Configuring IS-IS Capabilities

Previous page
Table of content
Next page


The Cisco implementation of IS-IS provides numerous configuration options for enabling various IS-IS capabilities and modifying protocol parameters both globally and on a per-interface basis. This section presents some of these configuration options, such as advertising default routes, route summarization, and enabling authentication. Route leaking and IS-IS multi-area support are features recently introduced into the Cisco IS-IS implementation. The essence of these features and basic configurations are discussed briefly .

For a current and more complete list of IS-IS configuration options available in the Cisco IOS Software, see the Cisco Configuration Guide at www.cisco.com.

Advertising the IP Default Route in IS-IS

In the original protocol design of IS-IS, Level 1 areas are stubs and Level 1-only routers automatically install a default route to the nearest Level 1-2 router in the area. Level 1-2 routers set the ATT bit in the Level 1 LSPs they advertise into their native areas. TheATT-bit setting in LSPs provide a clue to Level 1-only routers about Level 2-capable routers in the area.

The Level 2 routers connected to the IS-IS backbone are expected to know about all routes in the IS-IS domain and do not set any automatic defaults. To advertise a default route into the IS-IS backbone requires the router-level default-information originate command. When configured on a router, the command inserts the IP prefix 0.0.0.0/0 as the default route into its Level 2 LSP targeted at the other Level 2 routers in the domain. The default is advertised into the backbone, whether the router has prior or no knowledge of a default route from another source.

Example 9-6, which is based on Figure 9-9, shows the configuration and application of the default-information originate command. Notice the default entry in the output of the show isis database command in Example 9-6.

Figure 9-9. Diagram for Example 9-6.

graphics/09fig09.gif

Example 9-6 The default-information originate Command 
 RT1#  show running-config  [snip] Hostname RT1 ! router isis default-information originate net 49.0001.0000.0000.0001.00 [snip] RT2#  show isis database detail RT1.00-00  IS-IS Level-2 LSP RT1.00-00 LSPID                 LSP Seq Num   LSP Checksum   LSP Holdtime      ATT/P/OL RT1.00-00             0x000000E1    0x7A1E         651               0/0/0   Area Address: 49.0001   NLPID:        0xCC   Hostname: RT1   IP Address:   10.1.1.1   Metric: 10         IS RT1.01   Metric: 10         IS RT2.00  Metric: 0          IP 0.0.0.0 0.0.0.0  Metric: 10         IP 10.1.1.1 255.255.255.255   Metric: 10         IP 192.168.1.0 255.255.255.252

Redistribution

Cisco IOS Software allows IP routes from other routing sources to be imported into IS-IS. Examples of the external sources are static routes, the Routing Information Protocol (RIP), and the Open Shortest Path First Protocol (OSPF). The IP external reachability TLV is used for adding external routes into the IS-IS domain. Even though RFC 1195 specifies the IP external reachability for only Level 2 LSPs, Cisco IOS Software provides a special capability for using them in Level 1 LSPs, which allows external routes into a Level 1 area.

Most service provider networks use IS-IS as the IGP in large single-area Level 1-only or Level 2-only domains. For those with Level 1-only backbones, the capability to redistribute into Level 1 provides flexibility to import external routes into the IS-IS domain. Even though this behavior is not standardized, it should not pose interoperability issues with other vendor routers because both existing IS-IS standards, ISO 10589 and RFC 1195, require IS-IS implementations to ignore unsupported or unknown optional TLVs encountered while parsing IS-IS packets.

The IOS router-level command redistribute enables redistribution. This command takes on other options, such as metric value, metric type, route map, and so on. In the Cisco implementation of IS-IS, CLNS static routes are automatically distributed into IS-IS. However, IP static routes are redistributed only by manual configuration.

When static IP routes need to be redistributed, the redistribute command requires the keyword ip to go with it, in addition to the other arguments previously mentioned. The metric type for external routes can be either internal or external. Internal metrics are comparable to metrics used for internal routes. External metrics require the I/E bit (bit 7) of the metric field to be set in addition to the actual metric, resulting in higher metric values. In current Cisco IOS Software releases, when using narrow metrics, bit 8 of the default metric field is set for external metrics, resulting in an increase of the metric value by 128.

By default, the internal metric type is assigned if nothing is specified in the configuration. Also, the external routes are added into Level 2 unless Level 1 is explicitly stated in the configuration. Figure 9-10 illustrates basic examples of redistribution in IS-IS. In Example 9-7, only the ip keyword is used with the redistribute command.

Figure 9-10. Network topology for IS-IS route redistribution examples.

graphics/09fig10.gif

Example 9-7 Configuring Basic Route Redistribution in IS-IS 
 RT1#  conf t  Enter configuration commands, one per line.  End with CNTL/Z. RT1(config)#router isis RT1(config-router)#redistribute static ip RT1(config-router)#^Z RT1#  show running-config  [snip] router isis  redistribute static ip metric 0 metric-type internal level-2  net 49.0001.0000.0000.0001.00 ! ip route 172.16.1.0 255.255.255.0 Null0 [snip]

The following output from RT1 (see Example 9-8) displays the contents of its own Level 1 and Level 2 LSPs. In Example 9-7, note that internal metric type has been assigned by default and the metric applied is 0. Example 9-8 shows that the external static route has been added to only the Level 2 LSP.

Example 9-8 LSP Contents in Case of Simple Redistribution 
 RT1#  show isis database RT1.00-00 detail  IS-IS Level-1 LSP RT1.00-00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL RT1.00-00           * 0x00000DB0   0xEB25           979                 1/0/0   Area Address: 49.0001   NLPID:        0xCC   Hostname: RT1   IP Address:   10.0.0.1   Metric: 10         IP 10.1.1.0 255.255.255.0   Metric: 10         IP 10.0.0.1 255.255.255.255   Metric: 10         IP 192.168.1.0 255.255.255.252   Metric: 10         IS RT1.02   Metric: 10         IS RT1.01   Metric: 0          ES RT1 IS-IS Level-2 LSP RT1.00-00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL RT1.00-00           * 0x00000E3D   0x6F45            977               0/0/0   Area Address: 49.0001   NLPID:        0xCC   Hostname: RT1   IP Address:   10.0.0.1   Metric: 10         IS RT1.02   Metric: 10         IS RT1.01   Metric: 10         IS RT2.00  Metric: 0          IP-External 172.16.1.0 255.255.255.  0   Metric: 10         IP 10.1.1.0 255.255.255.0   Metric: 10         IP 10.0.0.1 255.255.255.255   Metric: 10         IP 192.168.1.0 255.255.255.252

In Example 9-9, the metric type is explicitly set to external in the configuration, but no metric value is applied. As explained previously, the I/E bit needs to then be set for the external metric type, effectively increasing the metric value by 64. However, Cisco IOS Software sets bit 8 of the narrow metric instead of bit 7, consequently adding 128 instead to the original value of 0. The Level 2 LSP displayed in Example 9-9 shows 128 as the metric value for the external route, 172.16.1.0/24.

Example 9-9 Configuring Redistribution with External Metrics 
 RT1#  conf t  Enter configuration commands, one per line.  End with CNTL/Z. RT1(config)#router isis RT1(config-router)#redistribute static ip metric-type external RT1(config-router)#^Z RT1#  show running-config  [snip] router isis  redistribute static ip metric 0 metric-type external level-2  net  49.0001.0000.0000.0001.00 ! ip route 172.16.1.0 255.255.255.0 null 0 [snip] RT1#  show isis database level-2 RT1.00-00 detail  IS-IS Level-2 LSP RT1.00-00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL RT1.00-00           * 0x00000E44   0x7FAD        703               0/0/0   Area Address: 49.0001   NLPID:        0xCC   Hostname: RT1   IP Address:   10.0.0.1   Metric: 10         IS RT1.02   Metric: 10         IS RT1.01   Metric: 10         IS RT2.00  Metric: 128      IP-External 172.16.1.0 255.255.255.  0   Metric: 10         IP 10.1.1.0 255.255.255.0   Metric: 10         IP 10.0.0.1 255.255.255.255   Metric: 10         IP 192.168.1.0 255.255.255.252

The IP routing table output from RT2 shows the external route, 172.16.1.0/24, which was redistributed from a static source into IS-IS on router RT1 (see Example 9-10). The metric entered for this route, 138, is the total of the metric on the outgoing interface from RT2to RT1 (10) plus the metric of 128 advertised by RT1. Other routes received from RT1 (10.0.0.1/32 and 10.1.1.0/24) are registered with a metric of 20 (10 advertised by RT1 and additional 10 for the metric from RT2 to RT1).

Example 9-10 Representation of External IS-IS Routes in the IP Routing Table 
 RT2#  show ip route  172.16.0.0/24 is subnetted, 2 subnets  i L2    172.16.1.0 [115/138] via 192.168.1.1, Serial0/  0      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C       10.0.0.2/32 is directly connected, Loopback0 i L2    10.1.1.0/24 [115/20] via 192.168.1.1, Serial0/0 C       10.2.2.0/24 is directly connected, Ethernet0/0 i L2    10.0.0.1/32 [115/20] via 192.168.1.1, Serial0/0      192.168.1.0/30 is subnetted, 1 subnets C       192.168.1.0 is directly connected, Serial0/0

The route-map option of the redistribute command provides more flexibility for configuring redistribution, such as selective importation of external routes into the IS-IS environment, applying special tags, and even setting the metric of redistributed routes. When used for selective importation of routes into IS-IS, route maps provide a filtering effect by controlling which elements from an external source are allowed or denied into IS-IS. Examples 9-11a and 9-11b show redistribution with route maps. In the first example, static routes are redistributed into IS-IS while filtering through the route map TEST. Route map TEST matches the static routes against access list 1, which permits only 172.16.2.0/24 into the IS-IS environment. RT1's LSP is shown from RT2. Also shown is the routing table of RT2.

In Example 9-11b, the route map approach is used to set the metric for routes imported into IS-IS.

Example 9-11a Using Route Maps to Filter External Routes 
 RT1#  show running-config  ! router isis  redistribute static ip metric 0 route-map TEST metric-type external level-2  net 49.0001.0000.0000.0001.00 ! ip route 172.16.1.0 255.255.255.0 Null0 ip route 172.16.2.0 255.255.255.0 Null0 ! access-list 1 permit 172.16.2.0 ! route-map TEST permit 10  match ip address 1 RT2#  show isis database level-2 RT1.00-00 detail  IS-IS Level-2 LSP RT1.00-00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL RT1.00-00             0x00000E62   0x8588        1026              0/0/0   Area Address: 49.0001   NLPID:        0xCC   Hostname: RT1   IP Address:   10.0.0.1   Metric: 10         IS RT1.02   Metric: 10         IS RT1.01   Metric: 10         IS RT2.00   Metric: 128      IP-External 172.16.2.0 255.255.255.0   Metric: 10         IP 10.1.1.0 255.255.255.0   Metric: 10         IP 10.0.0.1 255.255.255.255   Metric: 10         IP 192.168.1.0 255.255.255.252 RT2#  show ip route  172.16.0.0/24 is subnetted, 1 subnets i L2    172.16.2.0 [115/138] via 192.168.1.1, Serial0/0      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C       10.0.0.2/32 is directly connected, Loopback0 i L2    10.1.1.0/24 [115/20] via 192.168.1.1, Serial0/0 C       10.2.2.0/24 is directly connected, Ethernet0/0 i L2    10.0.0.1/32 [115/20] via 192.168.1.1, Serial0/0      192.168.1.0/30 is subnetted, 1 subnets C       192.168.1.0 is directly connected, Serial0/0
Example 9-11b Setting the Metric with a Route Map 
 RT1#  show running-config  ! router isis  redistribute static ip route-map SETMETRIC  net 49.0001.0000.0000.0001.00  is-type level-1  metric-style wide ! route-map SETMETRIC permit 10  set metric 1000  set level level-1 RT1#  show isis database detail RT1.00-00 level-1  IS-IS Level-1 LSP RT1.00-00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL RT1.00-00         * 0x00000E56   0x0A4C             1128                      0/0/0   Area Address: 49   NLPID:        0xCC   Hostname: RT1   IP Address:   10.0.0.1   Metric: 10         IS-Extended RT1.02   Metric: 10         IS-Extended RT1.01   Metric: 10         IS-Extended RT2.00   Metric: 1000         IP 10.1.1.0 255.255.255.0   Metric: 1000         IP 10.0.0.1 255.255.255.255   Metric: 1000         IP 192.168.1.0 255.255.255.252

IP Route Summarization

An IS-IS router can be configured to summarize IP routes into Level 1, Level 2, or both, at the same time, with the following router-level configuration command: summary-address <prefix> [level-1level-2level-1-2]. By default, summaries go into Level 2 if no routing level option is indicated. An illustration of how summarization is configured and its operation is provided by the series of outputs shown in Example 9-13, which is based on Figure 9-11. The set of outputs in Example 9-12 depict the scenario where summarization is not configured yet on RT1, which has three interfaces: loopback 0, Ethernet0/0, and Serial0/0. Example 9-12 shows the LSP for RT1 as captured on RT2 and the routing table on RT2. The route of interest, 11.1.1.0/24, is not summarized here; however, it is summarized in Example 9-13 into 11.1.0.0/16.

Figure 9-11. Network diagram for summarization example.

graphics/09fig11.gif

Example 9-12 IS-IS Configuration Without Summarization 
 RT1  #show running-config  interface loopback 0  ip address 10.0.0.1 255.255.255.255  ip router isis ! interface Ethernet0/0  ip address 11.1.1.1 255.255.255.0  ip router isis ! interface Serial0/0  ip address 192.168.1.1 255.255.255.252  ip router isis router isis  net 49.0001.0000.0000.0001.00 RT2  #show isis database level-2 RT1.00-00  IS-IS Level-2 LSP RT1.00-00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL RT1.00-00             0x00000E62   0x8588              1026                     0/0/0   Area Address: 49.0001   NLPID:        0xCC   Hostname: RT1   IP Address:   10.0.0.1   Metric: 10         IS RT1.02   Metric: 10         IS RT1.01   Metric: 10         IS RT2.00   Metric: 10  IP 11.1.1.0 255.255.255.0  Metric: 10         IP 10.0.0.1 255.255.255.255   Metric: 10         IP 192.168.1.0 255.255.255.252 RT2  #show ip route  10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C       10.0.0.2/32 is directly connected, Loopback0 C       10.2.2.0/24 is directly connected, Ethernet0/0 i L2    10.0.0.1/32 [115/20] via 192.168.1.1, Serial0/0      11.0.0.0/24 is subnetted, 1 subnets  i L2    11.1.1.0 [115/20] via 192.168.1.1, Serial0/0  192.168.1.0/30 is subnetted, 1 subnets C       192.168.1.0 is directly connected, Serial0/0
Example 9-13 IS-IS Configuration with Summarization 
 RT1#  show running-config  ! router isis  summary-address 11.1.0.0 255.255.0.0  net 49.0001.0000.0000.0001.00 RT2#  show isis dat l2 RT1.00-00 det  IS-IS Level-2 LSP RT1.00-00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL RT1.00-00             0x00000E68   0x0D4A            1193          0/0/0   Area Address: 49.0001   NLPID:        0xCC   Hostname: RT1   IP Address:   10.0.0.1   Metric: 10         IS RT1.02   Metric: 10         IS RT1.01   Metric: 10         IS RT2.00   Metric: 10         IP 10.0.0.1 255.255.255.255  Metric: 10         IP 11.1.0.0 255.255.0.0  Metric: 10         IP 192.168.1.0 255.255.255.252 RT2#  show ip route  10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C       10.0.0.2/32 is directly connected, Loopback0 C       10.2.2.0/24 is directly connected, Ethernet0/0 i L2    10.0.0.1/32 [115/20] via 192.168.1.1, Serial0/0      11.0.0.0/16 is subnetted, 1 subnets  i L2    11.1.0.0 [115/20] via 192.168.1.1, Serial0/0  192.168.1.0/30 is subnetted, 1 subnets C       192.168.1.0 is directly connected, Serial0/0

Secondary Addresses, Unnumbered Interfaces, and Tunneling Configurations

This section discusses IS-IS configuration on routers with secondary IP subnets, IP unnumbered interfaces, and IP tunnel interfaces. The outputs in Examples 9-13, 9-14, and 9-15 feature the respective configurations and LSPs of the routers involved.

Configuring IS-IS on Routers with Secondary IP Subnets

No special configuration is required to advertise secondary IP subnets from IS-IS-enabled interfaces by the IS-IS process. Note that the IS-IS configuration does not require IP network statements, and IP subnets on interfaces where IS-IS routing is enabled are automatically added to LSPs by way of IP internal reachability or extended IP reachability TLVs. Example 9-14, which is based on Figure 9-12, shows the configuration of RT1 with a secondary IP subnet. Also shown is the corresponding LSP of RT1.

Figure 9-12. Network diagram for Example 9-14.

graphics/09fig12.gif

Example 9-14 Secondary IP Subnet Configuration 
 RT1 (config-if)#  ip address 11.1.1.1 255.255.255.0 secondary  RT1 (config-if)#^Z RT1#  show running-config  [snip] Interface Ethernet0/0  Ip address 11.1.1.1 255.255.255.0 secondary  Ip address 10.1.1.1 255.255.255.0 ! Interface Serial0/0  Ip address 192.168.1.1 255.255.255.252  No ip directed-broadcast  Ip router Isis ! Router Isis  Net 49.0001.0000.0000.0001.00 ! [snip] RT1  #show Isis database level-1 RT1.00-00 detail  IS-IS Level-1 LSP RT1.00-00 LSPID                 LSP Esq. Num LSP Checksum LSP Hold time      ATT/P/OL RT1.00-00           * 0x00000033   0x3CBB           1125           1/0/0   Area Address: 49.0001   NLPID:        0xCC   Hostname: RT1   IP Address: 10.0.0.1   Metric: 10         IP 10.1.1.0 255.255.255.0  Metric: 10         IP 11.1.1.0 255.255.255.0  Metric: 10         IP 192.168.1.0 255.255.255.252   Metric: 10         IP 10.0.0.1 255.255.255.255   Metric: 10         IS RT1.02   Metric: 10         IS RT1.01   Metric: 0          ES RT1
Configuring IS-IS on Routers with Unnumbered Links

IP unnumbered interfaces can be used with IS-IS without any problems. When connected interfaces are numbered, Cisco IOS Software requires that IP addresses on interfaces connected to the same link belong to the same subnet for the IS-IS adjacency to work. However, this requirement does not apply when using unnumbered interfaces on point-to-point links, either in serial or NBMA. Both sides of the point-to-point link need to be configured as unnumbered interfaces for the adjacency to be established. Figure 9-13 shows IS-IS enabled on unnumbered interfaces.

Figure 9-13. IP unnumbered configuration.

graphics/09fig13.gif

Example 9-15 shows the routing table on RT1 and RT2. Notice that each router shows the borrowed address: at the other router as the next hop of learned routes.

Example 9-15 The IP Routing Table in an Unnumbered Environment 
 RT1#  show ip route  10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks  I L2    10.0.0.2/32 [115/20] via 10.0.0.2, Serial0/0  C       10.1.1.0/24 is directly connected, Ethernet0/0 C       10.0.0.1/32 is directly connected, Loopback0      11.0.0.0/24 is subnetted, 1 subnets C       11.1.1.0 is directly connected, Ethernet0/0 RT2#  show ip route  10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C       10.0.0.2/32 is directly connected, Loopback0 i L2  10.1.1.0/24 [115/20] via 10.0.0.1, Serial0/0  C       10.2.2.0/24 is directly connected, Ethernet0/0 i L2  10.0.0.1/32 [115/20] via 10.0.0.1, Serial0/0  11.0.0.0/24 is subnetted, 1 subnets  i L2    11.1.1.0 [115/20] via 10.0.0.1, Serial0/0
IS-IS over IP Tunnels

Figure 9-14 shows the configuration of IS-IS routing over an IP tunnel. The example is simplistic because in a real scenario, the tunnel would span over a cloud of non-IS-IS routers to connect two IS-IS network segments. In this scenario, IS-IS connectivity is between RT3 and RT4 only over the IP tunnel. This configuration has no relevance to virtual links, which are not supported in current Cisco IOS releases. The show clns neighbors outputs in Example 9-16 confirm that the adjacency is formed over the tunnel. The routing tables of RT4 show IS-IS routes are being learned over the tunnel.

Figure 9-14. IS-IS over IP tunnel configuration.

graphics/09fig14.gif

Example 9-16 IP IS-IS over Tunnel Configuration 
 RT3#  show clns neighbors  System Id      Interface   SNPA                State  Holdtime  Type Protocol RT4            Tu0         192.168.2.2         Up     27        L2   IS-IS RT4#  show clns neighbors  System Id      Interface   SNPA                State  Holdtime  Type Protocol RT3            Tu0         192.168.2.1            Up     25        L2   IS-IS RT4#  show ip route  10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C       10.1.2.0/24 is directly connected, Ethernet0/0 i L2    10.1.1.0/24 [115/20] via 10.0.0.3, Tunnel0 C       10.0.0.4/32 is directly connected, Loopback0      11.0.0.0/24 is subnetted, 1 subnets i L2    11.1.1.0 [115/30] via 10.0.0.3, Tunnel0      192.168.2.0/30 is subnetted, 1 subnets C       192.168.2.0 is directly connected, Serial0/0

Authentication

ISO 10589 and RFC 1195 specify only simple plain-text passwords for authentication of IS-IS packets. A more recent RFC draft (IS-IS HMAC-MD5 Authentication, draft-ietf-isis-hmac-00.txt) proposes a mechanism for using the HMAC-MD5 authentication algorithm to provide a more sophisticated authentication scheme for IS-IS. Current Cisco IOS Software supports only the simple text-based passwords.

As mentioned in Chapter 3, "Integrated IS-IS Routing Protocol Concepts," IS-IS packets are not encapsulated in Layer 3 packets (IP or CLNP) as is the case of other IP routing protocols. Encapsulation over Layer 2 provides IS-IS some security advantages, in that the IS-IS process cannot be inundated by IP attacks from remote. It would require physical access to the IS-IS network to attempt an attack on the IS-IS processes running on the routers. This is certainly considered a security advantage.

Clear-text IS-IS authentication can be configured in the following three ways:

  • A password can be assigned to an interface for Level 1 or Level 2 authentication. By default, the password is applied to Level 1 if Level 2 is not specified. The password is inserted in all IS-IS packets, IIHs, LSPs, CSNPs, and PSNPs for the specified level. The password is configured with the interface-level command isis password <string>, where string is the clear-text password.

  • Area-level authentication can be configured with the router-level command area-password <string>. This causes insertion of the password into all Level 1 LSPs, CSNPs, and PSNPs.

  • Domain-wide authentication is enforced by inserting passwords in Level 2 LSPs, CSNPs, and PSNPs. It is enabled with the command domain-password <string>.

Example 9-17, which is based on Figure 9-15, shows a configuration example and illustrates the operation of per-interface or link authentication in IS-IS. In example 9-16, a password is configured on only one side of the serial link, on RT1. Observe how the adjacency is affected, as shown in the show clns neighbor output.

Figure 9-15. Network diagram for Examples 9-16 and 9-17.

graphics/09fig15.gif

Example 9-17 Enabling IS-IS Authentication on an Interface 
 RT1#  configure terminal  Enter configuration commands, one per line.  End with CNTL/Z. RT1(config)#int s0/0 RT1(config-if)#isis password cisco level-2 RT1(config-if)#^Z RT1#  show clns neighbor  System Id      Interface   SNPA                State  Holdtime  Type Protocol RT2               Se0/0       *HDLC*            Up     278            IS   ES-IS RT2#  show clns neighbor  System Id      Interface   SNPA             State   Holdtime     Type Protocol RT1            Se0/0       *HDLC*           Init    21           L2   IS-IS

The outputs of the show clns neighbor command display the adjacency status on both routers after the password is configured on only RT1, with no matching password on router RT2. This information indicates that RT1 completely ignores the IIHs of RT2 because they could not be authenticated. RT1, however, still discovers ES-IS adjacency with RT2 by means of ISHs exchanged between them. On the other hand, RT2 is not configured for authentication, so it accepts and processes the IIHs from RT1 and then moves the status of the adjacency to Init. The adjacency remains in Init state because RT2 never receives an IIH from RT1 recognizing RT2 as an IS neighbor, to complete the three-way adjacency formation process.

The following output of debug isis adj-packets on RT1 demonstrates the authentication process between RT1 and RT2 (see Example 9-18). Configuring a password on RT2 to match the password on RT1 results in successful authentication and subsequent completion of the three-way handshake process.

Example 9-18 Debugging Authentication Failures 
 RT1#  debug isis adj-packets  *Apr 23 04:25:36: ISIS-Adj: Rec serial IIH from *HDLC* (Serial0/0), cir type L1L2, cir id 00, length 1499 *Apr 23 04:25:36: ISIS-Adj: Authentication failed *Apr 23 04:25:42: ISIS-Adj: Sending serial IIH on Serial0/0, length 1499 *Apr 23 04:25:46: ISIS-Adj: Rec serial IIH from *HDLC* (Serial0/0), cir type L1L2, cir id 00, length 1499 *Apr 23 04:25:46: ISIS-Adj: Authentication failed *Apr 23 04:25:50: ISIS-Adj: Sending serial IIH on Serial0/0, length 1499 . RT2#  conf t  Enter configuration commands, one per line.  End with CNTL/Z. RT2(config)#int s0/0 RT2(config-if)#isis password cisco RT2(config-if)#^Z RT2#  show clns neighbor  System Id      Interface   SNPA                State  Holdtime  Type Protocol RT1               Se0/0       *HDLC*             Up     21             L2   IS-IS

Domain-Wide Prefix Distribution (L2 to L1 Route Leaking)

RFC 2966 specifies a mechanism for domain-wide prefix distribution in an IS-IS network, effectively removing the stub-only capability specified by ISO 10589 for Level 1 areas. This feature is available in current Cisco IOS Software and it is known as IS-IS route leaking. The objective of route leaking is to enable interarea routes to be leaked into IS-IS Level 1 areas so that Level 1 routers have more information to make optimal interarea routing decisions. Without distributing interarea routes into Level 1, IS-IS areas function as stubs, and Level 1 routers forward traffic to destinations in other areas through the nearest Level 1-2 router. The Cisco IOS configuration for route leaking uses the router-level redistribute command with a newly defined option.

No special TLVs are required to advertise interarea routes from Level 2 into Level 1. The capability just allows Level 2 routes carried in TLVs 128, 130, and 135 to be injected into the various Level 1 areas in the domain. RFC 2966 specifies a procedure to prevent route feedback, which ensures that routes advertised into Level 1 from Level 2 are not advertised back into Level 2. TLV 135 features a dedicated up/down (U/D) bit (see Figure 9-16), which is set when a route is advertised from Level 2 into Level 1. RFC 2966 proposes using bit 8 in the default metric field of TLV 128 and 130 as the up/down bit to protect against routing loops when route leaking is enabled. Prefixes with the U/D bit set are never propagated from Level 1 to Level 2.

Figure 9-16. Up/Down (U/D) bit in IP reachability TLVs.

graphics/09fig16.gif

Because Cisco IOS Software sets bit 8 for external metrics when routes for external sources are advertised into IS-IS, using the same bit for route leaking might result in conflicting situations. Also note that only IS-IS routes that are Level 2 routes in the routing table are "leaked" into Level 1. Remember the following when configuring route leaking in Cisco-based IS-IS environments:

  • Use wide metrics by configuring metric-style wide under the IS-IS router process. This allows TLV 135 to be used for carrying IP reachability information. TLV 135 has a dedicated up/down (U/D) bit.

  • Do not enable the external metric type when redistributing routes from external sources into ISIS.

The following two different command-line syntaxes are supported in Cisco IOS Software for configuring route leaking. The second variant of the command is deprecated:

  • 12.1, 12.0S, and 12.0ST Releases:

    redistribute isis ip level-2 into level-1 distribute-list <acl>

  • 12.0S and 12.0ST Releases:

    advertise ip L2-into-L1 <acl>

Also, the IP prefixes need to be present in the routing table as the IS-IS Level 2 route for them to be advertised into Level 1.

In the example shown in Figure 9-17, RT2 advertises 12.1.1.0/24 to RT1 through Level 2. As depicted in the configuration shown in Example 9-19, RT1 then summarizes 12.1.1.0/24 into 12.0.0.0/8 and then "leaks" it into Level 1. The route is advertised into Level 1 by adding the summary prefix to the locally generated Level 1 LSP and flooding it into area 49.0001. Example 9-19 also shows the Level 1 LSP of RT1 displayed in detail from RT5.

Figure 9-17. Diagram for the Level 2 to Level 1 route leaking example.

graphics/09fig17.gif

Example 9-19 Route Leaking Example 
 RT1# interface Ethernet0/0  ip address 11.1.1.1 255.255.255.0  ip router isis ! interface Serial0/0  ip address 192.168.1.1 255.255.255.252  ip router isis ! router isis  summary-address 12.0.0.0 255.0.0.0 level-  1  redistribute isis ip level-2 into level-  1  net 49.0001.0000.0000.0001.00 RT5  #show isis data level-1 detail RT1.00-00  IS-IS Level-1 LSP RT1.00-00 LSPID                 LSP Seq Num  LSP Checksum   LSP Holdtime      ATT/P/OL RT1.00-00           0x000000F7     0xF8AA         518               1/0/0   Area Address: 49.0001   NLPID:        0xCC   Hostname: RT1   IP Address:   10.1.1.1   Metric: 10         IS RT1.02   Metric: 10         IS RT1.01   Metric: 10         IS RT5.00   Metric: 10         IP 10.1.1.1 255.255.255.255   Metric: 10         IP 11.1.1.0 255.255.255.0   Metric: 10         IP 192.168.1.0 255.255.255.252  Metric: 20         IP-Interarea  12.0.0.0 255.0.0.0

Multi-Area Configuration

Prior to the availability of IS-IS multi-area capability in Cisco IOS releases, each IS-IS router could be in only a single area (even when configured with multiple area IDs for multihoming). As mentioned in Chapter 4, "Addressing in Integrated IS-IS," in multihoming scenarios, the multiple areas configured are effectively merged into a single area; also, only one IS-IS process can be configured per router.

Multi-area support allows a single router to participate in up to 29 independent Level 1 areas with one of them doubling as Level 2 if necessary. The feature is designed primarily for telecommunications management networks that use IS-IS for routing. IS-IS multi-area support provides the flexibility to have one router support multiple areas in the management network in a cost-effective manner.

In essence, this feature allows up to 29 IS-IS processes to be configured on a single router, one of which can be Level 1-2 and the remainder only Level 1. Note, however, the following restrictions:

  • Only one of the processes can support Level 2 interarea routing.

  • Each interface cannot be in more than one area (Level 1). Subinterfaces are treated the same as regular interfaces.

  • Separate areas in the same router must have unique area IDs, and individual routers in an area must have unique system IDs.

  • Redistribution between processes is not allowed; however, external routing sources can be redistributed into each area independently.

  • IS-IS multihoming can be used to merge multiple areas by sharing the area IDs of the areas being merged under each participating IS-IS process.

Figure 9-18 shows a multi-area scenario. In the corresponding Cisco IOS configuration output for RT1 shown in Example 9-20, three processes are running, tagged Core (Level 1-2), Access-2 (Level 1), and Access-3 (Level 1). Each process has a different area ID in its NSAP address, but they all share the same system ID (0000.0000.0001). The multi-area functionality is borrowed from the OSPF protocol and presents significant advantages for efficient network design. For more information, see the Introduction and Configuration Guide on IS-IS multi-area support.

Figure 9-18. Diagram for the multi-area configuration example.

graphics/09fig18.gif

Example 9-20 Multi-Area Configuration Example 
 RT1# interface Serial1/0  ip address 192.169.1.1 255.255.255.0  ip router isis Core interface Ethernet0/0  ip address 11.1.2.1 255.255.255.0  ip router isis Access-2  interface Ethernet0/1  ip address 11.1.3.1 255.255.255.0  ip router isis Access-3 router isis CORE  net 49.0001.0000.0000.0001.00 ! router isis Access-2  net 49.0002.0000.0000.0001.00  is-type level-1 ! router isis Access-3  net 49.0003.0000.0000.0001.00  is-type level-1

Previous page
Table of content
Next page
IS-IS Network Design Solutions
IS-IS Network Design Solutions (Networking Technology)
ISBN: 1578702208
EAN: 2147483647
Year: 2005
Pages: 144
Authors: Abe Martey
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Software Configuration Management
An Introduction to Design Patterns in C++ with Qt 4
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Extending and Embedding PHP
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy