Beruflich Dokumente
Kultur Dokumente
Overview of IS-IS
An interior gateway protocol based on the SPF
algorithm
Uses link-state information to make routing decisions
www.juniper.net | 2
Integrated IS-IS
M Series, MX Series, and T Series platforms do not
support native CLNP/CLNS routing
SRX Series and J Series platforms do support CLNP/CLNS
routing
www.juniper.net | 3
IS-IS Concepts
IS-IS network is a single autonomous system
End systems: Network entities (that is, hosts) that send and
receive packets
Intermediate systems: Network entities (that is, routers) that
send and receive packets and relay (that is, forward) packets
PDUs: Protocol data units; term for IS-IS packets
www.juniper.net | 4
www.juniper.net | 5
www.juniper.net | 6
IS-IS Areas
www.juniper.net | 7
OSPF Areas
www.juniper.net | 8
LSP Format
Describes the state of adjacencies in neighboring
IS-IS routers
Flooded periodically throughout a level
Contains multiple TLV segments
Field length,
in bytes
Protocol
Identifier
Header
Length
Version
ID
Length
PDU
Type
Version
Reserved
Maximum
Area
Addresses
Variable
PDU
Headers
and TLVs
Variable
PDU
Length
Remaining
Lifetime
LSP ID
Sequence
Number
Checksum
TLVs
www.juniper.net | 9
LSP Notes
PDU type field denotes an Level 1 or Level 2 PDU
Level 1 PDU = 18
Level 2 PDU = 20
www.juniper.net | 10
Hello PDUs
The hello mechanism for neighbor discovery is used
to build and maintain adjacencies
Similar to the hello mechanism in OSPF
Point-to-point networks
www.juniper.net | 11
Link-State PDUs
Link-state PDUs
Used to build the link-state database
Similar to LSAs in OSPF
www.juniper.net | 12
www.juniper.net | 13
Type/Length/Values
IS-IS information objects
Each piece of IS-IS information is defined as an object with
three attributes:
Object type: The predefined code for the type of information
contained in the object
Object length: The length of the information (allows for variablelength objects)
Object value: The actual information defined by the type attribute
TLVs are the building blocks of IS-IS PDUs, which are used
for information exchange
Some TLVs are used in multiple PDUs
Some TLVs are PDU-specific
www.juniper.net | 14
Defined in
ISO 10589
Area addresses
ISO 10589
IS neighbor metrics
ISO 10589
Neighbor LAN ID
ISO 10589
Padding
ISO 10589
LSP entries
10
ISO 10589
Authentication
22
RFC 5029
Extended IS reachability
128
RFC 1195
129
RFC 1195
Protocols supported
Used for
www.juniper.net | 15
Defined in
130
RFC 1195
IP external information
132
RFC 1195
IP interface address
135
RFC 3784
Extended IP reachability
137
RFC 2763
222
RFC 5311
229
RFC 5311
232
RFC 5308
IPv6 support
235
RFC 3784
236
RFC 5308
IPv6 support
Used for
www.juniper.net | 16
(Variable) Area ID
Ranges from 1 to 13 bytes
Repeated for each configured area
www.juniper.net | 17
www.juniper.net | 18
TLV 10Authentication
Encodes authentication data to ensure that only
trusted information is placed into the LSDB
(1-byte) TLV type
(1-byte) TLV length
(1-byte) Authentication type
(Variable) Password
www.juniper.net | 19
www.juniper.net | 20
www.juniper.net | 21
www.juniper.net | 22
www.juniper.net | 23
www.juniper.net | 24
www.juniper.net | 25
www.juniper.net | 26
www.juniper.net | 27
TLV 129
TLV 132
TLV 2 small
metrics
TLV 137
subTLV 6
subTLV 8
TLV 128 small
metrics
TLV 135 wide metrics
TLV 135
TLV 130
TLV 10
www.juniper.net | 28
www.juniper.net | 29
DIS characteristics:
DIS acts as representative of the pseudo-node and advertises
the pseudo-node to all attached routers
No backup DIS in IS-IS
www.juniper.net | 30
www.juniper.net | 31
Configuring IS-IS (1 of 2)
You must include the ISO family on all interfaces on
which you want to run IS-IS and a NET on one of the
routers interfaces (usually lo0)
[edit]
user@router# show interfaces
ge-0/1/0 {
unit 0 {
family iso;
family inet {
address 10.0.24.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.2.1/32;
}
family iso {
address 49.0001.0192.0168.0201.00;
}
}
}
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 32
Configuring IS-IS (2 of 2)
[edit protocols]
user@router# set isis interface ge-0/0/0.0 level 1 disable
[edit protocols]
user@router# set isis interface at-0/1/1.100 level 2 disable
[edit protocols]
user@router# show
isis {
interface ge-0/0/0.0 {
level 1 disable;
}
interface at-0/1/1.100 {
level 2 disable;
}
interface lo0.0 {
level 2 disable;
}
}
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 33
IS-IS Metric
Metric of an interface indicates the overhead required
to send packets out a particular interface
Default IS-IS metric for all links is 10
Includes passive interfaces
Exception is the loopback interface
Default metric is 0
www.juniper.net | 34
Reference Bandwidth
You can change the interface cost to use the formula
reference-bandwidth/bandwidth
Automatically alters the cost of interfaces
Allows for a consistent change across all interfaces
www.juniper.net | 35
isis
isis
isis
isis
isis
isis
interface
adjacency
spf log
statistics
route
database extensive
www.juniper.net | 36
Level 2 DR
L1/L2 Metric
Passive
0/0
Point to Point
10/10
Point to Point
10/10
Point to Point
10/10
www.juniper.net | 37
www.juniper.net | 38
www.juniper.net | 39
www.juniper.net | 40
Drops
0
0
0
0
0
0
Sent
2
571
294
12
0
879
Rexmit
0
0
0
0
0
0
www.juniper.net | 41
www.juniper.net | 42
Up
Up
Up
Up
www.juniper.net | 43
External
Routes
Injected
L1L2
L1L2
L1L2
L1L2
L1L2
L1L2
Area 49.1111
L2 PDU
Area 49.1111
L2 PDU
Area 49.1111
L2 PDU
Area 49.2222
L2 PDU
Area 49.2222
L2 PDU
Area 49.2222
L2 PDU
Area 49.3333
L2 PDU
Area 49.3333
L2 PDU
Area 49.1111
L1 PDU
Area 49.2222
L1 PDU
Area 49.1111
Area 49.2222
L1L2
L1L2
Area 49.3333
L2 PDU
Area 49.3333
L1 PDU
Area 49.3333
www.juniper.net | 45
www.juniper.net | 46
Shortest-Path-First Algorithm
Based on the Dijkstra algorithm
Link-state database
Candidate database
Tree database
www.juniper.net | 47
RTR-C
RTR-B
1
RTR-D
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)
www.juniper.net | 48
Candidate
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)
(A, A, 0)
Tree
(A, A, 0) - 0
RTR-A
www.juniper.net | 49
Candidate
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)
Tree
(A, A, 0) - 0
(A, B, 1) - 1
0
1
2
RTR-A
RTR-B
www.juniper.net | 50
Candidate
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)
Tree
(A, A, 0) - 0
(A, B, 1) - 1
(A, C, 2) - 2
0
1
2
4
4
RTR-A
RTR-B
RTR-C
www.juniper.net | 51
Link-State
Candidate
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)
(A, A, 0) - 0
(A, B, 1) - 1
(A, C, 2) - 2
(B, D, 3) - 4
0
1
2
4
4
6
6
RTR-A
RTR-B
RTR-C
RTR-D
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 52
Candidate
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
(D, B, 1)
(D, C, 2)
Tree
(A, A, 0)
(A, B, 1)
(A, C, 2)
(B, A, 3)
(B, D, 3)
(C, A, 4)
(C, D, 4)
0
1
2
4
4
6
6
(D, B, 1)
(D, C, 2)
5
6
(A, A, 0) - 0
(A, B, 1) - 1
(A, C, 2) - 2
(B, D, 3) - 4
RTR-A
RTR-B
RTR-C
RTR-D
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 53
www.juniper.net | 54
www.juniper.net | 55
www.juniper.net | 56
10
R1
10
fe-0/0/0.0
10.22.60/24
10
R2
P Prf
I 18
Metric 1
10
Metric 2
Next hop
>10.222.60.2
AS path
www.juniper.net | 57
10,000
R1
fe-0/0/0.0
10.22.60/24
10
10
R2
P Prf
I 18
Metric 1
63
Metric 2
Next hop
>10.222.60.2
AS path
www.juniper.net | 58
10,000
10
fe-0/0/0.0
10.22.60/24
R1
(Wide Metrics Only)
10
R2
P Prf
* 192.168.48.1/32
18
Metric 1
10000
Metric 2
Next hop
AS path
>10.222.60.2
www.juniper.net | 59
5
R1
2011 Juniper Networks, Inc. All rights reserved.
15
10
R2
20
25
R3
30
R4
www.juniper.net | 60
IS-IS Authentication
Authentication can occur within multiple places
Level 1
Level 2
Interface
www.juniper.net | 61
Authentication Configuration
Level authentication affects all IS-IS PDUs
Link-state, sequence number, and hello
www.juniper.net | 62
Authentication Control
Level 1 or Level 2 authentication can be disabled for
specific PDUs
Hello PDUs
no-hello-authentication
www.juniper.net | 63
Mesh Groups
IS-IS floods LSPs to all neighbors by default
Certain physical topologies make this flooding
unnecessary
R4 router will receive three copies of the same LSP
R4
R1
R3
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 64
www.juniper.net | 65
Overload Bit
Allows advertisement of routing information to
neighbors while indicating the node should not be
used for transit traffic
Other routers ignore the LSP during SPF calculation
Turns off the attached bit
www.juniper.net | 66
CSNP Interval
DIS router sends CSNP packets on a LAN interface
every 10 seconds
Can be altered on a per-interface basis
Value can be between 1 and 65,535 seconds
[edit]
user@router# run show isis interface detail
IS-IS interface database:
ge-0/2/0.0
Index: 3, State: 0x6, Circuit id: 0x2, Circuit type: 2
LSP interval: 100 ms, CSNP interval: 10 s
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
2
1
64
10
3
9 R1.02 (us)
[edit]
user@router# set protocols isis interface ge-0/2/0 csnp-interval 40
[edit]
user@router# run show isis interface detail
IS-IS interface database:
ge-0/2/0.0
Index: 3, State: 0x6, Circuit id: 0x2, Circuit type: 2
LSP interval: 100 ms, CSNP interval: 40 s
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
2
1
64
10
3
9 R1.02 (us)
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 67
www.juniper.net | 68
www.juniper.net | 69
www.juniper.net | 70
R3
lo0 10.200.0.3
R5
lo0 10.200.0.5
RIP
RIP
R2
lo0 10.200.0.2
R4
lo0 10.200.0.4
R6
lo0 10.200.0.6
www.juniper.net | 71
www.juniper.net | 72
[edit]
user@R1# show policy-statement redistribute-rip
term 1 {
from {
protocol rip;
route-filter 20.20.1.0/24 exact;
}
then accept;
}
[edit]
user@R1# show protocols
isis {
export redistribute-rip;
}
[edit]
user@R2# show policy-statement redistribute-default
term 1 {
from {
protocol isis;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
[edit]
user@R2# show protocols
rip {
export redistribute-default;
}
www.juniper.net | 73
www.juniper.net | 74
www.juniper.net | 75
www.juniper.net | 76
L2
L2
Area 49.1111
L2 PDU
Area 49.2222
L2 PDU
L2
Area 49.3333
L2 PDU
L2
L2
L2
L2
Area 49.1111
L2 PDU
Area 49.2222
L2 PDU
Area 49.3333
L2 PDU
Area 49.1111
L2
Area 49.2222
L2
L2
L2
Area 49.1111
L2 PDU
Area 49.2222
L2 PDU
Area 49.3333
L2 PDU
Area 49.3333
L2 = Interface configuration
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 78
L1
L1
L1
L1
L1
L1
L1
L1
L1
L1
L1
L1
Area 49.4444
L1 PDU
Area 49.4444
L1 = Interface configuration
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 79
L2
L1
L1
L1
L2
L2
L2
L2
L1
L2
L1
L1
L2
Area 49.5555
L1 PDU
L1
L2
Area 49.5555
L2 PDU
Area 49.6666
L2 PDU L2
L2
Area 49.7777
L1 PDU
L2
L1
Area 49.7777
L2 PDU
Area 49.5555
Area 49.6666
Area 49.7777
L1 or L2 = Interface configuration
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 80
Multilevel Operation
An L1/L2 IS-IS network operates in a similar fashion
to an OSPF NSSA with no summaries
Local L1 routes are advertised into Level 2
External routes can be advertised into an L1 area
www.juniper.net | 81
L2
L1
L2
L2
L1
L2
L1
L2
ignore-attached-bit
L1
L2
L2
L2
Area 49.6666
Area 49.7777
www.juniper.net | 82
so-0/0/0.0 {
1 disable;
ge-0/1/0.0 {
2 disable;
lo0.0;
www.juniper.net | 83
R3
L2
L1
R1
L1
Area 49.0001
Area 49.0002
www.juniper.net | 84
www.juniper.net | 85
Route Summarization
The L1/L2 area border is a natural place to
summarize routing information
Override the default route flooding between the areas with a
routing policy
www.juniper.net | 86
Case Study:
Internal Level 1 Route Summarization
10.0.4.0/22
R5
R3
L2
L1
R1
L1
Area 49.0001
Area 49.0002
www.juniper.net | 87
Case Study:
Level 1 Route Summarization Policy
Sample policy for summarizing internal Level 1 routes
Requires local 10.0.4.0/22 aggregate definition on R3
Use of to ensures that summary route is not injected into
the Level 1 area
[edit]
user@R3# show policy-options policy-statement internal-L1-summary-route
term local-summary-route {
from {
protocol aggregate;
route-filter 10.0.4.0/22 exact;
}
to level 2;
then accept;
}
term suppress-specifics {
from {
route-filter 10.0.4.0/22 longer;
}
to level 2;
then reject;
}
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 88
www.juniper.net | 89