Implementing IS-IS
Unknown
PDF - This Chapter (1.69 MB)
Routing Configuration Guide for Cisco 8000 Series Routers, IOS XR Release 7.10.x - Implementing IS-IS [Cisco 8000 Series Routers] - Cisco
File Info : application/pdf, 86 Pages, 1.69MB
DocumentDocument
implement-is-is Implementing IS-IS
Integrated Intermediate System-to-Intermediate System (IS-IS), Internet Protocol Version 4 (IPv4), is a standards-based Interior Gateway Protocol (IGP). The Cisco software implements the IP routing capabilities described in International Organization for Standardization (ISO)/International Engineering Consortium (IEC) 10589 and RFC 1195, and adds the standard extensions for single topology and multitopology IS-IS for IP Version 6 (IPv6).
This module describes how to implement IS-IS (IPv4 and IPv6) on your Cisco IOS XR network.
· Prerequisites for Implementing IS-IS, on page 2 · Restrictions for Implementing IS-IS, on page 2 · Information About Implementing IS-IS , on page 2 · Multitopology Configuration, on page 11 · Limit LSP Flooding, on page 11 · IPv6 Routing and Configuring IPv6 Addressing, on page 16 · Flood Blocking on Specific Interfaces, on page 16 · Multitopology IPv6 for IS-IS, on page 17 · IS-IS Authentication, on page 17 · Multi-Instance IS-IS, on page 21 · Enable IS-IS and Configure Level 1 or Level 2 Routing, on page 21 · Single-Topology IPv6, on page 23 · Customize Routes for IS-IS, on page 30 · Set Priority for Adding Prefixes to RIB, on page 34 · IS-IS Interfaces, on page 35 · Nonstop Forwarding, on page 38 · ISIS NSR, on page 41 · Multiprotocol Label Switching Traffic Engineering, on page 43 · Overload Bit on Router, on page 51 · IS-IS Overload Bit Avoidance, on page 52 · Default Routes, on page 53 · Attached Bit on an IS-IS Instance, on page 53 · IS-IS Support for Route Tags, on page 54 · Multicast-Intact Feature , on page 54 · Multicast Topology Support Using IS-IS, on page 55 · MPLS TE Interarea Tunnels , on page 55 · IP Fast Reroute, on page 55
Implementing IS-IS 1
�Prerequisites for Implementing IS-IS
Implementing IS-IS
· Unequal Cost Multipath Load-balancing for IS-IS, on page 55 · Configuring Multitopology Routing, on page 56 · Restrictions for Configuring Multitopology Routing, on page 56 · Information About Multitopology Routing, on page 56 · Configuring a Global Topology and Associating It with an Interface, on page 56 · Enabling an IS-IS Topology, on page 58 · Placing an Interface in a Topology in IS-IS, on page 59 · Configuring a Routing Policy, on page 60 · Configuring Multitopology for IS-IS, on page 61 · Enabling Multicast-Intact , on page 62 · Configuring IP/LDP Fast Reroute , on page 63 · ISIS Link Group , on page 65 · Configure Link Group Profile, on page 66 · Configure Link Group Interface, on page 68 · Configuration Examples for Implementing IS-IS , on page 70 · Configuring Global Weighted SRLG Protection, on page 77 · Label Distribution Protocol IGP Auto-configuration, on page 79 · Support for a Configurable Knob to Reject ISIS PDU on L2 Interfaces, on page 80 · spf-interval ietf, on page 84
Prerequisites for Implementing IS-IS
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Restrictions for Implementing IS-IS
When multiple instances of IS-IS are being run, an interface can be associated with only one instance (process). Instances may not share an interface.
Information About Implementing IS-IS
To implement IS-IS you need to understand the following concepts:
IS-IS Functional Overview
Small IS-IS networks are typically built as a single area that includes all routers in the network. As the network grows larger, it may be reorganized into a backbone area made up of the connected set of all Level 2 routers from all areas, which is in turn connected to local areas. Within a local area, routers know how to reach all system IDs. Between areas, routers know how to reach the backbone, and the backbone routers know how to reach other areas.
The IS-IS routing protocol supports the configuration of backbone Level 2 and Level 1 areas and the necessary support for moving routing information between the areas. Routers establish Level 1 adjacencies to perform
Implementing IS-IS 2
�Implementing IS-IS
Key Features Supported in the Cisco IOS XR IS-IS Implementation
routing within a local area (intra-area routing). Routers establish Level 2 adjacencies to perform routing between Level 1 areas (interarea routing). Each IS-IS instance can support either a single Level 1 or Level 2 area, or one of each. By default, all IS-IS instances automatically support Level 1 and Level 2 routing. You can change the level of routing to be performed by a particular routing instance using the is-type command.
Restrictions When multiple instances of IS-IS are being run, an interface can be associated with only one instance (process). Instances may not share an interface.
Key Features Supported in the Cisco IOS XR IS-IS Implementation
The Cisco IOS XR implementation of IS-IS conforms to the IS-IS Version 2 specifications detailed in RFC 1195 and the IPv6 IS-IS functionality based on the Internet Engineering Task Force (IETF) IS-IS Working Group draft-ietf-isis-ipv6.txt document. The following list outlines key features supported in the Cisco IOS XR implementation:
· Single topology IPv6 · Multitopology · Nonstop forwarding (NSF), both Cisco proprietary and IETF · Three-way handshake · Mesh groups · Multiple IS-IS instances · Configuration of a broadcast medium connecting two networking devices as a point-to-point link · Fast-flooding with different threads handling flooding and shortest path first (SPF).
Note For information on IS-IS support for Bidirectional Forwarding Detection (BFD), see and .
IS-IS Configuration Grouping
Cisco IOS XR groups all of the IS-IS configuration in router IS-IS configuration mode, including the portion of the interface configurations associated with IS-IS. To display the IS-IS configuration in its entirety, use the show running router isis command. The command output displays the running configuration for all configured IS-IS instances, including the interface assignments and interface attributes.
Conditional Default Route Originate in IS-IS based on BGP Neighbor Status
Table 1: Feature History Table
Feature Name
Release
Feature Description
Information
Implementing IS-IS 3
�Conditional Default Route Originate in IS-IS based on BGP Neighbor Status
Implementing IS-IS
Conditional Default Release 7.3.2 Route Originating in IS-IS
The Conditional Default Route Originating in IS-IS feature allows you to enhance the granularity of the default route the IS-IS originates based on a condition. It enables IS-IS to originate the default route based on the presence of a specific route in the RIB originated by a particular BGP speaker.
This feature improves the reaction time of the watched route in the RIB by avoiding periodical queries of the routing policy. This feature enables you to respond to the client in a timely fashion when the watched route changes in the RIB.
Conditional Default Route Originating in IS-IS featureis based on BGP Neighbor Status feature allows you to enhance the granularity in the way IS-IS originates the default route based on certain specific conditions.
This feature improves the reaction time on the changes of the watched route in the RIB. With the async keyword in RPL, it avoids periodical query of the given policy. However, this feature allows you to callback to the client when the watched route changes in the RIB.
Configuration Example
Router(config)#router isis 1 Router(config-isis)# is-type level-2-only Router(config-isis)# net 47.0000.0000.0005.00 Router(config-isis)# address-family ipv4 unicast Router(config-isis-af)# metric-style wide Router(config-isis-af)# mpls traffic-eng level-2-only Router(config-isis-af)# mpls traffic-eng router-id 10.5.5.5 Router(config-isis-af)# default-information originate route-policy Router(config-isis-af)# segment-routing mpls sr-prefer Router(config-isis-af)# exit Router(config-isis)# address-family ipv6 unicast Router(config-isis-af)# metric-style wide Router(config-isis-af)# default-information originate route-policy Router(config-isis-af)# segment-routing mpls sr-prefer Router(config-isis-af)# exit Router(config-isis)# exit
/* Configure originate default route in ISIS based on BGP Neighbor Status */ Router(config)# route-policy track_bgp_neighbor Router(config-rpl)# if track track-bgp-neighbors is up then Router(config-rpl-if)# pass Router(config-rpl-if)# endif Router(config-rpl)# end-policy
/* Configure originate default route in ISIS based on BGP Route Status in RIB. */ Router(config)# route-policy track-bgp-neighbors Router(config-rpl)# if rib-has-route async (192.1.1.0/24, 192.1.2.0/24) and source in (10.2.35.1) and track track-bgp-neighbors is up then Router(config-rpl-if)# pass Router(config-rpl-if)# endif Router(config-rpl-if)# end-policy
/* Track BGP neighbors */ Router(config)# track track-bgp-neighbors Router(config-track)# type bgp neighbor address-family state Router(config-track)# exit Router(config)# address-family ipv4 unicast Router(config)# neighbor 10.2.35.1
Implementing IS-IS 4
�Implementing IS-IS
Conditional Default Route Originate in IS-IS based on BGP Neighbor Status
/* Configure the prefix-set in RPL */ Router(config)# prefix-set bgp_ipv6_neighbor_id Router(config-pfx)# 10:2:35::1 Router(config-pfx)# end-set
Router(config)# prefix-set bgp_ipv6_watched_routes Router(config-pfx)# 192:1:1::/112 Router(config-pfx)# 192:1:2::/112 Router(config-pfx)# end-set
Router(config)# route-policy default_route_policy_ipv6 Router(config-rpl)# if rib-has-route async bgp_ipv6_watched_routes and protocol is bgp 100
and source in bgp_ipv6_neighbor_id then Router(config-rpl-if)# pass Router(config-rpl-if)# else Router(config-rpl-if)# drop Router(config-rpl-if)# endif Router(config-rpl)# end-policy
router isis 1 is-type level-2-only net 47.0000.0000.0005.00
. .
address-family ipv4 unicast metric-style wide mpls traffic-eng level-2-only mpls traffic-eng router-id 5.5.5.5 default-information originate route-policy <policy name - track-bgp-neighbors> segment-routing mpls sr-prefer
! address-family ipv6 unicast
metric-style wide default-information originate route-policy <policy name - default_route_policy_ipv6> segment-routing mpls sr-prefer
/* Configure originate default route in ISIS based on BGP Neighbor Status */
Tue May 4 11:02:22.031 IST route-policy track_bgp_neighbor
if track track-bgp-neighbors is up then pass
endif end-policy
/* Configure originate default route in ISIS based on BGP Route Status in RIB */ Mon Mar 8 13:25:26.263 IST route-policy track-bgp-neighbors
if rib-has-route async (192.1.1.0/24, 192.1.2.0/24) and source in (10.2.35.1) and track track-bgp-neighbors is up then
pass endif end-policy
/* Configure tracking the status of the BGP neighbor */ show run track track-bgp-neighbors Mon Mar 8 13:39:49.489 IST track track-bgp-neighbors
type bgp neighbor address-family state address-family ipv4 unicast neighbor 10.2.35.1
Implementing IS-IS 5
�Conditional Default Route Originate in IS-IS based on BGP Neighbor Status
Implementing IS-IS
! ! ! /* Configure prefix-set in RPL */ show rpl route-policy default_route_policy_ipv6 detail Mon Mar 8 13:25:48.631 IST prefix-set bgp_ipv6_neighbor_id
10:2:35::1 end-set ! prefix-set bgp_ipv6_watched_routes
192:1:1::/112, 192:1:2::/112 end-set ! route-policy default_route_policy_ipv6 if rib-has-route async bgp_ipv6_watched_routes and protocol is bgp 100 and source in bgp_ipv6_neighbor_id then
pass else
drop endif end-policy !
Verification
/* Verify the status of the BGP neighbor */
Router(config)# show bgp neighbor brief
Mon Mar 8 13:30:27.312 IST
Neighbor
Spk AS Description Up/Down NBRState
10.2.35.1
0 100
02:18:39 Established
10:2:35::1
0 100
02:18:40 Established
/* Verify the IPv4 RIB route */ Router# show route ipv4 192.1.1.0/24 Mon Mar 8 13:33:14.726 IST Routing entry for 192.1.1.0/24
Known via "bgp 100", distance 200, metric 0, type internal Installed Mar 8 11:11:52.738 for 02:21:22 Routing Descriptor Blocks
10.2.35.1, from 10.2.35.1 Route metric is 0
No advertising protos.
/* Verify the IPv6 RIB route */ Router# show route ipv6 192:1:1::/112 Mon Mar 8 13:33:31.340 IST Routing entry for 192:1:1::/112
Known via "bgp 100", distance 200, metric 0, type internal Installed Mar 8 11:11:52.738 for 02:21:38 Routing Descriptor Blocks
10:2:35::1, from 10:2:35::1 Route metric is 0
No advertising protos.
/* Verify tracking the status of the BGP neighbor */ Router# show track track-bgp-neighbors Mon Mar 8 13:52:16.746 IST Track track-bgp-neighbors
BGP Neighbor AF IPv4 Unicast NBR 10.2.35.1 vrf default Reachability is UP
Implementing IS-IS 6
�Implementing IS-IS
Router Configuration Mode
Neighbor Address Reachablity is Up BGP Neighbor Address-family state is Up 12 changes, last change IST Mon Mar 08 2021 11:11:52.741 Delay up 0 secs(default), down 0 secs(default)
/* Verify the default route status in IS-IS address family */ Router# show isis Mon Mar 8 13:34:39.412 IST
IS-IS Router: 1
System Id: 0000.0000.0005
Instance Id: 0
IS Levels: level-2-only
Manual area address(es):
47
Routing for area address(es):
47
!! .
.
Topologies supported by IS-IS:
IPv4 Unicast
.
.
Originating default route active since Mar 08 2021 11:12:05.914 IST
IPv6 Unicast
.
.
Originating default route active since Mar 08 2021 11:12:05.917 IST
!!
/* Verify the IS-IS database */
Router# show isis database detail verbose r5 | i 0.0.0.0/0
Mon Mar 8 13:47:10.624 IST
Metric: 0
IP-Extended 0.0.0.0/0
Router# show isis database detail verbose r5 | i ::/0
Mon Mar 8 13:47:10.727 IST
Metric: 0
MT (IPv6 Unicast) IPv6 ::/0
/* Verify the IPv4 IS-IS routes */ Router# show isis ipv4 route 0.0.0.0/0
Mon Mar 8 13:44:58.226 IST
L2 0.0.0.0/0 [10/115] via 10.1.35.2, TenGigE0/0/0/31, r5, SRGB Base: 16000, Weight: 0
/* Verify the IPv6 IS-IS routes */ Router# show isis ipv6 route 0::0/0 Mon Mar 8 13:45:02.699 IST
L2 ::/0 [10/115] via fe80::28a:96ff:fee7:f418, TenGigE0/0/0/31, r5, SRGB Base: 16000, Weight: 0
Router Configuration Mode
The following example shows how to enter router configuration mode:
RP/0/# configuration RP/0/(config)# router isis isp RP/0/(config-isis)#
Implementing IS-IS 7
�Router Address Family Configuration Mode
Implementing IS-IS
Router Address Family Configuration Mode
The following example shows how to enter router address family configuration mode:
RP/0/(config)# router isis isp RP/0/(config-isis)# address-family ipv4 u nicast RP/0/(config-isis-af)#
Interface Configuration Mode
The following example shows how to enter interface configuration mode:
RP/0/(config)# router isis isp RP/0/(config-isis)# interface GigabitEthernet 0 /3/0/0 RP/0/(config-isis-if)#
Interface Address Family Configuration Mode
The following example shows how to enter interface address family configuration mode:
RP/0/(config)# router isis isp RP/0/(config-isis)# interface GigabitEthernet 0 /3/0/0 RP/0/(config-isis-if)# address-family ipv4 unicast RP/0/(config-isis-if-af)#
Implementing IS-IS 8
�Implementing IS-IS
Setting an SPF interval for delaying the IS-IS SPF computations
Setting an SPF interval for delaying the IS-IS SPF computations
Table 2: Feature History Table
Feature Name
Setting SPF interval in IS-IS to postpone the IS-IS SPF computations
Release Release 7.7.1
Description
You can now define a standard algorithm to postpone the IS-IS SPF computations by setting an SPF interval. This reduces the computational load and churn on IGP nodes when multiple temporally close network events trigger multiple SPF computations.
This algorithm also reduces the probability and the duration of transient forwarding loops during native IS-IS convergence when the protocol reacts to multiple temporally close events.
This feature complies with RFC 8405.
This feature introduces the spf-interval ietf command.
You can set an SPF interval in IS-IS to define a standard algorithm to postpone the IS-IS SPF computations off. This reduces the computational load and churn on IGP nodes when multiple temporally close network events trigger multiple SPF computations.
This algorithm reduces the probability and the duration of transient forwarding loops during native IS-IS convergence when the protocol reacts to multiple temporally close events.
To do this, you can use the algorithm specified by RFC 8405 to temporarily postpone the IS-IS SPF computation.
This task is optional.
Setting IETF for postponing SPF calculations
Configuration 1. Enter to the Cisco IOS XR configuration mode.
For example,
Router# configure
2. Enable IS-IS routing for the specified routing instance and place the router in router configuration mode. For example,
Router(config)# router isis <tag>
3. Specify the IPv4 or IPv6 address family, and then enters router address family configuration mode.
Implementing IS-IS 9
�Setting IETF for postponing SPF calculations
Implementing IS-IS
For example,
Router(config-isis)# address-family {ipv4 | ipv6} unicast
4. Set the interval type (IETF) for SPF calculations. For example,
Router(config-isis-af)# spf-interval ietf
5. Commit the changes. For example,
Router(config-isis-af)# commit
Configuration Example
Router# configure
Router(config)# router isis isp
Router(config-isis)# address-family ipv4 unicast
Router(config-isis-af)# spf-interval ietf?
initial-wait Initial delay before running a route calculation [50]
short-wait
Short delay before running a route calculation [200]
long-wait
Long delay before running a route calculation [5000]
learn-interval Time To Learn interval for running a route calculation [500]
holddown-interval Holddown interval for running a route calculation [10000]
level
Set SPF interval for one level only
Router(config-isis-af)# spf-interval ietf
Router(config-isis-af)# commit
Verification Example
Router# show run router isis router isis 1
net 49.0001.0000.0000.0100.00 log adjacency changes address-family ipv4 unicast
metric-style wide spf-interval ietf ! address-family ipv6 unicast metric-style wide spf-interval ietf !
Router(config-isis-af)# spf-interval ietf?
initial-wait Initial delay before running a route calculation [50]
short-wait
Short delay before running a route calculation [200]
long-wait
Long delay before running a route calculation [5000]
learn-interval Time To Learn interval for running a route calculation [500]
holddown-interval Holddown interval for running a route calculation [10000]
level
Set SPF interval for one level only
The following show command displays the output with the new spf-interval algorithm. The output displays the actual delay taken to compute the SPF.
Router# show isis ipv4 spf-log last 5 detail
IS-IS 1 Level 2 IPv4 Unicast Route Calculation Log
Time Total Trig.
Timestamp Type (ms) Nodes Count First Trigger LSP Triggers
------------ ----- ----- ----- ----- -------------------- -----------------------
--- Wed Mar 16 2022 ---
15:31:49.763 FSPF
1
6
3
tb5-r4.00-00 LINKBAD PREFIXBAD
Implementing IS-IS 10
�Implementing IS-IS
Multitopology Configuration
Delay:
Trigger Link: Trigger Prefix: New LSP Arrivals: SR uloop: Next Wait Interval: RIB Batches: Timings (ms):
SPT Calculation: Route Update:
101ms (since first trigger)
261177ms (since end of last calculation)
tb5-r2.00
34.1.24.0/24
0
No
200ms
1 (0 critical, 0 high, 0 medium, 1 low)
+--Total--+
Real CPU
1
1
0
0
----- -----
It is recommended to use the default delay values, which are listed in Syntax description. These default parameters are suggetsed by RFC 8405. These should be appropriate for most networks.
However, you can configure different values if required.
For example,
Router# configure Router(config)# router isis isp Router(config-isis)# address-family ipv4 unicast Router(config-isis-af)# spf-interval ietf Router(config-isis-af)# commit Router(config-isis-af)# spf-interval ietf short-wait 500 Router(config-isis-af)# commit
Multitopology Configuration
The software supports multitopology for IPv6 IS-IS unless single topology is explicitly configured in IPv6 address-family configuration mode.
Note IS-IS supports IP routing and not Open Systems Interconnection (OSI) Connectionless Network Service (CLNS) routing.
Limit LSP Flooding
Limiting link-state packets (LSP) may be desirable in certain "meshy" network topologies. An example of such a network might be a highly redundant one such as a fully meshed set of point-to-point links over a nonbroadcast multiaccess (NBMA) transport. In such networks, full LSP flooding can limit network scalability. One way to restrict the size of the flooding domain is to introduce hierarchy by using multiple Level 1 areas and a Level 2 area. However, two other techniques can be used instead of or with hierarchy: Block flooding on specific interfaces and configure mesh groups.
Both techniques operate by restricting the flooding of LSPs in some fashion. A direct consequence is that although scalability of the network is improved, the reliability of the network (in the face of failures) is reduced because a series of failures may prevent LSPs from being flooded throughout the network, even though links exist that would allow flooding if blocking or mesh groups had not restricted their use. In such a case, the link-state databases of different routers in the network may no longer be synchronized. Consequences such
Implementing IS-IS 11
�Control LSP Flooding for IS-IS
Implementing IS-IS
as persistent forwarding loops can ensue. For this reason, we recommend that blocking or mesh groups be used only if specifically required, and then only after careful network design.
Control LSP Flooding for IS-IS
Flooding of LSPs can limit network scalability. You can control LSP flooding by tuning your LSP database parameters on the router globally or on the interface. This task is optional. Many of the commands to control LSP flooding contain an option to specify the level to which they apply. Without the option, the command applies to both levels. If an option is configured for one level, the other level continues to use the default value. To configure options for both levels, use the command twice. For example:
RP/0/RP0/CPU0:router(config-isis)# lsp-refresh-interval 1200 level 2 RP/0/RP0/CPU0:router(config-isis)# lsp-refresh-interval 1100 level 1
SUMMARY STEPS
1. configure 2. router isis instance-id 3. lsp-refresh-interval seconds [ level { 1 | 2 }] 4. lsp-check-interval seconds [ level { 1 | 2 }] 5. lsp-gen-interval { [ initial-wait initial | secondary-wait secondary | maximum-wait maximum
] ... } [ level { 1 | 2 }] 6. lsp-mtu bytes [ level { 1 | 2 }] 7. max-lsp-lifetime seconds [ level { 1 | 2 }] 8. ignore-lsp-errors disable 9. interface type interface-path-id 10. lsp-interval milliseconds [ level { 1 | 2 }] 11. csnp-interval seconds [ level { 1 | 2 }] 12. retransmit-interval seconds [ level { 1 | 2 }] 13. retransmit-throttle-interval milliseconds [ level { 1 | 2 }] 14. mesh-group { number | blocked } 15. Use the commit or end command. 16. show isis interface [ type interface-path-id | level { 1 | 2 }] [ brief ] 17. show isis [ instance instance-id ] database [ level { 1 | 2 }] [ detail | summary | verbose ] [ *
| lsp-id ] 18. show isis [ instance instance-id ] lsp-log [ level { 1 | 2 }] 19. show isis database-log [ level { 1 | 2 }]
DETAILED STEPS
Step 1
configure Example:
RP/0/# configure
Implementing IS-IS 12
�Implementing IS-IS
Control LSP Flooding for IS-IS
Step 2 Step 3 Step 4 Step 5
Step 6 Step 7
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. · You can change the level of routing to be performed by a particular routing instance by using the is-type router configuration command.
lsp-refresh-interval seconds [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis)# lsp-refresh-interval 10800
(Optional) Sets the time between regeneration of LSPs that contain different sequence numbers · The refresh interval should always be set lower than the max-lsp-lifetime command.
lsp-check-interval seconds [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis)# lsp-check-interval 240
(Optional) Configures the time between periodic checks of the entire database to validate the checksums of the LSPs in the database.
· This operation is costly in terms of CPU and so should be configured to occur infrequently.
lsp-gen-interval { [ initial-wait initial | secondary-wait secondary | maximum-wait maximum ] ... } [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis)# lsp-gen-interval maximum-wait 15 initial-wait 5
(Optional) Reduces the rate of LSP generation during periods of instability in the network. Helps reduce the CPU load on the router and number of LSP transmissions to its IS-IS neighbors.
· During prolonged periods of network instability, repeated recalculation of LSPs can cause an increased CPU load on the local router. Further, the flooding of these recalculated LSPs to the other Intermediate Systems in the network causes increased traffic and can result in other routers having to spend more time running route calculations.
lsp-mtu bytes [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis)# lsp-mtu 1300
(Optional) Sets the maximum transmission unit (MTU) size of LSPs. max-lsp-lifetime seconds [ level { 1 | 2 }] Example:
Implementing IS-IS 13
�Control LSP Flooding for IS-IS
Implementing IS-IS
Step 8 Step 9 Step 10 Step 11
Step 12 Step 13
RP/0/RP0/CPU0:router(config-isis)# max-lsp-lifetime 11000
(Optional) Sets the initial lifetime given to an LSP originated by the router. · This is the amount of time that the LSP persists in the database of a neighbor unless the LSP is regenerated or refreshed.
ignore-lsp-errors disable Example:
RP/0/RP0/CPU0:router(config-isis)# ignore-lsp-errors disable
(Optional) Sets the router to purge LSPs received with checksum errors. interface type interface-path-id Example:
RP/0/RP0/CPU0:router(config-isis)# interface HundredGigE 0/1/0/3
Enters interface configuration mode. lsp-interval milliseconds [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-if)# lsp-interval 100
(Optional) Configures the amount of time between each LSP sent on an interface. csnp-interval seconds [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-if)# csnp-interval 30 level 1
(Optional) Configures the interval at which periodic CSNP packets are sent on broadcast interfaces. · Sending more frequent CSNPs means that adjacent routers must work harder to receive them. · Sending less frequent CSNP means that differences in the adjacent routers may persist longer.
retransmit-interval seconds [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-if)# retransmit-interval 60
(Optional) Configures the amount of time that the sending router waits for an acknowledgment before it considers that the LSP was not received and subsequently resends.
RP/0/RP0/CPU0:router(config-isis-if)# retransmit-interval 60
retransmit-throttle-interval milliseconds [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-if)# retransmit-throttle-interval 1000
Implementing IS-IS 14
�Implementing IS-IS
Control LSP Flooding for IS-IS
Step 14 Step 15
Step 16 Step 17 Step 18 Step 19
(Optional) Configures the amount of time between retransmissions on each LSP on a point-to-point interface. · This time is usually greater than or equal to the lsp-interval command time because the reason for lost LSPs may be that a neighboring router is busy. A longer interval gives the neighbor more time to receive transmissions.
mesh-group { number | blocked } Example:
RP/0/RP0/CPU0:router(config-isis-if)# mesh-group blocked
(Optional) Optimizes LSP flooding in NBMA networks with highly meshed, point-to-point topologies. · This command is appropriate only for an NBMA network with highly meshed, point-to-point topologies.
Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
show isis interface [ type interface-path-id | level { 1 | 2 }] [ brief ] Example:
RP/0/RP0/CPU0:router# show isis interface HundredGigE 0/1/0/1 brief
(Optional) Displays information about the IS-IS interface. show isis [ instance instance-id ] database [ level { 1 | 2 }] [ detail | summary | verbose ] [ * | lsp-id ] Example:
RP/0/RP0/CPU0:router# show isis database level 1
(Optional) Displays the IS-IS LSP database. show isis [ instance instance-id ] lsp-log [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router# show isis lsp-log
(Optional) Displays LSP log information. show isis database-log [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router# show isis database-log level 1
(Optional) Display IS-IS database log information.
Implementing IS-IS 15
�IPv6 Routing and Configuring IPv6 Addressing
Implementing IS-IS
IPv6 Routing and Configuring IPv6 Addressing
By default, IPv6 routing is disabled in the software. To enable IPv6 routing, you must assign IPv6 addresses to individual interfaces in the router using the ipv6 enable or ipv6 address command. See the Network Stack IPv4 and IPv6 Commands on module of .
Flood Blocking on Specific Interfaces
With this technique, certain interfaces are blocked from being used for flooding LSPs, but the remaining interfaces operate normally for flooding. This technique is simple to understand and configure, but may be more difficult to maintain and more error prone than mesh groups in the long run. The flooding topology that IS-IS uses is fine-tuned rather than restricted. Restricting the topology too much (blocking too many interfaces) makes the network unreliable in the face of failures. Restricting the topology too little (blocking too few interfaces) may fail to achieve the desired scalability.
To improve the robustness of the network in the event that all nonblocked interfaces drop, use the csnp-interval command in interface configuration mode to force periodic complete sequence number PDUs (CSNPs) packets to be used on blocked point-to-point links. The use of periodic CSNPs enables the network to become synchronized.
Maximum LSP Lifetime and Refresh Interval
By default, the router sends a periodic LSP refresh every 15 minutes. LSPs remain in a database for 20 minutes by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or maximum LSP lifetime. The LSP interval should be less than the LSP lifetime or else LSPs time out before they are refreshed. In the absence of a configured refresh interval, the software adjusts the LSP refresh interval, if necessary, to prevent the LSPs from timing out.
Minimum Remaining Lifetime
The Minimum Remaining Lifetime feature prevents premature purging and unnecessary flooding of LSPs. If the Remaining Lifetime field gets corrupted during flooding, this corruption is undetectable. The consequences of such corruption depend on how the Remaining Lifetime value is altered. This feature resolves this problem by enabling IS-IS to reset the Remaining Lifetime value of the received LSP, to the maximum LSP lifetime. By default, the maximum LSP lifetime is configured as 1200 seconds and you can configure it to a different value using the max-lsp-lifetime seconds command. This action ensures that whatever be the value of Remaining Lifetime that is received, a system other than the originator of an LSP will never purge the LSP, until the LSP has existed in the database at least for maximum LSP lifetime.
If the remaining lifetime for the LSP reaches 0, the LSP is kept in the link state database for an additional 60 seconds. This additional lifetime is known as Zero Age Lifetime. If the corresponding router does not update the LSP even after the Zero Age Lifetime, the LSP is deleted from the link state database.
The Remaining Lifetime field is also useful in identifying a problem in the network. If the received LSP lifetime value is less than the Zero Age Lifetime, which is 60 seconds, IS-IS generates an error message indicating that it's a corrupted lifetime event. The sample error message is as follows:
Dec 14 15:36:45.663 : isis[1011]: RECV L2 LSP 1111.1111.1112.03-00 from 1111.1111.1112.03: possible corrupted lifetime 59 secs for L2 lsp 1111.1111.1112.03-00 from SNPA 02e9.4522.5326 detected.
Implementing IS-IS 16
�Implementing IS-IS
Mesh Group Configuration
IS-IS saves the received remaining lifetime value in LSP database. The value is shown in the show isis database command output under the Rcvd field. For more information about the show isis database command, see IS-IS Commands Chapter of the Routing Command Reference for Cisco NCS 5500 Series Routers.
Mesh Group Configuration
Configuring mesh groups (a set of interfaces on a router) can help to limit flooding. All routers reachable over the interfaces in a particular mesh group are assumed to be densely connected with each router having at least one link to every other router. Many links can fail without isolating one or more routers from the network. In normal flooding, a new LSP is received on an interface and is flooded out over all other interfaces on the router. With mesh groups, when a new LSP is received over an interface that is part of a mesh group, the new LSP is not flooded over the other interfaces that are part of that mesh group.
Multitopology IPv6 for IS-IS
Multitopology IPv6 for IS-IS assumes that multitopology support is required as soon as it detects interfaces configured for both IPv6 and IPv4 within the IS-IS stanza. Because multitopology is the default behavior in the software, you must explicitly configure IPv6 to use the same topology as IPv4 to enable single-topology IPv6. Configure the single-topology command in IPv6 router address family configuration submode of the IS-IS router stanza. The following example shows multitopology IS-IS being configured in IPv6.
router isis isp net 49.0000.0000.0001.00 interface POS0/3/0/0 address-family ipv6 unicast metric-style wide level 1 exit
! interface POS0/3/0/0
ipv6 address 2001::1/64
IS-IS Authentication
Authentication is available to limit the establishment of adjacencies by using the hello-password command, and to limit the exchange of LSPs by using the lsp-password command. IS-IS supports plain-text authentication, which does not provide security against unauthorized users. Plain-text authentication allows you to configure a password to prevent unauthorized networking devices from forming adjacencies with the router. The password is exchanged as plain text and is potentially visible to an agent able to view the IS-IS packets. When an HMAC-MD5 password is configured, the password is never sent over the network and is instead used to calculate a cryptographic checksum to ensure the integrity of the exchanged data.
Implementing IS-IS 17
�Configure Authentication for IS-IS
Implementing IS-IS
IS-IS stores a configured password using simple encryption. However, the plain-text form of the password is used in LSPs, sequence number protocols (SNPs), and hello packets, which would be visible to a process that can view IS-IS packets. The passwords can be entered in plain text (clear) or encrypted form.
To set the domain password, configure the lsp-password command for Level 2; to set the area password, configure the lsp-password command for Level 1.
The keychain feature allows IS-IS to reference configured keychains. IS-IS key chains enable hello and LSP keychain authentication. Keychains can be configured at the router level (in the case of the lsp-password command) and at the interface level (in the case of the hello-password command) within IS-IS. These commands reference the global keychain configuration and instruct the IS-IS protocol to obtain security parameters from the global set of configured keychains.
IS-IS is able to use the keychain to implement hitless key rollover for authentication. ey rollover specification is time based, and in the event of clock skew between the peers, the rollover process is impacted. The configurable tolerance specification allows for the accept window to be extended (before and after) by that margin. This accept window facilitates a hitless key rollover for applications (for example, routing and management protocols).
Configure Authentication for IS-IS
This task explains how to configure authentication for IS-IS. This task is optional.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. lsp-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only ]
[ snp send-only ] 4. interface type interface-path-id 5. hello-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only
] 6. Use the commit or end command.
DETAILED STEPS
Step 1 Step 2
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. · You can change the level of routing to be performed by a particular routing instance by using the is-type command.
Implementing IS-IS 18
�Implementing IS-IS
Configure Authentication for IS-IS
Step 3
Step 4 Step 5 Step 6
lsp-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only ] [ snp send-only ]
Example:
RP/0/RP0/CPU0:router(config-isis)# lsp-password hmac-md5 clear password1 level 1
Configures the LSP authentication password. · The hmac-md5 keyword specifies that the password is used in HMAC-MD5 authentication. · The text keyword specifies that the password uses cleartext password authentication. · The clear keyword specifies that the password is unencrypted when entered. · The encrypted keyword specifies that the password is encrypted using a two-way algorithm when entered. · The level 1 keyword sets a password for authentication in the area (in Level 1 LSPs and Level SNPs). · The level 2 keywords set a password for authentication in the backbone (the Level 2 area). · The send-only keyword adds authentication to LSP and sequence number protocol data units (SNPs) when they are sent. It does not authenticate received LSPs or SNPs. · The snp send-only keyword adds authentication to SNPs when they are sent. It does not authenticate received SNPs.
Note
To disable SNP password checking, the snp send-only keywords must be specified in the lsp-password
command.
interface type interface-path-id Example:
RP/0/RP0/CPU0:router(config-isis)# interface GigabitEthernet 0/1/0/3
Enters interface configuration mode. hello-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only ] Example:
RP/0/RP0/CPU0:router(config-isis-if)#hello-password text clear mypassword
Configures the authentication password for an IS-IS interface. Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
Implementing IS-IS 19
�Configure Keychains for IS-IS
Implementing IS-IS
Configure Keychains for IS-IS
This task explains how to configure keychains for IS-IS. This task is optional.
Keychains can be configured at the router level ( lsp-password command) and at the interface level ( hello-password command) within IS-IS. These commands reference the global keychain configuration and instruct the IS-IS protocol to obtain security parameters from the global set of configured keychains. The router-level configuration (lsp-password command) sets the keychain to be used for all IS-IS LSPs generated by this router, as well as for all Sequence Number Protocol Data Units (SN PDUs). The keychain used for HELLO PDUs is set at the interface level, and may be set differently for each interface configured for IS-IS.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. l sp-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] [ snp send-only ] 4. interface type interface-path-id 5. hello-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] 6. Use the commit or end command.
DETAILED STEPS
Step 1 Step 2 Step 3 Step 4
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. · You can change the level of routing to be performed by a particular routing instance by using the is-type command.
l sp-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] [ snp send-only ] Example:
RP/0/RP0/CPU0:router(config-isis)# lsp-password keychain isis_a level 1
Configures the keychain. interface type interface-path-id Example:
RP/0/RP0/CPU0:router(config-isis)# interface HundredGigE 0/1/0/3
Enters interface configuration mode.
Implementing IS-IS 20
�Implementing IS-IS
Multi-Instance IS-IS
Step 5 Step 6
hello-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] Example:
RP/0/RP0/CPU0:router(config-isis-if)#hello-password keychain isis_b
Configures the authentication password for an IS-IS interface. Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
Multi-Instance IS-IS
You can configure up to 16 IS-IS instances. MPLS can run on multiple IS-IS processes as long as the processes run on different sets of interfaces. Each interface may be associated with only a single IS-IS instance. The software prevents the double-booking of an interface by two instances at configuration time--two instances of MPLS configuration causes an error. Because the Routing Information Base (RIB) treats each of the IS-IS instances as equal routing clients, you must be careful when redistributing routes between IS-IS instances. The RIB does not know to prefer Level 1 routes over Level 2 routes. For this reason, if you are running Level 1 and Level 2 instances, you must enforce the preference by configuring different administrative distances for the two instances.
Enable IS-IS and Configure Level 1 or Level 2 Routing
This task explains how to enable IS-IS and configure the routing level for an area.
Note Configuring the routing level in Step 4 is optional, but is highly recommended to establish the proper level of adjacencies.
Before you begin
Although you can configure IS-IS before you configure an IP address, no IS-IS routing occurs until at least one IP address is configured.
SUMMARY STEPS
1. configure 2. router isis instance-id
Implementing IS-IS 21
�Enable IS-IS and Configure Level 1 or Level 2 Routing
Implementing IS-IS
DETAILED STEPS
3. net network-entity-title 4. is-type { level-1 | level-1-2 | level-2-only } 5. Use the commit or end command. 6. show isis [ instance instance-id ] protocol
Step 1 Step 2 Step 3
Step 4
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. · By default, all IS-IS instances are automatically Level 1 and Level 2. You can change the level of routing to be performed by a particular routing instance by using the is-type router configuration command.
net network-entity-title Example:
RP/0/RP0/CPU0:router(config-isis)# net 47.0004.004d.0001.0001.0c11.1110.00
Configures network entity titles (NETs) for the routing instance. · Specify a NET for each routing instance if you are configuring multi-instance IS-IS. · This example configures a router with area ID 47.0004.004d.0001 and system ID 0001.0c11.1110.00. · To specify more than one area address, specify additional NETs. Although the area address portion of the NET differs, the systemID portion of the NET must match exactly for all of the configured items.
is-type { level-1 | level-1-2 | level-2-only } Example:
RP/0/RP0/CPU0:router(config-isis)# is-type level-2-only
(Optional) Configures the system type (area or backbone router). · By default, every IS-IS instance acts as a level-1-2 router. · The level-1 keyword configures the software to perform Level 1 (intra-area) routing only. Only Level 1 adjacencies are established. The software learns about destinations inside its area only. Any packets containing destinations outside the area are sent to the nearest level-1-2 router in the area. · The level-2-only keyword configures the software to perform Level 2 (backbone) routing only, and the router establishes only Level 2 adjacencies, either with other Level 2-only routers or with level-1-2 routers.
Implementing IS-IS 22
�Implementing IS-IS
Single-Topology IPv6
Step 5 Step 6
· The level-1-2 keyword configures the software to perform both Level 1 and Level 2 routing. Both Level 1 and Level 2 adjacencies are established. The router acts as a border router between the Level 2 backbone and its Level 1 area.
Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
show isis [ instance instance-id ] protocol Example:
RP/0/RP0/CPU0:router# show isis protocol
(Optional) Displays summary information about the IS-IS instance.
Single-Topology IPv6
Single-topology IPv6 allows IS-IS for IPv6 to be configured on interfaces along with an IPv4 network protocol. All interfaces must be configured with the identical set of network protocols, and all routers in the IS-IS area (for Level 1 routing) or the domain (for Level 2 routing) must support the identical set of network layer protocols on all interfaces.
In single-topology mode, IPv6 topologies work with both narrow and wide metric styles in IPv4 unicast topology. During single-topology operation, one shortest path first (SPF) computation for each level is used to compute both IPv4 and IPv6 routes. Using a single SPF is possible because both IPv4 IS-IS and IPv6 IS-IS routing protocols share a common link topology.
Configure Single Topology for IS-IS
After an IS-IS instance is enabled, it must be configured to compute routes for a specific network topology.
This task explains how to configure the operation of the IS-IS protocol on an interface for an IPv4 or IPv6 topology.
Implementing IS-IS 23
�Configure Single Topology for IS-IS
Implementing IS-IS
Before you begin
Note To enable the router to run in single-topology mode, configure each of the IS-IS interfaces with all of the address families enabled and "single-topology" in the address-family IPv6 unicast in the IS-IS router stanza. You can use either the IPv6 address family or both IPv4 and IPv6 address families, but your configuration must represent the set of all active address families on the router. Additionally, explicitly enable single-topology operation by configuring it in the IPv6 router address family submode.
Two exceptions to these instructions exist:
1. If the address-family stanza in the IS-IS process contains the adjacency-check disable command, then an interface is not required to have the address family enabled.
2. The single-topology command is not valid in the ipv4 address-family submode.
The default metric style for single topology is narrow metrics. However, you can use either wide metrics or narrow metrics. How to configure them depends on how single topology is configured. If both IPv4 and IPv6 are enabled and single topology is configured, the metric style is configured in the address-family ipv4 stanza. You may configure the metric style in the address-family ipv6 stanza, but it is ignored in this case. If only IPv6 is enabled and single topology is configured, then the metric style is configured in the address-family ipv6 stanza.
SUMMARY STEPS
1. configure 2. interface type interface-path-id 3. Do one of the following:
· ipv4 address address mask · ipv6 address ipv6-prefix / prefix-length [ eui-64 ] · ipv6 address ipv6-address { / prefix-length | link-local } · ipv6 enable
4. exit 5. router isis instance-id 6. net network-entity-title 7. address-family ipv6 [ unicast ] 8. single-topology 9. exit 10. interface type interface-path-id 11. circuit-type { level-1 | level-1-2 | level-2-only } 12. address-family { ipv4 | ipv6 } [ unicast ] 13. Use the commit or end command. 14. show isis [ instance instance-id ] interface [ type interface-path-id ] [ detail ] [ level { 1 | 2 }] 15. show isis [ instance instance-id ] topology [ systemid system-id ] [ level { 1 | 2 }] [ summary
]
Implementing IS-IS 24
�Implementing IS-IS
Configure Single Topology for IS-IS
DETAILED STEPS
Step 1 Step 2 Step 3
configure Example:
RP/0/# configure
Enters mode.
interface type interface-path-id Example:
RP/0/RP0/CPU0:router(config)# interface HundredGigE 0/1/0/3
Enters interface configuration mode.
Do one of the following: · ipv4 address address mask · ipv6 address ipv6-prefix / prefix-length [ eui-64 ] · ipv6 address ipv6-address { / prefix-length | link-local } · ipv6 enable
Example:
RP/0/RP0/CPU0:router(config-if)# ipv4 address 10.0.1.3 255.255.255.0
or
RP/0/RP0/CPU0:router(config-if)# ipv6 address 3ffe:1234:c18:1::/64 eui-64 RP/0/RP0/CPU0:router(config-if)# ipv6 address FE80::260:3EFF:FE11:6770 link-local RP/0/RP0/CPU0:router(config-if)# ipv6 enable
or Defines the IPv4 address for the interface. An IP address is required on all interfaces in an area enabled for IS-IS if any one interface is configured for IS-IS routing. or Specifies an IPv6 network assigned to the interface and enables IPv6 processing on the interface with the eui-64 keyword. or Specifies an IPv6 address assigned to the interface and enables IPv6 processing on the interface with the link-local keyword. or Automatically configures an IPv6 link-local address on the interface while also enabling the interface for IPv6 processing.
· The link-local address can be used only to communicate with nodes on the same link. · Specifying the ipv6 address ipv6-prefix / prefix-length interface configuration command without the eui-64
keyword configures site-local and global IPv6 addresses.
Implementing IS-IS 25
�Configure Single Topology for IS-IS
Implementing IS-IS
Step 4 Step 5 Step 6
Step 7 Step 8
· Specifying the ipv6 address ipv6-prefix / prefix-length command with the eui-64 keyword configures site-local and global IPv6 addresses with an interface ID in the low-order 64 bits of the IPv6 address. Only the 64-bit network prefix for the address needs to be specified; the last 64 bits are automatically computed from the interface ID.
· Specifying the ipv6 address command with the link-local keyword configures a link-local address on the interface that is used instead of the link-local address that is automatically configured when IPv6 is enabled on the interface.
exit Example:
RP/0/RP0/CPU0:router(config-if)# exit
Exits interface configuration mode, and returns the router to mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. · By default, all IS-IS instances are Level 1 and Level 2. You can change the level of routing to be performed by a particular routing instance by using the is-type command.
net network-entity-title Example:
RP/0/RP0/CPU0:router(config-isis)# net 47.0004.004d.0001.0001.0c11.1110.00
Configures NETs for the routing instance. · Specify a NET for each routing instance if you are configuring multi-instance IS-IS. You can specify a name for a NET and for an address. · This example configures a router with area ID 47.0004.004d.0001 and system ID 0001.0c11.1110.00. · To specify more than one area address, specify additional NETs. Although the area address portion of the NET differs, the system ID portion of the NET must match exactly for all of the configured items.
address-family ipv6 [ unicast ] Example:
RP/0/RP0/CPU0:router(config-isis)# address-family ipv6 unicast
Specifies the IPv6 address family and enters router address family configuration mode. · This example specifies the unicast IPv6 address family.
single-topology Example:
RP/0/RP0/CPU0:router(config-isis-af)# single-topology
Implementing IS-IS 26
�Implementing IS-IS
Configure Single Topology for IS-IS
Step 9 Step 10 Step 11
Step 12 Step 13 Step 14
(Optional) Configures the link topology for IPv4 when IPv6 is configured. · The single-topology command is valid only in IPv6 submode. The command instructs IPv6 to use the single topology rather than the default configuration of a separate topology in the multitopology mode.
exit Example:
RP/0/RP0/CPU0:router(config-isis-af)# exit
Exits router address family configuration mode, and returns the router to router configuration mode. interface type interface-path-id Example:
RP/0/RP0/CPU0:router(config-isis)# interface HundredGigE 0/1/0/3HundredGigE 0/1/0/3
Enters interface configuration mode. circuit-type { level-1 | level-1-2 | level-2-only } Example:
RP/0/RP0/CPU0:router(config-isis-if)# circuit-type level-1-2
(Optional) Configures the type of adjacency. · The default circuit type is the configured system type (configured through the is-type command). · Typically, the circuit type must be configured when the router is configured as only level-1-2 and you want to constrain an interface to form only level-1 or level-2-only adjacencies.
address-family { ipv4 | ipv6 } [ unicast ] Example:
RP/0/RP0/CPU0:router(config-isis-if)# address-family ipv4 unicast
Specifies the IPv4 or IPv6 address family, and enters interface address family configuration mode. · This example specifies the unicast IPv4 address family on the interface.
Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
show isis [ instance instance-id ] interface [ type interface-path-id ] [ detail ] [ level { 1 | 2 }] Example:
Implementing IS-IS 27
�Set SPF Interval for a Single-Topology Configuration
Implementing IS-IS
Step 15
RP/0/RP0/CPU0:router# show isis interface HundredGigE 0/1/0/1
(Optional) Displays information about the IS-IS interface. show isis [ instance instance-id ] topology [ systemid system-id ] [ level { 1 | 2 }] [ summary ] Example:
RP/0/RP0/CPU0:router# show isis topology
(Optional) Displays a list of connected routers in all areas.
Configuring Single-Topology IS-IS for IPv6: Example
The following example shows single-topology mode being enabled. An IS-IS instance is created, the NET is defined, IPv6 is configured along with IPv4 on an interface, and IPv4 link topology is used for IPv6. This configuration allows POS interface 0/3/0/0 to form adjacencies for both IPv4 and IPv6 addresses.
router isis isp net 49.0000.0000.0001.00 address-family ipv6 unicast single-topology interface POS0/3/0/0 address-family ipv4 unicast ! address-family ipv6 unicast ! exit
! interface POS0/3/0/0
ipv4 address 10.0.1.3 255.255.255.0 ipv6 address 2001::1/64
Set SPF Interval for a Single-Topology Configuration
This task explains how to make adjustments to the SPF calculation to tune router performance. This task is optional.
Because the SPF calculation computes routes for a particular topology, the tuning attributes are located in the router address family configuration submode. SPF calculation computes routes for Level 1 and Level 2 separately.
When IPv4 and IPv6 address families are used in a single-topology mode, only a single SPF for the IPv4 topology exists. The IPv6 topology "borrows" the IPv4 topology; therefore, no SPF calculation is required for IPv6. To tune the SPF calculation parameters for single-topology mode, configure the address-family ipv4 unicast command.
The incremental SPF algorithm can be enabled separately. When enabled, the incremental shortest path first (ISPF) is not employed immediately. Instead, the full SPF algorithm is used to "seed" the state information required for the ISPF to run. The startup delay prevents the ISPF from running for a specified interval after an IS-IS restart (to permit the database to stabilize). After the startup delay elapses, the ISPF is principally
Implementing IS-IS 28
�Implementing IS-IS
Set SPF Interval for a Single-Topology Configuration
responsible for performing all of the SPF calculations. The reseed interval enables a periodic running of the full SPF to ensure that the iSFP state remains synchronized.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } [ unicast ] 4. spf-interval {[ initial-wait initial | secondary-wait secondary | maximum-wait maximum ] ...}
[ level { 1 | 2 }] 5. ispf [ level { 1 | 2 }] 6. Use the commit or end command. 7. show isis [ instance instance-id ] [[ ipv4 | ipv6 | afi-all ] [ unicast | safi-all ]] spf-log [ level { 1
| 2 }] [ ispf | fspf | prc | nhc ] [ detail | verbose ] [ last number | first number ]
DETAILED STEPS
Step 1 Step 2
Step 3 Step 4
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. · You can change the level of routing to be performed by a particular routing instance by using the is-type router configuration command.
address-family { ipv4 | ipv6 } [ unicast ] Example:
RP/0/RP0/CPU0:router(config-isis)#address-family ipv4 unicast
Specifies the IPv4or IPv6 address family, and enters router address family configuration mode. spf-interval {[ initial-wait initial | secondary-wait secondary | maximum-wait maximum ] ...} [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-af)# spf-interval initial-wait 10 maximum-wait 30
(Optional) Controls the minimum time between successive SPF calculations. · This value imposes a delay in the SPF computation after an event trigger and enforces a minimum elapsed time between SPF runs.
Implementing IS-IS 29
�Customize Routes for IS-IS
Implementing IS-IS
Step 5 Step 6 Step 7
· If this value is configured too low, the router can lose too many CPU resources when the network is unstable. · Configuring the value too high delays changes in the network topology that result in lost packets. · The SPF interval does not apply to the running of the ISPF because that algorithm runs immediately on receiving a
changed LSP.
ispf [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-af)# ispf
(Optional) Configures incremental IS-IS ISPF to calculate network topology. Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
show isis [ instance instance-id ] [[ ipv4 | ipv6 | afi-all ] [ unicast | safi-all ]] spf-log [ level { 1 | 2 }] [ ispf | fspf | prc | nhc ] [ detail | verbose ] [ last number | first number ] Example:
RP/0/RP0/CPU0:router# show isis instance 1 spf-log ipv4
(Optional) Displays how often and why the router has run a full SPF calculation.
Customize Routes for IS-IS
This task explains how to perform route functions that include injecting default routes into your IS-IS routing domain and redistributing routes learned in another IS-IS instance. This task is optional.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. set-overload-bit [ on-startup { delay | wait-for-bgp }] [ level { 1 | 2 }] 4. address-family { ipv4 | ipv6 } [ unicast ] 5. default-information originate [ route-policy route-policy-name ] 6. redistribute isis instance [ level-1 | level-2 | level-1-2 ] [ metric metric ] [ metric-type { internal
| external }] [ policy policy-name ] 7. Do one of the following:
Implementing IS-IS 30
�Implementing IS-IS
Customize Routes for IS-IS
DETAILED STEPS
· summary-prefix address / prefix-length [ level { 1 | 2 }] · summary-prefix ipv6-prefix / prefix-length [ level { 1 | 2 }]
8. maximum-paths route-number 9. distance weight [ address / prefix-length [ route-list-name ]] 10. set-attached-bit 11. Use the commit or end command.
Step 1 Step 2 Step 3 Step 4 Step 5
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing process, and places the router in router configuration mode.
· By default, all IS-IS instances are automatically Level 1 and Level 2. You can change the level of routing to be performed by a particular routing instance by using the is-type command.
set-overload-bit [ on-startup { delay | wait-for-bgp }] [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis)# set-overload-bit
(Optional) Sets the overload bit.
Note
The configured overload bit behavior does not apply to NSF restarts because the NSF restart does not set
the overload bit during restart.
address-family { ipv4 | ipv6 } [ unicast ] Example:
RP/0/RP0/CPU0:router(config-isis)# address-family ipv4 unicast
Specifies the IPv4 or IPv6 address family, and enters router address family configuration mode. default-information originate [ route-policy route-policy-name ] Example:
RP/0/RP0/CPU0:router(config-isis-af)# default-information originate
(Optional) Injects a default IPv4 or IPv6 route into an IS-IS routing domain.
Implementing IS-IS 31
�Customize Routes for IS-IS
Implementing IS-IS
Step 6 Step 7
Step 8 Step 9
· The route-policy keyword and route-policy-name argument specify the conditions under which the IPv4 or IPv6 default route is advertised.
· If the route-policy keyword is omitted, then the IPv4 or IPv6 default route is unconditionally advertised at Level 2.
redistribute isis instance [ level-1 | level-2 | level-1-2 ] [ metric metric ] [ metric-type { internal | external }] [ policy policy-name ] Example:
RP/0/RP0/CPU0:router(config-isis-af)# redistribute isis 2 level-1
(Optional) Redistributes routes from one IS-IS instance into another instance. · In this example, an IS-IS instance redistributes Level 1 routes from another IS-IS instance.
Do one of the following: · summary-prefix address / prefix-length [ level { 1 | 2 }] · summary-prefix ipv6-prefix / prefix-length [ level { 1 | 2 }]
Example:
RP/0/RP0/CPU0:router(config-isis-af)# summary-prefix 10.1.0.0/16 level 1
or
RP/0/RP0/CPU0:router(config-isis-af)# summary-prefix 3003:xxxx::/24 level 1
(Optional) Allows a Level 1-2 router to summarize Level 1 IPv4 and IPv6 prefixes at Level 2, instead of advertising the Level 1 prefixes directly when the router advertises the summary.
· This example specifies an IPv4 address and mask.
or · This example specifies an IPv6 prefix, and the command must be in the form documented in RFC 2373 in which the address is specified in hexadecimal using 16-bit values between colons. · Note that IPv6 prefixes must be configured only in the IPv6 router address family configuration submode, and IPv4 prefixes in the IPv4 router address family configuration submode.
maximum-paths route-number Example:
RP/0/RP0/CPU0:router(config-isis-af)# maximum-paths 16
(Optional) Configures the maximum number of parallel paths allowed in a routing table. distance weight [ address / prefix-length [ route-list-name ]] Example:
RP/0/RP0/CPU0:router(config-isis-af)# distance 90
(Optional) Defines the administrative distance assigned to routes discovered by the IS-IS protocol.
Implementing IS-IS 32
�Implementing IS-IS
Customize Routes for IS-IS
Step 10 Step 11
· A different administrative distance may be applied for IPv4 and IPv6.
set-attached-bit Example:
RP/0/RP0/CPU0:router(config-isis-af)# set-attached-bit
(Optional) Configures an IS-IS instance with an attached bit in the Level 1 LSP. Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
Redistributing IS-IS Routes Between Multiple Instances: Example
The following example shows usage of the set- attached-bit and redistribute commands. Two instances, instance "1" restricted to Level 1 and instance "2" restricted to Level 2, are configured.
The Level 1 instance is propagating routes to the Level 2 instance using redistribution. Note that the administrative distance is explicitly configured higher on the Level 2 instance to ensure that Level 1 routes are preferred.
Attached bit is being set for the Level 1 instance since it is redistributing routes into the Level 2 instance. Therefore, instance "1" is a suitable candidate to get from the area to the backbone.
router isis 1 is-type level-2-only
net 49.0001.0001.0001.0001.00 address-family ipv4 unicast
distance 116 redistribute isis 2 level 2 ! interface HundredGigE 0/3/0/0 address-family ipv4 unicast ! ! router isis 2 is-type level-1 net 49.0002.0001.0001.0002.00 address-family ipv4 unicast set -attached-bit
! interface HundredGigE 0/1/0/0
address-family ipv4 unicast
Implementing IS-IS 33
�Set Priority for Adding Prefixes to RIB
Implementing IS-IS
Set Priority for Adding Prefixes to RIB
This optional task describes how to set the priority (order) for which specified prefixes are added to the RIB. The prefixes can be chosen using an access list (ACL), prefix list, or by matching a tag value.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } [ unicast ] 4. metric-style wide [ transition ] [ level { 1 | 2 }] 5. spf prefix-priority [ level { 1 | 2 }] { critical | high | medium } { access-list-name | tag tag } 6. Use the commit or end command.
DETAILED STEPS
Step 1 Step 2 Step 3 Step 4 Step 5
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing process, and places the router in router configuration mode. In this example, the IS-IS instance is called isp. address-family { ipv4 | ipv6 } [ unicast ] Example:
RP/0/RP0/CPU0:router(config-isis)# address-family ipv4 unicast
Specifies the IPv4 or IPv6 address family, and enters router address family configuration mode. metric-style wide [ transition ] [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-af)# metric-style wide level 1
Configures a router to generate and accept only wide-link metrics in the Level 1 area. spf prefix-priority [ level { 1 | 2 }] { critical | high | medium } { access-list-name | tag tag } Example:
RP/0/RP0/CPU0:router(config-isis-af)# spf prefix-priority high tag 3
Implementing IS-IS 34
�Implementing IS-IS
IS-IS Interfaces
Step 6
Installs all routes tagged with the value 3 first. Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
IS-IS Interfaces
IS-IS interfaces can be configured as one of the following types:
· Active--advertises connected prefixes and forms adjacencies. This is the default for interfaces.
· Passive--advertises connected prefixes but does not form adjacencies. The passive command is used to configure interfaces as passive. Passive interfaces should be used sparingly for important prefixes such as loopback addresses that need to be injected into the IS-IS domain. If many connected prefixes need to be advertised then the redistribution of connected routes with the appropriate policy should be used instead.
· Suppressed--does not advertise connected prefixes but forms adjacencies. The suppress command is used to configure interfaces as suppressed.
· Shutdown--does not advertise connected prefixes and does not form adjacencies. The shutdown command is used to disable interfaces without removing the IS-IS configuration.
Tag IS-IS Interface Routes
This optional task describes how to associate a tag with a connected route of an IS-IS interface.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } [ unicast ] 4. metric-style wide [ transition ] [ level { 1 | 2 }] 5. exit 6. interface type number 7. address-family { ipv4 | ipv6 } [ unicast ] 8. tag tag 9. Use the commit or end command. 10. show isis [ ipv4 | ipv6 | afi-all ] [ unicast | safi-all ] route [ detail ]
Implementing IS-IS 35
�Tag IS-IS Interface Routes
Implementing IS-IS
DETAILED STEPS
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing process, and places the router in router configuration mode. In this example, the IS-IS instance is called isp. address-family { ipv4 | ipv6 } [ unicast ] Example:
RP/0/RP0/CPU0:router(config-isis)# address-family ipv4 unicast
Specifies the IPv4 or IPv6 address family, and enters router address family configuration mode. metric-style wide [ transition ] [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-af)# metric-style wide level 1
Configures a router to generate and accept only wide link metrics in the Level 1 area. exit Example:
RP/0/RP0/CPU0:router(config-isis-af)# exit
Exits router address family configuration mode, and returns the router to router configuration mode. interface type number Example:
RP/0/RP0/CPU0:router(config-isis)# interface HundredGigE 0/1/0/3
Enters interface configuration mode. address-family { ipv4 | ipv6 } [ unicast ] Example:
RP/0/RP0/CPU0:router(config-isis-if)# address-family ipv4 unicast
Specifies the IPv4 or IPv6 address family, and enters address family configuration mode.
Implementing IS-IS 36
�Implementing IS-IS
Tag IS-IS Interface Routes
Step 8 Step 9 Step 10
tag tag Example:
RP/0/RP0/CPU0:router(config-isis-if-af)# tag 3
Sets the value of the tag to associate with the advertised connected route. Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
show isis [ ipv4 | ipv6 | afi-all ] [ unicast | safi-all ] route [ detail ] Example:
RP/0/RP0/CPU0:router(config-isis-if-af)# show isis ipv4 route detail
Displays tag information. Verify that all tags are present in the RIB.
Tagging Routes: Example
The following example shows how to tag routes.
route-policy isis-tag-55 end-policy ! route-policy isis-tag-555
if destination in (5.5.5.0/24 eq 24) then set tag 555 pass
else drop
endif end-policy ! router static
address-family ipv4 unicast 0.0.0.0/0 2.6.0.1 5.5.5.0/24 Null0
! ! router isis uut
net 00.0000.0000.12a5.00 address-family ipv4 unicast
metric-style wide redistribute static level-1 route-policy isis-tag-555 spf prefix-priority critical tag 13 spf prefix-priority high tag 444
Implementing IS-IS 37
�Nonstop Forwarding
Implementing IS-IS
spf prefix-priority medium tag 777
Nonstop Forwarding
On Cisco IOS XR software, IS-IS NSF minimizes the amount of time a network is unavailable to its users following the restart of the IS-IS process. When the IS-IS process restarts, all routing peers of that device usually detect that the device went down and then came back up. This transition results in what is called a routing flap, which could spread across multiple routing domains. Routing flaps caused by routing restarts create routing instabilities, which are detrimental to the overall network performance. NSF helps to suppress routing flaps, thus reducing network instability. NSF allows for the forwarding of data packets to continue along known routes while the routing protocol information is being restored following the process restarts. When the NSF feature is configured, peer networking devices do not experience routing flaps. To preserve routing across RP failover events, NSR must be configured in addition to NSF. When the Cisco IOS XR router running IS-IS routing performs the process restarts, the router must perform two tasks to resynchronize its link-state database with that of its IS-IS neighbors. First, it must relearn the available IS-IS neighbors on the network without causing a reset of the neighbor relationship. Second, it must reacquire the contents of the link-state database for the network. The IS-IS NSF feature offers two options when configuring NSF:
· IETF NSF
· Cisco NSF
If neighbor routers on a network segment are NSF-aware, meaning that they are running a software version that supports RFC5306, they assist a router configured with nsf ietf command that is restarting. IETF NSF enables the neighbor routers provide adjacency and link-state information to help rebuild the routing information following a failover. In Cisco IOS XR software, Cisco NSF checkpoints (stores persistently) all the state necessary to recover from a restart without requiring any special cooperation from neighboring routers. The state is recovered from the neighboring routers, but only using the standard features of the IS-IS routing protocol. This capability makes Cisco NSF suitable for use in networks in which other routers have not used the IETF standard implementation of NSF.
Note If you configure IETF NSF on the Cisco IOS XR router and a neighbor router does not support IETF NSF, the affected adjacencies flap, but nonstop forwarding is maintained to all neighbors that do support IETF NSF. A restart reverts to a cold start if no neighbors support IETF NSF.
Configure Nonstop Forwarding for IS-IS
This task explains how to configure your router with NSF that allows the software to resynchronize the IS-IS link-state database with its IS-IS neighbors after a process restart. The process restart could be due to an:
· RP failover (for a warm restart)
Implementing IS-IS 38
�Implementing IS-IS
Configure Nonstop Forwarding for IS-IS
· Simple process restart (due to an IS-IS reload or other administrative request to restart the process) · IS-IS software upgrade In all cases, NSF mitigates link flaps and loss of user sessions. This task is optional.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. nsf { cisco | ietf } 4. nsf interface-expires number 5. nsf interface-timer seconds 6. nsf lifetime seconds 7. Use the commit or end command. 8. show running-config [ command ]
DETAILED STEPS
Step 1 Step 2 Step 3
Step 4
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. · You can change the level of routing to be performed by a particular routing instance by using the is-type router configuration command.
nsf { cisco | ietf } Example:
RP/0/RP0/CPU0:router(config-isis)# nsf ietf
Enables NSF on the next restart. · Enter the cisco keyword to run IS-IS in heterogeneous networks that might not have adjacent NSF-aware networking devices. · Enter the ietf keyword to enable IS-IS in homogeneous networks where all adjacent networking devices support IETF draft-based restartability.
nsf interface-expires number
Implementing IS-IS 39
�Configure Nonstop Forwarding for IS-IS
Implementing IS-IS
Step 5 Step 6
Step 7 Step 8
Example:
RP/0/RP0/CPU0:router(config-isis)# nsf interface-expires 1
Configures the number of resends of an acknowledged NSF-restart acknowledgment. · If the resend limit is reached during the NSF restart, the restart falls back to a cold restart.
nsf interface-timer seconds Example:
RP/0/RP0/CPU0:router(config-isis) nsf interface-timer 15
Configures the number of seconds to wait for each restart acknowledgment. nsf lifetime seconds Example:
RP/0/RP0/CPU0:router(config-isis)# nsf lifetime 20
Configures the maximum route lifetime following an NSF restart. · This command should be configured to the length of time required to perform a full NSF restart because it is the amount of time that the Routing Information Base (RIB) retains the routes during the restart. · Setting this value too high results in stale routes. · Setting this value too low could result in routes purged too soon.
Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
show running-config [ command ] Example:
RP/0/RP0/CPU0:router# show running-config router isis isp
(Optional) Displays the entire contents of the currently running configuration file or a subset of that file. · Verify that "nsf" appears in the IS-IS configuration of the NSF-aware device. · This example shows the contents of the configuration file for the "isp" instance only.
Implementing IS-IS 40
�Implementing IS-IS
ISIS NSR
ISIS NSR
Non Stop Routing (NSR) suppresses IS-IS routing changes for devices with redundant route processors during processor switchover events (RP failover or ISSU), reducing network instability and downtime. When Non Stop Routing is used, switching from the active to standby RP have no impact on the other IS-IS routers in the network. All information needed to continue the routing protocol peering state is transferred to the standby processor prior to the switchover, so it can continue immediately upon a switchover. To preserve routing across process restarts, NSF must be configured in addition to NSR.
Configuring ISIS-NSR
Step 1 Step 2 Step 3 Step 4
Step 5
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis 1
Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. nsr Example:
RP/0/RP0/CPU0:router(config-isis)# nsr
Configures the NSR feature. Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
show isis nsr adjacency Example:
RP/0/RP0/CPU0:router# show isis nsr adjacency
System Id Interface SNPA State Hold Changed NSF IPv4 BFD IPv6 BFD
R1-v1S Nii0
*PtoP* Up 83 00:00:33 Yes None None
Implementing IS-IS 41
�Configuring IS-IS Adjacency Stagger
Implementing IS-IS
Step 6
Displays adjacency information. show isis nsr status Example:
Step 7
RP/0/RP0/CPU0:route
router#show isis nsr status
IS-IS test NSR(v1a) STATUS (HA Ready):
V1 Standby V2 Active V2 Standby
SYNC STATUS:
TRUE
FALSE(0) FALSE(0)
PEER CHG COUNT:
1
0
0
UP TIME:
00:03:12
not up not up
Displays the NSR status information.
show isis nsr statistics Example:
RP/0/RP0/CPU0:router
router#show isis nsr statistics
IS-IS test NSR(v1a) MANDATORY STATS :
V1 Active
Standby
L1 ADJ:
0
0
L2 ADJ:
2
0
LIVE INTERFACE:
4
0
PTP INTERFACE:
1
0
LAN INTERFACE:
2
0
LOOPBACK INTERFACE:
1
0
TE Tunnel:
1
0
TE LINK:
2
0
NSR OPTIONAL STATS :
L1 LSP:
0
0
L2 LSP:
4
0
IPV4 ROUTES:
3
0
IPV6 ROUTES:
4
0
V1 Standby
V2 Active
V2
0
0
2
0
4
0
1
0
2
0
1
0
1
0
2
0
0
0
4
0
3
0
4
0
Shows number of ISIS adjacencies, lsps, routes, tunnels, Te links on active and standby routers.
Configuring IS-IS Adjacency Stagger
Certain events like process restart or reload can involve a significant processing overhead. Updating routing tables with all adjacencies, maintaining them, and synchronizing the database with each adjacent router requires a lot of bandwidth. These processes may require large number of packets being sent and/or received, depending
Implementing IS-IS 42
�Implementing IS-IS
Multiprotocol Label Switching Traffic Engineering
on the state of the database on the routers. If packets are dropped in any direction, it can lead to an unstable state. We cannot prevent events like process restart or reload, but we can handle such events better by limiting the number of adjacencies that area being established simultaneously. To limit the number of adjacencies from getting established simultaneously, you can configure adjacency stagger. By configuring IS-IS adjacency stagger, you can specify the initial number neighbourhood routers from which adjacencies can fully form after a process restart or reload. If you configure IS-IS adjacency stagger, you can also specify the subsequent number of simultaneous neighbors that are allowed to form adjacency.
Restrictions · IS-IS adjacency stagger is only supported on point-to-point interfaces and not on LAN interfaces. · IS-IS adjacency stagger is not supported with NSF (non-stop forwarding) mechanisms.
Configuration Example To configure IS-IS adjacency stagger on a point-to-point interface, you must use the following configuration steps: 1. Configure IS-IS. 2. Configure adjacency stagger.
Configuration
/* Enter the global configuration mode and configure IS-IS */ Router# config Router(config)# router isis 1
/* Configure IS-IS adjacency stagger */ Router(config-isis)# adjacency stagger 2 3 Router(config-isis)# commit
Multiprotocol Label Switching Traffic Engineering
The MPLS TE feature enables an MPLS backbone to replicate and expand the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer 3 technologies. For IS-IS, MPLS TE automatically establishes and maintains MPLS TE label-switched paths across the backbone by using Resource Reservation Protocol (RSVP). The route that a label-switched path uses is determined by the label-switched paths resource requirements and network resources, such as bandwidth. Available resources are flooded by using special IS-IS TLV extensions in the IS-IS. The label-switched paths are explicit routes and are referred to as traffic engineering (TE) tunnels.
Configure MPLS Traffic Engineering for IS-IS
This task explains how to configure IS-IS for MPLS TE. This task is optional.
Before you begin Your network must support the MPLS software feature before you enable MPLS TE for IS-IS on your router.
Implementing IS-IS 43
�Configure MPLS Traffic Engineering for IS-IS
Implementing IS-IS
Note You must enter the commands in the following task list on every IS-IS router in the traffic-engineered portion of your network.
Note MPLS traffic engineering currently does not support routing and signaling of LSPs over unnumbered IP links. Therefore, do not configure the feature over those links.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } [ unicast ] 4. mpls traffic-eng level { 1 | 2 } 5. mpls traffic-eng router-id { ip-address | interface-name interface-instance } 6. metric-style wide [ level { 1 | 2 }] 7. Use the commit or end command. 8. show isis [ instance instance-id ] mpls traffic-eng tunnel 9. show isis [ instance instance-id ] mpls traffic-eng adjacency-log 10. show isis [ instance instance-id ] mpls traffic-eng advertisements
DETAILED STEPS
Step 1 Step 2 Step 3
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. · You can change the level of routing to be performed by a particular routing instance by using the is-type router configuration command.
address-family { ipv4 | ipv6 } [ unicast ] Example:
RP/0/RP0/CPU0:router(config-isis)#address-family ipv4 unicast
Specifies the IPv4 or IPv6 address family, and enters router address family configuration mode.
Implementing IS-IS 44
�Implementing IS-IS
Configure MPLS Traffic Engineering for IS-IS
Step 4 Step 5 Step 6 Step 7
Step 8 Step 9 Step 10
mpls traffic-eng level { 1 | 2 } Example:
RP/0/RP0/CPU0:router(config-isis-af)# mpls traffic-eng level 1
Configures a router running IS-IS to flood MPLS TE link information into the indicated IS-IS level. mpls traffic-eng router-id { ip-address | interface-name interface-instance } Example:
RP/0/RP0/CPU0:router(config-isis-af)# mpls traffic-eng router-id loopback0
Specifies that the MPLS TE router identifier for the node is the given IP address or an IP address associated with the given interface. metric-style wide [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-af)# metric-style wide level 1
Configures a router to generate and accept only wide link metrics in the Level 1 area. Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
show isis [ instance instance-id ] mpls traffic-eng tunnel Example:
RP/0/RP0/CPU0:router# show isis instance isp mpls traffic-eng tunnel
(Optional) Displays MPLS TE tunnel information. show isis [ instance instance-id ] mpls traffic-eng adjacency-log Example:
RP/0/RP0/CPU0:router# show isis instance isp mpls traffic-eng adjacency-log
(Optional) Displays a log of MPLS TE IS-IS adjacency changes. show isis [ instance instance-id ] mpls traffic-eng advertisements Example:
RP/0/RP0/CPU0:router# show isis instance isp mpls traffic-eng advertisements
Implementing IS-IS 45
�MPLS TE Forwarding Adjacency
Implementing IS-IS
(Optional) Displays the latest flooded record from MPLS TE.
MPLS TE Forwarding Adjacency
MPLS TE forwarding adjacency allows a network administrator to handle a traffic engineering, label switch path (LSP) tunnel as a link in an Interior Gateway Protocol (IGP) network, based on the Shortest Path First (SPF) algorithm. A forwarding adjacency can be created between routers in the same IS-IS level. The routers can be located multiple hops from each other. As a result, a TE tunnel is advertised as a link in an IGP network, with the cost of the link associated with it. Routers outside of the TE domain see the TE tunnel and use it to compute the shortest path for routing traffic throughout the network.
MPLS TE forwarding adjacency is considered in IS-IS SPF only if a two-way connectivity check is achieved. This is possible if the forwarding adjacency is bidirectional or the head end and tail end routers of the MPLS TE tunnel are adjacent.
The MPLS TE forwarding adjacency feature is supported by IS-IS. For details on configuring MPLS TE forwarding adjacency, see the MPLS Configuration Guide.
Tune Adjacencies for IS-IS
This task explains how to enable logging of adjacency state changes, alter the timers for IS-IS adjacency packets, and display various aspects of adjacency state. Tuning your IS-IS adjacencies increases network stability when links are congested. This task is optional.
For point-to-point links, IS-IS sends only a single hello for Level 1 and Level 2, which means that the level modifiers are meaningless on point-to-point links. To modify hello parameters for a point-to-point interface, omit the specification of the level options.
The options configurable in the interface submode apply only to that interface. By default, the values are applied to both Level 1 and Level 2.
The hello-password command can be used to prevent adjacency formation with unauthorized or undesired routers. This ability is particularly useful on a LAN, where connections to routers with which you have no desire to establish adjacencies are commonly found.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. log adjacency changes 4. interface type interface-path-id 5. hello-padding { disable | sometimes } [ level { 1 | 2 }] 6. hello-interval seconds [ level { 1 | 2 }] 7. hello-multiplier multiplier [ level { 1 | 2 }] 8. h ello-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only
] 9. Use the commit or end command. 10. show isis [ instance instance-id ] adjacency t ype interface- path-id ] [ detail ] [ systemid
system-id ] 11. show isis adjacency-log
Implementing IS-IS 46
�Implementing IS-IS
Tune Adjacencies for IS-IS
DETAILED STEPS
12. show isis [ instance instance-id ] interface [ type interface-path-id ] [ brief | detail ] [ level { 1 | 2 }]
13. show isis [ instance instance-id ] neighbors [ interface-type interface-instance ] [ summary ] [ detail ] [ systemid system-id ]
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode. · You can change the level of routing to be performed by a particular routing instance by using the is-type command.
log adjacency changes Example:
RP/0/RP0/CPU0:router(config-isis)# log adjacency changes
Generates a log message when an IS-IS adjacency changes state (up or down). interface type interface-path-id Example:
RP/0/RP0/CPU0:router(config-isis)# interface HundredGigE 0/1/0/3
Enters interface configuration mode. hello-padding { disable | sometimes } [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-if)# hello-padding sometimes
Configures padding on IS-IS hello PDUs for an IS-IS interface on the router. · Hello padding applies to only this interface and not to all interfaces.
hello-interval seconds [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-if)#hello-interval 6
Implementing IS-IS 47
�Tune Adjacencies for IS-IS
Implementing IS-IS
Step 7
Step 8 Step 9 Step 10 Step 11 Step 12
Specifies the length of time between hello packets that the software sends. hello-multiplier multiplier [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-if)# hello-multiplier 10
Specifies the number of IS-IS hello packets a neighbor must miss before the router should declare the adjacency as down.
· A higher value increases the networks tolerance for dropped packets, but also may increase the amount of time required to detect the failure of an adjacent router.
· Conversely, not detecting the failure of an adjacent router can result in greater packet loss.
h ello-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only ] Example:
RP/0/RP0/CPU0:router(config-isis-if)# hello-password text clear mypassword
Specifies that this system include authentication in the hello packets and requires successful authentication of the hello packet from the neighbor to establish an adjacency. Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
show isis [ instance instance-id ] adjacency t ype interface- path-id ] [ detail ] [ systemid system-id ] Example:
RP/0/RP0/CPU0:router# show isis instance isp adjacency
(Optional) Displays IS-IS adjacencies. show isis adjacency-log Example:
RP/0/RP0/CPU0:router# show isis adjacency-log
(Optional) Displays a log of the most recent adjacency state transitions. show isis [ instance instance-id ] interface [ type interface-path-id ] [ brief | detail ] [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router# show isis interface HundredGigE 0/1/0/1 brief
(Optional) Displays information about the IS-IS interface.
Implementing IS-IS 48
�Implementing IS-IS
MPLS Label Distribution Protocol IGP Synchronization
Step 13
show isis [ instance instance-id ] neighbors [ interface-type interface-instance ] [ summary ] [ detail ] [ systemid system-id ] Example:
RP/0/RP0/CPU0:router# show isis neighbors summary
(Optional) Displays information about IS-IS neighbors.
MPLS Label Distribution Protocol IGP Synchronization
Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) Interior Gateway Protocol (IGP) Synchronization ensures that LDP has completed label exchange before the IGP path is used for switching. MPLS traffic loss can occur in the following two situations:
· When an IGP adjacency is established, the router begins forwarding packets using the new adjacency before LDP has exchanged labels with peers on that link.
· When an LDP session closes, the router continues to forward traffic using the link associated with the LDP peer rather than using an alternate path with an established LDP session.
This feature provides a mechanism to synchronize LDP and IS-IS to minimize MPLS packet loss. The synchronization is accomplished by changing the link metric for a neighbor IS-IS link-state packet (LSP), based on the state of the LDP session.
When an IS-IS adjacency is established on a link but the LDP session is lost or LDP has not yet completed exchanging labels, IS-IS advertises the maximum metric on that link. In this instance, LDP IS-IS synchronization is not yet achieved.
Note In IS-IS, a link with a maximum wide metric (0xFFFFFF) is not considered for shortest path first (SPF). Therefore, the maximum wide metric of -1 (0XFFFFFE) is used with MPLS LDP IGP synchronization.
When LDP IS-IS synchronization is achieved, IS-IS advertises a regular (configured or default) metric on that link.
Configuring MPLS LDP IS-IS Synchronization
This task explains how to enable Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) IS-IS synchronization. MPLS LDP synchronization can be enabled for an address family under interface configuration mode. Only IPv4 unicast address family is supported. This task is optional.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. interface type interface-path-id 4. address-family ipv4 unicast 5. mpls ldp sync [ level { 1 | 2 }] 6. Use the commit or end command.
Implementing IS-IS 49
�Configuring MPLS LDP IS-IS Synchronization
Implementing IS-IS
DETAILED STEPS
Step 1 Step 2
Step 3 Step 4 Step 5 Step 6
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing process, and places the router in router configuration mode. · By default, all IS-IS instances are automatically Level 1 and Level 2. You can change the level of routing to be performed by a particular routing instance by using the is-type command.
interface type interface-path-id Example:
RP/0/RP0/CPU0:router(config-isis)# interface HundredGigE 0/1/0/3
Enters interface configuration mode. address-family ipv4 unicast Example:
RP/0/RP0/CPU0:router(config-isis-if)# address-family ipv4 unicast
Specifies the IPv4 address family and enters router address family configuration mode. mpls ldp sync [ level { 1 | 2 }] Example:
RP/0/RP0/CPU0:router(config-isis-if-af)# mpls ldp sync level 1
Enables MPLS LDP synchronization for the IPv4 address family under interface HundredGigE 0/1/0/3. Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
Implementing IS-IS 50
�Implementing IS-IS
Disable IID-TLV of IS-IS Protocol Instance
Disable IID-TLV of IS-IS Protocol Instance
Table 3: Feature History Table
Feature Name Release Information
Disable IID-TLV Release 7.10.1 of IS-IS Protocol Instance
Feature Description
You can now disable Instance Identifier Type-Length-Value (IID-TLV) in the Hello and LSP packets when multiple IS-IS protocol instances are configured on the router.
Each IS-IS instance has a unique instance-ID set, the TLV of which is sent in the Hello and LSP packets. The IID-TLV attribute helps in uniquely identifying the IS-IS protocol instance as well as the topologies to which the Protocol Data Units (PDUs) apply.
The feature introduces these changes:
CLI
New Command:
· iid disable
Modified Commands:
· The hello-padding command is extended to IS-IS process configuration mode
· The disable (IS-IS) command is modified with a new level keyword, and also extended to interface configuration mode.
YANG Data Model · New XPaths for openconfig-isis.yang (see GitHub, YANG Data Models Navigator)
Overload Bit on Router
The overload bit is a special bit of state information that is included in an LSP of the router. If the bit is set on the router, it notifies routers in the area that the router is not available for transit traffic. This capability is useful in four situations:
1. During a serious but nonfatal error, such as limited memory.
2. During the startup and restart of the process. The overload bit can be set until the routing protocol has converged. However, it is not employed during a normal NSF restart or failover because doing so causes a routing flap.
3. During a trial deployment of a new router. The overload bit can be set until deployment is verified, then cleared.
Implementing IS-IS 51
�Overload Bit Configuration During Multitopology Operation
Implementing IS-IS
4. During the shutdown of a router. The overload bit can be set to remove the router from the topology before the router is removed from service.
Overload Bit Configuration During Multitopology Operation
Because the overload bit applies to forwarding for a single topology, it may be configured and cleared independently for IPv4 and IPv6 during multitopology operation. For this reason, the overload is set from the router address family configuration mode. If the IPv4 overload bit is set, all routers in the area do not use the router for IPv4 transit traffic. However, they can still use the router for IPv6 transit traffic.
IS-IS Overload Bit Avoidance
The IS-IS overload bit avoidance feature allows network administrators to prevent label switched paths (LSPs) from being disabled when a router in that path has its Intermediate System-to-Intermediate System (IS-IS) overload bit set. When the IS-IS overload bit avoidance feature is activated, all nodes with the overload bit set, including head nodes, mid nodes, and tail nodes, are ignored, which means that they are still available for use with label switched paths (LSPs).
Note The IS-IS overload bit avoidance feature does not change the default behavior on nodes that have their overload bit set if those nodes are not included in the path calculation (PCALC).
The IS-IS overload bit avoidance feature is activated using the following command: mpls traffic-eng path-selection ignore overload The IS-IS overload bit avoidance feature is deactivated using the no form of this command: no mpls traffic-eng path-selection ignore overload When the IS-IS overload bit avoidance feature is deactivated, nodes with the overload bit set cannot be used as nodes of last resort.
Configure IS-IS Overload Bit Avoidance
This task describes how to activate IS-IS overload bit avoidance.
Before you begin The IS-IS overload bit avoidance feature is valid only on networks that support the following features:
· MPLS · IS-IS
SUMMARY STEPS
1. configure
Implementing IS-IS 52
�Implementing IS-IS
Default Routes
DETAILED STEPS
2. mpls traffic-eng path-selection ignore overload
Step 1 Step 2
configure Example:
RP/0/# configure
Enters mode. mpls traffic-eng path-selection ignore overload Example:
RP/0/RP0/CPU0:router(config)# mpls traffic-eng path-selection ignore overload
Activates IS-IS overload bit avoidance.
Configuring IS-IS Overload Bit Avoidance: Example The following example shows how to activate IS-IS overload bit avoidance:
config mpls traffic-eng path-selection ignore overload
The following example shows how to deactivate IS-IS overload bit avoidance:
config no mpls traffic-eng path-selection ignore overload
Default Routes
You can force a default route into an IS-IS routing domain. Whenever you specifically configure redistribution of routes into an IS-IS routing domain, the software does not, by default, redistribute the default route into the IS-IS routing domain. The default-information originate command generates a default route into IS-IS, which can be controlled by a route policy. You can use the route policy to identify the level into which the default route is to be announced, and you can specify other filtering options configurable under a route policy. You can use a route policy to conditionally advertise the default route, depending on the existence of another route in the routing table of the router.
Attached Bit on an IS-IS Instance
The attached bit is set in a router that is configured with the is-type command and level-1-2 keyword. The attached bit indicates that the router is connected to other areas (typically through the backbone). This functionality means that the router can be used by Level 1 routers in the area as the default route to the
Implementing IS-IS 53
�IS-IS Support for Route Tags
Implementing IS-IS
backbone. The attached bit is usually set automatically as the router discovers other areas while computing its Level 2 SPF route. The bit is automatically cleared when the router becomes detached from the backbone.
Note If the connectivity for the Level 2 instance is lost, the attached bit in the Level 1 instance LSP would continue sending traffic to the Level 2 instance and cause the traffic to be dropped.
To simulate this behavior when using multiple processes to represent the level-1-2 keyword functionality, you would manually configure the attached bit on the Level 1 process.
IS-IS Support for Route Tags
The IS-IS Support for route tags feature provides the capability to associate and advertise a tag with an IS-IS route prefix. Additionally, the feature allows you to prioritize the order of installation of route prefixes in the RIB based on a tag of a route. Route tags may also be used in route policy to match route prefixes (for example, to select certain route prefixes for redistribution).
Multicast-Intact Feature
The multicast-intact feature provides the ability to run multicast routing (PIM) when IGP shortcuts are configured and active on the router. Both OSPFv2 and IS-IS support the multicast-intact feature. MPLS TE and IP multicast coexistence is supported in Cisco IOS XR software by using the mpls traffic-eng multicast-intact IS-IS or OSPF router command. You can enable multicast-intact in the IGP when multicast routing protocols (PIM) are configured and IGP shortcuts are configured on the router. IGP shortcuts are MPLS tunnels that are exposed to IGP. The IGPs route the IP traffic over these tunnels to destinations that are downstream from the egress router of the tunnel (from an SPF perspective). PIM cannot use IGP shortcuts for propagating PIM joins because reverse path forwarding (RPF) cannot work across a unidirectional tunnel. When you enable multicast-intact on an IGP, the IGP publishes a parallel or alternate set of equal-cost next-hops for use by PIM. These next-hops are called mcast-intact next-hops. The mcast-intact next-hops have the following attributes:
· They are guaranteed not to contain any IGP shortcuts.
· They are not used for unicast routing but are used only by PIM to look up an IPv4 next-hop to a PIM source.
· They are not published to the FIB.
· When multicast-intact is enabled on an IGP, all IPv4 destinations that were learned through link-state advertisements are published with a set equal-cost mcast-intact next-hops to the RIB. This attribute applies even when the native next-hops have no IGP shortcuts.
· In IS-IS, the max-paths limit is applied by counting both the native and mcast-intact next-hops together. (In OSPFv2, the behavior is slightly different.)
Implementing IS-IS 54
�Implementing IS-IS
Multicast Topology Support Using IS-IS
Multicast Topology Support Using IS-IS
Multicast topology support allows for the configuration of IS-IS multicast topologies for IPv4 or IPv6 routing. IS-IS maintains a separate topology for multicast and runs a separate Shortest Path First (SPF) over the multicast topology. IS-IS multicast inserts routes from the IS-IS multicast topology into the multicast-unicast Routing Information Base (muRIB) table in the RIB for the corresponding address family. Since PIM uses the muRIB, PIM uses routes from the multicast topology instead of routes from the unicast topology.
MPLS TE Interarea Tunnels
MPLS TE interarea tunnels allow you to establish MPLS TE tunnels that span multiple IGP areas (Open Shorted Path First [OSPF]) and levels (IS-IS), removing the restriction that required that both the tunnel headend and tailend routers be in the same area. The IGP can be either IS-IS or OSPF.
For details on configuring MPLS TE interarea tunnels, see the MPLS Configuration Guide.
IP Fast Reroute
The IP Fast Reroute (IPFRR) loop-free alternate (LFA) computation provides protection against link failure. Locally computed repair paths are used to prevent packet loss caused by loops that occur during network reconvergence after a failure. See IETF draft-ietf-rtgwg-ipfrr-framework-06.txt and draft-ietf-rtgwg-lf-conv-frmwk-00.txt for detailed information on IPFRR LFA.
IPFRR LFA is different from Multiprotocol Label Switching (MPLS) as it is applicable to networks using conventional IP routing and forwarding. See for information on configuring MPLS IPFRR.
Unequal Cost Multipath Load-balancing for IS-IS
The unequal cost multipath (UCMP) load-balancing adds the capability with intermediate system-to-intermediate system (IS-IS) to load-balance traffic proportionally across multiple paths, with different cost.
Generally, higher bandwidth links have lower IGP metrics configured, so that they form the shortest IGP paths. With the UCMP load-balancing enabled, IGP can use even lower bandwidth links or higher cost links for traffic, and can install these paths to the forwarding information base (FIB). IS-IS IGP still installs multiple paths to the same destination in FIB, but each path will have a 'load metric/weight' associated with it. FIB uses this load metric/weight to decide the amount of traffic that needs to be sent on a higher bandwidth path and the amount of traffic that needs to be sent on a lower bandwidth path.
The UCMP computation is provided under IS-IS per address family, enabling UCMP computation for a particular address family. The UCMP configuration is also provided with a prefix-list option, which would limit the UCMP computation only for the prefixes present in the prefix-list. If prefix-list option is not provided, UCMP computation is done for the reachable prefixes in IS-IS. The number of UCMP nexthops to be considered and installed is controlled using the variance configuration. Variance value identifies the range for the UCMP path metric to be considered for installation into routing information base (RIB) and is defined in terms of a percentage of the primary path metric. Total number of paths, including ECMP and UCMP paths together is limited by the max-path configuration or by the max-path capability of the platform.
Implementing IS-IS 55
�Configuring Multitopology Routing
Implementing IS-IS
Enabling the UCMP configuration indicates that IS-IS should perform UCMP computation for the all the reachable ISIS prefixes or all the prefixes in the prefix-list, if the prefix-list option is used. The UCMP computation happens only after the primary SPF and route calculation is completed. There would be a delay of ISIS_UCMP_INITIAL_DELAY (default delay is 100 ms) milliseconds from the time route calculation is completed and UCMP computation is started. UCMP computation will be done before fast re-route computation. Fast re-route backup paths will be calculated for both the primary equal cost multipath ( ECMP) paths and the UCMP paths. Use the ucmp delay-interval command to configure the delay between primary SPF completion and start of UCMP computation. UCMP ratio can be adjusted by any of the following ways:
· By using the bandwidth command in interface configuration mode . · By adjusting ISIS metric on the links.
There is an option to exclude an interface from being used for UCMP computation. If it is desired that a particular interface should not be considered as a UCMP nexthop, for any prefix, then use the ucmp exclude interface command to configure the interface to be excluded from UCMP computation.
Configuring Multitopology Routing
This set of procedures configures multitopology routing, which is used by PIM for reverse-path forwarding (RPF) path selection.
Restrictions for Configuring Multitopology Routing
· Only protocol-independent multicast (PIM) and intermediate system-intermediate system (IS-IS) routing protocols are currently supported.
· Topology selection is restricted solely to (S, G) route sources for both SM and SSM. Static and IS-IS are the only interior gateway protocols (IGPs) that support multitopology deployment. For non-(S, G) route sources like a rendezvous point or bootstrap router (BSR), or when a route policy is not configured, the current policy default remains in effect. In other words, either a unicast-default or multicast-default table is selected for all sources, based on OSFP/IS-IS/Multiprotocol Border Gateway Protocol (MBGP) configuration.
Information About Multitopology Routing
Configuring multitopology networks requires the following tasks:
Configuring a Global Topology and Associating It with an Interface
Follow these steps to enable a global topology in the default VRF and to enable its use with a specific interface.
Implementing IS-IS 56
�Implementing IS-IS
Configuring a Global Topology and Associating It with an Interface
SUMMARY STEPS
1. configure 2. address-family { ipv4 | ipv6 } multicast topology topo-name 3. maximum prefix limit 4. interface type interface-path-id 5. address-family { ipv4 | ipv6 } multicast topology topo-name 6. Repeat Step 4 and Step 5 until you have specified all the interface instances you want to associate with
your topologies. 7. Use the commit or end command.
DETAILED STEPS
Step 1
Command or Action configure Example:
Purpose Enters mode.
Step 2
RP/0/# configure
address-family { ipv4 | ipv6 } multicast topology topo-name Example:
Configures a topology in the default VRF table that will be associated with a an interface.
Step 3
Router(config)# address-family ipv4 multicast topology green
maximum prefix limit Example:
(Optional) Limits the number of prefixes allowed in a topology routing table. Range is 32 to 2000000.
Step 4 Step 5
Router(config-af)# maximum prefix 100
interface type interface-path-id Example:
Router(config-af)# interface GigabitEthernet 0/3/0/0
address-family { ipv4 | ipv6 } multicast topology topo-name Example:
Specifies the interface to be associated with the previously specified VRF table that will add the connected and local routes to the appropriate routing table.
Enables the topology for the interface specified in Step 4, adding the connected and local routes to the appropriate routing table.
Step 6
Router(config-if)# address-family ipv4 multicast topology green
Repeat Step 4 and Step 5 until you have specified all the -- interface instances you want to associate with your topologies.
Example:
Implementing IS-IS 57
�Enabling an IS-IS Topology
Implementing IS-IS
Step 7
Command or Action
Purpose
Router(config-if-af)# interface gigabitethernet 0/3/2/0 Router(config-if)# address-family ipv4 multicast topology purple Router(config-if-af)#
Use the commit or end command.
commit --Saves the configuration changes and remains within the configuration session.
end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session.
· No --Exits the configuration session without committing the configuration changes.
· Cancel --Remains in the configuration session, without committing the configuration changes.
Enabling an IS-IS Topology
To enable a topology in IS-IS, you must associate an IS-IS topology ID with the named topology. IS-IS uses the topology ID to differentiate topologies in the domain.
Note This command must be configured prior to other topology commands.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } multicast topology topo-name 4. topology-id multitoplogy-id 5. Use the commit or end command.
DETAILED STEPS
Step 1
Command or Action configure Example:
Purpose Enters mode.
Step 2
RP/0/# configure
router isis instance-id Example:
Enters IS-IS configuration submode.
Implementing IS-IS 58
�Implementing IS-IS
Placing an Interface in a Topology in IS-IS
Step 3
Step 4 Step 5
Command or Action
Purpose
RP/0/(config)# router isis purple
address-family { ipv4 | ipv6 } multicast topology topo-name Example:
Associates an IS-IS topology ID with the named topology.
RP/0/(config-isis)# address-family ipv4 multicast topology green
topology-id multitoplogy-id Example:
RP/0/(config-isis-af)# toplogy-id 122
Configures the numeric multitopologyID in IS-IS that identifies the topology. Range is 6 to 4095.
Use the commit or end command.
commit --Saves the configuration changes and remains within the configuration session.
end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session.
· No --Exits the configuration session without committing the configuration changes.
· Cancel --Remains in the configuration session, without committing the configuration changes.
Placing an Interface in a Topology in IS-IS
To associate an interface with a topology in IS-IS, follow these steps.
Step 1 Step 2 Step 3
configure Example:
RP/0/# configure
Enters mode. router isis instance-id Example:
Routing(config)# router isis purple
Enters IS-IS configuration submode. net network-entity-title Example:
Implementing IS-IS 59
�Configuring a Routing Policy
Implementing IS-IS
Step 4 Step 5
Step 6 Step 7
Routing(config-isis)# net netname
Creates a network entity title for the configured isis interface. interface type interface-path-id Example:
Routing(config-isis)# interface gigabitethernet 0/3/0/0
Enters isis interface configuration submode and creates an interface instance. address-family { ipv4 | ipv6 } multicast topology topo-name Example:
Routing(config-isis-if)# address-family ipv4 multicast topology green
· Enters isis address-family interface configuration submode. · Places the interface instance into a topology.
Repeat Step 4 and Step 5 until you have specified all the interface instances and associated topologies you want to configure in your network. -- Use the commit or end command. commit --Saves the configuration changes and remains within the configuration session. end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session. · No --Exits the configuration session without committing the configuration changes. · Cancel --Remains in the configuration session, without committing the configuration changes.
Configuring a Routing Policy
For more information about creating a routing policy and about the set rpf-topology command, see .
SUMMARY STEPS
1. configure 2. route-policy policy-name 3. end-policy 4. Use the commit or end command.
Implementing IS-IS 60
�Implementing IS-IS
Configuring Multitopology for IS-IS
DETAILED STEPS
Step 1
Command or Action configure Example:
Purpose Enters mode.
Step 2
RP/0/# configure
route-policy policy-name
Example:
RP/0/(config)# route-policy mt1 RP/0/(config-rpl)# if destination in 225.0.0.1, 225.0.0.11 then RP/0/(config-rpl-if)# if source in (10.10.10.10) then
RP/0/(config-rpl-if-2)# set rpf-topology ipv4 multicast topology greentable
RP/0/(config-rpl-if-2)# else RP/0/(config-rpl-if-else-2)# set rpf-topology ipv4 multicast topology bluetable RP/0/(config-rpl-if-else-2)# endif RP/0/(config-rpl-if)# endif
Defines a routing policy and enters routing policy configuration submode.
For detailed information about the use of the set-rpf-topology and other routing configuration commands, see .
Step 3
end-policy Example:
RP/0/(config-rpl)# end-policy RP/0/(config)#
Signifies the end of route policy definition and exits routing policy configuration submode.
Step 4 Use the commit or end command.
commit --Saves the configuration changes and remains within the configuration session.
end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session.
· No --Exits the configuration session without committing the configuration changes.
· Cancel --Remains in the configuration session, without committing the configuration changes.
Configuring Multitopology for IS-IS
Multitopology is configured in the same way as the single topology. However, the single - topology command is omitted, invoking the default multitopology behavior. This task is optional.
Implementing IS-IS 61
�Enabling Multicast-Intact
Implementing IS-IS
Enabling Multicast-Intact
This optional task describes how to enable multicast-intact for IS-IS routes that use IPv4 and IPv6 addresses.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. address-family { ipv4 | ipv6 } [ unicast | multicast ] 4. mpls traffic-eng multicast-intact 5. Use the commit or end command.
DETAILED STEPS
Step 1
Command or Action configure Example:
Purpose Enters mode.
Step 2 Step 3
RP/0/# configure
router isis instance-id Example:
Enables IS-IS routing for the specified routing process, and places the router in router configuration mode. In this example, the IS-IS instance is called isp.
RP/0/(config)# router isis isp
address-family { ipv4 | ipv6 } [ unicast | multicast ] Specifies the IPv4 or IPv6 address family, and enters router
Example:
address family configuration mode.
Step 4
RP/0/(config-isis)# address-family ipv4 unicast
mpls traffic-eng multicast-intact Example:
Enables multicast-intact.
Step 5
RP/0/(config-isis-af)# mpls traffic-eng multicast-intact
Use the commit or end command.
commit --Saves the configuration changes and remains within the configuration session.
end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session.
· No --Exits the configuration session without committing the configuration changes.
· Cancel --Remains in the configuration session, without committing the configuration changes.
Implementing IS-IS 62
�Implementing IS-IS
Configuring IP/LDP Fast Reroute
Configuring IP/LDP Fast Reroute
This optional task describes how to enable the IP/LDP fast reroute computation to converge traffic flows around link failures.
Note To enable node protection on broadcast links, fast reroute and bidirectional forwarding detection (BFD) must be enabled on the interface under IS-IS.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. interface type interface-path-id 4. circuit-type { level-1 | level-1-2 | level-2-only } 5. address-family { ipv4 | ipv6 } [ unicast ] 6. fast-reroute {per-link | per-prefix} 7. Do one of the following:
· fast-reroute per-link { level { 1 | 2 }} · fast-reroute per-prefix { level { 1 | 2 }}
8. Do one of the following:
· fast-reroute per-link exclude interface type interface-path-id { level { 1 | 2 }} · fast-reroute per-prefix exclude interface type interface-path-id { level { 1 | 2 }}
9. Do one of the following:
· fast-reroute per-link lfa-candidate interface type interface-path-id { level { 1 | 2 }} · fast-reroute per-prefix lfa-candidate interface type interface-path-id { level { 1 | 2 }}
10. Use the commit or end command.
DETAILED STEPS
Step 1
Command or Action configure Example:
Purpose Enters mode.
Step 2
RP/0/# configure
router isis instance-id Example:
RP/0/(config)# router isis isp
Enables IS-IS routing for the specified routing process, and places the router in router configuration mode. In this example, the IS-IS instance is called isp.
Implementing IS-IS 63
�Configuring IP/LDP Fast Reroute
Implementing IS-IS
Step 3 Step 4 Step 5 Step 6 Step 7
Step 8
Command or Action interface type interface-path-id Example:
Purpose Enters interface configuration mode.
RP/0/(config-isis)# interface GigabitEthernet 0/1/0/3
circuit-type { level-1 | level-1-2 | level-2-only } Example:
(Optional) Configures the type of adjacency.
RP/0/(config-isis-if)# circuit-type level-1
address-family { ipv4 | ipv6 } [ unicast ]
Specifies the address family, and enters router address
Example:
family configuration mode.
· This example specifies the unicast IPv4 address
RP/0/(config-isis-if)# address-family ipv4 unicast
family.
fast-reroute {per-link | per-prefix}
Specifies fast-reroute computation on per-link or per-prefix
Example:
basis.
RP/0/8(config-isis-if-af)# fast-reroute per-link
· per-link--Used for prefix independent per-link computation.
· per-prefix--Used for prefix dependent computation.
Do one of the following:
· fast-reroute per-link { level { 1 | 2 }} · fast-reroute per-prefix { level { 1 | 2 }}
Configures fast-reroute per-link or per-prefix computation for one level; use either level 1 or level 2.
Example:
RP/0/(config-isis-if-af)#fast-reroute per-link level 1
Or
RP/0/(config-isis-if-af)#fast-reroute per-prefix level 2
Do one of the following:
Excludes an interface from fast-reroute computation.
· fast-reroute per-link exclude interface type interface-path-id { level { 1 | 2 }}
· fast-reroute per-prefix exclude interface type interface-path-id { level { 1 | 2 }}
Example:
RP/0/(config-isis-if-af)#fast-reroute per-link exclude interface Loopback0 level 1
Or
RP/0/(config-isis-if-af)#fast-reroute per-prefix exclude interface POS0/6/0/0 level 2
Implementing IS-IS 64
�Implementing IS-IS
ISIS Link Group
Step 9 Step 10
Command or Action
Purpose
Do one of the following:
Configures to include an interface to LFA candidate in
· fast-reroute per-link lfa-candidate interface type fast-reroute computation.
interface-path-id { level { 1 | 2 }}
· fast-reroute per-prefix lfa-candidate interface
type interface-path-id { level { 1 | 2 }}
Example:
RP/0/(config-isis-if-af)#fast-reroute per-link lfa-candidate interface MgmtEth0/RP0/CPU0/0 level
1
Or
RP/0/(config-isis-if-af)#fast-reroute per-prefix lfa-candidate interface MgmtEth0/RP1/CPU0/0 level 2
Use the commit or end command.
commit --Saves the configuration changes and remains within the configuration session.
end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session.
· No --Exits the configuration session without committing the configuration changes.
· Cancel --Remains in the configuration session, without committing the configuration changes.
ISIS Link Group
The ISIS Link-Group feature allows you to define a group or set of links, and raise or lower their ISIS metric according to a predefined number of active links.
When the total number of active links (in terms of ISIS adjacency) in a group falls below the configured number or members, a predefined offset is applied on the remaining active links. When the total number of active links in a group is reverted, ISIS restores the configured metric by removing the offset.
In the example below, Router A has to exit through router B and C. In between A and B there are two layer 3 links with the same ISIS metric (20). There is a similar setup between A and C (30). In normal operations, the traffic from A goes through B. If the ISIS Link-Group is not configured, even when the link between A and B fails, traffic is still routed through B. However, with ISIS Link-Group, you can set an offset of 20 with minimum-members of 2. Thus, if a link between A and B fails, the metric is raised to 40 (configured (20) + offset (20)), and so the traffic is routed to C. Further, you can define another ISIS Link-Group, this time between A and C. If a link between B and C fails, you can raise the offset to 20, and thus traffic is routed back to B.
Implementing IS-IS 65
�Configure Link Group Profile
Implementing IS-IS
Configure Link Group Profile
Perform this task to configure Intermediate System-to-Intermediate System (IS-IS) link group profiles:
SUMMARY STEPS
1. configure 2. router isis instance-id 3. link-group link-group-name { [ metric-offset count | maximum ]
count | revert-members count ] } 4. Use the commit or end command. 5. show isis interface 6. show isis lsp
| [ minimum-members
DETAILED STEPS
Step 1
Command or Action configure Example:
Purpose Enters mode.
Step 2
RP/0/# configure
router isis instance-id Example:
Enters IS-IS configuration submode.
Step 3
RP/0/(config)# router isis purple
link-group link-group-name { [ metric-offset count | maximum ] | [ minimum-members count | revert-members count ] }
Specifies link-group values. Following are the valid values:
· metric-offset: Configures the metric offset for link group. The range is 1-16777214. The default metric offset range is between 1-63 for narrow metric; and 1-16777214 for wide metric.
The maximum option here sets the maximum wide metric offset. All routers exclude this link from their SPF.
· minimum-members: Configures the minimum number of members in the link group. The range is 2-64.
Implementing IS-IS 66
�Implementing IS-IS
Configure Link Group Profile
Command or Action Step 4 Use the commit or end command.
Step 5 Step 6
show isis interface Example:
RP/0/# show isis interface
show isis lsp Example:
RP/0/# show isis lsp
Purpose
· revert-members: Configures the number of members after which to revert in the link group. The range is 2-64.
Note
A link-group is only active after the
minimum-members and offset-metric are
configured in the profile. The
revert-members is default to
minimum-members if it is not configured.
commit --Saves the configuration changes and remains within the configuration session.
end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session.
· No --Exits the configuration session without committing the configuration changes.
· Cancel --Remains in the configuration session, without committing the configuration changes.
(Optional) If link-group is configured on the interface, when showing the IS-IS interface-related topology, this command displays the link-group and current offset-metric value.
(Optional) Displays the updated metric value.
Configure Link Group Profile: Example
The following is an example configuration, along with the show isis interface output:
router isis 1 is-type level-2-only net 49.1111.0000.0000.0006.00 link-group foo metric-offset 100 revert-members 4 minimum-members 2 ! address-family ipv4 unicast metric-style wide ! interface GigabitEthernet0/0/0/1 point-to-point address-family ipv4 unicast
Implementing IS-IS 67
�Configure Link Group Interface
Implementing IS-IS
link-group foo
RP/0/RSP0/CPU0:Iguazu#sh isis interface gig 0/0/0/1 Thu Jun 11 14:55:32.565 CEST
GigabitEthernet0/0/0/1 Adjacency Formation: Prefix Advertisement: IPv4 BFD: IPv6 BFD: BFD Min Interval: BFD Multiplier:
Enabled Enabled Enabled Disabled Disabled 150 3
Circuit Type: Media Type: Circuit Number: Extended Circuit Number: Next P2P IIH in: LSP Rexmit Queue Size:
level-2-only (Interface circuit type is level-1-2) P2P 0 36 8s 0
Level-2 Adjacency Count: LSP Pacing Interval: PSNP Entry Queue Size:
1 33 ms 0
CLNS I/O
Protocol State:
Up
MTU:
1497
SNPA:
0026.9829.af19
Layer-2 MCast Groups Membership:
All ISs:
Yes
IPv4 Unicast Topology: Enabled
Adjacency Formation: Running
Prefix Advertisement: Running
Metric (L1/L2):
110/110
Weight (L1/L2):
0/0
MPLS Max Label Stack: 1
MPLS LDP Sync (L1/L2): Disabled/Disabled
Link-Group (L1/L2):
Configured/Configured
Metric-Offset (L1/L2):100/100
IPv4 Address Family:
Enabled
Protocol State:
Up
Forwarding Address(es): 100.5.6.6
Global Prefix(es):
100.5.6.0/24
LSP transmit timer expires in 0 ms LSP transmission is idle Can send up to 9 back-to-back LSPs in the next 0 ms
Configure Link Group Interface
Perform this task to configure link group under Intermediate System-to-Intermediate System (IS-IS) interface and address-family sub-mode:
Implementing IS-IS 68
�Implementing IS-IS
Configure Link Group Interface
Note One IS-IS interface and address-family can specify only one link-group association. The default is for both levels regardless of the current circuit-type. The link-group association can be specified for one level only if configured.
SUMMARY STEPS
1. configure 2. router isis instance-id 3. interface type interface-path-id 4. address-family ipv4 | ipv6 [ unicast ] 5. link-group link-group-name [ level {1 | 2 } ] 6. Use the commit or end command. 7. show isis interface
DETAILED STEPS
Step 1
Command or Action configure Example:
Purpose Enters mode.
Step 2
RP/0/# configure
router isis instance-id Example:
Enters IS-IS configuration submode.
Step 3
RP/0/(config)# router isis purple
interface type interface-path-id Example:
Enters interface configuration mode.
Step 4 Step 5
RP/0/(config-isis)# interface GigabitEthernet 0/1/0/3
address-family ipv4 | ipv6 [ unicast ] Example:
RP/0/(config-isis)# address-family ipv4 unicast
Specifies the IPv6 address family and enters router address family configuration mode.
· This example specifies the unicast IPv4 address family.
link-group link-group-name [ level {1 | 2 } ] Specifies the link-group name and sets the tag at the level
Example:
specified.
Step 6
RP/0/(config-isis-if)# )#address-family ipv4 unicast link-group access level 1
Use the commit or end command.
commit --Saves the configuration changes and remains within the configuration session.
Implementing IS-IS 69
�Configuration Examples for Implementing IS-IS
Implementing IS-IS
Command or Action
Step 7
show isis interface Example:
RP/0/# show isis interface
Purpose end --Prompts user to take one of these actions:
· Yes -- Saves configuration changes and exits the configuration session.
· No --Exits the configuration session without committing the configuration changes.
· Cancel --Remains in the configuration session, without committing the configuration changes.
(Optional) If link-group is configured on the interface, when showing the IS-IS interface-related topology, this command displays the link-group value.
Configuration Examples for Implementing IS-IS
This section provides the following configuration examples:
Configuring Single-Topology IS-IS for IPv6: Example
The following example shows single-topology mode being enabled. An IS-IS instance is created, the NET is defined, IPv6 is configured along with IPv4 on an interface, and IPv4 link topology is used for IPv6. This configuration allows POS interface 0/3/0/0 to form adjacencies for both IPv4 and IPv6 addresses.
router isis isp net 49.0000.0000.0001.00 address-family ipv6 unicast single-topology interface POS0/3/0/0 address-family ipv4 unicast ! address-family ipv6 unicast ! exit
! interface POS0/3/0/0
ipv4 address 10.0.1.3 255.255.255.0 ipv6 address 2001::1/64
Configuring Multitopology IS-IS for IPv6: Example
The following example shows multitopology IS-IS being configured in IPv6.
router isis isp net 49.0000.0000.0001.00 interface POS0/3/0/0 address-family ipv6 unicast
Implementing IS-IS 70
�Implementing IS-IS
Redistributing IS-IS Routes Between Multiple Instances: Example
metric-style wide level 1 exit ! interface POS0/3/0/0 ipv6 address 2001::1/64
Redistributing IS-IS Routes Between Multiple Instances: Example
The following example shows usage of the attached-bit and redistribute commands. Two instances, instance "1" restricted to Level 1 and instance "2" restricted to Level 2, are configured.
The Level 1 instance is propagating routes to the Level 2 instance using redistribution. Note that the administrative distance is explicitly configured higher on the Level 2 instance to ensure that Level 1 routes are preferred.
Attached bit is being set for the Level 1 instance since it is redistributing routes into the Level 2 instance. Therefore, instance "1" is a suitable candidate to get from the area to the backbone.
router isis 1 is-type level-2-only
net 49.0001.0001.0001.0001.00 address-family ipv4 unicast
distance 116 redistribute isis 2 level 2 ! interface GigabitEthernet 0/3/0/0 address-family ipv4 unicast ! ! router isis 2 is-type level-1 net 49.0002.0001.0001.0002.00 address-family ipv4 unicast
-
! interface GigabitEthernet 0/1/0/0
address-family ipv4 unicast
Tagging Routes: Example
The following example shows how to tag routes.
route-policy isis-tag-55 end-policy ! route-policy isis-tag-555
if destination in (5.5.5.0/24 eq 24) then set tag 555 pass
else drop
endif end-policy !
Implementing IS-IS 71
�Configuring IS-IS Overload Bit Avoidance: Example
Implementing IS-IS
router static address-family ipv4 unicast 0.0.0.0/0 2.6.0.1 5.5.5.0/24 Null0 !
! router isis uut
net 00.0000.0000.12a5.00 address-family ipv4 unicast
metric-style wide redistribute static level-1 route-policy isis-tag-555 spf prefix-priority critical tag 13 spf prefix-priority high tag 444 spf prefix-priority medium tag 777
Configuring IS-IS Overload Bit Avoidance: Example
The following example shows how to activate IS-IS overload bit avoidance:
config mpls traffic-eng path-selection ignore overload
The following example shows how to deactivate IS-IS overload bit avoidance:
config no mpls traffic-eng path-selection ignore overload
Example: Configuring IS-IS To Handle Router Overload
This section describes an example for configuring IS-IS to handle overloading of routers, without setting the overload bit. When a router is configured with the IS-IS overload bit, it participates in the routing process when the overload bit is set, but does not forward traffic (except for traffic to directly connected interfaces). To configure the overload behavior for IS-IS, without setting the overload bit, configure the max-metric statement. By configuring this statement, the router participates in the routing process and is used as a transit node of last resort.
Figure 1:
Before you begin Ensure that you are familiar with configuring router interfaces for a given topology.
Implementing IS-IS 72
�Implementing IS-IS
Example: Configuring IS-IS To Handle Router Overload
SUMMARY STEPS
1. Configure Routers A, B, and C as shown in the topology. 2. Configure IS-IS and the corresponding net addresses on Routers A, B and C. 3. Configure IPv4 and IPv6 address families on the loopback interfaces of Routers A, B, and C. 4. Configure the link metrics on the router interfaces. 5. Confirm your configuration by viewing the route prefixes on Routers A, B, and C. 6. Confirm the link metrics on Router B, prior to configuring the max-metric statement. 7. Configure the max-metric statement on Router B. 8. Commit your configuration. 9. Confirm the change in link metrics on Router B. 10. (Optional) Verify the change in route prefixes on Routers A and C.
DETAILED STEPS
Step 1 Step 2
Configure Routers A, B, and C as shown in the topology.
Use the following IP Addresses:
· Router A Loopback0: 1.1.1.1/32 and 1::1/128
· Router A -> Router B: 11.11.11.2/24 and 11:11:11::2/64
· Router B Loopback0: 2.2.2.2/32 and 2::2/128
· Router B -> Router A: 11.11.11.1/24 and 11:11:11::1/64
· Router B-> Router C: 13.13.13.1/24 and 13:13:13::1/64
· Router C Loopback0: 3.3.3.3/32 and 3::3/128
· Router C-> Router B: 13.13.13.2/24 and 13:13:13::2/64
Configure IS-IS and the corresponding net addresses on Routers A, B and C. Example:
!Router A RP/0/0/CPU0:RouterA(config)# router isis ring RP/0/0/CPU0:RouterA(config-isis)# net 00.0000.0000.0001.00 RP/0/0/CPU0:RouterA(config-isis)# address-family ipv4 unicast RP/0/0/CPU0:RouterA(config-isis)# metric-style wide RP/0/0/CPU0:RouterA(config-isis-af)# exit
!Router B RP/0/0/CPU0:RouterB(config)# router isis ring RP/0/0/CPU0:RouterB(config-isis)# net 00.0000.0000.0002.00 RP/0/0/CPU0:RouterB(config-isis)# address-family ipv4 unicast RP/0/0/CPU0:RouterB(config-isis-af)# exit
!Router C RP/0/0/CPU0:RouterC(config)# router isis ring RP/0/0/CPU0:RouterC(config-isis)# net 00.0000.0000.0003.00 RP/0/0/CPU0:RouterC(config-isis)# address-family ipv4 unicast RP/0/0/CPU0:RouterA(config-isis)# metric-style wide RP/0/0/CPU0:RouterC(config-isis-af)# exit
Implementing IS-IS 73
�Example: Configuring IS-IS To Handle Router Overload
Implementing IS-IS
Step 3 Step 4 Step 5
Configure IPv4 and IPv6 address families on the loopback interfaces of Routers A, B, and C.
Example:
RP/0/0/CPU0:Router(config-isis)# interface loopback0 RP/0/0/CPU0:Router(config-isis-if)# address-family ipv4 unicast RP/0/0/CPU0:Router(config-isis-if-af)# exit RP/0/0/CPU0:Router(config-isis-if)# address-family ipv6 unicast RP/0/0/CPU0:Router(config-isis-if-af)# exit RP/0/0/CPU0:Router(config-isis-if)# exit RP/0/0/CPU0:Router(config-isis)#
Configure the link metrics on the router interfaces.
Example:
! Configuration for Router A Interface GigabitEthernet 0/0/0/0 with Router B is shown here. Similarly, configure other router interfaces.
RP/0/0/CPU0:RouterA(config-isis)# interface GigabitEthernet 0/0/0/0 RP/0/0/CPU0:RouterA(config-isis-if)# address-family ipv4 unicast RP/0/0/CPU0:RouterA(config-isis-if-af)# metric 10 RP/0/0/CPU0:RouterA(config-isis-if-af)# exit RP/0/0/CPU0:RouterA(config-isis-if)# address-family ipv6 unicast RP/0/0/CPU0:RouterA(config-isis-if-af)# exit RP/0/0/CPU0:RouterA(config-isis-if)# exit RP/0/0/CPU0:RouterA(config-isis)#
Confirm your configuration by viewing the route prefixes on Routers A, B, and C.
Example:
! The outputs for Router A are shown here. Similarly, view the outputs for Routers B and C. RP/0/0/CPU0:RouterA# show route Tue Oct 13 13:55:18.342 PST
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, (!) - FRR Backup path
Gateway of last resort is not set
L 1.1.1.1/32 is directly connected, 00:03:40, Loopback0 i L1 2.2.2.2/32 [115/20] via 11.11.11.2, 00:01:27, GigabitEthernet0/0/0/0 i L1 3.3.3.3/32 [115/30] via 11.11.11.2, 00:01:27, GigabitEthernet0/0/0/0 C 11.11.11.0/24 is directly connected, 00:03:39, GigabitEthernet0/0/0/0 L 11.11.11.1/32 is directly connected, 00:03:39, GigabitEthernet0/0/0/0 i L1 13.13.13.0/24 [115/20] via 11.11.11.2, 00:01:27, GigabitEthernet0/0/0/0 i L1 15.15.15.0/24 [115/30] via 11.11.11.2, 00:01:27, GigabitEthernet0/0/0/0
RP/0/0/CPU0:RouterA# show route ipv6 Tue Oct 13 14:00:55.758 PST
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
Implementing IS-IS 74
�Implementing IS-IS
Example: Configuring IS-IS To Handle Router Overload
Step 6 Step 7
U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, (!) - FRR Backup path
Gateway of last resort is not set
L 1::1/128 is directly connected, 00:09:17, Loopback0
i L1 2::2/128 [115/20] via fe80::e9:45ff:fe22:5326, 00:00:05, GigabitEthernet0/0/0/0
i L1 3::3/128 [115/30] via fe80::e9:45ff:fe22:5326, 00:00:05, GigabitEthernet0/0/0/0
C 11:11:11::/64 is directly connected, 00:09:16, GigabitEthernet0/0/0/0
L 11:11:11::1/128 is directly connected, 00:09:16, GigabitEthernet0/0/0/0
i L1 13:13:13::/64 [115/20] via fe80::e9:45ff:fe22:5326, 00:00:05, GigabitEthernet0/0/0/0
i L1 15:15:15::/64 [115/30] via fe80::e9:45ff:fe22:5326, 00:00:05, GigabitEthernet0/0/0/0
Confirm the link metrics on Router B, prior to configuring the max-metric statement.
Example:
RP/0/0/CPU0:RouterB# show isis database Tue Oct 13 13:56:44.077 PST
No IS-IS RING levels found
IS-IS ring (Level-1) Link State Database
LSPID
LSP Seq Num LSP Checksum
RouterB.00-00
* 0x00000005 0x160d
Area Address: 00
NLPID:
0xcc
NLPID:
0x8e
MT:
Standard (IPv4 Unicast)
MT:
IPv6 Unicast
Hostname:
RouterB
IP Address: 2.2.2.2
IPv6 Address: 2::2
LSP Holdtime 1026
ATT/P/OL 0/0/0
0/0/0
Metric: 10 Metric: 10 Metric: 10 Metric: 10 Metric: 10 Metric: 10 Metric: 10 Metric: 10 Metric: 10 Metric: 10 RouterB.01-00 Metric: 0 Metric: 0 Metric: 0 Metric: 0
IS RouterB.01
IS RouterA.00
IP 2.2.2.2/32
IP 11.11.11.0/24
IP 13.13.13.0/24
MT (IPv6 Unicast) IS-Extended RouterB.01
MT (IPv6 Unicast) IS-Extended RouterA.00
MT (IPv6 Unicast) IPv6 2::2/128
MT (IPv6 Unicast) IPv6 11:11:11::/64
MT (IPv6 Unicast) IPv6 13:13:13::/64
0x00000001 0xc8df
913
IS RouterB.00
IS RouterC.00
IS-Extended RouterB.00
IS-Extended RouterC.00
0/0/0
Total Level-1 LSP count: 2
Local Level-1 LSP count: 1
The output verifies that IS-IS protocol is operational and the displayed link metrics (Metric: 10) are as configured. Configure the max-metric statement on Router B.
Example:
Implementing IS-IS 75
�Example: Configuring IS-IS To Handle Router Overload
Implementing IS-IS
Step 8 Step 9
Step 10
RP/0/0/CPU0:RouterB(config)# router isis ring RP/0/0/CPU0:RouterB(config-isis)# max-metric RP/0/0/CPU0:RouterB(config-isis)# exit RP/0/0/CPU0:RouterB(config)#
Commit your configuration. Example:
RP/0/0/CPU0:RouterB(config)# commit
Confirm the change in link metrics on Router B.
Example:
RP/0/0/CPU0:RouterB# show isis database Tue Oct 13 13:58:36.790 PST
No IS-IS RING levels found
IS-IS ring (Level-1) Link State Database
LSPID
LSP Seq Num LSP Checksum LSP Holdtime
RouterB.00-00
* 0x00000006 0x0847
1171
Area Address: 00
NLPID:
0xcc
NLPID:
0x8e
MT:
Standard (IPv4 Unicast)
MT:
IPv6 Unicast
Hostname:
RouterB
IP Address: 2.2.2.2
IPv6 Address: 2::2
Metric: 63
IS RouterB.01
Metric: 63
IS RouterA.00
Metric: 63
IP 2.2.2.2/32
Metric: 63
IP 11.11.11.0/24
Metric: 63
IP 13.13.13.0/24
Metric: 16777214 MT (IPv6 Unicast) IS-Extended RouterB.01
Metric: 16777214 MT (IPv6 Unicast) IS-Extended RouterA.00
Metric: 16777214 MT (IPv6 Unicast) IPv6 2::2/128
Metric: 16777214 MT (IPv6 Unicast) IPv6 11:11:11::/64
Metric: 16777214 MT (IPv6 Unicast) IPv6 13:13:13::/64
RouterB.01-00
0x00000001 0xc8df
800
Metric: 0
IS RouterB.00
Metric: 0
IS RouterC.00
Metric: 0
IS-Extended RouterB.00
Metric: 0
IS-Extended RouterC.00
ATT/P/OL 0/0/0
0/0/0
0/0/0
Total Level-1 LSP count: 2
Local Level-1 LSP count: 1
The output verifies that maximum link metrics (63 for IPv4 and 16777214 for IPv6) have been allocated for the designated links.
(Optional) Verify the change in route prefixes on Routers A and C.
Example:
! The outputs for Router A are shown here. Similarly, view the outputs on Router C. RP/0/0/CPU0:RouterA# show route Tue Oct 13 13:58:59.289 PST
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP
Implementing IS-IS 76
�Implementing IS-IS
Configuring Global Weighted SRLG Protection
A - access/subscriber, a - Application route M - mobile route, (!) - FRR Backup path
Gateway of last resort is not set
L 1.1.1.1/32 is directly connected, 00:07:21, Loopback0 i L1 2.2.2.2/32 [115/73] via 11.11.11.2, 00:00:50, GigabitEthernet0/0/0/0 i L1 3.3.3.3/32 [115/83] via 11.11.11.2, 00:00:50, GigabitEthernet0/0/0/0 C 11.11.11.0/24 is directly connected, 00:07:20, GigabitEthernet0/0/0/0 L 11.11.11.1/32 is directly connected, 00:07:20, GigabitEthernet0/0/0/0 i L1 13.13.13.0/24 [115/73] via 11.11.11.2, 00:00:50, GigabitEthernet0/0/0/0 i L1 15.15.15.0/24 [115/83] via 11.11.11.2, 00:00:50, GigabitEthernet0/0/0/0
RP/0/0/CPU0:RouterA# show route ipv6 Tue Oct 13 14:00:06.616 PST
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, (!) - FRR Backup path
Gateway of last resort is not set
L 1::1/128 is directly connected, 00:08:28, Loopback0
i L1 2::2/128 [115/16777224] via fe80::e9:45ff:fe22:5326, 00:01:58, GigabitEthernet0/0/0/0
i L1 3::3/128 [115/16777234] via fe80::e9:45ff:fe22:5326, 00:01:58, GigabitEthernet0/0/0/0
C 11:11:11::/64 is directly connected, 00:08:27, GigabitEthernet0/0/0/0
L 11:11:11::1/128 is directly connected, 00:08:27, GigabitEthernet0/0/0/0
i L1 13:13:13::/64 [115/16777224] via fe80::e9:45ff:fe22:5326, 00:01:58, GigabitEthernet0/0/0/0
i L1 15:15:15::/64 [115/16777234] via fe80::e9:45ff:fe22:5326, 00:01:58, GigabitEthernet0/0/0/0
The output verifies the impact of maximum metric configuration in the routing table: [115/73] and [115/83]
IS-IS has been successfully configured to handle router overload without setting the overload bit.
Configuring Global Weighted SRLG Protection
A shared risk link group (SRLG) is a set of links sharing a common resource and thus shares the same risk of failure. The existing loop-free alternate (LFA) implementations in interior gateway protocols (IGPs) support SRLG protection. However, the existing implementation considers only the directly connected links while computing the backup path. Hence, SRLG protection may fail if a link that is not directly connected but shares the same SRLG is included while computing the backup path. Global weighted SRLG protection feature provides better path selection for the SRLG by associating a weight with the SRLG value and using the weights of the SRLG values while computing the backup path.
Implementing IS-IS 77
�Configuring Global Weighted SRLG Protection
Implementing IS-IS
To support global weighted SRLG protection, you need information about SRLGs on all links in the area topology. You can flood SRLGs for remote links using ISIS or manually configuring SRLGS on remote links.
Configuration Examples: Global Weighted SRLG Protection
There are three types of configurations that are supported for the global weighted SRLG protection feature.
· local SRLG with global weighted SRLG protection
· remote SRLG flooding
· remote SRLG static provisioning
This example shows how to configure the local SRLG with global weighted SRLG protection feature.
RP/0/RP0/CPU0:router(config)# srlg RP/0/RP0/CPU0:router(config-srlg)# interface TenGigE0/0/0/0 RP/0/RP0/CPU0:router(config-srlg-if)# name group1 RP/0/RP0/CPU0:router(config-srlg-if)# exit RP/0/RP0/CPU0:router(config-srlg)# interface TenGigE0/0/0/1 RP/0/RP0/CPU0:router(config-srlg-if)# name group1 RP/0/RP0/CPU0:router(config-srlg)# name group value 100 RP/0/RP0/CPU0:router(config)# router isis 1 RP/0/RP0/CPU0:router(config-isis)# address-family ipv4 unicast RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix srlg-protection weighted-global RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix tiebreaker srlg-disjoint index 1 RP/0/RP0/CPU0:router(config-isis)# interface TenGigE0/0/0/0 RP/0/RP0/CPU0:router(config-isis-if)# point-to-point RP/0/RP0/CPU0:router(config-isis-if)# address-family ipv4 unicast RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix ti-lfa RP/0/RP0/CPU0:router(config-isis)# srlg RP/0/RP0/CPU0:router(config-isis-srlg)# name group1 RP/0/RP0/CPU0:router(config-isis-srlg-name)# admin-weight 5000
This example shows how to configure the global weighted SRLG protection feature with remote SRLG flooding.The configuration includes local and remote router configuration. On the local router, the global weighted SRLG protection is enabled by using the fast-reroute per-prefix srlg-protection weighted-global command. In the remote router configuration, you can control the SRLG value flooding by using the advertise application lfa link-attributes srlg command. You should also globally configure SRLG on the remote router.
The local router configuration for global weighted SRLG protection with remote SRLG flooding is as follows:
RP/0/RP0/CPU0:router(config)# router isis 1 RP/0/RP0/CPU0:router(config-isis)# address-family ipv4 unicast RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix srlg-protection weighted-global RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix tiebreaker srlg-disjoint index 1 RP/0/RP0/CPU0:router(config-isis-if-af)# exit RP/0/RP0/CPU0:router(config-isis)# interface TenGigE0/0/0/0 RP/0/RP0/CPU0:router(config-isis-if)# point-to-point RP/0/RP0/CPU0:router(config-isis-if)# address-family ipv4 unicast RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix ti-lfa RP/0/RP0/CPU0:router(config-isis-if-af)# exit RP/0/RP0/CPU0:router(config-isis)# srlg
Implementing IS-IS 78
�Implementing IS-IS
Label Distribution Protocol IGP Auto-configuration
RP/0/RP0/CPU0:router(config-isis-srlg)# name group1 RP/0/RP0/CPU0:router(config-isis-srlg-name)# admin-weight 5000
The remote router configuration for global weighted SRLG protection with remote SRLG flooding is as follows:
RP/0/RP0/CPU0:router(config)# srlg RP/0/RP0/CPU0:router(config-srlg)# interface TenGigE0/0/0/0 RP/0/RP0/CPU0:router(config-srlg-if)# name group1 RP/0/RP0/CPU0:router(config-srlg-if)# exit RP/0/RP0/CPU0:router(config-srlg)# interface TenGigE0/0/0/1 RP/0/RP0/CPU0:router(config-srlg-if)# name group1 RP/0/RP0/CPU0:router(config-srlg)# name group value 100 RP/0/RP0/CPU0:router(config-srlg)# exit RP/0/RP0/CPU0:router(config)# router isis 1 RP/0/RP0/CPU0:(config-isis)# address-family ipv4 unicast RP/0/RP0/CPU0:router(config-isis-af)# advertise application lfa link-attributes srlg
This example shows configuring the global weighted SRLG protection feature with static provisioning of SRLG values for remote links. You should perform these configurations on the local router.
RP/0/RP0/CPU0:router(config)# srlg RP/0/RP0/CPU0:router(config-srlg)# interface TenGigE0/0/0/0 RP/0/RP0/CPU0:router(config-srlg-if)# name group1 RP/0/RP0/CPU0:router(config-srlg-if)# exit RP/0/RP0/CPU0:router(config-srlg)# interface TenGigE0/0/0/1 RP/0/RP0/CPU0:router(config-srlg-if)# name group1 RP/0/RP0/CPU0:router(config-srlg)# name group value 100 RP/0/RP0/CPU0:router(config-srlg)# exit RP/0/RP0/CPU0:router(config)# router isis 1 RP/0/RP0/CPU0:router(config-isis)# address-family ipv4 unicast RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix srlg-protection weighted-global RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix tiebreaker srlg-disjoint index 1 RP/0/RP0/CPU0:router(config-isis)# interface TenGigE0/0/0/0 RP/0/RP0/CPU0:router(config-isis-if)# point-to-point RP/0/RP0/CPU0:router(config-isis-if)# address-family ipv4 unicast RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix RP/0/RP0/CPU0:router(config-isis-if-af)# fast-reroute per-prefix ti-lfa RP/0/RP0/CPU0:router(config-isis)# srlg RP/0/RP0/CPU0:router(config-isis-srlg)# name group1 RP/0/RP0/CPU0:router(config-isis-srlg-name)# admin-weight 5000 RP/0/RP0/CPU0:router(config-isis-srlg-name)# static ipv4 address 10.0.4.1 next-hop ipv4 address 10.0.4.2 RP/0/RP0/CPU0:router(config-isis-srlg-name)# static ipv4 address 10.0.4.2 next-hop ipv4 address 10.0.4.1
Label Distribution Protocol IGP Auto-configuration
Label Distribution Protocol (LDP) Interior Gateway Protocol (IGP) auto-configuration simplifies the procedure to enable LDP on a set of interfaces used by an IGP instance. LDP IGP auto-configuration can be used on a large number interfaces (for example, when LDP is used for transport in the core) and on multiple IGP instances simultaneously.
This feature supports the IPv4 address family for the default VPN routing and forwarding (VRF) instance.
Implementing IS-IS 79
�MPLS LDP-IGP Synchronization Compatibility with LDP Graceful Restart
Implementing IS-IS
LDP IGP auto-configuration can also be explicitly disabled on individual interfaces under LDP using the igp auto-config disable command. This allows LDP to receive all IGP interfaces except the ones explicitly disabled. See the MPLS configuration guide for information on configuring LDP IGP auto-configuration.
MPLS LDP-IGP Synchronization Compatibility with LDP Graceful Restart
LDP graceful restart protects traffic when an LDP session is lost. If a graceful restart-enabled LDP session fails, MPLS LDP IS-IS synchronization is still achieved on the interface while it is protected by graceful restart. MPLS LDP IGP synchronization is eventually lost under the following circumstances:
· LDP fails to restart before the LDP graceful restart reconnect timer expires.
· The LDP session on the protected interface fails to recover before the LDP graceful restart recovery timer expires.
MPLS LDP-IGP Synchronization Compatibility with IGP Nonstop Forwarding
IS-IS nonstop forwarding (NSF) protects traffic during IS-IS process restarts and route processor (RP) failovers. LDP IS-IS synchronization is supported with IS-IS NSF only if LDP graceful restart is also enabled over the interface. If IS-IS NSF is not enabled, the LDP synchronization state is not retained across restarts and failovers.
Support for a Configurable Knob to Reject ISIS PDU on L2 Interfaces
Table 4: Feature History Table
Feature Name Release Information
Support for a Release 7.3.1 Configurable Knob to Reject ISIS PDU on Layer 2 Interfaces
Feature Description
This feature enables you to use Layer 2 ACL to drop ISIS packets from certain ISIS destination MAC addresses. Dropping ISIS packets allows you to isolate a particular node from ISIS domain. This feature enables you to utilize the network bandwidth efficiently.
This feature introduces the ethernet-services access-list isis-drop-all-l2-pdus command
If you bind Layer 2 ACL to Layer 2 physical main interface or subinterface, or bundle main interface or subinterface, the ISIS TRAP is enabled at the main interface ethernet port. These interfaces share the same ethernet port. So even if you configure Layer 2 ACL either on the main interface or subinterface, the ISIS traffic reaching both the main and subinterfaces is dropped. The main or sub interfaces can be Layer 3 or Layer 2. You can configure only one Layer 2 ACL configuration which you can apply to multiple interfaces.
Restrictions · This feature is supported only in the ingress direction.
Implementing IS-IS 80
�Implementing IS-IS
Support for a Configurable Knob to Reject ISIS PDU on L2 Interfaces
· Per-interface statistics is not supported. · Layer 2 ACL modification is not supported. · Only remarks can be added, updated or modified. · Any insertion or modification of Layer ACL access control entries (ACE) is rejected. However, deletion
of ACE is accepted as it cannot be blocked. · If you delete the ACE from an attached Layer 2 ACL, detach the Layer 2 ACL on all the interfaces,
modify the Layer 2 ACL, and re-attach it to the interfaces to recover the deleted ACE. · Layer 2 ACL supports matching only on ISIS destination MAC address. It does not support any other
Layer 2 fields, such as srcMAC, pcp etc. Configure any one of the ISIS Destination MAC addresses to drop ISIS packets. Non-ISIS destination MAC configuration is rejected. · Hardware drops the ISIS packets when you configure one of the these destination MAC addresses:
· 01:80:c2:00:00:14 · 01:80:c2:00:00:15 · 09:00:2b:00:00:04 · 09:00:2b:00:00:05 · 01:00:5e:90:00:02 · 01:00:5e:90:00:03
You can configure only one set of L2 ACL configuration. Configure deny on ISSI DMAC first and then configure permit any any. If you configure any additional ACE, the configuration is rejected.
Configuration Example Only the following L2 ACL configuration is allowed.
Router# configure Router(config)# ethernet-services access-list isis-drop-all-l2-pdus Router(config)# 5 remark Drain ISIS between two routers Router(config)# 20 deny any host 0180.c200.0015 Router(config)# 200 permit any any
Perform the interface configuration:
Note You can configure this feature in bundle interfaces and subinterface, and physical interfaces and subinterfaces.
Perform the following steps to configure the feature in bundle interface.
Router# configure Router(config)# interface Bundle-Ether 100 l2transport Router(config-if)# mtu 2000 Router(config-if)# ethernet-services access-group isis-drop-all-l2-pdus ingress
Perform the following steps to configure the feature in bundle subinterface.
Router# configure Router(config)# interface Bundle-Ether101.101 l2transport
Implementing IS-IS 81
�Support for a Configurable Knob to Reject ISIS PDU on L2 Interfaces
Implementing IS-IS
Router(config-if)# encapsulation dot1q 101 Router(config-if)# rewrite ingress tag pop 1 symmetric Router(config-if)# mtu 2000 Router(config-if)# ethernet-services access-group isis-drop-all-l2-pdus ingress
Perform the following steps to configure the feature in physical interface.
Router# configure Router(config)# interface hundredGigE 0/0/0/0 l2transport Router(config-if)# mtu 2000 Router(config-if)# ethernet-services access-group isis-drop-all-l2-pdus ingress
Perform the following steps to configure the feature in physical subinterface.
Router# configure Router(config)# interface hundredGigE 0/3/0/1.100 l2transport Router(config-if)# encapsulation dot1q 100 Router(config-if)# rewrite ingress tag pop 1 symmetric Router(config-if)# mtu 2000 Router(config-if)# ethernet-services access-group isis-drop-all-l2-pdus ingress
Running Configuration
show running-config ethernet-services access-list ethernet-services access-list isis-drop-all-l2-pdus 5 remark Drain ISIS between two routers 20 deny any host 0180.c200.0015 200 permit any any
Router# show running-config inter bundle-Ether 100 Sun Feb 14 12:51:27.425 PST interface Bundle-Ether100 l2transport mtu 2000 ethernet-services access-group isis-drop-all-l2-pdus ingress !
Router# show running-config inter bundle-Ether 101.101 Sun Feb 14 12:51:27.425 PST interface Bundle-Ether101.101 l2transport encapsulation dot1q 101 rewrite ingress tag pop 1 symmetric mtu 2000 ethernet-services access-group isis-drop-all-l2-pdus ingress
show running-config interface hundredGigE 0/0/0/0 Sun Feb 14 12:51:27.425 PST interface hundredGigE 0/0/0/0 l2transport mtu 2000 ethernet-services access-group isis-drop-all-l2-pdus ingress !
show running-config interface hundredGigE 0/3/0/1.100 Sun Feb 14 12:51:27.425 PST interface hundredGigE 0/3/0/1.100 l2transport encapsulation dot1q 100 rewrite ingress tag pop 1 symmetric mtu 2000 ethernet-services access-group isis-drop-all-l2-pdus ingress !
Implementing IS-IS 82
�Implementing IS-IS
Support for a Configurable Knob to Reject ISIS PDU on L2 Interfaces
Verification
Router# show access-lists ethernet-services l2 hardware ingress location Thu Jan 21 04:22:12.667 UTC ethernet-services access-list l2 20 deny any host 0180.c200.0014 (1243345) 200 permit any any
Router# show access-lists ethernet-services Sun Feb 14 12:52:09.539 PST ethernet-services access-list isis-drop-all-l2-pdus 5 remark Drain ISIS between two routers. 20 deny any host 0180.c200.0015 200 permit any any
Router# show access-lists ethernet-services isis-drop-all-l2-pdus hardware ingress location 0/0/CPU0 Sun Feb 14 12:52:39.620 PST ethernet-services access-list isis-drop-all-l2-pdus 20 deny any host 0180.c200.0015 200 permit any any
Router# show access-lists ethernet-services isis-drop-all-l2-pdus hardware ingress detail location 0/0/CPU0 Sun Feb 14 12:52:47.962 PST
isis-drop-all-l2-pdus Details: Sequence Number: 20 NPU ID: 1 Number of DPA Entries: 1 ACL ID: 1 ACE Action: DENY ACE Logging: DISABLED Set TTL value: 0 Hit Packet Count: 0 Source MAC: 0000:0000:0000 Source MAC Mask: 0000:0000:0000 Destination MAC: 0180:C200:0015 Destination MAC Mask: FFFF:FFFF:FFFF DPA Entry: 1
Entry Index: 0 DPA Handle: 0x93C84100 Sequence Number: 200 NPU ID: 1 Number of DPA Entries: 1 ACL ID: 1 ACE Action: PERMIT ACE Logging: DISABLED Set TTL value: 0 Source MAC: 0000:0000:0000 Source MAC Mask: 0000:0000:0000 Destination MAC: 0000:0000:0000 Destination MAC Mask: 0000:0000:0000 DPA Entry: 1 Entry Index: 0 DPA Handle: 0x93C84278
Router# show access-lists ethernet-services isis-drop-all-l2-pdus hardware ingress sequence 20 location 0/0/CPU0 Sun Feb 14 12:53:46.456 PST ethernet-services access-list isis-drop-all-l2-pdus
Implementing IS-IS 83
�spf-interval ietf
Implementing IS-IS
20 deny any host 0180.c200.0015
Router# show access-lists ethernet-services isis-drop-all-l2-pdus hardware ingress sequence 20 detail location 0/0/CPU0 Sun Feb 14 12:54:14.849 PST
isis-drop-all-l2-pdus Details: Sequence Number: 20 NPU ID: 1 Number of DPA Entries: 1 ACL ID: 1 ACE Action: DENY ACE Logging: DISABLED Set TTL value: 0 Hit Packet Count: 0 Source MAC: 0000:0000:0000 Source MAC Mask: 0000:0000:0000 Destination MAC: 0180:C200:0015 Destination MAC Mask: FFFF:FFFF:FFFF DPA Entry: 1
Entry Index: 0 DPA Handle: 0x93C84100
spf-interval ietf
To set an shortest path first (SPF) interval in IS-IS for SPF calculations, use the spf-interval ietf command in the System Admin Config mode. Use the no form of this command to enable the fabric bundle port.
spf-interval ietf [{ initial-wait msec | short-wait msec | long-wait msec | learn-interval msec | holddown-interval msec }] [ level { 1 | 2 } ]
Syntax Description
spf-interval
Specifies the number of seconds between two consecutive SPF calculations.
ietf
Specifies Internet Engineering Task Force (IETF) RFC standard 8405.
initial-wait msec
Initial SPF calculation delay before running a route calculation. The initial-wait must be less than or equal to short-wait. Range is 0 to 120000. The default value is 50 milliseconds.
short-wait msec
Short SPF calculation delay before running a route calculation. The short-wait must be less than or equal to long-wait. Range is 0 to 120000. The default value is 200 milliseconds.
long-wait msec
Long SPF calculation delay before running a route calculation. Range is 0 to 120000. The default value is 5000 milliseconds.
learn-interval msec
Time To Learn interval for running a route calculation. The learn-interval must be less than or equal to holddown-interval. Range is 0 to 120000. The default value is 500 milliseconds.
holddown-interval msec Hold-down interval for running a route calculation. Range is 0 to 120000. The default value is 10000 milliseconds.
level { 1 | 2 }
(Optional) Enables the SPF interval configuration for Level 1 or Level 2 independently.
Implementing IS-IS 84
�Implementing IS-IS
spf-interval ietf
Command Default Command Modes Command History
Usage Guidelines
Task ID
None System Admin Config mode
Release
Release 7.7.1
Modification This command was introduced.
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
SPF calculations are performed only when the topology changes. They are not performed when external routes change.
Task Operations ID
is-is read, write
Example
The following example shows how to configure IETF to set an SPF interval in IS-IS for SPF calculations.
Router# configure
Router(config)# router isis isp
Router(config-isis)# address-family ipv4 unicast
Router(config-isis-af)# spf-interval ietf?
initial-wait Initial delay before running a route calculation [50]
short-wait
Short delay before running a route calculation [200]
long-wait
Long delay before running a route calculation [5000]
learn-interval Time To Learn interval for running a route calculation [500]
holddown-interval Holddown interval for running a route calculation [10000]
level
Set SPF interval for one level only
Router(config-isis-af)# spf-interval ietf
Router(config-isis-af)# commit
The following show command displays the output with the new spf-interval algorithm. The output displays the actual delay taken to compute the SPF.
Router# show isis ipv4 spf-log last 5 detail
IS-IS 1 Level 2 IPv4 Unicast Route Calculation Log
Time Total Trig.
Timestamp Type (ms) Nodes Count First Trigger LSP Triggers
------------ ----- ----- ----- ----- -------------------- -----------------------
--- Wed Mar 16 2022 ---
15:31:49.763 FSPF
1
6
3
tb5-r4.00-00 LINKBAD PREFIXBAD
Delay:
101ms (since first trigger)
261177ms (since end of last calculation)
Trigger Link:
tb5-r2.00
Trigger Prefix:
34.1.24.0/24
New LSP Arrivals:
0
SR uloop:
No
Next Wait Interval: 200ms
RIB Batches:
1 (0 critical, 0 high, 0 medium, 1 low)
Timings (ms):
+--Total--+
Implementing IS-IS 85
�spf-interval ietf
SPT Calculation: Route Update:
Real CPU
1
1
0
0
----- -----
Implementing IS-IS
Implementing IS-IS 86
�References
DITA Open Toolkit XEP 4.30.961; modified using iText 2.1.7 by 1T3XT
Cisco Feature Navigator
yang/vendor/cisco/xr at main · YangModels/yang · GitHub
Routing Configuration Guide for Cisco 8000 Series Routers, IOS XR Release 7.7.x - Implementing IS-IS [Cisco 8000 Series Routers] - Cisco
ietf.org/rfc/rfc8405.html