- OSI stack
- Intermediate System to Intermediate System (IS-IS)
- Neighbourship
- Timers
- PDU
- States
- LSP
- TLVs
- Area address (1)
- IS neighbour (2)
- IS neighbour (6)
- LSP entries (9)
- Authentication (10)
- Extended IS reachability (22)
- IP internal (128) / external (130) reachability
- Protocols supported (129)
- Interdomain routing protocol information (131)
- IP interface address (132)
- Extended IP reachability (135)
- Restart (211)
- MT IS (222)
- Multi-topology (MT) (229)
- IPv6 interface address (232)
- MT Reachable IPv4 prefix (235)
- IPv6 reachability (236)
- MT Reachable IPv6 prefix (237)
- P2P 3-way adjacency (240)
- Router capability (242)
- Sub-TLVs
- IS-IS vs OSPF
- Authentication
- Route leaking
- Design
- Redistribution
- IPv6
- Summarization
- Loop-free alternative (LFA)
- Graceful restart
OSI stack
Routing
- Level 0: ES-ES (ESH) or ES-IS (ISH) on same link
- Level 1: between ES within same area
- Level 2: between ES within same domain, but different areas
- Level 3: between ES in different domains (interdomain routing protocol, IDRP)
Connectionless mode network protocol (CLNP)
- network service access point address (NSAP)
- router-id: <area ID>.<system ID>.<NSEL>
- NSEL:
- network selector
- ≈ next protocol
- = 0x00
- system ID:
- L1 routing
- unique within L1 area or L2 backbone
- 6 bytes
- area ID:
- AFI + IDI + DSP
- AFI:
- authority and format ID (≈ IP class)
- 39 = country code according to ISO 3166
- 45 = international phone number E.164
- 47 = international code designator ISO 6523
- 49 = private
- IDI: initial domain ID
- DSP: domain-specific part
- AFI:
- L2 routing
- 3 bytes
- AFI + IDI + DSP
- NSEL:
- several RID per router ≡ areas stitching
- router-id: <area ID>.<system ID>.<NSEL>
- subnetwork point of attachment (SPNA)
- subinterface, physical interface address: MAC, DLCI
; 3 default, number of NSAP per node, must match within level
(config-router)# max-area-addresses <NUM>
OSI PDU Header (IS-IS)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| 0x83 | Length indicator |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Version/Protocol ID ext | ID length |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Reserved | PDU type | Version (0x01) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Reserved | Max area addresses |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
\ \
/ PDU specific fields /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ TLVs /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0x83 – intradomain routing protocol discriminator
Length indicator: bytes, header length ≡ PDU without TLVs
Version/Protocol ID extension = 1
ID length:
- system ID length within domain, bytes
- 0 ≡ 6 bytes
- 255 ≡ 0 bytes
PDU type:
- Hello
- 15: L1 LAN
- 16: L2 LAN
- 17: P2P
- LSP
- 18: L1
- 20: L2
- CSNP
- 24: L1
- 25: L2
- PSNP
- 26: L1
- 27: L2
Max area addresses:
- 0 ≡ 3 addresses
- n addresses, n ∈ [1;254]
OSI PDU Header (ES-IS)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+
| 0x82 |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| PDU length | Version (0x01) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Reserved | PDU type |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Holdtime (sec) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Checksum |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| |
| NET |
| |
| |
+ +---+---+---+---+---+---+---+---+
| |
+---+---+---+---+---+---+---+---+
0x82 – network layer protocol ID
PDU length: bytes, whole PDU
PDU type:
- 0x4: IS hello
Connectionless mode network service (CLNS)
Intermediate System to Intermediate System (IS-IS)
- on top of L2 protocol
- data passed with TLVs
- MAC destination:
- L2: 0180.c200.0015
- L1: 0180.c200.0014
- CS0 priority
- levels:
- L1: intra-area
- intra routes only
- other areas are reached via closest L1/L2 router
- L1 Hello
- L1 LSDB
- ≈ totally stubby
- L2: backbone
- all routes are available
- L2 LSDB: closest L1/L2 to area
- L1/L2: both roles
- L1 and L2 LSDB
- default role
- default gateway for area
- redistribution:
- L1 → L2
- L2 →× L1, default instead
- L1: intra-area
- whole router belongs to area (part of RID), not an interface
- default metric:
- 0 for passive
- 10, no auto-cost
- AD = 115 by default
- change of AD refreshes RIB entries’ AD
- if two processes have same AD: lower metric → lower process tag
- min MTU = 1492
- route selection
- L1 over L2
- internal over external
- lowest metric
- load-balance
- IOS does not support optional metric
; if several addresses ≡ merge areas
(config-router)# net <NSAP>
; level-1-2 default
(config-router)# is-type level-1|level-2-only|level-1-2
; narrow ≡ 64 values, narrow is not compatible with wide
(config-router)# metric-style wide
; set default interface metric, 10 by default
(config-router)# metric <M>
; messages about IS-IS adjacency
(config-router)# log-adjacency-changes all
; prefixes with tag = N have more priority for RIB install (/32 – medium, other – low)
(config-router)# ip route priority high tag <N>
(config-router)# bfd all-interfaces
(config-if)# ip router isis <TAG>
(config-if)# ip isis bfd
(config-if)# isis metric <M>|maximum
(config-if)# isis circuit-type level-1|level-2-only|level-1-2
; 64 by default
(config-if)# isis priority <NUM>
; tag for connected prefix, priority for RIB installation
(config-if)# isis tag <N>
# show clns
# show clns interface
# show clns protocol
# show clns neighbor
Neighbourship
- must match:
- link type (LAN, P2P)
- address-family enabled on interface
- system ID length
- max number of area addresses: ≈ areas per L1/L2, addresses for one IS
- area number for L1 neighbours
- not required to match:
- timers
- address-family supported for the system
- capabilities: not supported are ignored
- neighbour’s address must fall under subnet, otherwise:
- LAN: no neighbourship
- P2P: ES-IS (show clns neighbour), IS Hello
; disable verification that AF and IPv4 subnet match
(config-router)# no adjacency-check
; does not send Hello (no adjacency), adds prefix to LSP even without "ip router isis"
(config-router)# passive-interface <INTF>
; AF, address mismatch
# debug isis adj-packets
P2P
- local circuit ID
- detects change of peer on the link
- does not have to be unique
- IIH packet
- adjacency 3-way state
- extended local circuit ID: local interface ID
- neighbour system ID: peer ID, whose Hello is received
- neighbour extended local circuit ID
- on FR SVC or ATM SVC peer might be changed transparently ≡ no topology change detected
- verifies bidirectional communication with peer
- IIH is accepted if
- neighbour system ID and extended local circuit ID are clear
- neighbour system ID = local system ID && neighbour extended local circuit ID = interface ID
- initial LSDB sync
- process
- mark all LSP for flooding
- exchange CSNP/PSNP: only in the beginning (neighbourship established) by default
- clear flooding from equal LSPs
- acknowledge
- PSNP (same LSPs)
- CSNP: not prohibited by standard
- process
- no common MTID are found in Hello – no neighbourship
; CSNP transmit interval, disabled on P2P by default, 10s default
(config-if)# isis csnp-interval <sec> [level-1|level-2]
; on bcast media only
(config-if)# isis network point-to-point
; enable TLV 240 and extended circuit ID
(config-if)# isis three-way-handshake ietf
; 5s default, resend LSP if no PSNP received, P2P only
(config-if)# isis retransmit-interval <sec>
; lsp-interval by default, P2P only, delay between retransmitted LSP
(config-if)# isis retransmit-throttle-interval <ms>
Broadcast
- DSAP = SSAP = 0xFE
- IIH carry TLV with neighbours’ SPNA ≡ MAC (in OSPF – RIDs)
- local circuit ID has to be unique within IS for circuits where IS is DIS (used as pseudonode ID)
- LSDB sync:
- process:
- if LSPID is available and sequence numbers match – no action
- if no LSPID is found or sequence in CSNP is higher – send PSNP
- if sequence in CSNP is lower – need to update DIS with new LSP (if somebody sends new LSP – suppress own transmit)
- DIS sends new LSPs
- no LSP acknowledgements: if LSP is lost, it will be retransmitted later
- PSNP only requests LSP
- updated CSNP – implicit acknowledgement (if not updated – reflood LSP)
- process:
- no common MTID are found in Hello – L1/L2 neighbourship (for DIS election)
Designated IS (DIS)
- ≈ OSPF DR
- DIS switchover – pseudonode LSP replacement only, all adjacencies are built ⇒ no backup DIS required
- always preempted
- functions:
- LSDB sync in bcast segment: sends CSNP every 10s by default
- pseudonode in SPF
- election
- highest priority: 64 default, 0 also participates
- highest SPNA
- highest system ID: if SPNA are not comparable (same DLCI on PVC ends)
- inserts own local circuit ID for Pseudonode into LSPID: distinguish circuits for which it is DIS
- one node can be DIS for 255 segments max – size of circuit ID
Timers
- DIS timers are 3 times lower
- types
- hello:
- 10s by default
- 25% jitter
- dead:
- 3 × hello by default
- neighbour’s timer is used
- LSP age
- 1200s default
- LSP lifetime
- on expiration LSP is not used, only header is retained
- LSP age flood
- 60s default
- delay before LSP flood after LSP age expires
- prevents learning old LSP from fresh neighbour
- LSP refresh
- 900s default
- 25% jitter
- renew self-originated LSPs
- hello:
; Maxage for locally originated LSP, 1200s by default
(config-router)# max-lsp-lifetime <sec>
; 900s default
(config-router)# lsp-refresh-interval <sec>
; 10s default, minimal: hold = 1s, hello = 1/multiplier
(config-if)# isis hello-interval <sec>|minimal
(config-if)# isis hello-multiplier <NUM>
PDU
- every type is duplicated for L1 and L2
- types:
- Hello
- P2P – L1L2 Hello
- padded up to MTU
- Link-state PDU (LSP)
- prefix, metric, neighbour
- single PDU for all prefixes of IS
- Complete sequence number PDU (CSNP)
- update with list of PDUs ≈ OSPF DD
- Partial sequence number PDU (PSNP)
- ≈ OSPF LSR
- acknowledge update on P2P link
- request information
- Hello
; disable padding after adjacency is established, initial Hello are still padded
(config-if)# no isis hello padding
; SNP and LSP
# debug isis update-packets
; SNP
# debug isis snp-packets
IS-IS LAN Hello data
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Reserved |CirType| Sender system ID (var length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Hold time |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| PDU length |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| R | Priority | LAN ID (variable length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
LAN ID = DIS system ID || Pseudonode ID
Circuit Type
- 00: ignore
- 01: L1
- 10: L2
- 11: L1L2
IS-IS P2P Hello data
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Reserved |CirType| Sender system ID (var length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Hold time |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| PDU length |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Local circuit ID |
+---+---+---+---+---+---+---+---+
IS-IS LSP data
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| PDU length |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Remaining lifetime |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| LSPID (variable length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Sequence number |
| |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Checksum |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| P | ATT |OL |IS type|
+---+---+---+---+---+---+---+---+
ATT:
- attached in L1/L2 LSP
- 0x1: default metric supported
- 0x2: delay
- 0x4: expense
- 0x8: error
IS type:
- 01: L1
- 10: L2
- 00, 11: unused
IS-IS CSNP/PSNP data
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| PDU length |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
/ /
\ Source system ID.00 \
/ /
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
/ / |
\ Start LSPID \ |
/ / \
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ > CSNP
/ / / only
\ End LSPID \ |
/ / |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
End LSPID = 0xFF.. of the last fragment
States
- DOWN: Hello is not received
- INIT: Hello is received, own address is not listed
- UP: Hello is received and own address is found
LSP
- LSP ID = <system ID>.<local circuit ID (= 0) / DIS (≠ 0)>–<fragment number>
- age is decreased
- unknown TLV is forwarded further without change
- LSP purge
- announce LSP with Remaining lifetime = 0
- can be initiated by any router, not only originator
- LSP bits:
- ATT
- attachment
- IS is adjacent to L2 ≡ at least one L2 LSP, originated by other router
- L1 set default route via this IS
- L1 LSPs only
- attachment
- P
- partition repair support
- not supported by IOS
- stitch separated area ≈ OSPF virtual-link
- OL
- overload, set if resources are insufficient
- not used in SPF for transit paths (ignore IS adjacency)
- used in SPF only for directly attached networks (account IPv4/IPv6 adjacency)
- graceful insertion:
- fill LSDB and verify state before running production
- wait for BGP to converge: all peers (except for admin down) are up, only on start
- graceful removal: allow path recalculation without traffic disruption
- ATT
(config-router)# set-overload-bit [on-startup <sec>]
(config-router)# set-overload-bit [on-startup wait-for-bgp]
(config-router)# set-overload-bit [suppress external|interlevel]
; on default, if LSP has bad CRC – drop in lieu of purge
(config-router)# ignore-lsp-error
; 33ms default, delay between LSP transmissions
(config-if)# isis lsp-interval <ms>
; * ≡ LSP is generated by this router
# show isis database [detail]
; IPv4 topology
# show isis topology
# show isis ipv6 topology
# show isis rib
# show isis hostname
# show isis spf-log
# debug isis spf-triggers
# debug isis spf-events
# debug isis spf-statistics
Up/down bit
- protection against routing loops on inter-level leaking
- 0 ≡ route is from L1
- 1 ≡ leaked L2 → L1
Fragmentation
- performed by originating router only
- if LSP > MTU, then several LSPs are created: same system ID + pseudonode ID
- LSP is not modified in transit
- MTU must be equal within flooding scope
- domain authentication password must match
- fragments are not processed without first one (zero fragment)
- sets OL bit, IS type
- includes area address – necessary for tree calculation
Mesh group
- RFC 2973
- reduces flooding
- if LSP is received on
- interface outside mesh group: flood to every interface (same for self-originated)
- interface within mesh group: flood to every interface except for same mesh group members
- blocked group:
- LSP are not sent
- LSP are accepted with subsequent reflood
(config-if)# isis mesh-group <num>|blocked
Flood delay
- first LSP generation is delayed by init_time
- second LSP generation is delayed by sec_time, if it happens during wait_time
- sebsequent delays are multiplied by 2 up to wait_time; the rest delays are equal to wait_time
- throttle is reset, if there are no triggers for 2 × wait_time
- similar timers for SPF and PRC (partial route recalculation)
; defaults: wait = 5s, init = 50ms, second = 5000ms
(config-router)# lsp-gen-interval <wait> [<init> <second>]
; defaults: wait = 5s, init = 2000ms, second = 5000ms
(config-router)# prc-interval <wait> [<init> <second>]
; defaults: wait = 10s, init = 5500ms, second = 5500ms
(config-router)# spf-interval <wait> [<init> <second>]
TLVs
- code and length – 1 byte
- 1:
- area addresses
- Hello, L1 & L2 LSP
- 2:
- IS neighbour
- L1 & L2 LSP
- 3:
- ES neighbour
- L1 LSP
- 4:
- partition designated L2 IS
- L2 LSP
- 5:
- prefix neighbours
- L2 LSP
- 6:
- IS neighbour
- LAN Hello only
- carries MAC addresses of all neighbours, that IS can hear
- 8:
- Padding
- Hello
- 9:
- LSP entries
- CSNP, PSNP
- 10:
- authentication
- Hello, L1 & L2 LSP, CSNP, PSNP
- 12:
- optional checksum
- Hello, CSNP, PSNP
- 14:
- LSP buffer size
- L1 & L2 LSP
- 22:
- extended IS reachability, replaces TLV 2
- wide metric to IS, NSAP ≠ 0
- MPLS TE with sub-TLV
- L1 & L2 LSP
- 125:
- extended IP reachability
- wide metric to prefix
- 128:
- internal reachability
- L1 & L2 LSP
- 129:
- protocols supported
- Hello, L1 & L2 LSP
- 130:
- external reachability
- L1 & L2 LSP
- 131:
- interdomain routing protocol information
- L2 LSP
- 132:
- IP interface address
- up to 63 addresses (TLV length limit)
- Hello, L1 & L2 LSP
- 134:
- TE RID
- L1 & L2 LSP
- 135:
- replaces TLV 128, 130 for wide metric
- MPLS TE with sub-TLVs
- L1 & L2 LSP
- 137:
- dynamic hostname
- L1 & L2 LSP
- 211:
- graceful restart
- Hello
- 222:
- MT IS
- each MTID has its own TLV
- L1 & L2 LSP
- 229:
- multi-topology (MT)
- Hello, L1 & L2 LSP
- 232:
- IPv6 interface address
- up to 15 addresses (TLV length limit)
- link-local address in Hello
- global/site address in L1 & L2 LSP
- 235:
- MT reachable IPv4 prefix
- L1 & L2 LSP
- 236:
- IPv6 reachability
- L1 & L2 LSP
- 237:
- MT reachable IPv6 prefix
- L1 & L2 LSP
- 240:
- P2P circuit
- 3-way handshake: verify that link is bidirectional
- extended local circuit ID
- contains neighbour address, whose IS Hello is received
- IS-IS Hello is sent only after receiving IS Hello (bcast sends IS-IS from the start)
- 242: router capability
- 250:
- experimental
- Hello, L1 & L2 LSP, CSNP, PSNP
Area address (1)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Address length | Area address (var length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ... |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Address length | Area address (var length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
IS neighbour (2)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+
| Virtual Flag |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
| R |I/E| Default metric | S |I/E| Delay | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ \
| S |I/E| Expense | S |I/E| Error | > IS
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ / info
| Neighbour ID | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
Virtual flag:
- 0x01: link – L2VL to repair area partition
I/E:
- 0 ≡ internal, always clear because IS is always internal
- 1 ≡ external
S:
- 0 ≡ supported
- 1 ≡ unsupported
Neighbour ID:
- = system ID || circuit ID (0x00)
- includes pseudonode
IS neighbour (6)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| |
| MAC address 1 |
| |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ... |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| |
| MAC address n |
| |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
LSP entries (9)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
| Remaining lifetime | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ |
| LSPID (variable length) | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ \
| LSP sequence number | > LSP
| | / entry
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ |
| Checksum | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
| ... |
Authentication (10)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Authentication type | AuthC value (var length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
Type:
- 1: clear-text
- 54: MD5
Extended IS reachability (22)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| |
| Neighbour ID |
| |
+ +---+---+---+---+---+---+---+---+
| | |
+---+---+---+---+---+---+---+---+ +
| Default metric |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Length of sub-TLV | Sub-TLVs (var length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ... |
IP internal (128) / external (130) reachability
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
|U/D|I/E| Default metric | S | R | Delay | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ |
| S | R | Expense | S | R | Error | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ \
| IP address | > prefix
| | / info
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ |
| Subnet mask | |
| | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
| ... |
U/D: Up/down bit
- 1 ≡ prefix is from MPLS or L2
- ignored, if not supported ≡ problem
Metrics:
- internal ∈ [0;63]
- external ∈ [64;127]
- not related to metric type
Protocols supported (129)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| NLPID 1 | NLPID 2 |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ... |
NLPID: network layer protocol ID
- 0xCC: IPv4
- 0x8E: IPv6
- 0x81: CLNS
Interdomain routing protocol information (131)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Interdomain information type | External information |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
Type:
- 0x01: format of local interdomain routing protocol
- 0x02: 16bit ASN, applied to all subsequent TLV 130
IP interface address (132)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| |
| IP address 1 |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ... |
Extended IP reachability (135)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Metric |
| |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|U/D| S | Prefix length | IP prefix (variable length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Length of sub-TLV | Sub-TLVs (var length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ... |
S:
- 1 ≡ sub-TLVs present
- 0 ≡ length of sub-TLVs and sub-TLVs are not included
Restart (211)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+
| Reserved |SA |RA |RR |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Remaining time (sec) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| |
| Neighbour ID |
| |
+ +---+---+---+---+---+---+---+---+
| |
+---+---+---+---+---+---+---+---+
RR: restart request
RA: restart ack
SA: supress adjacency advertisement ≡ NSF support, no SSO
MT IS (222)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Reserved | MTID |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
| | |
| Neighbour ID | |
| | |
+ +---+---+---+---+---+---+---+---+ \
| | | > IS
+---+---+---+---+---+---+---+---+ + / info
| Default metric | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ |
| Length of sub-TLV | Sub-TLVs (var length) | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
| ... |
Multi-topology (MT) (229)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| OL| A | Rsvd | MTID |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ... |
OL: overload
A: attachmant
IPv6 interface address (232)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| |
| |
| |
| Interface address |
| |
| |
| |
| |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ... |
MT Reachable IPv4 prefix (235)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Reserved | MTID |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
| | |
| Metric | \
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ > IP
|U/D| S | Prefix length | IP prefix (variable length) | / info
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ |
| Length of sub-TLV | Sub-TLVs (var length) | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
| ... |
S:
- 1 ≡ sub-TLVs present
- 0 ≡ length of sub-TLVs and sub-TLVs are not included
IPv6 reachability (236)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Metric |
| |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|U/D| X | S | Reserved | Prefix length (only if S = 1) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
\ \
/ Prefix /
\ \
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Length of sub-TLV | Sub-TLVs (var length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ... |
X:
- 0 ≡ internally originated
- 1 ≡ externally originated
S:
- 1 ≡ sub-TLVs present + Prefix is Prefix length long
- 0 ≡ length of sub-TLVs and sub-TLVs are not included + Prefix is up to TLV end
MT Reachable IPv6 prefix (237)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Reserved | MTID |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
| | |
| Metric | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ |
|U/D| X | S | Reserved | Prefix length (only if S = 1) | \
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ > IPv6
\ \ / info
/ Prefix / |
\ \ |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ |
| Length of sub-TLV | Sub-TLVs (var length) | |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--+
| ... |
X:
- 0 ≡ internally originated
- 1 ≡ externally originated
S:
- 1 ≡ sub-TLVs present + Prefix is Prefix length long
- 0 ≡ length of sub-TLVs and sub-TLVs are not included + Prefix is up to TLV end
P2P 3-way adjacency (240)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+
| State |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Extended |
| local circuit ID |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Neighbour |
| system ID |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Neighbour |
| extended local circuit ID |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
State:
- 0x00 ≡ Up
- 0x01 ≡ Init
- 0x02 ≡ Down
Router capability (242)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Router ID |
| |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| Reserved | D | S | Sub-TLV (variable length) |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
S:
- 0 ≡ within area
- 1 ≡ must be leaked throughout domain
D:
- 1 ≡ L2 → L1 leaked
Sub-TLVs
- type, length – 1 byte
- 1: SID/label
- 2: segment routing capability
- 3: prefix SID
- 19: SR algorithm
- 22: SR local block
- 31: adjacency SID
- 32: LAN-Adj-SID
- 149: SID/label binding
- 150: MT SID/label binding
SID/label (1)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | SID/Label (variable length) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Length:
- 3: 20bit MPLS label
- 4: 32bit index
Segment routing capability (2)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|I|V| Reserved | SRGB length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ SID/Label sub-TLV (start of SRGB) /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
I: 1 ≡ SR-MPLS IPv4
V: 1 ≡ SR-MPLS IPv6
Prefix SID (3)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |R|N|P|E|V|L|Rsv| Algorithm |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ SID/Index/Label /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
R: 1 ≡ redistributed or inter-level
N: 1 ≡ node SID
P: 1 ≡ no PHP
E: 1 ≡ explicit-null
V: 0 ≡ index, 1 ≡ value
L: 1 ≡ local significance
Algorithm:
- 0: SPF on link metric
- 1: strict SPF on link metric
SR algorithm (19)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Algorithm 1 | Algorithm 2 | Algorithm ... | Algorithm n |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
SRLB (22)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|I|V| Reserved | SRLB length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ SID/Label sub-TLV (start of SRLB) /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Adjacency SID (31)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |F|B|V|L|S|P|Rsv| Weight |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ SID/Index/Label /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
F: 0 ≡ IPv4, 1 ≡ IPv6
B: 1 ≡ eligible for FRR
V: 0 ≡ index, 1 ≡ value
L: 1 ≡ local significance
S: 0 ≡ single adjacency, 1 ≡ set of adjacencies
P: 1 ≡ persistent across restarts
LAN Adjacency SID (32)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |F|B|V|L|S|P|Rsv| Weight |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Neighbor system ID |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| SID/Label/Index (variable) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
F: 0 ≡ IPv4, 1 ≡ IPv6
B: 1 ≡ eligible for FRR
V: 0 ≡ index, 1 ≡ value
L: 1 ≡ local significance
S: 0 ≡ single adjacency, 1 ≡ set of adjacencies
P: 1 ≡ persistent across restarts
SID/Label binding (149)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |F|M|S|D|A| Rsv | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Range | Prefix Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
\ \
/ Prefix /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ Sub-TLVs /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
F: 0 ≡ IPv4, 1 ≡ IPv6
M: 1 ≡ mirrored context
S: 0 ≡ within area, 1 ≡ must be leaked throughout domain
D: Up/down bit
A: 1 ≡ directly connected to prefix
MT SID/Label binding (150)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Rsvd | MT ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|F|M|S|D|A| Rsv | Reserved | Range |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Prefix Length | |
+-+-+-+-+-+-+-+-+ +
\ \
/ Prefix /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ Sub-TLVs /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
F: 0 ≡ IPv4, 1 ≡ IPv6
M: 1 ≡ mirrored context
S: 0 ≡ within area, 1 ≡ must be leaked throughout domain
D: Up/down bit
A: 1 ≡ directly connected to prefix
IS-IS vs OSPF
- advantages
- smaller LSP
- more routers per area (>1000)
- extensible through TLVs
- less CPU load (SPF, LSDB maintenance) due to partial recalculation
- tunable timers: LSP flooding, aging (OSPF – consts)
- L1/L2 adjacency over same link (multi-area feature in OSPF)
- not vulnerable to L3-based attacks (uses L2 for transport)
- disadvantages
- less documentation, examples
- less known by personnel
- less features (e.g., no NSSA, FA)
- no auto-cost based on BW
- does not support DMVPN, VTI
- no support for NBMA: PVC full-mesh only
- partial recalculation:
- OSPF: new LSA → full SPF
- IS-IS: new TLV for LSP → SPF not needed
- supports P2P GRE
Authentication
- LSP and IIH are authenticated separately for each level
- key number does not have to match
- first key in key chain is used
; L1/L2 default, L1 and L2 are separate, authC LSP within level
(config-router)# authentication mode md5 [level-1|level-2]
(config-router)# authentication send-only
(config-router)# authentication key-chain <NAME>
; IIH authC, L1 and L2 separately, L1/L2 by default
(config-if)# isis authentication mode md5
; first key is used
(config-if)# isis authentication key-chain <CHAIN>
; does not authenticate ingress messages, useful on transition
(config-if)# isis authentication send-only
Route leaking
- avoid suboptimal routing (e.g., for VoIP)
- BGP for L3VPN – next-hop has to be known for LDP
- avoid asymmetric routing (e.g., due to firewalls)
- extended ACL: filter on source + prefix
(config-router)# redistribute isis ip <FROM> into <TO> route-map <MAP>
Design
- flat network: first – L2, makes it easier to introduce L1 later
- L2 must be continuous
- level border – between core and distribution: isolates core from flaps on access
- core – L2
- distribution – L1/L2
- access – L1
- if access is L1/L2
- no summarization
- link flap make core run SPF
Redistribution
- extended ACL: filter on prefix + mask
- does not redistribute connected prefixes (e.g., IS-IS → OSPF/EIGRP/BGP)
(config-router)# redistribute <FROM> [level-1|level-2|level-1-2]
Defaults
- seed metric = 0
- OSPF: internal routes
- internal metric type for narrow metric
- L2
IPv6
- wide metric, TLV 129
- multitopology:
- separate topologies for IPv4 and IPv6
- no blackhole on IPv4-only IS
- separate metrics
- transition mode:
- single topology and MT TLV are sent
- single mode is calculated
- single topology
- less complex for configuring and operating
- consistency check:
- verify if AF match in L1 and L2 Hello
- can be disabled during IPv4 → IPv4/IPv6 transition
- single topology and MT TLVs are not compatible
- defaults:
- IOS XE: single mode
- IOS XR: MT
- MTID
- 0: IPv4 unicast (default)
- 1: IPv4 inband mgmt
- 2: IPv6 unicast
- 3: IPv4 mcast
- 4: IPv6 mcast
(config-router)# metric-style wide
(config-router)# address-family ipv6
(config-router-af)# multitopology [transition]
Summarization
- based on LSDB, not RIB
- defaults: L2 without L1 (L2 → L1 requires leak) or redistributed (L2 by default)
- adds 0.0.0.0/0 via Null0
- metric: best of subordinate routes
- more-specific LSPs are suppressed
; min metric, L2 by default, based on LSDB
(config-router)# summary-address <IP> <MASK> <LEVEL>
; L2 only, 0.0.0.0/0 in RIB not required
(config-router)# default-information originate [route-map <MAP>]
Loop-free alternative (LFA)
- physical and port-channel interfaces only; not supported for subinterfaces, tunnels, MPLS TE, virtual interfaces
- per prefix, 1 backup entry in RIB and FIB
- calculates SPF for every neighbour
- tie-breakers
- downstream: metric lower than own metric
- primary-path: 20 default, ECMP paths like primary
- lowest metric: 30 default
- linecard-disjointL 40 default
- load-sharing
- node protection: paths do not pass the same node
- secondary-path: non-ECMP paths
- SRLG
- condition: D(N,D) < D(N,S) + D(S,D) ≡ no loop, direction is important
- IOS XE: P2P links only
- RFC: pseudonode is taken into account for bcast links
(config-router)# fast-reroute per-prefix level-1|level-2 all|route-map <RMAP>
(config-router)# fast-reroute remote-lfa level-1|level-2 mpls-ldp
; on default, use ECMP LFA for prefixes
(config-router)# fast-reroute load-sharing level-1|level-2 [disable]
Graceful restart
- RFC 5306, TLV 211
- after GR NSF includes TLV into Hello