Detection
2. Propagation
3. Finding a new path
4. Installing new path to RIB and FIB
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
IS-IS Fast Convergence
▪ IS IS similar to OSPF, supports MPLS Traffic Engineering Fast Reroute, IP Traffic Engineering (LFA, Remote LFA) and also supports
▪ Since IS IS is used in many large Service Providers and FRR is mainly SP requirement, FRR features with IP and MPLS are first
introduced in IS IS.
router isis
is-type level1 | level2
metric-style wide
set-overload-bit on-startup 360
max-lsp-lifetime 65535
lsp-refresh-interval 65000
no hello padding
lsp-gen-interval M I E
spf-interval M I E
prc-interval M I E
fast-flood
log-adjacency-changes all
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Integrated IS-IS for
IPv6
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
▪ The Cisco IOS Software IS-IS implementation supports IPv6 routing for IS-IS networks running only IPv6 as well as both
▪ Cisco has added multitopology support to IS-IS to increase flexibility in IS-IS deployment within a dual-stack
environment. IS-IS can be deployed using two SPF instances, one for IPv4 and one for IPv6.
▪ Two TLVs are added in IS-IS for IPv6 support. These two TLVs are used to describe IPv6 reachability and IPv6 interface
addresses:
▪ IPv6 reachability TLV (0xEC or 236):
• Describes network reachability (routing prefix, metric, options)
• Equivalent to IPv4 internal and external reachability TLVs (type code 128 and 130)
• Not really suitable for an existing IPv4 IS-IS network where the customer wants to turn on scattered IPv6
support.
• If you use IS-IS for both IPv4 and IPv6, the IPv4 and IPv6 topologies must match exactly; you cannot run IS-IS IPv6
on some interfaces and IS-IS IPv4 on others.
• Will only form adjacencies with similarly configured routers. For example, an IS-IS IPv6-only router will not form
an adjacency with an IS-IS IPv4 or IPv6 router; the exception is over a Level 2-only interface.
• Cannot join two IPv6 areas via an IPv4-only area. Level 2 adjacencies will form, but IPv6 traffic will black-hole
in the IPv4 area.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
▪ Suppressing adjacency checking on intra-area links (Layer 1 links) is primarily done during a transition from single-
topology (IPv4) to multitopology (IPv4 and IPv6) IS-IS networks. Imagine that a service provider is integrating IPv6 into
a network and it is not practical to shut down the entire provider router set for a coordinated upgrade. Without
disabling adjacency checking—because routers were enabled for IPv6 and IS-IS for IPv6—adjacencies would drop with
IPv4-only routers, and IPv4 routing would be severely impacted. With consistency check suppression, IPv6 can be
turned up without impacting IPv4 reachability.
IOS XE IOS XR
router isis router isis 1
no adjacency-check address-family ipv6 unicast
adjacency-check disable
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
Multitopology IS-IS for IPv6
▪ IS-IS multitopology support for IPv6 allows IS-IS to maintain a set of independent topologies within a single area or
domain.
▪ This mode removes the restriction that all interfaces on which IS-IS is configured must support the identical set of
network address families. It also removes the restriction that all routers in the IS-IS area (for Level 1 routing) or
domain (for Level 2 routing) must support the identical set of network layer address families.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
Multitopology IS-IS for IPv6
▪ Multiple SPFs are performed, one for each configured topology. Therefore, connectivity existing among a subset of
the routers in the area or domain is sufficient for a given network address family to be routable.
▪ When multitopology support for IPv6 is used, use the metric-style wide Cisco IOS, Cisco IOS XE, and Cisco IOS XR
command to configure IS-IS to use new-style TLVs. TLVs used to advertise IPv6 information in LSPs are defined to use
only wide metrics.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
IS-IS configuration for
IPv4
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
IS-IS configuration
▪ A NET address identifies a device (an intermediate system or end system), and not an interface. This difference is a
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
IS-IS configuration
▪ Even if you use Integrated IS-IS only for IP routing, each IS-IS router must have a NET address configured because
Integrated IS-IS depends on the support of CLNS routing. Routers still establish CLNS adjacencies and use CLNS
packets.
▪ The OSI protocols (hello PDUs) are used to form the neighbor relationship between routers, and the SPF calculations
▪ A device identifies other devices within its own area, based on matching area addresses in their NET.
▪ A default route is injected into the area by the Level 1-2 router. If the area addresses do not match, the device
knows that it must forward that interarea traffic to its nearest Level 1-2 router.
▪ When you are using IS-IS to route IP traffic, IP subnets are treated as leaf objects that are associated with IS-IS
areas. When you are routing IP traffic, the router looks up the destination network in its routing table. If the network
belongs to a different area, that interarea traffic is normally forwarded to the nearest
© 2016 Level
Cisco and/or its affiliates. 1-2
All rightsrouter.
reserved. Cisco Confidential 61
IS-IS configuration
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
IS-IS configuration
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
IS-IS configuration
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
Route Summarization
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
IS-IS IPv4 Verification
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
IS-IS IPv4 Verification
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
IS-IS configuration for IPv6
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
IS-IS configuration for IPv6
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
IS-IS configuration for IPv6
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
Saturday´s challenges
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71
Saturday´s challenges
▪ Configure IS-IS on the CORE devices (PE-1-PE-4 & RR-1 and RR-2)
▪ Loopback 0 should be advertised into the IS-IS domain (Do not configure any interface level IS-IS command on Lo0)
▪ Assign Tag 2 to the host-routes of the Core/CEs devices with minimum amount of configuration
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
¡Thanks!