Isis

IS-IS
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net
Overview of IS-IS
An interior gateway protocol based on the SPF
algorithm
Uses link-state information to make routing decisions
Developed for routing ISO CLNP packets

IP was added later
Defined in ISO/IEC 10589, RFC 1142, RFC 1195, and
RFC 2763
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 2
Integrated IS-IS
M Series, MX Series, and T Series platforms do not
support native CLNP/CLNS routing
SRX Series and J Series platforms do support CLNP/CLNS
routing
Implementation of IS-IS for routing IP in addition to

CLNS, also called dual IS-IS
All routers run a single routing algorithm
IS-IS routers exchange link-state protocol data units
Similar to OSPF LSAs/link-state update packets
IS-IS PDUs are the packets used by the protocol to transmit
the informationnot IP
IP reachability information is included in the updates
www.juniper.net | 3
IS-IS Concepts
IS-IS network is a single autonomous system
End systems: Network entities (that is, hosts) that send and
receive packets
Intermediate systems: Network entities (that is, routers) that
send and receive packets and relay (that is, forward) packets
PDUs: Protocol data units; term for IS-IS packets
A single AS can be divided into smaller groups called

areas, which are organized hierarchically
Level 1 intermediate systems route within an area or toward
a Level 2 system
Attached bit
Level 2 intermediate systems route between areas and

toward other ASs
www.juniper.net | 4
Network Entity Title
www.juniper.net | 5
IS-IS and OSPF

Both IS-IS and OSPF:
Maintain link-state databases and construct a shortest
path tree
Dijkstra algorithm
Use hello packets to form and maintain adjacencies

Use a two-level hierarchy
Provide for address summarization between areas
Elect a designated router
Have authentication capabilities
www.juniper.net | 6
IS-IS Areas
www.juniper.net | 7
OSPF Areas
www.juniper.net | 8
LSP Format
Describes the state of adjacencies in neighboring
IS-IS routers
Flooded periodically throughout a level
Contains multiple TLV segments
Field length,
in bytes
Protocol
Identifier
Header
Length
Version
ID
Length
PDU
Type
Version
Reserved
Maximum
Area
Addresses
Variable
PDU
Headers
and TLVs
Variable
PDU
Length
Remaining
Lifetime
LSP ID
Sequence
Number
Checksum
ATT, OL, and

IS Type Bits
TLVs
www.juniper.net | 9
LSP Notes
PDU type field denotes an Level 1 or Level 2 PDU
Level 1 PDU = 18
Level 2 PDU = 20
LSP ID field provides uniqueness in the domain

Attached (ATT) bit is set if the IS is connected to
another area
Overload (OL) bit is set if the link-state database is
overloaded
IS type bits determine a Level 1 or Level 2 router
Level 1 router = 0x1
Level 2 router = 0x3
www.juniper.net | 10
Hello PDUs
The hello mechanism for neighbor discovery is used
to build and maintain adjacencies
Similar to the hello mechanism in OSPF
Separate hellos for:

Broadcast networks
Well-known multicast address used for Level 1 and Level 2 hellos
Point-to-point networks
IS-IS transmits hello PDUs at regular intervals

Hello PDUs:
Identify the device
Describe its capabilities
Describe the parameters of the interface
Link-State PDUs
Link-state PDUs
Used to build the link-state database
Similar to LSAs in OSPF
Separate LSPs for:

Level 1 systems
Level 2 systems
Sent as a result of a network change, during adjacency

formation, and in response to a sequence number PDU
(described on the next slide)
Link-state PDUs:
Identify an ISs adjacencies
Describe the state of its adjacencies
Describe its reachable address prefixes (routes)
Sequence Number PDUs

Partial sequence number PDU
Used to:
Maintain the LSDB synchronization
Acknowledge LSPs from a neighbor on a point-to-point network
Request a copy of a missing LSP on a broadcast network
Separate type for Level 1 and 2 systems

Contains specific header information for a particular LSP
being acknowledged or requested
Complete sequence number PDUs

Used to maintain the LSDB synchronization
Sent periodically by all ISs on point-to-point networks
Only sent by DIS on broadcast networks
Separate type for Level 1 and 2 systems

Contain header information for all LSPs in the ISs LSDB
Type/Length/Values
IS-IS information objects
Each piece of IS-IS information is defined as an object with
three attributes:
Object type: The predefined code for the type of information
contained in the object
Object length: The length of the information (allows for variablelength objects)
Object value: The actual information defined by the type attribute
TLVs are the building blocks of IS-IS PDUs, which are used
for information exchange
Some TLVs are used in multiple PDUs
Some TLVs are PDU-specific
Similar to OSPF packet-specific and LSA-specific fields

Some TLV Examples (1 of 2)

TLV Code
Defined in
ISO 10589
Area addresses
ISO 10589
IS neighbor metrics
ISO 10589
Neighbor LAN ID
ISO 10589
Padding
ISO 10589
LSP entries
10
ISO 10589
Authentication
22
RFC 5029
Extended IS reachability
128
RFC 1195
IP prefix, mask, and metrics
129
RFC 1195
Protocols supported
Used for
Some TLV Examples (2 of 2)

TLV Code
Defined in
130
RFC 1195
IP external information
132
RFC 1195
IP interface address
135
RFC 3784
Extended IP reachability
137
RFC 2763
Dynamic hostname mapping
222
RFC 5311
Multiple topologies (routing instances)
229
RFC 5311
232
RFC 5308
IPv6 support
235
RFC 3784
236
RFC 5308
IPv6 support
Used for
TLV 1Area Address

Advertises the area ID of the originating router
(1-byte) TLV type
(1-byte) TLV length
(1-byte) Area length
Repeated for each configured area
(Variable) Area ID
Ranges from 1 to 13 bytes
Repeated for each configured area
TLV 2IS Reachability

Describes the IS neighbors of the local router
Metric cost to each neighbor is advertised
Metric and neighbor ID fields are repeated for each neighbor
(1-byte) TLV type
(1-byte) TLV length
(1-byte) Virtual flag
(1-byte) R (Reserved) bit, I/E bit, default metric
(1-byte) S (Supported) bit, I/E bit, delay metric
(1-byte) S (Supported) bit, I/E bit, expense metric
(1-byte) S (Supported) bit, I/E bit, error metric
(7-byte) Neighbor ID
TLV 10Authentication
Encodes authentication data to ensure that only
trusted information is placed into the LSDB
(1-byte) TLV type
(1-byte) TLV length
(1-byte) Authentication type
(Variable) Password
TLV 22Extended IS Reachability

Advertises additional capabilities and information
about IS neighbors
Larger metric values
Traffic engineering parameters
Information repeated for each neighbor (system ID)
(1-byte) TLV type
(1-byte) TLV length
(7-byte) System ID
(3-byte) Wide metric
(1-byte) Sub-TLV length
(Variable) Sub-TLVs
TLV 128IP Internal Reachability

Describes the internal IP information of the local
router
IP prefix and metric advertised
Information repeated for each prefix
(1-byte) TLV type
(1-byte) TLV length
(1-byte) U/D bit, I/E bit, default metric
(1-byte) S (Supported) bit, R (Reserved) bit, delay metric
(1-byte) S (Supported) bit, R (Reserved) bit, expense metric
(1-byte) S (Supported) bit, R (Reserved) bit, error metric
(4-byte) IP address
(4-byte) Subnet mask
TLV 129Protocols Supported

Describes the Layer 3 protocols supported by the
local router
(1-byte) TLV type
(1-byte) TLV length
(1-byte) Network Layer Protocol ID
Repeated for each supported protocol
TLV 130IP External Reachability

Describes the external IP information of the local
router
IP prefix and metric advertised
(1-byte) TLV type
(1-byte) TLV length
(1-byte) U/D bit, I/E bit, default metric
(1-byte) S (Supported) bit, R (Reserved) bit, delay metric
(1-byte) S (Supported) bit, R (Reserved) bit, expense metric
(1-byte) S (Supported) bit, R (Reserved) bit, error metric
(4-byte) IP address
(4-byte) Subnet mask
TLV 132IP Interface Address

Advertises the IP address of the local routers
interface
IPv4 address field is repeated for each advertised address
(1-byte) TLV type
(1-byte) TLV length
(4-byte) IPv4 address
TLV 134TE IP Router ID

Advertises the traffic engineering router ID of the local
router
(1-byte) TLV type
(1-byte) TLV length
(4-byte) Router ID
TLV 135Extended IP Reachability

Advertises information about the local routers IP
reachability
Larger metric values
(1-byte) TLV type
(1-byte) TLV length
(4-byte) Metric
(1-byte) Up/Down bit, Sub bit, and prefix length
(Variable) Prefix
(1-byte) Optional sub-TLV type
(1-byte) Optional sub-TLV length
(Variable) Optional sub-TLV
TLV 137Dynamic Hostname

Advertises the ASCII hostname of the router to the
network
(1-byte) TLV type
(1-byte) TLV length
(Variable) Hostname
Link-State PDU TLVs

TLV 1
TLV 134
TLV 129
TLV 132
TLV 2 small
metrics
TLV 137
subTLV 6
TLV 22 wide metrics
subTLV 8
TLV 128 small
metrics
TLV 135 wide metrics
TLV 135
TLV 130
TLV 10
Neighbors and Adjacencies

IS-IS adjacency rules:
Level 1 routers never form
an adjacency with a
Level 2 router
The reverse is also true
For Level 1 adjacencies,

area IDs must be the
same
For Level 2 adjacencies,
area IDs can be different
Designated Intermediate System

IS-IS elects a DIS on broadcast/multi-access networks
In a priority tie, the system with the highest SNPA/MAC
address wins the DIS election
Separate DIS is elected for L1 and L2 (could be the same
router)
The IS-IS network is considered a routercalled a

pseudo-node
Each router advertises a single link to the pseudo-node,
including the DIS
Each router forms an adjacency with each of its neighbors on a
broadcast, multi-access network
DIS characteristics:
DIS acts as representative of the pseudo-node and advertises
the pseudo-node to all attached routers
No backup DIS in IS-IS
Troubleshooting IS-IS Adjacencies

If no adjacency exists, check for:
Physical Layer and Data Link Layer connectivity
Mismatched areas (if L1 router) and levels
Failure to support minimum protocol MTU of 1492
Lack of IP configuration on interfaces
Lack of, or malformed, ISO-NET
No NET configured
Failure to include lo0 as an IS-IS interface
Configuring IS-IS (1 of 2)
You must include the ISO family on all interfaces on
which you want to run IS-IS and a NET on one of the
routers interfaces (usually lo0)
[edit]
user@router# show interfaces
ge-0/1/0 {
unit 0 {
family iso;
family inet {
address 10.0.24.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.2.1/32;
}
family iso {
address 49.0001.0192.0168.0201.00;
}
}
}
Configuring IS-IS (2 of 2)
[edit protocols]
user@router# set isis interface ge-0/0/0.0 level 1 disable
[edit protocols]
user@router# set isis interface at-0/1/1.100 level 2 disable
[edit protocols]
user@router# show
isis {
interface ge-0/0/0.0 {
level 1 disable;
}
interface at-0/1/1.100 {
level 2 disable;
}
interface lo0.0 {
level 2 disable;
}
}
IS-IS Metric
Metric of an interface indicates the overhead required
to send packets out a particular interface
Default IS-IS metric for all links is 10
Includes passive interfaces
Exception is the loopback interface
Default metric is 0
Can set metric on a per-interface basis

Each level on an interface can also have a different metric
[edit protocols]
user@router# show
isis {
interface so-0/0/0.0 {
level 2 metric 10;
level 1 metric 20;
}
level 2 metric 5;
}
}
Reference Bandwidth
You can change the interface cost to use the formula
reference-bandwidth/bandwidth
Automatically alters the cost of interfaces
Allows for a consistent change across all interfaces
Use the reference-bandwidth command within

the [edit protocols isis] hierarchy
[edit protocols isis]
user@router# set reference-bandwidth 1g
user@router# show
isis {
reference-bandwidth 1g;
interface so-0/0/0.0;
level 2 metric 10;
}
Monitoring IS-IS Operation

Various show commands exist to provide detailed
information on the operation of IS-IS
show
show
show
show
show
show
isis
isis
isis
isis
isis
isis
interface
adjacency
spf log
statistics
route
database extensive
Displaying IS-IS Interface Status

Use the show isis interface command to
display the IS-IS parameters associated with an
interface
user@router> show isis interface ?
Possible completions:
<[Enter]>
Execute this command
<interface-name>
Interface name
brief
Show brief status
detail
Show detailed status
user@router> show isis interface
IS-IS interface database:
Interface
L CirID Level 1 DR
lo0.0
0
0x1 Disabled
so-0/1/0.0
1
0x1 Disabled
so-0/1/1.0
2
0x1 Disabled
so-0/1/2.0
3
0x1 Disabled
Level 2 DR
L1/L2 Metric
Passive
0/0
Point to Point
10/10
Point to Point
10/10
Point to Point
10/10
Level 3 is both Level 1 and Level 2

Displaying IS-IS Adjacency Status

Use the show isis adjacency command to
display IS-IS parameters adjacency status
user@router> show isis adjacency ?
Possible completions:
<[Enter]>
Execute this command
brief
Show brief status
detail
Show detailed status
system-id
Display entries for specified system
user@router> show isis adjacency
IS-IS adjacency database:
Interface
System
L State
so-0/1/2.0
Denver
2 Up
so-0/1/3.0
SanFran
2 Up
so-0/2/2.0
Toronto
2 Up
so-0/2/3.0
Amsterdam 2 Up
Hold (secs) SNPA

24
28
23
26
Expires in
Displaying Detailed Adjacency Information

Display detailed IS-IS adjacency information with the
detail switch
user@router> show isis adjacency detail
IS-IS adjacency database:
Denver
Interface: so-0/1/2.0, Level: 2, State: Up, Expires in
25 secs
Priority: 0, Up/Down transitions: 1, Last transition:
00:15:27 ago
Circuit type: 2, Speaks: IP
IP addresses: 10.0.18.2
Displaying SPF Log

Display information about SPF operation with the
show isis spf log command
user@router> show isis spf log
IS-IS level 1 SPF log:
Start time
Elapsed (secs) Count Reason
Tue Apr 17 16:13:26
0.000039
1 Reconfig
Tue Apr 17 16:13:32
0.000062
1 Updated LSP
host.00-00
Tue Apr 17 16:28:26
0.000064
1 Periodic SPF
IS-IS level 2 SPF log:
Start time
Elapsed (secs) Count Reason
Tue Apr 17 16:13:26
0.000025
1 Reconfig
Tue Apr 17 16:13:32
0.000051
1 Updated LSP
host.00-00
Tue Apr 17 16:13:57
0.000087
2 New adjacency
Denver on so-0/1/2.0
Tue Apr 17 16:14:03
0.000241
6 Updated LSP
Atlanta.00-00
Tue Apr 17 16:26:38
0.000298
1 Periodic SPF
Displaying IS-IS Statistics

Display various IS-IS statistics information with the
show isis statistics command
user@router> show isis statistics
IS-IS statistics for host:
PDU type
Received Processed
LSP
17
17
IIH
190
190
CSNP
99
99
PSNP
3
3
Unknown
0
0
Totals
309
309
Drops
0
0
0
0
0
0
Sent
2
571
294
12
0
879
Rexmit
0
0
0
0
0
0
Total packets received: 309 Sent: 879

SNP queue length: 0 Drops: 0
LSP queue length: 0 Drops: 0
SPF runs: 17
Fragments rebuilt: 5
LSP regenerations: 2
Purges initiated: 0
Displaying IS-IS Routes

user@router> show isis route
IPv4/IPv6 Routes
---------------IS-IS routing table
Prefix
L Version Metric
10.0.0.0/24
2
5
20
10.0.1.0/24
2
5
20
10.0.2.0/24
2
5
30
10.0.8.0/24
2
5
30
. . .
user@host> show route protocol isis
Current version: L1: 3 L2: 5

Type Interface
Via
int so-0/1/2.0
Denver
int so-0/1/2.0
Denver
int so-0/1/2.0
Denver
int so-0/1/2.0
Denver
inet.0: 64 destinations, 64 routes (64 active, 0 holddown, 0

hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
*[IS-IS/18] 00:00:59, metric 30

> to 10.0.21.1 via fe-0/0/2.0
*[IS-IS/18] 00:00:59, metric 30
> to 10.0.21.1 via fe-0/0/2.0
*[IS-IS/18] 00:00:59, metric 40
to 10.0.21.1 via fe-0/0/2.0
> to 10.0.22.2 via so-0/1/1.0
Displaying Detailed IS-IS Database

Information
user@router> show isis database extensive
IS-IS level 1 link-state database:
Tokyo.00-00 Sequence: 0x1, Checksum: 0x1c90, Lifetime: 864 secs
IP prefix: 192.168.20.0/24
Metric:
0 External
IP prefix: 192.168.21.0/24
Metric:
0 External
IP prefix: 192.168.22.0/24
Metric:
0 External
IP prefix: 200.0.0.0/24
Metric:
0 External
Up
Up
Up
Up
Header: LSP ID: Tokyo.00-00, Length: 140 bytes

Allocated length: 1492 bytes, Router ID: 192.168.20.1
Remaining lifetime: 864 secs, Level: 1, Interface: 0
Estimated free bytes: 1352, Actual free bytes: 1352
Aging timer expires in: 864 secs
Protocols: IP, IPv6
Packet: LSP ID: Tokyo.00-00, Length: 140 bytes, Lifetime : 1200 secs
Checksum: 0x1c90, Sequence: 0x1, Attributes: 0x3 <L1 L2>
NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
Packet type: 18, Packet version: 1, Max area: 0
TLVs:
Area address: 49.0001 (3)
Speaks: IP
Speaks: IPv6
IP router id: 192.168.20.1
IP address: 192.168.20.1
Hostname: Tokyo
IP external prefix: 192.168.20.0/24, Internal, Metric: default 0, Up
. . .
Advanced IS-IS Operations

and Configuration Options
LSP Flooding Scopes
External
Routes
Injected
L1L2
L1L2
L1L2
L1L2
L1L2
L1L2
Area 49.1111
L2 PDU
Area 49.1111
L2 PDU
Area 49.1111
L2 PDU
Area 49.2222
L2 PDU
Area 49.2222
L2 PDU
Area 49.2222
L2 PDU
Area 49.3333
L2 PDU
Area 49.3333
L2 PDU
Area 49.1111
L1 PDU
Area 49.2222
L1 PDU
Area 49.1111
Area 49.2222
L1L2
L1L2
Area 49.3333
L2 PDU
Area 49.3333
L1 PDU
Area 49.3333
L1L2 = Interface configuration

Sample IS-IS Database

user@router> show isis database
LSP ID
Sequence
R1.00-00
0x8
R2.00-00
0x9
R3.00-00
0x7
R3.02-00
0x4
4 LSPs
Checksum Lifetime Attributes

0xcc42
957 L1 L2 Attached
0xbdfa
1055 L1
0x54d2
500 L1
0xdddb
677 L1

LSP ID
Sequence
R1.00-00
0x6
R4.00-00
0x9
R5.00-00
0x6
3 LSPs
Checksum Lifetime Attributes

0xa5a1
1102 L1 L2
0xc92f
909 L1 L2
0xd7d2
1109 L1 L2
Shortest-Path-First Algorithm
Based on the Dijkstra algorithm
Link-state database
Candidate database
Tree database
Runs on a per-level basis on each router

Independent calculation of the topology
Result is passed to the Junos OS routing table

Decision as to whether the route is marked active is made
by the routing table
SPF Calculation Example (1 of 6)

Link-State
RTR-A
RTR-C
RTR-B
1
RTR-D
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)

Link-State
Candidate
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)
LS Entry Cost to Root
(A, A, 0)
Tree
(A, A, 0) - 0
RTR-A

Link-State
Candidate
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)

(A, A, 0)
(A, B, 1)
(A, C, 2)
Tree
(A, A, 0) - 0
(A, B, 1) - 1
0
1
2
RTR-A
RTR-B

Link-State
Candidate
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)

(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
Tree
(A, A, 0) - 0
(A, B, 1) - 1
(A, C, 2) - 2
0
1
2
4
4
RTR-A
RTR-B
RTR-C

Tree
Link-State
Candidate
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)

(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(A, A, 0) - 0
(A, B, 1) - 1
(A, C, 2) - 2
(B, D, 3) - 4
0
1
2
4
4
6
6
RTR-A
RTR-B
RTR-C
RTR-D

Link-State
Candidate
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)
Tree
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
0
1
2
4
4
6
6
(D, B, 1)
(D, C, 2)
5
6
(A, A, 0) - 0
(A, B, 1) - 1
(A, C, 2) - 2
(B, D, 3) - 4
RTR-A
RTR-B
RTR-C
RTR-D
Controlling SPF Calculations

Three consecutive SPF runs can occur before a
mandatory hold-down occurs
Keeps the network stable during change
5-second hold-down timer is not configurable
A 200-millisecond delay is preconfigured between the

back-to-back SPFs
Altered with the spf-delay parameter
Supports values that range from 50 to 1000 ms
user@router# set spf-delay 100
Partial Route Calculation

Full SPF calculation is run in two stages:
Build a shortest-path tree to each IS in the network
Calculate the best path to the IP reachability information
advertised by each IS
Only recalculates the IP reachability information

Received LSPs are examined for changes
Automatically enabled by default

Not configurable using the CLI
IS-IS Wide Metrics

TLVs 2, 128, and 130 use 6 bits for metric values
Maximum metric for an interface is 63
Configured metrics larger than the maximum value are
advertised as 63
Both TLVs are sent by default
TLVs 22 and 135 use larger metric spaces

Maximum value for an interface is now 16,777,215
Both TLVs are sent by default
Router can be configured to only use the wide metrics

of TLVs 22 and 135
Configured for an entire level
Only these TLVs are sent in the LSP
Removes external route distinction; results in automatic leaking of
redistributed routes from Level 1 to Level 2
user@router# set level 2 wide-metrics-only
Wide Metrics Operation (1 of 3)

10
10
R1
10
fe-0/0/0.0
10.22.60/24
10
R2
user@R1> show route 192.168.48.1 terse

inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
A Destination
* 192.168.48.1/32
P Prf
I 18
Metric 1
10
Metric 2
Next hop
>10.222.60.2
AS path
user@R1> show isis database extensive R1.00-00 | find TLV

TLVs:
IP prefix: 192.168.52.1/32, Internal, Metric: default 0
IP extended prefix: 192.168.52.1/32 metric 0 up
(Information deleted for brevity)

10
10,000
R1
fe-0/0/0.0
10.22.60/24
10
10
R2

A Destination
* 192.168.48.1/32
P Prf
I 18
Metric 1
63
Metric 2
Next hop
>10.222.60.2
AS path

TLVs:

10
10,000
10
fe-0/0/0.0
10.22.60/24
R1
(Wide Metrics Only)
10
R2

A Destination
P Prf
* 192.168.48.1/32
18
Metric 1
10000
Metric 2
Next hop
AS path
>10.222.60.2

TLVs:
Effects of Altering Metrics

The TLV values within an LSP advertise the metric
values, which populate the LSDB
As each router runs the SPF algorithm, each LSP is
examined individually for cost of the outgoing interface
The final metric calculation uses this cost
Routers can disagree about the cost on a network link

R1 router sees a cost of 45 to reach R4 router
R4 router sees a cost of 60 to reach R1 router
5
R1
15
10
R2
20
25
R3
30
R4
IS-IS Authentication
Authentication can occur within multiple places
Level 1
Level 2
Interface
Three authentication types are supported

None (default)
Simple
MD5
MD5 includes an encrypted checksum with all

packets
Provides better security than simple type
Authentication Configuration
Level authentication affects all IS-IS PDUs
Link-state, sequence number, and hello
Per-interface authentication affects hello PDUs only

and takes precedence over per-level settings
user@router# show
level 1 {
authentication-key "$9$bssYomPQ69pkq39puhc8X7V2a"; # SECRET-DATA
authentication-type md5;
}
level 2 {
authentication-key "$9$dXVYoDjqQ39gomTz6CAvW8X-ViHmFnCDi1h"; # SECRET-DATA
authentication-type simple;
}
interface fe-0/0/0.0 {
level 2 {
hello-authentication-key "$9$1sEEclw4JH-d2oGq.Ctp01h7NbgaU"; # SECRET-DATA
hello-authentication-type md5;
}
Authentication Control
Level 1 or Level 2 authentication can be disabled for
specific PDUs
Hello PDUs
no-hello-authentication
Complete sequence number PDUs

no-csnp-authentication
Partial sequence number PDUs

no-psnp-authentication
Stop verifying authentication on all PDUs with the

no-authentication-check command
Useful for migration purposes
Mesh Groups
IS-IS floods LSPs to all neighbors by default
Certain physical topologies make this flooding
unnecessary
R4 router will receive three copies of the same LSP
Once configured, the group members do not reflood

LSPs within the group
R2
R4
R1
R3
Mesh Group Configuration

Each interface is configured with a group number
32-bit numbers can be different on separate interfaces
To prevent an interface from flooding any LSPs, you

can use the blocked keyword
[edit protocols]
user@router# show
isis {
mesh-group 2;
}
mesh-group 1;
}
mesh-group blocked;
}
}
Overload Bit
Allows advertisement of routing information to
neighbors while indicating the node should not be
used for transit traffic
Other routers ignore the LSP during SPF calculation
Turns off the attached bit
Can be set permanently or with a timeout value

Timer is between 60 and 1800 seconds
Timer only runs after rpd starts
[edit protocols]
user@router# show
isis {
overload;
interface so-0/0/0.0;
interface ge-0/1/0.0;
}
user@router> show isis database
LSP ID
Sequence Checksum Lifetime Attributes
Router-1.00-00
0x36f
0x8cf7
1007 L1 L2
Router-2.00-00
0x37f
0x4c3a
1067 L1 L2 Overload
CSNP Interval
DIS router sends CSNP packets on a LAN interface
every 10 seconds
Can be altered on a per-interface basis
Value can be between 1 and 65,535 seconds
[edit]
user@router# run show isis interface detail
ge-0/2/0.0
Index: 3, State: 0x6, Circuit id: 0x2, Circuit type: 2
LSP interval: 100 ms, CSNP interval: 10 s
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
2
1
64
10
3
9 R1.02 (us)
[edit]
user@router# set protocols isis interface ge-0/2/0 csnp-interval 40
[edit]
user@router# run show isis interface detail
ge-0/2/0.0
Index: 3, State: 0x6, Circuit id: 0x2, Circuit type: 2
LSP interval: 100 ms, CSNP interval: 40 s
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
2
1
64
10
3
9 R1.02 (us)
IS-IS Default Policies

User-defined import policies are allowed
Could impair the completeness of the LSDB
IS-IS route information in an LSP is populated from

the configuration within [edit protocols isis]
Subnets are placed into an LSP for advertisement into the
network
Can block internal and external subnets in export policy
Different behavior than OSPF
Sourcing Routes in IS-IS

Route redistribution requires an export policy at the
global IS-IS level
Routes from other IGPs (RIP or OSPF)
Routes from other protocols (static or aggregate)
Beware of routing loops

When multiple redistribution points exist
Route table preference values can cause redistributed routes to be
preferred
[edit policy-options]
user@router# show
policy-statement redistribute-routes-into-isis {
term find-other-igp-routes {
from protocol [rip ospf];
then accept;
}
}
IS-IS Route Attributes on Export

Change metric values for IS-IS routes
Use the metric keyword in a policy
Configured value placed in appropriate LSP for that level
Administrative marking for policy matching

Use the tag keyword in a policy
Allows other routers to match on the defined value
Useful for selective redistribution
policy-statement example-isis-policy-1 {
term set-static-metric {
from protocol static;
then {
metric 40;
tag 68;
accept;
}
}
}
Case Study: External Routes (1 of 5)

Case study topology
R1
fe-0/0/1.110 lo0 10.200.0.1
R3
lo0 10.200.0.3
R5
lo0 10.200.0.5
RIP
RIP
IS-IS Area 49.1111
R2
lo0 10.200.0.2
IS-IS Area 49.2222
R4
lo0 10.200.0.4
R6
lo0 10.200.0.6

Case study background
The RIP router is advertising routes
Redistribute a single RIP route into IS-IS
Advertise the 20.20.1.0/24 RIP route
The R1 and R2 routers have an IS-IS default route

Default route is generated by the attached bit
Redistribute the default route into RIP

Redistribute the RIP
route into IS-IS
[edit]
user@R1# show policy-statement redistribute-rip
term 1 {
from {
protocol rip;
route-filter 20.20.1.0/24 exact;
}
then accept;
}
[edit]
user@R1# show protocols
isis {
export redistribute-rip;
}
Redistribute the IS-IS

route into RIP
[edit]
user@R2# show policy-statement redistribute-default
term 1 {
from {
protocol isis;
}
then accept;
}
[edit]
user@R2# show protocols
rip {
export redistribute-default;
}

Redistribute the default route from IS-IS into RIP
High preference 160 to low preference 100
user@R2 show route 0/0
0.0.0.0/0
*[RIP/100] 00:03:18, metric 2

> to 10.200.5.2 via fe-0/0/1.210
[ISIS/160] 00:24:48, metric 11
> to 10.200.62.9 via fe-0/0/0.221
The RIP route is the active route

Modify the IS-IS external preference to 90
[edit]
user@R2# show policy-statement rip-preference
term 1 {
from {
protocol rip;
}
then {
preference 90;
accept;

Mutual redistribution
The default route has been fixed
The RIP route is now a higher preference 100 than the
external IS-IS preference 90
user@R2> show route 0/0
0.0.0.0/0
*[ISIS/90] 00:03:09, metric 2

> via ge-0/0/0.0
[RIP/100] 00:19:48, metric 2
> to 10.200.5.3 via ge-0/0/1.210
Prefix Limits for External Routes

The Junos OS is built to handle a large numbers of
external routes
You often do not place Internet routes into IS-IS
Usually occurs because of a configuration mistake
Can leave a portion of your network unusable
Limit can be placed on the number of routes allowed

using a routing policy
When the limit is reached:
External routing information no longer transmitted in LSPs
Overload state initiated
Requires a manual step to fix the problem

user@router# show
level 1{
prefix-export-limit 400;
}
level 2{
prefix-export-limit 600;
}
Multilevel IS-IS Networks
IS-IS Level 2 Network

L2
L2
L2
L2
Area 49.1111
L2 PDU
Area 49.2222
L2 PDU
L2
Area 49.3333
L2 PDU
L2
L2
L2
L2
Area 49.1111
L2 PDU
Area 49.2222
L2 PDU
Area 49.3333
L2 PDU
Area 49.1111
L2
Area 49.2222
L2
L2
L2
Area 49.1111
L2 PDU
Area 49.2222
L2 PDU
Area 49.3333
L2 PDU
Area 49.3333
L2 = Interface configuration
IS-IS Level 1 Network
L1
L1
L1
L1
L1
L1
L1
L1
L1
L1
L1
L1
Area 49.4444
L1 PDU
Area 49.4444
L1 = Interface configuration
IS-IS Level 1 and Level 2 Network

L2
L2
L1
L1
L1
L2
L2
L2
L2
L1
L2
L1
L1
L2
Area 49.5555
L1 PDU
L1
L2
Area 49.5555
L2 PDU
Area 49.6666
L2 PDU L2
L2
Area 49.7777
L1 PDU
L2
L1
Area 49.7777
L2 PDU
Area 49.5555
Area 49.6666
Area 49.7777
L1 or L2 = Interface configuration
Multilevel Operation
An L1/L2 IS-IS network operates in a similar fashion
to an OSPF NSSA with no summaries
Local L1 routes are advertised into Level 2
External routes can be advertised into an L1 area
The L1/L2 border is a natural route boundary

L2 routes are not advertised into L1 areas by default
External L1 routes are not advertised to Level 2 by default
Route leaking policies are used to modify this default behavior
Using only wide metrics eliminates internal/external distinction
L1/L2 attached routers set the attached bit in their

L1 LSPs
L1 routers install a locally generated 0/0 default route to
the closest L2 attached router
Disable with ignore-attached-bit command
Ignoring the Attached Bit

Level 2 to Level 1 route leaking policy in place
Limited LSP flooding scope provides some protection from
software or network faults
Default route unnecessary
L2
L2
L1
L2
L2
L1
L2
L1
L2
ignore-attached-bit
L1
L2
L2
L2
Area 49.6666
Area 49.7777
IS-IS Multilevel Configuration

Each IS-IS interface operates at both Level 1 and
Level 2, by default
Disable a specific level to not have the interface operate at
that level
lo0 interface will be passive at both levels in this example
Disable at a particular level to prevent lo0 address advertisement
in that level
protocols {
isis {
interface
level
}
interface
level
}
interface
}
}
so-0/0/0.0 {
1 disable;
ge-0/1/0.0 {
2 disable;
lo0.0;
Case Study: Routing Leaking

R5
R3
L2
L1
R1
L1
Area 49.0001
Area 49.0002
Level 2 routes are to be advertised into Area 49.0001

Requires routing policy on L1/L2 area border router R3
Use the from level 2/to level 1 syntax
Case Study: Route Leaking Policy

Use a policy to advertise (leak) routes across an
L1/L2 area border
Routes advertised from an L2 area into an L1 area
have the up/down bit set to down
Ensures that another L2 router will not re-advertise the
route back into an L2 area to avoid routing loops
user@router# show
policy-statement route-leak {
term L2-to-L1 {
from {
protocol isis;
level 2;
route-filter 192.168.16.0/20 orlonger;
}
to level 1;
then accept;
}
}
Route Summarization
The L1/L2 area border is a natural place to
summarize routing information
Override the default route flooding between the areas with a
routing policy
Create aggregate routes in local routing table

Policy required to advertise aggregate routes into another
leveluse from /to level for maximum control
user@router# show policy-statement external-L1-summary-route
term on-the-L1L2-router {
from {
protocol aggregate;
}
to level 2;
then accept;
}
Case Study:
Internal Level 1 Route Summarization
10.0.4.0/22
R5
R3
L2
L1
R1
L1
Area 49.0001
Area 49.0002
Internal Level 1 routes can be summarized

Requires routing policy and a local aggregate route
For example, suppress specific routes in the 10.0.4.0/22
block and advertise a single 10.0.4.0/22 summary route
Case Study:
Level 1 Route Summarization Policy
Sample policy for summarizing internal Level 1 routes
Requires local 10.0.4.0/22 aggregate definition on R3
Use of to ensures that summary route is not injected into
the Level 1 area
[edit]
user@R3# show policy-options policy-statement internal-L1-summary-route
term local-summary-route {
from {
protocol aggregate;
}
to level 2;
then accept;
}
term suppress-specifics {
from {
route-filter 10.0.4.0/22 longer;
}
to level 2;
then reject;
}
Applying IS-IS Policies

Apply IS-IS policies at the global level of the isis
stanza
Multiple export polices can be applied, or a single policy with
multiple terms can be used
user@R3# show
export [ external-L1-summary-route internal-L1-summary-route ];
level 1 disable;
}
level 2 disable;
}
interface lo0.0;

Isis

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Isis

Hochgeladen von

Copyright:

Verfügbare Formate

IS-IS

2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net

Developed for routing ISO CLNP packets

2011 Juniper Networks, Inc. All rights reserved.

Implementation of IS-IS for routing IP in addition to

A single AS can be divided into smaller groups called

Level 2 intermediate systems route between areas and

Network Entity Title

2011 Juniper Networks, Inc. All rights reserved.

IS-IS and OSPF

Use hello packets to form and maintain adjacencies

2011 Juniper Networks, Inc. All rights reserved.

2011 Juniper Networks, Inc. All rights reserved.

2011 Juniper Networks, Inc. All rights reserved.

ATT, OL, and

2011 Juniper Networks, Inc. All rights reserved.

LSP ID field provides uniqueness in the domain

Separate hellos for:

IS-IS transmits hello PDUs at regular intervals

Separate LSPs for:

Sent as a result of a network change, during adjacency

2011 Juniper Networks, Inc. All rights reserved.

Sequence Number PDUs

Separate type for Level 1 and 2 systems

Complete sequence number PDUs

Separate type for Level 1 and 2 systems

Similar to OSPF packet-specific and LSA-specific fields

Some TLV Examples (1 of 2)

IP prefix, mask, and metrics

2011 Juniper Networks, Inc. All rights reserved.

Some TLV Examples (2 of 2)

Dynamic hostname mapping

Multiple topologies (routing instances)

Multiple topologies (routing instances)

Multiple topologies (routing instances)

2011 Juniper Networks, Inc. All rights reserved.

TLV 1Area Address

2011 Juniper Networks, Inc. All rights reserved.

TLV 2IS Reachability

2011 Juniper Networks, Inc. All rights reserved.

2011 Juniper Networks, Inc. All rights reserved.

TLV 22Extended IS Reachability

2011 Juniper Networks, Inc. All rights reserved.

TLV 128IP Internal Reachability

TLV 129Protocols Supported

2011 Juniper Networks, Inc. All rights reserved.

TLV 130IP External Reachability

TLV 132IP Interface Address

2011 Juniper Networks, Inc. All rights reserved.

TLV 134TE IP Router ID

2011 Juniper Networks, Inc. All rights reserved.

TLV 135Extended IP Reachability

TLV 137Dynamic Hostname

2011 Juniper Networks, Inc. All rights reserved.

Link-State PDU TLVs

TLV 22 wide metrics

2011 Juniper Networks, Inc. All rights reserved.

Neighbors and Adjacencies

For Level 1 adjacencies,

2011 Juniper Networks, Inc. All rights reserved.

Designated Intermediate System

The IS-IS network is considered a routercalled a

2011 Juniper Networks, Inc. All rights reserved.