IS-IS vs. OSPF Part II:  Small steps make steady progress

IS-IS Subnetwork Independent Operation

Continuing our journey through the land of IS-IS and hoping to reach the point where we get to understand how it actually works and the differences between it and OSPF, let’s focus today on how IS-IS is configured and why it uses both Levels and Areas.

So far, we’ve got some things cleared, as to where that odd node addressing scheme for the routers comes from, what is CLNS and CLNP and a few words on the hierarchy that IS-IS employs. To further things out, let’s go a bit deeper into the structure of the protocol itself.

The thing with IS-IS is that is Network layer independent, though the first thing we tend to do when configuring it is jump to the IP addressing. Consequently, today we’ll see how the OSI IS-IS works without configuring a single IP address, and then if we get to understand this, we can move on to the Integrated IS-IS operation

From a really high level, IS-IS operates as follows:

  • Routers running IS-IS will send hello packets out all IS-IS-enabled interfaces to discover neighbors and establish adjacencies.
  • Routers sharing a common data link will become IS-IS neighbors if their hello packets contain information that meets the criteria for forming an adjacency. These criteria will be revised in a later section
  • Routers may build a link-state packet (LSP) based upon their local interfaces that are configured for IS-IS.
  • Routers flood LSPs to all adjacent neighbors except the neighbor from which they received the same LSP (with some restrictions we’ll see)
  • All routers will construct their link-state database from the LSPs.
  • A shortest-path tree (SPT) is calculated by each IS

 

Why does IS-IS have both levels and areas?

The main reason for which both areas and levels exist is that area boundaries are on the links, not on the routers themselves, so there had to be a mechanism to differentiate between the adjacencies established between two routers in the same area and two routers in different areas.

To recall, an IS-IS router usually has only one NET (NSAP with the N-SEL = 0x00) so it is part of only one area at a time. This IS-IS router can be adjacent with routers in the same area and with routers in different areas. To be able to establish an adjacency with a router in the same area, the IS must be at least Level 1. For adjacencies with ISs in other areas, the router must be Level 2 capable. By default, with Cisco IOS and JunOS, the router is L1/L2 capable, meaning that it can become adjacent with other ISs at both levels.

The thing is that you can’t learn something until you actually do it. So let’s see this happening.

Note1: The example is based on Cisco, but there’s not much difference in this with JunOS (I will be dedicating a bunch of articles to doing things on JunOS as well).

Note2: The term LSP (Link State Packet) we’ll be using is similar to OSPF LSA. The difference is that there are only 2 types of LSPs for each Level, meaning L1-non-pseudonode, L1-pseudonode, L2-non-pseudonode, L2-pseudonode. We’ll see that the pseudonode LSPs are similar to the Network LSA generated by the DR in OSPF

 

Let’s be neighbors!

Topology 1.1. – Basics

isis2-1

We want them both in the same area so that’s kind of like the only thing we need for IS-IS to start, configuring NETs and enabling routing for CLNS.

IS1# show run | section router isis
router isis
 net 49.0000.0001.0101.0101.0101.00

IS2# show run | section router isis
router isis
 net 49.0000.0001.0202.0202.0202.00

IS1(config-if)# clns router isis
IS2(config-if)# clns router isis

That’s it! Let’s see how it works:

  • Viewing neighbors

IS1#sh isis neigh
System Id      Type Interface   IP Address      State Holdtime Circuit Id
IS2                     L1      Fa0/0                                          UP      9                    IS2.01       
IS2                     L2      Fa0/0                                          UP      10                 IS2.01       

 IS2#sh isis neigh
System Id      Type Interface   IP Address      State Holdtime Circuit Id
IS1                      L1      Fa0/0                                         UP       24                 IS2.01
IS1                      L2      Fa0/0                                         UP       26                 IS2.01

  • Viewing the database

IS1#sh isis data
IS-IS Level-1 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS1.00-00   * 0x0000000A   0x38C8             1158                         0/0/0
IS2.00-00      0x00000006   0xF007              1152                         0/0/0
IS2.01-00      0x00000002   0xEA4C             1153                         0/0/0
IS-IS Level-2 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS1.00-00    * 0x00000009   0x2274               1158                       0/0/0
IS2.00-00       0x00000007   0xF49C               1156                       0/0/0
IS2.01-00       0x00000003   0x7846               1153                       0/0/0

IS2#sh isis database
IS-IS Level-1 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS1.00-00    0x0000000A            0x38C8        1195                        0/0/0
IS2.00-00      * 0x00000006        0xF007        1193                        0/0/0
IS2.01-00      * 0x00000002        0xEA4C        1194                       0/0/0
IS-IS Level-2 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS1.00-00     0x00000009             0x2274        1195                        0/0/0
IS2.00-00     * 0x00000007          0xF49C        1197                        0/0/0
IS2.01-00     * 0x00000003          0x7846        1194                        0/0/0

What is there to understand:

  • There are two adjacencies established between IS1 and IS2, one for each Level of routing
  • As the Ethernet links are multi-access by default, a DIS (Designated Intermediate System) is elected. This is similar to the DR in OSPF except that there is no BDIS (BDR) chosen.
  • The DIS generates the PSEUDONODE LSP, which can be easily spotted. There is one DIS for the Level1 routing and one for the Level2 routing. By default, the same IS gets both roles as no priorities have been modified. We can see below that the LSP is very much similar to the Network LSA in OSPF.
  • The Circuit ID in the neighbor table is actually the ID of the DIS

IS1#show isis database l1 IS2.01-00 detail
IS-IS Level-1 LSP IS2.01-00
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS2.01-00   0x00000003   0xE84D                1192                              0/0/0
  Metric: 0          IS IS2.00
  Metric: 0          IS IS1.00

 IS1#show isis database l2 IS2.01-00 detail
IS-IS Level-2 LSP IS2.01-00
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS2.01-00    0x00000004   0x7647                 1148                              0/0/0
  Metric: 0          IS IS2.00
  Metric: 0          IS IS1.00

Let’s change IS3’s priority and let IS2 become the DIS (default LAN priority is 64!):

IS3(config)#int fa1/0
IS3(config-if)#isis priority 3

Now, IS2 is the new DIS, as it is the one generating the Pseudonode LSP IS2.01-00:

IS3#sh isis data     
IS-IS Level-1 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS3.00-00    * 0x00000003      0x0B7D         1191                         1/0/0
IS-IS Level-2 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS1.00-00     0x00000002      0x148A            808                           0/0/0
IS2.00-00     0x00000004      0x53A4            1170                        0/0/0
IS2.01-00     0x00000001      0x8B29            1171                         0/0/0
IS3.00-00    * 0x00000004    0xD2B9            1173                         0/0/0

 

Topology 1.2: Changing the network type

isis2-2Let’s first change the network type to p2p:

IS1#sh run int fa0/0
—output omitted—
clns router isis
isis network point-to-point

 IS2#sh run int fa0/0
—output omitted—
clns router isis
isis network point-to-point

The neighborship slightly changed now:

IS1#sh isis neighbors
 System Id      Type  Interface   IP Address    State Holdtime Circuit Id
IS2                       L1L2  Fa0/0                                        UP      27                00

IS2#sh isis neigh
System Id      Type Interface   IP Address     State Holdtime Circuit Id
IS1                      L1L2 Fa0/0                                        UP      20                00

And the database as well:

IS1#sh isis data
IS-IS Level-1 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS1.00-00   * 0x0000000C    0x18E7            1159                          0/0/0
IS2.00-00    0x00000008      0x3DBF            1155                         0/0/0
IS2.01-00    0x00000002      0x7974             0 (1157)                  0/0/0
IS-IS Level-2 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS1.00-00   * 0x0000000B     0x0293           1158                          0/0/0
IS2.00-00   0x00000009        0x4155            1156                         0/0/0
IS2.01-00   0x00000003        0x7775            0 (1158)                  0/0/0

 IS2#sh isis data
IS-IS Level-1 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS1.00-00    0x0000000C         0x18E7          1193                           0/0/0
IS2.00-00    * 0x00000008      0x3DBF          1192                          0/0/0
IS2.01-00     * 0x00000002     0x7974           0 (1181)                     0/0/0
IS-IS Level-2 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS1.00-00    0x0000000B       0x0293            1192                        0/0/0
IS2.00-00    * 0x00000009    0x4155            1192                        0/0/0
IS2.01-00    * 0x00000003    0x7775             0 (1181)                0/0/0

Things to understand:

  • on a point-to-point network type, only one adjacency is maintained for both routing levels.
  • once the Pseudonode LSP will age out, there will only be the non-pseudonode LSPs in the database, so there is no DIS on the point-to-point network

 Topology 1.3: Adding one more IS

isis2-3If we add IS3 into the scheme, in a different area (don’t forget to enable clns on the link between IS2 and IS3):

IS3#show run | s router isis
router isis
 net 49.0000.0002.0303.0303.0303.00

IS3#sh isis neighbors detail
System Id      Type Interface   IP Address      State Holdtime Circuit Id
IS2                      L2      Fa1/0                                         UP       29                IS3.01      
  Area Address(es): 49.0000.0001
  SNPA: ca02.e783.001c     
  State Changed: 00:09:34
  LAN Priority: 64
  Format: Phase V
  Remote TID: 0
  Local TID:  0
  Interface name: FastEthernet1/0

IS3#sh isis data
IS-IS Level-1 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS3.00-00   * 0x00000003     0x0B7D            876                           1/0/0
IS-IS Level-2 Link State Database:
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS1.00-00     0x0000000F       0xF997              787                          0/0/0
IS2.00-00     0x0000000E       0x6285              868                          0/0/0
IS3.00-00     * 0x00000003    0x681F              870                          0/0/0
IS3.01-00     * 0x00000001     0x0AA4            871                          0/0/0

Things to understand:

  • Between IS2 and IS3 there is only an L2 adjacency which makes perfect sense as they are in different areas
  • We added the detail keyword, so that we can see detailed info on the neighbors
  • IS3 still generates its L1 non-pseudonode LSP, even though it has no L1 adjacency
  • For the Level2 IS3 becomes the DIS, so it generates the L2 pseudonode LSP (01-00), as well as its L2 non-pseudonode LSP (IS3.00-00)

IS3#sh isis data l2 IS3.01.00 det
IS-IS Level-2 LSP IS3.01-00
LSPID           LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
IS3.01-00    * 0x00000001    0x0AA4           648                            0/0/0
  Metric: 0          IS IS3.00
  Metric: 0          IS IS2.00

Now let’s see the topology, from IS 1’s perspective

IS1#sh isis topology
IS-IS TID 0 paths to level-1 routers
System Id            Metric     Next-Hop             Interface   SNPA
IS1                  —
IS2                           10                IS2                           Fa0/0           ca02.e783.0000
IS-IS TID 0 paths to level-2 routers
System Id            Metric     Next-Hop             Interface   SNPA
IS1                  —
IS2                           10              IS2                             Fa0/0       ca02.e783.0000
IS3                           20              IS2                             Fa0/0       ca02.e783.0000

Things to understand:

  • Default metric for an interface is 10.
  • You may notice the interface on which that neighbor is reachable and the SNPA (Sub-Network Point of Attachment) which is the same for all routers. The SNPA is the address used by IS1 to reach IS2 and IS3. Can you guess what it’s exactly? It’s actually the MAC address of IS2’s interface towards IS1. You can check that, and also let’s see the topology on IS2 (the middle router):

IS2#sh isis topology
IS-IS TID 0 paths to level-1 routers
System Id            Metric     Next-Hop             Interface   SNPA
IS1                           10              IS1                             Fa0/0       ca01.e782.0000
IS2                          —
IS-IS TID 0 paths to level-2 routers
System Id            Metric     Next-Hop             Interface   SNPA
IS1                          10             IS1                                Fa0/0       ca01.e782.0000
IS2                           —
IS3                           10              IS3                              Fa1/0       ca03.e785.001c

IS2 uses IS3’s interface mac address to reach IS3 and IS1’s interface mac address to reach IS1.

  • The database is split between the two levels, L1-DB and L2-DB. There is no info about the area though, so you may interpret the database as the “L1-DB-for-the-area-I-am-in” and “L2-DB-that-helps-connect-the-area-I-am-in-with-other-areas”.
  • What’s with the ATT/P/OL? ATT is the attached bit, which signals the attachment of the router to the L2 backbone. The P-bit (Partition) signals that the router is partition-repair capable, feature that is not supported by the Cisco implementation of IS-IS and the OL bit (Overload) is similar to OSPF max-metric feature – setting maximum metric in the LSA/LSP to maintain adjacencies but remove the node from the data path.

Topology 1.4: More complex, just to understand L1/L2 routing

It’s easy to build areas when all routers are by default L1/L2 capable. But what if we need to optimize that and reduce the IS-IS processing on each router? Then we would need to disable L2 capability where it is not needed. For example, considering the design below, the L1, L2 and L1/L2 routers are:

isis2-4First, let’s see why I chose them like this:

  • IS1: pseudo-leaf node (not leaf due to the connection to IS2), does not need L2 support
  • IS2: same as IS1
  • IS3: connects to IS6 in Area 2 so needs L2 support
  • IS5: connects to IS8 in Area 3 so needs L2 support
  • IS4: has no L1-only neighbor so it can be L2-only. It will establish L2 adjacency to IS3 and IS5
  • IS6: has 2 connections to 2 different areas and a connection to IS7 which is L1-only so it needs to be L1/L2
  • IS8: same as IS6
  • IS12: prerequisite to be L2 only
  • IS10: has a link to an L2-only IS and to an L1-only IS so it needs to be L1/L2

Now, can you spot an issue? Well, we mentioned that an L1 IS will always use the closest L2-capable IS to route outside its area, right? Let’s say IS1 needs to get to IS8, and it has two available paths:

  • IS1-IS2-IS5-IS8-IS9
  • IS1-IS3-IS5-IS5-IS8-IS9

The path chosen will not be the shortest, because IS2 is not a Level2-capable IS. So the second path will be the one employed, which is clearly sub-optimal.

The reason for IS1’s behavior is that it does not know routes from other areas. It only knows that the L2-capable routers in its area are “Attached” to the L2 core, so it will route to the closest one to get out of the area in which it resides.

Now, how will the return traffic flow? This time, the shortest path will be taken, via IS9-IS8-IS5-IS2-IS1. This happens because L2-capable router IS5 has all the info in Area 1 so it knows that to get to IS1, the shortest path is via IS2.

 

To be continued…

 

Cheers!

Facebook Comments
Rating

Leave a Reply