Section 4.2. The Hello Protocol

4.2. The Hello Protocol

When the OSPF or IS-IS protocol process starts on a router, neighbors must be discovered and adjacencies established. Both protocols send and listen for Hello messages to discover neighbors. Functionally, the Hello protocol is the same for both OSPF and IS-IS; they differ only in the details. As you learned in Chapter 3, the Hello protocol performs several functions:

• It discovers neighboring OSPF or IS-IS routers.

• It performs three-way handshaking to ensure bidirectional communication between the neighbors.

• It communicates information necessary for establishing whether an adjacency can be formed with a neighboring router.

• After an adjacency is formed, it serves as a keepalive mechanism to detect failed neighbors or adjacencies.

The Hello protocol also performs other functions such as the discovery and election of Designated Routers. The remainder of this chapter examines the similarities and differences in how OSPF and IS-IS implement the Hello protocol and defines functions that rely on the protocol such as the designated router function.

4.2.1. OSPF Hello Protocol Basics

Figure 4.9 diagrams the OSPF Hello message.

• Network Mask is a 32-bit field that identifies, in 1s, the prefix length of the subnet on which the message is sent. For example, if the Hello is sent on subnet 192.168.18.0/24, the value of the Network Mask field is 0xffffff00 (24 ones, specifying a 24-bit prefix length). If the subnet is 10.1.0.0/16, the Network Mask field is 0xffff0000, and so on.

• Hello Interval specifies, in seconds, the interval at which the originating router sends Hellos. RFC 2328 does not specify a default Hello interval, but it suggests a value of 10 seconds for LANs and 30 seconds for nonbroadcast networks such as X.25. Both Cisco Systems and Juniper Networks use the suggested default of 10 seconds for broadcast networks. However, the default for nonbroadcast networks varies: Cisco uses 30 seconds, whereas Juniper uses 120 seconds. The reason for the longer intervals on non-broadcast networks is an artifact of the days when it could be assumed that the links associated with such networks had less bandwidth to spare for Hello traffic.

• Options specifies any optional capabilities the originating OSPF router might have. The Options field is described in Section 4.3.

• Router Priority is used by the Designated Router election process.

• RouterDeadInterval specifies the time that the originating router's neighbors should wait for a Hello before declaring it dead. As with the Hello interval, RFC 2328 does not specify a default value but suggests a value of four times the Hello interval. Both Cisco Systems and Juniper Networks use that suggested default.

• Designated Router and Backup Designated Router are, like the Router Priority, used in the Designated Router election and maintenance mechanism. This mechanism is described in Section 4.4.

• Neighbor lists the RIDs of the OSPF neighbors the originating router has received Hellos from on the subnet. This list is used in the three-way handshaking process before an OSPF adjacency is established.

When an OSPF router receives a Hello from an OSPF neighbor, it stores the information contained in the Hello in a neighbor database. The first output in Figure 4.10 displays one such database. As you can see from the first display, the router has three neighbors. The second output in Figure 4.10 displays the information from the neighbor whose RID is 192.168.254.2. In this second display, you can observe all the information learned from that neighbor's Hellos: the Priority, the remaining time before the advertised Router Dead Interval expires, the RID and AID from the packet header, the value of the Options field, and the addresses of the Designated Router and Backup Designated Router. Chapter 6 details the neighbor database, along with the various neighbor states.

[View full width]
jeff@Juniper5> show ospf neighbor   Address         Interface          State      ID                Pri  Dead 192.168.3.1      fe-0/0/3.0          Full      192 .168.254.6     128   34 192.168.1.1      fe-0/0/1.0          Full      192 .168.254.2     128   39 192.168.2.1      fe-0/0/2.0          Full      192 .168.254.4     128   39 jeff@Juniper5> show ospf neighbor 192.168.254.2  extensive   Address         Interface          State      ID                Pri  Dead 192.168.1.1      fe-0/0/1.0          Full      192 .168.254.2     128   37   area 0.0.0.2, opt 0x42, DR 192.168.1.1, BDR 192 .168.1.2   Up 5w3d 02:09:26, adjacent 5w3d 02:09:26 

4.2.2. IS-IS Hello Protocol Basics

Unlike OSPF, which uses a single form of Hello message, IS-IS has three. First, a different form of Hello is used depending on whether it is being originated on a point-to-point (non-broadcast) link or a LAN (broadcast) link. On LAN links, the type of Hello varies depending upon whether a potential neighbor is in the same area (level 1) or in a different area (level 2). Which type of Hello is sent on a particular LAN link depends on the configuration of the router interface connecting to the link. The interface can be configured as L1-only, in which case Level 1 LAN Hellos are sent, or as L2-only, in which case Level 2 LAN Hellos are sent. A LAN interface can also be both L1 and L2, in which case both types of Hellos are sent. The reason for this is that a router might find multiple neighbors on a single broadcast link. Some of the neighbors might have the same area ID, in which case an L1 adjacency will be established. Other neighbors might have different area IDs, in which case L2 adjacencies will be established. Point-to-point links have, by definition, only a single neighbor, so there will only be an L1 or L2 adjacency or, at most, one L1 and one L2 adjacency. An interface connecting to a point-to-point link should be configured accordingly. A single Point-to-Point Hello is used for both L1 and L2 adjacencies.

Figure 4.11 shows the format of the IS-IS LAN Hello. Note that the Type field in the header indicates whether the LAN Hello is level 1 or level 2. L1 LAN Hellos are type 15 (0x0f), and L2 LAN Hellos are type 16 (0x10).

• Circuit Type is a 2-bit field indicating the types of adjacencies the originating router will accept. Table 4.1 lists the meanings of the circuit type values. The 6 bits preceding the Circuit Type field are reserved and are always set to 0. Receiving routers ignore these 6 bits.

  Table 4.1. Circuit Type Values

  Value[*]	Circuit Type
  0	Reserved value. If set to this value, the entire PDU is ignored.
  1	Level 1 only.
  2	Level 2 only.
  3	Both L1 and L2. (Originator is a level 2 intermediate system and will use this link for both L1 and L2 adjacencies.)

  
  

  ^[*] A Level 1 LAN Hello must have a circuit type value of either 1 or 3. A Level 2 LAN Hello must have a circuit type value of either 2 or 3.

The values shown in Table 4.1 have some interesting implications. The first is that a router sending L2 LAN Hellos can establish both L1 and L2 adjacencies. The second is that two L2-only neighbors with the same AID (and therefore in the same area) can establish an L2 adjacency, so that only L2 information is exchanged. Chapter 7 discusses these capabilities in the context of IS-IS area design.

• Source ID is the 6-bit SysID of the originating router.

• Holding Timer specifies the maximum time a neighbor should wait for another Hello before declaring the originator dead. While the Holding Timer is functionally the same as the OSPF Router Dead Interval, you can see in Figure 4.11 that there is no equivalent field to the OSPF Hello interval. This is an indication that IS-IS is more flexible in its handling of Hello intervals than OSPF, a fact that is discussed more fully later in Section 4.3. Hello intervals are configured on the IS-IS router, but a neighbor does not really need to know this periodit only needs to know the maximum time it should wait for a subsequent Hello. Typically, the holding timer defaults to three times the configured or default Hello interval, but it can be configured separately.

• PDU Length specifies the length of the Hello PDU in bytes, including the header. This field is important because the TLVs included in the PDU are variable.

• Priority is a 7-bit value used in the election of a designated router, as discussed in Section 4.4. Functionally, it is the same as the Router Priority field in the OSPF Hello. The bit immediately preceding the Priority field is reserved and always set to 0, and is ignored by receiving routers.

• LAN ID is a 7-octet field consisting of the 6-byte SysID of the designated router on the broadcast network, plus an additional 1-byte identifier assigned by the designated router. Section 4.4 discusses the use of the LAN ID.

Figure 4.12 shows the format of the IS-IS Point-to-Point Hello (type 17, or 0x11, in the Type field). The Hello looks very similar to the LAN Hello, with just two exceptions:

• There is no Priority field as in the LAN Hello, because designated routers are not elected on point-to-point links.

• Rather than the 7-byte LAN ID field, there is a 1-byte Local Circuit ID field, which carries the ID by which the circuit is known by the routers at each end. Each router assigns a Local Circuit ID, unique among the router's interfaces, to the link. The Local Circuit ID assigned by the router with the lowest source ID becomes the ID by which the circuit is known by both routers.

4.2.2.1. TLVs

Following the common fields in the IS-IS Hello PDUs are several possible TLVs. The TLVs that can be included in the Hello PDUs, and their type numbers, are:

• Area Addresses TLV (type 1)

• Intermediate System Neighbors TLV (type 6)

• Protocols Supported TLV (type 129)

• IP Interface Address TLV (type 132)

• Authentication Information TLV (type 10)

• Padding TLV (type 8)

The LAN Hello PDU can carry any or all of these TLVs, and the Point-to-Point Hello can carry any of them with the exception of the IS Neighbors TLV. Two of the TLVs, Protocols Supported and IP Interface Address, are IP extensions to IS-IS and are described in RFC 1195. The others are standard IS-IS TLVs described in the original specifications. A few other TLVs might also appear in IS-IS Hellos; they are discussed later in this book in relevant chapters on extensions to the protocol.

The Area Addresses TLV, shown in Figure 4.13, contains in its Variable part a list of AIDs configured on the originating router that must be advertised to neighbors. The fact that more than one AID can be listed in this TLV tells you that an IS-IS router can be configured with more than one AID. The multiple AID capability of IS-IS can be used for smoothly changing AIDs during a network transition. Chapter 7 discusses the use of multiple AIDs.

The Intermediate System Neighbors TLV, in Figure 4.14, lists neighbors on the link, by the MAC addresses of their attached interfacesor subnetwork points of attachment (SNPAs), in IS-IS language. In this function, the IS Neighbors TLV serves something of the same purpose as the Neighbor list in the OSPF Hello, to create a three-way handshake for verifying bidirectional communication. For an originating router to include a neighbor's MAC address in this TLV, the originator must have received a LAN Hello from the neighbor during the last holding time. In that case, the state of the adjacency to the neighbor will be either "Up" or "Initializing." (See Section 4.4 for more details.) Level 1 LAN Hellos list L1 neighbors and level 2 LAN Hellos list L2 neighbors. Point-to-Point Hellos do not carry this TLV, which means some other mechanism must be used for three-way handshaking. Section 4.4 discusses the other means.

The Protocols Supported TLV, shown in Figure 4.15, specifies, as the name implies, which protocols the originating router supports. It lists one or more Network Layer Protocol Identifiers (NLPIDs), which are defined in ISO/TR 9577 and in several extension documents. Because IS-IS originally was designed to route just CLNP, this TLV was added when the protocol was extended to support IP. With it, the originator can advertise whether it supports

CLNP only, IPv4 only, or both. With the subsequent extension of IS-IS to support IPv6, as described in Chapter 13, that protocol also is listed in the Protocols Supported TLV when the originator uses IS-IS to route IPv6. The NLPID of IPv4 is 129 (ox81), and the NLPID of IPv6 is 142 (0x8e).

The IP Interface Address TLV, in Figure 4.16, lists all the IP addresses of the interface from which the Hello was originated. Although in most cases an interface will have only one address, it is possible to configure multiple IP addresses on an interface. Because the length field of the TLV, which specifies the byte length of the value field, is 1 byte, and because each listed IP address is 4 bytes long, the maximum number of IP addresses that can be listed in the TLV is 63.

The Authentication Information TLV carries information to be used when the router is configured to authenticate PDUs to and from its IS-IS neighbors. This TLV is illustrated in Chapter 9, which discusses protocol security.

After two neighbors have discovered each other, one of the parameters they must verify before they can become adjacent is that the maximum transmission units (MTUs)^[2] of their two interfaces are compatible. For example, if one interface has an MTU of 1000 bytes and the other 1500 bytes, the router with the 1500-byte MTU might send routing messages larger than the router with the smaller MTU can receive. The result would be dropped messages, lost information, and probably broken adjacencies. So, there must be a way for two neighbors to verify that their MTUs are compatible before forming an adjacency. OSPF routers advertise their interface MTUs in their Database Description messages, as described in Chapter 5, and refuse adjacencies unless the MTU values of the two neighbors match. IS-IS tests the link MTU between neighbors by padding their Hello packets out to a maximally acceptable size, using Padding TLVs (Figure 4.17).

^[2] In another disconnect between IETF and ISO terminology, ISO 10589 calls the MTU the dataLinkBlocksize. This book uses MTU whether talking about OSPF or IS-IS, because it is the more well-known term.

The value of the Padding TLV consists of some quantity of 0s, which are ignored by receiving routers. The only purpose of the TLV is to increase the size of the PDU containing it. ISO 10589 specifies that IS-IS routers must be capable of receiving PDUs of at least 1492 bytes in lengtha value it calls ReceiveLSPBufferSize. When a router sends Hellos, it uses the Padding TLV to increase the size of the Hello PDU either to this size, or to the MTU of the connecting link, whichever is greater. As a result, if the neighboring router has a lower interface MTU, it drops the padded Hellos, and an adjacency is never established.

Because of the 1-byte length field in the TLV, the maximum size of the value field is 255. Because of this, IS-IS routers will add multiple Padding TLVs to their Hellos to reach the needed size. Also note that padded Hellos are needed only when an adjacency is first being negotiated. After it is established, continuing to pad the Hellos between adjacent neighbors is just a waste of bandwidth. As a result, smart IS-IS implementations pad only the first few Hellos. When the adjacency is established, padding is discontinued.

Figure 4.18 shows an IS-IS neighbor table, functionally analogous to the OSPF neighbor table shown in Figure 4.10. The first display shows that the router has three IS-IS neighbors.

[View full width]
jeff@Juniper5> show isis adjacency Interface          System         L State   Hold (secs)     SNPA fe-0/0/1.0         Juniper2       1 Up         25        0:90:27:9d:f2:69 fe-0/0/2.0         Juniper4       1 Up         24        0:90:27:5b:87:f8 fe-0/0/3.0         Juniper6       2 Up         20        0:90:27:9f:34:2d jeff@Juniper5> show isis adjacency Juniper2 extensive Juniper2  Interface: fe-0/0/1.0, Level: 1, State: Up,  Expires in 22 secs  Priority: 64, Up/Down transitions: 1, Last  transition: 8w0d 14:29:16            ago   Circuit type: 1, Speaks: IP, IPv6, MAC address:  0:90:27:9d:f2:69   Topologies: Unicast   Restart capable: No   LAN id: Juniper5.02, IP addresses: 192.168.1.1   Transition log:   When                  State        Reason Tue Mar  8 23:13:25   Up           Seenself 

The second display focuses on one of those neighbors, and you can observe information learned from the neighbor's Hellos:

• The adjacency is L1.

• The Holding Timer expires in 22 seconds.

• The Priority is 64.

• The Circuit Type is 1 (level 1 only).

• The protocols supported are IPv4 and IPv6.

• The MAC address learned from the IS Neighbors TLV is 0:90:27:9d:f2:69.

• The LAN ID is "Juniper5.02."

• The neighbor's interface IP address, learned from the IP Interface Address TLV, is 192.168.1.1.

4.2.3. IS-IS Dynamic Hostname Exchange

A perhaps surprising detail in Figure 4.18 is that where you would expect a SysID to be displayedunder the System heading in the first output and as the first part of the LAN ID in the second outputthere is instead a host name. This is the result of an extension to ISIS called the Dynamic Hostname Exchange Mechanism, described in RFC 2763. The RFC defines a new TLV, called the Dynamic Hostname TLV (type 137), which a router can add to its LSPs. The value field of the TLV contains an ASCII text name of the router, which is usually just the configured host name of the router. When other routers in the IS-IS domain receive the LSP, they can map the name contained in the TLV with the SysID of the originating router, and store the information in a host name mapping table.

Figure 4.19 shows a host name mapping table taken from the same router as the display in Figure 4.18. You can see that this router contains five SysID-to-name mappings, including its own (indicated as a static, rather than dynamic, mapping). The advantages for network operations, maintenance, and troubleshooting of having an easily understood name in the place of cryptic hex-based SysIDs in displays such as the one in Figure 4.18 are readily apparent.

[View full width]
jeff@Juniper5> show isis hostname IS-IS hostname database: System ID      Hostname                                   Type 0192.0168.0002 Juniper2                                   Dynamic 0192.0168.0004 Juniper4                                   Dynamic 0192.0168.0005 Juniper5                                   Static 0192.0168.0006 Juniper6                                   Dynamic 0192.0168.0007 Juniper7                                   Dynamic 

4.2.4. OSPF Domain Name Lookup

Some OSPF implementations support a feature similar to IS-IS Dynamic Host Name Lookup. Although the benefits are the sameproviding names rather than addresses in OSPF displays to simplify activitiesthe feature operates very differently. Instead of carrying configured names as ASCII text in messages, the router attempts to resolve the IP addresses of OSPF displays in DNS. If you have entered all loopback addresses, RIDs, and interface addresses in your local DNS, this utility can show these by name instead of numerically. However, there is no IETF extension of OSPF to support this feature, as there is for IS-IS dynamic host names. Rather, if it is supported it is a feature added by an implementer.

A potential liability of this OSPF feature, when it is supported, is that the DNS lookup is independent of OSPF itself and dependent upon the availability of a DNS server. So if a name cannot be resolved quickly, or the DNS server becomes unavailable, your router might become slow to respond to requests for OSPF displays as it waits for DNS. The very time you most need OSPF information displays from a routerduring network outagesis also a time that a DNS server is likely to become unavailable. This scenario should be a consideration in whether to use the utility. In most cases, the day-to-day usefulness of OSPF name lookups outweighs possible problems with it. And, if the feature should create problems for you, DNS name lookups can be easily disabled on the router until the DNS server is again available.