IS-IS : From JUNOS

ISIS – From JUNOS

Basic concepts and configuration:

  • Intermediate system to Intermediate system (ISIS) was originally developed for Connectionless Network Protocol (CLNP) and later adapted to support IP.
  • ISIS Levels: Level-2 and Level1. Two routers form Level-2 adjacency when the links are configured as Level-2.
  • Level-1: two routers form adjacency when the links are configured for level-1 and the IS-IS area value of each router is identical.
  • As ISIS router can operate as Level-1 router (L1), Level-2 router (L2) or Level1 and level2 router (L1/L2), which is default.
  • Addressing Format:
    • [{AFI(1 byte) – IDI} – DSP]  – System ID(6 bytes) – SEL (1 byte)
    • AFI – Authority and Format Indicator. Indicates governing body which allocates address. 0x49 indicates private NSAP address. (like private IP)
    • IDI–Initial Domain Identifier. Along with AFI, it is called initial domain part
    • System ID: Uniquely identifies an IS router. 6 bytes (12 hex characters)
    • SEL: 0x00: Indicates update that represents router itself, its links and neighbors.
  • ISIS Adjacency state:
    • New: ISIS process has just begun. Router boot up or initial configuration.
    • One-Way: After sending an ISIS hello PDUs/ received an ISIS hello
    • Initializing: When local router sees itself in neighbors’ hello.2-way established.
    • Up: Fully functional state of IS-IS.
    • Down: Area mismatch, Hold-time expires, authentication failure.
    • Reject: Upon authentication failure, an IS-IS router will transition between ‘Reject’ and ‘Down’
  • IS-IS information exchange:
    • IS-IS hellos are exchanged to form an adjacency.
    • Each router sends complete sequence number PDU (CSNP) which has summary list of Link state database, sequence number and age.
    • If Router-B determines that it is missing some information, it sends partial sequence number PDU (PSNP) to router-A.
    • Router-A responds to this request with Link state PDU containing information.
    • Router-B sends PSNP (in point-point) or CSNP (by DS router in broadcast domain) to indicate the receipt of the requested information. Act as ACK.
  • Protocol data Unit (PDU) – used to exchange information. ISIS-Common PDU header
    • Protocol ID – 1 octet – set to 0x83
    • Header length – 1 octet – total length in octet
    • Version – 1 octet – set to 0x01
    • ID length – 1 octet – Represents System ID length. 0x00 represents 6 bytes
    • PDU type – 1 octet – 000xxxxx. Indicates the PDU types following header
    • Version – 1 octet – set to 0x01. Current IS-IS version
    • Reserved – 1 octet – set to 0x00
    • Max Area Address- 1 octet- set to 0x00. Means no more than 3 area addresses are assigned.
  • ISIS router ignores the TLV that it couldn’t understand.
  • ISIS LAN hello PDU:
    • ISIS uses two PDUs on broadcast domain. One for L1 LAN Hello PDU addressed to 01:80:C2:00:00:14 and L2 LAN Hello addressed to  01:80:C2:00:00:15 (all L2 IS)
    • Circuit type – 1 octet – 000000xx. Last 2 bits represent level at which interface operate. 0x01 implies L1, 0x02 implies L2, 0x03 implies L1/L2. 0x00 means ignore
    • Source ID – 6 octet – represent system ID of the IS
    • Holding time – 2 octets – represents hold down timer. Default: 27 seconds.
    • PDU length – 2 octets – All ISIS hello should be 1492 bytes. Set to 0x05D4
    • Priority – 1 octet – First bit set to 0. Priority for election of DS. Default: 64
    • LAN ID – 7 octet – System ID of DS + Circuit ID of DS
    • TLV – variable.
  • Designated Intermediate system (DIS)
    • Also called as pseudo node. Reason for DIS: same as for DR in OSPF.
    • Election process: highest priority value. If tie, highest MAC address of IS.
    • Preempt enabled. Hold down timer for DIS: 9 sec. Hello timer: 3 sec.
  • ISIS point-point hello PDU:
    • Same format as in LAN hello PDU.
    • Circuit type – 1 octet – 000000xx. Last 2 bits represent level at which interface operate. 0x01 implies L1, 0x02 implies L2, 0x03 implies L1/L2. 0x00 means ignore
    • Source ID – 6 octet – represent system ID of the IS
    • Holding time – 2 octets – represents hold down timer.
    • PDU length – 2 octets – All ISIS hello should be 1492 bytes. Set to 0x05D4
    • Circuit ID – 1 octet – all ptp interfaces share value of 0x01
    • TLVs – Variable
  • Each ISIS router should have a minimum MTU of 1492 bytes.
  • Complete Sequence number PDU:
    • CSNP contains a listing of Link state PDUs in the database of local router.
    • CSNP is sent periodically on both BC and ptp links to maintain correctness.
    • CSNP has level1 CSNP and level2 CSNP destined to “All L1 IS” and “All L2 IS”.
    • Length – 2 octets – total length of CSNP.
    • Source ID – 7 octet – system ID + 0x00 (circuit ID)
    • Start LSP ID – 8 octets – Smallest possible LSP ID. All set to binary 0.
    • End LSP ID – 8 octets- largest possible LSP ID value. All set to binary 1.
    • TLVs – Variable
  • Partial Sequence number PDU:
    • An ISIS uses PSNP to request for LSP. Also used to explicitly ACK the receipt of received LSP on ptp link. On broadcast, CSNP used as implicit ACK.
    • PSNP has level1 PSNP and level2 PSNP destined to “All L1 IS” and “All L2 IS”.
    • Length – 2 octets – total length of PSNP
    • Source ID – 7 octet – system ID + 0x00 (circuit ID)
    • TLVs – Variable
  • Link State PDU:
    • LSP contains information about each router and its connected interfaces, metric.
    • Length – 2 octets – total length of LSP
    • Remaining lifetime – 2 octets – amount of time LSP is considered active. 1200 sec
    • LSP ID– 8 octets-uniquely identifies LSP. System ID+ circuit ID + LSP number value
    • Sequence number – 4 octets – incremented from 0x01. Current version of LSP.
    • Checksum – 2 octets – checksum of PDU after remaining lifetime.
    • Attributes – 1 octet – implies the state of local router.
      • Bit 7- Partition bit. Set to 0.
      • Bit 6 – Attached bit for error metric. Set to 0
      • Bit 5 – Attached bit for expense metric. Set to 0
      • Bit 4 – Attached bit for delay metric. Set to 0
      • Bit 3 – Attached bit for default metric. Used to L2 router into L1 area
      • Bit 2 – overload bit – to alert not to use the LSP advertise in this PDU.
      • Bits 1 and 0 – L1 router sets to 0x01. L1/L2 or L2 router set to 0x03
    • TLVs – Variable
  • Configurations:
    • Involves 3 steps: Configure Net ID to router on loopback interface. “set interfaces lo0 unit 0 family iso address 49.1921.6800.5001.00”
    • By default, router accepts only IP packet. To allow router to accept protocol types – 0x83, configure “family iso” command.
    • Configuring the ISIS protocol. Sample configuration.
    • When using “interface all” option, remember to “disable” on interface “fxp0.0”
  • Show commands;
    • Show isis adjacency [detail] –   to see adjacencies
    • Clear isis adjacency – to clear all adjacency. With hostname for specific
    • Show isis interface – detailed information about isis enabled interface.
    • Show isis hostname – dynamic host name resolution of system ID.
    • Show isis spf log –  history of spf calculation
    • Show isis statistics – packets beign transmitted, received and processed
    • Show isis route – results of the SPF calculation before placing into routing table.
    • Show isis database [detail | extensive] – to view ISIS database on an IS
  • Comparison with OSPF:
    • IS-IS levels are compared to OSPF areas
    • Only DIS in broadcast domain. No backup as BDR in OSPF.
    • All interfaces are set to default metric of 10 in ISIS.
    • Default priority of IS in broadcast domain in 64 in ISIS.128 in OSPF.
    • ISIS uses TLV. Hence easy to expand and modify.

Advanced concepts

  • ISIS TLV details: TLV name – TLV# – PDU usage
    • Area address – 1 – L1 LAN hello, L2 LAN Hello, P2P Hello, L1 LSP, L2 LSP
    • IS Reachability – 2 – L1 LSP and L2 LSP
    • IS Neighbors – 6 – L1 LAN hello, L2 LAN Hello
    • Padding – 8 – L1 LAN hello, L2 LAN Hello, P2P Hello
    • LSP entry – 9 – L1 CSNP, L2 CSNP, L1 PSNP and L2 PSNP
    • Authentication – 10 – Almost all PDUs depend on configuration
    • Checksum – 12 – All PDU except LSP
    • Extended IS reachability – 22 – L1 LSP, L2 LSP
    • IP internal reachability – 128 – L1 LSP, L2 LSP
    • Protocols supported – 129 – All hello PDUs and L1 LSP, L2 LSP
    • IP External reachability – 130 – L1 LSP and L2 LSP
    • IP interface address – 132 – All hello PDUs and L1 LSP, L2 LSP
    • TE IP Router ID –  134 – L1 LSP, L2 LSP
    • Extended IP reachability – 135 – L1 LSP, L2 LSP
    • Dynamic host name – 137 – L1 LSP, L2 LSP
    • Graceful restart – 211 – All Hello PDUs
    • P2P adjacency state – 240 – P2P Hello
  • Area Address TLV:
    • Describes current areas configured on local router, up to maximum of three.
    • TLV Type – 1 octet – set to value of 1. 0x01
    • TLV Length – 1 octet – range from 2 ( single area with length 1) to 42 ( 3*13)
    • Area Length – 1 octet – size of area address. Range from 1 to 13
    • Area ID – V – actual area address encoded in routers’ NET (Network entity title).
  • Use “monitor traffic interface xx size yy detail” command to view the PDUs.
  • IS Reachability TLV:
    • Transmitted on all Link state PDUs to inform all routers in network which systems are adjacent with the local router.
    • Set of metric, neighbor ID fields (11 octets) are repeated for every neighbor.
    • TLV type – 1 octet – set to value of 2. 0x02
    • TLV length – 1 octet – (this value -1 for virtual flag byte) should divisible by 11.
    • Virtual flag – 1 octet – not used and set to 0x00
    • R bit, I/E bit, Default metric – 1 octet – R bit is reserved for future and set to 0. I/E bit = 0 for internal metric and 1 for external metric. Remaining 6 bits for metric (small metric). Maximum metric can be 63.
    • S bit, I/E bit, Delay metric – 1 octet – Not supported. Hence S (supported) bit set to 1. All other bits are set to 0.
    • S bit, I/E bit, Expense metric – 1 octet – same as above
    • S bit, I/E bit, Error metric– 1 octet – same as above
    • Neighbor ID–7 octets–displays the ID of adjacent neighbor. System ID + Circuit ID
  • IS Neighbors TLV:
    • Each ISIS LAN hello PDU contains this field to report all remote peers which a local router has received a hello packet. Outgoing interface MAC address is used as SNAP (sub-network point of attachment)
    • TLV type – 1 octet – set to value of 6. 0x06
    • TLV length – 1 octet – multiples of 6 octets
    • Neighbor SNAP – 6 octets – contains MAC address of the neighbor
  • Padding TLV:
    • Routers pad its hello to check whether the minimum MTU of 1492 is available.
    • TLV type – 1 octet – set to value of 8. 0x08
    • TLV length – 1 octet – Range from 1 to 255
    • Padding Data (Variable) – all set to 0x00
  • LSP Entry TLV:
    • When an ISIS router sends CSNP or PSNP, the summary information about the entries in local database is encoded using LSP entry TLV.
    • TLV type – 1 octet – set to value of 9. 0x09
    • TLV length – 1 octet – multiples of 16 octets
    • Remaining Lifetime – 2 octets – time the LSP is active. Default: 1200 seconds.
    • LSP ID – 8 octets – system ID + Circuit ID + LSP number value
    • Sequence number – 4 octets- incremented from 0x00000001 to 0xffffffff
    • Checksum – 2 octets – checksum of PDU after lifetime.
  • Authentication TLV:
    • When plain text or MD5 authentication is enabled.
    • TLV type – 1 octet – set to value of 10. 0x000a
    • TLV length – 1 octet – 17 if MD5, variable if plain-text authentication.
    • Authentication Type – 1 octet – 1 if plain-text, 54 if MD5
    • Authentication data – variable – contains plain password or Md5 hash.
  • Checksum TLV:
    • An interface can be configured with ‘checksum’ command to force calculation of 2-byte checksum which are used in hello and SN PDUs. Check against device.
    • TLV type – 1 octet – set to value of 12. 0x000c
    • TLV length – 1 octet – set to value of 2.
    • Checksum – 2 octets – computed checksum. 0x0000 if MD5 is configured.
  • Extended IS reachability:
    • Includes support for TE using sub-TLV and wide metric. 24 bits for metric value.
    • TLV type – 1 octet – set to value of 22. 0x0016
    • TLV length – 1 octet – length of remaining fields.
    • System ID – 7 octets – system ID + 1 byte circuit ID of the neighbor peer.
    • Wide metric – 3 octets – 24 bits to represent metric. Max: 16,777,215
    • Sub-TLV length – 1 octet – 0 if no sub-TLV.
    • Sub TLVs – V- contains sub-TLVs like administrative group, IPv4 interface address, IPv4 neighbor address, maximum link BW, Maximum reservable, TE metric.
  • IP internal reachability TLV:
    • Used to advertise locally connected IP subnets to IS-IS network. It contains network, mask, Up/Down bit, internal/external bit and narrow metric
    • TLV type – 1 octet – set to value of 128. 0x0080
    • TLV length – 1 octet – multiples of 12 octets
    • U/D bit, I/E bit, Default Metric – 1 octet – When UP/Down bit is set to 0 (up), the routes can be advertised to higher level.
    • S bit, I/E bit, Delay metric – 1 octet – Not supported. Hence S (supported) bit set to 1. All other bits are set to 0.
    • S bit, I/E bit, Expense metric – 1 octet – same as above
    • S bit, I/E bit, Error metric– 1 octet – same as above
    • IP address – 4 octets – displays the network prefix.
    • Subnet mask – 4 octets – displays the subnet mask.
  • Protocols supported TLV:
    • To advertise L3 protocols supported by local router.
    • TLV type – 1 octet – set to value of 129. 0x0081
    • TLV length – 1 octet – each supported protocol consumes one octet
    • Network Layer Protocol ID – 1 octet – JUNOS support Ipv4 (0xcc) and ipv6(0x8E)
  • IP external reachability TLV:
    • Used to advertise routes that are not native to ISIS domain. External routes.
    • TLV type – 1 octet – set to value of 130. 0x0082
    • Other fields same as in IP internal reachability TLV
  • IP interface address TLV:
    • JUNOS advertise address configured on the loopback interface within this TLV.
    • TLV type – 1 octet – set to value of 132. 0x0084
    • TLV length – 1 octet – each advertised address consumes 4 octets
    • IPv4 address – 4 octets – Ipv4 interface address
  • Traffic engineering IP router ID TLV:
    • To advertise local router ID. This value is stored in both link state database and TED (Traffic engineering database)
    • TLV type – 1 octet – set to value of 134. 0x0086
    • TLV length – 1 octet – set to 4 octets
    • Router ID – 4 octet – router ID of local router
  • Extended IP reachability TLV:
    • To advertise IP routes using wide metric space defined for TE. All routes are advertised as internal routes. No need for external routes. May have sub-TLV
    • TLV type – 1 octet – set to value of 135. 0x0087
    • TLV length – 1 octet – length of remaining fields.
    • Metric – 4 octets- only 0 to 16,777,215 are used. Remaining reserved for future
    • U/D bit, Sub bit, prefix length – 1 octet – Sub-bit used to indicate any sub-TLVs are available. Set to 0 if no Sub-TLV. Prefix length- network portion of routes.
    • Prefix – Variable – routes advertised by local router.
    • Optional sub-TLV type – 1 octet – set to 0x01 to indicate ‘administrative’ tag
    • Sub-TLV length – 1 octet – length of optional sub-TLV
    • Sub-TLVs – Variable – administrative tag of the route.
  • Dynamic Host name TLV:
    • Hostname of the local router is included in this TLV. Useful in show commands.
    • TLV type – 1 octet – set to value of 137. 0x0089
    • TLV length – 1 octet – length of remaining fields.
    • Hostname – variable – hostname of the local router
  • Graceful restart TLV:
    • Restart capabilities/state of local router. Advertised in hello PDUs
    • TLV type – 1 octet – set to value of 137. 0x0089
    • TLV length – 1 octet – set to 3 octets
    • Flags – 1 octet – current restart status. Bits 2-7 are reserved. Bit 1: Restart acknowledgement. 0- restart request.
    • Remaining Time – 2 octets – time until the restart event should complete.
  • P2p adjacency state TLV:
    • IS neighbor TLV is only on broadcast domain. For P2P, this TLV is used.
    • It contains extended circuit ID of local router, neighbor system ID and neighbor extended circuit ID. JUNOS set circuit ID of all P2P interface as 0x01
    • TLV type – 1 octet – set to value of 240. 0x00F0
    • TLV length – 1 octet – set to 15
    • Adjacency state – 1 octet – current state from the perspective of local router. 0- UP, 1- Initializing, 2- Down.
    • Extended local circuit ID – 4 octets – set to ifIndex of local p2p interface
    • Neighbor system ID – 6 octets – system ID of neighbor router
    • Extended neighbor circuit ID – 4 octets – set to ifIndex of neighbor p2p interface.
  • Link state database:
    • Router has database as in OSPF and SPF algorithm runs to find shortest (by metric) path to all routes in the database.
    • Lifetime of all LSP is 1200 seconds. Originating router is responsible for re-flooding LSP before it expires. Done at around 317 seconds.
    • In case of tie (same metric), tie-breaking rules are applied.
  • IS-IS Areas and levels:
    • IS-IS area is only used to regulate the formation of adjacencies and setting of Attached bit in Level 1 LSP. The flooding scope of an LSP is controlled by a level.
    • All routers in Level-1 share same L1 database. All routers in level-2 share same l2 database. L1 adjacency cannot be formed between routers with different area ID
  • Configuration Options:
  • Graceful restart:
    • Same option as available in OSPF. Possible modes: restart candidate, possible helper and helper. During ‘helper’ mode it generates CSNP to restarting candidate and responds to LSP request. Default restarts duration: 90 seconds.
  • Authentication:
    • None (default), simple plain text and MD5. Two hierarchy to configure:
      • [protocol isis] mode inside level. All PDUs will be authenticated.
      • Inside [isis interface] where only hello packets are authenticated.
      • Uses “authentication-key” and “authentication-type” for first method.
      • Uses “hello-authentication-key” and type for second method.
    • no-authentication-check: Inside [protocol isis] mode. Stops local router to check authentication. Still generates packets with authentication TLV
    • no-hello-authentication:  Inside [isis level] mode. Removes authentication TLV from all transmitted hello packets.
    • no-csnp-authentication/ no-psnp-authentication: Inside [isis level] mode. Removes authentication TLV from CNSP/PNSP packets respectively.
  • Interface Metric:
    • All interfaces are assigned default metric of 10. Loopback interface and locally generated ISIS routes are assigned with metric of 0.
    • Can manually assign to each interface: “level 1 metric xx” inside [isis interface].
    • Change the reference BW using “reference-bandwidth” inside [protocol isis]
  • Wide-metric:
    • Extended TLVs use 24 bits for metric. Commands: “level 1 wide-metrics-only” command inside [protocol isis] mode.
    • Default behavior with narrow metric is, all metric greater than 63 are represented as 63. Maximum metric allowed in routing table using narrow metric is 1023
  • Mesh group:
    • In full-mesh WAN environment, all routers are connected to each other via p2p.
    • “mesh-group” is used to mitigate the flooding of LSPs in mesh-like environment.
    • Each interface is configured with local-significant 32-bit mesh group value. LSP received on this interface is not flooded to interfaces with same group value.
    • Command: “mesh-group xx” under [protocols isis interface] mode.
  • Overload bit:
    • When a router set overload bit in LSP header, other routers will not use this router to forward transit traffic. Routes local to router are reachable as stub link.
    • Reasons: when a router undergoes maintenance. To allow BGP neighbors to form before starting ISIS routing process.
    • Permanent overload: “overload” under [protocols isis] mode.
    • Temporary overload: “overload wait timeout [60-1800] seconds”
    • Configuring above command doesn’t affect current operation. Command effective only when we restart the router or routing process(deactivate/activate)
  • Multilevel IS-IS:
    • L1/L2 router which has knowledge about another level-2 area sends LSP with attached bit set into level-1 area.This makes level-1 router to install default route
    • L1 routers originate routes with UP bit set, which makes L1/L2 router to announce the prefix from level-1 database to level-2.
    • All internal level-1 prefix are advertised into L2 database by L1/L2 router.
    • All external level-1 prefix are ‘not’ advertised into L2 database/backbone area.
    • Intra-area/backbone prefix are ‘not’ advertised to another area by L1/L2 router.
    • Presence of narrow metric TLV makes router to ‘ignore’ wide metric TLV.
    • Use “wide metric” along with external route. All routes in extended TLV are considered ‘internal’ and hence passed by L1/L2 router into backbone area.
  • Route-leaking:
    • To send level-2 routes down into level-1 area or to send external level-1 routes up into level-2 backbone using routing policy. Sample configuration.
  • Address summarization:
    • Occurs at L1/L2 router which acts as boundary. No specific command as “area-range” in ospf. Need to create a summary router and advertise via routing policy.
    • Summary routes are generated as ‘external’ route with largest metric. Sample.

Observations:

  • After enabling wide metric, internal/external route becomes invalid and all routes are considered internal routes. When we redistribute a route from L1 to L1/L2 with narrow metric, it is advertised as “external” routes and hence will not be installed in routing table of L1/L2 router.
Advertisements
This entry was posted in is-is, jncis, Junos and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s