sábado, 9 de febrero de 2008

Semestre 1 CCNP, Módulo 7

Module 7: IS-IS


In recent years, the Intermediate System-to-Intermediate System (IS-IS) routing protocol has become increasingly popular, with widespread usage among Service Providers. IS-IS enables very fast convergence and is very scalable. It is also a very flexible protocol and has been extended to incorporate leading edge features such as Multiprotocol Label Switching Traffic Engineering (MPLS/TE).

The features of IS-IS include the following:

* Hierarchical routing
* Classless behavior
* Rapid flooding of new information
* Fast Convergence
* Very scalable
* Flexible timer tuning

The Cisco IOS implementation of IS-IS also supports the following features:

* Multi-area routing
* Route-leaking
* Overload-bit

IS-IS is an Open System Interconnection (OSI) routing protocol originally specified by International Organization for Standardization (ISO) 10589. IS-IS is a dynamic, link-state, intradomain, interior gateway protocol (IGP). The protocol is designed to operate in an OSI Connectionless Network Service (CLNS) environment. CLNS is a network layer standard that is part of the OSI protocol suite. IS-IS selects routes based upon a cost metric assigned to links in the IS-IS network. The cost is an arbitrary value assigned by a network engineer as the value of the path to a neighbor router.

A two-level hierarchy is used to support large routing domains. A large domain can be administratively divided into areas. In IS-IS, each router is referred to as an Intermediate System (IS). Each system resides in exactly one area. Routing within an area is referred to as Level 1 routing. Routing between areas is referred to as Level 2 routing. A Level 2 IS keeps track of the paths to destination areas. A Level 1 IS keeps track of the routing within its own area. For a packet destined for another area, a Level 1 IS sends the packet to the nearest Level 2 IS in its own area, regardless of the level of the destination area. Then the packet travels by way of Level 2 routing to the destination area, where it may travel by way of Level 1 routing to the destination. It should be noted that selecting an exit from an area based on Level 1 routing to the closest Level 2 IS might result in suboptimal routing.

On broadcast multi-access media, a Designated Intermediate System (DIS) is elected and conducts the flooding over the media. The DIS is analogous to the designated router in OSPF, even though the details including the election process and adjacencies within a multi-access media differ significantly. The DIS is elected by priority. The highest priority becomes the DIS. This is configurable on an interface basis using the isis priority command. In the case of a tie, the router with the highest subnetwork point-of-attachment address (SNPA) will become the DIS. In the case of Ethernet, the SNPA address is just the MAC address.

All of these concepts are discussed in this module, beginning with an introduction to OSI protocols.

7.1 IS-IS Fundamentals

7.1.2 OSI terminology

In an OSI network, four significant architectural entities exist. The entities are hosts, areas, a backbone, and a domain. A domain is any portion of an OSI network that is under a common administrative authority. Within any OSI domain, one or more areas can be defined. An area is a logical entity. An area is formed by a set of contiguous routers and the data links that connect them. All routers in the same area exchange information about all the hosts that they can reach. The areas are connected to form a backbone. All routers on the backbone know how to reach all areas. The term end system (ES) refers to any non-routing host or node. The term intermediate system (IS) refers to a router. These terms are the basis for the OSI ES-IS and IS-IS protocols.

A Network Service Access Point (NSAP) is a conceptual point on the boundary between the network and the transport layers. The NSAP is the location at which OSI network services are provided to the transport layer. Each transport layer entity is assigned a single NSAP. In an OSI network, the NSAP is the address used to identify a network entity. The last byte in an NSAP identifies a process on the device, similar to a port or socket in TCP/IP.

A network entity title (NET) is an NSAP where the last byte is 0 (zero). The NET is used to identify a device. Therefore, each router would have a unique NET address.

A Subnetwork Point of Attachment (SNPA) is the point at which subnetwork services are provided. This is the equivalent of the Layer 2 address corresponding to the Layer 3, NET or NSAP, address. This is usually a MAC address on a LAN or Virtual Circuit ID in X.25, Frame Relay, or ATM.

A circuit is an interface. A link is the path between two neighbor ISs and is defined as being "up" when communication is possible between the two neighbors’ SNPAs.

7.1.3 ES-IS and IS-IS

ISO has developed standards for two types of network protocols used in routing. These two protocols are ES-IS and IS-IS. The ES-IS discovery protocols are used for routing between end systems and intermediate systems. The IS-IS routing protocols are used for hierarchical routing between intermediate systems.

ES-IS is an analogous to Address Resolution Protocol (ARP) in IP. Although not technically a routing protocol, ES-IS is included here because it is commonly used with routing protocols to provide end-to-end data movement through an internetwork. Routing between end systems and intermediate systems is sometimes referred to as Level 0 routing.

With IS-IS routing, OSI distinguishes between Level 1, Level 2, and Level 3 routing to simplify router design and operation. Level 1 ISs communicate with other Level 1 ISs in the same area. Level 2 ISs route between Level 1 areas and form an intradomain routing backbone. Level 3 routing is done between separate domains. Hierarchical routing simplifies backbone design, because Level 1 ISs only need to know how to get to the nearest Level 2 IS.


Each ES lives in a particular area. OSI routing begins when the ESs discover the nearest IS by listening to Intermediate System Hello (ISH) packets. When an ES wants to send a packet to another ES, it sends the packet to one of the ISs on its directly attached network. This is Level 0 routing. The router then looks up the destination address and forwards the packet along the best route. If the destination ES is on the same subnetwork, the local IS will know this from listening to End System Hello (ESH) packets and will forward the packet appropriately. The IS also might provide a redirect message back to the source to tell it that a more direct route is available. If the destination address is an ES on another subnetwork in the same area, the IS will know the correct route and will forward the packet appropriately. If the destination address is an ES in another area, the Level 1 IS sends the packet to the nearest Level 2 IS for Level 2 routing. Forwarding through Level 2 ISs continues until the packet reaches a Level 2 IS in the destination area. Within the destination area, ISs forward the packet along the best path until the destination ES is reached.

7.1.4 Integrated IS-IS

For routing in the ISO CLNS environment, Cisco routers support the IS-IS routing protocol. Routers usually operate as ISs and can exchange reachability information with other ISs using the IS-IS protocol. As an IS, a Cisco router can operate at Level 1 only, at Level 2 only, or at both levels. When operating at both levels, the router can advertise itself at Level 1 as an exit point from the area. Integrated IS-IS allows the IS-IS protocol to propagate routing information for protocols other than CLNP. IS-IS can route CLNP, IP, or both when in dual mode. IS-IS is the dynamic link-state routing protocol for the OSI protocol stack. As such, IS-IS distributes routing information for routing CLNP data for the ISO CLNS environment. When IS-IS is used strictly for the ISO CLNS environment, it is referred to as ISO IS-IS.

Integrated IS-IS is an implementation of the IS-IS protocol for routing multiple network protocols. Integrated IS-IS tags CLNP routes, upon which IS-IS bases its link-state database, with information regarding IP networks and subnets. IS-IS provides an alternative to OSPF in the IP world, mixing ISO CLNS and IP routing in one protocol. Again, IS-IS can be used purely for IP routing, purely for ISO routing, or for a combination of the two.

Integrated IS-IS is deployed extensively in an IP only environment in the top tier Internet service provider (ISP) networks. The IS-IS working group of the Internet Engineering Task Force (IETF) developed the specification for Integrated IS-IS in RFC 1195. Integrated IS-IS differs from the approach taken by IS-IS routing. In IS-IS routing, completely independent routing protocols are used for each of the two protocol suites. Integrated IS-IS uses a single integrated protocol for interior routing. A network can contain routers that all run the Integrated IS-IS routing protocol to support intradomain exchange of routing information. This network environment can be IP-only, ISO CLNP-only, or both. The single integrated protocol is used for calculating routes within a routing domain for both protocol suites.


IS-IS was originally designed for routing DECnet Phase V and was subsequently adopted for ISO CLNP. DECnet is a routed protocol, like IP, IPX, and AppleTalk, used in Digital Equipment Corporation networking. IS-IS was proposed for use with TCP/IP in the late 1980s and early 1990s. IS-IS was ultimately specified for this context in RFC 1195, "Use of OSI IS-IS for Routing in TCP/IP and Dual Environments".

IS-IS is one of the few protocols that provide an integrated framework for concurrent processing of more than one network layer protocol. Other routing protocols, such as OSPF, usually support routing for only one type of Layer 3 protocol. This module will focus mostly on the use of IS-IS in an IP environment.

IS-IS was not designed specifically for routing IP. However, its successful widespread deployment for IP routing on the Internet has led the IETF to revisit RFC 1195. The point is to incorporate proprietary features outside the scope of 1195 designed to improve usability and to provide flexibility and scalability. MPLS traffic engineering stands out as a recent technology that has driven advances in IS-IS feature sets, possibly vendor-specific.

The integrated IS-IS protocol provides dynamic routing for an IP and ISO internetworking environment. Integrated IS-IS has the following features:

* Uses ISO IS-IS to distribute routing information
* Provides ISO and IP routing services
* Routes only within one ISO domain
* Provides link-state distribution of routing information
* Based on the shortest-path-first routing algorithm

Integrated IS-IS provides IP routing with the following capabilities by:

* Defining links with IP addresses, subnets, and metrics
* Forward IP routing information within the PDUs of the ISO IS-IS packets
* Configuring an area to support IP or both IP and CLNP


For routing in the ISO CLNS environment, Cisco routers also support static CLNS routes as well as the proprietary ISO IGRP routing protocol. ISO IGRP is, as its name suggests, based on Cisco’s Interior Gateway Routing Protocol (IGRP). It uses distance vector technology to propagate routing information. As such, ISO IGRP shares some of the limitations of its IP counterpart, including long convergence times. This is due to periodic updates and long invalid times and hold times.

7.1.5 OSPF versus IS-IS

The configuration of OSPF is based on a central backbone, Area 0, with all other areas being physically attached to Area 0. Because of this, certain design constraints will inevitably exist. A good, consistent IP addressing structure is necessary when this type of hierarchical model is used. It is used to summarize addresses into the backbone, and reduce the amount of information that is carried in the backbone and advertised across the network. In comparison, IS-IS also has a hierarchy with Level 1 and Level 2 routers. With IS-IS, the area borders lie on the links. However, significantly fewer link-state PDUs (LSPs) are used. Therefore, many more routers, up to 1000, can reside in a single area. This capability makes IS-IS more scalable than OSPF. IS-IS allows a more flexible approach to extending the backbone. Adding Level 2 routers can extend the backbone. This process is less complex than with OSPF.

With regard to CPU use and the processing of routing updates, IS-IS is more efficient. Not only are there fewer LSPs to process, as compared to OSPF LSAs, but also the mechanism by which IS-IS installs and withdraws prefixes is less intensive.

Both OSPF and IS-IS are link-state protocols and therefore provide fast convergence. The convergence time depends on a number of factors, such as timers, number of nodes, and types of routers. Based on the default timers, IS-IS will detect a failure quicker than OSPF and therefore should converge more rapidly. If there are many neighbors and adjacencies to consider, the convergence time depends on the processing power of the router. IS-IS is typically less CPU intensive than OSPF. –

The timers in IS-IS allow more tuning than OSPF. There are more timers to adjust, and therefore finer granularity can be achieved. By tuning the timers, convergence time can be significantly decreased. However, this speed may be at the expense of stability, so a compromise may have to be made. A network engineer should understand the implications of adjusting these timers.

7.2.1 NSAPs

OSI network layer addressing is implemented by using two types of hierarchical addresses, NSAP and NET.

The NSAP address identifies any system in an OSI network. Various NSAP formats are used for various systems. Different protocols may use different representations of the NSAP.

The NSAP address is the network layer address for CLNS packets. As with DECnet Phase V, one NSAP address is used for each device, not for each interface. LSPs, Hello PDUs, and other routing PDUs are OSI formatted PDUs. Therefore, every IS-IS router requires an OSI address. IS-IS uses the OSI address in the LSPs to identify the router, build the topology table, and build the underlying IS-IS routing tree. NSAP addresses contain the OSI address of the device and provide a link to upper-layer processes. The NSAP address can be thought of as equivalent to the combination of an IP address and upper-layer protocol identifier in an IP header.

An NSAP address consists of three parts. They are the area address, the system ID, and the NSAP selector byte. The total length is between eight and 20 bytes. The area address is a variable length field composed of high order octets, excluding the system ID and the selector byte. The system ID is the ES or IS identifier in an area, similar to the OSPF router ID. In the Cisco IOS implementation of OSI addressing, the system ID has a fixed length of six bytes. The N-selector byte is a service identifier. The role of N-selector byte is analogous to that of a port or socket in TCP/IP.

Cisco routers can route CLNS data that uses addressing conforming to the ISO 10589 standard. The fields specified in this standard are as follows:

* Authority and Format ID (AFI) – One byte, actually a binary value between 0 and 99, used to specify the IDI format and DSP syntax of the address and the authority that assigned the address.
* Inter-Domain ID (IDI) – Identifies the domain.
* Inter-Domain Part (IDP) – Consists of the AFI and IDI together. This is roughly equivalent to a classful IP network, in decimal format.
* High-Order DSP (HODSP) – Used for subdividing the domain into areas. This is roughly equivalent to a subnet in IP.
* System ID – Identifies an individual OSI device. In OSI, a device has an address, just as it does in DECnet, while in IP an interface has an address.
* NSAP-Selector (NSEL) – Identifies a process on the device. It is roughly equivalent to a port or socket in TCP/IP. The NSEL is not used in routing decisions.
* Domain-Specific Part (DSP) – Comprised of the HODSP, the system ID, and the NSEL in binary format.

IS-IS uses a simple two-layer architecture. IS-IS joins the IDP and HODSP together and treats them as the Level 2 area ID, with the remaining system ID used for Level 1 routing. Restated, in IS-IS, everything to the left of the system ID is used as the area ID. The minimum length of this area ID is a single byte. The maximum is the remaining 13 bytes permitted by the ISO standard. Therefore, an NSAP for an IS-IS network could be as little as eight bytes in length. The length is normally longer so as to permit some granularity in the allocation of areas.

There are three NSAP formats that are defined by ISO 8348/Ad2. The first is a simple 8-byte area ID and system ID format. The second is an OSI NSAP format, and the third is a Government OSI Profile (GOSIP) NSAP format. Cisco supports all NSAP formats that are defined by ISO 8348/Ad2.

7.2.2 NETs

An NSAP address with an NSEL value of 00 is used to identify the device itself, which is the network address of the device. In this case, the NSAP is known as a NET. So a NET is determined by the area ID and system ID.

All router NETs have an N-selector of 00, implying the network layer of the IS itself. The 00 indicates there is no transport layer entity associated with this address. For this reason, the NSAP of a router is always referred to as a NET. The NSEL is like a TCP port number.

Routers are identified with NETs of 8 to 20 bytes. ISO/IEC 10589 distinguishes only three fields in the NSAP address format. These three fields are a variable-length area address beginning with a single octet, a system ID, and a 1-byte N-selector. Cisco implements a fixed length of six bytes for the system ID, which is similar to the OSPF router ID.

In general, the big difference between NSAP style addressing and IP style addressing is that there will be a single NSAP address for the entire router. However, with IP there will be one IP address per interface.

The following are some guidelines for NETs:

* All ISs and ESs in a routing domain must have system IDs of the same length.
* All routers in an area must have the same area address.
* All Level 2 routers must have a unique system ID domain wide.
* All Level 1 routers must have a unique system ID area wide.
* All ESs in an area will form an adjacency with a Level 1 router on a shared media segment if they share the same area address.
* If multiple NETs are configured on the same router, they must all have the same system ID.

The NET is used by routers to identify themselves in the LSPs and forms the basis for OSI route calculation. Addresses starting with value 49, AFI = 49, are considered as private addresses. Private addresses are analogous to those specified by RFC 1918 for IP addresses. These addresses are routed by IS-IS. However, this group of addresses should not be advertised to other CLNS networks.

Addresses starting with AFI values of 39 and 47, respectively, represent ISO Data Country Code and ISO International Code Designator. RFC 941 allocated NSAP addresses. The division of the global network addressing domain according to IDI format is shown in Figure . The numbers in the left column of Figure are the AFI values for each division.

It is possible to configure multiple NETs on a router, but no router is ever in more than one area. Configuring multiple NETs causes the areas to merge into a common area, leaking the Level 1 databases into each other. The only reasons to have multiple NETs are for splitting, merging, or renumbering areas. This method should only be used in periods of transition. Using multiple NETs is analogous to using secondary addresses with IP. Cisco limits the number of configurable NETs to three per router.

7.2.3 ISO addressing with Cisco routers

NETs and NSAPs are comprised entirely of hexadecimal digits and must start and end on a byte boundary.

Cisco IOS interprets the NSAP address, from the right-hand end. The last byte is the NSEL and must be specified as a single-byte length preceded by a . (period). A NET definition must set the N-Selector to ’00’.

The preceding six bytes form the system ID. The IOS fixes this length at six bytes. It is customary to code either a Media Access Control (MAC) address from the router or an IP address, such as a loopback address, into the system ID. With Integrated IS-IS, a loopback IP address is commonly used for this purpose. In this case, the system ID is obtained by converting a loopback address: → → 1921.6811.1003.

The rest of the address is treated by IOS as the area ID. The area ID can be as small as one byte and as large as 13 bytes. It is customary to use three bytes for the area ID field, with an AFI of one byte. The one byte AFI of 47 is shown in the example in Figure . The two additional bytes for the area ID are shown in Figure as 0001. The effective area ID in this example is 47.0001. The IOS will attempt to summarize the area ID as far as possible. For example, if an IS-IS network is organized with major areas subdivided into minor areas, and this is reflected in the area ID assignments, then the IOS will do the following:

* Between minor areas, base the route on the whole area ID
* Between major areas, summarize into the area ID portion up to the major area boundary

The following two examples illustrate the use of NSAP addresses with the Cisco IOS:

Example 1: NSAP 47.0001. aaaa.bbbb.cccc.00

Here, the IS-IS area ID is 47.0001. The system ID is aaaa.bbbb.cccc. The NSAP selector byte is 00.

Example 2: NSAP 39.0f01.0002. 0000.0c00.1111.00

Here, the IS-IS area ID is 39.0f01.0002. The system ID is 0000.0c00.1111. The NSAP selector byte is 00.

7.2.4 Identifying systems in IS-IS

The router assigns a circuit ID of one octet to each interface on the router. In the case of point-to-point interfaces, this is the sole identifier for the circuit, for example 03.

In the case of LAN interfaces, the circuit ID is tagged to the end of the system ID of the designated IS to form a 7-byte LAN ID. For example, 1921.6811.1001.03.

The SNPA is taken from one the following, depending on the type of interface:

* MAC address on a LAN interface
* Virtual circuit identifier for X.25 or ATM
* Data link connection identifier (DLCI) for Frame Relay

For interfaces using High-Level Data Link Control (HDLC) encapsulation, the SNPA will be HDLC.

For convenience, the NET restrictions listed in Section 7.2.2 for devices used in IS-IS routing are repeated here as follows:

* All ISs and ESs in a routing domain must have system IDs of the same length. Cisco fixes the system ID length at six bytes.
* All ISs in an area must have the same area address. This defines the area.
* All ESs and Level 1 ISs must have a unique system ID area-wide. Level 1 routing is based on system IDs.
* All Level 2 ISs must have a unique system ID domain wide. It is recommended that, in general, all system IDs remain unique across a domain. That way there can never be a conflict at Level 1 or Level 2 if a device is moved into a different area.
* All ESs in an area will form an adjacency with a Level 1 IS on a shared media segment if they share the same area address. ESs recognize only ESs and ISs on the same subnetwork that share the same area address.
* If multiple NETs are configured on the same IS, they must all have the same system ID.

The following are several techniques used for creating unique system IDs:

* Start numbering 1, 2, 3, 4, and so on.
* Use MAC addresses.
* Convert and use the loopback IP address, -> -> 1921.6801.1001. This is how most ISPs define system IDs.

The practice of using a modified loopback IP address as the system ID is becoming outdated due to the dynamic hostname feature available in Cisco IOS releases beginning with 12.1.

IS-IS and ES-IS PDUs contain variable-length fields, depending on the function of the PDU. Each field contains a type code and length, followed by the appropriate values. For that reason, the abbreviation TLV is used for Type, Length, and Value fields. The dynamic hostname feature is specified in RFC 2763. This RFC defines a new TLV, TLV 137, to map the hostname of the router to the System ID. The name to system ID mapping information is then included in the LSP. In the LSP flooding process, a dynamic distribution of the hostname to System ID mappings takes place. This prevents having to maintain a huge database of static mappings for system IDs on all the IS-IS routers. Maintaining such a database has been a very real issue faced by ISPs running Integrated IS-IS.

Finally, when routing CLNS, request an official NSAP address for use in addressing areas. When only routing IP, just use AFI 49, then the area numbering appears as 49.0001, 49.0002, 49.0003, and so on.

The 1-byte N-selectors are set to 00, indicating these are NETs. The 6-byte system IDs are unique across the network. Additionally, the 3-byte area IDs are common to each area and distinct between areas. –

7.3.1 High-level view of IS-IS operation

From a high level, IS-IS operates as follows:

* Routers running IS-IS will send Hello packets out all IS-IS enabled interfaces to discover neighbors and establish adjacencies.
* Routers sharing a common data link will become IS-IS neighbors if their Hello packets contain information that meets the criteria for forming an adjacency. The criteria differ slightly depending on the type of media being used, whether point-to-point or broadcast. The main criteria are matching authentication, IS-type, and MTU size.
* Routers may build a LSP based upon their local interfaces that are configured for IS-IS and prefixes learned from other adjacent routers.
* Routers flood LSPs to all adjacent neighbors except the neighbor from which they received the same LSP. However, there are different forms of flooding and also a number of scenarios in which the flooding operation may differ.
* All routers will construct their link-state database from these LSPs.
* A shortest-path tree (SPT) is calculated by each IS, and from this SPT the routing table is built.

7.3.2 OSI PDUs

The OSI stack defines a unit of data as a PDU. A frame is therefore regarded by OSI as a data-link PDU. There are three types of PDUs with 802.2 Logical Link Control encapsulation. From these it can be seen that the IS-IS and ES-IS PDUs are encapsulated directly in a data-link PDU while CLNP data packets contain a full CLNP header between the data-link header and any higher layer CLNS information. The IS-IS and ES-IS PDUs contain variable-length fields, depending on the function of the PDU. Each field contains a type code, a length, and then the appropriate values. For this reason, the abbreviation TLV is used for Type, Length, and Value fields. The TLV fields contain the following information:

* The neighbor ISs for the router, these are used to build the map of the network
* The neighbor ESs for the router
* Authentication information, used to secure routing updates
* Attached IP subnets, if running Integrated IS-IS.

IS-IS PDUs are encapsulated directly into an OSI data-link layer frame. There is no CLNP header and no IP header. The IS-IS protocol family is OSI, and values such as 0xFE and 0xFEFE are used by the data-link protocol to identify the Layer 3 protocol as OSI. This module focuses on the OSI PDUs specific to IS-IS.

There are four categories of IS-IS PDUs:

* Hello PDU (ESH, ISH, IS-IS Hello [IIH]) – Used to establish and maintain adjacencies. ESHs are sent from ESs to ISs. ISHs are sent from ISs to ESs. IIHs are sent between ISs. Note that ESH and ISH PDUs are ES-IS PDUs, not IS-IS PDUs.
* LSP – Used by IS-IS to distribute link-state information. There are independent pseudonode and non-pseudonode LSPs for both Level 1 and Level 2.
* Complete Sequence Number PDU (CSNP) – CSNPs contain a list of links known by the router. CSNPs are used to inform other routers of LSPs that may be outdated or missing from their own database. This ensures that all routers have the same information and are synchronized. The packets are similar to an OSPF database description packet. The IS-IS CSNP interval can be configured for an interface.
* Partial Sequence Number PDU (PSNP) – Used to acknowledge and request link-state information.

There are nine IS-IS PDU types. The value codes 1 through 10 are defined in ISO 10589, and 128 through 133 are defined in RFC 1195. TLV Code 133, for authentication information, is specified in RFC 1195, but Cisco technology uses the ISO Code of 10 instead. TLV Code 4 is used for partition repair and is not supported by Cisco technology.

7.3.3 IS-IS hello messages

The following information is included in IIH PDUs:

* Type of PDU – whether the PDU is a point-to-point WAN PDU or a LAN PDU.
* Source ID – System ID of the sending router
* Holding time – Time period to wait to hear a Hello before declaring the neighbor dead. Similar to the OSPF dead interval, the default value is three times the Hello interval but can be changed with the isis Hello-multiplier command.
* Circuit type – Circuit type indicating whether the interface on which the PDU was sent is Level 1, Level 2, or Level 1 and Level 2.
* PDU length – Length of PDU packets
* Circuit ID – Local circuit ID on the sending interface, in point-to-point Hello PDUs
* LAN ID – System ID of the Designated Intermediate System (DIS) plus the pseudonode ID, one-byte circuit ID, to differentiate LAN IDs on the same DIS. On broadcast multiaccess media, LANs, a DIS is elected and will conduct the flooding over the media. The DIS is analogous to the Designated Router in OSPF, even though the election process and the definition of adjacencies on multiaccess media differ significantly. The DIS is elected by priority, the highest priority becomes the DIS. Priority is configurable on an interface basis. In the case of a tie, the router with the highest SNPA address will become the DIS. Unlike OSPF, there is no backup DIS. The DIS and pseudonode are discussed in Section 7.3.7.
* Priority – Higher priority takes precedence. Used in DIS election in LAN Hello PDUs. There is no DIS election on a point-to-point link.

IS-IS LAN Hello fields are described as follows:

* Intradomain Routing Protocol discriminator – The network layer identifier assigned to IS-IS in ISO 9577. The binary value is 10000011 (0x83).
* Length indicator – This is the length of the fixed header in octets.
* Protocol ID Ext – It currently has value of one (1).
* ID length – Length of the system ID field. This must be the same for all nodes in the domain. If this is set to zero, it implies six octets.
* PDU Types – Values are 15 and 16 for Level 1 and Level 2 LSPs, respectively.
* Version – Value is one (1).
* Maximum area addresses – Number of area addresses permitted for this IS area. Values are between 1 and 254 for actual number. Zero implies maximum of three.
* Reserved/circuit type – Top six bits reserved. Bottom two bits with a value = 0 indicates reserved, with a value = 1 indicates Level 1, with a value = 2 indicates Level 2, and with a value = 3 indicates Level 1 and 2.
* Source ID – System ID of transmitting router.
* Holding time – Holding time as configured on this router.
* PDU length – Length of the entire PDU, fixed header, and TLVs.
* Reserved/priority – Bit eight (8) reserved. Bit one (1) is used for priority for being the Level 1 or Level 2 DIS. Value is copied from the IIH of the DIS.
* LAN ID – A field composed of the system ID of the DIS, one to eight bytes, plus a low order octet assigned by the LAN Level 1 DIS.

Notice the variable type length fields at the bottom of the packet. This is where the TLV information is stored. Different types of PDUs have a set of currently defined codes. Any codes that are not recognized are supposed to be ignored and passed through unchanged.

By default, IS-IS Hellos are padded to the full maximum transmission unit (MTU) size. The benefit of padding IIHs to the full MTU is the early detection of errors caused by transmission problems with large frames or MTU mismatches on adjacent interfaces. The drawbacks of IIH padding are, on high-speed interfaces it could be a strain on huge buffers and on low-speed interfaces large Hello PDUs waste bandwidth. This could affect time-sensitive applications such as voice over IP (VoIP). The padding of IS-IS Hellos can be turned off for all interfaces on a router, beginning with IOS Release 12.0(5)T, with the no Hello padding command in IS-IS router configuration mode. The padding of IS-IS Hellos can be turned off selectively for point-to-point or multipoint interfaces with the no Hello padding multipoint or the no Hello padding point-to-point command, respectively, in IS-IS router configuration mode. Hello padding can also be turned off on an individual interface basis using the no isis Hello padding interface configuration command.

7.3.4 IS-IS link-state PDU (LSP) formats

The contents of the TLV fields include the following:

* The neighbor ISs for the router, these are used to build the map of the network
* The neighboring router ESs for the router
* Authentication information, used to secure routing updates
* Attached IP subnets, if running Integrated IS-IS

The complete list of LSP fields for Level 1 and Level 2 PDUs, is as follows:

* Intradomain Routing Protocol discriminator – This is the network layer identifier assigned to IS-IS in ISO 10589. Its binary value is 10000011, hexadecimal 0x83.
* Length indicator – Length of the fixed header in octets.
* Protocol ID Ext – Currently has value of one (1).
* ID length – Length of the system ID field. Must be the same for all nodes in the domain. If set to zero, it implies six (6) octets.
* PDU types – Assumes decimal value. For example, values of 17, 18, and 20 are for point-to-point, Level 1, and Level 2 LSPs, respectively.
* Version – Value is one (1).
* Maximum area addresses – Number of area addresses permitted for this IS area. Values are between 1 and 254 for actual number. 0 (zero) implies a maximum of three.
* PDU length – Length of the entire PDU, fixed header, and TLVs.
* Remaining lifetime – Time in seconds before LSP expires. Used to age out LSPs. Outdated and invalid LSPs are removed from the topology table after a suitable period. It is a count-to-zero operation with a default 1200 second start value, or MaxAge. If the remaining lifetime expires, the first router that notices purges the LSP, removes the LSP body, keeps the LSP header, and sets the age to zero. It floods this modified LSP in the usual way throughout the network. Zero lifetime LSPs are newer than non-zero lifetime LSPs. After awhile, all routers remove the purged LSP from their LSP database.
* LSP ID – Consists of three components. There are the system ID, pseudonode ID, and the LSP fragmentation number. The pseudonode ID is 0 (zero) for a router LSP. Length is ID length plus 2 bytes.
* Sequence number – Used for synchronization. Higher sequence number indicates newer LSP. Enables receiving routers to ensure they use only the latest LSPs in their route calculations. Used to avoid duplicate LSPs being entered into the topology tables.
o When there is a change, the sequence number is incremented and a new version of the LSP is generated with the new sequence number.
o When a router reloads, the sequence number is set initially to one (1). The router may then receive its own old LSPs back from its neighbors, which will have the last good sequence number before the router reloaded. It records this number and reissues its own LSPs with the next highest sequence number.
* Checksum – Checksum is computed from Source ID to end of PDU. Used to detect LSP corruption during flooding. It may be that the Layer 2 CRC is not sufficient for error checking. Corruption happens in routers and switches. The checksum is computed upon receipt of LSP and checked against the checksum inside the LSP. If corrupt, LSP is dropped and sender retransmits. If two LSPs have the same LSP ID, the same sequence number, and the same remaining lifetime, the LSP with the highest checksum is kept. This guarantees consistent LSP databases across the network. This scenario can happen after a router reboots or is reconnected to the network.
* Partition (P) – Bit 8 of the octet. When set, means originator of LSP supports partition repair.
* Attached Bit (ATT) – Bits 4 through 7 of the octet. When any of these bits is set, it indicates the originator is attached to another area using the referred metric. For example, bit 4 set implies attached using the default metric. Set in the Level 1 LSP by an L1L2 router if it has connectivity to another area, it will indicate to the area routers, Level 1, that it is a potential exit point of the area. Level 1 routers select the closest, best metric Level 2 router with the ATT-bit set.
* LSPDBOL (Overload Bit) – Bit 3. When set, it indicates the originator's LSP database is overloaded and should be circumvented in path calculations to other destinations. Indicates that the router has an incomplete LS database, and therefore cannot be trusted to computer any correct routes. Used in the LSP database, but topology behind it is not calculated. Therefore, other routers do not compute routes that would require the PDU to pass through the overloaded router. An exception to this is ES neighbors since these paths are guaranteed to be non-looping.
* IS type – Bits 1 and 2 used to indicate Level 1 or Level 2 LSP type. When only bit 1 is set it indicates Level 1 IS. If both are set, it indicates Level 2 IS.

Section 9 of RFC 1142, a rewrite of ISO 10589, gives details about the packet layouts for each type of IS-IS PDU. It also gives the TLV information supported for each type. The first eight octets of all IS-IS PDUs are header fields that are common to all PDU types. The Level 1 and Level 2 LAN Hello PDUs are identical, except for the PDU type, which differentiates them as either Level 1 or Level 2. – It also shows that the point-to-point Hello PDU is very similar to the Level 1 and Level 2 LAN Hello PDUs.

The lengths for the various ID fields in the PDUs, the LSP ID, source ID, and so on, all assume that the length of the system ID is fixed at six (6) bytes. Under the column for the number of octets in Figure , an 8 would mean ID length + 2, a 7 would mean ID length + 1, and a 6 would mean ID length. Try not to confuse the value of the ID length variable with the size of the ID length field, which is fixed at one byte. The CLNS protocol allows the system ID, part of the NSAP address, to vary from three to eight bytes. However, in practice a six-byte system ID is always used, ID length = 0. If the ID length field is 0 (zero), it means that the system ID is using the default length of six bytes.

7.3.5 IS-IS routing levels

An IS-IS network is termed a domain, analogous to an autonomous system (AS) in TCP/IP. The following shows IS-IS within the domain as a two-level hierarchy:

* Level 1 (L1) ISs, closely equivalent to OSPF internal non-backbone routers, are responsible for routing to ESs inside an area. L1 ISs enable communication between ESs in an area.
* Level 2 (L2) ISs, closely equivalent to backbone routers in OSPF, route between areas only.
* Level 1 and Level 2 (L1L2) Intermediate ISs, closely equivalent to area border routers (ABRs) in OSPF, route between areas and the backbone. They participate in the L1 intra-area routing and the L2 inter-area routing.

L1 routers are also referred to as station routers because they enable stations to communicate with each other and the rest of the network. A contiguous group of L1 routers defines an area. The L1 routers maintain the L1 link-state PDU database (LSPD), which defines the picture of the area itself and the exit points to neighboring areas.

L2 routers are also referred to as area routers because they interconnect the L1 areas. L2 routers store a separate LSPD, which contains only the inter-area topology information.

L1L2 routers act as if they were two IS-IS routers. Physically, an L1L2 router connects to L1 routers inside its area and to L2 routers in the backbone. Notice that the boundary between areas in IS-IS exists on a link between routers and not on an ABR itself, as in OSPF. Logically, the L1L2 router acts, for the purposes of IS-IS routing, as if it were two logical routers. An L1L2 router operates an L1 routing process, with its own L1 topology table and adjacency table, to handle its association with other L1 routers and ESs. An L1L2 router also operates an L2 routing process, with a separate L2 topology table and a separate L2 adjacency table, to handle its association with its neighbor backbone routers.

L1L2 routers support an L1 function to communicate with the other L1 routers in their area and maintain the L1 LSP information in an L1 LSPD. They inform other L1 routers that they are an exit point for the area. They also support an L2 function to communicate with the rest of the backbone and maintain an L2 topology database separately from their L1 LSPD. IS-IS does not share the concept of an Area 0 with OSPF. An IS-IS domain appears as a set of distinct areas interconnected by a chain of L2 routers, weaving their way through and between the Level 1 areas.

An L1 area is a collection of L1 and L1L2 routers. The backbone area is a collection of L2 and L1L2 routers and has to be contiguous. IS-IS does not have a backbone area like OSPF Area 0. The IS-IS backbone is a contiguous collection of L2 capable routers, each of which can be in a different area.


By default, all Cisco routers behave as L1L2 routers. This default behavior can be overridden by using one or both of the is-type, router global config mode, and isis circuit-type, interface config mode, commands.

Useful examples of the L1, L2, and L1L2 concepts are discussed in this section. Area 1 contains two routers. One router borders Area 2 and therefore is an L1L2 IS. The other router is L1 only.

Area 2 has many routers. Some routers are specified as L1 only and can route internally to that area only and to the exit points. L1L2 routers form a chain across the area linking to the neighbor areas. Even though the middle of these three L1L2 routers does not link directly to another area, it must support Level 2 routing so the backbone is contiguous. If that middle router fails then the other L1 only routers, though providing a physical path across the area, could not perform the L2 function. This will cause the backbone to fail.

Area 3 contains one router that borders Area 2 and Area 4, but has no intra-area neighbors, so this router is an L2 only router. In the event that another router is added to Area 3, the border router would revert to L1L2.


Previously, each Cisco router could participate in only one area. The router would perform L1, intra-area, routing locally. The router would perform L2, inter-area, routing to other areas in the network. This limitation meant that when the network was divided into a large number of L1 areas, a correspondingly large number of L1L2 routers were required to route between all areas. The need for redundancy increases the number of routers needed. With IOS release 12.0(5)T, support was added for configuration of multiple L1 areas within a single router. A single Cisco router can now participate in routing in up to 29 areas, as well as perform L2 routing in the backbone. Restated, expansion of an IS-IS network consisting of many small areas is simpler than before because multiple L1 areas can now be configured on the same Cisco router. This is possible without needing to add and configure physical units for each additional local area. This feature provides connectivity between L1 areas local to the router. Previously, L1 areas could only be connected using the L2 backbone. However, it should be emphasized that multiarea support per IS was introduced in later implementations of IS-IS to accommodate OSI telecommunications management networks needs. This functionality is generally not useful or recommended for IP network design.

7.3.6 IS-IS adjacencies

IS-IS uses Hello PDUs to establish adjacencies with other routers (ISs) and ESs. Hello PDUs carry information about the system, its parameters, and its capabilities.

ISs use IIHs to establish and maintain neighbor relationships. Once an adjacency is established, the ISs exchange link-state information with LSPs.

ISs also send out ISHs. ESs listen for these ISHs and randomly pick an IS, the first one heard, to forward all their packets to. OSI ESs require no configuration to forward packets to the rest of the network.

ISs listen to the ESHs and learn about all the ESs on a segment. ISs include this information in their LSPs. For particular destinations, ISs may send redirect messages to ESs to provide them with an optimal route off the segment.

Now consider adjacencies between ISs. Separate adjacencies are established for Level 1 and Level 2. If two neighboring routers in the same area run both Level 1 and Level 2, they will establish two adjacencies, one for each level. The L1 and L2 adjacencies are stored in separate L1 and L2 adjacency tables.

On LANs, two adjacencies are established with specific L1 and L2 IIH PDUs. Routers on a LAN establish adjacencies with all other routers on the LAN with the same area ID and level. This is unlike OSPF, where routers establish adjacencies only with the Designated Router. On LANs, IS-IS PDUs are multicast to the well-known MAC addresses. IIH PDUs announce the area ID. Separate IIH PDUs announce the Level 1 and Level 2 neighbors. For example, where a LAN has routers from two areas attached, the routers from one area accept Level 1 IIH PDUs only from their own area. Therefore, they only establish adjacencies with their own area routers. The routers from a second area similarly accept Level 1 IIH PDUs only from their own area. The L2 routers, or the L2 process within any L1L2 router, accept only L2 IIH PDUs and establish only L2 adjacencies.

On point-to-point WAN links there is a common IIH format, part of which specifies whether the Hello message relates to Level 1, Level 2, or both. The area ID is also announced in the Hello messages.

By default, Hello PDUs are sent every ten seconds. The timeout to declare a neighbor down is 30 seconds, which equals three missing Hello packets. These timers can be reconfigured using the isis Hello-interval and isis Hello-multiplier interface configuration commands.

Various combinations are possible for links between L1, L2, and L1L2 routers. L1 routers in the same area, which includes links between L1 only and L1L2 routers, exchange IIH PDUs specifying L1 and establish an L1 adjacency. L2 routers, when in the same area or between areas, and including links between L2 only and L1L2 routers, exchange IIH PDUs specifying L2 and establish an L2 adjacency. Two L1L2 routers in the same area establish both L1 and L2 adjacencies. The two routers maintain these with a common IIH PDU specifying both the L1 and L2 information. Two L1 routers that may be physically connected but are not in the same area will exchange L1 IIH PDUs. This includes an L1 only to an L1L2 router in a different L1 area. However, they ignore these as the area IDs do not match. Therefore, they do not establish an adjacency.

L1 only routers establish L1 adjacencies. L2 routers establish L2 adjacencies, between areas. L1L2 routers establish both L1 and L2 adjacencies with their L1L2 neighbors in the same area. L2 adjacencies exist independent of areas and must be contiguous; for example, Area 2 is not the backbone area. The backbone in IS-IS is exactly the contiguous set of routers and connections between L2 and L1L2 routers. The backbone may traverse multiple areas.

7.3.7 Designated Intermediate Systems (DIS) and Pseudonodes (PSN)

The idea behind the Designated Intermediate System (DIS) is similar to the one behind the Designated Router (DR) in OSPF. The DIS creates and acts on behalf of a pseudonode, a virtual node. All the routers on the LAN, including the DIS, form an adjacency with the pseudonode, or PSN. Without the psuedonode, flooding and database synchronization take place between all ajacent routers, over n x (n-1) adjacencies. By using a pseudonode, flooding and database synchronization are reduced because they occur only over the adjacencies formed with the pseudonode. On a LAN, one of the routers will be elected the DIS based on interface priority. The default priority is 64. The configurable range is 0 to 127. If all interface priorities are the same, the router with the highest SNPA is selected. MAC addresses are the SNPAs on LANs. On Frame Relay networks, the local DLCI is the SNPA. If the SNPA is a DLCI and is the same at both sides of a link, the router with the higher system ID in the NSAP address will become the DIS.

A pseudonode LSP represents a LAN, including all ISs attached to that LAN. A non-pseudonode LSP represents a router, including all ISs and LANs connected with the router.

The DIS election is preemptive, unlike DR election with OSPF. If a new router with a higher interface priority boots on the LAN, that router becomes the DIS, purges the old pseudonode LSP, and a new set of LSPs will be flooded. The DIS Hello interval, at 3.3 seconds, is three times faster than the interval for other routers on the LAN. This allows for quick detection of DIS failure and immediate replacement on the LAN. Remember that there is no concept of backup DIS in IS-IS.

In IS-IS, a DIS does not synchronize LSPs with its neighbors through acknowledgments. Reliability is ensured when the DIS creates the pseudonode for the LAN. It sends L1 and L2 Hello PDUs every ten seconds and CSNPs every ten seconds. The Hello PDUs indicate that it is the DIS on the LAN for that level. The CSNPs describe the summary of all the LSPs, including the LSP ID, sequence number, checksum, and remaining lifetime. The LSPs are always flooded to the multicast address and the CSNP mechanism only corrects for any lost PDUs. For example, a router can ask the DIS for a missing LSP using a PSNP or, in turn, give the DIS a new LSP. CSNPs are used to tell other routers about all the LSPs in the database of another router. Similar to an OSPF database descriptor packet, PSNPs are used to request an LSP and acknowledge receipt of an LSP.

To restate, the DIS is responsible for conducting flooding over the LAN and also for maintaining synchronization. A router may need an LSP because it is older than the LSP advertised by the DIS in its CSNP. A router may need an LSP if it is missing an LSP that is listed in the CSNP. If either of these is the case, it will send a PSNP to the DIS and receive the LSP in return. This mechanism can work both ways. If a router sees that it has a newer version of an LSP, or it has an LSP that the DIS does not advertise in its CSNP, the router will send the newer or missing LSP to the DIS.

7.3.8 IS-IS data flow

In IS-IS, routers may have adjacencies with other routers on point-to-point links. In a LAN environment, routers report their adjacencies to the DIS, which generates an additional LSP, commonly known as the pseudonode LSP. The DIS is responsible for conducting flooding over the LAN and also for maintaining synchronization.

The flow of information within the IS-IS routing function is represented by the IS-IS data-flow diagram. This consists of four processes and a Routing Information Base (RIB). The RIB consists of the link-state database and the forwarding database. The four processes in the IS-IS data-flow diagram are receive, update, decision, and forward.

The receive process is the entry point for all data, including user data, error reports, routing information, and control packets. The receive process passes user data and error reports to the forward process. It passes routing information and control packets, such as Hello messages, LSPs, and sequence number packets, to the update process.

The update process generates local link information that is flooded to adjacent routers. In addition, the update process receives, processes, and forwards link information received from adjacent routers. This process manages the L1 and L2 link-state databases and floods L1 and L2 LSPs throughout an area. Each LSP that resides in the link-state database has a remaining lifetime, a checksum, and a sequence number. The LSP remaining lifetime counts down from 1200 seconds to 0 (zero). Twenty minutes is the MaxAge. The LSP originator must periodically refresh its LSPs to prevent the remaining lifetime from reaching 0 (zero). The refresh interval is 15 minutes, with a random jitter of up to 25 percent. If the remaining lifetime reaches 0 (zero), the expired LSP will be kept in the database for an additional 60 seconds before it is purged. This additional 60 seconds is known as ZeroAgeLifetime. If a router receives an LSP with an incorrect checksum, the router will cause a purge of the LSP. The router does this by setting the remaining lifetime value to 0 (zero), removing the LSP data, and reflooding it. This triggers the LSP originator to send a new LSP. This behavior is different from that of OSPF, where only the originating router can purge an LSP. IS-IS can be configured so that LSPs with incorrect checksums are not purged, but the router that originated the LSP will not know that the LSP was not received.

The decision process runs the shortest path first (SPF) algorithm on the link-state database, and creates the forwarding database. It computes next-hop information and computes sets of equal-cost paths, creating an adjacency set that is used for load balancing. On a Cisco router, IS-IS supports load balancing over and up to six equal-cost paths.

The forward process gets its input from the receive process and uses the forwarding database to forward data packets toward their destination. It also redirects load sharing and generates error reports.

7.3.9 LSP flooding and synchronization

The following are the two types of link-state PDUs:

* Non-pseduonode PDUs – represents a router, including all ISs and LANs connected with the router.
* Pseudonode PDUs – represents a LAN, including all ISs attached to that LAN, and are generated by the DIS.

An L1 router creates an L1 LSP, an L2 router creates and L2 LSP, and an L1L2 router creates both an L1 and an L2 LSP.

The DIS creates one pseudonode LSP for L1, one for L2, and one for each LAN. The use of pseudonode LSPs reduces the number of adjacencies on a LAN and therefore reduces the flooding of LSPs on the LAN. and . The DIS will create and flood a new pseudonode LSP when the following happens:

* A new neighbor comes up or goes away
* The refresh interval timer expires

The pseudonode LSP is generated by the DIS. The DIS reports all LAN neighbors, including the DIS, in the pseudonode LSP with a metric of zero. All LAN routers, including the DIS, report connectivity to the pseudonode in their LSPs. This is similar in concept to the network LSA in OSPF. Each IS will create and flood a non-pseudonode LSP when the following happens:

* A new neighbor comes up or goes away
* New IP prefixes are inserted or removed
* The metric of a link changes
* The refresh interval timer expires

For L1 LSP databases, L1 CSNPs and L1 partial sequence number PDUs (PSNPs) are utilized. For L2 LSP databases, L2 CSNPs and L2 PSNPs are utilized. A CSNP does the following:

* Describes all LSPs in the LSP database, in range. Contains an address range, LSP ID, sequence number, checksum, and remaining lifetime.
* Used in two cases, periodic multicast by DIS, every ten seconds, and on point-to-point links when the link comes up.
* If LSP database is large, multiple CSNPs are sent.

Each router floods its LSPs to adjacent neighbors. The LSPs are passed along unchanged to other adjacent routers until all the routers in the area have received them. All the L1 LSPs received by one router in an area describe the topology of the area.

The IS-IS link-state database consists of all the LSPs the router has received. Each node in the network maintains an identical link-state database. A change in the topology means a change in one or more of the LSPs. The router that has experienced a link going up or down will resend its LSP to inform the other routers of the change. The LSP sequence number is increased by one to let the other routers know that the new LSP supersedes the older LSP. When a router first originates an LSP, the LSP sequence number is one (1). If the sequence number increases to the maximum of 0xFFFFFFFF, the IS-IS process must shut down. IS-IS must shut down for at least 21 minutes, which is the MaxAge + ZeroAgeLifetime. This allows the old LSPs to age out of all the router databases.

Flooding is the process by which these new LSPs are sent throughout the network to ensure that the databases in all routers remain identical. If the LSP database is not synchronized, routing loops might occur. When a router receives a new LSP, it floods this LSP to its neighbors, except the neighbor that sent the new LSP.

On point-to-point links, the neighbors acknowledge the new LSP with a PSNP, which holds the LSP ID, sequence number, checksum, and remaining lifetime. When the acknowledgment PSNP is received from a neighbor, the originating router stops sending the new LSP to that particular neighbor although it may continue to send the new LSP to other neighbors that have not yet acknowledged it.

On LANs there is no explicit acknowledgment with a PSNP. Missing LSPs are detected when a CSNP is received and the list of LSPs within the CSNP is compared with the LSPs in a the database of that router. If any LSPs are missing or outdated, the router will send a request for these in the form of a PSNP.

If a router receives an LSP that has an older sequence number than the one in its IS-IS database, it sends the newer LSP to the router that sent the old LSP. The router keeps resending it until it receives an acknowledgment PSNP from the originator of the old LSP.

LSPs must be flooded throughout an area for the databases to synchronize and for the SPF tree to be consistent within an area. It is not possible to control which LSPs are flooded by using a distribute list, although it is possible to use a route-map to control which routes are redistributed into IS-IS from another routing protocol.

7.3.10 LSP flooding and synchronization (continued)

New LSPs are flooded when there is a change in the topology. These changes are triggered by the following:

* Adjacency came up or went down
* Interface up/down
* Redistributed IP routes change
* Inter-area IP routes change
* An interface is assigned a new metric
* Most other configuration changes

When a new LSP is received, it is installed in the LSP database and marked for flooding. It is sent to all neighbors. Neighbors in turn flood the LSP further. Only new LSPs are flooded. Old LSPs are simply acknowledged. This is because 'state' is already maintained for this LSP, infinite looping of LSPs is avoided.

On a point-to-point link, once an adjacency is established, both ISs send a CSNP packet. Missing LSPs are sent by both ISs if they are not present in the received CSNP. Missing LSPs may be requested with a PSNP. – The ACK is communicated with a PSNP.


Point-to-point is sometimes abbreviated p2p.

On a LAN, there is a designated intermediate system (DIS). The DIS has two tasks, which are creating and updating the pseudonode LSP and flooding LSPs over the LAN. Recall that a DIS is elected for each LAN based on priority, with highest SNPA (MAC) address breaking the tie. DIS election is deterministic.

The DIS periodically, every ten seconds, sends CSNPs listing the LSPs it holds in its link-state database. This is a multicast to all IS-IS routers on the LAN. R1 compares this list of LSPs with its topology table and realizes it is missing one LSP. Therefore, it sends a PSNP to the DIS (R2) to request the missing LSP. The DIS reissues that LSP, and R2 acknowledges it with a PSNP.

7.3.11 IS-IS metrics

The original IS-IS specification defines four different types of metrics. All routers support the default metric of cost. Delay, expense, and error are optional metrics. The delay metric measures transit delay, the expense metric measures the monetary cost of link utilization, and the error metric measures the residual error probability associated with a link.

The Cisco implementation uses cost only. If the optional metrics were implemented, there would be a link-state database for each metric and SPF would be run for each link-state database.

Default Metric
Some routing protocols calculate the link metric automatically based on bandwidth. OSPF uses this method of calculation. Other routing protocols use bandwidth/delay to calculate the link metric. EIGRP uses this method. There is no automatic metric calculation for IS-IS. Using the metrics defined in the original IS-IS specification, an interface cost is between 1 and 63. This is a 6-bit metric value.


Try to avoid confusing the IS-IS metric range and default with the IS-IS priority range of 0 to 127 and default of 64.

All links use the metric of ten by default. The total cost to a destination is the sum of the costs on all outgoing interfaces along a particular path from the source to the destination. The least-cost paths are preferred. The total path metric was limited to 1023. This is the sum of all link metrics along a path between the calculating router and any other node or prefix. This small metric value proved insufficient for large networks and provided too little granularity for new features such as Traffic Engineering and other applications. This is especially true with high bandwidth links. Wide metrics are also required if route leaking is used.

Extended Metric
Cisco IOS software addresses this issue with the support of a 24-bit metric field called the wide metric. Using the new metric style, link metrics now have a maximum value of 16777215 (224 – 1) with a total path metric of 4261412864 (232 – 225). The wide metric formulation can be found in draft-ietf-isis-traffic-02.txt.

Deploying IS-IS in the IP network with wide metrics is recommended to enable finer granularity and to support applications such as Traffic Engineering. Running different metric styles within one network can cause a major problem. Link-state protocols calculate loop-free routes. This is because all routers, within one area, calculate their routing table based on the same link-state database. This principle is violated if some routers look at old narrow style, and some at new wider style TLVs. However, if the same interface cost is used for both the old and new style metrics, then SPF will compute a loop-free topology.

7.3.12 IS-IS network types

The types of networks that IS-IS defines include the following:

* Point-to-point networks
* Broadcast networks

Point-to-point networks, such as serial lines, connect a single pair of routers. A router running IS-IS will form an adjacency with the neighbor on the other side of a point-to-point interface. A DIS is not elected on this type of link. The basic mechanism defined in the standard is that each side of a point-to-point link declares the other side to be reachable if a Hello packet is received from it. When this occurs, each side then sends a CSNP to trigger database synchronization.

Broadcast networks, such as Ethernet, Token Ring, and Fiber Distributed Data Interface (FDDI), are multiaccess in that they are able to connect more than two devices. All devices connected to routers will receive a packet sent by one router. On broadcast networks, one IS will be elected the DIS. Hello packets on broadcast networks are sent to the AllL1ISs or AllL2ISs MAC-layer broadcast addresses. The DIS is responsible for flooding. It will create and flood a new pseudonode LSP for each routing level it is participating in, whether L1 or L2, and for each LAN to which it is connected. A router can be the DIS for all connected LANs or a subset of connected LANS. This depends on the configured priority or, if no priority is configured, the Layer 2 address. The DIS will also create and flood a new pseudonode LSP when a neighbor adjacency is established or torn down or the refresh interval timer for this LSP expires. The DIS mechanism reduces the amount of flooding on LANs.

Nonbroadcast multiaccess (NBMA) networks, such as Frame Relay, Asynchronous Transfer Mode (ATM), and X.25, can connect multiple devices but have no broadcast capability. All the other routers attached to the network will not receive a packet sent by a router. Special consideration should be taken when configuring IS-IS over NBMA networks. IS-IS has no concept of an NBMA network. IS-IS considers these media to be just like any other broadcast media such as Ethernet or Token Ring. In general, it is better to configure point-to-point networks for IS-IS on WAN interfaces and subinterfaces, such as with ATM, Frame Relay, and X.25.

Unlike OSPF, no configuration is necessary to tell IS-IS what the network type is.

7.3.13 SPF algorithm

After the link-state database is updated, the router still needs to populate the routing table, or forwarding table. Just as with OSPF, IS-IS uses the Dijkstra algorithm, also known as the shortest-path-first algorithm, for computing the best path to a given destination in the link-state database. This is the critical decision making process that determines what routes, of those appearing in the link-state database, will populate the routing table as IS-IS routes.

Edsger Dijkstra's SPF algorithm is used for calculating routes with the IS-IS routing protocol, for support of both TCP/IP and OSI. This is based on an extension to the algorithm specified in ISO/IEC 10589.

The SPF algorithm computes the shortest paths from a single source vertex to all other vertices in a weighted, directed graph. In the Cisco IOS implementation, the weight assigned to the branches of a tree is a configurable metric with 224 possible values for each link and 232 possible values for each path from the root to a leaf.

The SPF algorithm can also be applied to Intermediate System-to-Intermediate System (IS-IS), which is a link-state protocol. The main difference between link-state and distance vector routing protocols is that a link-state protocol provides full visibility of the network topology, and a distance vector protocol uses learned information to build forwarding tables. The visibility provided by a link-state protocol is achieved through the use of a flooding mechanism. This mechanism ensures that each router in a specified area of a network receives information that can be used to build a network map. In IS-IS this information is flooded through the use of link-state protocol data units. Each intermediate system, or router, then advertises information that pertains to itself and its links. After the information is flooded and all routers obtain the same information, the SPF algorithm is applied separately to each router. This is done to determine the topology and extract the shortest paths for each router from the root of the tree to all the leaves of the tree. This process is shown in Figure . The information derived from this process is used to create the forwarding table on the router.

7.4.1 OSI, IP, and dual

Integrated IS-IS supports the following three types of networks:

* IP
* Dual, made up of both OSI and IP

The LSPs can contain many variable-length TLV fields describing OSI and IP state information.

Integrated IS-IS LSPs describe IP information in a similar manner to the way IS-IS describes ESs. There are specific TLV types for IP information. Like all modern routing protocols, Integrated IS-IS supports the following:

* Variable-Length Subnet Masks (VLSMs): the mask is sent with the prefix in the updates
* Redistribution of IP routes into and out of IS-IS
* Summarization of IP routes

Even if Integrated IS-IS is being used only for IP routing, a NET address is required for L2 forwarding and Dijkstra algorithm computation. OSI protocols are used to form the neighbor relationship between routers. SPF calculations rely on a configured NET address to identify the routers. The remainder of this page describes IS-IS routing in a pure OSI environment. If IP routing with IS-IS is required, the same process described below still takes place. TLVs are used to carry IP routing information, enabling IP routing by way of OSI routing.

The CLNS routing table is the OSI forwarding database. To build the CLNS routing table, the synchronized link-state database is used to calculate the SPF tree to OSI destinations or NETs. The link metrics are totaled along each path to decide which is the shortest to any given destination. There are separate link-state databases for L1 and L2 routes. Therefore, SPF is run twice, once for each level, and separate SPF trees are created for each level. ES reachability is calculated with a partial route calculation (PRC) based on the L1 and L2 SPF trees. There are no OSI ESs if it is a pure IP Integrated IS-IS environment. The best paths are inserted in the CLNS routing table.

Routing inside an L1 area is based on the system ID of the destination ISO (NSAP) address. OSI packets to other areas are routed to the nearest L1L2 router. L2 routing is based on the area ID and only considers the area cost. If an L1L2 router receives a packet from an L2 neighbor destined for its own area, it will route it based on the system ID, the L1 routing.

When routing a packet from one area to another area, the L1 routers route the packet to the nearest L1L2 router. L1 routers find the closest exit point from the area, based on receipt of default routes from the L1L2 routers in their area. The L1L2 router routes the packets into the L2 backbone based on the destination area ID. The packet travels across the L2 backbone to the destination area. Once it arrives in the destination area, L1 routing is again used to route the packet to its final destination inside that area. The interface between the L1 world and the L2 world takes place on an L1L2 router. The L1L2 router behaves as if it were both an L1 router, by routing to L1 destinations, and an L2 router, by routing between areas.

An IS-IS domain is the equivalent of an IP AS. IS-IS can support the interconnection of multiple domains. In a pure OSI environment, ISO IGRP interprets the IDI portion of CLNS routes and allows routing between domains. ISO-IGRP is a Cisco proprietary. There is also a standard OSI Interdomain Routing Protocol (IDRP), specified in ISO/IEC 10747, which provides the same function, but is not supported by Cisco. IDRP is used for L3 routing in an OSI environment. This protocol has never actually been deployed in a production environment. This is because by the time the ISO formalized IDRP, IP had already "won" as the routed protocol for the Internet. The current standard for interdomain routing in an IP environment is Border Gateway Protocol (BGP) Version 4. Module 9 will discuss this further.

7.4.2 Suboptimal IS-IS routing

An L1 router knows the topology only of its own area and has L1 or L1L2 neighbors within this area. An L1 router has an L1 link-state database with all the information for intra-area routing. It uses the closest L2 capable router in its own area to send packets out of the area, a scenario that may result in suboptimal routing.

An L1L2 router that is attached to another area will set the attached bit in its L1 LSP. All the L1 ISs in an area will get a copy of this LSP and know where to forward packets to destinations outside the area. If the routers are running Integrated IS-IS, a default IP route will automatically be installed in the L1 routers pointing toward the nearest L1L2 router that set the attached bit in its L1 LSP. An L1L2 router that is not attached to another area can also detect that an L2 only neighbor is attached to another area and can set the attached bit on behalf of this L2 only neighbor. If there is more than one point to exit the area, the closest L1L2 router is selected based on the cost. If there are two equal cost paths then the traffic may load balance over the two paths.

Suboptimal routing
Assume the cost on all links is ten (10). Router A, an L1, in Area X will send all traffic destined for outside Area X to Router B, an L1L2. This is because Router B is the closest L1L2 neighbor. Router B is directly connected to Area Y. Router C, also L1L2, is in Area X and is directly connected to Area Z. Router A will send packets destined for Area Z to Router B. Because Router B, Router E, and Router C are backbone routers, Router B will send this packet to Router C through Router E for delivery into Area Z. The more optimal path would be for Router A to send the packet directly to Router C through Router D.

As a second example of suboptimal routing, Router R1 routes packets destined for Router R2 to its L1L2 router. This router looks at the destination area and routes directly into Area 2. Once in Area 2, the packets are routed as L1 to Router R2. Even though the initial next hop is another L1L2 router, the routing is still L1. Return packets from Router R2 to Router R1 are routed by R2 to its nearest L1L2 router. This router happens to see the best route to Area 1 as being by way of Area 4 and routes the return packets by a different route to the incoming packets. The path taken is not actually the least cost path from R2 to R1. Asymmetric routing, packets in different directions taking different paths, is not necessarily detrimental to the network but can make troubleshooting difficult.

A feature available since IOS release 12.0 allows L2 routes to be leaked in a controlled manner into the L1 area to help avoid this situation. All IS-IS areas are ’stub’ areas. However, with the route-leaking feature, leaking L2 routes into L1, a sort of IS-IS not-so-stubby area is created. Route leaking helps reduce suboptimal routing by providing a mechanism for leaking, or redistributing, L2 information into L1 areas. By having more detail about inter-area routes, an L1 router is able to make a better choice with regard to which L1L2 router to forward the packet. Route leaking is defined in RFC 2966 for use with the narrow metric TLV types 128 and 130. IS-IS extensions for Traffic Engineering, IETF Internet draft document draft-ietf-isis-traffic-04.txt, defines route leaking for use with the wide metric TLV type 135. Both drafts define an up/down bit to indicate whether or not the route defined in the TLV has been leaked. If the up/down bit is set to zero (0) the route was originated within that L1 area. If the up/down bit is set to one (1), the route has been redistributed into the area from L2. The up/down bit is used to prevent routing loops. An L1L2 router does not re-advertise into L2 any L1 routes that have the up/down bit set. Route leaking is configured with the IS-IS router configuration mode command redistribute isis ip level-2 into level-1 distribute-list <100-199>.

7.4.3 Intra-area and interarea Integrated IS-IS routing example

An array of useful IS-IS commands in the context of the pictured topology will be introduced and analyzed.

The show isis topology command will be explored first. The show isis topology command displays the least-cost paths to the destination NETs. The system ID shows the NET of the destination. IOS uses Dynamic Hostname Mapping, see RFC 2763, to map this system ID to a hostname, when that hostname is available to the router. The hostname of the router is included in its outgoing LSP.

The metric shows the sum of the metrics on the least-cost path to the destination. The next hop router, IS, is shown. Also shown is the interface through which that next hop is reached and the SNPA of that next hop. HDLC is shown as the next hop across a serial line. The output for Router R2 shows that separate topology databases exist for L1 and L2.

Recall that the SNPA is taken from the following:

* MAC address on a LAN interface
* Virtual Circuit ID for X.25 or ATM
* DLCI for Frame Relay
* HDLC for High-Level Data Link Control interfaces

The show clns route and show isis route commands are the next commands to be looked at. There is a common source of confusion for those learning Integrated IS-IS. That confusion comes from the frequent use of commands directly referencing CLNS, but used for the purpose of verifying and troubleshooting IP routing.

The show clns route command displays the CLNS destinations to which this router can route packets. R1 shows only its local NET entry, because it is an L1 only router and therefore has no L2 area routes to display. The show isis route command shows the L1 routes to IS-IS neighbors. R1 has visibility of the other L1 routers in its area. The L1L2 routers appear in the L1 routing table by virtue of their L1 connection. There is a note at the end of their entry to show that they also act as L2. The closest L1L2 router also appears as the default route out of area. Again, the next-hop IS, its SNPA, is the interface over which that next hop is reached. The cumulative metric to that destination is shown for all IS routes. The neighbors show that their state is ’up’ and the Hello process has established an adjacency.

The command show clns route shows the local NET entry. This command also shows the L2 routes to its own area and the neighbor areas. Notice that L2 regards the route to the area of R2 as being through itself. This further emphasizes that the L1 and L2 processes operate separately. The command show isis routes shows the IS-IS neighbors. Next, the which-route command in the context of L1 and L2 will be explored. The which-route command is an alternative method of finding the route to a destination NET or NSAP. The command is entered on the L1 only router, R1.The command returns the next hop to the destination and states whether the destination is reachable by L1 or by the default exit point to L2. Executing the which-route command on an L2 router specifies the next hop. It also states that the route was matched by an entry from the CLNS L2 routing table.

Building the IP Forwarding Table
So far, the process and outputs have referred to the OSI part of the IS-IS process. These are the same as for pure OSI IS-IS routing. However, in the IP world, when running Integrated IS-IS, IP information is included in the LSPs. IP reachability behaves in IS-IS as if it were ES information. IP information takes no part in the calculation of the SPF tree. It is simply information about leaf connections to the tree. Therefore, updating the IP reachability is only a PRC. This is similar to ES reachability. IP routes are generated by the PRC and offered to the routing table. Here they will be accepted based on routing table rules comparing, for example, administrative distance. When entered in the routing table, IP IS-IS routes are shown as being by way of Level 1 or Level 2, as appropriate. The separation of IP reachability from the core IS-IS network architecture gives Integrated IS-IS better scalability than, for example, OSPF. OSPF sends LSAs for individual IP subnets. If an IP subnet fails, then the LSA is flooded through the network. In all circumstances, all routers must run a full SPF calculation. In Integrated IS-IS, the SPF tree is built from CLNS information. If an IP subnet fails in Integrated IS-IS, the LSP is flooded as it is for OSPF. However, if this is a leaf IP subnet, meaning the loss of the subnet has not affected the underlying CLNS architecture, then the SPF tree is unaffected. Only a PRC will take place.

The IP routing table, a pure entity, will now be looked at. The output for the show ip route command shows the IS-IS routes chosen by the SPF algorithm, from the IS-IS LSP database, to populate the IP routing table. The "i" indicates that the route was sourced from IS-IS. "L1" and "L2" show whether the IS-IS path to these destination IP networks is by way of IS-IS L1 or L2 routing. The next-hop IP addresses are matched from the corresponding next-hop IS-IS neighbor routers. Notice the metric is ten (10) for each route because ten is the Cisco default for the IS-IS metric over a link.

7.5.1 Basic configuration of Integrated IS-IS

As with any routing protocol, the first step is to plan out the logical topology, the addressing scheme, and the participating interfaces. Once this initial step is complete, Integrated IS-IS can be configured on the network.

To enable Integrated IS-IS on a router for IP routing is easy. There are many more commands used to tune the IS-IS processes. However, only the following three commands are required to start Integrated IS-IS:

* Enable IS-IS as an IP routing protocol, using the command router isis, and assign a tag if there are multiple IS-IS processes. If the tag is omitted, a tag of zero (0) is assumed.
* Identify the router for IS-IS by assigning a NET to the router with the net command.
* Enable IS-IS on the interfaces participating in IS-IS, using the command ip router isis. This is slightly different to most other IP routing protocols where the participating interfaces are specified by network statements. There is no network statement under the IS-IS process. If there are multiple IS-IS processes, interfaces must state which process they belong to by specifying the appropriate tag.

These commands enable Integrated IS-IS on the router. However, further commands may be required to tune the IS-IS operation.

To troubleshoot Integrated IS-IS, even in an IP-only world, requires some investigation of CLNS data. For example, the IS-IS neighbor relationships are established over OSI, not over IP. To view IS-IS neighbors requires using the show clns neighbors command. Two ends of a CLNS adjacency can actually have IP addresses on different subnets, with no impact on the operation of IS-IS. However, IP next-hop resolution could be an issue.


When enabling IS-IS on a loopback interface, the loopback is usually configured as passive in router isis configuration mode. This is to prevent sending unnecessary Hello packets out the loopback. This is because there is no chance of finding a neighbor behind the loopback interface.

Figure shows a simple topology with three routers in area 49.0001. The pertinent configuration for each of the routers is displayed in Figure.

Informative show command output for this topology is displayed in Figures.

For added security, configure IS-IS passwords for areas or domains. The area authentication password is inserted in L1, which is the station router level, LSPs, CSNPs, and PSNPs. The routing domain authentication password is inserted in L2, which is the area router level, LSPs, CSNPs, and PSNPs. To configure area or domain authentication passwords, respectively, use the following commands in router configuration mode:

area-password password


domain-password password

Authentication for an interface can also be configured using the isis password interface configuration command. This command gives the ability to prevent unauthorized routers from forming adjacencies with this router, and therefore, protects the network from intruders. The password is exchanged as plain text and in this way provides only limited security. Different passwords can be assigned for different routing levels using the level-1 and level-2 keyword arguments. Specifying the level-1 or level-2 keyword enables the password only for L1 or L2 routing, respectively.

Lastly, as with OSPF, aggregate addresses can be created with IS-IS, which are represented in the routing table by a summary address. One summary address can include multiple groups of addresses for a given level. Routes learned from other routing protocols can also be summarized. The metric used to advertise the summary is the smallest metric of all the more specific routes. To create a summary of addresses for a given level, use the command summary-address address mask {level-1 level-1-2 level-2} in router configuration mode.

7.5.2 Multiarea Integrated IS-IS configuration

This section expolres a simple multi-area Integrated IS-IS scenario. The configuration commands shown in Figure provide IP routing using the IS-IS routing protocol. In the show ip route command output examples given below, it can be seen that IS-IS automatically adds a default route to the routing tables of both Rtr-A and Rtr-D.

Rtr-A#show ip route
Gateway of last resort is to network

C is directly connected, FastEthernet0/0 is subnetted, 2 subnets
i L1 [115/10] via, FastEthernet0/0
C is directly connected, Loopback0
i L1 [115/20] via, FastEthernet0/0
i*L1 [115/10] via, FastEthernet0/0

Rtr-D#show ip route
Gateway of last resort is to network

C is directly connected, FastEthernet0/0 is subnetted, 2 subnets
i L1 [115/10] via, FastEthernet0/0
C is directly connected, Loopback0
i*L1 [115/10] via, FastEthernet0/0

By default, Cisco IOS enables both L1 and L2 operations on IS-IS routers. If a router is to operate only as an area router, or only as a backbone router, this can be specified by entering the is-type command in IS-IS router configuration mode. To specify that the router will act only as an area or L1 router, specify is-type level-1. To specify that the router will act only as a backbone or L2 router, specify is-type level-2-only. Rtr-A and Rtr-D use the is-type level-1 command.

Although the router may be an L1L2 router, it may be required to only establish L1 adjacencies over certain interfaces and only L2 adjacencies over other interfaces. The interface command isis circuit-type can specify either level-1 or level-2-only. If this is not specified, the IOS will attempt to establish both types of adjacencies over the interface. The Rtr-C configuration uses the isis circuit-type command. Notice that L1 adjacencies cannot form between areas. The isis circuit-type command has not been applied to interface Fa0/0 on Rtr-B. The optimal configuration would include the isis circuit-type level-1 command on this interface so as to avoid an attempt by Rtr-B to form an L2 adjacency with Rtr-A. This would fail anyway because Rtr-A is configured with the IS-IS router mode command is-type level-1.

Unlike some other IP protocols, IS-IS takes no account of line speed or bandwidth when setting its link metrics. All interfaces are assigned a metric of ten (10). To change this value, use the interface command isis metric level-1 | level-2. The metric can have different values for Level 1 and Level 2 over the same interface. The isis metric interface command is not used in the scenario presented in this section.

The show clns command indicates Rtr-B is running IS-IS in IP only mode. This is because none of the interfaces are configured with the clns router isis command. This would force the router to begin forwarding CLNP packets. Despite the fact that CLNS is not being routed, the show protocol output appears to contradict this. The output says, "CLNS routing is enabled" and it says, "CLNS enabled" on each of the FastEthernet0/0 and Serial0/1 interfaces. However, CLNP packets are not being routed, as verified by the show clns traffic output.

The show isis database command output in Figure shows the automatic setting of the attached bit (ATT) by Rtr-B. Rtr-B is an L1L2 router, so it has both a L1 and an L2 topoloogy table. The ATT bit set in the L1 table indicates that it is a potential exit point for the area. The output of show isis database detail command in Figure shows the IS-IS information as well as the IP information for the router.

The show clns traffic output allows CLNS traffic statistics to be analyzed. For this command output, keep the following in mind:

* LSPs sourced indicates stability of IS
* LSP retransmissions should stay low
* Partial route calculations (PRCs) cannot be checked elsewhere
* LSP checksum errors are a bad sign
* Update queue should not stay full
* Update queue should not drop much

The debug isis spf-triggers command is useful for determining the cause, or trigger, for an SPF calculation.

Figure gives a quick summary of some useful Integrated IS-IS troubleshooting show commands. Figures , , , , , , and provide some imscellaneous IS-IS show and debug output for this scenario.

7.6.1 Point-to-point and point-to-multipoint operation with IS-IS

WANs are typically implemented as either point-to-point or point-to-multipoint. WANs do not support broadcasts, thus the term NBMA.

Point-to-point WANs can be leased circuits between two routers. A point-to-point WAN has two devices attached, one device at each end of the circuit. Such links commonly run Cisco HDLC or Point-to-Point Protocol (PPP). These WAN links correspond exactly to the Integrated IS-IS classification of a point-to-point network.


A point-to-point circuit is still regarded as an NBMA network, just as a back-to-back Ethernet connection is still a LAN. Both are examples of multiple access networks that have only two devices attached.

Dialup networks using dial-on-demand routing (DDR) can be configured as either point-to-point or point-to-multipoint WANs. Legacy DDR connections using dialer map statements are NBMA networks, despite the fact that they may use PPP as their line protocol. This is because a single dialer interface can support multiple destinations. Dialer profiles and dialer virtual profiles are point-to-point connections, where one dialer profile equates to one remote profile. These connections can suffer from the same loss-of-neighbor delays as other NBMA networks. Dialer virtual profiles are point-to-point connections where the interface drops immediately if the remote end disconnects, leading to faster neighbor loss detection and faster convergence. Dial interfaces and dialer profiles are not dealt with in this course. As a general rule, avoid using IS-IS over dialup, except to provide dial backup functionality.

IS-IS can work only over NBMA clouds, such as Frame Relay, configured with a full mesh. Anything less than a full mesh could create serious connectivity and routing issues. However, even if a full mesh is configured, this is no guarantee that a full mesh will exist at all times. A failure in the underlying switched WAN network, or a misconfiguration on one or more routers, could break the full mesh either temporarily or permanently.

Avoid NBMA multipoint configurations for IS-IS networks. Use point-to-point subinterfaces instead.

Point-to-point interfaces should usually be explicitly configured with an IP subnet. In IOS release 12.2 or later, a 31-bit mask can be used. For earlier IOS releases, a 30-but mask is applied. In modern IP networks using private addressing and variable length subnetting, there are usually plenty of spare IP addresses to apply to point-to-point interfaces. Alternatively, in conformance with RFC 1195, IP unnumbered can be used with IS-IS on point-to-point interfaces.

Recall that, on a point-to-point link, a single IIH PDU type is used. These IIHs specify whether the adjacency is L1, L2, or both. When the adjacency is established, each neighbor sends a CSNP describing the contents of its link-state database. Each router then requests any missing LSPs from the neighbor using PSNPs and acknowledges the receipt of the LSPs with PSNPs. This activity reduces the amount of routing traffic across the point-to-point link. Each router exchanges only the information missing from its link-state database rather than the entire link-state database of its neighbor router.

7.6.2 Configuring Integrated IS-IS in a WAN environment

To enable IS-IS over switched WAN media, do the following:

* Start the IS-IS process and assign NETs as usual
* On each NBMA interface issue the following:
o Design a mesh between the NBMA peers, whether full or partial.
o Configure point-to-point subinterfaces for each NBMA VC and assign IP addresses.
o Define the mapping of network protocols and addresses to the VC. If manual mappings are used, for example, x25 map, frame-relay map, then the CLNS mapping must specify broadcast. This is to support routing updates. However, the IP mapping does not require this. It is used only for next-hop resolution.
o Start IS-IS processing on the subinterface with the ip router isis command. This command must not be used on the main interface or that multipoint interface will generate a pseudonode LSP for itself.
* Use integrated IS-IS timer and blocking command to control flooding of link-state information. Use Integrated IS-IS timer and blocking commands.

To illustrate IS-IS configuration in a WAN environment, this IS-IS module ends with a Frame Relay point-to-point scenario and a Frame Relay point-to-multipoint scenario.

7.6.3 Frame Relay point-to-point scenario with Integrated IS-IS

Look at the example of a router network connected over Frame Relay using point-to-point subinterfaces. Each Frame Relay permanent virtual circuit (PVC) is treated as its own point-to-point network, with its own IP addresses. The example is of a hub-and-spoke network topology. It is important to note that the spoke routers are also configured with point-to-point subinterfaces, even though, unlike the hub router, they use only one VC. This is the best practice in general for all routing protocols. It allows further VCs to be added without affecting the existing VC. This practice is imperative for IS-IS. A main interface is a multipoint interface, even if it happens to have only one VC configured. If the single VC were configured under a main interface, IS-IS would treat this as a broadcast network and attempt to elect a DIS. Also, an adjacency would not be established because the multipoint end would send broadcast-network-style Hello PDUs, but the point-to-point end would send point-to-point Hello PDUs.

The hub router configuration is shown in Figure .

The encapsulation type, Frame Relay, is set under the main interface of Serial0/0. No IP or IS-IS configuration is included under the main interface. Three subinterfaces are defined, one for each VC. Each subinterface specifies the following:

* The IP address for that point-to-point link, which is a different subnet for each subinterface.
* Integrated IS-IS, ip router isis, as the routing protocol over that subinterface.
* The VC to use for that point-to-point subinterface, using the frame-relay interface-dlci command. This is the only command needed to enable both IP and CLNS across this VC. The router automatically enables, across this VC, all the protocols that are enabled on the point-to-point subinterface. With this configuration, the subinterface will automatically forward routing updates, as is the case when using the broadcast keyword with a Frame Relay map.

Notice that no Frame Relay maps are used in this scenario, since point-to-point interfaces are used.

The show frame-relay map command displays the status of each Frame Relay VC as follows:

* Status defined means it has been configured on the Frame Relay switch, and active indicates that this VC is operational.
* Type is point-to-point, meaning it has been assigned to a point-to-point subinterface.
* Assigned subinterface, for example, Serial0/0.1
* VC identification, for example, DLCI 100.
* Whether it supports broadcast packets, such as RIP Version 1 routing packets.

The debug isis adj-packet command shows neighbor relationship establishment across one of the subinterfaces, Serial0/0.1, sending and receiving point-to-point IIH PDUs and declaring the adjacency "up". Ongoing Hello conversations for the other subinterfaces are also shown.

7.6.4 Frame Relay point-to-multipoint scenario with Integrated IS-IS

In this scenario, all the Frame Relay ports are configured as multipoint interfaces. They are configured either as a multipoint subinterface, on the hub router R4, or as a main interface on the other routers. All interfaces share the same IP subnet in a multipoint configuration. In a multipoint environment with IS-IS, it is important that a full mesh be implemented. Therefore, all other routers will also have VCs interconnecting them, although these are not shown in the diagram. If this were a true hub-and-spoke environment, and the spoke sites had no need to communicate to each other, this topology could work with only the indicated DLCIs. In this case, the hub router must become the DIS for the NBMA network, as it is the only router visible to all others. A suitable IS-IS priority should be set on the Frame Relay interface of the hub router using the isis priority command. Routes would be installed in each spoke router toward the other spoke routers by way of their local IP addresses. However, packets to these destinations would be dropped, as there are no direct VCs between the spokes.

This point-to-multipoint scenario shows the configuration of the multipoint interface on the R4 hub router. In a multipoint environment, IP and CLNS maps must be configured separately. The frame-relay interface-dlci command is used to enable IP across the Frame Relay PVCs. Inverse ARP will automatically resolve the remote end IP addresses. On a point-to-point subinterface, this command enables all traffic, but in a multipoint environment this enables only IP. Alternatively, the IP maps could be entered explicitly using frame-relay map ip . In this case, the "broadcast" keyword is not necessary for IP, as only directed IP packets will use this VC. To enable CLNS, which must be done separately from IP in a multipoint environment, the frame-relay map clns command is used. CLNS is used for the IS-IS routing packets and therefore the "broadcast" keyword must be specified. Finally, the same monitoring commands used for the point-to-point example yield slightly different output in the point-to-multipoint environment. The show frame-relay map command again displays the status of each Frame Relay VC. This time separate entries are created as follows for the IP and CLNS mappings, even though they use the same VC:

* The CLNS map shows that it is created as a static map and that "broadcast" was specified.
* The IP map is dynamic because the IP address was resolved by inverse ARP.

The debug isis adj-packet command again shows the neighbor relationship establishment. However this time the adjacency uses LAN IIH PDUs because this is a multipoint environment. Keep in mind that the preferred configuration for Integrated IS-IS in a WAN environment is to configure all interfaces as point-to-point subinterfaces. This avoids the full mesh required with the point-to-multipoint option. The point-to-multipoint option results in weak network stability. Having one PVC go down can have a domino effect on the WAN. This points out one major difference between OSPF and IS-IS configuration.

7.6.5 Detecting mismatched interfaces with Integrated IS-IS

One important skill to develop with Integrated IS-IS configuration and troubleshooting is to be able to identify a problem resulting from mismatched interfaces in an NBMA environment.

An example of a misconfiguration would be configuring one end of a link, on router R2, to be specified as a point-to-point subinterface.The other end, router R4, is to be used as a point-to-multipoint interface. Issuing the show clns neighbors on each router shows a mismatch. R2, the point-to-point end router, shows the adjacency as "up". R4, the multipoint end, shows the adjacency as stuck in the "init" state. The misconfiguration results from the fact that the two ends of the VC are set to different network types. The point-to-point end sends serial IIH PDUs and the multipoint end sends LAN IIH PDUs, so an adjacency cannot form.

The ISO standard defines a three-way handshake, an agreement, for initiating LAN adjacencies as follows:

* The adjacency starts in the "down" state. The IS sends out LAN IIH PDUs, identifying itself.
* If a LAN IIH PDU is received, the adjacency is installed in the init state. This router then sends out an IIH PDU to the neighbor, including the SNPA of the neighbor in the Hello packet. The neighbor does the same thing with the SNPA on this router.
* The IS receives a second IIH from the neighbor router with its own SNPA identified in the packet. On receipt of this, the IS understands that the new neighbor knows of its presence and therefore declares the adjacency "up".

According to the ISO standard, ISO 10589, this process is omitted for a point-to-point adjacency. However, Cisco IOS implements the same three-way handshake by adding a point-to-point adjacency state TLV, TLV 240, in the serial Hello PDUs. In a similar manner to the LAN adjacency, the router checks for its own SNPA in the neighbor's Hello PDU before declaring the adjacency "up".

The result of the example mismatch depends on the IOS release. Prior to release 12.1(1)T the results were as follows:

* R4, the multipoint router, receives the point-to-point Hello PDU from R2 but treats it as a LAN Hello PDU and puts the adjacency in the init state. R4 looks for its own SNPA in the received Hello PDUs but never finds it. In a LAN Hello PDU this would be identified in TLV 6 as IS Neighbors, but this TLV is not present in a serial Hello PDU. Therefore, the adjacency remains in the init state.
* R2, the point-to-point router, receives a LAN Hello PDU and treats it as a point-to-point Hello PDU. It checks the Hello PDU for a TLV 240, point-to-point adjacency state, and fails to find one. For backward compatibility, or perhaps to allow the link to be made to a non-Cisco IS-IS device, the router assumes this is an ISO-specified point-to-point link. R2 ignores the Cisco three-way handshake and allows the adjacency to establish, setting it to "up".

Since Release 12.1(1)T the results are as follows:

* R4, the multipoint router, receives the point-to-point Hello PDU, realizes it is the wrong Hello type, and installs the neighbor as an ES. R4 would show R2 in the show clns neighbors with protocol "ES-IS".
* R2, the point-to-point router, receives the LAN Hello PDU, recognizes the mismatch, and ignores the neighbor. R4 would not appear at all in the show clns neighbors output of R2. A debug isis adj-packets output shows the incoming LAN IIH PDU and R2 declaring the mismatch.

7.7.1 Configuring basic Integrated IS-IS

7.7.2 Multiarea Integrated IS-IS

7.7.3 Configuring IS-IS over Frame Relay


Once this module is complete, the student should have a firm understanding of the following concepts:

* CLNS addressing
* IS-IS operation in a CLNS environment
* Types and functions of PDUs in IS-IS routing
* Integrated IS-IS operation in an IP and CLNS environment
* Default behavior of Integrated IS-IS routing and the role of the attached bit, the overload bit, and route leaking
* Integrated IS-IS in an NBMA environment
* Configuration of IS-IS in single and multiple areas, L1 and L2 circuit types, authentication, and route summarization
* Monitoring an Integrated IS-IS network with show and debug commands

IS-IS is a versatile routing protocol used in many very large ISPs. The natural scalability of IS-IS makes it a great choice for modern large-scale IGP network deployments. IS-IS uses the SPF algorithm, just as OSPF, but requires less SPF calculations as a result of its ability to handle PRCs. IS-IS has established a firm foothold in many networks comprising the Internet and it will not be surprising if its presence expands in the years to come.

by sdominguez.com

  • prepara tu examen ccna.
  • prepara tu examen ccnp.
  • prepara tu certificacion ccnp.
  • prepara tu certificacion ccna.
  • prepara tu examenes ccna.
  • prepara tu examenes ccnp.
  • prepara tu certificaciones ccnp.
  • prepara tu certificacion ccna.

No hay comentarios: