UK_CCNAX_Choose the Right Interior Routing Protocol

Choosing the Right Interior

Routing Protocol

1-800-COURSES www.globalknowledge.com

Expert Reference Series of White Papers

IntroductionChoosing an IP routing protocol is an important step. The right protocol can make your routingoperate efficiently, and the wrong one can make your life difficult. Each protocol has its ownpros and cons, and works better in some situations than others. In this paper, we explore thestrengths and weakness of RIP, EIGRP, OSPF, and IS-IS, and discuss when it is appropriate touse each. We will evaluate each protocol in terms of five criteria:

• Convergence speed• Ease of use• Network topology required• Vendor support• IPv6 support

This paper also provides configuration tasks and commands for Cisco routers. It includes tipsfor each protocol, as well as suggestions on designing your network to maximize the efficiencyof each protocol. This paper assumes the reader is already familiar with interior routing proto-cols. It contains a short description of each protocol, but does not go in depth on each of itsfeatures or possible configuration commands. A list of good reference material is at the end ofthe paper, for those wishing more information on a particular protocol.

Routing Information Protocol (RIP)RIP was one of the first IP routing protocols. It is simple to understand and simple to configure.RIP version 1 sends its advertisements as broadcasts; RIP version 2 sends them as multicas-ts. Both versions advertise their entire routing table every 30 seconds. For both versions, themetric is hop count – with each router counting as a hop. A network with a metric of 16 hops isconsidered unreachable, which limits the diameter of a RIP routing domain.

Convergence SpeedRIP is notoriously slow to converge. It is a distance vector protocol, which means that eachrouter advertises only the path it itself is using to reach a particular network. When there is achange in the network topology, each router recalculates its routing table before announcingthe change to its neighbors. If a network has gone down, the router must query its neighborsfor an alternate path to the network, and wait for them to respond. Additionally, RIP employstimers such as the hold-down timer to lessen the chance of a routing loop. These timers, how-ever, also lengthen the amount of time that incorrect information might be propagated throughthe network.

Denise Donohue, Global Knowledge Instructor, CCIE #9566

Choosing the Right Interior Routing Protocol

Copyright ©2005 Global Knowledge Network, Inc. All rights reserved. Page 2

Ease of UseRIP is an easy protocol to use. All that is required is to enable RIP and configure a networkstatement for the router interfaces that will be running RIP. RIP version 1 is a classful routingprotocol, and thus all links within the RIP domain must use the same subnet mask. RIP version2 is classless, and thus supports variable-length subnet masking (VLSM). With either versionof RIP, the network statement lists only the classful network.

Network TopologyThe best place to use RIP is in a small network with links of about the same bandwidth sinceits metric does not account for differences in bandwidth. The more stable the network, the bet-ter RIP performs. RIPv1 is best used on links with only RIP devices, since its advertisementsare sent as broadcasts. If it were used on a LAN link with hosts as well as a neighbor router onthe link, the hosts would be interrupted every 30 seconds by RIP broadcasts. This is not aproblem with RIPv2, since it sends its advertisements to the multicast address of 224.0.0.9.Only devices listening for that multicast address would be affected.

When using RIPv1, the same subnet mask must be used on every subnet of a classful net-work. There must be no discontiguous subnets. RIPv2 can handle networks with VLSM, sinceyou can disable auto-summarization.

Vendor SupportSince RIP is such a well-known protocol, it is very widely supported. All Cisco routers supportit, as well as firewalls, Microsoft Windows operating systems, and Unix-based operating sys-tems. Some networks must run RIP in order to support a Unix computer. If that is the case inyour network, consider sectioning off that part of the network, confining the RIP portion of thenetwork to as few devices as possible. Run a more sophisticated protocol in the rest of thenetwork, and redistribute the RIP routes into it. If possible, inject only a default route into theRIP area.

IPv6 SupportThere is a version of RIP that supports IPv6, called RIPng (RFC 2080). It is available begin-ning in Cisco IOS version 12.2(8)T9.

Tasks and TipsOn a Cisco router, enable RIP under the global configuration mode and then list the classfulnetworks for the interfaces where you want to run RIP. For instance, suppose you have thenetwork shown in the drawing below.


Router B has three interfaces. Two are in the classful network 10.0.0.0, and one is in theclassful network 172.20.0.0. Suppose you want Routers A, B, and C to all exchange RIP infor-mation. The configuration on Router B would then be:

(config)#router rip(config-router)#network 10.0.0.0(config-router)#network 172.20.0.0

The default configuration sends RIPv1 advertisements and listens for both version 1 and ver-sion 2 advertisements. The version can be configured under the router configuration mode, forthe entire RIP process, or in interface configuration mode, for just that interface. In the previ-ous example, suppose you want to run RIP version 2 in general, but version 1 on the interfaceconnecting to Router C (you can choose which version to both send and receive):

(config)#router rip(config-router)#version 2(config-router)#interface s1/0(config-if)#ip rip send version 1(config-if)#ip rip receive version 1

You may not want all interfaces with IP addresses in the classful network to be running RIP; inthat case, you can use the passive-interface <interface> command. Making an interface pas-sive for RIP stops the router from sending advertisements out that interface. It will still listen toRIP advertisements coming in that interface, however, and will still advertise the networkassigned to that interface. A variation of this is the command passive-interface default. Thismakes all interfaces encompassed in the network statement passive for RIP. You can thenenable RIP on a specific interface with no passive-interface <interface>. In the drawingabove, the LAN interface has no other routers on it, only hosts. It would make sense to makethat interface passive for RIP. The commands to accomplish that are:


(config)#router rip(config-router)#passive-interface fa0/0

Another option with RIPv2 is to make an interface passive, then add a neighbor statement list-ing the IP address of the router on the other end of a link. RIP will then send its updates as aunicast out that interface, to that neighbor. If you wanted to do this for Router A, for example,use the following commands:

(config-router)#passive-interface s1/1(config-router)#neighbor 172.20.4.2

RIP will automatically summarize up to the classful network when advertising routes out aninterface belonging to a different classful network. For instance, in our example network,Router B would not advertise the two subnets 10.1.0.0 and 10.2.0.0 to Router A. It wouldinstead summarize and advertise only network 10.0.0.0. Similarly, Router B would summarizethe 172.20.4.0 subnet and advertise 172.20.0.0 to Router C. You can disable this functionalityin RIPv2 with the following command:

(config-router)#no auto-summary

Turning off auto-summarization causes RIP to advertise every subnet to its neighbors. Thisisn’t necessarily a good thing – it makes the routing tables and route advertisements larger.RIPv2 allows you to manually configure summarization at the interface level. The commandlooks like this:

(config-if)#summary-address rip <network> <subnet_mask>

When using RIP in only a portion of your network, it is good practice to redistribute the RIProutes into your primary (core) protocol, and represent the core networks with either a defaultor static routes in the RIP portion of the network. To configure RIP to advertise a default routeto its neighbors, first configure a static default route pointing to a neighbor core router. Thentell RIP to generate default information to its peers:

(config)#ip route 0.0.0.0 0.0.0.0 <neighbor_ip_address>(config)#router rip(config-router)#default-information originate


RIP SummaryConvergence Speed — SlowEase of Use — Easy to understand and useNetwork Topology — No special topology requiredVendor Support — Widely supported by many vendorsIPv6 Support — SupportedWhen to Use — Small, homogenous, stable network. When hosts require its use

Open Shortest Path First (OSPF)OSPF is an open standard link-state protocol, described in several RFCs. It calculates its bestpath using the Shortest Path First algorithm originated by Edgars Djikstra. OSPF’s metric iscost. On Cisco routers, “cost” is based on bandwidth – the default value is 108 divided byinterface bandwidth. OSPF adds the cost of each link along the path to the destination net-work. The SPF algorithm uses this metric to build a tree containing the shortest (least-cost)path to each network. Running the SPF algorithm is very CPU intensive, which could be a lia-bility in an unstable network. Advertisements are sent as multicasts, and once a router hasconverged, only triggered updates are sent.

Convergence SpeedOSPF is one of the fastest-converging protocols. When an OSPF router learns about a changein network topology, it forwards the information to its neighbors before recalculating its routinginformation. This helps speed up convergence. Each router maintains a link-state databasecontaining information about all networks in the OSPF routing domain. If a network goes down,there is no need for a router to query its neighbors – it already knows any alternate paths tothat network. Once a router has updated its neighbors, it reruns the SPF algorithm and sub-mits the resulting routes to the routing table.

Ease of UseA basic OSPF configuration is fairly easy to configure. However, one of the protocol’s strengthsis the ability to customize it to better fit your network needs. An OSPF configuration can getvery complex if you take advantage of its many features. On the plus side, many network engi-neers are knowledgeable and skilled in the protocol, since it is so widely used.

Network TopologyOSPF requires a two-level hierarchy. There is a backbone area called Area 0, and all trafficbetween areas transits Area 0. It fits well in hub-and-spoke networks, where you have a well-defined backbone with groups of networks branching out from it. The need for this type oftopology is often the most challenging part of implementing OSPF in an existing network. Area0 should have the most redundancy and the most bandwidth, as it is a transit area. All theother areas are required to have at least one router with at least one interface in Area 0. OSPFprovides virtual links as a way around this requirement as a temporary measure while transi-tioning the network to fit the OSPF model.

IP addressing should follow the network topology to allow for summarization of routes. For themost efficient operation, assign your IP subnets so that each area’s routes are able to be sum-marized into as few advertisements as possible. Without summarization, information about allroutes is sent to every router in the OSPF domain. When any link goes down, all routers thenhave to receive that information and rerun the SPF algorithm. OSPF only allows summariza-tion at the ABRs (area border router) and ASBRs (autonomous system boundary router).

In a pure hub-and-spoke network, you may be able to designate areas as stub or totally stubbyareas. This helps make OSPF operation even more efficient, as it limits the information routersin the stub areas must maintain.


Vendor SupportOSPF is a standards-based protocol. It is supported by most routers, many firewalls, and someversions of Windows. Thus, it is good for use in a multi-vendor environment.

IPv6 SupportSupport for IPv6 is built into OSPF version 3. Cisco routers include OSPFv3 beginning in IOS12.2(15)T9.

Tasks and TipsOn a Cisco router, enable OSPF under the global configuration mode. You must specify aprocess number – this number is local to the router. Then enable OSPF on interfaces andassign those interfaces to areas using the network statement. The network statement requiresa wildcard mask after the prefix information. This allows you to either specify a range of inter-faces to be included in the OSPF process or limit it to one particular IP address. The networkstatements are read from the top down, so more specific statements should be configured first.

The following examples are based on this diagram:


In this example, the requirement is to enable OSPF area 0 between Router A and Router B,and OSPF area 10 between Router B and Router C. On Router B, we specify interface S1/1by its exact IP address and include interfaces Fa0/0 and S1/0 in one network statement:

(config)#router ospf 1(config-router)#network 172.20.4.1 0.0.0.0 area 0(config-router)#network 10.0.0.0 0.255.255.255 area 10

This configuration makes Router B an area border router, as it belongs to both area 0 and area10. This is a basic OSPF configuration; some additional changes can make OSPF more eff i c i e n t .

Recall that all OSPF routers within an area must have an identical link state database. With abasic configuration, all network information would be flooded throughout the entire OSPF rout-ing domain. This can create a very large OSPF database, using a significant amount of memo-ry. When there is a topology change, all routers would be involved in convergence. Thisadversely impacts router CPU and network bandwidth. Additionally, as a general rule, the morerouters involved in convergence, the slower the convergence time. Some tuning of OSPF canmake it more efficient in terms of router and network resource use.

It would make sense to make area 10 totally stubby – Router C would then have only intra-area routes and a default route pointing to Router B. There is no need to send OSPF hellosout interface Fa0/0, so make it a passive interface. Additionally, if all subnets of 10.1.0.0/16 arein area 10, we could summarize the routes advertised into area 0.

(config-router)#area 10 stub no-summary(config-router)#passive-interface fa0/0(config-router)#area 10 range 10.1.0.0 255.255.0.0

With these simple changes, a topology change in area 10 does not affect Router A at all, aslong as the summary route is still valid. Similarly, a topology change in area 0 does not affectRouter C at all. Router B is still affected by topology changes in both areas, since Area BorderRouters keep the complete database for each area they border. A good design consideration isto have several ABRs each bordering a few areas, rather than a few ABRs each borderingmany areas.

When designing an OSPF network, it is common to wonder how many routers and networks toput in one area, and how many areas to have. There is no single good answer to these ques-tions, as they depend on many factors. For example, networks with good summarization canaccommodate more routers per area, networks with many stub areas can accommodate moreareas, and routers with fast CPUs and high memory can hold more information in their data-bases. The main thing is to understand OSPF and work with it, rather than trying to challengeit. A well-designed OSPF network can converge quickly (in under a second) and operate eff i c i e n t-ly. For instance, consider the following network (some links have been omitted for simplicity):


One possible design would be to put the Core routers in Area 0, along with the connectedinterfaces of the Distribution routers. The two Distribution routers on the left, and their connect-ed Access routers, would comprise one area. The two Distribution routers on the right, alongwith their connected Access routers, would comprise another area. Summarization could bedone only on the Distribution routers. As a result, the Distribution and Access-layer routerscould have about 1,030 routes in their routing tables. Also, at least six routers are involved inconvergence when there is a topology change. (Perhaps more, if there are other routers in theAccess-layer “cloud”.) Contrast this with the same network, in the EIGRP section.

Another option would be to extend Area 0 to include the links between the Distribution andAccess-layer routers. Then each Access-layer router would be its own OSPF area, could sum-marize its subnets to a 16-bit mask (e.g., 10.4.0.0/16), and could be a stub area. This wouldminimize the number of routes per router, and the number of routers involved in convergencein each area, but it also means that the Access routers are part of the core area. Hopefully, thishelps you see that network design is a serious consideration with OSPF.

In this time of such high security concerns, I would be lax not to mention authentication. OSPFcan do both clear text and MD5 authentication between routers. This is a good feature to useto prevent an attacker from hijacking your routing and injecting false routes. As long as you’reusing authentication, you might as well use MD5, as it is more secure. Commands to enablethis are given both under the OSPF routing process and under the interface configurationmode. As an example, if we wished to use authentication in area 0, using “aSecret1” as thepassword, we would configure Router B as follows:


(config)#router ospf 1(config-router)#area 0 authentication message-digest(config-router)#interface s1/1(config-if)#ip ospf message-digest-key 1 md5 aSecret1

One last thing to plan in OSPF is the router ID. Each OSPF router is identified in the database byan IP address. Router ID can be statically configured under the OSPF process, or dynamicallychosen by the router. If it is not statically configured, then the router chooses the highest loop-back interface IP address, if any loopbacks are present. If not, then the router chooses thehighest IP address of an active interface. Duplicate router IDs can cause a problem in the net-work and break your routing. The safest way to ensure that each router has a unique router IDis to first create a loopback interface on each router with the IP address you wish to use as thatr o u t e r’s ID. Next, statically configure that IP address to be the router ID under the OSPF process.Then the router ID will be unique, it will not change, and you can ping it when troubleshooting.

Enhanced Interior Gateway Protocol (EIGRP)EIGRP is a Cisco proprietary distance-vector routing protocol. It was created to be used withbasically any media and network topology, to converge quickly, and to use network resourcesefficiently. It uses an algorithm called DUAL – Diffusing Update Algorithm – to calculate a loop-free path to each network. It really shines in networks with more than two levels of hierarchy,because you can summarize at any router’s interface. EIGRP’s metric is based on the lowestbandwidth on the path to a network, and the sum of the interface delays along the path to thatnetwork.

Convergence SpeedIn a properly designed network, EIGRP converges very quickly. For every destination network,it will attempt to identify a backup route. Then, if the primary route goes down, the routerimmediately inserts the backup route into the table. No recalculation or querying of neighborsis necessary. The catch to this is that an alternative path to each network must exist.Additionally, EIGRP must be able to insure that the alternative path is loop-free. It does this bycomparing the metric (or distance) advertised by each neighbor, for each network, to the metricof its best route to that network. Any neighbor with an advertised distance less than the bestdistance can be used as a backup next hop.


OSPF SummaryConvergence Speed — FastEase of Use — More complex than RIP or EIGRPNetwork Topology — Requires a two-level hierarchy with backbone are. Scales to very largenetworks in a hierarchical networkVendor Support — Widely supported by many vendorsIPv6 Support — Supported in OSPF v3When to Use — In a (possibly multi-vendor) network with a two-level hierarchy, and IPaddressing design that allows summarization

If EIGRP does not have a backup route for a network, then it must query its neighbors for analternate path. If they don’t have the route, then they query their neighbors, and so on. Thistakes time, and slows convergence, as EIGRP cannot chose a new path to the network until allits neighbors have answered. We will discuss ways to improve this situation later in the paper.

Ease of UseEIGRP is very easy to use. It is simple to implement, and does not require any specific net-work topology. It will adapt itself to any type of link. There are not as many ways you can cus-tomize it as with OSPF, so even a complex EIGRP configuration is not very difficult.

Network TopologyAlthough EIGRP does not impose any requirements as far as network topology, it operatesmost efficiently in a hierarchical environment. It is really good in a network with multiple levelsof hierarchy. Since you can summarize at any interface, you can have multiple levels of sum-marization in that type of network. This does three things: it reduces the amount of update traf-fic, it reduces the length of routing tables, and it sets boundaries for queries.

Bounding queries is an important consideration with EIGRP. When a router loses the path to anetwork and doesn’t have a backup path, then it must query all its neighbors. If those routershad the network in their routing tables and don’t have a backup path either, then they must inturn query their neighbors. This progresses throughout the network. No router can answer itsneighbor’s query until it has gotten an answer back to all of its queries. For instance, considerthe following diagram (some links have been omitted for simplification):


Using just a default EIGRP configuration, every router has a route for every subnet, about2,063 routes. A topology change in any of the Access-layer subnets would cause queries to besent throughout the entire network, assuming that no backup route exists. This uses bandwidthand router resources, and may cause a route never to converge.

However, since this network has a well-designed addressing scheme, we can greatly improveEIGRP’s efficiency. EIGRP supports summarization at an interface; thus, you can have multiplelevels of summarization. In the above example, each Access layer router shown could summa-rize its networks to a 16-bit mask (e.g., 10.4.0.0/16) and each Distribution layer router couldsummarize these routes to a 14-bit mask (e.g., 10.4.0.0/14). Each Core router would then havejust two routes, with two paths to each, in its routing table representing all the Access layersubnets. They would also have their own five links, and the links between the Distributionrouters, for a total of nine routes. Each Distribution router would have the summaries from itsfour Access routers, plus the subnets from the Core (if it doesn’t summarize) and the one fromthe other Distribution routers, for a total of eleven routes. Each Access router would have its255 subnets, the summaries from the other Access routers in its side of the network (assumethe links to the Distribution routers are included in those summaries), the link between itsDistribution routers, the Core subnets, and the summary from the other side of the network.This gives a total of 265 routes for each Access router.

After summarization, suppose subnet 10.4.20.0/24 goes down. The Access-layer router sendsa query to its Distribution-layer neighbors. They never have 10.4.0.0/16 in their routing tables,but they never had a route to 10.4.20.0/24. So they reply to the query with a”network unreach-able” message, and do not propagate the query. A total of three routers have been involved inconvergence. This speeds up convergence and saves resources for the other routers in thenetwork. Another way to bound queries is to designate a router as an EIGRP stub router.Queries are not sent to stub routers.

Remember that EIGRP will select a backup route (called a feasible successor) if possible. It isa good idea to design the network so that there are backup routes, as much as possible. Thenthere are no queries sent out all out – the new route is simply installed in the routing table.

EIGRP also adapts itself to various types of network links. It sends hello messages less fre-quently on slower links. It also paces its packets so that it will not overwhelm a link – EIGRPlimits itself to using half of the bandwidth configured on an interface. This bandwidth percent isalso configurable.

Vendor SupportEIGRP is a Cisco-proprietary routing protocol, so all routers in the EIGRP portion ofyour network must be Cisco.

IPv6 SupportAs of this writing, EIGRP support for IPv6 is still being developed.

Tasks and TipsEnable EIGRP routing under the global configuration mode. You must specify an autonomous


system number; this number must match on all routers that exchange routing information. Thenetwork statement enables EIGRP on any interface that falls within the specified range, andalso tells EIGRP to advertise that interface. The network statement has an optional wildcardmask that, like the OSPF wildcard mask, allows you more precise control over the interfacesrunning EIGRP.

Using the same example network as with the other protocols, the commands on Router Bmight look like this:

(config)#router eigrp 44(config-router)#network 172.20.4.1 0.0.0.0(config-router)#network 10.1.0.0 0.0.255.255

One wrinkle of EIGRP is that, by default, it will automatically summarize routes at the classfulboundary – just like RIP and IGRP. Thus, Router B would advertise only network 10.0.0.0/8 toRouter A. You can turn this “feature” off, however, and manually configure summarization at apoint of your choosing. For instance, if all subnets of 10.1.0.0 are behind Router B, we couldsummarize them in Router B’s advertisements to Router A.

(config)#router eigrp 44(config-router)#no auto-summary(config-router)#interface s1/1(config-if)ip summary-address eigrp 44 10.1.0.0 255.255.0.0

Since neither Routers A nor C are transit routers, it would not make sense for Router B toquery them if it lost a route. We can designate them as stub routers. The command is givenunder the router configuration mode. Once the command is issued, the stub router sends amessage to its EIGRP neighbors, telling them it is a stub. They will mark it as a stub in theirneighbor database and not send it any queries. By default, a stub will advertise only its con-nected routes, static routes, and summary routes, although you can configure it to behave dif-ferently. To configure an EIGRP stub router:


(config)#router eigrp 44(config-router)#eigrp stub

One other option you may want to add to your EIGRP configuration is authentication. Whenyou enable authentication, each EIGRP packet carries an MD5 keyed digest. Configuring thistakes several steps, but would be worth it if it prevented unauthorized or false route informa-tion from being propagated throughout your network. You must configure one or more keychains, and then one or more keys under each chain. Each key can be given a specific life-time, for more security. The router uses the first valid key it finds. Next you must enableauthentication under each interface, and tell the router which key chain to use. To configure akey chain named MyNet, with a key #1 of ReallySecure, and enable it under interface s1/1, thecommands would look like this:

(config)#key chain MyNet(config-keychain)#key 1(config-keychain-key)#key-string ReallySecure(config-keychain-key)#exit(config)#interface s1/1(config-if)#ip authentication mode eigrp 44 md5(config-if)#ip authentication key-chain eigrp 44 MyNet

Of course, authentication must be configured on routers on both ends of a link, using the sameauthentication information.

It is a good idea to build redundancy, and thus backup paths, into your EIGRP network. Insome networks this takes the form of parallel links between pairs of routers. Currently, EIGRPwill form a separate neighbor adjacency and send separate messages over each link, eventhough they all connect to the same neighbor. Future versions of EIGRP will peer based onrouter ID, rather than per link, cutting down on resource use when you have parallel links.Router ID is dynamically selected in the same way as with OSPF and BGP – the highest loop-back IP address, or the highest IP address of an interface active when EIGRP was initiated.


EIGRP SummaryConvergence Speed — Fast. Extremely fast with a feasible successorEase of Use — Fairly easy to use. Not as complex a configuration as OSPFNetwork Topology — No topology requirement. Good in a network with multiple levels onhierarchy. Scales to very large networks, if network is properly designed.Vendor Support — Cisco proprietaryIPv6 Support — Under developmentWhen to Use — In an all-Cisco network, or portion of network, with IP addressing isdesigned for summarization

Intermediate System – Intermediate System (IS-IS)IS-IS is a routing protocol created by the ISO and is based on OSI protocols, not on IP.However, there is a version of IS-IS adapted to carry IP route information, called “IntegratedIS-IS”. This is the version we discuss here. IS-IS uses CLNS and CLNP to establish adjacen-cies and distribute reachability information – IP prefix information is just carried in routeupdates as if it were end-system information.

IS-IS gets its name because it calls a router an Intermediate System. Thus, the protocoldefines communication from an Intermediate System to another Intermediate System. IS-IS isa link-state protocol and, like OSPF, divides the network into areas. All inter-area communica-tion goes through the backbone, but the backbone is not a discrete area. An IS-IS backbone ismerely an unbroken string of routers doing Level 2 (inter-area) routing. These routers canbelong to any area. This makes IS-IS network design much more flexible than OSPF, andmakes it more useful in a geographically dispersed network. The metric for IS-IS is cost, butCisco assigns a cost value of 10 to every interface.

Convergence SpeedSince it is a link-state protocol, IS-IS converges very quickly. Several factors make it more effi-cient than OSPF. A change in the IP network topology does not necessarily cause routers tohave to reconverge. The SPF algorithm is run on CLNS information. If an IP link goes up ordown, that information is sent to other routers, but IS-IS needs to recalculate its SPF informa-tion only if the link change affects an adjacency.

Another way IS-IS is more efficient involves the roles of Level 1 (L1), Level 2 (L2), and Level1/Level 2 (L1/2) routers. L1/2 routers (routers doing both inter- and intra-area routing) automat-ically send just a default route to any L1 neighbors in their area. L1 (intra-area only) routersthus know only the links within their own area, and default routes from their L1/2 routers.Therefore, they need to converge only if the topology changes within their own area. Similarly,L2 routers maintain a database of only routes outside their area, which limits when they needto converge.

Finally, one IS-IS update packet can carry information about many IP subnets. (Contrast thiswith OSPF, which sends a separate Type 3 LSA per prefix.) Thus, IS-IS updates use link band-width more efficiently.

Ease of UseUsing IS-IS involves learning some new terms and concepts. The configuration tasks are dif-ferent from native IP routing protocols. Configuring it is not difficult, however, once you under-stand how it works. The main problem is that fewer companies use IS-IS than use OSPF, andthus fewer network engineers know how to support it. IS-IS configurations tend to be less com-plex than OSPF, mostly because there are fewer changes you can make to the protocol’soperation.

Network TopologyIS-IS is a link-state protocol and thus divides the network into a two-level hierarchy using area.


All inter-area communication is done through the backbone. However, backbone design ismuch more flexible with IS-IS than with OSPF. The IS-IS backbone is simply a continuouschain of routers doing either L2 or L1/2 routing. IS-IS really shines in a very large network – itprovides not only fast convergence but is very stable even with frequent IP topology changes.It is typically used in networks with sites worldwide, such as large ISPs. The following diagramshows a network where IS-IS would fit well. Sites are far-flung, there are several routers andhosts at each site, and there is no particular core area.

Network design is still important with IS-IS; in fact, the CLNS part of the protocol requires anadditional amount of planning. Areas must be planned out. With IS-IS, an entire router is withinan area and area borders are on the link between areas. Each router has its own ISO address(called its “NET”) which specifies the area number and the system ID. These addresses mustbe planned. You must decide which type of intermediate system each router will be: L1, L2, orL1/2.

Additionally, you must plan the IP addressing scheme. IS-IS is a classless protocol, thus youcan use VLSM. It is also capable of summarizing IP addresses. You would typically want toplan your IP addressing so that you are able to summarize at area borders. This reduces theamount of information your neighbor routers must store in their routing tables, and also theamount of information your router must send in its updates.

One other issue that must be addressed is the type of links in the network. IS-IS will workproperly only over two types of links: point-to-point (such as a T1) and multi-access broadcast(such as ethernet.) When using IS-IS over multi-access networks such as frame relay andATM, be sure to use point-to-point sub-interfaces. The alternative to this is a full mesh ofPVCs, but it will break IS-IS if one of them goes down, so do not use this alternative.

Vendor SupportIS-IS was created by the ISO and is specified in ISO documents, but Integrated IS-IS is out-


lined in RFCs. Many router manufacturers support it, including Cisco. You are not likely to findsupport for it on firewalls and servers, however.

IPv6 SupportIP reachability information is carried in Type/Length/Value (TLV) fields in an IS-IS PDU. Thesefields were modified to carry IPv4 information; enabling them to carry IPv6 information is justanother modification. Switching from IPv4 to IPv6 does not require an entire rewrite of the pro-tocol. Thus, IS-IS is ideally positioned to support IPv6, and indeed does support it on Ciscorouters.

Tasks and TipsBecause configuring IS-IS requires more planning than an all-IP network, let’s look at a casestudy. Illustrated below is the same network shown in the OSPF and EIGRP sections, withsome redundancy removed for simplification:

Some of the IP addressing is already done. But where would you divide the network intoareas? What will you name the areas? What numbering scheme will you use to identify eachrouter’s system ID? What type of IS-IS router would each one be? It is beyond the scope ofthis paper to explore all the design options, but let’s suppose you decide to create the followingareas:


• Routers D, H, I – Area DDDD• Routers E, J, K – Area EEEE• Routers F, L, M – Area FFFF• Routers G, N, O – Area 0006• Routers A, B, C – Area ABC

The Access routers, H and I, J and K, L and M, and N and O will be L1 routers. They will formadjacencies with each other and with the L1/1 router in their area. The Distribution routers, D,E, F, and G will be L1/2 routers. They need to form adjacencies with the L1 routers in theirarea, and also with routers in other areas. The Core routers, A, B, and C can be just L2routers, as they will only form adjacencies with each other and with routers in other areas.

The areas and backbone would then look like this drawing. The thicker lines are the ISIS backbone.

Taking Area DDDD as an example, let’s look at the configuration tasks. The first task is to con-figure IP addresses on the interfaces as usual. Once that is done, you can configure IS-ISrouting. As an easy system ID scheme, we will number each router then use a combination ofthe area ID and that number as its system ID. On Router D, the configuration would be:

(config)#router isis(config-router)#net dddd.0000.dddd.0001.00(config-router)#interface s0/0(config-if)#ip router isis<continue with other interfaces>


Cisco routers are L1/2 by default, and that is what we want Router D to be, so we don’t needto specify it. On Routers H and I, we would need to add the following command under the IS-IS router configuration mode:

(config-router)#is-type level-1

These commands will start IS-IS running on each of the routers. There are some things youprobably want to do, however, to make your routing more efficient and secure. The first thing isto adjust the metrics on each interface. IS-IS uses a metric of 10 for every interface, no matterwhat the speed. You may want to give higher speed links a lower metric. It’s important to usethe same metric assignments through your entire network. The command is given at interfaceconfiguration mode:

(config-if) isis metric <number>

You should also adjust the circuit types of the interfaces on the L1/2 routers. By default, theywill be sending both types of hellos out to every IS-IS interface. However, they will only estab-lish a L1 adjacency with the L1 routers, and L2 adjacencies with the L2 routers and the L1/2routers in other areas. It’s inefficient to send unnecessary hellos. You can correct this by speci-fying a circuit type at the interface configuration mode:

(config-if)isis circuit-type [level-1 | level-1-2 | level-2-only]

Summarizing is done on routers bordering other areas, under the IS-IS configuration mode.The command is similar to those in other protocols. If Router D were summarizing its two sub-nets, the command would be:

(config-router)#summary-address 10.4.0.0 255.254.0.0

One last option you should consider is authentication. With IS-IS, passwords can be config-ured either at an interface, for an entire area, or for the entire IS-IS routing domain. Passwordsconfigured at an interface are carried in IS-IS hello packets and thus authenticate the estab-lishment of adjacencies. The area password is carried in all L1 messages and authenticatesthe exchange of intra-area routing information. The domain-wide password is carried in L2messages and thus authenticates the exchange of inter-area routing information. Multipletypes of passwords can be used on a router. However, you should understand that these pass-words are sent as clear text and so provide only limited security.

Use the following commands to configure IS-IS authentication:

(config-if)isis password <password> [level-1 | level-2](config-if)#router isis(config-router)#area-password <password>(config-router)#domain-password <password>


Learn MoreLearn more about how you can improve productivity, enhance efficiency, and sharpen yourcompetitive edge. Check out the following Global Knowledge courses:INTRO – Introduction to Cisco Networking TechnologiesICND – Interconnecting Cisco Network DevicesCCNA® Boot CampBCRAN – Building Cisco Remote Access NetworkBSCI – Building Scalable Cisco InternetworksCIT – Cisco Internetwork TroubleshootingMPLS – Implementing Cisco MPLS

For more information or to register, visit www.globalknowledge.com or call 1-800-COURSES tospeak with a sales representative.

Our courses and enhanced, hands-on labs offer practical skills and tips that you can immedi-ately put to use. Our expert instructors draw upon their experiences to help you understandkey concepts and how to apply them to your specific work situation. Choose from our morethan 700 courses, delivered through Classrooms, e-Learning, and On-site sessions, to meetyour IT and management training needs.

About the AuthorDenise Donohue, CCIE #9566, is an instructor for Global Knowledge. She teaches the CiscoCCNA and CCNP courses, as well as BGP and QoS. She is the course director for the CiscoBSCI and BGP courses. Denise co-authored Cisco's BSCI course and the Cisco Press book,CCNP Flash Cards and Exam Practice Pack. Before coming to Global Knowledge, she was anetwork consultant. Denise has her CCIE certification in Routing and Switching.

For Further Reading• Routing TCP/IP, Jeff Doyle, Cisco Press• Advance IP Network Design, Alvaro Retana, Don Slice, Russ White, Cisco Press


IS-IS SummaryConvergence Speed — Fast. Uses fewer router and network resources than OSPFEase of Use — Harder because engineers must learn CLNS configuration as well as IP. Notas many things to tune as OSPFNetwork Topology — Uses areas, but backbone is link of routers. Scales to very large networksVendor Support — OSI protocol extended for use with IP. Supported by large router manufacturersIPv6 Support — Supports IPv6When to Use — In a large, spread-out network with no centralized core

• EIGRP for IP, Alvaro Retana, Russ White, Don Slice, Addison-Wesley• OSPF: Anatomy of a Routing Protocol, John T. Moy, Addison-Wesley• Cisco OSPF Command and Configuration Handbook , William Parkhurst, Cisco Press• Interconnections, Radia Perlman, Addison-Wesley


UK_CCNAX_Choose the Right Interior Routing Protocol

Documents

global configuration

highest ip

interface

router configuration

connected

manually configure

area routing

area border