introduction to intermediate system-to-intermediate systen protocol

8/9/2019 Introduction to Intermediate System-To-Intermediate Systen Protocol

http://slidepdf.com/reader/full/introduction-to-intermediate-system-to-intermediate-systen-protocol 1/25

Cisco Systems, Inc.All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

of 25

Overview

Introduction to IntermediateSystem-to-Intermediate System Protocol

In recent years, the IS-IS routing protocol

has become increasingly popular, w ith

w idespread usage among Service Providers.

It is a link state protocol, w hich enables

very fast convergencew ith large scalability.

It is also a very exible protocol a nd ha s

been extended to incorporate leading edge

features such as MPLS Trafc Engineering.

The IS-IS routing protocol is a link-state

protocol, as o pposed to distance-vector

protocols such as Interior Ga tewa y Routing

Protocol (IG RP) and Routing Information

Protocol (RIP). Link-state offers several

adva ntages over d istance-vector protocols.

It is faster converging, supportsmuch larger

internetw orks, a nd is less susceptible to

routing loops. Features of IS-IS include:

• Hiera rch ica l rout ing• Classless behavior

• Rapid ooding of new information

• Fast Convergence

• Ver y sca la ble

• Flexible t imer tuning

• Cisco IOSimplementationof multi -area

routing

• Cisco IOS implementation of

route-leaking

• Cisco IOS implementation of

overload-bit

Intermediate System-to-Intermediate

System (IS-IS) Protocol is an intradomain

Open System Interconnection (OSI)

dyna mic routing protocol specied

in International Organization for

Standa rdization (ISO) 10589. The

protocol is designed to operate in OSI

C onnectio nless Netw ork Service (CLN S).

Data is carried using the protocol specied

in ISO 8473.

A tw o-level hierar chy is used to support

largerout ing domains. A largedomain maybe administratively divided into areas. Each

system resides in exactly one area. 1 Routing

w ithin an a rea is referred to as Level 1

routing. R outing betw een a reas is referred

to as Level 2 routing. A Level 2

Intermediate System (IS) keeps track of the

paths to destination areas. A Level 1 IS

keeps track of the routing w ithin its own

area. For a packet destined for ano ther

area, a Level 1 IS sends the packet to the

nearest Level 2 IS in itsow n area, regardlessof w hat the destination area is. Then the

packet travels via Level 2 routing t o the

destination a rea, w here it may t ravel via

Level 1 routing to the destination. It should

beno ted tha t selec ting an ex it f rom an area

based on Level 1 routing to theclosest Level

2 IS might result in suboptimal routing. 2

1. Multiarea support per Intermediate System wasintroduced in later implementations of IS-IS toaccommoda te OSI telecommunications mana gementnetworks needs, but this functiona lity is generally notuseful for IP netwo rk design.2. A new extension proposed in D omain-W ide Prex D istribution with Mult i-Level IS-IS [RFC 2966], allowsrouting informat ion ava ilable at Level 2 to be leakedinto a stub area relying on Level 1 routing. Thismechanism addresses thesuboptimalrouting problem inan Integrated IS-IS environment at the expense ofscalability. However, it does not apply to a CLNSenvironment.




of 25

On broa dcast multiaccess media (LAN), a D esignated Intermediate System (DIS) is elected and w ill conduct the

ooding over themedia. The DIS isanalogousto thedesignated router in Open Shortest Path First (OSPF) Protocol,

even though the details including election process and adjacencies within a multiaccessmedia differ signicantly.The

DIS is elected by priority. The highest priority becomes the DIS. Thisis congurable on an interfacebasis. In the case

of a tie, the router with the highest SNPA (M AC) address will become the DIS.

CLNS

OSI C LNS is a netwo rk layer service similar to bare IP service. A CLNS entity com municates over C onnectionless

Netw ork Proto col (CLN P) with its peer CLNS entity.

In the O SI architecture there are “ systems” : R outers are ISs, a nd ho sts are End Systems (ESs).

ESs themselves have no routing information; they discover ISs (routers) by listening to Intermediate System Hellos

(ISHs)and sending trafc to any random router. ESs send End System Hellos(ESHs); they do not choose a designated

router to hand le all traf c, and o ptimal routing is accomplished via redirects.

ISs discover ESs by listening to ESHs, and ISs send ISHs to ESs.

There is no AddressR esolution Protocol (ARP), Internet Control Message Protocol (ICMP) or Interdomain Routing

Protocol (IDRP) for CLNS, but End System-to-Intermediate System (ES-IS) Protocol provides the same kind of

reporting functions for ISs and ESs. The ES-IS Protocol is dened in ISO 9542.

IS-ISis an Interior Gateway Protocol (IGP)for rout ing OSI. IS-ISpackets are not encapsulated in CLNS or IP but are

encapsulated directly in the data-link layer. The IS-IS protocol family is OSI, and values such as 0xFE and 0xFEFE

are used by t he data -link protoco l to identify the Layer 3 protocol as O SI.

Tab le 1 show s a basic compa rison of IP a nd O SI services.

Table 1 Comparing IP and OSI Services

Basic connectionless service:IP (RFC 791) CLNS (ISO 8473)

Neighbor greeting and errorReports to source about packet delivery:ICMP (RFC 792)ARP (RFC 826), IRDP (RFC 1256)

CLNP (ISO 8743)ES-IS (ISO 9542)

Routing:Integrated IS-IS (RFC 1195)Participants are routers and hosts

IS-IS (ISO 10589)Participants are ISs and ESs

IP autonomous system ISO routing domain

Interior Gateway Protocol (IGP) Intradomain Routing Protocol

Exterior Gateway Protocol (EGP)Border Gateway Protocol (BGP) for IP (RFC 1105)Static IP routes

Interdomain Routing Protocol (IDRP)ISO IDRP (proposal)Static CLNS routes




of 25

Integrated or Dual IS-IS

The IS-IS Routing Protocol may be used as an IGP to support IP as well as OSI. This al lows a single rout ing protocolto be used to support pure IP environments, pure OSI environments, and dual environments. Integrated IS-IS is

deployed extensively in an IP-only environment in the top-tier Internet service provider (ISP) networks. The IS-IS

w orking g roup o f the Internet Engineering Task Force (IETF) developed the speci cat ion fo r Integra ted IS-IS

(RFC 1195).

Two primary methods are avail ab le fo r rou ting protoco ls to suppor t dua l OSI and IP rou ters. One method , known

as “ Ships in theNight,” makes use of completely independent rout ing protocols for each of the two protocol suites.

This speci cation presents an a lternative approach, w hich makes use of a single integrated protoco l for interior

routing (that is, for calculating routes within a routing do main) for both prot ocol suites.

By supporting both IP and OSI tra f c, this integrated protocol design supports traf c to IP hosts, OSI end systems,

and dual end systems. The IS-IS Protocol can be used to support pure-IP environments, pure-OSI environments, and

dual environments. IS-IS al lows the interconnection of dual (IP and OSI) rout ing domains with other dual domains,

with IP-only domains, and with OSI-only domains.

IS-IS Operations

From a high level, IS-IS operates as follow s:

• Routers running IS-IS will send hel lo packets out al l IS-IS-enabled interfaces to discover neighbors and establish

adjacencies.

• Routers sharing a common data link wi ll become IS-IS neighbors if thei r hello packet s conta in in fo rmation tha t

meets the criteria for forming an adjacency. The criteria differ slightly depending on the typeof media being used

(p2p or broadcast). The main criteria are matching authentication, IS-type and MTU size).

• Routers may build a link-state packet (LSP) based upon their local interfaces that a re con gured for IS-IS andprexes learned fro m ot her adjacent routers.

• G enerally, routers o od LSPs to all adjacent neighbors except the neighbor from which they received the same

LSP. H ow ever, there are different forms of o oding and also a number of scenarios in w hich the ooding

operation ma y differ.

• All routers will construct their link-state database from these LSPs.

• A shortest-path tree (SPT) is calculated by each IS, and f rom this SPT the routing table is built.

IS-IS Data-Flow Diagram

In IS-IS, routers may have adjacencies with other routers on point-to-point links. In a LAN environment, routers

report their adjacencies to a D esignated Intermediate System (DIS), w hich generates an add itional LSP, commo nly

known as thepseudonodeLSP. The DIS isresponsible for conducting ooding over the LAN and also for maintaining

synchronization.

The ow of informatio n w ithin the IS-IS routing function is represented by the IS-IS data -ow diagra m (Figure 1),

which consists of four processes and a Routing Information Base (RIB). The RIB consists of the l ink-state database

and t he forw arding d ata base. The four processes in the IS-IS data -o w diagra m are: receive, update, decision ,

and forward.




of 25

Figure1 IS-IS Data-Flow Diagram

The receive process isthe entry point for all data, including user data, error reports, routing information, and control

packets. It passes user data and error reports to the forw ard process and passes routing information a nd control

packets (hellos, LSPs, and sequence number packets) to the update process.The update process generates local link information tha t is ood ed to a djacent routers; in add ition, the update

process receives, processes, and forwards link information received from adjacent routers. This process manages the

Level 1 a nd Level 2 link-state da tab ases and ood s Level 1 and Level 2 LSPs throughout a n area.

Each LSP that resides in the link-state database has a remaining lifetime, a checksum, and a sequence number.

The LSP remaining lifetime counts down from 1200 seconds (20 minutes)to 0. The LSP originator must periodically

refresh i ts LSPs to prevent theremaining l ifet ime from reaching 0. The refresh interval is15 minutes, with a random

jitter of up to 25 percent. If the remaining lifetime reaches 0, the expired LSP will be kept in the database for an

additional 60 seconds (known as ZeroAgeLifetime) before it is purged.

If a router receives an LSP w ith an incorrect checksum, the router w ill cause a purge of the LSP by setting the

remaining lifetime value to 0, removing the bod y a nd reo oding it. This triggers the LSP originator to send a new LSP. This behavior is different from that of OSPF, where only the originating router can purge an LSP. IS-IS can be

con gured so that LSPs w ith incorrect checksums are not purged, but the router that o riginated the LSP will not

know that the LSP was not received.

The decisio n process runs shortest-path-rst (SPF) algorithm on the link-state database, and creates the forwarding

database. I t computes next-hop information and computes sets of equal-cost paths, creat ing an adjacency set that is

used fo r load bala ncing. On a Cisco router, IS-IS supports load b alancing over and up to six equa l-cost paths.

The forward process gets itsinput from the receive process and uses theforwarding database to forward data packets

tow ard their destination. It also redirects load sharing and generates error reports.

Areas and the Rou t ing Dom ainAn IS-IS rout ing domain is similar to a BGP autonomous system. A rout ing domain is a col lection of areas under an

administration t hat implements routing policies w ithin the doma in.

Backbone

IS-IS does not have a backbone area like the OSPF area 0. The IS-IS backbone is a contiguous collection of Level

2-capable routers, each of which can be in a different area (Figure 2).

Input

Update

Decision Output

Forward

Link-State Database

Forwarding Database

Routing Information BaseRECEIVER




of 25

Figure 4 IS-IS Areas: Area Borders Are on Links Between Routers

IS-IS has a two-level hierarchy. Contiguous Level 2-capable routers form the backbone. Both Level 2 and Level 1

routers live in a reas. R outers ca n be Level 1 (L1), Level 2 (L2), o r bo th (L1/L2). Within C isco IO S ® Software, the

defaul t congurat ion isboth Level 1 and Level 2 at thesame timew hich al lows an IS-ISnetwork to run with minimal

conguration in a plug-and-play fashion. Level 2-capable routers connect all areas within a routing domain. Level 2

routers ad vertise their ow n area ad dresses (NSAP) to t he other Level 2 routers in the backbo ne. All Level 1 rout ers

and ho sts in an a rea must have an NSAP with the same area ad dress.

Level 1 Router

A Level 1 router knows thetopology only of i ts own area and has Level 1 or Level1/Level2 neighbors in th is area. I t

has a Level 1 link-state da taba se with a ll the information for intra -area ro uting. It uses the closest Level 2-capablerouter in its ow n area to send packets out of the area, a scenario tha t may result in suboptimal routing.

Figure 5 provides an example of sub-opt imal rout ing: The cost on al l l inks is 10. Router A (L1) in Area X will send

al l t rafc dest ined for outsideArea X to Router B (L1/L2) because Router B is the closest L1/L2 neighbor. Router B

isdirectly connected to Area Y. Router C, also L1/L2, is in Area X and isdirectly connected to Area Z. Router A will

send packet s dest ined fo r Area Z to Router B , and because Router B , Router E, and Router C arebackbone rou ters,

Router B wi ll send this packet to Router C through Router E fo r del ivery into Area Z. Themore opt imal path wou ld

be for Router A to send the packet directly to R outer C thro ugh Router D .

Figure 5 Example of Sub-opt imal Routing

Area 3 Area 1

Area 2

Area 4

L1 L1L1/L2

L1L1

L1/L2

L1L1/L2

L1 L1

L2 L2

Area 3Area Y

Router B

Router E

Area XRouter A

Router C

Router D

Area Z

L1/L2 L1/L2

L1/L2 L1/L2

L1 L1

L1/L2




of 25

This mechanism is used to inform the Level 1 router about the closest Level 2-capable router:

A Level 1 /Level 2 rou ter tha t i sa t t ached to another a rea wi ll set the “ a t tached b it” in it s Level 1 LSP; a ll the Level 1ISs in an area wi ll get a copy of thi sLSP and know where to fo rward packet s to dest ina tions out side the area . I f the

routers are running Integrated IS-IS, a defaul t IP route wil l automatically be installed in theLevel 1 routers point ing

tow ard the nearest Level 1/Level 2 router th at origina lly set the a tta ched bit in its Level 1 LSP. A Level 1/Level 2

router that is not a ttached to anot her area can also detect that a Level 2-only neighbor is attached to a nother area

and set the “ atta ched bit” on behalf of this Level 2-only neighbor.

If there is more than one point to exit the area (multiple Level 2-capable routers), the closest Level 1/Level 2 router

is selected based on the cost. If there are two equal cost paths then the traf c may loa d ba lance over the tw o pat hs.

Level 2 Router

A Level 2 router may ha ve neighbors in the same or in d ifferent a reas, and it has a Level 2 link-state da taba se with

al l information for inter-area rout ing. Level 2 routers know about other areas but will not have Level 1 information

from its own area. In the OSI world, a router must know the topology of its own area; so a Level 2 router should

not be con gured when only O SI traf c is being routed. If the traf c in an area is IP-only, all the routers can be

con gured as Level 2.

Level 1/Level 2 Router

A Level 1/Level 2 router may haveneighbors in any area. It has two link-state databases: a Level 1 link-state database

for intra-area routing and a Level 2 link-state database for inter-area routing. A Level 1/Level 2 router runs two SPFs

and may require more memory a nd processing as a result.

A Level 1/Level 2 router running Integrated IS-IS will leak all the IP subnets from Level 1 into Level 2; these subnets

can be summarized w here this is desirab le.

When designing a network (see gure 6), careshould be taken to choosethe correct setting, Level 1, Level 2, or Level

1/Level 2. When IS-IS is con gured o n a C isco ro uter, the defa ult sett ing is Level 1/Level 2.

All IS-IS areas are “ stub” areas, although with Cisco IOS Software Release12.0T, it has becomepossibleto leak Level

2 routes into Level 1, creating a sort of IS-IS not-so-stubby area.

Figure 6 A simple network running IS-IS as a routing protocol

L1

L1

L1

Area 2 Area 3

Area 4Area 1

L1

L2

L1/L2

L1/L2

L1/L2

L1/L2

L1/L2




of 25

N S A P A d d r es s e s

NSAP is the netw ork-layer ad dress for C LNS packets. An NSAP d escribes an a ttachment to a pa rticular service at

the netw ork layer of a node, similar to the combination of IP destination add ress and IP proto col number in an IP

packet. N SAP encoding a nd fo rma t are speci ed by ISO 8348/Ad2.

ISO 8348/Ad2 uses the concept o f hierar chical a ddr essing do main s. The globa l domain is th e highest level. This

global domain is subdivided into sub-domains, and each sub-domain is associated with an addressing authority that

has a unique plan for constructing NSAP a ddresses.

An NSAP ad dress (gure 7) has tw o major pa rts: the initial dom ain part (IDP) and the domain speci c part (DSP)

(Figure 7). The IDP consists of a 1-byte authority and forma t identi er (AFI) and a variable-length initial d omain

ident ier (IDI), and the DSP is a str ing of digi ts ident ify ing a part icular t ransport implementation of a specied AFI

authority. Everything to the left of the system ID can be thought of as the area ad dress of a network no de.

Figu re 7 The NSAP add res s

A netw ork entity title (NET) is an N SAP wit h an n-selector of zero. All router NETs have an n-selector of zero,

implying the netw ork layer o f the IS itself (0 means no tra nsport layer). For this reason, t he NSAP of a router is

alw ay s referred to as a N ET. The NSEL (NSAP selector) is like a TCP po rt numb er: It indica tes the transpor t lay er.

Routers are identied with NETs of 8 to 20 bytes. ISO/IEC 10589 distinguishes only three eldsin the NSAP address

forma t: a variable-length area a ddress beginning w ith a single octet, a system ID , a nd a 1-byte n-selector. C isco

implements a xed length of 6 by tes for the system ID, w hich is like the OSPF router ID .

The LSP ident ier is derived from thesystem ID (along with thepseudonodeID and LSP number). Each IS isusual ly

con gured with o ne NET and in o ne area; each system ID w ithin an area must be unique.

The big difference between NSAP style add ressing and IP style add ressing is that, in general, t here will be a single

NSAP ad dress for the entire router, w hereas wit h IP there will be one IP ad dress per interfa ce. All ISs and ESs in a

rout ing domain must have system IDs of thesamelength . All routers in an area must have thesamearea address. All

Level 2 routers must have a unique system ID domain-wide, and all Level 1 routers must have a unique system ID

area-wide. All ESs in an area w ill form an a djacency with a Level 1 router on a shared media segment if they share

the same area address. If multiple NETs are congured on the same router, they must all have the same system ID.

There are several techniques for creating unique system IDs:

• Start numbering 1, 2, 3, 4, and so on.

• Use Media Access Control (MAC) addresses.

• Co nvert and use the loopback IP ad dress: 192.168.11.1 --> 192.168.011.001--> 1921.6801.1001.

IDP DSP

AFI IDI NSELHigh Order DSP

Variable Length Area Address 6 bytes 1 byte

Used by Level 2 Routing

• An NSAP Consists of 3 Parts:Area Address, System ID, and NSAP Selector

• Total Length Between 8 and 20 BytesExample: 49.0001.0000.0000.0007.00

Used by Level 1Routing

System ID




of 25

The pract iceo f using a mod ied loopback IP address as the system ID may now be considered outdated because o f

the dynamic hostname feature. This feature uses a new Type Length Value (TLV 137) to map the router ’s hostname

to the system ID.

Three NSAP formats are i llustrated in Figure 8. The rst isa simple 8-octet area ID/system ID format . The second is

an O SI NSAP forma t, and the third is a G overnment OSI Pro le (GO SIP) NSAP format.

Figu re 8 Three NSAP Format s

If an of cial prex is not required, you can use AFI 49, which d enotes private ad dress space, like IP add ress space

for private Internets as de ned in RFC 1918.

The AFI has a b inary value between 0 and 99; this va luespec ies the IDI fo rmat and the DSP syntax. The DSP is in

binary f ormat , a nd the ID P is in decimal. ISO recognizes seven top-level netw ork a ddressing autho rities; each

authority has its own addressing format represented by the IDI format eld.

Cisco technology supports all NSAP forma ts that are de ned by ISO 8348/Ad2.

It ispossibleto conguremult ip le NETs on a router, but no router isever in more than onearea. Conguring multiple

NETs causes theareasto merge into a common area, leaking the Level 1 databases into each other. The only reasons

to have multiple NETs are for spli tt ing, merging, or renumbering areas; th is method should only be used in periods

of transition. Cisco Systems limits the number of congurable NETs to three per router.

Packe t Types , Ne ighbor s , F lood ing , and A djacenc ies

Packet Types

There are four general types of packets, and each type can be Level 1 or Level 2.

• Intermediate System-to-Intermediate System Hello (IIH)—Used by routers to detect neighbors and form

adjacencies. In addit ion to theIIH, which isan IS-ISprotocol data uni t (PDU), thereis an ISH and an ESH, which

are End System-to-Intermedia te System (ES-IS) PDU s.

Area System ID SEL

07.0000.3090.c7df.00AreaDomain System ID SEL

47.0004.30ac.0007.0000.3090.c7df.00AreaRDIReservedAAIDFIAFI

AFI: Authority and Format IdentifierICD: International Code DesignatorDFI: Domain Specific Part (DSP) Format IdentifierAAI: Administrative Authority IdentifierRDI: Routing Domain Identifier (Autonomous System Number)SEL: Network Service Access Point (NSAP) Selector

ICD System ID

(a)

(b)

(c)

SEL

47.0005.80.0000a7.0000.ffdd.0007.0000.3090.c7df.00




of 25

• Link-state packet (LSP)—There are four types of LSPs: Level 1 pseudonod e, Level 1 nonpseudonod e, Level 2

pseudonod e, and Level 2 nonpseudonod e.

• Complete sequence number PD U (CSNP)—CSNPs contain a list of all LSPs from the current data base. CSNPs

are used to inform other routers of LSPs that may be outdated or missing from their own database. This ensuresthat all routers have the same informat ion and are synchronized. The packets are similar to a n O SPF datab ase

description packet.

• Partial sequence number PDU (PSNP)—PSNPs are used to request an LSP (or LSPs) and acknowledge receipt of

an LSP (or LSPs).

The following informa tion is included in IIH PD Us:

• Whether the PDU is a point-to-point (WAN) PDU o r a LAN PDU.

• Source ID—System ID of the sending router.

• Ho ld ing t ime—Timeper iod to wai t to hear a hello befo re declar ing the neighbor dead . Similar to the OSPF dead

interval, t he default va lue is three times the hello interva l but ca n be chang ed w ith the IS-IS hello-multiplier

command.

• Circuit type indicating whether the interface on w hich the PDU w as sent is Level 1, Level 2, or Level 1/Level 2.

• PD U length.

• Local circuit ID on the sending interface (in point-to-point hello PDUs).

• LAN ID —System ID of the DIS plus the pseudonode ID (circuit ID) to differentiate LAN ID s on the same DIS.

• Priori ty—Higher isbetter. Used in DIS election (in LAN hello PDUs, there isno DR (Designated Router)election

on a point-to-point link).

By default, IS-IS hellos are padded to the full maximum transmission unit (MTU) size.

The benet of padding IIHs to the ful l MTU is early detection of errors caused by transmission problems with large

frames or M TU mismatched on adjacent interfaces.

The draw backs of IIH padd ing are that on high-speed interfaces it could be a strain on huge buffers, a nd on

low-speed interfaces large hello PDUs waste bandwidth. This could affect time-sensitive applications such as voice

over IP (VoIP).

The padding of IS-IS hellos can be turned off (in Cisco IOS Software Release 12.0[5]Ta nd 12.0[5]S)for all interfaces

on a router with the no hello padd ing command in router con guration mod e for the IS-IS routing process, or

selectively turned o ff fo r point-to-point or multipoint interfaces w ith the no hello pad ding multipoint or no hello

padding point-to-point command in router conguration mode for the IS-IS routing process. Hello padding can also

be turned off on an individual interface basis using the no i sis hello padding interface conguration command.

Table 2 Hello Message Types

1 Point-to-Point IIH Part of the IS-IS spec 10589; used by routers to form adjacencies



4 ESH Part of the ES-IS spec 9542; similar to ICMP Router Discovery Protocol (IRDP) in TCP/IP; used for routers (ISs) and End Systems (ESs) to detect each other

5 ISH Part of the ES-IS spec 9542; similar to IRDP in TCP/IP; used for ISs and ESs to detecteach other




of 25

Even though a router sends IIH to a router it know s is connected to a link, it w ill also send an ISH.

Figure 9 IS-IS LA N Level 1 and Level 2 IS-IS Hello Packet Format

IS-IS LAN hello elds:

• Intrado main Routing Proto col discriminator—The netwo rk-layer identier assigned to IS-IS in ISO 9577; its

binary value is 10000011 (0x83).

• Length indicator—This is the length of the xed header in octets.

• Version—It currently has value of 1.

• ID length—Length of the system ID eld; must be the same for all nodes in the doma in. If this is set to zero, it

implies 6 octets.

• PD U Types—Values are 15 and 16 for Level 1 and Level 2 LSPs, respectively.

• Version—Value is 1.• Ma ximum area add resses—Number of area ad dresses permitted for this IS area. Values are between 1 and 254

for a ctual number; 0 implies maximum o f three.

• Reserved/circuit type—Top 6 bits reserved; botto m 2 bits va lue = 0 indicates reserved; value = 1 indicates Level

1; value = 2 indicates Level 2; value = 3 indicates Level 1 and 2.

• Source ID—System ID of transmitting router.

• Ho lding time—Holding time as congured on this router.

• PDU length—Length of the entire PDU, xed header, and TLVs.

INTRADOMAIN ROUTINGPROTOCOL DISCRIMINATOR

LENGTH INDICATOR

VISION/PROTOCOL ID EXT

ID LENGTH

R R R TYPE

VERSION

RESERVED

MAXIMUM AREA ADDRESS

RESERVED/CIRCUIT TYPE

SOURCE ID

HOLDING TIMER

PDU LENGTH

VARIABLE-LENGTH FIELDS

RES PRIORITY

LAN ID

1No. of Octets

1

1

1

1

1

1

1

1

6

2

2

VARIABLE

1

7




of 25

• Reserved /p rio rity—Bit 8 reserved ; b it 1 i s used fo r p rio ri ty fo r being the Level 1 o r Level 2 DIS. Value i s copied

from the IIH of the DIS.

• LAN ID—A eld composed of the system ID of the DIS (1–8 octet s) p lu sa low-o rder octet assigned by the LAN

Level 1 DIS.

Notice the variable-type length elds at the bottom of the packet. This is where the TLV information is stored.

Di fferen t types o f PDUs have a set o f cur ren tly dened codes; any codes tha t a re not recogn ized aresupposed to be

ignored and passed thro ugh unchanged.

The n ine d ifferen t types o f IS-IS PDUs and the code valuefo r the opt ions tha t a reva lid fo r each o f them aredened

in Tab le 3 . Codes 1 through 10 aredened in ISO 10589 , and 128 through 133 aredened in RFC 1195. TLV Code

133 for authent ication information isspecied in RFC 1195, but Cisco technology uses theISO Code of 10 instead .

TLV Co de 4 is used f or pa rtition repair and is not supported by C isco technology.

Table 3 Valid Code Values for Nine Types of IS-IS PDUs

Level 1 LAN IS-to-IS Hello PDU Type 15

Code 1 =Area addressesCode 6 =IS neighbors (hellos)Code 8 =PaddingCode 10 =Authentication informationCode 129 =Protocols supportedCode 132 =IP interface address

Level 2 LAN IS-to-IS Hello PDU Type 16

Code 1 =Area addressesCode 6 =IS neighbors (hellos)Code 8 =PaddingCode 10 =Authentication informationCode 129 =Protocols supportedCode 132 =IP interface address

Point-to-point IS-IS Hello PDU Type 17

Code 1 =Area addressesCode 8 =PaddingCode 10 =Authentication informationCode 129 =Protocols supportedCode 132 =IP interface address

Level 1 Link-State PDU Type 18

Code 1 =Area addressesCode 2 =IS neighbors (LSPs)Code 3 =ES neighborsCode 6 =IS neighborsCode 10 =Authentication information

Code 128 =IP internal reachability informationCode 129 =Protocols supportedCode 132 =IP interface address




of 25

Figure 10 IS-IS Level 1 and Level 2 LSP Packet Format

Level 2 Link-State PDU Type 20

Code 1 =Area addressesCode 2 =IS neighbors (LSPs)Code 2 =IS neighbors

Code 4 =Partition designated Level 2 ISCode 5 =Prex neighborsCode 10 =Authentication informationCode 128 =IP internal reachability informationCode 129 =Protocols supportedCode 130 =IP external reachability informationCode 131 =IDRP informationCode 132 =IP interface address

Level 1 Complete Sequence Number PDU Type 24

Code 9 =LSP entriesCode 10 =Authentication information

Level 2 Complete Sequence Number PDU Type 25


Level 1 Partial Sequence Number PDU Type 26


Level 2 Partial Sequence Number PDU Type 27


Table 3 Valid Code Values for Nine Types of IS-IS PDUs

INTRADOMAIN ROUTINGPROTOCOL DISCRIMINATOR

LENGTH INDICATOR

VISION/PROTOCOL ID EXT

ID LENGTH

R R R PDU TYPE

VERSION

RESERVED

MAXIMUM AREA ADDRESS

PDU LENGTH

REMAINING LIFETIME

LSP ID

SEQUENCE NUMBER

CHECKSUM

TYPE LENGTH FIELDS

LSPDBOL IS TYPE

1

Octets

1

1

1

1

1

1

1

2

2

ID Length +2

4

VARIABLE

2

1P ATT




of 25

LSP format elds:

• Intradomain Routing Protocol discriminator—This is thenetwork-layer ident ier assigned to IS-IS in IS O9577;its binary value is 10000011.

• Length indicator—Length of the x ed header in octets.

• Version—Currently has value of 1.

• ID len gt h—Leng th o f t he sy st em ID eld . M ust b e t he sa me f or a ll n od es in t he d omain ; if set t o zer o, it implies

6 octets.

• PD U types—D ecimal values are 18 and 20 for Level 1 and Level 2 LSPs, respectively.

• Version—Value is 1.

• Ma ximum area add resses—Number of area ad dresses permitted for this IS area. Values are between 1 and 254

for a ctual number; 0 implies a maximum o f three.

• PDU length—Length of the entire PDU, xed header, and TLVs.• Remaining lifetime—Time in seconds before LSP expires.

• LSPID—Consists of three components: system ID, pseudonode ID, and LSP fragmentation number. Length isID

length + 2 bytes.

• Checksum—Checksum is computed from Source ID to end of PDU.

• Partition (P)—Bit 8 o f the octet; when set, means originator of LSP supports partition repair.

• Attached (ATT)—Bits 4–7 of the octet. When any o f these bits is set, it indicates the originato r is attached to

another area using the referred metric. For example, bit 4 set implies attached using the default metric.

• LSPDBOL—Bit 3 . When set , i t indicates theoriginator’s LSP database isoverloaded and should be circumvented

in path calculations to other destinations.

• IS type—Bits 1 and 2. O nly bit 1 set indicates Level 1 IS. If both a re set, it indicates Level 2 IS.Sec tion 9 of RFC 1142 (a rewr it e o f ISO 10589)g ives the deta il abou t the packet layou ts fo r each typeo f IS-ISPDU

as well as theTLV information supported for each type. The rst eight octets of al l IS-IS PDUs are header elds that

arecommon to al l PDU types. As Figure 11 indicates, theLevel 1 and Level 2 PDUs are ident ical, except for thePDU

type, w hich diff erentiates them as either Level 1 or Level 2.

The lengths for the various ID elds in the PDUs: “ LSP ID, SOUR CE ID , START LSP ID and EN D LSP ID ” all

assume tha t the length o f the system ID is xed a t 6 bytes. Under the co lumn fo r the number o f octet s, an “ 8” means

“ ID LENG TH + 2,” a “ 7” means “ ID LENG TH + 1,” and a “ 6” means “ ID LENGTH.” The protocol allows the

system ID to vary f rom three to eigh t bytes, but in pract icea six -byte system ID is a lways used . I f the ID LENGTH

eld is 0, it means that the system ID is using the default length of six bytes.




of 25

Adjacency Building

Neighbors on point-to-point networks always become adjacent unless they do not seethemselves in their neighbors’hello PDU and match on certain parameters. On broadcast networks and nonbroadcast multiaccess (NBMA)

netwo rks, the DIS (D esignated Intermediate System) w ill become ad jacent w ith its neighbors.

Tw o ro uters will become neighbors if the follow ing para meters are agreed upon:

• Level 1—Thetwo rou ters shar ing a common network segmen t must have thei r inter faces congured to be in the

same area if they are to have a Level 1 a djacency.

• Level 2—The two ro uters sharing a common netw ork segment must be congured as Level 2 if they are in

different areas and w ant t o become neighbors.

• Authentication—IS-IS allows for conguration of a passwo rd for a specied link, for an area, or for an

entire domain.

The L ink-S ta t e Da tabase and Re l i ab le F lood ing

Link-State Database

All valid LSPs received by a router are stored in a link-state database. These LSPs describe the topology of an area.

Routers use this link-state database to calculate its shortest-path tree.

LSPs and Reliable Flooding

Each router oods i ts LSPs to adjacent neighbors, and theLSPs arepassed along unchanged to other adjacent routers

until all the routers in the area have received them. All the Level 1 LSPs received by one router in an area describe

the topology of the area.

The IS-IS l ink-state database consists of al l the LSPs therouter has received. Each node in thenetwork maintains anidentical link-state da taba se. A change in the topo logy means a change in one or more of the LSPs. The router that

has experienced a link going up or d ow n w ill resend its LSP to inform the other routers of the change.

The LSP seq uence number is increased by one to let the other rout ers know tha t the new LSP supersedes the older

LSP. When a router rst originates an LSP, the LSP sequence number is 1. If the sequence number increases to the

maximum (oxFFFFFFFF), the IS-IS process must shut down for at least 21 minutes (MaxAge + ZeroAgeLifetime) to

allow the old LSPs to age out of all the router databases.

Flooding is the process by which these new LSPs are sent throughout thenetwork to ensure that thedatabases in al l

routers remain identical.

When a rou ter receives a new LSP, it oods thi sLSP to it s neighbors, except the neighbor tha t sen t the new LSP. On

point-to-point links, theneighbors acknowledge thenew LSP with a PSNP, which holds theLSP ID, sequence number,checksum, and remaining lifetime. When the acknowledgment PSNP is received from a neighbor, the originating

router stops sending thenew LSP to that part icular neighbor al though it may continue to send thenew LSP to other

neighbors that have not yet acknowledged i t. On LANs there is no explici t acknowledgement with a PSNP. Missing

LSPs are detected w hen a C SNP is received and the list of LSPs within the CSN P is compared w ith the LSPs in a

router’s ow n da taba se. If a ny LSPs are missing or outd ated, t he router will send a request for these in the form of

a PSNP.




of 25

If a router receives an LSP that has an older sequence number than the one in its IS-IS database, it sends the newer

LSP to t he router that sent the old LSP and keeps resending it until it receives an a cknowledgment PSNP from t he

originator of the old LSP.

LSPs must be ooded throughout an area for thedatabases to synchronizeand for theSPF tree to beconsistent within

an area . I t is not possible to con trol wh ich LSPs areooded by using a d ist ribu te l ist , a lthough i t i spossib le to use a

routemap to control w hich routes are redistributed into IS-IS from ano ther routing protocol.

Network Types

The types of netw orks tha t IS-IS denes include:

• Point-to-point networks

• B ro a dca st n et w o rks

Point -to-point netw orks, such as serial lines, connect a single pair of ro uters. A router running IS-IS w ill form a n

adjacency with the neighbor on theother side of a point-to-point interface. A DIS is not elected on this type of l ink.

The basic mechanism dened in the standard is that each side of a point-to-point link declares the other side to be

reachable if a hello pa cket is received f rom it. When this occurs, each side then sends a CSNP to trigger data base

synchronization.

Broadcast networks, such as Ethernet, Token Ring, and Fiber Distributed Data Interface (FDDI), are multiaccess in

that they are a ble to connect more tha n tw o d evices; all connected routers will receive a packet sent by one router.

On broadcast networks, oneIS will elect i tself theD IS. Hello packets on broadcast networks are sent to theAllL1ISs

or AllL2ISs MAC-layer broa dcast a ddresses. The D IS is responsible for ood ing; it w ill create a nd ood a new

pseudonod e LSP for each ro uting level it is participating in (Level 1 or Level 2) and fo r each LAN to w hich it is

connected. A router can be the D IS for a ll connected LANs or a subset of connected LANS, depending on the

con gured priority or, if no priority is congured, the Layer 2 add ress. The DIS w ill also create and ood a new pseudonod e LSP w hen a neighbor a djacency is established or t orn d ow n or the refresh interval timer for this LSP

expires. The D IS mechanism reduces the amo unt o f ood ing on LANs.

NB M A netw orks, such as Frame Relay, Asynchron ous Tran sfer Mod e (ATM ), and X .25, can conn ect multiple

devices but have no broadcast capabil ity. All theother routers at tached to thenetwork will not receive a packet sent

by a router. Special consideration should be taken when conguring IS-IS over NBMA networks. IS-IS considers these

med ia to be just like any o ther b roadcast med ia such as Ethernet o r Token Ring. In genera l, it i s bet ter to congure

point-to-point netw orks on WAN interfa ces and subint erfaces.

Unlike OSPF, no conguration is necessary to tell IS-IS what the network type is.

Designa ted In t e rmed ia t e Sys tem and Pseudonodes

The idea behind the DIS is similar to that behind the designated router in OSPF. The DIS creates a pseudonode (a

virtual node), and all the routers on a LAN, including the DIS, form a n adjacency w ith the pseudonode instead of

forming n*(n-1) order adjacencies with each other in a full mesh.




of 25

On a LAN, one of the routers will elect itself the D IS based on interface priority (the default is 64). If a ll interface

priorities are the same, the router with the highest subnetwork point of attachment (SNPA) is selected. MAC

addresses are theSNPA on LANs. On Frame Relay networks, the local data-l ink connection ident ier (DLCI) is the

SNPA. If the SNPA is a D LCI a nd is the same at bot h sides of a link, the router w ith the higher system ID (in the

NSAP address) will become the DIS.

A pseudonode LSP represents a LAN, including all ISs attached to that LAN, just as a non-pseudonode LSP

represents a rout er, including a ll ISs and LANs connected w ith the rout er.

Figu re 12 The pseudonode concept

The DIS election ispre-emptive (unlike with OSPF). If a new router boots on theLAN with a higher interfacepriority,

it becomes the DIS, purges the old pseudonode LSP, a nd a new set of LSPs will be o oded.

The DIS sends CSNPs descr ib ing a ll the LSPs in the da tabase every 3 seconds. I f a rou ter needs an LSP because i t is

o ld er t ha n t he L SP a d ver tised b y t he D I S i n it s C S N P o r it is missin g a n LSP t ha t is list ed in t he C SN P, it w i ll sen d a

PSNP to the DIS and receive the LSP in return. This mechanism can w ork bot h w ays: If a router sees that it has a

newer version o f an LSP, o r it hasan LSP tha t the DIS does not adver tise in i ts CSNP, the rou ter wi ll send the newer

or missing LSP to the D IS.

Metr i cs

The original IS-IS specication denes four different types of metrics. Cost, being the default metric, is supported by

all routers. Delay, expense, and error are optional metrics. The delay metric measures transit delay, the expense

metric measures the monetary cost of link utilization, and the error metric measures the residual error probability

associated with a link.

The Cisco implementation uses cost only. If the optional metrics were implemented, there would be a link-state

dat aba se for each metric and SPF would b e run for each link-state data base.

Default Metric

While some routing protocols calculate the link metric automa tically based on band w idth (OSPF) or ba ndw idth/

delay (Enhanced Interior G atew ay R outing Proto col [EIG RP]), there is no automa tic calculation f or IS-IS. Using

old-sty le metrics, an interface cost is between 1 and 63 (6 bit metric value). All l inks use themetric of 10 by defaul t.

Thetotal cost to a dest inat ion is thesum of thecostson al loutgoing interfaces along a part icular path from thesource

to the destination, a nd t he least-cost paths a re preferred.

RTA RTARTD (DIS)

PSTN

RTB RTB

RTD (DIS)

RTCRTC




of 25

The total pa th metric wa s limited to 1023 (the sum of a ll link metrics along a pa th betw een the calculating router

and any other node or prex). This small metric value proved insufcient for large networks and provided too l it t le

granularity for new features such as Trafc Engineering and other applications, especially with high bandwidth links.

Wide metrics are also required if route-leaking is used.

Extended Metric

Cisco IOS Software addresses th is issue with the support of a 24-bit metric eld , the so-called “ wide metric”. Using

the new metric style, link metrics now have a maximum va lue of 16777215 (224-1) with a tota l path metric of

4261412864 (254 x 2 24 ).

Deploying IS-ISin theIP network with wide metricsis recommended to enable ner granularity and to support future

applications such as Trafc Engineering.

Running different metric styles within one network poses one serious problem: Link-state protocols calculate

loop-free routes because all routers (within one area) calculate their routing table based on the same link-state

database. This principle is violated if some routers look at old-style (narrow), and some at new-style (wider) TLVs.

However, if the same interface cost is used for both the old- and new-style metrics, then the SPF will compute a

loop-free topology.

Shor t e s t -Pa th F ir s t and L ink -S ta t e Da tabase

SPF Algorithm

This section discusses the SPF algorithm for calculating routes with the IS-IS routing protocol, for support of both

TC P/IP a nd O SI. This is ba sed on an ext ension to th e algor ithm specied in ISO /IEC 10589.

An algorithm proposed by Edsger D ijkstra know n as shortest-path rst (SPF) is the basis for the route calculation.

This algorithm computes the shortest paths from a single source vertex to all other vertices in a weighted, directed

graph. Within the Cisco IO S implementat ion, w eight assigned to bra nches of the tree is a con gurable metric and

spans 2 24 per individual link and 2 32 per path (root to leaf).

IS-IS is a link-state protocol. A distinguishing featureof a link-state protocol as it relates to distancevector protocols

is that using a link-state protocol provides full visibility of the network topology, whereas distance vector protocols

use informat ion ba sed o n hearsay t o build f orw arding tables. This visibility provided by t he link-state protocol is

atta ined through a o oding mechanism that ensures that each ro uter in the netw ork (more precisely in an area)

receives informa tion tha t ca n be used to build the netwo rk map. In IS-IS, this information is ood ed via link-state

protocol data units, 3 and each Intermediate System or router advertises information pertaining to itself and its links.

Once theinformation is ooded and al l routers obtain thesameinformation , theSPF algorithm isrun separately per

router to process thetopology and extract theshortest path from therouter i tself (automatical ly assigned at theroot

of t he tree) to all th e leaves of the tree. This is like putting a jigsaw puzzle together (Figure 13). The info rma tion

derived fro m this process is used to populate the forw arding t able on the router.

3. Also know n as link-state packets (RFC 1195)




of 25

Figure 13 LSP advertised by routers can be modeled by the jigsaw puzzle pieces

Link-State Database

• PATHS —This representsa n acyclic directed graph of shortest pathsfrom thesystem S performing thecalculation.

It is stored as a set of triples of the fo rm <N, d(N ), {Adj(N)}>, w here:

N is a system iden tier. In the Level 1 a lgor ithm, N isa 6 -octet ID fo r OSI End Systems, a 7 -octet ID fo r rou ters,

or a n 8-octet IP internal reachability informa tion entry. For a router that is not a pseudonod e, it is the 6-octet

system ID, with a 0-appended octet . For a pseudonode, i t is a true 7-octet quanti ty, composed of the6-octet DIS

ID and the extra octet assigned by the designated router. The IP internal reachability information entries consist

of a 4-octet IP add ress plus a 4-octet subnet mask and w ill alwa ys be a leaf, that is, “ End System” in PATH S.In the Level 2 a lgorithm, N is either a 7-octet router o r pseudonod e ID (as in the Level 1 algorithm); a va riable

length O SI address pre x; a n 8-octet IP internal reachability informa tion entry, or an 8-octet IP external

reachability information entry. The variable-length OSI address prexes and 8-octet IP reachability information

entries will alw ays be a leaf, that is, “ End System” in PATH S. As above, the IP reachability informa tion entries

consist of an IP add ress-subnet ma sk combination.

d(N) is N’s distance from S (that is, the to tal metric value from N to S).

{Adj(N)} is a set of va lid adjacencies that S ma y use for forw arding t o N .

When a system is placed on PATHS, the path(s) designated by its position in the graph is guaranteed to be a

shortest pat h, and this will be reected in the routing ta ble, given that the route is not learned through anot her

routing protocol with a lower administrative distance.

• TENT —This isa list of triples of theform <N, d(N), {Adj(N)}>, where N, d(N), and {Adj(N)}are as dened above

fo r PATH S.

TENTcan intui tively be thought of as a tentative placement in PATHS. In other words, thetr iple <N, x, {A}> in

TENT means that if N were placed in PATHS, d(N) would be x, but N cannot be placed on PATHS until is

guaranteed that no path shorter than x exists.

Similarly, the triple <N, x , {A, B}> in TENT means that if N w ere placed in PATH S, then d(N) w ould b e x via

either adjacency A or B.

To C

To A

To D

To B

To E

To D

To A

ISP forRouter E

To B




of 25

Not e: It is suggested t hat the implementation ma intain the da tab ase TENT as a set of list of triples of t he form

<*,Dist,*>, sorted by Dist. In addition, it is necessary to be able to process those systems, which are pseudonodes

before any nonpseudonodes at the same distance Dist.

The 8-octet system identierstha t specify IP reachability entries must alw ays be distinguishable from other system

ident iers. Two IP reachabil ity entries that d iffer only in the subnet mask are st il l considered to be separate and

will therefore have distinct system identiers N. The SPF algorithm will therefore calculate routes to each such

entry, a nd t he correct entry w ill be selected in the fo rw arding process.

Algorithm

The funct ion of thealgori thm is to calculate theshortest path to al l o ther nodes. To do this, a spanning tree needs to

be constructed. This necessitates a logical model of nodes interconnected by point-to-point links. 4 The basic

algorithm, which builds PATHS from scratch, starts out by putting the system doing the computation on PATHS (no

shorter path t o SELF can possibly exist). TENT is then preloaded from the local a djacency data base.

For each step a node is moved into the PATHS list• Thenodeamong all nodes on TENTtha t has the lowest cost f rom comput ing node is iden tied and moved from

TENT to PATH S.

• All prexes advertised by this node are installed in the RIB.

• All neighbors reachable from through node and moved to TENT list.

Considerations:

• If a node is directly connected to computing node, the rst-hop information is obtained from the adjacency

database.

• If a nodeis not directly connected to computing node, the rst-hop information is inherited from parent node(s).

• For each node on TENT, the cost to get there from the root, and the rst-hop information, is maintained.

Note that a system is not placed on PATHS unless it is the shortest path to that system. When a system N is placedo n PATH S, t he pa t h t o a n eig hb or o f N , sy st em M , is ex a min ed , a s t he pa th t o N plus t he lin k f ro m N t o M . If <M ,

*, * > is in PATH S, this new pa th w ill be longer a nd thus ignored.

I f <M, * , *> is in TENTand the new path i s sho rter, the o ld en try is removed from TENTand the new path is p laced

in TENT. If the new path is thesame length as the one in TENT, then theset of potent ial adjacencies {Adj(M)}is set

to the union o f the o ld set (in TENT) and the new set {Ad j(N)}. I f M isno t in TENT, then the path i sadded to TENT.

Next , the algo rithm nds the triple <N, x , {Adj(N)}> in TENT, w ith minima l x.

N isp laced in PATHS. No path to N can besho rter than x a t this poin t because a ll paths through systemsa l ready in

PATHS have already been considered , and paths through systems in TENTstil l have to be greater than x because x

is minimal in TENT.

When TENT is empty, PATH S is complete.

Note that external metrics can only occur in IP external reachabil ity information entries, which correspond to a leaf

(that is, “ End System” in PATH S). Any route using an entry w ith an external metric w ill alwa ys be considered less

desirable than any entry using an internal metric . This implies that in the addit ion of systems to PATHS, al l systems

reachable via internal routes are alwa ys add ed before any system reachable via external routes.

4. Multiaccess links violatethis model because multiplenodes are connected to the same link. The pseudonode was introduced to address this issue.In the shortest-path tree, a multiaccess link is modeled as a pseudonode with point-to-point links to each IS connected to the multiaccess link.




of 25

Fast Convergence at Adjacency Setup

An IS that runs out of system resources (memory, CPU, and so on)to store and process thew hole l ink-statedatabaseis supposed to discard LSPs and to alert o ther routers within i ts area by set t ing the overload-bit in orig inated LSPs.

Other routes within this area will still route packets to the overloaded router ’s directly connected networks, but they

w ill not use this router for transit traf c.

When a router reloads, packets forwarded to therouter could be lost , and therouter would effectively behave l ike a

black ho le, dropping a ll the received packets for a short w hile. This could ha ppen because IS-IS considers an

adjacency to be established a nd va lid before CSNP packets have been exchanged and thus before the link-state

dat aba ses of neighbors have been fully synchronized.

Figu re 14 Fas t Convergence

\Consider Figure 14 in the event of router B reloading. Router B would drop trafc if i ts neighbors include router B

in their LSP while router B wo uld not ha ve a fully populated routing table. Thus router B w ould at tract tra f c but

then not ha ve enough informa tion to be able to fo rw ard the traf c. This would result in packets being lost even

though a valid alternate pat h (as used w hen router B is dead) exists.

Assume tha t the shor test path f rom rou ter C to network N is through router B and rou ter A. Router B crashes, and

thenetwork reconverges. The new path from router C to prex N is through router F->router E ->router D->router

A. Ho w ever, the LSP originated from ro uter B does not expire from the link-state da taba ses on a ll routers (except

router B itself). Once router B completes the reload and is back up, adjacencies with router C, router E, and Router

A are established. How ever, before the CSNP, PSNP and full link-state database exchange is complete, router C runs

SPF and uses the old version of router B LSP, hence rediscovering the old ro ute to prex N. Thus traf c to N is

forw arded to Router B from Router C before Router B has received all LSPs, completed the SPF algorithm, and

imported theprex N into i ts rout ing table. This results in dropped packets. When router B runs an SPF based on a

complete link-state dat aba se, Ro uter B recovers full visibility and t raf c to prex N is forw arded a ppropriately.

In a recent IS-IS implementation in IS-IS, a ro uter w ill immediately ood its ow n LSP even before sending CSNP

packets. This does not eliminate theblack-hole problem previously illustrated. How ever, given that theLSP is ooded

immediately, theoverload bit can be set to advise therest of thenetwork not to try rout ing transi t t rafc through thenewly reloaded router. The router can be congured to advert ise i ts LSP with the overload bit for a specic amount

of time after reload.

Once the specied t imer tr iggers, by which t ime the router would have a complete l ink-state database, the overload

bit is cleared a nd t he LSP is reo oded.

Router A Router B Router C

RouterAdvertising

Prefix N

Router D Router FRouter E




of 25

IP Addressing

Default Routing

Defa ult routing is achieved in two distinct wa ys with Integrat ed IS-IS:

• At tached bit —Set by a Level 1/Level 2 router in its ow n Level 1 LSP and used to ind icate to all Level 1 routers

(within the area) that t his router is a pot ential exit point of the a rea. Level 1-only routers w ill default to the

nearest attached Level 2 router.

• D efault inform ation originate —Ca n be con gured in Level 1 as w ell as Level 2. The defa ult rout e (0.0.0.0/0) is

inserted in the router LSP (Level 1 or Level 2, a ccording to the con guration command) a nd the LSP is o oded

according to therouter type (Level 1 or Level 2). A Level 2 router doesn’t need to have a defaul t routeto orig inate

a default route.

Level 1 routers w ill alw ay s prefer the explicit default ro ute (0.0.0.0/0) found in an LSP befo re considering the

attached bit.

Redistribution

The Integrated IS-IS specica tion d escribes the w ay ro uters are allow ed to redistribute external pre xes. The Cisco

implementation diff ers from the speci cation a nd a llows more exibility.

Redistr ibut ion from any other rout ing protocol, stat ic congurat ion , or connected interfaces is al lowed in any type

o f rou ter (Level 1 and Level 2 ). By defaul t the met ric typew ill be set as int ernal , wh ich means tha t the met ric o f the

rou te wi ll compete wi th a ll o ther interna l rou tes. Met ric typemay be set to ex terna l. In tha t way the p rex wi ll have

a metric equal to the cost speci ed in the redistribution comma nd plus a value of 64. 5 Although the metric is

increased if the metric is agged as external on redistribution, the internal/external bit used to increase the metric is

actually ignored w hen calculating routes unless the use of external metric is specied in the con guration.

It is recommend ed tha t the metric type internal a lw ay s be used when redistribut ing. Wide-metric TLVs do not use

and discriminate betw een internal and external.

Summarization

Summarization is one of the key fa ctors affecting scalability of a routing proto col. Summarization w ill reduce the

amount of routing updates that will be ooded across the areas and the routing domain.

The use of IS-IS (especially with area routing) requires a good addressing scheme to aid summarization and avoid

having a huge Level 2 data base (populated w ith updates originated f rom Level 1 areas).

For IP w e can summarize only na tive IS-IS routes into Level 2 from t he Level 1 dat ab ase. It is not possible to

summarize IS-IS internal routes at Level 1, although it is possible to summarize external (redistributed) routes at

Level 1.

5. In earlier releases of Cisco IO S Softw are, the reserved bit (bit 8) w as set as o pposed to the internal/external bit 7. Thus external metrics were inincrements of 128 rather t han 64.




of 25

If the congured metric type is external (the default) or the metric type is not specied (and therefore defaults to

external), redistributio n w ill not ta ke place. This can be confusing because the metric type do es not a ppear in the

router con guration, regardless of w hether it is specied.

According to RFC 1195, the external reachabil ity TLV is not permitted in Level 1 LSPs. Therefore, i t is not possible

to express an externa l metric type in a Level 1 LSP. This constrain t w ill be relax ed in the future to a llow Level 1

external routes to have either an internal or external metric type.

Even though the con gured metric type is internal, the LSP w ill show that the route is “ IP external” because the

external IP reachability TLV is used t o hold t he informat ion.

Route Leaking

Level 1 routers within an IS-IS area by defaul t do not carry any rout ing information external to thearea they belong

to. They use a default route to exit the area. Whilethis setup isdesirable for scalability reasons, it interferes with BGP

routing and Multiprotoco l Label Switching (MPLS) and M PLS-VPN w here all BG P next-hop addresses must be

present in the local routing table. IS-IS now supports 6 a feature called “ route leaking,” in w hich selected Level 2

routes can be ad vertised by a Level 1/Level 2 router into Level 1. Those leaked rout es are specially t ag ged so th ey

w ill not be re-ad vertised into Level 2 by a not her Level 1/Level 2 router.

Route-leaking imposes some risks if used in an unstable environment. An IS-IS area concept with summarization

usually prevents the instabilities in one area (link or route apping) to have an effect on other areas. Routes leaked

from Level 2 into Level 1 are generally not summarized. Each t ime a topology change occurs in an area, al l Provider

Edge router addresses of this area may changemetric (becauseof thechange), and thereforethe Level 1/Level 2 router

tha t w ill have to pro paga te the PE ad dresses into the Level 2 core will ha ve to recreate its Level 2 LSP. This means

that leaking will have to recur and lead to a situation where for any topology change in one area you will have to

re-compute (via Pa rtial R oute C alculation) many routes in (all) other a reas as w ell. R oute-leaking should therefore

be planned a nd d eployed ca refully.

Secur i ty The Cisco IS-IS implementation offers an authentication mechanism to prevent unauthorized routers from forming

adjacencies or injecting TLVs. Currently, o nly plain-text authentication is ava ilable w here the cong ured password

is transmit ted inside the IS-IS PDUs unencrypted in plain text . As such, the password can be determined by snifng

thepackets. Future Cisco IOS Software releases will also contain Hashed Message Authenticat ion Codes with MD5

(HM AC-M D5) w ith encrypted pa ssw ords a s specied in the corresponding IETF draf t. 7

The key concepts for summarization of IP routes are as follows:• Internal routes can be redistributed and summarized from Level 1 into Level 2. Summarization should be

congured on the Level 1/Level 2 router, which injects the Level 1 routes into Level 2.• If summarization is being used, all Level 1/Level 2 routers in an area must be summarizing into the backbone. If

one of them is advertising more specic routes, all the trafc from the backbone will be sent toward this routerbecause of longest-match routing.

• Internal routes cannot be summarized at Level 1 because this is not permitted by the protocol.

6. This feature is also supported on O SPF ABRs to leak Type 3 link-state a dvertisements (LSAs) into an OSPF a rea.



Corporate HeadquartersCisco Systems, Inc.170 West Tasm an D riveSan Jo se, CA 95134-1706USAwww.cisco.com

Tel: 408 526-4000800 553-NETS (6387)Fax: 408 526-4100

European HeadquartersCisco Systems Europe11, Rue Camille Desmoulins92782 Issy-les-MoulineauxCedex 9France

www-europe.cisco.comTel: 33 1 58 04 60 00Fax: 33 1 58 04 61 00

Americas HeadquartersCisco Systems, Inc.170 West Tasma n D riveSan Jo se, CA 95134-1706USAwww.cisco.com

Tel: 408 526-7660Fax: 408 527-0883

Asia Pacic HeadquartersCisco Systems, Inc.Ca pital Tow er168 Robinson Road#22-01 to #29-01Singapore 068912

www.cisco.comTel: 65 317 7777Fax: 65 317 7799

Cisco Systems has more than 200 ofces in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on theCisc o Web site at www.ci sco.com/go/offic es

Argent ina • Austra lia • Aust r ia • Belg ium • Bra zil • Bulga ria • C a na d a • C hile • C hina PR C • C o lo mb ia • C o sta R ica • C ro a tiC zech R epub lic • D enma rk • D ub a i, UAE • Finla nd • Fra nce • G erma ny • G reece • H ong Kong SAR • H unga ry • Ind ia • Ind o nesia • Irela ndIsra el • Ita ly • Ja pa n • Ko rea • Lux emb o urg • M ala y sia • M ex ico • The N etherla nd s • N ew Z ea la nd • N orw ay • Peru • Philippines • Po la ndPo rtuga l • Puerto R ico • R o ma nia • R ussia • Sa ud i Ara b ia • Sco tla nd • Singa po re • Slo va kia • Slo venia • So uth Africa • Spa in • Sw ed enSw it z er la nd • Ta iw a n • Th a i la nd • Tu r k ey • U k r a in e • U n i t ed K in g d o m • U n i t ed St a te s • Ven ez u e la • Vi et n a m • Z im b a bw e

All content sare Copyr ight © 1992–2002 Cisco Sys tems, Inc. All r ight s reserved. Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are are regi st e red t rademarks of Cisco Systems, Inc. and/or i t s aff i li a t es in the

IS-IS authentication is congured independently for adjacency establishment (hello) and for LSP authentication. The next sections describe

both cases. If only LSP authent ication is used, an unauthorized neighbor can st il l form an adjacency, but LSP packets cannot be exchanged.

The ISIS dat aba se will not cont ain a ny entries for this neighbor.

LSP Authentication (Area- or Network-Wide)

Do main a nd a rea authentication ca n be con gured separat ely. It is also possible to run either one or both types of authentication.

The area pa ssw ord is inserted a nd checked fo r Level 1 LSPs, the doma in password for Level 2 LSPs.

Interface PasswordThis authentication can be used t o ma ke sure that o nly autho rized neighbors form an IS-IS adjacency over a given interface. The passw ord

is congured on a per-interface base and must be specied for Level 1 and Level 2 independently.

Note : Over point-to-point interfaces, only one hello packet is sent for Level 1/Level 2 adjacencies. On those interfaces, the same password

must be congured as a Level 1 and Level 2 password .

7. http ://w w w.ietf. org/internet-draf ts/dra ft-ietf-isis-hmac-03.tx t

introduction to intermediate system-to-intermediate systen protocol

Documents