Saturday, February 26, 2011

CCIE Notes - ISIS


Intermediate System (IS) is the terminology used to describe a router.

IS-IS does not use IP addresses to identify each IS.  Rather, OSI CLNS addressing is used.

 Fundamentally, IS-IS does not use the IP protocol.  Rather, IS-IS uses it’s own L3 headers and leverages the Data Link layer directly.

CLNS (Connectionless Network Services) is a network layer protocol like the IP.  CLNS history comes from the 1980′s when it was still unclear whether IP or CLNS would be the defacto internetwork protocol.
In the 1980′s it was common for networks to have both OSI CLNS and IP application traffic.  Therefore, IS-IS was enhanced to be a single routing protocol that could support CLNS and IP concurrently.  IS-IS is open, flexible, extensible, and scalable.

Because IS-IS is not solely an IP protocol, IS-IS can easily be used for other non-IP applications, such as for Layer 2 routing implementations.  Example Cisco OTV, and Cisco FabricPath.
CLNS Addressing as the IS-IS router uses it, called the NET:

AREA (everything else) : SYSTEM ID  (6 bytes) : NSAP (1 byte)
Example:   49.1111.1000.1000.0001.00
AREA = 49.1111
SYSTEM ID = 1000.1000.0001
NSAP = 00

The SYSTEM ID is unique per AREA, however it may be simpler to also keep it unique across the network.
NSAP describes the upper layer protocol using — to address the IS-IS routing process on the router itself the NSAP is 00.  NSAP is analogous to the protocol number field in IP headers.

Two routers in the same AREA are considered intra-area and will form an L1 (Level 1) adjacency.

Two routers in the same AREA can form a Level 2 adjacency if their interfaces are explicitly configured for Level 2 only.

Two routers in a different AREA  are considered inter-area and will form a L2 (Level 2) adjacency.

Two routers in a different AREA will not be able to form Level 1 adjacencies.

By default, two Cisco IOS routers in the same AREA will form both and L1 and L2 adjacencies, unless their interfaces are configured otherwise.

interface serial 1/0
isis circuit-type (level 1, level2, or both)

Much like OSPF, the HELLO and HOLD timers do not need to match for neighbors to form.  Each IS-IS router declares its own HOLD time to its neighbors.

Much like OSPF, a designated router is elected on broadcast networks, called a DIS.  The DIS acts the pseudonode, just as the DR does in OSPF.

When IS routers exchange topology database information four types of packets are used:

Level 1 link state packets (LSP) – describe link state detail and information

Level 2 link state packets (LSP)

Complete sequence number packets (CSNP) – describe summary of  link states in data base

Similar to OSPF DD (database descriptor) packets

Partial sequence number packets (PSNP) – describe partial data base, or used to request LSPs

IS-IS supports several different metric values per link, Default metric, Expense metric, Delay metric, Error metric.

IP routing only uses the Default metric.

The other metrics are not commonly implemented.

IS-IS wide metrics is when the four metric fields are combined to together into a single large Default metric value
router isis
metric-style wide

IS-IS wide metric are required when using Tags

Wide metrics are required for MPLS traffic enginerring over IS-IS

Configuring some routers with wide metrics while others are not will break the network

To make the transition to wide metrics you can use ‘metric-style transition’ which allows an IS-IS router to accept both wide and narrow metric, presuming the metrics are within the narrow range.

router isis
metric-style transition

The default metric for an interface in Cisco IOS is 10.  The metric can be changed with the interface level command:

interface serial 1/0
isis metric

IS-IS provides the means to create logical flooding boundaries by breaking the network into one level 2 routing domain and multiple level 1 routing domains.

The one Level 2 routing domain could be analogous to OSPF Area 0

The multiple Level 1 routing domains could be analogous to other OSPF Areas

L1/L2 border routers will advertise all reachable IP destinations from their Level 1 domain into the Level 2 domain with a single Level 2 summary LSP describing the IP networks, much like an OSPF ABR and Type 3 LSA’s.

L1/L2 border routers will hide the topology detail of their Level 1 domain from the Level 2 domain (not flooding all of the Level 1 LSP information), much like an OSPF ABR.

L1/L2 border routers will not advertise IP destinations in the Level 1 domain learned from the Level 2.
A router with both L1 & L2 adjacencies does not automatically make it an L1/L2 border.

Only when an IS router is attached to another IS router advertising a domain (AREA) different than its own will it become an L1/L2 border

49.1111.1000.1000.0001.00  <—–>  49.2222.1000.1000.0002.00

The L1/L2 border router will set the “attached bit” in its LSP and flood that into the L1 domain.  The “attached bit” indicates it is connected to Level 2 and is an L1/L2 border.

If the Level 1 router receives a packet for a destination it cannot match with its own L1 topology information, it will look in its database for a router with the “attached bit” and send the packet to that router.

The L1/L2 border router does not generate or advertise a default route in the Level 1 area.

The Level 1 router upon seeing an LSP in its database with the “attached bit” will create a default route in its own IP routing table pointing to the L1/L2 border router.

Level 1 routers have no topology or IP reachability information outside of its area, which can sometimes lead to suboptimal routing for packets exiting the Level 1 area.

The L1/L2 border can be configured to “leak” specific IP reachability information (routes) into the Level 1 area to avoid suboptimal routing:
router isis
redistribute isis ip level-2 into level-1 distribute-list 100
access-list 100 permit ip 10.10.10.0 0.0.0.255 any

Each IS router will re-flood its LSP’s every 20 minutes.  In a large IS-IS network, this is another good reason for area segmentation, as LSP’s will only be flood within their area.

In a large IS-IS network, you can also reduce the amount of LSP flooding traffic by increasing the LSP refresh interval, and increasing the LSP max age (lifetime).

router isis
lsp-refresh-interval (seconds, 1 to 65535)
max-lsp-lifetime (seconds, 1 to 65535)

Note: Be sure to set the LSP max lifetime to something higher than the LSP refresh interval

IS-IS over NBMA networks (Frame Relay)

One simple approach is to use point-to-point subinterfaces per DLCI.  Can waste IP address space in large nets.

Another approach is to use a the physical Frame Relay interface in a point-to-multipoint topology.

Cisco routers have IP inverse ARP for Frame Relay on by default – which helps for OSPF, but not IS-IS, since IS-IS uses CLNS, not IP.

To form IS-IS neighbors on NBMA point-to-multipoint networks (Frame Relay) you need to use frame relay map statements for CLNS.

interface serial 1/0
encapsulation frame-relay
frame-relay map clns 101 broadcast

Another best practice on NBMA point-to-multipoint topolgies with IS-IS is to define the Hub router as the DIS (designated router).  You can force spoke routers to never become the DIS.  On an NBMA or broadcast network all IS-IS routers will need to exchange LSP’s with the DIS.  In a NBMA network, the spokes usually do not have direct connectivity between each other, so its important that the Hub router always be elected the DIS.

hub-router# interface serial 1/0
isis priority 125
spoke-router# interface serial 1/0
isis priority 0

You can use the command ‘show clns interfaces‘ to verify which router is the DIS a given network/interface

IS-IS uses the CLNS selector byte to identify the DIS on a brodcast segment.  The IS-IS router uses the 00 value to identify itself, so this leaves values 1-255 available for DIS nodes this router has been elected to.
An IS-IS router can be the DIS on no more than 254 different broadcast networks.

No comments:

Post a Comment