JunOS | Intermediate System to Intermediate System (IS-IS)

In this post I will make a summary of what’s already been documented, rather excellently in the three parts blog written by Chris here – part 1, part 2 & part 3.

I must admit, though he calls those as primers, they are actually quite comprehensive and probably offer more information than required for the JNCIP exam.

So here is what I’m going to cover:

  • General concepts
  • Configuration
  • Troubleshooting
  • Considerations ISIS vs. OSPF

Though I’d consider ISIS Areas and Authentication as part of the ISIS basics, there are few cases I’d like to look into and therefore I’ll cover them in two different posts.

 

GENERAL CONCEPTS


  • ISIS it is an ISO standard; it has been extended to operate with IPv4 and IPv6
  • ISIS operates over Layer2
  • L3/Routing Packet – Network Protocol Data Unit (NPDU)
  • L2 Packet –  Subnetwork Protocol Data Unit (SNPDU)
  • Also defines a SNPA – Subnetwork Point of Attachment which is analog to OSI L2 attachment (over Ethernet, it’s the interface MAC address)
  • ISIS also uses areas – however, unlike OSPF, with ISIS the Area ID is embedded in the router’s ISO address
  • ISIS L2 area is analogous to OSPF backbone area and L1, to OSPF non-backbone area respectively
  • ISIS has a variable packet structure; ISIS packet data payload consists of a list of TLVs (Type, Length, Value) attributes
  • PDUs are never broadcasted; destination MAC is 01:80:c2:00:00:14 (All Level 1 ISs) & 01:80:c2:00:00:15 (All Level 2 ISs)

IS-IS presents four packet types which are further split in several sub-types:

IIH - ISIS HELO
LAN IIH
  1. L1
  2. L2
P2P IIH
  1. L1
  2. L2
CSNP - Complete Sequence Number PDU
  1. L1
  2. L2

NOTE that despite the name, this is actually a summary message which includes a list of LSP IDs only for local comparison purposes.

PSNP - Partial Sequence Number PDU
  1. L1
  2. L2

NOTE this in fact a request message for a full list of LSPs following up a previous CSNP message.

LSP - Links State PDU
  1. L1
  2. L2

If we are to simplify, we just need to remember that the HELLO message has two subtypes – one for broadcast domains; another for P2P links respectively; for each packet there is a Level1 and Level2 equivalent.

ISIS Adjacencies

The following govern ISIS adjacencies:

  1. Routers can form Level1 adjacencies only if they are in the same area
  2. Routers can form Level2 adjacencies regardless of their area membership
  3. Level1 routers cannot become adjacent to Level2 routers
  4. Two adjacent routers can run both Level1 and Level2 adjacencies simultaneously

ISIS Designated Router

Similarly to OSPF, a Designated Router is also elected when adjacencies are formed on broadcast domains, unless adjacency is explicitly set as point-to-point. Strangely enough, officially this router is called a Pseudonode and yet, it is identified as Designated Router in show command output.

DR election is always preempted by the best DR on the broadcast domain; here the highest value always wins in the following order:

  1. Priority – a value between 0 – 127; by default it is set to 64
  2. MAC address

SPF Metrics & routing through the network

  • 6bits long metrics must be converted to 24bits long metrics – these are called wide-metrics
  • bandwidth reference must be specified for correct link-cost calculation
  • L1 routes are preferred to L2
  • Internal routers are preferred to external routes – this is however only relevant when wide metrics are not enabled; otherwise only the metrics value is considered
IS-IS doesn’t distinguish between internal and external prefixes when you’re using wide metrics.

 

CONFIGURATION


One important item to understand when configuring IS-IS is the ISO addresses which have the following format:

<AFI>.<AREA-ID>.<SYSTEM|ROUTER-ID>.<NSAP>

  • NSAP – Network service access point; it’s always 0; historically it could have other values but not today; 00 identifies the destination service as being a router (Not to be confused with SNPA – see above)
  • SYSTEM|ROUTER ID – It is always same length as a Ethernet mac address; it identifies the router itself similarly to a host part of the IP address; this is normally set as the system’s mac address or determined from the loopback ip address
  • AFI.AREA-ID (Optional) – this is the area id and it’s variable in length;
    • The first part (49) represents the AFI – Authority & Format Identified; since nowadays nobody assigns ISO addresses out anymore, this value is always going to be 49 which is reserved for private use
    • The rest is the actual AREA ID and it’s variable length; it’s the administrator’s discretion as to what format or area hierarchy to use; it can also be nill. So an ISO address such as 49.3456.5543.5555.00 is a valid ISO address.

So more simplistically, an IS-IS / ISO address has the more conventional template:

49.<area-Id>.<system|router-Id>.00

ISO Addresses format (examples):
    • 49.0000.0000.0001.00
    • 49.1234.1921.6810.0254.00
    • 47.0005.8083.0000.1B2F.6C0A.5001.00

Going forward, I’ll use the following lab topology:

Notice the ISO address match the area they belong to; R3 being the exception since it belongs to both Level2 & Level1 areas.

Now we start configuring IS-IS:

1 – Regarding addressing, only the loopback interfaces needs an ISO address; though all participating interfaces must have iso family enabled

2 – Enable ISIS protocol; disable Level1 adjacencies; R1 is part of Level 2 area only

3 – Add interfaces to IS-IS process; set the loopback interface as passive since it wont actively participate in ISIS

set interfaces lo0 unit 0 family inet address 192.168.100.1/32
set interfaces lo0 unit 0 family iso address 49.0100.1921.6810.0001.00

set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family iso

set protocols isis level 1 disable
set protocols isis interface ge-0/0/0.0
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.0 passive

Even though at this point I had only R1 configured, we can already see some useful information:

root@R1>show isis overview
Instance: master
Router ID: 192.168.100.1
Hostname: R1
Sysid: 1921.6810.0001
Areaid: 49.0100
Adjacency holddown: enabled
Maximum Areas: 3
LSP life time: 1200
Attached bit evaluation: enabled
SPF delay: 200 msec, SPF holddown: 5000 msec, SPF rapid runs: 3
IPv4 is enabled, IPv6 is enabled
Traffic engineering: enabled
Traffic engineering v6: disabled
Restart: Disabled
Helper mode: Enabled
Layer2-map: Disabled
Source Packet Routing (SPRING): Disabled
Post Convergence Backup: Disabled
Level 1
Internal route preference: 15
External route preference: 160
Prefix export count: 0
Wide metrics are enabled, Narrow metrics are enabled
Level 2
Internal route preference: 18
External route preference: 165
Prefix export count: 0
Wide metrics are enabled, Narrow metrics are enabled

Notice though I disabled Level1 adjacency, there is not indication of this in the output of this command.

Next, I have replicated the configuration on R2 to build an actual IS-IS adjacency (neighbour in OSPF). Let’s look at a few command outputs:

The routing table … Notice we are now receiving IS-IS routes with next-hop 10.12.0.1

IS-IS packet stats …

In the packet capture you can various examples of ISIS packets and different encapsulated TLVs.

 

TROUBLESHOOTING


  • ISIS ADJ. REQUIREMENTS
    • Since ISIS runs over L2, it is recommendable for MTU to match at both ends; I have observed that with JunOS, this is not mandatory
    • Make sure authentication is correctly configured
    • Ensure L2 reachability
    • Make sure the Link type is matched; an ISIS adjacency can be configured as P2P (circuit-type = 2) or LAN (circuit-type = 3)
  • Useful SHOW COMMANDS

show isis overview

root@R1> show isis overview
Instance: master
Router ID: 192.168.100.1
Hostname: R1
Sysid: 1921.6810.0001
Areaid: 49.0100
Adjacency holddown: enabled
Maximum Areas: 3
LSP life time: 1200
Attached bit evaluation: enabled
SPF delay: 200 msec, SPF holddown: 5000 msec, SPF rapid runs: 3
IPv4 is enabled, IPv6 is enabled
Traffic engineering: enabled
Traffic engineering v6: disabled
Restart: Disabled
Helper mode: Enabled
Layer2-map: Disabled
Source Packet Routing (SPRING): Disabled
Post Convergence Backup: Disabled
Level 1
Internal route preference: 15
External route preference: 160
Prefix export count: 0
Wide metrics are enabled, Narrow metrics are enabled
Level 2
Internal route preference: 18
External route preference: 165
Prefix export count: 0
Wide metrics are enabled, Narrow metrics are enabled

show isis adjacency

root@R1> show isis adjacency extensive
R2
Interface: ge-0/0/0.0, Level: 2, State: Up, Expires in 25 secs
Priority: 0, Up/Down transitions: 1, Last transition: 00:09:37 ago
Circuit type: 2, Speaks: IP, IPv6
Topologies: Unicast
Restart capable: Yes, Adjacency advertisement: Advertise
IP addresses: 10.12.0.2
Transition log:
When State Event Down reason
Mon Dec 6 01:17:23 Up Seenself

show isis statistics

root@R1> show isis statistics interface ge-0/0/0.0
IS-IS Interface statistics for R1:
Interface ge-0/0/0.0
PDU type Received Processed Drops Sent Rexmit
LSP 71 71 0 42 0
IIH 9106 12 77 3213 0
CSNP 2906 2906 0 252 0
PSNP 5 5 0 5 0
Unknown 0 0 0 0 0
Totals 12088 2994 77 3512 0

Total packets received: 12088 Sent: 3512

show route

root@R1> show route protocol isis

inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both

10.23.0.0/24 *[IS-IS/18] 00:16:24, metric 20
to 10.12.0.2 via ge-0/0/0.0
> to 10.13.0.3 via ge-0/0/1.0
10.34.0.0/24 *[IS-IS/18] 00:16:24, metric 20
> to 10.13.0.3 via ge-0/0/1.0
10.35.0.0/24 *[IS-IS/18] 00:16:24, metric 20
> to 10.13.0.3 via ge-0/0/1.0
192.168.100.2/32 *[IS-IS/18] 00:22:11, metric 10
> to 10.12.0.2 via ge-0/0/0.0

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

show isis database

root@R1> show isis database detail
IS-IS level 1 link-state database:

IS-IS level 2 link-state database:

R1.00-00 Sequence: 0x27, Checksum: 0xcfa9, Lifetime: 848 secs
IS neighbor: R2.00 Metric: 10
IS neighbor: R3.02 Metric: 10
IP prefix: 10.12.0.0/24 Metric: 10 Internal Up
IP prefix: 10.13.0.0/24 Metric: 10 Internal Up
IP prefix: 10.100.1.0/24 Metric: 0 Internal Up
IP prefix: 10.100.1.1/32 Metric: 0 Internal Up
IP prefix: 10.100.2.0/24 Metric: 0 Internal Up
IP prefix: 10.100.2.1/32 Metric: 0 Internal Up
IP prefix: 10.100.3.0/24 Metric: 0 Internal Up
IP prefix: 10.100.3.1/32 Metric: 0 Internal Up
IP prefix: 192.168.100.1/32 Metric: 0 Internal Up

R2.00-00 Sequence: 0x26, Checksum: 0x39d5, Lifetime: 828 secs
IS neighbor: R1.00 Metric: 10
IS neighbor: R3.03 Metric: 10
IP prefix: 10.12.0.0/24 Metric: 10 Internal Up
IP prefix: 10.23.0.0/24 Metric: 10 Internal Up
IP prefix: 192.168.100.2/32 Metric: 0 Internal Up

R3.00-00 Sequence: 0x5, Checksum: 0x287f, Lifetime: 883 secs
IS neighbor: R3.02 Metric: 10
IS neighbor: R3.03 Metric: 10
IP prefix: 10.13.0.0/24 Metric: 10 Internal Up
IP prefix: 10.23.0.0/24 Metric: 10 Internal Up
IP prefix: 10.34.0.0/24 Metric: 10 Internal Up
IP prefix: 10.35.0.0/24 Metric: 10 Internal Up

R3.02-00 Sequence: 0x2, Checksum: 0x5dca, Lifetime: 883 secs
IS neighbor: R1.00 Metric: 0
IS neighbor: R3.00 Metric: 0

R3.03-00 Sequence: 0x2, Checksum: 0x9c88, Lifetime: 883 secs
IS neighbor: R2.00 Metric: 0
IS neighbor: R3.00 Metric: 0

 

ISIS vs OSPF


  • ISIS is a ISO standard, unlike OSPF which is a IETF standard
    ISIS is transported at layer 2, unlike OSFP which operates at Layer3, over IPv4 and IPv6
  • Since it operates at L2, ISIS can be considered more secure than OSPF; though it’s also more sensitive to L2 related issues such as MTU size
  • ISIS is not necessarily more scalable than OSPF; it is however a lot easier to extend through the addition of new TLVs as needed. An ISIS host would simply forward on the ISIS packets regardless of whether or not the new TLV is known. Whereas with OSPF, an introduction of new packet types is needed – this implies ensuring compatibility downstream
  • It is in fact simpler to understand and troubleshoot

 

Thank you,

Rafael A. Couto Cabral • LinkedIn Profile
Cisco​ | F5 | VMware Certified • PRINCE2 Practitioner

Related Post

Comments are closed.