Cisco

IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
IS-IS Introduction & Basic Commands
IS-IS (Intermediate System to Intermediate System) was developed as part of the Open System
Interconnection (OSI) stack of protocols.
IS-IS routing protocol is an Link State Interior Gateway Protocol (IGP) standardized by the Internet
Engineering Task Force (IETF) and commonly used in large Service Provider networks. IS-IS may also be
deployed in extremely large Enterprise networks.
IS-IS has been adapted by IETF to carry IP network information, and this form is called Integrated IS-IS.
Integrated IS-IS has the most important characteristic necessary in a modern routing protocol: It
supports VLSM and converges rapidly. It is also scalable to support very large networks.
CLNS
OSI CLNS is a network layer service similar to bare IP service. A CLNS entity communicates over
Connectionless Network Protocol (CLNP) with its peer CLNS entity.
In the OSI architecture there are "systems": Routers are ISs, and hosts are End Systems (ESs).
ESs themselves have no routing information; they discover ISs (routers) by listening to Intermediate
System Hellos (ISHs) and sending traffic to any random router. ESs send End System Hellos (ESHs); they
do not choose a designated router to handle all traffic, and optimal routing is accomplished via
redirects.
ISs discover ESs by listening to ESHs, and ISs send ISHs to ESs.
There is no Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP) or Interdomain
Routing Protocol (IDRP) for CLNS, but End System-to-Intermediate System (ES-IS) Protocol provides the
same kind of reporting functions for ISs and ESs. The ES-IS Protocol is defined in ISO 9542.
IS-IS is an Interior Gateway Protocol (IGP) for routing OSI. IS-IS packets are not encapsulated in CLNS or
IP but are encapsulated directly in the data-link layer. The IS-IS protocol family is OSI, and values such as
0xFE and 0xFEFE are used by the data-link protocol to identify the Layer 3 protocol as OSI.
IS-IS using its own terminology such as:

End System (ES) = Host
Intermediate System (IS) = Router
System = Network Node
Circuit = Interface
Domain = AS
Designated Intermediate System (DIS) = Designated Router (DR)
ES-IS = protocol used by ES & IS to communicate with each other’s

IS-IS = protocol used by IS & another IS to communicate with each other’s
To run ISIS in your router :

Router isis or router isis cbtme (cbtme is just a TAG work as process id here and its optional identifier )
Configure tags to identify multiple IS-IS processes by giving a meaningful name for each routing process.
If the tag is not specified, a null tag (0) is assumed and the process is referenced with a null tag. The tag
1
name must be unique among all IP router processes for the device. when IS-IS had more than one tag ,
we call it Multi-Instance router.
To enable ISIS under interface:
Int f0/0
Ip router isis or ip router isis cbtme ( in case we used tag such as cbtme)
To Shutdown ISIS in router :

Router isis
Protocol shutdown
To Shutdown ISIS under interface :

Int f0/0
Isis protocol shutdown
IS-IS NET address

Network Service Access Point (NSAP) address aka ISO address is the network-layer address for CLNS
packets (Connectionless Network Service- CLNS is similar to IP Service; a CLNS entity communicates
using CLNP protocol with peer CLNS entity).
NSAP has two major parts : area id & system id

A Network Entity Title (NET) is an NSAP address with NSEL set to 00
So we can say IS-IS addresses are called NETs, or network entity titles, NETs can be 8 to 20
bytes long, but are generally 10 bytes long and are written as shown in this example:
49.0001.1921.6800.1002.00
 Area identifier: The first three bytes are the area ID. The first byte of this example — 49 —
is the address family identifier (AFI) of the authority, which is equivalent to the IP address space
that is assigned to an autonomous system. The AFI value 49 is what IS-IS uses for private
addressing, which is the equivalent of RFC 1918 address space for IP protocols.
The second two bytes of the area ID — 0001 — represent the IS-IS area number. In this
example, the area number is 1.
This Identifier used for routing between areas , Unlike OSPF area id is associated with entire
router not just an interface
 System identifier: The next six bytes identify the node (that is, the router) on the network.
The system identifier is equivalent to the host or address portion on an IP address
This identifier used for routing within area , each router in same area must have unique system
ID , system id here is analogous to OSPF router-id
 NET selector: The final two bytes are the NET selector (NSEL). For IS-IS, they must always be 00, to
indicate “this system.” In another meaning it should be always 00 since we write this NET address for
Router (system)
2
Any IS-IS router by default can have up to 3 NET address , we can change this up to 234 using the
following command :
Router isis
max-area-addresses 234
IS-IS Adjacencies Types ( Level 1 , Level 2 , Level 1/2)
-IS-IS Provide routing to :

Intra-area Level 1 (routers in same area )
Inter-area Level 2 (routers not in same area)
Each will have its own database (LSP database like LSDB in OSPF) and not shared by each other’s with
separated adjacencies
-we can tell the router to run IS-IS but with Level 1 support only or Level 2 only or both , we use
command under isis router process is-type [level-1 | level-1-2 | level-2-only]
If we want to change only Level support between two routers we can use the following command under
interface connect them to each other :
isis circuit-type [level-1 | level-1-2 | level-2-only]
Just remember Level 1 path preferred over Level 2 path ( if both exists)
With IS-IS normally all routers belong to single area, the area border are on the link between routers un
like OSPF.
(Still we can have router belong to more than one area or in another meaning he will have more than
one NET address )
So in OSPF we can have:
Where R2 is ABR with one interface belong to area 0 and one interface belong to area 2
While in IS-IS
Where R2 is belong to area 49.0002 and R1 belong to area 49.0001 but the link between them is making
the two areas can talk to each other’s
3
How Adjacencies Happen ?

Adjacencies happens same as OSPF by sending Hello messages (PDUs) to identify them self and once
adjacencies established , the later hellos will be consider as Keep alive messages
IS-IS Routers Types ( Level 1 , Level 2 , Level 1/2)

IS-IS Routers can be Level 1 , Level 2 or Level 1/2 router , Default for any ISIS router to be Level 1/2
router.
Level 1 router :
Is internal to an area , forms adjacencies with L1 & L1/2 routers , will use the closest L1/2 router to reach
any outside routes exists in other areas
L1 database should be identical with any L1 or L1/2 routers in his area ( same concept we had with LSDB
in OSPF) , Level 1 is like OSPF not so totally stubby area NSSA
Level 2 router :
Is backbone router , forms adjacencies with L2 & L1/2 routers
In ISP core routers r are L2 in every interface , if ISP use OSPF then all interfaces in area
Level 2 Routers / links must be contiguous , cisco not support isis virtual link
Level1/2 router:
Act as ABR but belong to single area only as I mentioned before , will connect L1 routers areas with
backbone L2 areas , , forms adjacencies with L1 , L2 & L1/2 routers
When L1/L2 router send L1 LSP into an area , it sets ATT (attached) bit in the LSPs (link state PDU) to
signal it self as gateway to that area , Simply he will inject his L1 neighbors with Default route
Automatically
by default IS-IS router is L1 / L2 but this create overhead since we create two LSP databases
Area ID and Adjacencies

 Two L1 - only routers will form an L1 adjacency only if their area IDs match .
 Two L2 - only routers will form an L2 adjacency even if their area IDs are different.
 An L1 -on l y route r will form an L1 adjacency w ith an L 1 /L2 router only if the i r
area IDs match .
 An L2 -on l y route r will form an L2 adjacency with an L 1 /L2 router even if their r
area IDs are different.
 Two L 1 /L2 routers will form both L1 and L2 adjacencies if the i r area IDs match
 Two L 1 /L2 routers will form only y an L2 adjacency if their r area IDs do no t match
To change Level type for IS-IS router :

Router isis
Is-type level-1
To change Level type for IS-IS interface :
Int f0/0
Isis circuit-type level-1
4
Adjacencies issues
1-isis use CLNS as transport not IP , this will be tricky with multipoint NBMA scuh as FR multipoint , we
will see that in Lab2
2-level of adj must match , if its level 1 then area also must match between both routers
Adjacencies filtration
We can do some Adjacencies filtration such as :
clns filter-set AF deny 49.0001.0000.0000.000c.00 < Denies only this NET address
clns filter-set AF deny 48.****.****.0000.00**.00 < Denies all NET address start with 48 and with any
starter 4bits in system id with 0000.00 before the end (using wildcard of hosts )
clns filter-set AF permit default < Allows Any other neighbors
interface fa0/0
isis adjacency-filter AF < Applies the CLNS filter to the interface
Passive Interface
Unlike others IGP , passive interface in IS-IS has different behavior
when IS-IS interface configured as passive it still advertised into IS-IS, but will not form any
adjacencies on the interface it self
Configuring "passive -interface" for an IOS interface will remove the interface level command "ip
router isis" and metric value does not apply anymore.
Best Practice is Allow the Loopback interface IP address to be carried within IS-IS,while preventing it
from being considered in the flooding process.
passive-interface Loopback0
DIS designated Intermediate System

DIS is like DR in OSPF and there is no BDR concept in IS-IS
To change ISIS DIS priority under interface:
isis priority 100 ( 0-127 def 64 used for DIS) if all the same then highest OSI L2 address (Mac address)
in IS-IS subnetwork point of attachment (SNPA) mean the L2 address so If all interface priorities are
the same, the router with the highest subnetwork point of attachment (SNPA) is selected. The SNPA is
the MAC address on a LAN, and the local data link connection identifier (DLCI) on a Frame Relay
network.
unlike OSPF we can use 0 zero and again unlike OSPF it mean involve in election but with less priority to
be DIS, so zero here is just like giving DR priority 1 in OSPF.
We can have separate DIS election for L1 and L2 , the elected DIS router might be different for both
levels
One of the main concerns here that if we add new IS-IS router with higher priority or equal priority but
with higher mac address will then the new DIS
5
What is Circuit-id ?
It’s a number uniquely identifies an IS-IS interface
In broadcast networks this number used with system id of our DIS to create LAN-ID
When this number added with DIS system id we call it pseudonode-id
We can see this LAN-ID using command : show clns is-neighbors
Example :
System id for DIS is 3333.3333.3333
Pseudonode id is 05
Then LAN-ID will be 3333.3333.3333.05
ISIS Network Types

ISIS support broadcast or point-to-point network types only , to change network type we write the
following command under interface
isis network point-to-point
In point to point we do not need DIS , L1 & L2 LSPs (routes or aka LSA in ospf) we will be send directly
In broadcast type we always had DIS , LSP send by multicast to all neighbors
IS-IS Packets Types

Packets in IS-IS called PDU (protocol data unit , same term we used in OSI layers since IS-IS made in first
place as OSI model only protocol )
We have three IS-IS packet types :

1-Hello packets (IS-IS Hellos IIH) are used to establish and maintain adjacencies between IS-IS
neighbors.
2-Link-state packets (LSP) are used to distribute routing information between IS-IS nodes. This equal to
or same as OSPF LSA but in IS-IS we do not have different types for LSA.
3-Sequence number packets (SNP) are used to control distribution of link-state packets, essentially
providing mechanisms for synchronization of the distributed Link-State databases on the routers in an
IS-IS routing area.
Hello packets have the following subcategories:

 LAN Level 1 hello packets (PDU Type 15)
 LAN Level 2 hello packets (PDU Type 16)
 Point-to-point hello packets (PDU Type 17)
Link-state packets have the following subcategories:
 Level 1 link-state packets (PDU Type 18)
 Level-2 link-state packets (PDU Type 20)
Finally, sequence number packets have the following subcategories:
 Level 1 complete sequence number packets (PDU Type 24)
 Level 2 complete sequence number packets (PDU Type 25)
 Level 1 partial sequence number packets (PDU Type 26)
 Level 2 partial sequence number packets (PDU Type 27)
Hello default interval is 10 seconds (range 1-65535) but for DIS in NBMA is 3.3 sec , default hold time
interval is 30 seconds (using hello interval multiplier of 3)
6
ES Hello (ESH) = hello sent by ES

IS Hello ( ISH) = hello sent by IS
To change Per-interface
isis hello-interval sec level
Isis hello-multiplier sec level < Hello down = hello * multiplier
on DIS hello is 1 to 3 of the configured timers

3.3 hello so 3.3 * 3= 10 sec hold interval
Int f0/0
Isis hello-interval 1 < 1 sec
Isis hello-multiplier 4 < hold time = 4* 1 = 4 sec
LSP timers
Router isis
Lsp-refresh-interval 600 (600 mean 10 m , default is 15m , indicate that LSP supposed to be refreshed
every 10m)
Router isis
Max-lsp-lifetime 2400 ( 2400 mean 40 m , default 20 m , indicate how long LSP can stay in LSDB without
being refreshed , after that will be dropped from LSDB)
IS-IS Metric , Route Selection & Route Leaking
IS-IS Metric
IS-IS Metric is just a number between 1 and 63 , the default is 10 , since all routers will have the same
metric , the IS-IS metrics are similar to hop-count metrics.
We highly recommend that you change that and configure metrics on all interfaces. If you do not do so,
the IS-IS metrics are similar to hop-count metrics. ( will act a little bit like RIP)
Total cost of an IS-IS router is the sum of the metric for each outgoing interface to the destination
We have two different types of metric with IS-IS :

 Narrow Metric
 Wide Metric (useful with MPLS TE)
To change metric we need to apply the following command under interface

isis metric 1 we call it network metric 6bit
To change metric for specific LSP level database we need to apply the following command under
interface
isis metric 1 level-2
Remember Complete path metric 1-1023 10bits + network metric 6bit called Narrow Metric
To change Metric Type from Narrow to Wide:
router isis
metric-style wide ( from 1 to 16777214 instead of 63 , good for MPLS TE) 24bit
7
Remember complete path metric is 32bit + network metric 24bit called Wide Metric
Run both types of metrics will be useful when we have specific scenarios such as two routers using wide
and one router in between using narrow , so we will need to make all of them run both types.
We highly recommend that you configure the metrics on all interfaces. If you do not do so, all links will
have the same cost and the cost to reach any node in the network will be logically equivalent to the
number of hops.
IS-IS route types

As we knew IS-IS classify routes as L1 or L2 , also classify them as Internal or External .
Internal Routes are the paths to destinations within as IS-IS Domain

External Routes are the paths to destinations external to IS-IS domain
L1 routes are normally Internal, unless we change this manually

L2 routes can be either external or internal
IS-IS path selection
1- if multiple routers to a destination exist , L1 route is preferred over L2 route

2- if equal-level routes to a destination exist , Internal Route is preferred over External Route
3- if equal-level & all internal or all external routes to a destination exist , the route with lowest metric
preferred
4- if equal-level & all internal or all external & equal-cost routes to a destination exist , all will be
preferred and up to six routes will be entered in routing table
Note: if no path present in routing table on L1 routers , traffic will send to metrically closest L1/L2 router
Note : ISIS Administrative Distance is 115
Route Leaking
As you knew so far Router exist in single area only called L1 router , Router exists in Different areas
called L2 router , Router in between areas called L1/L2 router
Router L1/L2 send 0.0.0.0/0 to L1 routers (Set as attached bit ATT)

But We still can leak routes from L2 to L1 database
Normally advertising routes from L2 areas to L1 areas is prohibited and instead L1/L2 routers would set
the ATT bit when L1 routers were advertised into L1 areas ,So L1 routers can install default route in their
RIB pointing to the L1/L2 router.
If we want to inject some routes from L2 areas into L1 areas we will need to use Route Leaking, let’s
see the following topology :
8
R1 & R3 will assume by default that each other are L1/L2

In R1 & R2 under interface connect them to each other’s we change Level to 1 : isis circuit-type level 1
Now R1 will be injected with ATT (default route ) from R2

R1 will be able to reach R3 or any external networks using that default route
Now If we want R2 send to R1 all L2 routes
In R2 (ABR) :
Route-map RL per 10
Match route-type level-2
Router isis
Redis isis ip level-2 into level 1 route-map RL
We can even specific specific L2 routes to be injected in R1 by using ACL
In IOS-XR :
Propagate level 2 into level 1 route-policy RL
So Route leaking can be used for :

Pass L2 into L1
Deny L1 pass to L2
IOS example 1:
router isis
redistribute isis ip level-1 into level-2 distribute-list 101
!
access-list 100 permit ip host 5.5.5.5 host 255.255.255.255
!
access-list 101 deny ip host 2.2.2.2 host 255.255.255.255
access-list 101 permit ip any any
IOS example 2:
router isis
!
access-list 100 permit ip host 6.6.6.6 host 255.255.255.255
9
access-list 101 deny ip host 1.1.1.1 host 255.255.255.255

access-list 101 permit ip any any
-RFC 2966 defined a bit called U/D (up/down bit) to prevent routing loops when using route-leaking
-leaking only loopbacks interfaces is common when IS-IS used with MPLS LDP
-U/D bit prevent routing loops by doing the following

when L1/L2 router advertise routes from L2 area to L1 area , it sets the U/D bit , so any other L1/L2
router will recieve this route from L1 LSP with U/D bit set will not advertise back this route into the L2
area
Run BFD for IS-IS

To enable BFD
int f0/0
bfd interval 250 min_rx 250 multiplier 3
isis bfd
IS-IS summarization
 L1/L2 routers can summarize routes within their area
 Summarization must be configured identically for all L1/L2 routers in an area
 L1 routes cannot be summarized within an area
 any more-specific destination address fall within the summarization range will be suppressed
automatically
 the metric for summary route will be the smallest metric of all the more specific addresses
Router isis
Summary-address 3.3.0.0 255.255.0.0 (we can specifying levels as well )
Multiple groups of addresses can be summarized for a given level. Routes learned from other routing
protocols can also be summarized. The metric used to advertise the summary is the smallest metric of
all the more-specific routes. This command helps reduce the size of the routing table.
IS-IS Default Route

To send default route to L1 we use ATT bit
To send default route to L2 we use :
Ip route 0.0.0.0 0.0.0.0 null0
Router isis
Default-information originate ( route-map is optional, Without route-map default route will advertise
L2 LSPs only)
IS-IS Security
IS-IS encapsulate its messages directly into data link frame
A unique security advantage of IS-IS compared to other IP routing protocols is that IS-IS packets are
directly encapsulated over the data link and are not carried in IP packets or even CLNP packets.
Therefore, to maliciously disrupt the IS-IS routing environment, an attacker has to be physically attached
to a router in the IS-IS network, a challenging and inconvenient task for most network hackers. Other IP
10
routing protocols, such as RIP, OSPF, and BGP, are susceptible to attacks from remote IP networks
through the Internet because routing protocol packets are ultimately embedded in IP packets, which
makes them susceptible to remote access by intrusive applications.
I strongly recommend you to check the ISIS packet using network analyzers such as wireshark , some
packets are ready to use here :
http://packetlife.net/captures/protocol/isis/
if you do not have wireshark you can install it for free or use the cloud version like below :
https://www.cloudshark.org/captures/002cf25c04ba
from http://packetlife.net/captures/ISIS_p2p_adjacency.cap
IS-IS Authentication
We can use clear text or MD5 for IS-IS Authentication
Clear Text
key chain cbtme
key 1
key-string cbtme
int f0/0
isis authen mode text level-2
isis authen key-chain cbtme
MD5
key chain cbtme
key 1
key-string cbtme
int f0/0
isis authen mode md5 level-2
isis authen key-chain cbtme
IS-IS Single Topology, Multiple Topology

IS-IS support IPV6 without the need to have new protocol , unlike OSPF where we need ospfv2 and
ospfv3 , Also IS-IS can use single topology or multiple topology for network working with IPv4 & IPv6 in
same time.
IS-IS & IPv6/IPv4 Single Topology

Single Topology IS-IS is used when multiple protocol stacks, such as IPv4 and IPv6, are
configured in an identical 1:1 basis on all interfaces in the topology. Since the multi-protocol
topology is essentially identical, it allows a single SPF calculation to apply to both protocol
stacks at the same time, simplifying the database calculation and protocol overhead of IS-IS.
In other words, for single topology IS-IS to work, each interface that runs IPv4 must also run
IPv6, and each interface that runs IPv6 must also run IPv4.
Note that by default, IS-IS instances in regular IOS run in Single Topology mode, while IOS XR
IS-IS instances run in Multi Topology mode. These modes are not compatible with each other and must
be configured to match
11
Example :
interface FastEthernet0/0
ip router isis
ipv6 router isis
!
router isis
net 49.0001.0000.0000.0001.00
is-type level-2-only
passive-interface Loopback0
IS-IS & IPv6/IPv4 Multi Topology

In Multi Topology IS-IS, separate protocol stacks maintain separate database structures and use
separate SPF runs, which means that one topology is independent of another. Multi Topology IS-IS is
most useful in practical IPv4 to IPv6 migration scenarios
The following commands should be typed on all routers , which allow the network admin to have
independent control over ISIS metrics from each of the Protocols (isis for ipv4 , isis for ipv6)
router isis
address-family ipv6
multi-topology
Example :
interface FastEthernet0/0.23
isis metric 20
!
interface FastEthernet0/0.24
isis ipv6 metric 20
!
router isis
metric-style wide
!
address-family ipv6
multi-topology
Final Comparison between IS-IS vs OSPF

Similarities:
 Both are Link State Routing Protocols using the Dijkstra SPF Algorithm
 Both are Interior Gateway Protocols (IGP) ,They distribute routing information between routers
belonging to a single Autonomous System (AS)
 Both support for:

1. Classless Inter-Domain Routing (CIDR)
2. Variable Subnet Length Masking(VLSM)
3. Authentication
4. Multi-path
5. IP unnumbered links
12
Terminology:
13
features OSPF IS-IS

router ID router ID system ID
disconnect backbone virtual-link not supported
on the ABR, area is per
area separation on the link, area is per router
interface
transport protocol IP datalink
neighbor discovery IP multicast to 224.0.0.5 Layer 2 multicast
support IPv6 OSPFv3 IS-IS support IPv6 with TLV extension
dual topology on supported dual topology, one for IPv4
not supported
single process and IPv6
Totally Stubby Area option to configure the only option for level 1 area
IP subnets can be branch or
SPF leaf IP subnets are leaf on the SPF tree
leaf on the SPF Tree
easy with TLV, extended to support
easily expendable not easy
TRILL and OTV to carry MAC, and IPv6
default route to totally
ABR advertises default route attached bit from L1/L2 router
stubby area
 L1/L2 router. L1 routes outes are
 ABR. Summarization
summarized to L2 routes
can be applied to both
 When redistribution (ASBR),
summarization directions
external routes are summarized to
 ASBR
L1 or L2 routes
only advertise route

? Yes
installed in RIB
advertise routes from
another area into stub regular area, stub area route leaking
area
 intra-area routes are  Up/Down Bit
prevent routing loop  L1 route is preferred over L2
preferred over inter-area
on between areas with routes route
multicast ABR
many types per router
LSA types Just one LSP per router
(1,2,3,4,5,7)
Multiple Access DIS, One LSP for per multiple access
DR, BDR, LSA type 2
Network optimization network. does not support backup DIR
LSA CSNP contains full LSP info, PSNP is
LS Request and Update
Acknowledgement the acknowledgement and request
LSA Max timer Max Age Timer (3600 default) Remaining Life Time (1200 default)
authentication md5 (ipsec for OSPFv3) md5
MPLS TE Support Yes Yes
14
Route Tag Only external routes Yes, all routes

 P2P
 Broadcast  P2P
Network Type  Non-broadcast  Broadcast
 point-to-multipoint
BGP Slow
Not supported Overload Bit
Convergence Support
DIS is preempt, new router with higher
Designated Router
DR is not preempt, priority will take over and become the
Preemptive
new active DIS
Unrecognized LSA Not flooded ignored but flooded
Summarization at ASBR and ABR at ASBR and L1/L2 router
MD5 (IPSEC AH,ESP for cleartext and md5, separate
authentication
OSPFv3) authentication for Hello and LSP
all interface default to 10, and can be
changed to max 64. total metrics for the
default metrics is reference is
network is 1023. For larger network, use
metrics 100Mbps, it can be changed to
wide metric. Route leaking between areas
other number
require narrow and wide metric, MPLS-
TE supports wide metric only
any areas, level 1 or level 2 or level 1-2
anywhere except in stub area.
routers. default to internal route, can be
default to O2 external route
changed to external route, metric of 64 is
Redistribution (IGP metric is ignored), can be
added to external route. internal route is
changed to O1 route, O1 is
recommended. wide metric does not use
preferred over O2
external route
P2P, broadcast, P2MP,P2MP
Network Types P2P, Broadcast
nonbroadcast, NBMA
There are four types of LSPs: Level 1
Link State Packet pseudonode, Level 1 nonpseudonode,
Many, LSA 1,2,3,4,5,7
Types Level 2 pseudonode, and Level 2
nonpseudonode
The IS-IS backbone is a contiguous
Backbone Area area 0 collection of Level 2-capable routers,
each of which can be in a different area
Source for above table : https://ccdewiki.wordpress.com/2013/07/05/ospf-and-is-is-comparison/
15
IS-IS Design Considerations
 ISIS does not have a backbone area as such (like OSPF) , Instead the backbone is the contiguous
collection of Level-2 capable routers
 ISIS area borders are on links, not routers
 ISPs usually only use one area Multiple areas only come into consideration once the network is
several hundred routers big
 NET begins with 49 “Private” address range
Scaling Issues
Areas vs. single area
 Use areas where sub-optimal routing is not an issue areas with one single exit point
 Start with L2-only everywhere Future implementation of level-1 areas will be easier Backbone
continuity is ensured from star
Less than 400 IS-IS routers in the backbone is quite doable

Make sure in your Design so that backbone can NOT be partitioned
16
Some IS-IS Best Practice

 Increase ISIS default metric
Default value is 10
All interfaces in both L1 and L2 have this value
Not useful if configured value is “accidentally”removed - a low priority
interface could end up taking full load by mistake
Configure a “very large”value as default
metric 100000
 Tell the IS to ignore LSP's with an incorrect data-link checksum,rather than purge them
Purging LSP's with a bad checksum causes the initiating IS to regenerate that LSP, which could overload
the IS if perpetuated in a cycle So rather than purge them, ignore them.
ignore-lsp-errors
 Enable iSPF (incremental SPF).

This, in the long run, reduces CPU demand because SPF calculations are run only on the affected
changes in the SPT.
As this is a Level-1/Level-2 router, enable iSPF at both levels 60 seconds after the command has been
entered into the configuration.
Note that IOS only supports iSPF for IPv4.
ispf level-1-2 60
 Customize IS-IS throttling of SPF calculations.

Good for when you also use BFD for IS-IS.
These are recommended values for fast convergence.
spf-interval 5 1 20
 Customize IS-IS throttling of PRC calculations.

PRC calculates routes without performing a full SFP calculation.
This is done when a change is signaled by another IS, but without a corresponding change in the basic
network topology, e.g., the need to reinstall a route in the IS-IS RIB.
prc-interval 5 1 20
 Customize IS-IS throttling of LSP generation.

lsp-gen-interval 5 1 20
 Enable IS-IS fast-flooding of LSP's.

This tells the IS to always flood the LSP that triggered an SPF before the router actually runs the SPF
computation.
This command used to be 'ip fast-convergence' and has since been replaced from IOS 12.3(7)T.
Below, we shall tell the IS to flood the first 10 LSP's which invoke the SPF before the SPF computation is
started
fast-flood 10
17
 Enable IS-IS IETF Graceful Restart.

This ensures an IS going through a control plane switchover continues to forward traffic as if nothing
happened
Software and platform support is limited, so check whether your particular platform/code supports this
Also, deploy only if it's necessary.
nsf ietf
 Tell IS-IS to ignore the attached bit

The Attached bit is set when an L1/L2 IS learns L1 routes from other L1 routers in the same area
The Attached bit causes the installation of an IS-IS-learned default route in the IS-IS RIB on L1 routers in
the same area, as well as in the forwarding table if IS-IS is the best routing protocol from which the
default route was learned –this can lead to suboptimal routing.
ignore-attached-bit
 Wait until iBGP is running before providing transit path

set-overload-bit on-startup wait-for-bgp
Avoids blackholing traffic on router restart
Causes ISIS to announce its prefixes with highest possible metric until iBGP is up and running
When iBGP is running, ISIS metrics return to normal, make the path valid
IS-IS show commands
show clns
Shows the global CLNS status as seen on the router, e.g
show clns neighbors
Shows the neighbour adjacencies as seen by the router
show clns interface
Shows the CLNS status on a router interface
Show clns protocol
Displays the status of the CLNS protocol on the router
show clns traffic
Shows CLNS traffic statistics and activity for the network
show isis database
Shows the ISIS link state database
show isis rib
display paths for a specific route or for all routes under a major network that are stored in the IP local
Routing Information Base (RIB)
show isis topology
display a list of all connected routers in all areas
show isis fast-reroute
display information about (IS-IS) Fast Reroute (FRR) configurations
show isis hostname
display the router-name-to-system-ID mapping table entries for an System (IS-IS) router
18
IS-IS set-overload-bit command

To configure the router to signal other routers not to use it as an intermediate hop in their shortest path
first (SPF) calculations, use the set-overload-bit command in router configuration mode. To remove the
designation, use the no form of this command.
set-overload-bit [on-startup {seconds | wait-for-bgp}] [suppress [[interlevel] [external]]]
on-startup
(Optional) Sets the overload bit upon the system starting up. The overload bit remains set for the
number of seconds configured or until BGP has converged, depending on the subsequent argument or
keyword specified.
seconds
(Optional) When the on-startup keyword is configured, causes the overload bit to be set upon system
startup and remain set for the specified number of seconds. The range is from 5 to 86400 seconds.
wait-for-bgp
(Optional) When the on-startup keyword is configured, causes the overload bit to be set upon system
startup and remain set until BGP has converged.
suppress
(Optional) Causes the type of prefix identified by the subsequent keyword or keywords to be
suppressed.
interlevel
(Optional) When the suppress keyword is configured, prevents the IP prefixes learned from another IS-IS
level from being advertised.
external
(Optional) When the suppress keyword is configured, prevents the IP prefixes learned from other
protocols from being advertised.
This command forces the router to set the overload bit (also known as the hippity bit) in its non
pseudonode link-state packets (LSPs). Normally, the setting of the overload bit is allowed only when a
router runs into problems. For example, when a router is experiencing a memory shortage, it might be
that the link-state database is not complete, resulting in an incomplete or inaccurate routing table. By
setting the overload bit in its LSPs, other routers can ignore the unreliable router in their SPF
calculations until the router has recovered from its problems.
The result will be that no paths through this router are seen by other routers in the IS-IS area. However,
IP and Connectionless Network Service (CLNS) prefixes directly connected to this router will still be
reachable.
This command can be useful when you want to connect a router to an IS-IS network but do not want
real traffic flowing through it under any circumstances. Examples situations are as follows:
19
•A test router in the lab, connected to a production network.
•A router configured as an LSP flooding server, for example, on a nonbroadcast multiaccess (NBMA)
network, in combination with the mesh group feature.
•A router that is aggregating virtual circuits (VCs) used only for network management. In this case, the
network management stations must be on a network directly connected to the router with the set-
overload-bit command configured.
Unless you specify the on-startup keyword, this command sets the overload bit immediately.
In addition to setting the overload bit, you might want to suppress certain types of IP prefix
advertisements from LSPs. For example, allowing IP prefix propagation between Level 1 and Level 2
effectively makes a node a transit node for IP traffic, which might be undesirable. The suppress keyword
used with the interlevel or external keyword (or both) accomplishes that suppression while the overload
bit is set.
Examples
The following example sets the overload bit upon startup and until BGP has converged, and suppresses
redistribution between IS-IS levels and suppresses redistribution from external routing protocols while
the overload bit is set:
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
ip router isis
router isis
net 49.0001.0000.0000.0001.00
set-overload-bit on-startup wait-for-bgp suppress interlevel external
20
IS-IS Labs
On Lab 1 I will use the following topology with the following pre-configuration:
R1
int f0/0
ip add 10.125.125.1 255.255.255.0
no sh
int loop0
ip add 1.1.1.1 255.255.255.255
R5
int f0/0
ip add 10.125.125.5 255.255.255.0
no sh
int loop0
ip add 5.5.5.5 255.255.255.255
R2
int f0/0
ip add 10.125.125.2 255.255.255.0
no sh
int loop0
ip add 2.2.2.2 255.255.255.255
int s1/0
ip add 10.23.23.2 255.255.255.0
no sh
int f0/1
ip add 20.20.20.2 255.255.255.0
no sh
router ospf 1
router-id 0.0.0.2
network 20.20.20.2 0.0.0.0 are 0
21
R3
int f0/0
ip add 10.34.34.3 255.255.255.0
no sh
int loop0
ip add 3.3.0.3 255.255.255.0
int loop1
ip add 3.3.1.3 255.255.255.0
int loop 2
ip add 3.3.2.3 255.255.255.0
int loop 3
ip add 3.3.3.3 255.255.255.0
int s1/0
ip add 10.23.23.3 255.255.255.0
no sh
int f0/1
ip add 30.30.30.3 255.255.255.0
no sh
router eigrp 100
no au
network 30.30.30.3 0.0.0.0
R4
int f0/0
ip add 10.34.34.4 255.255.255.0
no sh
int loop0
ip add 4.4.4.4 255.255.255.255
OSPF-R
int f0/0
ip add 20.20.20.20 255.255.255.0
no sh
int loop 0
ip add 192.168.2.20 255.255.255.0
router ospf 1
router-id 0.0.0.20
network 0.0.0.0 255.255.255.255 area 0
EIGRP-R
int f0/0
ip add 30.30.30.30 255.255.255.0
no sh
int loop 0
ip add 192.168.3.30 255.255.255.0
router eigrp 100
no au
network 192.168.3.30 0.0.0.0
network 30.30.30.30 0.0.0.0
22
Lab 1 Basic & Advanced IS-IS Configuration
R1
int f0/0
ip router isis
int loop0
ip router isis
router isis
net 49.0125.1111.1111.1111.00
passive-interface loop0
R5
int f0/0
ip router isis
int loop0
ip router isis
router isis
net 49.0125.5555.5555.5555.00
R2
int f0/0
ip router isis cbtme
int loop0
router isis cbtme
net 49.0125.2222.2222.2222.00
int s1/0
23
R3
int s1/0
ip router isis
int range loop0 - 3
ip router isis
int f0/0
ip router isis
router isis
net 49.0034.3333.3333.3333.00
R4
int loop0
ip router isis
int f0/0
ip router isis
router isis
net 49.0034.4444.4444.4444.00
Verifications
R4#sh ip route isis

1.0.0.0/32 is subnetted, 1 subnets
i L2 1.1.1.1 [115/40] via 10.34.34.3, FastEthernet0/0
R4#sh isis nei

System Id Type Interface IP Address State Holdtime Circuit Id
R3 L1 Fa0/0 10.34.34.3 UP 21 R4.02
R3 L2 Fa0/0 10.34.34.3 UP 25 R4.02
Notice the following

R4 is getting all routes from R3 , any routes not belong to same area considered as I L2 routes
R4 established L1 & L2 adjacencies with R3 and built separated databases for each
R3#sh ip route isis

24
i L2 1.1.1.1 [115/30] via 10.23.23.2, Serial1/0

i L2 2.2.2.2 [115/20] via 10.23.23.2, Serial1/0
i L2 5.5.5.5 [115/20] via 10.23.23.2, Serial1/0
i L2 10.125.125.0 [115/20] via 10.23.23.2, Serial1/0
R3#sh isis nei

R2 L2 Se1/0 10.23.23.2 UP 21 00
R4 L1 Fa0/0 10.34.34.4 UP 7 R4.02
R4 L2 Fa0/0 10.34.34.4 UP 8 R4.02
R2#sh ip route isis

i L2 3.3.0.0 [115/20] via 10.23.23.3, Serial1/0
i L2 3.3.1.0 [115/20] via 10.23.23.3, Serial1/0
i L2 3.3.2.0 [115/20] via 10.23.23.3, Serial1/0
i L2 3.3.3.0 [115/20] via 10.23.23.3, Serial1/0
i L2 4.4.4.4 [115/30] via 10.23.23.3, Serial1/0
i L2 10.34.34.0 [115/20] via 10.23.23.3, Serial1/0
R2#sh isis nei

R1 L1 Fa0/0 10.125.125.1 UP 25 R5.01
R1 L2 Fa0/0 10.125.125.1 UP 28 R5.01
R3 L2 Se1/0 10.23.23.3 UP 22 00
R5 L1 Fa0/0 10.125.125.5 UP 7 R5.01
R5 L2 Fa0/0 10.125.125.5 UP 9 R5.01
R1#sh ip route isis

25

R1#sh isis nei

R2 L1 Fa0/0 10.125.125.2 UP 26 R5.01
R2 L2 Fa0/0 10.125.125.2 UP 29 R5.01
R5 L1 Fa0/0 10.125.125.5 UP 9 R5.01
R5 L2 Fa0/0 10.125.125.5 UP 8 R5.01
R5#sh ip route isis

R5#sh isis nei

R1 L1 Fa0/0 10.125.125.1 UP 25 R5.01
R1 L2 Fa0/0 10.125.125.1 UP 21 R5.01
R2 L1 Fa0/0 10.125.125.2 UP 22 R5.01
R2 L2 Fa0/0 10.125.125.2 UP 24 R5.01
R5#sh isis topology

IS-IS paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
R1 10 R1 Fa0/0 ca01.0fa4.0000
R2 10 R2 Fa0/0 ca02.0bbc.0008
R5 --
IS-IS paths to level-2 routers

System Id Metric Next-Hop Interface SNPA
R1 10 R1 Fa0/0 ca01.0fa4.0000
R2 10 R2 Fa0/0 ca02.0bbc.0008
26
R3 20 R2 Fa0/0 ca02.0bbc.0008
R4 30 R2 Fa0/0 ca02.0bbc.0008
R5 --
R5#sh isis database

IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R1.00-00 0x00000006 0xA52D 947 1/0/0
R2.00-00 0x00000004 0x9104 947 1/0/0
R5.00-00 * 0x00000004 0x69B7 949 1/0/0
R5.01-00 * 0x00000002 0xCEC6 592 0/0/0
R1.00-00 0x00000008 0x2386 621 0/0/0
R2.00-00 0x00000005 0x3051 942 0/0/0
R3.00-00 0x00000004 0x9FB1 941 0/0/0
R4.00-00 0x00000003 0xA876 782 0/0/0
R4.02-00 0x00000001 0x7BFB 779 0/0/0
R5.00-00 * 0x00000006 0xCA33 623 0/0/0
R5.01-00 * 0x00000002 0x809D 591 0/0/0
R5#
Notice Default IS-IS behavior here
Any router consider himself L1 & L2 router and build one database for each , even when they all
belong to same area such as R1 , R5 and R2 in area 49.0125
R2 is connected to R3 which is exist in different area , area 49.0034 , R2 here automatically consider
the link between him and R2 as L2 only since its connect to router in different area .
As you can see we need to optimize internal routers a little bit since R1,R5 & R4 is not connect to any
other routers in different areas so Build L2 database is waste of time & resources .
27
Now let’s optimize our IS-IS topology :
R5
router isis
is-type level-1
R5#sh ip route isis

i*L1 0.0.0.0/0 [115/10] via 10.125.125.2, FastEthernet0/0
[115/10] via 10.125.125.1, FastEthernet0/0
R5#sh isis database

R1.00-00 0x00000006 0xA52D 1163 1/0/0
R2.00-00 0x00000005 0x8F05 1163 1/0/0
R2.02-00 0x00000001 0x8CA0 0 (1165) 0/0/0
R5.00-00 * 0x00000005 0x5DCC 1165 0/0/0
R5.01-00 * 0x00000003 0xCACB 1165 0/0/0
Notice that R5 is level 1 now and injected with default route from R1 & R2 ( the closest L1/L2 routers)
Let’s change R1 to L1
R1
router isis
is-type level-1
R5#clear isis *
Now R5 is getting default route from R2 only (the only L1/L2 router he knows)
R5#sh ip route isis

Also let’s check R1

R1#sh ip route isis
28

Now let’s tell R2 no need to build L2 LSDB with R1 & r5
R2
int f0/0
isis circuit-type level-1
R2#sh isis nei

R1 L1 Fa0/0 10.125.125.1 UP 22 R5.01
R3 L2 Se1/0 10.23.23.3 UP 24 00
R5 L1 Fa0/0 10.125.125.5 UP 8 R5.01
We should do the same for R4 and make it L1 and R3 int f0/0 as L1 but will keep it like that for later
practicing
Notice the AD & Metric

R5#sh ip route isis
R2#sh clns protocol cbtme | B Generate

Generate narrow metrics: level-1-2
Accept narrow metrics: level-1-2
Generate wide metrics: none
Accept wide metrics: none
As we can see by default IS-IS router support receive and send Narrow Metrics
We can make the router support Wide Metric which is important for MPLS TE
router isis cbtme

metric-style wide
29

Generate narrow metrics: none
Accept narrow metrics: none
Generate wide metrics: level-1-2
Accept wide metrics: level-1-2
Also we can make router support wide metric and receive narrow metric same time , by adding
"transition" keyword
router isis cbtme

metric-style wide transition
"transition" keyword will be useful if we have routers need to work with wide metric but still need to
process narrow metric (but not generate them)

Generate narrow metrics: none
Accept narrow metrics: level-1-2
Generate wide metrics: level-1-2
Accept wide metrics: level-1-2
Now let’s change R1 hello/hold time to 2 sec / 8 sec
int f0/0
isis hello-interval 2
isis hello-multiplier 4
Notice that unlike OSPF two ISIS neighbors can have differnt hello/dead timers
Now let’s redistribute OSPF and EIGRP into IS-IS and vice versa , in R2 & R3
R2
router ospf 1
redis isis cbtme subnets
!
router isis cbtme
redis ospf 1
R3
router eigrp 100
redis isis metric 10000 100 255 1 1500
!
router isis
redis eigrp 100
R4#sh ip route isis

30

i L2 192.168.3.0/24 [115/10] via 10.34.34.3, FastEthernet0/0
let’s say I want to change all EIGRP redistributed route metric to 30
route-map auda pre 10

match ip address 4
set metric 20
router isis
redis eigrp 100 route-map auda
access-list 4 permit any
In R3 we had four loopbacks from 0 to 4 we need to summarize them into Level 2
R3
router isis
summary-address 3.3.0.0 255.255.0.0 ?
level-1 Summarize into level-1 area
level-1-2 Summarize into both area and sub-domain
level-2 Summarize into level-2 sub-domain
metric Set metric for summay route
tag Set tag
summary-address 3.3.0.0 255.255.0.0 level-2
in R2 since we used wide metric I can change metric for this loopback 0 interface to 16777215 and
Excludes a link or adjacency from the shortest path first (SPF) calculation.
int loop0
isis metric maximum
31
R5 chosen as DIS since he had higher router-id let’s change this to make R2 is the DIS
R5#sh isis database level-1

R1.00-00 0x00000004 0x9F3F 878 0/0/0
R2.00-00 0x00000009 0x8709 819 1/0/0
R5.00-00 * 0x00000004 0x5FCB 1070 0/0/0
R5.01-00 * 0x00000004 0xC8CC 939 0/0/0
R2
int f0/0
isis priority 127
Now let’s remove summary command from R3
R1#sh ip route isis

As we can see R1 not have any routes from R3 since he is L1 router and use Default route to reach
other routers such as R3
Let’s leak 3.3.3.3 to R1
R2
access-list 1 permit 3.3.3.0 0.0.0.255
route-map RL permit 10
match ip add 1
router isis cbtme
redis isis ip level-2 into level-1 route-map RL
do clear isis *
R1#sh ip route isis

i ia 3.3.3.0 [115/158] via 10.125.125.2, FastEthernet0/0
32
Lab 2 IS-IS & Frame Relay
Routers should have the following pre-configuration

R1
int loop 0
ip add 1.1.1.1 255.255.255.0
ip router isis
int s1/0
no ip add
encap frame
int s1/0.12 multi
ip add 10.12.12.1 255.255.255.0
fram map ip 10.12.12.2 100 b
fram map ip 10.12.12.1 100
ip router isis
router isis
net 49.0001.1111.1111.1111.00
R2
int f0/0
ip add 10.23.23.2 255.255.255.0
ip router isis
isis circuit-type level-1
int loop 0
ip add 2.2.2.2 255.255.255.0
ip router isis
int s1/1
no ip add
encap frame
int s1/1.12 multi
ip add 10.12.12.2 255.255.255.0
fram map ip 10.12.12.1 200 b
fram map ip 10.12.12.2 200
ip router isis
33
router isis
net 49.0023.2222.2222.2222.00
is-type level-1-2
R3
int f0/0
ip add 10.23.23.3 255.255.255.0
ip router isis
int loop 0
ip add 3.3.3.3 255.255.255.0
ip router isis
router isis
net 49.0023.3333.3333.3333.00
is-type level-1
FRSW
frame-relay switching
interface Serial1/0
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 100 interface Serial1/1 200
!
interface Serial1/1
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 200 interface Serial1/0 100
let’s check out Frame Relay mapping
R1#sh fram map

Serial1/0.12 (up): ip 10.12.12.1 dlci 100(0x64,0x1840), static,
CISCO, status defined, active
Serial1/0.12 (up): ip 10.12.12.2 dlci 100(0x64,0x1840), static,
broadcast,
CISCO, status defined, active
Maps looks good but when type sh ip route isis we will see nothing shown
So let’s check ISIS neighbor table
R1#sh isis nei

no neighbors found !!
34
That is because IS-IS over frame relay will need special treatment since the CLNS data must also be
mapped. Let’s fix it:
R1
int s1/0.12
fram map clns 100 b
R2
int s1/1.12
fram map clns 200 b
Now everything is fine and adjacencies established:
R1#sh isis nei

R2 L2 Se1/0.12 10.12.12.2 UP 9 R2.03
R1#sh ip route isis
i L2 2.2.2.0 [115/20] via 10.12.12.2, Serial1/0.12
i L2 10.23.23.0 [115/20] via 10.12.12.2, Serial1/0.12
Another issue we should take care of is what if we change R1 int s1/0 mtu to 2000
int s1/0
sh
mtu 2000
no sh
When isis router send hello packet it pads the packet up to default MTU size
R2 will have problem to handle hello messages come from R1
R1
int s1/0.12
clns mtu 1500
Now R1 will make sure to send hello messages as 1500 default
Also we can use

R1
int s1/0.12
no isis hello padding < disable padding
Disable IIH padding is best practice because on high speed links, it may strain huge buffers; and on low
speed links, it may waste bandwidth and affect other time sensitive applications, e.g., voice.
Disabling IIH padding is safe because IOS will still pad the first 5 IIH'sto the full MTU to aid in the
discovery of MTU mismatches.
35
Lab 3 IS-IS & IPv6/IPv4 Single Topology
Your routers should be pre-configured with the following :
R1
ipv6 uni
int f0/0
ip add 10.12.12.1 255.255.255.0
ipv6 add 2001:10:12:12::1/64
no sh
int loop 0
ip add 1.1.1.1 255.255.255.255
ipv6 add 2000:1:1:1::1/128
R2
ipv6 uni
int f0/0
ip add 10.12.12.2 255.255.255.0
ipv6 add 2001:10:12:12::2/64
no sh
int loop 0
ip add 2.2.2.2 255.255.255.255
ipv6 add 2000:2:2:2::2/128
int f0/1
ip add 10.23.23.2 255.255.255.0
ipv6 add 2001:10:23:23::2/64
no sh
int f1/0
ip add 10.24.24.2 255.255.255.0
ipv6 add 2001:10:24:24::2/64
no sh
36
R3
ipv6 uni
int f0/1
ip add 10.23.23.3 255.255.255.0
ipv6 add 2001:10:23:23::3/64
no sh
int f1/1
ip add 10.34.34.3 255.255.255.0
ipv6 add 2001:10:34:34::3/64
no sh
int f0/0
ip add 10.36.36.3 255.255.255.0
ipv6 add 2001:10:36:36::3/64
no sh
int loop 0
ip add 3.3.3.3 255.255.255.255
ipv6 add 2000:3:3:3::3/128
R4
ipv6 uni
int f1/0
ip add 10.24.24.4 255.255.255.0
ipv6 add 2001:10:24:24::4/64
no sh
int f1/1
ip add 10.34.34.4 255.255.255.0
ipv6 add 2001:10:34:34::4/64
no sh
int loop0
ip add 4.4.4.4 255.255.255.255
ipv6 add 2000:4:4:4::4/128
int f0/1
ip add 10.46.46.4 255.255.255.0
ipv6 add 2001:10:46:46::4/64
no sh
int f0/0
ip add 10.45.45.4 255.255.255.0
ipv6 add 2001:10:45:45::4/64
no sh
R5
ipv6 uni
int loop 0
ip add 5.5.5.5 255.255.255.255
ipv6 add 2000:5:5:5::5/128
int f0/0
ip add 10.45.45.5 255.255.255.0
ipv6 add 2001:10:45:45::5/64
37
no sh
int f1/0
ip add 10.56.56.5 255.255.255.0
ipv6 add 2001:10:56:56::5/64
no sh
R6
ipv6 uni
int loop 0
ip add 6.6.6.6 255.255.255.255
ipv6 add 2000:6:6:6::6/128
int f1/0
ip add 10.56.56.6 255.255.255.0
ipv6 add 2001:10:56:56::6/64
no sh
int f0/1
ip add 10.46.46.6 255.255.255.0
ipv6 add 2001:10:46:46::6/64
no sh
int f0/0
ip add 10.36.36.6 255.255.255.0
ipv6 add 2001:10:36:36::6/64
no sh
Let’s first enable ipv4 and ipv6 IS-IS using single topology
R1
int f0/0
ip router isis
ipv6 router isis
router isis
net 49.0001.1111.1111.1111.00
R2
int f0/0
ip router isis
ipv6 router isis
int f0/1
ip router isis
ipv6 router isis
int f1/0
ip router isis
ipv6 router isis
38
router isis
net 49.0001.2222.2222.2222.00
R3
int f0/0
ip router isis
ipv6 router isis
int f0/1
ip router isis
ipv6 router isis
int f1/1
ip router isis
ipv6 router isis
router isis
net 49.0001.3333.3333.3333.00
R4
int f0/0
ip router isis
ipv6 router isis
int f0/1
ip router isis
ipv6 router isis
int f1/1
ip router isis
ipv6 router isis
int f1/0
ip router isis
ipv6 router isis
router isis
net 49.0001.4444.4444.4444.00
R5
int f0/0
ip router isis
ipv6 router isis
int f1/0
ip router isis
ipv6 router isis
39
router isis
net 49.0001.5555.5555.5555.00
R6
int f0/0
ip router isis
ipv6 router isis
int f1/0
ip router isis
ipv6 router isis
int f0/1
ip router isis
ipv6 router isis
router isis
net 49.0001.6666.6666.6666.00
R1#sh ipv6 route isis

IPv6 Routing Table - Default - 16 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
I2 2000:2:2:2::2/128 [115/10]
via FE80::C802:13FF:FE38:8, FastEthernet0/0
I2 2000:3:3:3::3/128 [115/20]
I2 2000:4:4:4::4/128 [115/20]
I2 2000:5:5:5::5/128 [115/30]
I2 2000:6:6:6::6/128 [115/30]
I2 2001:10:23:23::/64 [115/20]
I2 2001:10:24:24::/64 [115/20]
I2 2001:10:34:34::/64 [115/30]
I2 2001:10:36:36::/64 [115/30]
40
I2 2001:10:45:45::/64 [115/30]
I2 2001:10:46:46::/64 [115/30]
I2 2001:10:56:56::/64 [115/40]
R1#sh ip route isis

As we can see all routers have full ipv4 & ipv6 reachability
Now I want to check the path R1 will use to reach R5 loopback0 ipv4 address & ipv6 address
R1#traceroute 5.5.5.5 num
Type escape sequence to abort.

Tracing the route to 5.5.5.5
1 10.12.12.2 160 msec 112 msec 72 msec

2 10.24.24.4 224 msec 220 msec 244 msec
3 10.45.45.5 372 msec 208 msec 316 msec
R1#traceroute 2000:5:5:5::5
Type escape sequence to abort.

Tracing the route to 2000:5:5:5::5
1 2001:10:12:12::2 4 msec 152 msec 232 msec

2 2001:10:24:24::4 216 msec 208 msec 204 msec
3 2001:10:45:45::5 348 msec 324 msec 336 msec
41
As we can see in above output that ipv4 and ipv6 traffic must follow the same path throughout the
network, because SPT (shortest path tree) for each is the same.
Also notice that both ipv4 ipv6 using same metric.
R1#sh ip route 5.5.5.5

Routing entry for 5.5.5.5/32
Known via "isis", distance 115, metric 30, type level-2
Redistributing via isis
Last update from 10.12.12.2 on FastEthernet0/0, 00:05:17 ago
Routing Descriptor Blocks:
* 10.12.12.2, from 5.5.5.5, via FastEthernet0/0
Route metric is 30, traffic share count is 1
R1#sh ipv6 route 2000:5:5:5::5

Routing entry for 2000:5:5:5::5/128
Known via "isis", distance 115, metric 30, type level-2
Route count is 1/1, share count 0
Routing paths:
FE80::C802:13FF:FE38:8, FastEthernet0/0
Last updated 00:05:33 ago
as we saw R1 using the path R2-R4 to reach R5 loop0 ipv4 address & also ipv6 address and since we
did not change the default metric 10 under any interface , IS-IS behavior here was like RIP , he choose
the shortest hops count path.
We still can change metric in some interfaces using:

interface serial 0
isis metric 15 level-1
or even change default metric in some routers using :

router isis
metric 111
But this will effect both ipv4 & ipv6 networks
42
Now let’s assume that we want ipv4 keep using this path to reach R5 loop0 but for ipv6 we want to
use R2-R3-R6 to reach R5 loop 0.
In this case we will need Multi topology to be enabled , so we can change the metric under some
interfaces for ipv6 while keep metric on same interface the same for ipv4
In all routers
router isis
metric-style wide
add ipv6
multi-topology
R2
int f1/0
isis ipv6 metric 20
R4
int f1/0
isis ipv6 metric 20
int f0/0
isis ipv6 metric 20
int f0/1
isis ipv6 metric 20
int f1/1
isis ipv6 metric 20
R5
int f0/0
isis ipv6 metric 20
Now IPv6 path changed to use R2-R3-R6 to reach R5 while IPv4 Remain using R2-R4 let’s check:
R1#traceroute 5.5.5.5 num

1 10.12.12.2 164 msec 20 msec 316 msec
2 10.24.24.4 220 msec 432 msec 192 msec
3 10.45.45.5 364 msec 428 msec 464 msec
R1#traceroute 2000:5:5:5::5
1 2001:10:12:12::2 208 msec * 124 msec
2 2001:10:23:23::3 276 msec 304 msec 216 msec
3 2001:10:36:36::6 332 msec * 200 msec
4 2001:10:56:56::5 400 msec 320 msec 488 msec
43
Lab 4 IS-IS Multi Instance
R1
int loop 0
ip add 1.1.1.1 255.255.255.255
int f0/0
ip add 10.12.12.1 255.255.255.0
no sh
ip router isis
router isis
net 49.0012.1111.1111.1111.00
R2
int loop 0
ip add 2.2.2.2 255.255.255.255
int f0/0
ip add 10.12.12.2 255.255.255.0
no sh
ip router isis
int f0/1
ip add 10.23.23.2 255.255.255.0
no sh
router isis
net 49.0012.2222.2222.2222.00
router isis cbtme

Notice when use two isis NET address on same router , system id would be the same
R2(config-router)#net 49.0023.2222.0000.2222.00
%CLNS: System ID (2222.2222.2222.00) must not change when defining additional area addresses
So I will use
net 49.0023.2222.2222.2222.00
44
R3
int loop 0
ip add 3.3.3.3 255.255.255.255
int f0/0
ip add 10.23.23.3 255.255.255.0
no sh
router isis cbtme

net 49.0023.3333.3333.3333.00
R2#sh isis nei
Area null: < our frist area created tagged with null since we did not give it specific tag name
R1 L1 Fa0/0 10.12.12.1 UP 26 R2.01
R1 L2 Fa0/0 10.12.12.1 UP 28 R2.01
Area cbtme:
R3 L1 Fa0/1 10.23.23.3 UP 8 R3.01
R1#sh ip route isis

R3#sh ip route isis

Note: we can use Multi Instance to Hide part of our network and isolate it , we will need to use redis
with route-map to let part of this isolate network communicate with outside network.
45
IS-IS Commands in IOS-XR
 Basic Configuration
First we need to name our process

RP/0/7/CPU0:R1(config)#router isis LAB
Then configure our Network Entity ( Area )
RP/0/7/CPU0:R1(config-isis)#net 49.0000.0000.0001.00
Then we assign the interfaces to the process, as well as the address family.
RP/0/7/CPU0:R1(config-isis)#int l0
RP/0/7/CPU0:R1(config-isis-if)#address-family ipv4
RP/0/7/CPU0:R1(config-isis-if-af)#exit
RP/0/7/CPU0:R1(config-isis-if-af)# exit
RP/0/7/CPU0:R1(config-isis-if)#int g0/3/0/2
Lets make loopback0 passive (advertise loopback0 but excluded from SPT)
RP/0/7/CPU0:R1(config-isis-if)#int loop0
RP/0/7/CPU0:R1(config-isis-if)#passive
Notice I did not specify an IS-IS Level when I started, but we can set this to Level-2
RP/0/7/CPU0:R1(config-isis)#is-type level-2-only
Now, when we show the config, you will notice Level-2 is set to the top of the config when applied,
RP/0/7/CPU0:R1(config-isis)#sh config
Thu Mar 29 22:10:22.326 UTC
Building configuration...
!! IOS XR Configuration 4.1.1
router isis LAB
net 49.0000.0000.0001.00
interface Loopback0
address-family ipv4 unicast
!
interface GigabitEthernet0/3/0/2
!
!
end
Now, let us commit our changes.
RP/0/7/CPU0:R1(config-isis)#commit
RP/0/7/CPU0:R1(config-isis)#exit
RP/0/7/CPU0:R1(config)#exit
46
IOS-XR commands for other topics we covered in this guide:
 Change interface network type

router isis 1
int g0/1/0/0
point-to-point
 change interface metric

router isis 1
interface g0/1/0/0
add ipv4 uni
metric 20
 BFD
router isis 1
int g0/1/0/0
bfd minimum-interval 250
bfd multipler 3 bfd fast-detect ipv4
 Autehntication
router isis 1
int g0/1/0/0
hello-password text cbtme
router isis 1
int g0/1/0/0
hello-password hmac-md5 cbtme
 Change interface Route Type

router isis 1
int g0/1/0/0
circuit-type level-2
 Route Leaking
route-policy ISIS_ROUTE_LEAKING
if destination in (3.3.3.3/32, 4.4.4.4/32) then
pass
endif
end-policy
!
router isis 1
propagate level 2 into level 1 route-policy ISIS_ROUTE_LEAKING
 Single topology
47
router isis 1
net 49.0001.0000.0000.0019.00
single-topology
!
interface Loopback0
passive
!
interface GigabitEthernet0/1/0/0.519
!
interface GigabitEthernet0/1/0/0.619
!
interface POS0/6/0/0
 Multi topology
router isis 1
metric-style wide
!
metric-style wide
no single-topology
48
Resources:
http://ieoc.com/forums/t/5373.aspx
http://www.cisco.com/c/en/us/td/docs/ios/iproute_isis/command/reference/irs_book/irs_is1.html#wp
1010942
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book/ospf-
i1.html#wp1334838385
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_isis/configuration/15-mt/irs-15-mt-
book.html
ftp://ftp.monash.edu.au/pub/bretel/cisco/Routing%20Workshop/routing-workshop2/
http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/1cfisis.html
http://rekrowten.wordpress.com/2013/09/30/learn-is-is-basic-configuration-part-1/
http://www.ciscopress.com/articles/article.asp?p=31319&seqNum=4
http://www.ciscopress.com/store/is-is-network-design-solutions-9781578702206
http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/1cfisis.html
http://www.fryguy.net/2012/09/21/ios-xr-isis/
Good Luck
CCIE / CCSI: Yasser Auda
https://www.facebook.com/YasserRamzyAuda
https://learningnetwork.cisco.com/people/yasser.r.a?view=documents
https://www.youtube.com/user/yasserramzyauda
49

Cisco

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Cisco

Hochgeladen von

Copyright:

Verfügbare Formate

IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda

IS-IS Introduction & Basic Commands

IS-IS using its own terminology such as:

ES-IS = protocol used by ES & IS to communicate with each other’s

To run ISIS in your router :

To Shutdown ISIS in router :

To Shutdown ISIS under interface :

IS-IS NET address

NSAP has two major parts : area id & system id

IS-IS Adjacencies Types ( Level 1 , Level 2 , Level 1/2)

-IS-IS Provide routing to :

So in OSPF we can have:

How Adjacencies Happen ?

IS-IS Routers Types ( Level 1 , Level 2 , Level 1/2)

Area ID and Adjacencies

To change Level type for IS-IS router :

DIS designated Intermediate System

We can see this LAN-ID using command : show clns is-neighbors

ISIS Network Types

IS-IS Packets Types

We have three IS-IS packet types :

Hello packets have the following subcategories:

ES Hello (ESH) = hello sent by ES

on DIS hello is 1 to 3 of the configured timers

IS-IS Metric , Route Selection & Route Leaking

We have two different types of metric with IS-IS :

To change metric we need to apply the following command under interface

IS-IS route types

Internal Routes are the paths to destinations within as IS-IS Domain

L1 routes are normally Internal, unless we change this manually

IS-IS path selection

1- if multiple routers to a destination exist , L1 route is preferred over L2 route

Router L1/L2 send 0.0.0.0/0 to L1 routers (Set as attached bit ATT)

R1 & R3 will assume by default that each other are L1/L2

Now R1 will be injected with ATT (default route ) from R2

We can even specific specific L2 routes to be injected in R1 by using ACL

So Route leaking can be used for :

access-list 101 deny ip host 1.1.1.1 host 255.255.255.255

-U/D bit prevent routing loops by doing the following

Run BFD for IS-IS

IS-IS Default Route

IS-IS Single Topology, Multiple Topology

IS-IS & IPv6/IPv4 Single Topology

IS-IS & IPv6/IPv4 Multi Topology

Final Comparison between IS-IS vs OSPF

 Both support for:

features OSPF IS-IS

only advertise route

Route Tag Only external routes Yes, all routes

IS-IS Design Considerations

Less than 400 IS-IS routers in the backbone is quite doable

Some IS-IS Best Practice

 Enable iSPF (incremental SPF).

 Customize IS-IS throttling of SPF calculations.

 Customize IS-IS throttling of PRC calculations.

 Customize IS-IS throttling of LSP generation.

 Enable IS-IS fast-flooding of LSP's.

 Enable IS-IS IETF Graceful Restart.

 Tell IS-IS to ignore the attached bit

 Wait until iBGP is running before providing transit path

IS-IS show commands

IS-IS set-overload-bit command

set-overload-bit [on-startup {seconds | wait-for-bgp}] [suppress [[interlevel] [external]]]