Today we’ll be playing around with the routing protocol that never seems to get much R&S certification love out outside of the written and the SP track, IS-IS!
Topology
Here is the topology we’ll be playing with.
I have setup 4 x routers in a square topology with R01 and R02 connected to it so we can play with metrics, I have allow attached some IOS-XR routers to R01 and R02 so we can see how that OS handles things.
IS-IS was developed before IP won the protocol VHS/Betamax fight so it uses an old protocol called CLNS to run, because of its CLNS roots we need to define a Network Entity Title (NET) address for each router in a Network Service Access Point (NSAP) address format.
Breaking the NET address into its simpliest form we need the following there are 4 parts: a AFI, an Area, a System ID, and a NSEL.
- AFI – The first 8 bits, this is usually 49 which denotes a private address
- Area – The next 16 bits is the area, the area needs to match for Level 1 connections and doesn’t need to match for Level 2
- System ID – The next 48 bits is the system ID, this needs to be unique on each router.
- NSEL – The final 8 bits is always 00
R01’s NET address will be: 49.0111.0000.0000.0001.00
49 is the AFI, 0111 is the area, 0000.0000.0001 is the system id, and the nsel is 00 as always.
When configuring ISIS you can either choose to name the instance or leave it blank, I’ll name it and also enable logging since IS-IS would log adjacency by default.
R01
R01(config)#router isis MEOWCAT R01(config-router)# net 49.0111.0000.0000.0001.00 R01(config-router)# log-adjacency-changes all
IS-IS doesn’t use network statements so we instead enable IS-IS on each interface we want it to run on. Because IS-IS is CLNS it doesn’t really care what the payload is, so we can enable IP and IPv6 under the same instance.
R01(config)#interface GigabitEthernet0/1 R01(config-if)# ip router isis MEOWCAT R01(config-if)# ipv6 router isis MEOWCAT R01(config-if)# R01(config-if)#int g0/2 R01(config-if)# ip router isis MEOWCAT R01(config-if)# ipv6 router isis MEOWCAT R01(config-if)# R01(config-if)#int l0 R01(config-if)# ip router isis MEOWCAT R01(config-if)# ipv6 router isis MEOWCAT
XRV01
IOS-XR is configured with a similar logic except we need to tell it to run in single topology since IOS runs it by default. You also must name the instance.
RP/0/0/CPU0:XRV01(config)#router isis MEOWCAT RP/0/0/CPU0:XRV01(config-isis)# net 49.0111.0000.0000.000F.00 RP/0/0/CPU0:XRV01(config-isis)# log adjacency changes RP/0/0/CPU0:XRV01(config-isis)# address-family ipv6 unicast RP/0/0/CPU0:XRV01(config-isis-af)# single-topology RP/0/0/CPU0:XRV01(config-isis-af)# ! RP/0/0/CPU0:XRV01(config-isis-af)# interface Loopback0 RP/0/0/CPU0:XRV01(config-isis-if)# address-family ipv4 unicast RP/0/0/CPU0:XRV01(config-isis-if-af)# ! RP/0/0/CPU0:XRV01(config-isis-if-af)# address-family ipv6 unicast RP/0/0/CPU0:XRV01(config-isis-if-af)# ! RP/0/0/CPU0:XRV01(config-isis-if-af)# ! RP/0/0/CPU0:XRV01(config-isis-if-af)# interface GigabitEthernet0/0/0/0 RP/0/0/CPU0:XRV01(config-isis-if)# address-family ipv4 unicast RP/0/0/CPU0:XRV01(config-isis-if-af)# ! RP/0/0/CPU0:XRV01(config-isis-if-af)# address-family ipv6 unicast RP/0/0/CPU0:XRV01(config-isis-if-af)# RP/0/0/CPU0:XRV01(config-isis-if-af)#commit Wed May 31 03:29:45.534 UTC
The first adjacency
R01#show isis neighbors Tag MEOWCAT: System Id Type Interface IP Address State Holdtime Circuit Id XRV01 L1 Gi0/2 10.1.254.254 UP 7 XRV01.01 XRV01 L2 Gi0/2 10.1.254.254 UP 7 XRV01.01
By default IS-IS will try automatically form two adjacency with each peer, if the peer is in the same area it will form a Level 1 connection and a Level 2. Level 1 is IS-IS’s version of a stub route and provides automatic filtering and summarization, level 2 has no restrictions.
RP/0/0/CPU0:XRV01#show isis neighbors Wed May 31 03:50:39.348 UTC IS-IS MEOWCAT neighbors: System Id Interface SNPA State Holdtime Type IETF-NSF R01 Gi0/0/0/0 fa16.3eb1.b6ea Up 25 L1L2 Capable Total neighbor count: 1
If we add the rest of the routers the mix, R11 will only form a L2 connection with R01
R11(config)#router isis MEOWCAT R11(config-router)# net 49.1234.0000.0000.0011.00 R11(config-router)# log-adjacency-changes all R11(config-router)#interface Loopback0 R11(config-if)# ip router isis MEOWCAT R11(config-if)# ipv6 router isis MEOWCAT R11(config-if)#interface GigabitEthernet0/0 R11(config-if)#interface GigabitEthernet0/1 R11(config-if)# ip router isis MEOWCAT R11(config-if)# ipv6 router isis MEOWCAT R11(config-if)#interface GigabitEthernet0/2 R11(config-if)# ip router isis MEOWCAT R11(config-if)# ipv6 router isis MEOWCAT R11(config-if)#interface GigabitEthernet0/5 R11(config-if)# ip router isis MEOWCAT R11(config-if)# ipv6 router isis MEOWCAT
It is also neat to point out that IS-IS automatically learns its neighbor’s hostname and displays it in the database and output.
R01# show isis neighbors Tag MEOWCAT: System Id Type Interface IP Address State Holdtime Circuit Id XRV01 L1 Gi0/2 10.1.254.254 UP 8 XRV01.01 XRV01 L2 Gi0/2 10.1.254.254 UP 8 XRV01.01 R11 L2 Gi0/1 10.1.11.11 UP 8 R11.01
Looking at the routing table we can see R01 sees everything as Level 2 except for XRV01’s 192.168.1.254 loopback.
R01#show ip route isis | be Gateway Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks i L2 10.2.12.0/24 [115/30] via 10.1.11.11, 00:01:41, GigabitEthernet0/1 i L2 10.2.254.0/24 [115/40] via 10.1.11.11, 00:01:41, GigabitEthernet0/1 i L2 10.11.12.0/24 [115/20] via 10.1.11.11, 00:01:41, GigabitEthernet0/1 i L2 10.11.13.0/24 [115/20] via 10.1.11.11, 00:01:41, GigabitEthernet0/1 i L2 10.12.14.0/24 [115/30] via 10.1.11.11, 00:01:41, GigabitEthernet0/1 i L2 10.13.14.0/24 [115/30] via 10.1.11.11, 00:01:41, GigabitEthernet0/1 192.168.0.0/32 is subnetted, 6 subnets i L2 192.168.0.2 [115/40] via 10.1.11.11, 00:01:41, GigabitEthernet0/1 i L2 192.168.0.11 [115/20] via 10.1.11.11, 00:01:41, GigabitEthernet0/1 i L2 192.168.0.12 [115/30] via 10.1.11.11, 00:01:41, GigabitEthernet0/1 i L2 192.168.0.13 [115/30] via 10.1.11.11, 00:01:41, GigabitEthernet0/1 i L2 192.168.0.14 [115/40] via 10.1.11.11, 00:01:41, GigabitEthernet0/1 192.168.1.0/32 is subnetted, 1 subnets i L1 192.168.1.254 [115/20] via 10.1.254.254, 00:08:33, GigabitEthernet0/2 192.168.2.0/32 is subnetted, 1 subnets i L2 192.168.2.254 [115/50] via 10.1.11.11, 00:01:41, GigabitEthernet0/1
And the same thing for IPv6
R01#show ipv6 route isis IPv6 Routing Table - default - 21 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid lA - LISP away, a - Application I2 2001::2/128 [115/40] via FE80::B, GigabitEthernet0/1 I2 2001::11/128 [115/20] via FE80::B, GigabitEthernet0/1 I2 2001::12/128 [115/30] via FE80::B, GigabitEthernet0/1 I2 2001::13/128 [115/30] via FE80::B, GigabitEthernet0/1 I2 2001::14/128 [115/40] via FE80::B, GigabitEthernet0/1 I1 2001:1::254/128 [115/20] via FE80::254, GigabitEthernet0/2 I2 2001:2::254/128 [115/50] via FE80::B, GigabitEthernet0/1 I2 2001:1234:212::/64 [115/30] via FE80::B, GigabitEthernet0/1 I2 2001:1234:222::/64 [115/40] via FE80::B, GigabitEthernet0/1 I2 2001:1234:1122::/64 [115/20] via FE80::B, GigabitEthernet0/1 I2 2001:1234:1133::/64 [115/20] via FE80::B, GigabitEthernet0/1 I2 2001:1234:1212::/64 [115/20] via FE80::B, GigabitEthernet0/1 I2 2001:1234:2222::/64 [115/40] via FE80::B, GigabitEthernet0/1 I2 2001:1234:2244::/64 [115/30] via FE80::B, GigabitEthernet0/1 I2 2001:1234:3344::/64 [115/30] via FE80::B, GigabitEthernet0/1
Metrics
IS-IS’s metric can actually be pretty complex but fortunately Cisco only supports the default metric which means that every hop adds 10 to the metric.
By default we can only manually change the metric up to 63 under an interface unless we enable the new metric-style wide mode
R01(config)#int g0/1 R01(config-if)#isis metric 100 Warning: for metrics greater than 63, 'metric-style wide' should be configured on level-1-2, or it will be capped at 63.
Database
IS-IS is a link state protocol like OSPF so it keeps an identical Level 2 database between each router, it will also have a separate Level 1 database.
R01#show isis database Tag MEOWCAT: IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL R01.00-00 * 0x000000A4 0x65FB 934 1/0/0 XRV01.00-00 0x000000A6 0x24CF 926 1/0/0 XRV01.01-00 0x00000093 0x37F5 510 0/0/0 IS-IS Level-2 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL R01.00-00 * 0x000000B6 0x7091 928 0/0/0 R02.00-00 0x0000009E 0xC93F 763 0/0/0 R02.01-00 0x0000008F 0x9B9E 1127 0/0/0 XRV02.00-00 0x000000A2 0xDC92 916 0/0/0 XRV02.01-00 0x00000093 0x3204 1048 0/0/0 XRV01.00-00 0x000000AE 0xB8CE 511 0/0/0 XRV01.01-00 0x00000094 0x35F6 511 0/0/0 R11.00-00 0x000000BA 0x01FD 927 0/0/0 R11.01-00 0x0000008F 0x4BE1 926 0/0/0 R12.00-00 0x000000AF 0xA271 924 0/0/0 R12.01-00 0x0000008E 0xE437 963 0/0/0 R13.00-00 0x000000A8 0x49BD 924 0/0/0 R13.01-00 0x00000090 0x32E2 865 0/0/0 R13.02-00 0x00000090 0xDF37 763 0/0/0 R14.00-00 0x000000AA 0x857A 922 0/0/0 R14.02-00 0x0000008F 0x0114 486 0/0/0 R01#
One interesting thing about IS-IS in single topology mode is that the database is contains, both IPv4 and IPv6 routes.
R01#show isis database R01.00-00 detail Tag MEOWCAT: IS-IS Level-1 LSP R01.00-00 LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL R01.00-00 * 0x000000A4 0x65FB 656 1/0/0 Area Address: 49.0111 NLPID: 0xCC 0x8E Hostname: R01 Metric: 10 IS XRV01.01 IP Address: 192.168.0.1 Metric: 10 IP 10.1.11.0 255.255.255.0 Metric: 10 IP 192.168.0.1 255.255.255.255 Metric: 10 IP 10.1.254.0 255.255.255.0 IPv6 Address: 2001::1 Metric: 10 IPv6 2001::1/128 Metric: 10 IPv6 2001:1234:111::/64 Metric: 10 IPv6 2001:1234:1111::/64 IS-IS Level-2 LSP R01.00-00 LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL R01.00-00 * 0x000000B6 0x7091 650 0/0/0 Area Address: 49.0111 NLPID: 0xCC 0x8E Hostname: R01 Metric: 10 IS XRV01.01 Metric: 10 IS R11.01 IP Address: 192.168.0.1 Metric: 10 IP 10.1.11.0 255.255.255.0 Metric: 10 IP 192.168.0.1 255.255.255.255 Metric: 10 IP 10.1.254.0 255.255.255.0 Metric: 20 IP 192.168.1.254 255.255.255.255 IPv6 Address: 2001::1 Metric: 10 IPv6 2001::1/128 Metric: 10 IPv6 2001:1234:111::/64 Metric: 10 IPv6 2001:1234:1111::/64 Metric: 20 IPv6 2001:1::254/128
Traffic Engineering
Currently we can see that XRV1 will go through R01 -> R11 -> R12 -> R02 to get to XRV2
RP/0/0/CPU0:XRV01# traceroute 192.168.2.254 source 192.168.1.254 Wed May 31 04:07:50.527 UTC Type escape sequence to abort. Tracing the route to 192.168.2.254 1 10.1.254.1 9 msec 9 msec 0 msec 2 10.1.11.11 9 msec 9 msec 9 msec 3 10.11.12.12 19 msec 19 msec 19 msec 4 10.2.12.2 19 msec 19 msec 29 msec 5 10.2.254.254 19 msec * 19 msec
We can adjust the path on a hop by hop basis by changing the ISIS metric.
R11(config)#int g0/1 R11(config-if)#isis metric 50 R11(config-if)# R11(config-if)# R11(config-if)#do sh ip route 192.168.2.254 Routing entry for 192.168.2.254/32 Known via "isis", distance 115, metric 60, type level-2 Redistributing via isis MEOWCAT Last update from 10.11.13.13 on GigabitEthernet0/2, 00:00:07 ago Routing Descriptor Blocks: * 10.11.13.13, from 192.168.0.2, 00:00:07 ago, via GigabitEthernet0/2 Route metric is 60, traffic share count is 1
Now XR1 will go to R11 then R13 -> R14 -> R12 before getting the XRV02
RP/0/0/CPU0:XRV01# traceroute 192.168.2.254 source 192.168.1.254 Wed May 31 04:11:35.902 UTC Type escape sequence to abort. Tracing the route to 192.168.2.254 1 10.1.254.1 9 msec 0 msec 9 msec 2 10.1.11.11 9 msec 9 msec 9 msec 3 10.11.13.13 19 msec 19 msec 29 msec 4 10.13.14.14 29 msec 29 msec 29 msec 5 10.12.14.12 19 msec 19 msec 19 msec 6 10.2.12.2 29 msec 29 msec 19 msec 7 10.2.254.254 29 msec * 29 msec
One thing to note is that because IPv6 is running in single topology, it is also affected by our change.
RP/0/0/CPU0:XRV01# traceroute 2001:2::254 source 2001:1::254 Wed May 31 04:13:40.913 UTC Type escape sequence to abort. Tracing the route to 2001:2::254 1 2001:1234:1111::1 19 msec 9 msec 9 msec 2 2001:1234:1212::b 9 msec 9 msec 19 msec 3 2001:1234:1133::13 49 msec 39 msec 29 msec 4 2001:1234:3344::14 129 msec 19 msec 29 msec 5 2001:1234:2244::12 19 msec 19 msec 29 msec 6 2001:1234:212::2 59 msec 29 msec 29 msec 7 2001:2::254 39 msec 39 msec 29 msec
Level 2 only
In order to simplify our topology lets tell our routers to not run Level 1 anywhere since we don’t need it.
R01(config)#router isis MEOWCAT R01(config-router)#is-type level-2-only RP/0/0/CPU0:XRV01(config-isis)#router isis MEOWCAT RP/0/0/CPU0:XRV01(config-isis)#is-type level-2-only RP/0/0/CPU0:XRV01(config-isis)#commit
Now those pesky level 1 routes are gone.
RP/0/0/CPU0:XRV01#show isis database Wed May 31 04:16:58.230 UTC IS-IS MEOWCAT (Level-2) Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL R01.00-00 0x000000ba 0x6bc0 1191 0/0/0 R02.00-00 0x000000a2 0xff35 1186 0/0/0 R02.01-00 0x00000091 0x97a0 1182 0/0/0 XRV02.00-00 0x000000a6 0x8b40 1181 0/0/0 XRV02.01-00 0x00000095 0x2e06 1181 0/0/0 XRV01.00-00 * 0x000000b3 0x02ec 1186 0/0/0 XRV01.01-00 0x00000096 0x31f8 1186 0/0/0 R11.00-00 0x000000c0 0x3ed0 1191 0/0/0 R11.01-00 0x00000091 0x47e3 1186 0/0/0 R12.00-00 0x000000b3 0xdca9 1189 0/0/0 R12.01-00 0x00000090 0xe039 1185 0/0/0 R13.00-00 0x000000ad 0xdf2f 1188 0/0/0 R13.01-00 0x00000091 0x30e3 726 0/0/0 R13.02-00 0x00000092 0xdb39 1185 0/0/0 R14.00-00 0x000000ae 0x18f0 1186 0/0/0 R14.02-00 0x00000091 0xfc16 1183 0/0/0 Total Level-2 LSP count: 16 Local Level-2 LSP count: 1
Let’s also turn on the wide style metrics while we’re at it.
RP/0/0/CPU0:XRV01(config)#router isis MEOWCAT RP/0/0/CPU0:XRV01(config-isis)#address-family ipv4 RP/0/0/CPU0:XRV01(config-isis-af)#metric-style wide RP/0/0/CPU0:XRV01(config-isis-af)#address-family ipv6 RP/0/0/CPU0:XRV01(config-isis-af)#metric-style wide RP/0/0/CPU0:XRV01(config-isis-af)#commit
Now we can change the metric to a much higher value if we want to
R11(config-router)#int g0/1 R11(config-if)#isis metric 10000
Finally lets enable multi-topology to see how that works, for XRV this means we disable single topology
RP/0/0/CPU0:XRV01(config)#router isis MEOWCAT RP/0/0/CPU0:XRV01(config-isis-af)#address-family ipv6 unicast RP/0/0/CPU0:XRV01(config-isis-af)#no single-topology RP/0/0/CPU0:XRV01(config-isis-af)#commit
For IOS we tell it to use mutli-mode
R12(config-router)#router isis MEOWCAT R12(config-router)#address-family ipv6 unicast R12(config-router-af)#multi-topology
Once that is done we can now change the IPv4 and IPv6 metric independently
After removing the above metric, this is what our traceroutes look like
RP/0/0/CPU0:XRV01# traceroute 192.168.2.254 source 192.168.1.254 Wed May 31 04:28:55.990 UTC Type escape sequence to abort. Tracing the route to 192.168.2.254 1 10.1.254.1 9 msec 0 msec 0 msec 2 10.1.11.11 39 msec 19 msec 19 msec 3 10.11.12.12 39 msec 9 msec 9 msec 4 10.2.12.2 19 msec 19 msec 29 msec 5 10.2.254.254 19 msec * 19 msec RP/0/0/CPU0:XRV01# traceroute 2001:2::254 source 2001:1::254 Wed May 31 04:29:04.270 UTC Type escape sequence to abort. Tracing the route to 2001:2::254 1 2001:1234:1111::1 9 msec 9 msec 9 msec 2 2001:1234:1212::b 19 msec 29 msec 19 msec 3 2001:1234:1122::12 19 msec 29 msec 29 msec 4 2001:1234:212::2 19 msec 19 msec 39 msec 5 2001:2::254 39 msec 29 msec 19 msec
Now I’ll add the high metric back to R11 and just the IPv4 path is changed. We can use the isis metric ipv6 command if we want to change the other ones.
RP/0/0/CPU0:XRV01# traceroute 192.168.2.254 source 192.168.1.254 Wed May 31 04:31:48.409 UTC Type escape sequence to abort. Tracing the route to 192.168.2.254 1 10.1.254.1 9 msec 0 msec 9 msec 2 10.1.11.11 9 msec 9 msec 9 msec 3 10.11.13.13 19 msec 29 msec 19 msec 4 10.13.14.14 29 msec 29 msec 19 msec 5 10.12.14.12 19 msec 19 msec 19 msec 6 10.2.12.2 29 msec 19 msec 19 msec 7 10.2.254.254 29 msec * 19 msec RP/0/0/CPU0:XRV01# RP/0/0/CPU0:XRV01# RP/0/0/CPU0:XRV01# traceroute 2001:2::254 source 2001:1::254 Wed May 31 04:31:56.258 UTC Type escape sequence to abort. Tracing the route to 2001:2::254 1 2001:1234:1111::1 19 msec 9 msec 9 msec 2 2001:1234:1212::b 9 msec 9 msec 9 msec 3 2001:1234:1122::12 19 msec 39 msec 19 msec 4 2001:1234:212::2 29 msec 19 msec 19 msec 5 2001:2::254 29 msec 29 msec 29 msec RP/0/0/CPU0:XRV01#
There is a lot more to this routing protocol but this should do for a quick introduction.