Introduction to IS-IS

ISP Workshops

These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license
(http://creativecommons.org/licenses/by-nc/4.0/)

Last updated 3 rd August 2019 1

Acknowledgements
p This material originated from the Cisco ISP/IXP Workshop
Programme developed by Philip Smith & Barry Greene

p Use of these materials is encouraged as long as the source is fully

acknowledged and this notice remains in place

p Bug fixes and improvements are welcomed

n Please email workshop (at) bgp4all.com

Philip Smith 2
IS-IS
p Intermediate System to Intermediate System
p ISO 10589 specifies OSI IS-IS routing protocol for
ConnectionLess-mode Network Services (CLNS) traffic
n A Link State protocol with a 2 level hierarchical architecture
n Type/Length/Value (TLV) options to enhance the protocol
p RFC 1195 added IP support
n Integrated IS-IS
n I/IS-IS runs on top of the Data Link Layer

3
IS-IS
p Known as a Link State Routing Protocol
n The other link state routing protocol is OSPF
n Each node in the network computes the map of connectivity through the
network
n Both use Edsger Dijkstra’s algorithm for producing shortest path tree through
a graph
p Dijkstra, E. W. (1959). “A note on two problems in connexion with graphs”.
Numerische Mathematik 1: 269–271
p The other type of Routing Protocol is Distance Vector
n Like Cisco’s EIGRP or RIP
n Each node shares its view of the routing table with other nodes

4
IS-IS
p Routers with IS-IS enabled on them look for neighbouring routers
also running IS-IS
n Hello Protocol Data Units (PDUs) are exchanged
n The “Hello” packet includes the list of known neighbours, and details such as
“hello interval” and “router dead interval”
p Hello interval – how often the router will send Hellos
p Router dead interval – how long to wait before deciding router has disappeared
p The values of “hello interval” and “router dead interval” do not need to match on
both neighbours (unlike for OSPF)
n When a neighbouring router responds with matching details, a neighbour
relationship is formed

5
IS-IS Neighbour Relationships
p A relationship is formed between neighbouring routers for
the purpose of exchanging routing information
n This is called an ADJACENCY

6
IS-IS Adjacencies
p Once an adjacency is formed, neighbours share their link state
information
n Information goes in a Link State PDU (LSP)
n LSPs are flooded to all neighbours
p New information received from neighbours is used to compute a
new view of the network
p On a link failure
n New LSPs are flooded
n The routers recompute the routing table

7
IS-IS across a network
p All routers across the network form neighbour relationships with
their directly attached neighbours
p Each router computes the routing table
p Once each router has the same view of the network, the network
has converged
p The IGP design for a network is crucially important to ensure
scalability and rapid convergence
p Generally: the fewer the prefixes, the faster the convergence

8
IS-IS Levels
p IS-IS has a 2 layer hierarchy
n Level-2 (the backbone)
n Level-1 (the edge)
p A router can be
n Level-1 (L1) router
n Level-2 (L2) router
n Level-1-2 (L1L2) router
p Most small to medium networks (up to ~500 routers) are
happily using just Level-2

9
IS-IS
p IS-IS is multiprotocol
n Integrated IS-IS carries CLNS and IPv4 address families
n RFC5308 adds IPv6 address family support
n RFC5120 adds multi-topology support
p IS-IS extended to carry IPv6 prefixes
n Either sharing topology with IPv4
p When IPv4 and IPv6 topologies are identical
n Or using “multi-topology”, independent of IPv4
p Allows incremental rollout of IPv6

10
Links in IS-IS
p Two types of links in IS-IS:
n Point-to-point link
p Only one other router on the link, forming a point-to-point adjacency
n Multi-access network (e.g. ethernet)
p Potential for many other routers on the network, with several other adjacencies
p IS-IS in multi-access networks has optimisations to aid scaling
n One router is elected to originate the LSPs for the whole multi-access
network
n Called “Designated Intermediate System”
n Other routers on the multi-access network form adjacencies with the DIS

11
Designated IS
p There is ONE designated router per multi-access network
n Generates network link advertisements
n Assists in database synchronization
n Scales IS-IS for multi-access (ethernet) networks

Designated
IS

Designated 12
IS
Selecting the Designated Router
p Configured priority (per interface)
n Configure high priority on the router to be the DIS
interface gigabitethernet0/1
isis priority 127 level-2

p Else priority determined by highest MAC address

n Best practice is to set two routers to be highest priority – then in case of
failure of the DIS there is deterministic fall back to the other

e0:f8:47:1d:93:3c e0:f8:47:1d:81:32

R1 DIS R2

13

e0:f8:47:1d:93:30
Adjacencies: Examples
p To find CLNS adjacency state, use:
show clns neighbor

System Id Interface SNPA State Holdtime Type Protocol

Router2 Fa0/0 ca01.9798.0008 Up 23 L2 M-ISIS
Router3 Se1/0 *HDLC* Up 26 L2 M-ISIS

p To find IS-IS adjacency state, use:

show isis neighbor

System Id Type Interface IP Address State Holdtime Circuit Id

Router2 L2 Fa0/0 10.10.15.2 UP 24 Router2.01
Router3 L2 Se1/0 10.10.15.6 UP 27 00

14
IS-IS NSAP Address
p IP based routing protocols have a router-id to uniquely identify a router
p In IS-IS, the IS (router) is identified by a Network Entity Title (NET)
n Can be from 64 to 160 bits long
n The NET is the address of a Network Service Access Point (NSAP), identifying an
instance of IS-IS running on the IS
p ISPs typically choose NSAP addresses thus:
n First 8 bits – pick a number (usually 49)
n Next 16 bits – area
n Next 48 bits – router loopback address
n Final 8 bits – zero
p Example:
n NSAP: 49.0001.1921.6800.1001.00
n Router: 192.168.1.1 (loopback) in Area 1
15
IS-IS NSAP Address (Alternative)
p A simpler alternative, assuming a well documented ISP design
n First 8 bits – pick a number (usually 49)
n Next 16 bits – area
n Next 16 bits – PoP identifier
n Next 16 bits – Router identifier
n Final 8 bits – zero
p Example:
n NSAP: 49.0001.0009.0003.00
n Router: #3 in PoP 9 in Area 1

16
IS-IS on Cisco IOS
p Starting IS-IS in Cisco’s IOS
router isis as42
n Where “as42” is the process ID
p IS-IS process ID is local to the router
n Allows the possibility of running multiple instances of IS-IS on
one router
n The process ID is not passed between routers
n Some ISPs configure the process ID to be the same as their BGP
Autonomous System Number

17
IS-IS in Cisco IOS
p Cisco IOS default is for all routers to be L1L2
n This is suboptimal – all routers need to be L2 only
p Once IS-IS is started, other required configuration under the IS-IS
process includes:
log-adjacency-changes
n Capture adjacency changes in the system log
metric-style wide
n Set metric-style to wide
is-type level-2-only
n Set IS type to level 2 only (router-wide configuration)
net 49.0001.<loopback>.00
n Set NET address
18
Adding interfaces to IS-IS
p To activate IS-IS on an interface:
interface Gigabit 4/0
ip router isis as42

n Puts interface subnet address into the LSDB

n Enables CLNS on that interface
p To disable IS-IS on an interface:
router isis as42
passive-interface Gigabit 2/0
n Disables CLNS on that interface
n Puts the interface subnet address into the LSDB
p No IS-IS configuration for an interface
n No CLNS run on interface, no interface subnet in the LSDB 19
IS-IS interface costs
p All interfaces have a default metric of 10
n Fine for a uniform network, but most backbones have different link capacities
between routers & PoPs
n Many operators set default metric to 100000
p Many operators develop their own interface metric strategy
isis metric 100 level-2
n Sets interface metric to 100
n Care needed as the sum of metrics determines the best path through the
network
p IS-IS chooses lowest cost path through a network
p IS-IS will load balance over paths with equal total cost to the same
destination
20
IS-IS Metric Calculation
p Best path/lowest cost = 11
5Mbps 2Mbps
5 10
10 1
2Mbps 10Mbps

21
IS-IS Metric Calculation
p Best path/lowest cost = 11
5Mbps 2Mbps
5 10
10 1
2Mbps 10Mbps

p Equal cost paths = 15

5Mbps 2Mbps
5 10
14 1
1.3Mbps 10Mbps

22
IS-IS Neighbour Authentication
p Neighbour authentication is highly recommended
n Prevents unauthorised routers from forming neighbour relationships and
potentially compromising the network

p Create a suitable key-chain

key chain isis-as42
key 1
key-string <password>
!

n There can be up to 255 different keys in each key chain

23
IS-IS Neighbour Authentication
p Apply key-chain per interface:
interface Gigabit 4/0
isis authentication mode md5 level-2
isis authentication key-chain isis-as42 level-2
!

p Apply key-chain to IS-IS process (all interfaces):

router isis as42
authentication mode md5 level-2
authentication key-chain isis-as42 level-2
!

24
Originating a Default Route (IPv4)
p How to always originate a default route into IS-IS:
router isis as42
default-information originate

p Originate a default route into IS-IS only if a default route exists in

the RIB from BGP:
ip access-list standard BGP-NH
permit <ebgp neighbor address>
!
ip prefix-list DEFAULT-ROUTE permit 0.0.0.0/0
!
route-map DEFAULT-ORIG permit 10
match ip address prefix-list DEFAULT-ROUTE
match ip next-hop BGP-NH
!
router isis as42
default-information originate route-map DEFAULT-ORIG
25
Originating a Default Route (IPv6)
p How to always originate a default route into IS-IS:
router isis as42
address-family ipv6
default-information originate

p Originate a default route into IS-IS only if a default route exists in

the RIB from BGP:
ipv6 access-list BGP-NHv6
permit ipv6 host <ebgp neighbor link-local address> any
!
ipv6 prefix-list DEFAULT-v6ROUTE permit ::/0
!
route-map DEFAULT-ORIGv6 permit 10
match ipv6 address prefix-list DEFAULT-v6ROUTE
match ipv6 next-hop BGP-NHv6
!
router isis as42
address-family ipv6
26
default-information originate route-map DEFAULT-ORIGv6
IS-IS on Point-to-Point Ethernet
p IS-IS on point-to-point ethernet:
n DIS election is not needed on a point-to-point link – so it is
disabled, which is more efficient
interface Gigabit 4/0
isis network point-to-point
n As DIS election is independent of IP, the above command is
generic – there is no need for an IPv6 equivalent

27
Handling IPv6 in IS-IS
p To add IPv6 support in IS-IS:
interface Gigabit 4/0
ipv6 router isis as42

p Topologies:
n For single topology, nothing else is required
n For multi-topology, include:
router isis as42
address-family ipv6
multi-topology

28
Conclusion
p IS-IS is a Link State Routing Protocol
p Quick and simple to get started
n But has a myriad of options and features to cover almost all
types of network topology
n ISPs keep their IS-IS design SIMPLE
n >500 routers running in L2 is entirely feasible

29
Introduction to IS-IS
ISP Workshops

30