BRKRST-2315.Pdf

#CLUS Definitive Intermediate System to Intermediate System (IS-IS)

Elvin Arias, CCIE R&S #57406 Technical Consulting Engineer, Customer Delivery, CX, AMER BRKRST-2315

#CLUS Agenda

Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Live Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot# BRKRST-2315 by the speaker until June 16, 2019.

L1-L2 49.BEEF R7

L1-L2 L1-L2 L1-L2 L1-L2 L1-L2

R4 R1 R2 R5 R6

R3 L1-L2

49.CC1E 49.CCDE L1 L1-L2 L2 L1-L2 L1

R4 R1 R2 R5 R6

R3 L1-L2

• Currently defined in the ISO/IEC standard 10589:2002

• IS-IS is a routing protocol of the link-state protocol family

• Offers many benefits such as:

• High scalability

• Extensibility

• Fast convergence

• Operational flexibility

• ConnectionLess Network Services (CLNS)

• Set of formal services provided at the L3 layer of the OSI model

• Analogous to the set of services provided by IPv4/IPv6

• ConnectionLess Network Protocol (CLNP)

• ISO protocol implementing the set of services mandated by CLNS

Note: Another L3 service exists, Connection-Oriented Network Service (CONS), but there is no counterpart in the TCP/IP world

OSI TCP/IP

• System • Node

• End System • Host

• Intermediate System • Router

• Circuit • Interface / link

• Domain • Autonomous System

• OSI Address Architecture Network Service Access Point (NSAP) Overview

• Defined in ISO/IEC 8348

• Addressing at the Network layer uses OSI Network Service Access Point (NSAP)

• Represents a service in a particular system (node) in a domain (autonomous system)

• A single NSAP address contains information about the node’s autonomous system, area, node itself, and even the Layer4 service

• NSAP address has a variable length between 8-20 bytes, depending on the chosen format

• NSAP address is assigned to the system as a whole, not to individual interfaces (circuits), unlike IP addresses • Consequence: There were no “networks of hosts”, just “hosts”

• Due to OSI heritage, IS-IS requires the use of NSAP address called Network Entity Title (NET)

• NET is an NSAP address whose trailing byte (NSEL) is set to 0 • No two nodes residing within the same flooding scope can have addresses in which the system ID fields are the same

AFI IDI HO-DSP System ID SEL

1 byte Variable length Variable length 8 bytes 1 byte

20 bytes maximum

• Note: AFI 49 is used for private addressing.

• Authority And Format Identifier (AFI) • Identifies the overall format of the NSAP address • Initial Domain Identifier (IDI) • Identifies the domain or a set of domains • High Order Domain Specific Part (HO-DSP) • Identifies the particular domain or a part of it • System Identifier (System ID) • Uniquely identifies a node in a domain • Network Selector (NSEL) • Uniquely identifies a service on the node (00 = NET, no service, just the node itself)

• Authority and Format Identifier (AFI) is 1 octet in length

• Identifies how the rest of the NSAP address should be interpreted

• AFI 49 (private) or 47 (International Code Designator) are most commonly used AFI Authority 36 Public network 39 ISO DCC 45 ISDN 47 ICD 48 49 Local 50

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Network Entity Title (NET) Readability • Start from right to left when reading NET • IS-IS must always have a NET assigned for a node

• Note: Cisco IS-IS implementation requires at least 8 bytes of NET as a minimum (1 octet for area, 6 bytes for system ID, 1 octet for NSEL)

net 49.0000.0000.0000.0001.00

AFI Area System ID NSEL

• NSAPs are written in hex separated by dots, but the use of the dot is optional and arbitrary • The following NETs are the same:

1. 49.0000.0000.0000.0001.00

2. 49000000000000000100

3. 49.00.00.00.00.00.00.00.01.00

4. 4900.0000.0000.0000.0100

5. 4900.00000000.00000100

6. 4.900.0.000.000.000.000.100

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Configuring NET: IOS-XE, NX-OS, IOS-XR IS(config)# router isis 1 IS(config-router)# net 49.0012.0000.0000.0002.00

RP/0/0/CPU0:XR1# show isis protocol IS-IS Router: 1 System Id: 0000.0000.0002 Instance Id: 0 IS Levels: level-1-2 Routing for area address(es): 49.0012

Area System ID SEL RP/0/0/CPU0:XR1# show isis protocol IS-IS Router: 1 System Id: 0000.0000.0001 IS Levels: level-1-2 Routing for area address(es): 00

Area System ID SEL R2# show isis protocol Tag 1: IS-IS Router: 1 (0x10000) System Id: 0000.0000.0001.00 IS-Type: level-1-2 Manual area address(es): 39.abcd.0012

• Routing Overview IS (Router) Types

• Level-1: Intra-area router – Single Level-1 LSDB

• Level-1-2 (default): Intra-area and inter-area (backbone) capable router – Level-1 and Leve-2 LSDB

• Level 2-only: Backbone capable router – Single Level-2 LSDB

• Note: By default, routers are Level-1-2 routers, if change is required, is-type can be used

• Level 1: Routing between ES nodes in a single area of a domain (Intra-Area routing)

• Level 2: Routing between ES nodes in different areas of a domain (Inter-Area routing – IS-IS backbone)

• Note: Per-level link state database (LSDB) is maintained

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 IS Type, L1-L2 LSDB ISO CLNP Routing IS1 clns routing Example ! router isis net 49.0000.1111.1111.1111.00 Area 49.0000 ! interface Ethernet0/0 clns router isis 1111.1111.1111 ! interface Ethernet0/1 clns router isis IS1 ES[10|20] E0/0 E0/1 clns net 49.0000.XXXX.YYYY.ZZZZ.00 ! interface ethernet0/0 ES10 ES20 clns enable ! ES20 1010.1010.1010 ES102020.2020.2020 clns route default 49.0000.1111.1111.1111.00

IS1# show clns es-neighbors detail System Id Interface State Type Format 1010.1010.1010 Et0/0 Up ES Phase V Area Address(es): 49.0000 Uptime: 00:47:38 Interface name: Ethernet0/0 2020.2020.2020 Et0/1 Up ES Phase V Area Address(es): 49.0000 Uptime: 00:46:06 Interface name: Ethernet0/1

IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL IS1.00-00 * 0x00000002 0x1BDB 755/* 0/0/0 Area Address: 49.0000 Hostname: IS1 Metric: 10 IS IS1.02 Metric: 10 IS IS1.01 Metric: 0 ES IS1 IS1.01-00 * 0x00000001 0x1D8D 755/* 0/0/0 Metric: 0 IS IS1.00 Metric: 0 ES 1010.1010.1010 IS1.02-00 * 0x00000001 0x77D6 755/* 0/0/0 Metric: 0 IS IS1.00 Metric: 0 ES 2020.2020.2020

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 ISO CLNP Routing Verifications IS1# show clns route Codes: C - connected, S - static, d - DecnetIV I - ISO-IGRP, i - IS-IS, e - ES-IS B - BGP, b - eBGP-neighbor

C 49.0000.1111.1111.1111.00 [1/0], Local IS-IS NET C 49.0000 [2/0], Local IS-IS Area

IS1# show clns cache CLNS routing cache version 10 [Hash] Destination ->Next hop @ Interface : SNPA Address =>Rewrite / Length [10] *49.0000.1010.1010.1010.00 ->1010.1010.1010 @ Ethernet0/0 : aabb.cc00.0300 [20] *49.0000.2020.2020.2020.00 ->2020.2020.2020 @ Ethernet0/1 : aabb.cc00.0100

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 ISO CLNP Routing Verifications IS1# which-route 49.0000.2020.2020.2020.00 Route look-up for destination 49.0000.2020.2020.2020.00 Found route in IS-IS level-1 routing table

Adjacency entry used: System Id Interface SNPA State Holdtime Type Protocol 2020.2020.2020 Et0/1 aabb.cc00.0100 Up 268 IS ES-IS Area Address(es): 49.0000 Uptime: 00:18:25 Interface name: Ethernet0/1

ES10# show clns route default Routing entry for Default Prefix Known via "static", distance 10, metric 0, Dynamic Entry Routing Descriptor Blocks: via 49.0000.1111.1111.1111.00 CLNS FIB static, route metric is 0

ES10# show clns cache CLNS routing cache version 4 [Hash] Destination ->Next hop @ Interface : SNPA Address =>Rewrite / Length [11] *49.0000.1111.1111.1111.00 ->1111.1111.1111 @ Ethernet0/0 : aabb.cc00.0200

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 ISO CLNP Routing Verifications ES10# ping 49.0000.2020.2020.2020.00 Type escape sequence to abort. Sending 5, 100-byte CLNS Echos with timeout 2 seconds !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

ES20# ping 49.0000.1010.1010.1010.00 Type escape sequence to abort. Sending 5, 100-byte CLNS Echos with timeout 2 seconds !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms ES20#

Echo-Request

Destination NET Source NET

Echo-Response

Destination NET Source NET

• Packet Types and Data Structures (Type-Length- Value) IS-IS Packets Packet Encapsulation

• IS-IS, unlike other routing protocols, is encapsulated directly into L2

• Wait… is it a L2 protocol? No! 

OSPF L2 IP OSPF

EIGRP L2 IP EIGRP

RIP L2 IP UDP RIP

BGP L2 IP TCP BGP IS-IS L2 IS-IS

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 IS-IS Packets Communication • IS-IS Packets are sent over Ethernet media using one of the following MAC addresses:

Name Destination MAC

All L1 IS Devices 0180.c200.0014

All L2 IS Devices 0180.c200.0015

All IS Devices 0900.2b00.0005

All ES 0900.2b00.0004

• Note: Encapsulation is on top of L2, not IP or CLNP

• IS-IS Hello (IIHs)

• LAN Level1 IIH (15)

• LAN Level2 IIH (16)

• P2P IIH (17)

• Link State Packets (LSPs)

• Sequence Number Packets (SNPs)

• Partial Sequence Number Protocol Data Unit (PSNP) – 26/27

• Complete Sequence Number Protocol Data Unit (CSNP) – 24/25

• Every IS-IS packet carries a common header

• Protocol Discriminator • Network–layer protocol ID (NLPI) by ISO 9577, identifying the rest of the packet • Always set to 0x83 for IS-IS • Length indicator • Length of the fixed header in octets • Version/Protocol ID • Always set to 1 • ID Length • Length of the System ID • If set to 0, it implies 6 octets

• PDU Type • Indicates the IS-IS packet type • Version • Always set to 1 • Reserved • 1 octet for future use, always set to 0 • Maximum Area Addresses • The maximum number of addresses assignable to a single area • If set to 0, it implies a maximum of 3 area addresses

• IS-IS uses TLVs to carry information in IS-IS PDUs

• Maximum length is 257 bytes

• TLVs are what makes IS-IS extendible

• TLVs that are not recognized are ignored and forwarded to other IS neighbors without change

Field Number of octets Type 1 Length 1 Value LENGTH

TLV 129 indicates the routed protocols supported.

TLV 1 Area TLV 132 IPv4 interface address

TLV 232 IPv6 interface address

Area Address (1) Area in which the System resides

IS Reachability (2) A topological link to an adjacent IS

Padding (8) Primarily used to detect MTU inconsistencies Authentication (10) Authentication information for the PDU

IP Internal Reachability (128) Internal IPv4 prefixes router knows about

Protocols Supported (129) Network Layer Protocol Identifiers (NLPIs) of Layer3 protocols supported by the router IP External Reachability External IPv4 prefixes router knows

Dynamic Hostname (137) Name of router originating LSP

• Sub-TLVs use the same concept as TLVs

• TLVs exist inside IS-IS packets while sub-TLVs exist inside TLVs

• TLVs are used to add extra information to IS-IS packets

• Sub-TLVs are used to add extra information to particular TLVs

• If unknown, sub-TLVs are ignored

Field Number of octets Type 1 Length 1 Value Variable

MPLS-TE Sub-TLVs

• RFC 1195 introduced TLVs for IP in IS-IS, hence Integrated IS-IS

• IS-IS packet types were introduced with:

• TLV 129: Protocols Supported (CLNS 0x81, IPv4 is 0xCC, IPv6 0x8E, TRILL 0xC0)

• TLV 132: IPv4 Interface address

• TLV 128: IPv4 Internal Reachability Information

• TLV 130: IPv4 External Reachability Information

• IP (or any other routed information) is encoded and transported in TLVs

• IIH: • IIH: • TLV 129 IIH: “I support • TLV 129 IIH: “I support protocols: 0xCC - IPv4” .1 .2 protocols: 0xCC - IPv4” • TLV 1: Area: 49.BEEF • TLV 1: Area: 49.BEEF R1 12.0.0.0/24 R2 • LSP • LSP • TLV 2: IS Reachability: R2 • TLV 2: IS Reachability: R1 • TLV 128 IPv4 Internal • TLV 128 IPv4 Internal Reachability: (List of IPv4 Reachability: (List of IPv4 prefixes advertised by R1) prefixes advertised by this • TLV 130 IPv4 External router) Reachability: (List of IPv4 • TLV 130 IPv4 External prefixes advertised by this Reachability: (List of IPv4 router via redistribution) prefixes advertised by this router via redistribution)

• IIHs are exchanged between IS neighbors on IS-IS enabled circuits

• Neighbor detection and maintenance

• Used for electing Designated Intermediate System (DIS) in multiaccess networks

• Bidirectional adjacency established via 3-way handshake

• IS-IS uses a single IIH packet type on point-to-point circuits

• Sent every 10 seconds by default (range 1 - 65535 seconds)

• Default hello multiplier (hold down) is 3

• Note: Timers do not need to match for adjacency to be established

XR1 .1 .2 router isis 1 XR1 12.0.0.0/24 R2 net 49.0000.0000.0000.0001.00 log adjacency changes log pdu drops address-family ipv4 unicast ! interface GigabitEthernet0/0/0/0.12 Hold down = hello_int * multiplier (39) point-to-point hello-interval 13 hello-multiplier 3 address-family ipv4 unicast

R2 .1 .2 router isis 1 XR1 12.0.0.0/24 R2 net 49.0000.0000.0000.0002.00 ! interface ethernet0/0.12 isis hello-interval 3 isis hello-multiplier 11 Hold down = hello_int * multiplier (33)

Tag 1: System Id Type Interface IP Address State Holdtime Circuit XR1 L1L2 Et0/0.12 10.1.2.1 UP 35 00

Advertised holdtime from IS neighbor P2P IIH

• Sent every 10 seconds by default (range 1 - 65535 seconds)

• Default hello multiplier (hold down) is 3

• Designated Intermediate System (DIS) uses one-third (1/3) of the configured timers for hello and hold intervals

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 IS-IS Hello (IIH) LAN IIH router isis 1 (XR) DIS net 49.0000.0000.0000.0001.00 .1 .2 address-family ipv4 unicast XR1 12.0.0.0/24 R2 ! interface GigabitEthernet0/0/0/0.12 hello-interval 4 level 1 Separate LAN IIHs per Level hello-interval 5 level 2 hello-multiplier 4 level 1 hello-multiplier 5 level 2

• Advertisement of network layer reachability information (NLRI) and topological information

• The smallest element of a link state database is the entire LSP

• Data is stored on TLV records inside LSP

• Level 1 LSP (packet type 18)

• Level 2 LSP (packet type 20)

• System ID – Identifies the router originating the LSP (6 octets)

• Pseudonode ID – Differentiates router LSPs from pseudonode LSPs on broadcast networks (1 octet)

• LSP Number – Fragment number for LSP (1 octet)

• The combination of this triplet, System ID + Pseudonode ID + Fragment ID is known as LSPID

• Every LSP must have a unique LSPID

LSP-ID

LSP Area

NLRI

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63 System ID Link State Packets (LSP) Pseudonode ID LSP Structure Fragment ID RP/0/0/CPU0:XR1#show isis database Tue Apr 16 23:35:29.958 UTC IS-IS 1 (Level-1) Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL XR1.03-00 * 0x00000021 0xf681 983 0/0/0

Seq # Chcksum Holdtime Attachment Partition repair Overload

• To distinguish between various versions of the same LSP, each LSP has a sequence number • Unsigned 32-bit integer starting at 0x00000001 through 0xFFFFFFFF (136 years to reach maximum if originated every second) 

• Each modification of LSP increments the sequence number

• No sequence number wrap in IS-IS as opposed to OSPF

• Indicates if router supports partition repair

• Potential broken Level-1 could be repair through Level-2 router

• Not implemented by Cisco or any other vendors

• Initially designed for routers running out of system resources (CPU, Memory)

• Potential transit blackhole routing through the particular router

• Set in the non-pseudonode LSP Fragment 0

• Reachability to the router should be achieve, but not through if alternate paths exist

R1 R2 R4 R5 R6

R3 L1-L2

Traffic goes through R3

• Attached bit is the “magic bit”  used for inter-area routing

• ATT-bit is set when Level-2 capable router connects to an area other than the locally set on the IS

• Level-1 router generates a default route to the nearest Level-1-2 capable router

49.CC1E ATT-bit L1 LSP 49.CCDE L1 L1-L2 L2 L1-L2 L1

R1 R2 R4 R5 R6 Default route R3 L1-L2

ATT-bit L1 LSP

• Used to advertise a complete list of LSPs in router’s LSDB

• After receiving a CSNP, the receiving router may decide to flood a newer LSP if it has one, or request an LSP if it misses it

• Exchange of CSNPs depends on circuit type (broadcast or point-to- point)

• For point-to-point links, CSNPs are only sent initially at adjacency establishment

• For broadcast links, CSNPs are sent periodically by DIS

• Used to request or acknowledge a particular LSP

• “Sequence number” refers to the LSPID as an 8B unsigned integer, not the LSP sequence number

• For point-to-point links, PSNPs are used as requests and acknowledgments

• For broadcast links, PSNPs are used only for requests since acknowledgments are done through CSNPs

• If more than one CSNP needs to be sent, the LSPs listed in these CSNPs need to be advertised in ascending order • CSNP has a start and end sequence number for the advertised LSPIDs • If the CSNP does not advertise a particular LSPID falling into the start/end interval, the router does not know about that LSP at all, hence the need to define the start/end range • If all LSPs can be listed in a single CSNP, start/end sequence numbers are 0000.0000.0000.00-00 and FFFF.FFFF.FFFF.FF-FF • Sequencing and ascending ordering is reason why the packets are named Sequence Number Packets

• Both are used to facilitate LSDB sync

• CSNPs contain a list of all LSPs in sender’s LSDB (allowing the recipient to compare this list to the index of its own LSDB)

• PSNP packets are used to request an LSP or acknowledge its successful arrival

• Narrow and Wide Metrics IS-IS Metrics (1)

Metric types Only supported metric type

• Original IS-IS specification defines four different types of metrics:

• Default - Must be supported by all IS-IS implementations • Delay – Transit delay of the link • Expense – Monetary cost of transiting the link • Error – Residual bit error of the link

• Ideally, SPF would run independently for each of these metrics and result in four different Routing Information Bases (RIBs)

10 E0/0 Ge1/0 10 R1 R2 Te2/0 10

Issue: Equal-cost multipath (ECMP)! R2

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80 IS-IS Metrics (3) Default • IOS-XE, IOS-XR assigns a default metric of 10 on interfaces irrespective of their bandwidth • NX-OS has automatic cost computation similar to OSPF

• Two types of default metrics exist: Narrow and Wide

• Routers with dissimilar metric types can become neighbors but will ignore their common link during SPF computation

• Default metric type in IS-IS (metric-style narrow command)

• RFC 1195 specific interfaces to be assigned with metric of 6 bits wide (0-63)

• End-to-end path can be up to 10 bits wide (0-1023)

Exceeding Narrow Metrics range R2(config-subif)#isis metric 999 Warning: for metrics greater than 63, 'metric-style wide' should be configured on level-1-2, or it will be capped at 63.

Default supported

.1 .2 XR1 12.0.0.0/24 R2

R2#show isis protocol

Tag 1: IS-IS Router: 1 (0x10000) System Id: 0000.0000.0002.00 IS-Type: level-1-2 Generate narrow metrics: level-1-2 Accept narrow metrics: level-1-2

• Introduced as a part of RFC 3784 (now RFC 5305) to expand Narrow metrics range, hence ”Wide metrics”

• Extended IP and Extended Reachability TLVs were introduced

• Metric on per-link basis can be up to 24 bits

• End-to-end path cost can be up to 32 bits

• MPLS-TE, Multi-Topology IS-IS, and Segment Routing require use of Wide metrics to encode attributes

Wide Metrics TLV 135

XR XE router isis 1 router isis 1 address-family ipv4 unicast metric-style wide metric-style wide

• Routers can have metric type mismatched, but still form adjacencies

• Mismatched metrics result in lack of reachability

• Topology is computed based on TLV 2 IIS Neighbors, neighbor will be seen, but no metric will be interpreted between routers • The metric-style transition command can be configured in case of mixed metric environment to advertise both metrics .1 .2 XR1 XR1 12.0.0.0/24 R2 router isis 1 address-family ipv4 unicast R2 metric-style wide router isis metric-style narrow

• Network Types and Adjacencies Network Types

• Two network interface types are supported:

• Broadcast – Default mode for Ethernet interfaces. DIS is required

• Point-to-Point – Only two IS can exist on the media. No DIS election

Note: Flooding is handled differently on broadcast vs. point-to-point (more on this in the LSDB Sync section).

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91 Point-to-Point: IOS-XR router isis 1 interface GigabitEthernet0/0/0/0.12 .1 .2 [no] point-to-point XR1 12.0.0.0/24 R2 address-family ipv4 unicast

# Configuration in XR goes into the # global router mode. # Network type is a property of the # interface. # Negating point-to-point network # means broadcast.

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92 Point-to-Point: IOS-XE interface Ethernet0/0.12 ip router isis .1 .2 [no] isis network point-to-point XR1 12.0.0.0/24 R2

# IOS, IOS-XE configuration for # network type goes directly on the # interface. # Negating point-to-point network # means broadcast.

• IS-IS only supports three possible adjacency states: • Down (2) – Adjacency process starts here. No IIHs have been received from neighbor • Initializing (1) – IIHs are received from the neighbor, but it is not clear yet if the neighbor receives our own IIHs • Up (0) – IIHs are received from neighbor, and it is certain that the neighbor is properly receiving this router’s IIHs

• Note: Adjacency process differs whether IS-IS circuit is broadcast or point- to-point

• In Broadcast networks

• Independent L1/L2 adjacencies are formed

• Separate per-level LAN IIH are sent independently

• DIS election is done on a per level basis

• In Point-to-Point networks

• A single adjacency is formed over the circuit

• A single P2P (serial) IIH is sent over the circuit

Router Type L1 L1-L2 L2-only

L1 L1 IS will form L1 L1 IS will form L1 No adjacency adjacency with L1 IS if adjacency with L1-L2 IS their area ID match if their area ID match

L1-L2 L1-L2 IS will form L1 L1-L2 IS will form L1-L2 L2 adjacency. Area ID adjacency with L1 IS if adjacency if area doesn’t matter their area ID match matches, otherwise only L2 adjacency will be established

L2-only No adjacency L2 adjacency irrespective L2 adjacency irrespective of their area ID of their area ID

How will the adjacency look like?

49.CC1E 49.CCDE

L1 L1

XR1 R2

How will the adjacency look like?

49.CC1E 49.CCDE

L2 L2

XR1 R2

How will the adjacency look like?

49.CC1E 49.CCDE

L1-L2 L1-L2

XR1 R2

How will the adjacency look like?

49.CC1E

L1-L2 L1-L2

XR1 R2

• ISO 10589 assumed adjacency status Up as soon as a hello was received

• Two-way handshake didn’t allow for detection of unidirectional link issues over point-to-point networks prior adjacency establishment Hello • RFC 5303 introduced a three-way handshake to solve this Up .1 .2 XR1 12.0.0.0/24 R2 Down Drop Hello

• IS-IS assign a locally significant circuit ID for every interface the process is enabled

• Point-to-Point circuit ID is independent of Broadcast circuit ID

• Original circuit ID is 1 octet, limited amount of interfaces to 256

• Three-way handshake (RFC 5303) introduces Extended Local Circuit ID of 4 octets in length (used for three-way handshake procedure)

• Cisco (default) and IETF variants of the three-way handshake

• Fields used in the P2P IIH for three-way handshake are:

• Adjacency Three Way State

• Extended Local Circuit ID

• Neighbor System ID

• Neighbor Extended Local Circuit ID

• Cisco three-way handshake variant (isis three-way handshake cisco)

1) IIH (Down) .1 .2 XR1 12.0.0.0/24 R2 Down 2) IIH (Init)

3) IIH (Up)

• IETF three-way handshake variant (isis three-way handshake ietf)

• System ID: R2 • System ID: XR1 Down • Adjacency State: Init • Adjacency State: 1) • Ext. Local Circuit ID: Down 0x100 • Ext. Local Circuit ID: .1 .2 • Neighbor System ID: 0x101 XR1 XR1 12.0.0.0/24 R2 • Neighbor Ext. Local • System ID: XR1 Circuit ID: 0x101 • Adjacency State: Up • Ext. Local Circuit ID: 2) 0x100 • Neighbor System ID: Init XR1 • Neighbor Ext. Local 3) Up Circuit ID: 0x101

• No three-way handshake is needed since MAC addresses are listed in LAN IIH for the segment TLV 6 - IS Neighbors(s)

• Broadcast interfaces still have the 256 interface limitation

R2(config)#interface Ethernet0/0.257 R2(config-subif)# encapsulation dot1Q 257 R2(config-subif)# ip address 10.0.25.7 255.255.255.0 R2(config-subif)# ip router isis

ISIS: Maximum circuit limit (255) has reached. ISIS: Cannot have more then 255 multi-point interfaces.

• Level 1 LAN IIHs are sent with multicast MAC of 0180.c200.0014

• Level 2 LAN IIHs are sent with multicast MAC of 0180.c200.0015

• A router lists the MACs (SNPA) of each accepted IS neighbor on the segment in its LAN IIHs

• DIS election is also performed using LAN IIHs

• Neighbors are detected via LAN IIH

• IIH lists the routers MAC (SPNA) received in the hello packet • System ID: XR1 • System ID: R2 1) • DIS: XR1 • DIS: R2 • Priority: 65 • Priority: 64 .1 .2 • System ID: XR1 • System ID: XR1 XR1 R2 • DIS: XR1 • DIS: XR1 12.0.0.0/24 • IS Neighbor(s): XR1 3) • IS Neighbor(s): R2 2) SPNA SPNA

• Without the DIS the graph is more complex

R2 R3 R1 R2 R3

R5 R4 R4 R5 R6 R6 Multiaccess segment No Pseudonode

• With the DIS the graph is simplified to a collection of P2P links towards the Pseudonode (PSN) DIS

R2 R3

PSN

R4 R5

• DIS election is deterministic (preemptive)

• Criteria of selection of DIS is:

• Highest priority (default 64, range 0 – 127)

• Subnetwork Point of Attachment (SPNA) - MAC, DLCI, VPI/VCI

• System ID • No backup DIS is elected, why? 

• Network type .1 .2

• Max-area-addresses XR1 12.0.0.0/24 R2

• IS-Type

• Area ID

• IPv4 Subnet

• MTU

• Authentication

• System ID

Network Type Mismatch .1 .2 XR1 12.0.0.0/24 R2 XE/R2 P2P Broadcast ISIS-Adj: Sending L2 LAN IIH on Ethernet0/0.12, length 1497 ISIS-Adj: Rec serial IIH from 0cfb.128d.2001 (Ethernet0/0.12) ISIS-Adj: cir type L1L2, cir id 00, length 1497 ISIS-Adj: Point-to-point IIH received on multi-point interface: ignored IIH

XR/XR1 %ROUTING-ISIS-7-ERR_RCV_PAKTYPE : Invalid IS-IS packet type 15 received on GigabitEthernet0/0/0/0.12 SNPA aabb.cc00.0100 (inappropriate code) %ROUTING-ISIS-7-ERR_RCV_PAKTYPE : Invalid IS-IS packet type 16 received on GigabitEthernet0/0/0/0.12 SNPA aabb.cc00.0100 (inappropriate code)

Max-Area Mismatch .1 .2 XR1 12.0.0.0/24 R2 3 router isis XE/R2 (debug isis adj-packets) max-area-addresses 4 ISIS-Adj: Rec serial IIH from aabb.0000.0001 (Ethernet0/0.12) ISIS-Adj: cir type L1L2, cir id 00, length 1497 ISIS-Adj: Max-area-addresses mismatch in serial IIH (cir type 3)

XR/XR1 (Terminal logging) %ROUTING-ISIS-4-ERR_BAD_MAX_AREA_ADDR : Bad max area addresses (4, should be 0 or 3) from GigabitEthernet0/0/0/0.12 SNPA aabb.0000.0002

XE/R2 ISIS-Adj: Sending L1 LAN IIH on Ethernet0/0.12, length 1497 ISIS-Adj: Rec L2 IIH from aabb.0000.0001 (Ethernet0/0.12) ISIS-Adj: cir type L2, cir id 0000.0000.0001.03, length 1497, ht(39) ISIS-Adj: is-type mismatch

XE/R2(debug isis adj-packets) ISIS-Adj: Rec L1 IIH from aabb.0000.0001 (Ethernet0/0.12) ISIS-Adj: cir type L1, cir id 0000.0000.0001.05, length 1497, ht(39) ISIS-Adj: Area mismatch, level 1 IIH on Ethernet0/0.12

Same IPv4 Subnet .1 .2 XR1 R2 10.1.2.0/24 192.0.2.0/24

XE/R2 (debug isis adj-packets) ISIS-Adj: Rec L1 IIH from aabb.0000.0001 (Ethernet0/0.12) ISIS-Adj: cir type L1L2, cir id 0000.0000.0001.05, length 1497, ht(39) ISIS-Adj: No usable IP interface addresses in LAN IIH from Ethernet0/0.12

XR/XR1 (Terminal logging) %ROUTING-ISIS-6-IIH_IF_ADDRESS : IIH received from GigabitEthernet0/0/0/0.12 SNPA aabb.0000.0002 contains unusable IPv4 interface address: 192.0.2.2 not on same subnet as local interface

• How can we solve this?

• The obvious and the best answer is to fix the configuration issue and put both routers on the same subnet. Or…

• We can disable IS-IS adjacency-check  As IS-IS does not run over IP, we can form adjacencies without being in the same subnet if needed

• Note: Routes would not be installed in the RIB, but IS-IS adjacency will be formed

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 121 Adjacency Requirements IPv4 Subnet XR/XR1 XE/R2 router isis 1 router isis address-family ipv4 unicast adjacency-check disable no adjacency-check

RP/0/0/CPU0:XR1# show isis neighbors Mon May 27 04:42:30.345 UTC

IS-IS 1 neighbors: System Id Interface SNPA State Holdtime Type IETF-NSF R2 Gi0/0/0/0.12 aabb.0000.0002 Up 8 L1L2 Capable

Total neighbor count: 1

• If no MTU detection, LSDB synchronization can fail due to big LSP exchanged over the link

• Hello padding can prevent this issue by avoiding adjacency to established in the first place

LSP(>1500)

NLRI<1…>

NLRI

MTU 1500 Drop MTU 2000 .1 .2 XR1 12.0.0.0/24 R2

• IS-IS pads hello packets to the maximum MTU to detect MTU mismatch issues

• Hello padding uses padding TLV 8 on P2P IIH and LAN IIHs

• Padding is enabled by default, if disabled, IOS still sends the first 5 IIHs padded

• IOS XE • IOS XR

R1(config)#interface ethernet0/0.12 XR2(config)#router isis 1 XR2(config-isis)#interface gig0/0/0/0.12 R1(config-subif)#no isis hello padding XR2(config-isis-if)#hello-padding disable

#”sometimes” keyword sends hello’s padded at the R1(config)#router isis adjacency formation only.

R1(config-router)#no hello padding

• Areas and Routing Levels (Routing Hierarchy) Areas

• An area is an administrative partition of the subdomain

• Area membership is given by the configured NET

• Routers are part of an area as a whole

• A router with multiple NETs is not member of multiple areas, it is member of a single area that has multiple area addresses (aliases)

• There are no special area types

• Intra-area routing, that is, routing between ES nodes that are members of the same area • Complete visibility of intra-area topology

• To achieve inter area routing, Level-1 capable routers connect to L1-L2 capable routers

• Level-2 is inter-area routing in IS-IS

• Routing of between ES nodes that reside in different areas of the same domain

• Complete visibility of the domain

• IS nodes do not advertise the list of connected ES, only the area addresses (the NSAP part starting with AFI and ending just before System ID) to connect between the areas

• Level-2 is considered backbone for IS-IS

• A contiguous “chain” of Level-2 routers is required to maintain backbone

• Loop prevention consists on Level-1 NLRI information passing to Level-2 LSP, but not vice versa

• NLRI is hidden for Level-1; Level-2 capable routers will set the ATT-bit if connected to other areas on the Level-1 LSP to achieve inter-area routing

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 130 Level-1 Intra Area Routing • Will R1 have R6 192.0.2.6/32 loopback in its RIB? L2 • Will R7 have R1 192.0.2.1/32 loopback in its RIB? L2

R7 49.CC1E 49.CCDE L1 L1-L2 L2 L1-L2 L1

R1 R2 R4 R5 R6

R3 L1-L2

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 131 Level-2 Inter Area Routing • R2 and R5 will set ATT-bit in Level-1 LSP to achieve inter areaL2 routing • R1 and R6 will generate a default route towards the nearest Level-2 capable router

R7 49.CC1E 49.CCDE L1 L1-L2 L2 L1-L2 L1

R1 R2 R4 R5 R6

R3 L1-L2

• Link-State Database under Magnifying Glass Flooding Events

• Event changes that cause flooding of new information is IS-IS include: • Adjacency state • System ID • Area ID • DIS re-election • Metric cost

• Note: If changes are triggered, entire LSP must be reflooded

• Link-State Database (LSDB) contents draw a detailed map of the network topology within a particular scope • IS-IS Level-1: The detailed topology (every single Level-1-capable router and link) of an area • IS-IS Level-2: The detailed topology of all Level-2-capable routers and links in the domain, regardless of areas • IS-IS maintains independent LSDBs for each level • LSDB stores all Link State Packets (LSPs) of a particular level • Level-1: All Level-1 LSPs originated by routers in the same area • Level-2: All Level-2 LSPs originated by routers in the domain

• All routers operating at the same scope (Level-1 in the same area, or Level-2) must have identical LSDB contents • LSDB contents must be synchronized between routers at all times • Synchronizing LSDB contents requires • Exchanging LSPs during initial synchronization when a new adjacency comes up, and anytime an LSP is updated • Acknowledging exchanged LSPs using Partial SNPs • On broadcast network types, using DIS as a synchronization reference using Complete SNPs

• When a new adjacency comes up between two routers on a point- to-point link, they synchronize their LSDBs in a simple way

• Each router schedules all LSPs to be sent to the neighbor

• If the received LSP is…

• New(er): Store it and schedule it for acknowledgment in a PSNP

• Identical: Schedule an acknowledgment in a PSNP

• Older: Schedule our own LSP to be flooded to the neighbor

• LSP stays scheduled for sending to the neighbor only if it is newer

• IS-IS specification in fact calls for an optimization of LSP flooding on point-to-point links

• When the adjacency first comes up, routers should exchange CSNPs once, in addition to scheduling all LSPs for sending

• Any LSP that is advertised as the same or newer in the CSNP received from the neighbor should be unscheduled from sending

• As a result, each router will send only LSPs that are newer than the neighbor’s, or are unknown by the neighbor entirely

• On broadcast networks, pairwise synchronization of a new router with every existing neighbor would be both complex and useless • Instead, DIS becomes the reference point for database synchronization among all routers on the network • Relying on transitivity: If I know the same as DIS, and if you know the same as DIS, then I and you know the same, too • Every router’s goal: Make the DIS LSDB and own LSDB identical • As opposed to OSPF, all IS-IS routers on a broadcast network are fully adjacent and accept LSPs from each other directly • DIS is not a relay for LSPs, only a reference store

• DIS sends out an inventory of all its LSPs in periodic CSNPs • Each router on the broadcast network compares its LSDB inventory to the CSNP contents • If the router knows about a(n)… • Newer LSP: Just flood it onto the network. Other routers including DIS will learn it, and DIS will advertise it in the upcoming CSNPs • Identical LSP: Do nothing; treat the CSNP as an acknowledgment of the flooded LSP • Older LSP: Ask for an updated LSP using a PSNP; DIS will flood it

• On point-to-point links • All LSPs are scheduled for flooding unless unscheduled through one time CSNPs (if the neighbor has the same or newer LSPs) • PSNPs are used as acknowledgments • On broadcast networks • Only LSPs that are newer than the ones seen in periodic CSNPs, or missing from them, are scheduled for flooding • PSNPs are used to request newer LSPs from DIS • LSPs are accepted between all neighbors directly • LSPs are acknowledged only by DIS by including them in subsequent CSNPs

• Path Selection and Route Leaking Path Selection Route Types • L1

• Internal

• External

• Inter-Area (ia)

• L2

• Internal

• External

• If routes are from the same Level, internal is preferred over external

• If routes are from the same Level, either internal or external, route with lowest metric wins

• If routes are from the same Level, either internal or external and same metric, load sharing will be performed

• Two-level hierarchy rules must be followed, due to this, L1 routes are leaked to L2 by default

• In certain scenarios, L2 routes should be leaked to L1 to avoid sub- optimal routing or traffic engineering

• Route leaking TLVs 128 and 130 are defined for Narrow metrics

• Wide metrics uses TLV 135 • Up/down bits are set when route leaking is performed

• RFC 5308 introduced support for IPv6 routing with IS-IS

• New TLVs introduced to support IPv6

• IPv6 Reachability TLV, IPv6 Interface Address LTV, IPv6 NLPID

• Single topology and Multi topology operation • Enabled with ipv6 router isis interface command

• IPv6 routing with IS-IS has two operation modes:

• Single Topology – IPv4/IPv6 topologies are directly mapped to each other, single SPF run (default in XE) – mode multi-topology

• Multi Topology – IPv4/IPv6 topologies are independent to each other, different SPF run (default in XR) – mode single-topology

• Note: Transition mode will describe both modes in the LSPs

• IIHs are authenticated independently from LSPs, CSNPs, and PSNPs

• Authentication is performed on each level independently

• All Level-1 capable routers within the same area must use the same area password

• All Level-2 capable routers in any area must use the same domain password • Plain Text and HMAC-MD5 authentication modes are supported

• LSP

• The password used to authenticate a Level 1 LSP must be shared by all Level 1 capable routers in the same area

• The password used to authenticate a Level 2 LSP must be shared by all Level 2 capable routers across all areas

• IIH, SNP

• Packets are not flooded across area domain

• Can be different on different networks

• Legacy syntax (Plain Text Authentication Only) • area-password

• domain-password

• Current syntax

• authentication mode (md5 | text) (level-1 | level-2)

• authentication key-chain (level-1 | level-2)

• Legacy syntax (Plain Text Authentication) • isis password [level-1 | level-2]

• Current syntax (Cryptographic MD5)

• authentication mode {md5 | text} [level-1 | level-2]

• authentication key-chain [level-1 | level-2]

• Level-1-2 routers in the area area allowed to summarize the NLRI

• Level-1 routes cannot be summarized within an area unless originating router is redistributing the IP prefixes

• Lowest metric of component is used for metric of the summary • Summary-address command under router isis is used to configure summarization

• IS-IS adjacency and LSPDU events are not logged by default in IOS- XE or IOS-XR

• Useful for troubleshooting purposes

IOS-XR IOS-XE router isis 1 router isis 1 log adjacency changes log-adjacency-changes all log pdu drops

• TLV 137 identifies symbolic name of the router originating the LSPs

• Can be disabled if needed with the no dynamic hostname in IOS-XE or hostname dynamic disable in IOS-XR under IS-IS router mode

• Use show isis hostname to check the list of System ID to hostname mappings RP/0/0/CPU0:XR1#show isis neighbors Mon Jun 3 19:31:39.062 UTC

IS-IS 1 neighbors: System Id Interface SNPA State Holdtime Type IETF- NSF 0000.0000.0002 Gi0/0/0/0 0cfb.1241.8900 Up 20 L1L2 Capable

• If passive-interface feature is enabled, we can suppress advertisement of prefixes by enabling advertise passive-only in XE, XR

• Will suppress advertisement of all prefixes except the ones with passive-interface command Prefix 1

Prefix 2

Prefix 3

Prefix

.1 .2 XR1 12.0.0.0/24 R2

• Prefixes can also be suppressed by using the no isis advertise prefix command

• This serves the purpose of selective prefix suppression in IS-IS, in case required Prefix 1

Prefix 2

Prefix 3

Prefix

.1 .2 XR1 12.0.0.0/24 R2

• In XE, this hidden command will not only ignore the ATT-bit • XR uses the attached-bit receive ignore equivalent command • IS will not use the ATT-bit to install default route towards nearest Level- 1-2 router • Could be used in case route-leaking allows visibility of all prefixes in a domain for Level-1 R2(config)#router isis 1 R2(config-router)#ignore-attached-bit

%PARSER-5-HIDDEN: Warning!!! ' ignore-attached-bit ' is a hidden command. Use of this command is not recommended/supported and will be removed in future.

• IS-IS tags can be enabled if Wide metrics are enabled in the domain

• Tag value is set under sub-TLV 1 for TLV 135 • Use the isis tag command under the interface to tag the prefixes

• Tagging using route-maps (XE) or route policy language (XR) can be used for tagging when redistributing or leaking prefixes

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 165 IS-IS Tags (2) route-policy TAG RP/0/0/CPU0:XR1#show isis database XR1.00-00 level 2 verbose if destination in (1.1.1.1/32) then IS-IS 1 (Level-2) Link State Database set tag 1 LSPID LSP Seq Num LSP Checksum LSP endif Holdtime ATT/P/OL XR1.00-00 * 0x00000019 0x346d end-policy 1115 0/0/0 Area Address: 49.0000 ! NLPID: 0xcc router isis 1 Hostname: XR1 IP Address: 10.0.0.1 address-family ipv4 unicast Metric: 10 IS-Extended R2.00 Metric: 0 IP-Extended 1.1.1.1/32 redistribute connected route-policy TAG Admin. Tag: 1

• We can set the ATT-bit based on route-map policies

• Often used if all Level-1 and Level-2 routers share the same area

• If all routers are in the same area domain, no ATT-bit will be set 49.CC1E

L1 L1-L2 L2 L1-L2 L1

R1 XR2 R3 R5 R6 XR2 router isis 1 address-family ipv4 unicast attached-bit send always-set #CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 167 L1-L2 Backdoor Router (1)

• Level-1 routers can only communicate with other Level-1 routers on different areas through Level-2 (backbone)

• There are cases where backdoor links are configured between Level-1 routers on different areas, • We can set the is-type level-1-2 backdoor command to allow Level-2 adjacency between backdoor routers

• Note: ATT-bit will never be set when backdoor feature is enabled on a router

R7 49.CC1E 49.CCDE L1 L1-L2 L2 L1-L2 L1

R1 R2 R4 R5 R6

R3 L1-L2

L2 R7 49.CC1E 49.CCDE L1 L1-L2 L2 L1-L2 L1

R1 R2 R4 R5 R6

R3 L1-L2 Backdoor

• Initially, routing between area 49.0052 and 49.0056 must go through L1-L2 R2 -> R3 -> R5 ->R6 and vice versa

• If a link is connected between R1 and R6, routing directly between the two Level-1 areas is desirable

• Solution: Level-2 adjacency can be established between R1 and R6 without setting the ATT-bit, hence, is-type backdoor 

R1 R6

Interface ethernet0/0.16 Interface ethernet0/0.16

description backdoor description backdoor ip address 10.1.6.1 255.255.255.0 ip address 10.1.6.6 255.255.255.0 isis circuit-type level-2 isis circuit-type level-2 router isis router isis

is-type level-1-2 backdoor is-type level-1-2 backdoor

Note: Same feature can be applied to XR by configuring the attached-bit send never-set command under the IS-IS process

• CLNS Adjacency Filter can be used in situations where we want to prohibit the router from forming adjacencies with other IS-IS enabled routers

clns filter-set XR1_NET deny 49.0000.0000.0000.0001.00 clns filter-set XR1_NET permit default ! interface gigabitethernet1 isis adjacency-filter XR1_NET

%CLNS-5-ADJCHANGE: ISIS: Adjacency to XR1 (GigabitEthernet1) Down, hold time expired .1 .2 XR1 R2

• IS-IS specification does not prohibit the periodic sending of CSNP over P2P circuits

• XE, NX-OS, XR do not send periodic CSNP over P2P links by default • The interface isis csnp-interval <0-65535> command can be used in XE (In XR, under the interface under the router isis mode)

#CLUS BRKRST-2315 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 174 Complete your online session • Please complete your session survey after each session. Your feedback evaluation is very important.

• Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live water bottle.

• All surveys can be taken in the Cisco Live Mobile App or by logging in to the Session Catalog on ciscolive.cisco.com/us.

Cisco Live sessions will be available for viewing on demand after the event at ciscolive.cisco.com.

Demos in the Walk-in labs Cisco campus

Meet the engineer 1:1 meetings Related sessions

#CLUS #CLUS