Beruflich Dokumente
Kultur Dokumente
IS-IS (Intermediate System to Intermediate System) was developed as part of the Open System
Interconnection (OSI) stack of protocols.
IS-IS routing protocol is an Link State Interior Gateway Protocol (IGP) standardized by the Internet
Engineering Task Force (IETF) and commonly used in large Service Provider networks. IS-IS may also be
deployed in extremely large Enterprise networks.
IS-IS has been adapted by IETF to carry IP network information, and this form is called Integrated IS-IS.
Integrated IS-IS has the most important characteristic necessary in a modern routing protocol: It
supports VLSM and converges rapidly. It is also scalable to support very large networks.
CLNS
OSI CLNS is a network layer service similar to bare IP service. A CLNS entity communicates over
Connectionless Network Protocol (CLNP) with its peer CLNS entity.
In the OSI architecture there are "systems": Routers are ISs, and hosts are End Systems (ESs).
ESs themselves have no routing information; they discover ISs (routers) by listening to Intermediate
System Hellos (ISHs) and sending traffic to any random router. ESs send End System Hellos (ESHs); they
do not choose a designated router to handle all traffic, and optimal routing is accomplished via
redirects.
ISs discover ESs by listening to ESHs, and ISs send ISHs to ESs.
There is no Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP) or Interdomain
Routing Protocol (IDRP) for CLNS, but End System-to-Intermediate System (ES-IS) Protocol provides the
same kind of reporting functions for ISs and ESs. The ES-IS Protocol is defined in ISO 9542.
IS-IS is an Interior Gateway Protocol (IGP) for routing OSI. IS-IS packets are not encapsulated in CLNS or
IP but are encapsulated directly in the data-link layer. The IS-IS protocol family is OSI, and values such as
0xFE and 0xFEFE are used by the data-link protocol to identify the Layer 3 protocol as OSI.
Configure tags to identify multiple IS-IS processes by giving a meaningful name for each routing process.
If the tag is not specified, a null tag (0) is assumed and the process is referenced with a null tag. The tag
1
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
name must be unique among all IP router processes for the device. when IS-IS had more than one tag ,
we call it Multi-Instance router.
To enable ISIS under interface:
Int f0/0
Ip router isis or ip router isis cbtme ( in case we used tag such as cbtme)
So we can say IS-IS addresses are called NETs, or network entity titles, NETs can be 8 to 20
bytes long, but are generally 10 bytes long and are written as shown in this example:
49.0001.1921.6800.1002.00
Area identifier: The first three bytes are the area ID. The first byte of this example — 49 —
is the address family identifier (AFI) of the authority, which is equivalent to the IP address space
that is assigned to an autonomous system. The AFI value 49 is what IS-IS uses for private
addressing, which is the equivalent of RFC 1918 address space for IP protocols.
The second two bytes of the area ID — 0001 — represent the IS-IS area number. In this
example, the area number is 1.
This Identifier used for routing between areas , Unlike OSPF area id is associated with entire
router not just an interface
System identifier: The next six bytes identify the node (that is, the router) on the network.
The system identifier is equivalent to the host or address portion on an IP address
This identifier used for routing within area , each router in same area must have unique system
ID , system id here is analogous to OSPF router-id
NET selector: The final two bytes are the NET selector (NSEL). For IS-IS, they must always be 00, to
indicate “this system.” In another meaning it should be always 00 since we write this NET address for
Router (system)
2
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
Any IS-IS router by default can have up to 3 NET address , we can change this up to 234 using the
following command :
Router isis
max-area-addresses 234
-we can tell the router to run IS-IS but with Level 1 support only or Level 2 only or both , we use
command under isis router process is-type [level-1 | level-1-2 | level-2-only]
If we want to change only Level support between two routers we can use the following command under
interface connect them to each other :
isis circuit-type [level-1 | level-1-2 | level-2-only]
Just remember Level 1 path preferred over Level 2 path ( if both exists)
With IS-IS normally all routers belong to single area, the area border are on the link between routers un
like OSPF.
(Still we can have router belong to more than one area or in another meaning he will have more than
one NET address )
Where R2 is ABR with one interface belong to area 0 and one interface belong to area 2
While in IS-IS
Where R2 is belong to area 49.0002 and R1 belong to area 49.0001 but the link between them is making
the two areas can talk to each other’s
3
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
Level 1 router :
Is internal to an area , forms adjacencies with L1 & L1/2 routers , will use the closest L1/2 router to reach
any outside routes exists in other areas
L1 database should be identical with any L1 or L1/2 routers in his area ( same concept we had with LSDB
in OSPF) , Level 1 is like OSPF not so totally stubby area NSSA
Level 2 router :
Is backbone router , forms adjacencies with L2 & L1/2 routers
In ISP core routers r are L2 in every interface , if ISP use OSPF then all interfaces in area
Level 2 Routers / links must be contiguous , cisco not support isis virtual link
Level1/2 router:
Act as ABR but belong to single area only as I mentioned before , will connect L1 routers areas with
backbone L2 areas , , forms adjacencies with L1 , L2 & L1/2 routers
When L1/L2 router send L1 LSP into an area , it sets ATT (attached) bit in the LSPs (link state PDU) to
signal it self as gateway to that area , Simply he will inject his L1 neighbors with Default route
Automatically
by default IS-IS router is L1 / L2 but this create overhead since we create two LSP databases
4
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
Adjacencies issues
1-isis use CLNS as transport not IP , this will be tricky with multipoint NBMA scuh as FR multipoint , we
will see that in Lab2
2-level of adj must match , if its level 1 then area also must match between both routers
Adjacencies filtration
We can do some Adjacencies filtration such as :
clns filter-set AF deny 49.0001.0000.0000.000c.00 < Denies only this NET address
clns filter-set AF deny 48.****.****.0000.00**.00 < Denies all NET address start with 48 and with any
starter 4bits in system id with 0000.00 before the end (using wildcard of hosts )
clns filter-set AF permit default < Allows Any other neighbors
interface fa0/0
isis adjacency-filter AF < Applies the CLNS filter to the interface
Passive Interface
Unlike others IGP , passive interface in IS-IS has different behavior
when IS-IS interface configured as passive it still advertised into IS-IS, but will not form any
adjacencies on the interface it self
Configuring "passive -interface" for an IOS interface will remove the interface level command "ip
router isis" and metric value does not apply anymore.
Best Practice is Allow the Loopback interface IP address to be carried within IS-IS,while preventing it
from being considered in the flooding process.
passive-interface Loopback0
in IS-IS subnetwork point of attachment (SNPA) mean the L2 address so If all interface priorities are
the same, the router with the highest subnetwork point of attachment (SNPA) is selected. The SNPA is
the MAC address on a LAN, and the local data link connection identifier (DLCI) on a Frame Relay
network.
unlike OSPF we can use 0 zero and again unlike OSPF it mean involve in election but with less priority to
be DIS, so zero here is just like giving DR priority 1 in OSPF.
We can have separate DIS election for L1 and L2 , the elected DIS router might be different for both
levels
One of the main concerns here that if we add new IS-IS router with higher priority or equal priority but
with higher mac address will then the new DIS
5
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
What is Circuit-id ?
It’s a number uniquely identifies an IS-IS interface
In broadcast networks this number used with system id of our DIS to create LAN-ID
When this number added with DIS system id we call it pseudonode-id
Example :
System id for DIS is 3333.3333.3333
Pseudonode id is 05
Then LAN-ID will be 3333.3333.3333.05
In point to point we do not need DIS , L1 & L2 LSPs (routes or aka LSA in ospf) we will be send directly
In broadcast type we always had DIS , LSP send by multicast to all neighbors
Hello default interval is 10 seconds (range 1-65535) but for DIS in NBMA is 3.3 sec , default hold time
interval is 30 seconds (using hello interval multiplier of 3)
6
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
To change Per-interface
isis hello-interval sec level
Isis hello-multiplier sec level < Hello down = hello * multiplier
Int f0/0
Isis hello-interval 1 < 1 sec
Isis hello-multiplier 4 < hold time = 4* 1 = 4 sec
LSP timers
Router isis
Lsp-refresh-interval 600 (600 mean 10 m , default is 15m , indicate that LSP supposed to be refreshed
every 10m)
Router isis
Max-lsp-lifetime 2400 ( 2400 mean 40 m , default 20 m , indicate how long LSP can stay in LSDB without
being refreshed , after that will be dropped from LSDB)
IS-IS Metric
IS-IS Metric is just a number between 1 and 63 , the default is 10 , since all routers will have the same
metric , the IS-IS metrics are similar to hop-count metrics.
We highly recommend that you change that and configure metrics on all interfaces. If you do not do so,
the IS-IS metrics are similar to hop-count metrics. ( will act a little bit like RIP)
Total cost of an IS-IS router is the sum of the metric for each outgoing interface to the destination
Remember Complete path metric 1-1023 10bits + network metric 6bit called Narrow Metric
To change Metric Type from Narrow to Wide:
router isis
metric-style wide ( from 1 to 16777214 instead of 63 , good for MPLS TE) 24bit
7
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
Remember complete path metric is 32bit + network metric 24bit called Wide Metric
Run both types of metrics will be useful when we have specific scenarios such as two routers using wide
and one router in between using narrow , so we will need to make all of them run both types.
We highly recommend that you configure the metrics on all interfaces. If you do not do so, all links will
have the same cost and the cost to reach any node in the network will be logically equivalent to the
number of hops.
Note: if no path present in routing table on L1 routers , traffic will send to metrically closest L1/L2 router
Note : ISIS Administrative Distance is 115
Route Leaking
As you knew so far Router exist in single area only called L1 router , Router exists in Different areas
called L2 router , Router in between areas called L1/L2 router
Normally advertising routes from L2 areas to L1 areas is prohibited and instead L1/L2 routers would set
the ATT bit when L1 routers were advertised into L1 areas ,So L1 routers can install default route in their
RIB pointing to the L1/L2 router.
If we want to inject some routes from L2 areas into L1 areas we will need to use Route Leaking, let’s
see the following topology :
8
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
In R2 (ABR) :
Route-map RL per 10
Match route-type level-2
Router isis
Redis isis ip level-2 into level 1 route-map RL
In IOS-XR :
Propagate level 2 into level 1 route-policy RL
IOS example 1:
router isis
redistribute isis ip level-1 into level-2 distribute-list 101
redistribute isis ip level-2 into level-1 distribute-list 100
!
access-list 100 permit ip host 5.5.5.5 host 255.255.255.255
!
access-list 101 deny ip host 2.2.2.2 host 255.255.255.255
access-list 101 permit ip any any
IOS example 2:
router isis
redistribute isis ip level-1 into level-2 distribute-list 101
redistribute isis ip level-2 into level-1 distribute-list 100
!
access-list 100 permit ip host 6.6.6.6 host 255.255.255.255
9
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
-RFC 2966 defined a bit called U/D (up/down bit) to prevent routing loops when using route-leaking
-leaking only loopbacks interfaces is common when IS-IS used with MPLS LDP
IS-IS summarization
L1/L2 routers can summarize routes within their area
Summarization must be configured identically for all L1/L2 routers in an area
L1 routes cannot be summarized within an area
any more-specific destination address fall within the summarization range will be suppressed
automatically
the metric for summary route will be the smallest metric of all the more specific addresses
Router isis
Summary-address 3.3.0.0 255.255.0.0 (we can specifying levels as well )
Multiple groups of addresses can be summarized for a given level. Routes learned from other routing
protocols can also be summarized. The metric used to advertise the summary is the smallest metric of
all the more-specific routes. This command helps reduce the size of the routing table.
IS-IS Security
IS-IS encapsulate its messages directly into data link frame
A unique security advantage of IS-IS compared to other IP routing protocols is that IS-IS packets are
directly encapsulated over the data link and are not carried in IP packets or even CLNP packets.
Therefore, to maliciously disrupt the IS-IS routing environment, an attacker has to be physically attached
to a router in the IS-IS network, a challenging and inconvenient task for most network hackers. Other IP
10
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
routing protocols, such as RIP, OSPF, and BGP, are susceptible to attacks from remote IP networks
through the Internet because routing protocol packets are ultimately embedded in IP packets, which
makes them susceptible to remote access by intrusive applications.
I strongly recommend you to check the ISIS packet using network analyzers such as wireshark , some
packets are ready to use here :
http://packetlife.net/captures/protocol/isis/
if you do not have wireshark you can install it for free or use the cloud version like below :
https://www.cloudshark.org/captures/002cf25c04ba
from http://packetlife.net/captures/ISIS_p2p_adjacency.cap
IS-IS Authentication
We can use clear text or MD5 for IS-IS Authentication
Clear Text
key chain cbtme
key 1
key-string cbtme
int f0/0
isis authen mode text level-2
isis authen key-chain cbtme
MD5
key chain cbtme
key 1
key-string cbtme
int f0/0
isis authen mode md5 level-2
isis authen key-chain cbtme
Note that by default, IS-IS instances in regular IOS run in Single Topology mode, while IOS XR
IS-IS instances run in Multi Topology mode. These modes are not compatible with each other and must
be configured to match
11
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
Example :
interface FastEthernet0/0
ip router isis
ipv6 router isis
!
router isis
net 49.0001.0000.0000.0001.00
is-type level-2-only
passive-interface Loopback0
The following commands should be typed on all routers , which allow the network admin to have
independent control over ISIS metrics from each of the Protocols (isis for ipv4 , isis for ipv6)
router isis
address-family ipv6
multi-topology
Example :
interface FastEthernet0/0.23
isis metric 20
!
interface FastEthernet0/0.24
isis ipv6 metric 20
!
router isis
metric-style wide
!
address-family ipv6
multi-topology
12
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
Terminology:
13
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
14
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
BGP Slow
Not supported Overload Bit
Convergence Support
DIS is preempt, new router with higher
Designated Router
DR is not preempt, priority will take over and become the
Preemptive
new active DIS
Unrecognized LSA Not flooded ignored but flooded
Summarization at ASBR and ABR at ASBR and L1/L2 router
MD5 (IPSEC AH,ESP for cleartext and md5, separate
authentication
OSPFv3) authentication for Hello and LSP
all interface default to 10, and can be
changed to max 64. total metrics for the
default metrics is reference is
network is 1023. For larger network, use
metrics 100Mbps, it can be changed to
wide metric. Route leaking between areas
other number
require narrow and wide metric, MPLS-
TE supports wide metric only
any areas, level 1 or level 2 or level 1-2
anywhere except in stub area.
routers. default to internal route, can be
default to O2 external route
changed to external route, metric of 64 is
Redistribution (IGP metric is ignored), can be
added to external route. internal route is
changed to O1 route, O1 is
recommended. wide metric does not use
preferred over O2
external route
P2P, broadcast, P2MP,P2MP
Network Types P2P, Broadcast
nonbroadcast, NBMA
There are four types of LSPs: Level 1
Link State Packet pseudonode, Level 1 nonpseudonode,
Many, LSA 1,2,3,4,5,7
Types Level 2 pseudonode, and Level 2
nonpseudonode
The IS-IS backbone is a contiguous
Backbone Area area 0 collection of Level 2-capable routers,
each of which can be in a different area
Source for above table : https://ccdewiki.wordpress.com/2013/07/05/ospf-and-is-is-comparison/
15
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
ISIS does not have a backbone area as such (like OSPF) , Instead the backbone is the contiguous
collection of Level-2 capable routers
ISIS area borders are on links, not routers
ISPs usually only use one area Multiple areas only come into consideration once the network is
several hundred routers big
NET begins with 49 “Private” address range
Scaling Issues
Areas vs. single area
Use areas where sub-optimal routing is not an issue areas with one single exit point
Start with L2-only everywhere Future implementation of level-1 areas will be easier Backbone
continuity is ensured from star
16
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
Tell the IS to ignore LSP's with an incorrect data-link checksum,rather than purge them
Purging LSP's with a bad checksum causes the initiating IS to regenerate that LSP, which could overload
the IS if perpetuated in a cycle So rather than purge them, ignore them.
ignore-lsp-errors
17
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
show clns
Shows the global CLNS status as seen on the router, e.g
show clns neighbors
Shows the neighbour adjacencies as seen by the router
show clns interface
Shows the CLNS status on a router interface
Show clns protocol
Displays the status of the CLNS protocol on the router
show clns traffic
Shows CLNS traffic statistics and activity for the network
show isis database
Shows the ISIS link state database
show isis rib
display paths for a specific route or for all routes under a major network that are stored in the IP local
Routing Information Base (RIB)
show isis topology
display a list of all connected routers in all areas
show isis fast-reroute
display information about (IS-IS) Fast Reroute (FRR) configurations
show isis hostname
display the router-name-to-system-ID mapping table entries for an System (IS-IS) router
18
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
on-startup
(Optional) Sets the overload bit upon the system starting up. The overload bit remains set for the
number of seconds configured or until BGP has converged, depending on the subsequent argument or
keyword specified.
seconds
(Optional) When the on-startup keyword is configured, causes the overload bit to be set upon system
startup and remain set for the specified number of seconds. The range is from 5 to 86400 seconds.
wait-for-bgp
(Optional) When the on-startup keyword is configured, causes the overload bit to be set upon system
startup and remain set until BGP has converged.
suppress
(Optional) Causes the type of prefix identified by the subsequent keyword or keywords to be
suppressed.
interlevel
(Optional) When the suppress keyword is configured, prevents the IP prefixes learned from another IS-IS
level from being advertised.
external
(Optional) When the suppress keyword is configured, prevents the IP prefixes learned from other
protocols from being advertised.
This command forces the router to set the overload bit (also known as the hippity bit) in its non
pseudonode link-state packets (LSPs). Normally, the setting of the overload bit is allowed only when a
router runs into problems. For example, when a router is experiencing a memory shortage, it might be
that the link-state database is not complete, resulting in an incomplete or inaccurate routing table. By
setting the overload bit in its LSPs, other routers can ignore the unreliable router in their SPF
calculations until the router has recovered from its problems.
The result will be that no paths through this router are seen by other routers in the IS-IS area. However,
IP and Connectionless Network Service (CLNS) prefixes directly connected to this router will still be
reachable.
This command can be useful when you want to connect a router to an IS-IS network but do not want
real traffic flowing through it under any circumstances. Examples situations are as follows:
19
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
•A router configured as an LSP flooding server, for example, on a nonbroadcast multiaccess (NBMA)
network, in combination with the mesh group feature.
•A router that is aggregating virtual circuits (VCs) used only for network management. In this case, the
network management stations must be on a network directly connected to the router with the set-
overload-bit command configured.
Unless you specify the on-startup keyword, this command sets the overload bit immediately.
In addition to setting the overload bit, you might want to suppress certain types of IP prefix
advertisements from LSPs. For example, allowing IP prefix propagation between Level 1 and Level 2
effectively makes a node a transit node for IP traffic, which might be undesirable. The suppress keyword
used with the interlevel or external keyword (or both) accomplishes that suppression while the overload
bit is set.
Examples
The following example sets the overload bit upon startup and until BGP has converged, and suppresses
redistribution between IS-IS levels and suppresses redistribution from external routing protocols while
the overload bit is set:
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
ip router isis
router isis
net 49.0001.0000.0000.0001.00
set-overload-bit on-startup wait-for-bgp suppress interlevel external
20
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
IS-IS Labs
On Lab 1 I will use the following topology with the following pre-configuration:
R1
int f0/0
ip add 10.125.125.1 255.255.255.0
no sh
int loop0
ip add 1.1.1.1 255.255.255.255
R5
int f0/0
ip add 10.125.125.5 255.255.255.0
no sh
int loop0
ip add 5.5.5.5 255.255.255.255
R2
int f0/0
ip add 10.125.125.2 255.255.255.0
no sh
int loop0
ip add 2.2.2.2 255.255.255.255
int s1/0
ip add 10.23.23.2 255.255.255.0
no sh
int f0/1
ip add 20.20.20.2 255.255.255.0
no sh
router ospf 1
router-id 0.0.0.2
network 20.20.20.2 0.0.0.0 are 0
21
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R3
int f0/0
ip add 10.34.34.3 255.255.255.0
no sh
int loop0
ip add 3.3.0.3 255.255.255.0
int loop1
ip add 3.3.1.3 255.255.255.0
int loop 2
ip add 3.3.2.3 255.255.255.0
int loop 3
ip add 3.3.3.3 255.255.255.0
int s1/0
ip add 10.23.23.3 255.255.255.0
no sh
int f0/1
ip add 30.30.30.3 255.255.255.0
no sh
router eigrp 100
no au
network 30.30.30.3 0.0.0.0
R4
int f0/0
ip add 10.34.34.4 255.255.255.0
no sh
int loop0
ip add 4.4.4.4 255.255.255.255
OSPF-R
int f0/0
ip add 20.20.20.20 255.255.255.0
no sh
int loop 0
ip add 192.168.2.20 255.255.255.0
router ospf 1
router-id 0.0.0.20
network 0.0.0.0 255.255.255.255 area 0
EIGRP-R
int f0/0
ip add 30.30.30.30 255.255.255.0
no sh
int loop 0
ip add 192.168.3.30 255.255.255.0
router eigrp 100
no au
network 192.168.3.30 0.0.0.0
network 30.30.30.30 0.0.0.0
22
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R1
int f0/0
ip router isis
int loop0
ip router isis
router isis
net 49.0125.1111.1111.1111.00
passive-interface loop0
R5
int f0/0
ip router isis
int loop0
ip router isis
router isis
net 49.0125.5555.5555.5555.00
passive-interface loop0
R2
int f0/0
ip router isis cbtme
int loop0
ip router isis cbtme
router isis cbtme
net 49.0125.2222.2222.2222.00
int s1/0
ip router isis cbtme
23
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R3
int s1/0
ip router isis
int range loop0 - 3
ip router isis
int f0/0
ip router isis
router isis
net 49.0034.3333.3333.3333.00
R4
int loop0
ip router isis
int f0/0
ip router isis
router isis
net 49.0034.4444.4444.4444.00
Verifications
24
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
25
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
26
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R3 20 R2 Fa0/0 ca02.0bbc.0008
R4 30 R2 Fa0/0 ca02.0bbc.0008
R5 --
Any router consider himself L1 & L2 router and build one database for each , even when they all
belong to same area such as R1 , R5 and R2 in area 49.0125
R2 is connected to R3 which is exist in different area , area 49.0034 , R2 here automatically consider
the link between him and R2 as L2 only since its connect to router in different area .
As you can see we need to optimize internal routers a little bit since R1,R5 & R4 is not connect to any
other routers in different areas so Build L2 database is waste of time & resources .
27
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R5
router isis
is-type level-1
Notice that R5 is level 1 now and injected with default route from R1 & R2 ( the closest L1/L2 routers)
Let’s change R1 to L1
R1
router isis
is-type level-1
R5#clear isis *
Now R5 is getting default route from R2 only (the only L1/L2 router he knows)
28
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R2
int f0/0
isis circuit-type level-1
We should do the same for R4 and make it L1 and R3 int f0/0 as L1 but will keep it like that for later
practicing
As we can see by default IS-IS router support receive and send Narrow Metrics
We can make the router support Wide Metric which is important for MPLS TE
29
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
Also we can make router support wide metric and receive narrow metric same time , by adding
"transition" keyword
"transition" keyword will be useful if we have routers need to work with wide metric but still need to
process narrow metric (but not generate them)
int f0/0
isis hello-interval 2
isis hello-multiplier 4
Notice that unlike OSPF two ISIS neighbors can have differnt hello/dead timers
Now let’s redistribute OSPF and EIGRP into IS-IS and vice versa , in R2 & R3
R2
router ospf 1
redis isis cbtme subnets
!
router isis cbtme
redis ospf 1
R3
router eigrp 100
redis isis metric 10000 100 255 1 1500
!
router isis
redis eigrp 100
30
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R3
router isis
summary-address 3.3.0.0 255.255.0.0 ?
level-1 Summarize into level-1 area
level-1-2 Summarize into both area and sub-domain
level-2 Summarize into level-2 sub-domain
metric Set metric for summay route
tag Set tag
in R2 since we used wide metric I can change metric for this loopback 0 interface to 16777215 and
Excludes a link or adjacency from the shortest path first (SPF) calculation.
int loop0
isis metric maximum
31
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R5 chosen as DIS since he had higher router-id let’s change this to make R2 is the DIS
R2
int f0/0
isis priority 127
As we can see R1 not have any routes from R3 since he is L1 router and use Default route to reach
other routers such as R3
R2
access-list 1 permit 3.3.3.0 0.0.0.255
route-map RL permit 10
match ip add 1
router isis cbtme
redis isis ip level-2 into level-1 route-map RL
do clear isis *
32
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
int s1/0
no ip add
encap frame
int s1/0.12 multi
ip add 10.12.12.1 255.255.255.0
fram map ip 10.12.12.2 100 b
fram map ip 10.12.12.1 100
ip router isis
router isis
net 49.0001.1111.1111.1111.00
is-type level-2-only
R2
int f0/0
ip add 10.23.23.2 255.255.255.0
ip router isis
isis circuit-type level-1
int loop 0
ip add 2.2.2.2 255.255.255.0
ip router isis
int s1/1
no ip add
encap frame
int s1/1.12 multi
ip add 10.12.12.2 255.255.255.0
fram map ip 10.12.12.1 200 b
fram map ip 10.12.12.2 200
ip router isis
33
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
router isis
net 49.0023.2222.2222.2222.00
is-type level-1-2
R3
int f0/0
ip add 10.23.23.3 255.255.255.0
ip router isis
int loop 0
ip add 3.3.3.3 255.255.255.0
ip router isis
router isis
net 49.0023.3333.3333.3333.00
is-type level-1
FRSW
frame-relay switching
interface Serial1/0
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 100 interface Serial1/1 200
!
interface Serial1/1
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 200 interface Serial1/0 100
no neighbors found !!
34
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
That is because IS-IS over frame relay will need special treatment since the CLNS data must also be
mapped. Let’s fix it:
R1
int s1/0.12
fram map clns 100 b
R2
int s1/1.12
fram map clns 200 b
Another issue we should take care of is what if we change R1 int s1/0 mtu to 2000
int s1/0
sh
mtu 2000
no sh
When isis router send hello packet it pads the packet up to default MTU size
R2 will have problem to handle hello messages come from R1
R1
int s1/0.12
clns mtu 1500
Now R1 will make sure to send hello messages as 1500 default
Disable IIH padding is best practice because on high speed links, it may strain huge buffers; and on low
speed links, it may waste bandwidth and affect other time sensitive applications, e.g., voice.
Disabling IIH padding is safe because IOS will still pad the first 5 IIH'sto the full MTU to aid in the
discovery of MTU mismatches.
35
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R1
ipv6 uni
int f0/0
ip add 10.12.12.1 255.255.255.0
ipv6 add 2001:10:12:12::1/64
no sh
int loop 0
ip add 1.1.1.1 255.255.255.255
ipv6 add 2000:1:1:1::1/128
R2
ipv6 uni
int f0/0
ip add 10.12.12.2 255.255.255.0
ipv6 add 2001:10:12:12::2/64
no sh
int loop 0
ip add 2.2.2.2 255.255.255.255
ipv6 add 2000:2:2:2::2/128
int f0/1
ip add 10.23.23.2 255.255.255.0
ipv6 add 2001:10:23:23::2/64
no sh
int f1/0
ip add 10.24.24.2 255.255.255.0
ipv6 add 2001:10:24:24::2/64
no sh
36
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R3
ipv6 uni
int f0/1
ip add 10.23.23.3 255.255.255.0
ipv6 add 2001:10:23:23::3/64
no sh
int f1/1
ip add 10.34.34.3 255.255.255.0
ipv6 add 2001:10:34:34::3/64
no sh
int f0/0
ip add 10.36.36.3 255.255.255.0
ipv6 add 2001:10:36:36::3/64
no sh
int loop 0
ip add 3.3.3.3 255.255.255.255
ipv6 add 2000:3:3:3::3/128
R4
ipv6 uni
int f1/0
ip add 10.24.24.4 255.255.255.0
ipv6 add 2001:10:24:24::4/64
no sh
int f1/1
ip add 10.34.34.4 255.255.255.0
ipv6 add 2001:10:34:34::4/64
no sh
int loop0
ip add 4.4.4.4 255.255.255.255
ipv6 add 2000:4:4:4::4/128
int f0/1
ip add 10.46.46.4 255.255.255.0
ipv6 add 2001:10:46:46::4/64
no sh
int f0/0
ip add 10.45.45.4 255.255.255.0
ipv6 add 2001:10:45:45::4/64
no sh
R5
ipv6 uni
int loop 0
ip add 5.5.5.5 255.255.255.255
ipv6 add 2000:5:5:5::5/128
int f0/0
ip add 10.45.45.5 255.255.255.0
ipv6 add 2001:10:45:45::5/64
37
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
no sh
int f1/0
ip add 10.56.56.5 255.255.255.0
ipv6 add 2001:10:56:56::5/64
no sh
R6
ipv6 uni
int loop 0
ip add 6.6.6.6 255.255.255.255
ipv6 add 2000:6:6:6::6/128
int f1/0
ip add 10.56.56.6 255.255.255.0
ipv6 add 2001:10:56:56::6/64
no sh
int f0/1
ip add 10.46.46.6 255.255.255.0
ipv6 add 2001:10:46:46::6/64
no sh
int f0/0
ip add 10.36.36.6 255.255.255.0
ipv6 add 2001:10:36:36::6/64
no sh
Let’s first enable ipv4 and ipv6 IS-IS using single topology
R1
int f0/0
ip router isis
ipv6 router isis
router isis
net 49.0001.1111.1111.1111.00
is-type level-2-only
passive-interface loop0
R2
int f0/0
ip router isis
ipv6 router isis
int f0/1
ip router isis
ipv6 router isis
int f1/0
ip router isis
ipv6 router isis
38
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
router isis
net 49.0001.2222.2222.2222.00
is-type level-2-only
passive-interface loop0
R3
int f0/0
ip router isis
ipv6 router isis
int f0/1
ip router isis
ipv6 router isis
int f1/1
ip router isis
ipv6 router isis
router isis
net 49.0001.3333.3333.3333.00
is-type level-2-only
passive-interface loop0
R4
int f0/0
ip router isis
ipv6 router isis
int f0/1
ip router isis
ipv6 router isis
int f1/1
ip router isis
ipv6 router isis
int f1/0
ip router isis
ipv6 router isis
router isis
net 49.0001.4444.4444.4444.00
is-type level-2-only
passive-interface loop0
R5
int f0/0
ip router isis
ipv6 router isis
int f1/0
ip router isis
ipv6 router isis
39
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
router isis
net 49.0001.5555.5555.5555.00
is-type level-2-only
passive-interface loop0
R6
int f0/0
ip router isis
ipv6 router isis
int f1/0
ip router isis
ipv6 router isis
int f0/1
ip router isis
ipv6 router isis
router isis
net 49.0001.6666.6666.6666.00
is-type level-2-only
passive-interface loop0
40
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
I2 2001:10:45:45::/64 [115/30]
via FE80::C802:13FF:FE38:8, FastEthernet0/0
I2 2001:10:46:46::/64 [115/30]
via FE80::C802:13FF:FE38:8, FastEthernet0/0
I2 2001:10:56:56::/64 [115/40]
via FE80::C802:13FF:FE38:8, FastEthernet0/0
As we can see all routers have full ipv4 & ipv6 reachability
Now I want to check the path R1 will use to reach R5 loopback0 ipv4 address & ipv6 address
R1#traceroute 5.5.5.5 num
R1#traceroute 2000:5:5:5::5
41
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
As we can see in above output that ipv4 and ipv6 traffic must follow the same path throughout the
network, because SPT (shortest path tree) for each is the same.
Also notice that both ipv4 ipv6 using same metric.
as we saw R1 using the path R2-R4 to reach R5 loop0 ipv4 address & also ipv6 address and since we
did not change the default metric 10 under any interface , IS-IS behavior here was like RIP , he choose
the shortest hops count path.
42
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
Now let’s assume that we want ipv4 keep using this path to reach R5 loop0 but for ipv6 we want to
use R2-R3-R6 to reach R5 loop 0.
In this case we will need Multi topology to be enabled , so we can change the metric under some
interfaces for ipv6 while keep metric on same interface the same for ipv4
In all routers
router isis
metric-style wide
add ipv6
multi-topology
R2
int f1/0
isis ipv6 metric 20
R4
int f1/0
isis ipv6 metric 20
int f0/0
isis ipv6 metric 20
int f0/1
isis ipv6 metric 20
int f1/1
isis ipv6 metric 20
R5
int f0/0
isis ipv6 metric 20
Now IPv6 path changed to use R2-R3-R6 to reach R5 while IPv4 Remain using R2-R4 let’s check:
R1#traceroute 2000:5:5:5::5
1 2001:10:12:12::2 208 msec * 124 msec
2 2001:10:23:23::3 276 msec 304 msec 216 msec
3 2001:10:36:36::6 332 msec * 200 msec
4 2001:10:56:56::5 400 msec 320 msec 488 msec
43
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R1
int loop 0
ip add 1.1.1.1 255.255.255.255
int f0/0
ip add 10.12.12.1 255.255.255.0
no sh
ip router isis
router isis
net 49.0012.1111.1111.1111.00
passive-interface loop0
R2
int loop 0
ip add 2.2.2.2 255.255.255.255
int f0/0
ip add 10.12.12.2 255.255.255.0
no sh
ip router isis
int f0/1
ip add 10.23.23.2 255.255.255.0
no sh
ip router isis cbtme
router isis
net 49.0012.2222.2222.2222.00
passive-interface loop0
44
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
R3
int loop 0
ip add 3.3.3.3 255.255.255.255
int f0/0
ip add 10.23.23.3 255.255.255.0
no sh
ip router isis cbtme
Area null: < our frist area created tagged with null since we did not give it specific tag name
System Id Type Interface IP Address State Holdtime Circuit Id
R1 L1 Fa0/0 10.12.12.1 UP 26 R2.01
R1 L2 Fa0/0 10.12.12.1 UP 28 R2.01
Area cbtme:
System Id Type Interface IP Address State Holdtime Circuit Id
R3 L1 Fa0/1 10.23.23.3 UP 8 R3.01
Note: we can use Multi Instance to Hide part of our network and isolate it , we will need to use redis
with route-map to let part of this isolate network communicate with outside network.
45
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
Basic Configuration
interface GigabitEthernet0/3/0/2
address-family ipv4 unicast
!
address-family ipv6 unicast
!
end
Now, let us commit our changes.
RP/0/7/CPU0:R1(config-isis)#commit
RP/0/7/CPU0:R1(config-isis)#exit
RP/0/7/CPU0:R1(config)#exit
46
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
BFD
router isis 1
int g0/1/0/0
bfd minimum-interval 250
bfd multipler 3 bfd fast-detect ipv4
Autehntication
router isis 1
int g0/1/0/0
hello-password text cbtme
router isis 1
int g0/1/0/0
hello-password hmac-md5 cbtme
Route Leaking
route-policy ISIS_ROUTE_LEAKING
if destination in (3.3.3.3/32, 4.4.4.4/32) then
pass
endif
end-policy
!
router isis 1
address-family ipv4 unicast
propagate level 2 into level 1 route-policy ISIS_ROUTE_LEAKING
Single topology
47
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
router isis 1
is-type level-2-only
net 49.0001.0000.0000.0019.00
address-family ipv6 unicast
single-topology
!
interface Loopback0
passive
address-family ipv6 unicast
address-family ipv6 unicast
!
interface GigabitEthernet0/1/0/0.519
address-family ipv4 unicast
address-family ipv6 unicast
!
interface GigabitEthernet0/1/0/0.619
address-family ipv4 unicast
address-family ipv6 unicast
!
interface POS0/6/0/0
address-family ipv4 unicast
address-family ipv6 unicast
Multi topology
router isis 1
address-family ipv4 unicast
metric-style wide
!
address-family ipv6 unicast
metric-style wide
no single-topology
48
IS-IS Study Guide Cisco IOS, IOS-XR By CCIE / CCSI: Yasser Auda
Resources:
http://ieoc.com/forums/t/5373.aspx
http://www.cisco.com/c/en/us/td/docs/ios/iproute_isis/command/reference/irs_book/irs_is1.html#wp
1010942
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book/ospf-
i1.html#wp1334838385
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_isis/configuration/15-mt/irs-15-mt-
book.html
ftp://ftp.monash.edu.au/pub/bretel/cisco/Routing%20Workshop/routing-workshop2/
http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/1cfisis.html
http://rekrowten.wordpress.com/2013/09/30/learn-is-is-basic-configuration-part-1/
http://www.ciscopress.com/articles/article.asp?p=31319&seqNum=4
http://www.ciscopress.com/store/is-is-network-design-solutions-9781578702206
http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/1cfisis.html
http://www.fryguy.net/2012/09/21/ios-xr-isis/
Good Luck
CCIE / CCSI: Yasser Auda
https://www.facebook.com/YasserRamzyAuda
https://learningnetwork.cisco.com/people/yasser.r.a?view=documents
https://www.youtube.com/user/yasserramzyauda
49