IS-IS - univ-reims.frlsteffenel/cours/FC/BSCI4.pdf · IS-IS Protocol Options IS-IS (ISO 10589) –Dynamic link state routing protocol used in an ISO CLNS envitironment. ISO-IGRP –Cisco
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
IS-ISIS IS
I t di t S t t I t di t S tIntermediate System to Intermediate System
IS-IS, which stands for Intermediate System to Intermediate System, is therouting protocol for the ISO's Connectionless Network Protocol (CLNP) It is
routing protocol for the ISO s Connectionless Network Protocol (CLNP). It isdescribed in ISO 10589. The first production incarnation of the protocol wasdeveloped by Digital Equipment Corporation for its DECnet Phase V.
IS-IS OSPF comparison - Terminologyp gy
IS-IS OSPF CommentsES (End System) HostIS (Intermediate System) RouterCircuit LinkSNPA (S b t k P i t f D t li k AddSNPA (Subnetwork Point of Attachment)
Datalink Address
PDU (Protocol Data Unit) PacketDIS (Designated Intermediate System)
Other IS-IS OSPFLS Aging 1,200 sec or 20 min 3,600 sec or 60 ming g , ,LS Refresh Every 15 min Every 30 minSPF Delay/Holdtime 5.5 sec / 10 sec 5 sec / 10 sec
CLNS (Connectionless Network Service) Performs datagram support, does not require circuit to be established
––CLNPCLNP (Connectionless Network Protocol) – OSI network layer protocol that carries upper layer data over connectionless links. (Similar to IP)
IS-IS Protocol Options
IS-IS (ISO 10589)–Dynamic link state routing protocol used in an ISO CLNSCLNS
i tenvironment.
ISO-IGRP–Cisco IOS offers proprietary routing protocol for CLNSCLNS–Cisco IOS offers proprietary routing protocol for CLNSCLNS.–Based on IGRPIGRP, distance vector technology.–Can be used for Level 3 RoutingLevel 3 Routing, between IS-IS domains.
Integrated IS-IS (RFC 1195)–IS-IS for mixed ISO CLNS and IP environments.Eith–Either:
Level 1 and Level 2 IS (L1-L2 IS, router)–Analogous to OSPF ABR router–Participate in both L1 intraL1 intra--areaarea routing and L2 interL2 inter--areaarea routing.
Level 1 Router
L l 1 IS (L1 IS t )Level 1 IS (L1 IS, router)–Analogous to OSPF Internal non-backbone router (Totally Stubby)–Responsible for routing to ESs inside an area.p g
A contiguous group of Level 1 routers define an area.
Level 1 routers maintain the Level 1 database for the area and exit i t t i hb i
Store separate database of only inter-area topology
Level 1 – Level 2 Router
Level 1 and Level 2 IS (L1-L2 IS router)Level 1 and Level 2 IS (L1-L2 IS, router)–Analogous to OSPF ABR router–Participate in both L1 intra-area routing and L2 inter-area routing.
M i t i b th L l 1 d L l 2 LSDBMaintain both Level 1 and Level 2 LSDBSupport Level 1 function communicating with other Level 1 routers in their area
–Inform other Level 1 routers that they are the exit point (default route) from the
Support Level 2 function communicating with the rest of the backbone path.
IS-IS Backbone
IS-IS does not share the concept of a backbone area 0 with OSPF.
An IS-IS backbone can appear as a set of distinct areas interconnected bybyAn IS IS backbone can appear as a set of distinct areas interconnected by by a a chain of chain of Level 2 Level 2 routersrouters, weaving their way through and between the Level 1 Areas.
The IS-IS backbone (path) consists of a contiguous set of Level 1-2 and
Cisco routers routing CLNS use addressing that conforms to the ISO 10589standard.
NSAP Address Structure
IDP
The initial domain part (IDP) corresponds to an IP classful major network. The IDP consists of an authority and format identifier (AFI), and an initial domain identifier (IDI):( )
Addresses starting with the AFI value of 49 are private addresses, analogous to RFC 1918 for IP addresses.
The IDI identifies a subdomain under the AFI. For instance, 47.0005 is assigned to civilian departments of the U.S. government, and 47.0006 is assigned to the U.S. Department of Defense.
NSAP Address Structure
DSP
The domain specific part (DSP) contributes to routing within an IS-IS routingdomain The DSP comprises the high-order DSP (HO-DSP) the system ID anddomain. The DSP comprises the high-order DSP (HO-DSP), the system ID, andthe NSEL.
The HO-DSP subdivides the domain into areas. It is basically the OSI equivalent ofa subnet in IPa subnet in IP.
The system ID identifies an individual OSI device. In OSI, a device has an addressjust as it does in DECnet; while in IP, each interface has an address.
The NSEL identifies a process on the device and corresponds roughly to a port orsocket in IP. The NSEL is not used in routing decisions.
Cisco formatCisco format: Area – System ID – NSELNSEL (always 00 on ISs)
49.0001.2222.2222.2222.0000
NSAPs
Format of the Cisco NSAP address consists of three parts. 1. Area address2. System ID3. NSAP selector byte
Area address is a variable length field
The system ID is the ES or IS identifier in an area, similar to the OSPF router ID. – The system ID has a fixed length of six bytes as engineered in the Cisco IOS. – Cisco routers compliant with the U S Government OSI Profile (GOSIP) versionCisco routers compliant with the U.S. Government OSI Profile (GOSIP) version
2.0 standards require a 6-byte system ID. The NSAP selector byte is a service identifier. – Analogous to that of a port or socket in TCP/IP
NSAP prefixes are required for CLNS routing, including IP only networks.
Even in IP only networks, IS-IS uses OSI addresses:–Identify the router (IS)–Identify the router (IS)–Build the topology table–Build the SPF tree–LSPs–Hello and other PDUs
•172.16.150.9 -> 172.016.150.009 -> 1720.1615.0009Each device (IS and ES) must have a unique System ID within the area. (Recommended to make them unique within the domain.)
NSAPs – Cisco Format
Area – System ID – NSEL
NSEL (NSAP Selector)
NSEL is a service identifier.
y49.0001.2222.2222.2222.00
Loosely equivalent to that of a port or socket in TCP/IP.
Must be specified by a single byte preceded by a period (.)
N t d i ti d i iNot used in routing decisions.
NET
When NSEL = 00, it identifies the device itself, the network level address.
In OSI there are only two main types of physical links:In OSI there are only two main types of physical links:–Broadcast: Multiaccess media types, usually LANs–Nonbroadcast: Point-to-Point, Multipoint, and dynamically established links (WAN links)links (WAN links)
Changed using the interface command isis hello multiplier
–Default is 3
LAN Representation and Adjacencies
DIS
Similar to the DR in OSPF…
DIS (Designated IS) is elected to generate the LSP (Link State Packet, ie. LSA) representing the virtual router, connecting all attached routers to a star-shared topology
For SPF, the whole network must look like a collection of nodes and point-to-point links
The adjacencies also determine what type of routes the IS (router) willThe adjacencies also determine what type of routes the IS (router) will have in its routing table.
–L1 – Intra-area routes (routes only within that area)L2 I t t ( t f th )
–L2 – Inter-area routes (routes from other areas)–Or both
WAN AdjacenciesAdjacencies
For an adjacency to be formed and maintained, routers must agree on:For an adjacency to be formed and maintained, routers must agree on:–If they are both Level 1, they must be in the same area–The System ID must be unique to each router.
(minimumLSPTransmissionInterval) of 5 seconds–If PSNP is not received, it resends LSP.
Update ProcessProcessPSNP (OSPF LSR)
goes to DIS.
CSNP (DBD)
LSP 77 (LSA)
gIII. LSP 77 is sent
by DIS to R1 PSNP(LSR)
PSNP(LSAck)
On Broadcast networks:–LSPs are not acknowledged by each receiving router.–DIS periodically multicasts a CSNP (to all L1ISs 0180.c200.0014 and to all L2 ISs 0180.c200.0015)(OSPF DBD) that describes every LSP in LSDB.
•Default is every10 seconds–L1 CSNPs are multicast to AllL1ISs–L2 CSNPs are multicast to AllL2ISs
Decision ProcessO S SOnce the update process has built the LSDB, the Decision Process uses the LSDB to calculate the SPF.
Separates SPF for L1 routes and L2 routes.
Four types of metrics:1. Default – Cisco only supports this metric.2. Delay3. Expense4 Error4. Error
Each metric is expressed as an integer between 0 and 63.B(config-router)#metric ?<1-63> Default metric
B(config-router)#metric-style ?narrow Use old style of TLVs with narrow metrictransition Send and accept both styles of TLVs during transitionwide Use new style of TLVs to carry wider metric
<1-16777214> Default metricmaximum Maximum metric. All routers will exclude this link from their SPF
MetricCisco assigns a default metric of 10 to every interface regardless of interfaceCisco assigns a default metric of 10 to every interface regardless of interface type.
Left to the default, IS-IS metric becomes a simple measure of hop count.Use the interface command isis metric to change the default valueUse the interface command isis metric to change the default value.
The total cost of any route is a sum of the individual metrics of the outgoing interfaces.This is known as the narrow metric which uses 6 bits for the interface metricThis is known as the narrow metric, which uses 6 bits for the interface metric and 10 bits for the total path metric.
The maximum interface metric value is 63.
Th i t t l th t i l i 1023The maximum total path metric value is 1023.
Extended Metric–Cisco IOS software addresses this issue with the support of a 24-bit metric field for the interface and a 32 bit metric for the total path, called the wide metric. Using the new metric style link metrics now have a maximum value of
–Using the new metric style, link metrics now have a maximum value of 16’777’215 (224 - 1) with a total path metric of 4’261’412’864 (232 - 225).
MetricsOdds and EndsOdds and Ends
Supports VLSM
L1 routers calculate path to the nearest L2 router for inter-area routing (OSPF: TotallyL1 routers calculate path to the nearest L2 router for inter-area routing (OSPF: Totally Stubby Area)
–When an L2 or L1L2 router is attached to another area, the router will advertise this fact –The Decision Process in L1 routers will choose the metrically closest L1L2 router as
th d f lt tthe default router.–An L1 0.0.0.0/0 route will be entered into the routing table.
IS IS d dd t k k i d t fi i tiIS-IS command - summary-address network mask is used to configure summarization (Level 1, Level 2 or both).
B(config-router)#summary-address 10.0.0.0 255.240.0.0 ?level-1 Summarize into level-1 arealevel-1 Summarize into level-1 arealevel-1-2 Summarize into both area and sub-domainlevel-2 Summarize into level-2 sub-domainmetric Set metric for summay route
Odds and EndsOdds and EndsOdds and EndsOdds and Ends
Level 2 routers are expected to know about all routesLevel 2 routers are expected to know about all routesLevel 2 routers are expected to know about all routesLevel 2 routers are expected to know about all routes.–ISIS command: default-information originate is used to advertise a default route into the backbone path.
L1L2 routers run two IS-IS processes, one for its L1 LSDB and another for its L2 LSDB.
Once a packet is accepted by a router the System ID and NSEL are stripped.
CLV (Code/Length/Value) and TLV (Type/Length/Value)CLV (Code/Length/Value) and TLV (Type/Length/Value)–Are the same thing, CLV is more of the OSI term.–There are variable length fields in a PDU.
•Code or Type specifies the type of information.•Length specifies the size of the Value field.•Value is the information itself•Value is the information itself.
–Example: CLV or TLV 128 defines the capability to carry IP routes in IS-IS packets, while TLV 128 is Integrated Integrated ISIS ISIS while TLV 3 defineswhile TLV 3 defines ESESISIS--IS, IS, while TLV 3 defines while TLV 3 defines ESES..
IS IS Routing Process: UpdateIS-IS Routing Process: Update
The Update ProcessThe Update Process
Routers can only forward data packets if they have an understanding of the network topology.
LSPs are generated and flooded throughout the network whenever:whenever:
–An adjacency comes up or down (example: a new router comes online).A i t f t h t t i i d–An interface on a router changes state or is assigned a new metric.
–An IP route changes (example: because of redistribution)
IS-IS Routing Process: UpdatePropagating (sending) LSPs on a Point to Point InterfacePropagating (sending) LSPs on a Point-to-Point Interface
–Likewise, if the receiving router is missing any LSPs received in the CSNP, the receiving router sends a PSNP (OSPF LSR) requesting the full LSP to be sentfull LSP to be sent.
–LSPs are acknowledges with a PSNP (OSPF LSAck)–When the LSP is sent, the router sets a timer.
•If the acknolwedgement (PSNP) is not received within 5 seconds (Cisco default), the LSP is resent.
IS IS Routing Process: UpdateIS-IS Routing Process: Update
Propagating (sending) LSPs on a Broadcast InterfacePropagating (sending) LSPs on a Broadcast Interface–The DIS (OSPF DR) takes on much of the responsibility for synchronizing the databases on behalf of the pseudonode.
–DIS has three tasks:••Creating and maintaining adjacenciesCreating and maintaining adjacencies••Creating and updating theCreating and updating the pseudonodepseudonode LSPLSPCreating and updating the Creating and updating the pseudonodepseudonode LSPLSP••Flooding the LSPs over the Flooding the LSPs over the LANLAN..
IS-IS Routing Process: UpdatePropagating (sending) LSPs on a Broadcast InterfacePropagating (sending) LSPs on a Broadcast Interface
–On receiving a CSNP the router compares it with its LSDB…–If the receiving router has a newer version of the LSP then what was sent in the CSNP or if the CSNP did not contain one of its LSPs the routerthe CSNP, or if the CSNP did not contain one of its LSPs, the router multicasts the LSP to all routers on the LAN.
Receipt of LSP 88 is acknowledged by all routers with a PSNP.
IS-IS Routing Process: Update
Propagating (sending) LSPs on a Broadcast Interface–On receiving a CSNP the router compares it with its LSDB…–If the database is missing an LSP that was in the CSNP, it sends a PSNP requesting the full LSP.
IS IS Routing Process: UpdateIS-IS Routing Process: Update
Receiving an LSP–If the LSP is already present in the database (LSDB), the router y p ( )(IS) acknowledges (PSNP) and ignores it.
•The router sends the duplicated LSP to its neighbors.•Level 1 LSPs are flooded throughout the areaLevel 1 LSPs are flooded throughout the area•Level 2 LSPs are sent across all L2 adjacencies.
IS-IS Routing Process: UpdateDetermining if an LSP is valid:
–Receiving router uses three fields to help determine if the received LSP is more recent than the one in its LSDB.R i i Lif ti–Remaining Lifetime
•Used to age-out or delete LSPs•Lifetime is set to 0 and flooded•Receiving routers recognize this means the route is bad and deletes the LSP from their LSDB, rerunning SPF algorithm, new SPT, new routing table.•Note: LSPs have a maximum age of 20 minutes in an IS-IS LSDB, and are re-flooded (refreshed) every 15 minutesre flooded (refreshed) every 15 minutes.
–Sequence Number•First LSP starts with a sequence number of 1, with following LSPs incremented by 1.y
–Checksum•If received LSP’s checksum does not computer correctly, the LSP is flushed and the lifetime set to 0.
•The receiving router floods the LSP with the lifetime set to 0.•When the originating router gets this LSP (lifetime = 0) it retransmits a new LSP.
IS-IS Routing Process: Decision
The Decision Process–Uses Dijkstra’s algorithm to build a SPT (Shortest Path Tree)–The SPT is used to create the forwarding table, also known as the routing table.
–Several tables are used during this process:Several tables are used during this process:•PATH table
–PATH table is the SPT during the construction of the LSDBLSDB–Each candidate route is placed in the PATH table while the metric is examined to determine if it is the shortest path to the destinationpath to the destination.
•TENT is the tentative databasetentative database (a scratchpad) during this process
IS-IS Routing Process: DecisionDetermining the best route
Criteria by which the lowest cost paths are selected and placed in the forwarding database are:g
–Cisco allows up to six equalsix equal--cost pathscost paths, four by defaultfour by default.–Cisco only supports the default metricdefault metricI t l th h b f t l th t id th ti–Internal paths are chosen before external paths outside the routing domain, to prevent sub-optimal routes and routing loops.
–Level 1 paths within the area are “more attractive”“more attractive” than Level 2 th t id th t t bt t b ti l t d titi l t d tipaths outside the area, to prevent subto prevent sub--optimal routes and routing optimal routes and routing
loops.loops.–Longest match or most specific address in IP ensures that the
l t t i hclosest router is chosen.––ToSToS (Type of Service)(Type of Service) in IP header is used, if configured.–If there is no path, the forwarding database sends the packet to the
p , g pnearest Level 2 router, which is the which is the default routerdefault router.
IS-IS Routing Process: Forwarding and Receiving
Forwarding process–After the SPT has been built the forwarding database can be created.
–The forwarding table is the lookup table for the longest matchlookup table for the longest match.–The forwarding table for IS-IS is more relevant to CLNS than to IPmore relevant to CLNS than to IPThe forwarding table for IS IS is more relevant to CLNS than to IPmore relevant to CLNS than to IP, because the IP routing information is entered directly into the IP IP routing information is entered directly into the IP routing table.routing table.
Receive process–If the frame is valid, the receive process passes user data and error
t t th f direports to the forwarding process.–Whereas routing information: Hellos, LSPs, and SNPs are sent to the update process.
–Receive process is primarily concerned with CLNS routing and is primarily concerned with CLNS routing and not IP.not IP.
Route Summarization
Rules for IS-IS route summarization similar to that of OSPF
Level 1-2 routers (L1L2)–Similar to OSPF ABR –Configured at the L1L1L2L2 router at the edge of an area.router at the edge of an area.Configured at the L1L1L2L2 router at the edge of an area.router at the edge of an area.–L1L2 routers can summarize the routes within their area to within their area to L1L1L2L2 or or L2 routers L2 routers in another area.in another area.
–This is an efficient method of establishing prefix (network addresses)prefix (network addresses)–This is an efficient method of establishing prefix (network addresses) prefix (network addresses) routing into other areas.routing into other areas.
If one edge If one edge L1L1L2L2 router in an arearouter in an area is summarizing routes for that area, is summarizing routes for that area, other edgeother edge L1L1L2L2 routersrouters in that area must also be summarizing routesin that area must also be summarizing routesother edge other edge L1L1L2L2 routersrouters in that area must also be summarizing routesin that area must also be summarizing routes.
–If other L1L2 routers are summarizing and one edge L1L2 router is notnot summarizingsummarizing, all traffic destined for that area will be sent to the non-summarizing router because of longest match routing.
non summarizing router because of longest match routing.
IS-IS Authentication IS-IS authentication can use cleartext passwords or HMAC-MD5.
Cisco IOS supports IS-IS authentication on three levels: between neighbors, area-wide, and domain-wide. The three authentication levels can be used by themselves or together. The rules for IS-IS authentication are.g
When authenticating between neighbors, the same password must be configured on the connecting interfaces.
When authenticating between neighbors authentication may be configuredWhen authenticating between neighbors, authentication may be configured separately for L1 and L2 adjacencies.
When authenticating between neighbors, either clear text or MD5 may be used.
When performing area-wide authentication, every router in the area must use the same authentication mode and must have a common key-string.
When performing domain-wide authentication every L2 and L1/L2 router
When performing domain-wide authentication, every L2 and L1/L2 router in the IS-IS domain must utilize the same mode of authentication and must use a common key-string.