IS-IS: Difference between revisions
imported>Secelt add tags |
|||
| Line 15: | Line 15: | ||
IS-IS is an [[interior gateway protocol]], designed for use within an [[administrative domain]] or network. This is in contrast to [[exterior gateway protocol]]s, primarily [[Border Gateway Protocol]] (BGP), which is used for routing between [[autonomous system (internet)|autonomous systems]].{{Ref RFC|1930}} | IS-IS is an [[interior gateway protocol]], designed for use within an [[administrative domain]] or network. This is in contrast to [[exterior gateway protocol]]s, primarily [[Border Gateway Protocol]] (BGP), which is used for routing between [[autonomous system (internet)|autonomous systems]].{{Ref RFC|1930}} | ||
IS-IS is a [[link-state routing protocol]], operating by | IS-IS is a [[link-state routing protocol]], operating by flooding link state information throughout a network of [[router (networking)|routers]]. Each IS-IS router independently builds a database of the network's topology, aggregating the flooded network information. Like the [[Open Shortest Path First|OSPF]] protocol, IS-IS uses [[Dijkstra's algorithm]] for computing the best path through the network. Packets ([[datagram]]s) are then forwarded, based on the computed ideal path, through the network to the destination. | ||
== History == | == History == | ||
| Line 26: | Line 26: | ||
== IS-IS terminology == | == IS-IS terminology == | ||
The ISO for IS-IS standard uses specific [[jargon]] to refer to components of the network, some of which differ, or is less common, in typical industry language. | |||
* Intermediate | * Intermediate System - [[Router (computing)|Router]] | ||
* Designated | * Designated Intermediate System - An IS selected to represent a group of ISs on a shared circuit. | ||
* End | * End System (ES) - any host or device that does not participate in routing. | ||
* Circuit - | * Circuit - [[Layer 2]] [[broadcast domain]]. This can be a single point-to-point connection, or a [[LAN]]. | ||
* Adjacency - A neighboring IS that an IS exchanges routing information with. | |||
== Packet types == | == Packet types == | ||
IS-IS adjacency can be either broadcast or point-to-point. | IS-IS adjacency can be either [[broadcast]] or point-to-point. | ||
; IS-IS Hello PDU (IIH) : | ; IS-IS Hello [[Protocol data unit|PDU]] (IIH) : An IS-IS hello packet needs to be exchanged periodically between 2 routers to establish adjacency. Based on the negotiation, one of them will be selected as the DIS (Designated IS). This hello packet will be sent separately for Level-1 or Level-2. There are 3 IS-IS hello packets depending on the circuit type - | ||
:* '''LAN L1''' ('''PDU type 15''') | :* '''LAN L1''' ('''PDU type 15''') | ||
:* '''LAN L2''' ('''PDU type 16''') | :* '''LAN L2''' ('''PDU type 16''') | ||
:* '''P2P''' ('''PDU type 17'''). | :* '''P2P''' ('''PDU type 17'''). On point-to-point links, there are no separate hello packets per level like there are on broadcast links. Unlike OSPF, IS-IS hello interval timers do not need to match. | ||
; Link State PDU (LSP) : This contains the actual | ; Link State PDU (LSP) : This contains the actual routing information. The LSP contains a number of fields called '''type–length–values''' (TLVs), which contain the routing data.: The LSP header is called '''LSP ID''' and consists of a '''System ID''', '''Pseudonode ID''' and '''Fragment ID'''. :: In this example LSP with ID 1921.6820.0002.02-01, | ||
:* '''1921.6820.0002''' is '''System ID''' (that generated this LSP), | :* '''1921.6820.0002''' is the '''System ID''' (that generated this LSP), | ||
:* '''02''' is '''Pseudonode ID,''' | :* '''02''' is the '''Pseudonode ID,''' | ||
:* '''01''' is '''Fragment ID'''. | :* '''01''' is the '''Fragment ID'''. | ||
:If '''Pseudonode ID''' is equal to zero, then | :If the '''Pseudonode ID''' is equal to zero, then it represents a '''real''' intermediate system. Any non-zero value means that the LSP is generated by a DIS (Pseudonode). | ||
:If LSP is too big, then it gets fragmented. | :If the LSP is too big to fit inside an ethernet frame, then it gets fragmented. To indicate fragmentation, a Fragment ID is used. If the '''Fragment ID''' is '''equal to zero''', then '''no fragmentation''' has occurred. | ||
; Complete Sequence Number PDU (CSNP) : This packet will be sent only by the DIS. By default, | ; Complete Sequence Number PDU (CSNP) : This packet will be sent only by the DIS. By default, every 10 seconds, a CSNP packet will be transmitted by the DIS. The CSNP contains the list of LSP IDs along with sequence number and checksum. | ||
; Partial Sequence Number PDU (PSNP) : If the router which receives CSNP packet finds | ; Partial Sequence Number PDU (PSNP) : If the router which receives a CSNP packet finds a discrepancy in its own database, it will send an PSNP request asking the DIS to send a specific LSP back to it. | ||
== IS-IS addressing and NET == | == IS-IS addressing and NET == | ||
Unlike other routing protocols, IS-IS does not principally operate at [[Layer 3]], and does not use [[IP addresses]] to identify each interface on an Intermediate System. | |||
Instead, IS-IS uses an '''ISO Network Address'''. Each unique connection point in the [[Autonomous system (Internet)|autonomous system]], such as a port on a router, is assigned a ISO Network Address called a '''Network Service Access Point''' (NSAP). | |||
Individual ISs are assigned an ISO Network Address called a '''Network Entity Title''' (NET). The NET is similar to the NSAP, but does not have its '''Selector''' field set. | |||
While this is not an IP address, and serves a different purpose, it is recommended practice to set the '''System ID''' field equal to a unique IPv4 address assigned to one of the router's [[loopback]] interfaces. | |||
NET | On a single intermediate system there can be up to 3 NET addresses. This may be useful during migration of an IS from one area to another. | ||
Area | The NET consists of an '''Area''', '''System ID''' and '''NSEL''' field.'''Area''' itself consists of an '''AFI''' (Address Family Identifier) and an '''Area ID'''. | ||
Area can have a variable length of 1 - 13 bytes. The System ID is 6 bytes long and the NSEL is 1 byte. | |||
* '''49''' is '''AFI''' | As an example, the fields of the ISO Network Address "49.0100.1921.6821.1138.00" are as follows: | ||
* '''0100''' is '''Area ID''', | * '''49''' is the '''AFI'''. 49 specifically represents the "private address space", similar to RFC1918 for IPv4., | ||
* '''49.0100''' is '''Area''', | * '''0100''' is the '''Area ID''', | ||
* '''1921.6821.1138''' is '''System ID''', | * '''49.0100''' is the '''Area''', | ||
* '''00''' is '''NSEL''', which '''must | * '''1921.6821.1138''' is the '''System ID''', | ||
* '''00''' is the '''NSEL''', which '''must be zero'''. Routers will not form adjacencies with routers with a non-zero NSEL in their NET, as that field is only used by the NSAP. | |||
== Hostname resolution == | == Hostname resolution == | ||
When administrating large networks, using IP addresses directly is often difficult and inconvenient. | |||
Network engineers generally prefer to use domain names like "if-bundle-22-2.qcore1.pye-paris.as6453.net" to identify routers, as they contain more relevant and human-readable information. | |||
Other routing protocols which principally identify routers using IP addresses can easily solve this problem using local [[DNS]] resolution. | |||
Because IS-IS is not an IP-based protocol, it has hostname resolution built into the standard. Link-state PDUs can carry a '''Type Length Value 137''' (TLV 137) field, which contains a hostname associated with a NET.<ref>{{Cite web |title=Intermediate System-to-Intermediate System (IS-IS) TLVs |url=https://www.cisco.com/c/en/us/support/docs/ip/integrated-intermediate-system-to-intermediate-system-is-is/5739-tlvs-5739.html |access-date=2025-06-23 |website=Cisco |language=en}}</ref> | |||
== Areas and levels == | == Areas and levels == | ||
Similar to OSPF, IS-IS employs the concept of areas to divide the network, reducing the overall burden on routers in the network, by only requiring them to have complete link-state information for their area. | |||
In IS-IS, | In IS-IS, ISs operate at either '''Level 1''', '''Level 2''' or '''Level 1/Level 2'''. | ||
* Level 1 routers are internal to an area, and only maintain a '''Link State Database''' (LSDB) for that area. | |||
* Level 2 routers form the [[Backbone network|backbone]] of an IS-IS network, and route traffic between areas. They maintain a separate Layer 2 LSDB for inter-area routing. Layer 2 routers must be contiguous, meaning the network of Layer 2 routers must be fully internally routable without crossing into different areas. | |||
* Level 1/Level 2 routers are on the boundaries between L1 and L2 routers, and participate in both intra-area and inter-area routing, maintaining separate L1 and L2 LSDBs. | |||
When an L1 router needs to send traffic to a destination not within its area, it directs it to an L1/L2 router. | |||
L1/L2 routers advertise their status as boundary routers by setting the '''Attached Bit''' (ATT), in its L1 LSP. Routers that receive this LSP will add a [[default route]] to the origin of the LSP. | |||
External routes can be redistributed to L1 areas, including their L1/L2 routers. However, by default, external routes will not be redistributed to L2 routers. To change this policy, L1/L2 routers must be configured to originate these external routes to the L2 network. | |||
== Attribute bits in LSPs == | == Attribute bits in LSPs == | ||
IS-IS LSPs contain | IS-IS LSPs contain information about the LSP itself in the '''attribute block''' of the LSP header, which is 8 bits long. | ||
* '''P bit''' - Partition repair bit, 8<sup>th</sup> bit, indicates if partitioned L1 area can be repaired (joined together) over L2 area. Modern deployments of IS-IS generally do not support partition repair | * '''P bit''' - Partition repair bit, 8<sup>th</sup> bit, indicates if a partitioned L1 area can be repaired (joined together) over L2 area. Modern deployments of IS-IS generally do not support partition repair, and will not set the P bit. | ||
* '''ATT bit''' - Attached bit, 7<sup>th</sup> - 4<sup>th</sup> bits, indicates if originating router is attached to another area. If these bits are set by L1/L2 router in its L1 LSP, | * '''ATT bit''' - Attached bit, 7<sup>th</sup> - 4<sup>th</sup> bits, indicates if the originating router is attached to another area. | ||
* '''OL bit''' - Overload bit, 3<sup>rd</sup> bit, indicates if the router is overloaded. If this bit is set, then this router | ** If these bits are set by the L1/L2 router in its L1 LSP, other routers in the L1 area will automatically generate a [[default route]] to the originator. | ||
* '''IS type bits''' - 2<sup>nd</sup> and 1<sup>st</sup> bits, indicate IS type of the originator. It can be L1 only, L2 only | ** There are 4 ATT bits which represent the Error, Expense, Delay and Default metrics respectively. | ||
** Typically, only the 4<sup>th</sup> (default) ATT bit is used, as typical IS-IS networks only use the Default (Cost) metric. | |||
* '''OL bit''' - Overload bit, 3<sup>rd</sup> bit, indicates if the router is overloaded. | |||
** If this bit is set, then this router will not be forwarded traffic. However, it will be still reachable. | |||
** The overload bit can be set automatically by a router under heavy load or intentionally by an administrator. | |||
** Setting the overload bit is an easy way to gracefully offload the router prior to maintenance which requires the router to reboot. After the router reboots and is available, then the overload bit can be cleared manually. | |||
** The overload bit may also be set while a router waits for other dependent protocols (such as [[Border Gateway Protocol|BGP]]) to establish neighborship, before allowing traffic to be routed to itself. This may be desirable because IS-IS converges much faster than some dependent protocols, and a router that becomes available before another dependent routing protocol converges, the router could become a [[Black hole (networking)|traffic black hole]]. | |||
** An example of this behavior is a [[provider edge router]] running an [[Multiprotocol Label Switching|MPLS]] [[VPN]] with IS-IS and BGP. After the router boots, it establishes IS-IS adjacency before it finishes establishing BGP neighborship with other routers. When BGP is finished establishing neighborship, the overload bit is cleared and this router joins the MPLS VPN. | |||
* '''IS type bits''' - 2<sup>nd</sup> and 1<sup>st</sup> bits, indicate the IS type of the originator. It can either be L1 only, L2 only, or L1/L2. | |||
** '''01''' - L1 | |||
** '''10''' - L2 | |||
** '''11''' - L1/L2 | |||
== Wide metrics == | == Wide metrics == | ||
When IS-IS was initially introduced, TLVs for '''IS reachability (TLV 2)''' and '''IP reachability (TLVs 128 and 130)''' could have interface metric no more than '''63''' (6 bits) and total accumulated path metric of no more than '''1023''' (10 bits). | When IS-IS was initially introduced, TLVs for '''IS reachability (TLV 2)''' and '''IP reachability (TLVs 128 and 130)''' could have an interface metric of no more than '''63''' (6 bits) and total accumulated path metric of no more than '''1023''' (10 bits). | ||
Over time, networks outgrew the constraints imposed by these metrics as speeds and hop-counts increased with better hardware. | |||
To allow for these larger networks 2 new TLVs — '''TLV 22''' for '''Extended IS reachability''' and '''TLV 135''' for '''Extended IP reachability''' — were introduced. | |||
These additions to the protocol allowed link metrics up to 16.7 million (24 bits) and total accumulated path metric up to 4 billion (32 bits). | |||
Metrics without TLV 22 and 135 are called '''narrow metrics''', and metrics that include them are called '''wide metrics'''.<ref>{{Cite web |title=Understanding Wide IS-IS Metrics for Traffic Engineering {{!}} Junos OS {{!}} Juniper Networks |url=https://www.juniper.net/documentation/us/en/software/junos/is-is/topics/concept/isis-wide-metrics.html |access-date=2025-06-23 |website=www.juniper.net}}</ref> | |||
Wide metrics or narrow metrics can be set on level | Wide metrics or narrow metrics can be set on a per-level basis. | ||
== Adjacency formation == | == Adjacency formation == | ||
Compared to OSPF, | Compared to OSPF, IS-IS rules of adjacency formation are much simpler and depend primarily on the router level. | ||
* L1 router cannot form any adjacency with L2 router | * A L1 router cannot form any adjacency with L2 router. | ||
* L1 router can form L1 adjacency with other L1 router | * A L1 router can form a L1 adjacency with other L1 router in the same area. | ||
* L1 router can form L1 adjacency with L1/L2 router | * A L1 router can form a L1 adjacency with L1/L2 router in the same area | ||
* L2 router can form L2 adjacency with other L2 | * A L2 router can form a L2 adjacency with other L2 routers regardless of their areas. | ||
* L2 router can form | * A L2 router can form a L2 adjacency with an L1/L2 router regardless of their areas. | ||
* L1/L2 router can form both L2 and L1 adjacency with other L1/L2 | * L1/L2 router can form both an L2 and L1 adjacency with other L1/L2 routers if their areas match. | ||
== Broadcast segments and designated intermediate system == | == Broadcast segments and designated intermediate system == | ||
Similar to OSPF, all routers in a broadcast domain need to form adjacencies and exchange LSPs, resulting in there being <math>n^2</math> LSPs for each router in the domain. | |||
In order to overcome this issue, on each LAN segment a '''designated intermediate system''' (DIS) is elected. The router with the highest priority and System ID is elected as the DIS, but if another router is connected with a higher priority (or higher System ID if the priorities are equal), will be elected as the new DIS. | |||
Instead of each router forming an adjacency with every other router in the broadcast domain, each router forms an adjacency with just the DIS, and the DIS becomes responsible for relaying LSPs to the subordinate routers, in a hub-and-spoke topology. | |||
An elected DIS router is a '''pseudonode''', which uses the resources (including System ID) of one real router. | |||
Pseudonode ID in LSPs | The Pseudonode ID in LSPs originated by a DIS, always have a non-zero Pseudonode ID field. | ||
The DIS will send periodic CSNPs on the LAN segment and reply to PSNPs from other routers. | |||
If the DIS stops communicating, a new DIS will be elected in the segment. | |||
== Authentication == | == Authentication == | ||
IS-IS supports both simple password and MD5 authentication types. In IS-IS, per-level or per-interface authentication is possible. | IS-IS supports both simple password and MD5 authentication types. In IS-IS, per-level or per-interface authentication is possible. | ||
In addition, to protect from replay attack, IS-IS uses increasing | In addition, to protect from a replay attack, IS-IS uses an increasing sequence number in the IIH. | ||
== IPv6 support and multi-topology == | == IPv6 support and multi-topology == | ||
Unlike OSPF, which operates at Layer 3, IS-IS encapsulates its PDUs into Layer 2 frames, and does not depend on Layer 3 protocols, such as IPv4 or IPv6. | |||
In | In order to support IPv6 routing information '''TLV 232''' for '''IPv6 interface address''' and '''TLV 236''' for '''IPv6 reachability''' were added. | ||
In order to display supported Layer 3 protocols, also called NLPID (Network Layer Protocol ID), '''TLV 129''' is used. Here, '''IPv4''' has code of '''0xCC''', while '''IPv6''' | In order to display supported Layer 3 protocols, also called NLPID (Network Layer Protocol ID), '''TLV 129''' is used. Here, '''IPv4''' has code of '''0xCC''', while '''IPv6''' has a code of '''0x8E'''. | ||
There might be an issue, if IPv4 and IPv6 topologies do not overlap. This could happen due to misconfiguration or | There might be an issue, if the IPv4 and IPv6 topologies do not overlap. This could happen due to misconfiguration or lack of support for IPv6 by routers in the network. For this situations, multi-topology support is added to IS-IS. | ||
'''TLV 229''' was added to | '''TLV 229''' was added to indicate '''support for multi-topologies''', such as IPv4 unicast and IPv6 unicast. | ||
If multi-topology is enabled, IS-IS will calculate separate SPF tree for IPv4 and IPv6. This means twice the resource usage, but from the other side, this prevents traffic | If multi-topology is enabled, IS-IS will calculate separate SPF tree for IPv4 and IPv6. This means twice the resource usage, but from the other side, this prevents traffic black holes. | ||
When multi-topology is enabled, then IS-IS will use '''TLV 222''' for '''Multi-topology IS''' reachability, '''TLV 235''' for '''Multi-topology IP reachability''' and '''TLV 236''' for '''Multi-topology IPv6 reachability'''. | When multi-topology is enabled, then IS-IS will use '''TLV 222''' for '''Multi-topology IS''' '''reachability''', '''TLV 235''' for '''Multi-topology IP reachability''' and '''TLV 236''' for '''Multi-topology IPv6 reachability'''. | ||
== IS-IS path selection == | == IS-IS path selection == | ||
Depending on the configuration, the router can have either L1, L2 or both L1/L2 | Depending on the configuration, the router can have either L1, L2 or both L1/L2 Link-State Databases. IS-IS uses [[Dijkstra's algorithm]] to generate the routing tables from these databases. | ||
But there can be situations, when IS-IS router has exactly the same prefix in different level databases, or external and internal. In order to choose best path in this situations, there is a | But there can be situations, when IS-IS router has exactly the same prefix in different level databases, or external and internal. In order to choose best path in this situations, there is a specific order in which the route goes from the most preferred to the least preferred: | ||
* L1 intra-area with internal metric, | * L1 intra-area with internal metric, | ||
| Line 175: | Line 192: | ||
== BFD support == | == BFD support == | ||
IS-IS has Hello packets (IIH) which carry information about the router and are used to form | IS-IS has Hello packets (IIH) which carry information about the router and are used to form adjacencies. Another function of hello packets is to detect a fault between adjacent routers. | ||
Hello packet transmission intervals can be lowered in order to detect faults faster, but this will necessarily create more load on the routers. | |||
Instead of this, [[Bidirectional Forwarding Detection|BFD]] can be used. | Instead of this, [[Bidirectional Forwarding Detection|BFD]] can be used. BFD is a low-overhead fault detection protocol that places little demand on the CPU, and can provide sub-second fault detection. | ||
== Other uses == | == Other uses == | ||
Revision as of 20:08, 30 June 2025
Template:Short description Script error: No such module "about". Template:Sidebar with collapsible lists Template:Internet history timeline Script error: No such module "Unsubst". Template:More citations needed
Intermediate System to Intermediate System (IS-IS, also written ISIS) is a routing protocol designed to move information efficiently within a computer network, a group of physically connected computers or similar devices. It accomplishes this by determining the best route for data through a packet switching network.
The IS-IS protocol is defined in ISO/IEC 10589:2002[1][2] as an international standard within the Open Systems Interconnection (OSI) reference design.
In 2005, IS-IS was called "the de facto standard for large service provider network backbones".[3]
Description
IS-IS is an interior gateway protocol, designed for use within an administrative domain or network. This is in contrast to exterior gateway protocols, primarily Border Gateway Protocol (BGP), which is used for routing between autonomous systems.Template:Ref RFC
IS-IS is a link-state routing protocol, operating by flooding link state information throughout a network of routers. Each IS-IS router independently builds a database of the network's topology, aggregating the flooded network information. Like the OSPF protocol, IS-IS uses Dijkstra's algorithm for computing the best path through the network. Packets (datagrams) are then forwarded, based on the computed ideal path, through the network to the destination.
History
The IS-IS protocol was developed by a team of people working at Digital Equipment Corporation as part of DECnet Phase V.
The Internet Engineering Task Force (IETF) published IS-IS in 1990Template:Ref RFC, but that RFC was later retracted and marked as historicTemplate:Ref RFC because it republished a draft rather than a final version of the International Organization for Standardization (ISO) standard, causing confusion.
The protocol was standardized by ISO in 1992 as ISO 10589, for communication between network devices that are termed Intermediate Systems (as opposed to end systems or hosts) by the ISO. The purpose of IS-IS was to make the routing of datagrams possible using the ISO-developed OSI protocol stack called Connectionless-mode Network Service (CLNS). IS-IS was developed at roughly the same time that the Internet Engineering Task Force IETF was developing a similar protocol called OSPF. IS-IS was later extended to support routing of datagrams in the Internet Protocol (IP), the network-layer protocol of the global Internet. This version of the IS-IS routing protocol was then called Integrated IS-IS.Template:Ref RFC
IS-IS terminology
The ISO for IS-IS standard uses specific jargon to refer to components of the network, some of which differ, or is less common, in typical industry language.
- Intermediate System - Router
- Designated Intermediate System - An IS selected to represent a group of ISs on a shared circuit.
- End System (ES) - any host or device that does not participate in routing.
- Circuit - Layer 2 broadcast domain. This can be a single point-to-point connection, or a LAN.
- Adjacency - A neighboring IS that an IS exchanges routing information with.
Packet types
IS-IS adjacency can be either broadcast or point-to-point.
- IS-IS Hello PDU (IIH)
- An IS-IS hello packet needs to be exchanged periodically between 2 routers to establish adjacency. Based on the negotiation, one of them will be selected as the DIS (Designated IS). This hello packet will be sent separately for Level-1 or Level-2. There are 3 IS-IS hello packets depending on the circuit type -
- LAN L1 (PDU type 15)
- LAN L2 (PDU type 16)
- P2P (PDU type 17). On point-to-point links, there are no separate hello packets per level like there are on broadcast links. Unlike OSPF, IS-IS hello interval timers do not need to match.
- Link State PDU (LSP)
- This contains the actual routing information. The LSP contains a number of fields called type–length–values (TLVs), which contain the routing data.: The LSP header is called LSP ID and consists of a System ID, Pseudonode ID and Fragment ID. :: In this example LSP with ID 1921.6820.0002.02-01,
- 1921.6820.0002 is the System ID (that generated this LSP),
- 02 is the Pseudonode ID,
- 01 is the Fragment ID.
- If the Pseudonode ID is equal to zero, then it represents a real intermediate system. Any non-zero value means that the LSP is generated by a DIS (Pseudonode).
- If the LSP is too big to fit inside an ethernet frame, then it gets fragmented. To indicate fragmentation, a Fragment ID is used. If the Fragment ID is equal to zero, then no fragmentation has occurred.
- Complete Sequence Number PDU (CSNP)
- This packet will be sent only by the DIS. By default, every 10 seconds, a CSNP packet will be transmitted by the DIS. The CSNP contains the list of LSP IDs along with sequence number and checksum.
- Partial Sequence Number PDU (PSNP)
- If the router which receives a CSNP packet finds a discrepancy in its own database, it will send an PSNP request asking the DIS to send a specific LSP back to it.
IS-IS addressing and NET
Unlike other routing protocols, IS-IS does not principally operate at Layer 3, and does not use IP addresses to identify each interface on an Intermediate System.
Instead, IS-IS uses an ISO Network Address. Each unique connection point in the autonomous system, such as a port on a router, is assigned a ISO Network Address called a Network Service Access Point (NSAP).
Individual ISs are assigned an ISO Network Address called a Network Entity Title (NET). The NET is similar to the NSAP, but does not have its Selector field set.
While this is not an IP address, and serves a different purpose, it is recommended practice to set the System ID field equal to a unique IPv4 address assigned to one of the router's loopback interfaces.
On a single intermediate system there can be up to 3 NET addresses. This may be useful during migration of an IS from one area to another.
The NET consists of an Area, System ID and NSEL field.Area itself consists of an AFI (Address Family Identifier) and an Area ID.
Area can have a variable length of 1 - 13 bytes. The System ID is 6 bytes long and the NSEL is 1 byte.
As an example, the fields of the ISO Network Address "49.0100.1921.6821.1138.00" are as follows:
- 49 is the AFI. 49 specifically represents the "private address space", similar to RFC1918 for IPv4.,
- 0100 is the Area ID,
- 49.0100 is the Area,
- 1921.6821.1138 is the System ID,
- 00 is the NSEL, which must be zero. Routers will not form adjacencies with routers with a non-zero NSEL in their NET, as that field is only used by the NSAP.
Hostname resolution
When administrating large networks, using IP addresses directly is often difficult and inconvenient.
Network engineers generally prefer to use domain names like "if-bundle-22-2.qcore1.pye-paris.as6453.net" to identify routers, as they contain more relevant and human-readable information.
Other routing protocols which principally identify routers using IP addresses can easily solve this problem using local DNS resolution.
Because IS-IS is not an IP-based protocol, it has hostname resolution built into the standard. Link-state PDUs can carry a Type Length Value 137 (TLV 137) field, which contains a hostname associated with a NET.[4]
Areas and levels
Similar to OSPF, IS-IS employs the concept of areas to divide the network, reducing the overall burden on routers in the network, by only requiring them to have complete link-state information for their area.
In IS-IS, ISs operate at either Level 1, Level 2 or Level 1/Level 2.
- Level 1 routers are internal to an area, and only maintain a Link State Database (LSDB) for that area.
- Level 2 routers form the backbone of an IS-IS network, and route traffic between areas. They maintain a separate Layer 2 LSDB for inter-area routing. Layer 2 routers must be contiguous, meaning the network of Layer 2 routers must be fully internally routable without crossing into different areas.
- Level 1/Level 2 routers are on the boundaries between L1 and L2 routers, and participate in both intra-area and inter-area routing, maintaining separate L1 and L2 LSDBs.
When an L1 router needs to send traffic to a destination not within its area, it directs it to an L1/L2 router.
L1/L2 routers advertise their status as boundary routers by setting the Attached Bit (ATT), in its L1 LSP. Routers that receive this LSP will add a default route to the origin of the LSP.
External routes can be redistributed to L1 areas, including their L1/L2 routers. However, by default, external routes will not be redistributed to L2 routers. To change this policy, L1/L2 routers must be configured to originate these external routes to the L2 network.
Attribute bits in LSPs
IS-IS LSPs contain information about the LSP itself in the attribute block of the LSP header, which is 8 bits long.
- P bit - Partition repair bit, 8th bit, indicates if a partitioned L1 area can be repaired (joined together) over L2 area. Modern deployments of IS-IS generally do not support partition repair, and will not set the P bit.
- ATT bit - Attached bit, 7th - 4th bits, indicates if the originating router is attached to another area.
- If these bits are set by the L1/L2 router in its L1 LSP, other routers in the L1 area will automatically generate a default route to the originator.
- There are 4 ATT bits which represent the Error, Expense, Delay and Default metrics respectively.
- Typically, only the 4th (default) ATT bit is used, as typical IS-IS networks only use the Default (Cost) metric.
- OL bit - Overload bit, 3rd bit, indicates if the router is overloaded.
- If this bit is set, then this router will not be forwarded traffic. However, it will be still reachable.
- The overload bit can be set automatically by a router under heavy load or intentionally by an administrator.
- Setting the overload bit is an easy way to gracefully offload the router prior to maintenance which requires the router to reboot. After the router reboots and is available, then the overload bit can be cleared manually.
- The overload bit may also be set while a router waits for other dependent protocols (such as BGP) to establish neighborship, before allowing traffic to be routed to itself. This may be desirable because IS-IS converges much faster than some dependent protocols, and a router that becomes available before another dependent routing protocol converges, the router could become a traffic black hole.
- An example of this behavior is a provider edge router running an MPLS VPN with IS-IS and BGP. After the router boots, it establishes IS-IS adjacency before it finishes establishing BGP neighborship with other routers. When BGP is finished establishing neighborship, the overload bit is cleared and this router joins the MPLS VPN.
- IS type bits - 2nd and 1st bits, indicate the IS type of the originator. It can either be L1 only, L2 only, or L1/L2.
- 01 - L1
- 10 - L2
- 11 - L1/L2
Wide metrics
When IS-IS was initially introduced, TLVs for IS reachability (TLV 2) and IP reachability (TLVs 128 and 130) could have an interface metric of no more than 63 (6 bits) and total accumulated path metric of no more than 1023 (10 bits).
Over time, networks outgrew the constraints imposed by these metrics as speeds and hop-counts increased with better hardware.
To allow for these larger networks 2 new TLVs — TLV 22 for Extended IS reachability and TLV 135 for Extended IP reachability — were introduced.
These additions to the protocol allowed link metrics up to 16.7 million (24 bits) and total accumulated path metric up to 4 billion (32 bits).
Metrics without TLV 22 and 135 are called narrow metrics, and metrics that include them are called wide metrics.[5]
Wide metrics or narrow metrics can be set on a per-level basis.
Adjacency formation
Compared to OSPF, IS-IS rules of adjacency formation are much simpler and depend primarily on the router level.
- A L1 router cannot form any adjacency with L2 router.
- A L1 router can form a L1 adjacency with other L1 router in the same area.
- A L1 router can form a L1 adjacency with L1/L2 router in the same area
- A L2 router can form a L2 adjacency with other L2 routers regardless of their areas.
- A L2 router can form a L2 adjacency with an L1/L2 router regardless of their areas.
- L1/L2 router can form both an L2 and L1 adjacency with other L1/L2 routers if their areas match.
Broadcast segments and designated intermediate system
Similar to OSPF, all routers in a broadcast domain need to form adjacencies and exchange LSPs, resulting in there being LSPs for each router in the domain.
In order to overcome this issue, on each LAN segment a designated intermediate system (DIS) is elected. The router with the highest priority and System ID is elected as the DIS, but if another router is connected with a higher priority (or higher System ID if the priorities are equal), will be elected as the new DIS.
Instead of each router forming an adjacency with every other router in the broadcast domain, each router forms an adjacency with just the DIS, and the DIS becomes responsible for relaying LSPs to the subordinate routers, in a hub-and-spoke topology.
An elected DIS router is a pseudonode, which uses the resources (including System ID) of one real router.
The Pseudonode ID in LSPs originated by a DIS, always have a non-zero Pseudonode ID field.
The DIS will send periodic CSNPs on the LAN segment and reply to PSNPs from other routers.
If the DIS stops communicating, a new DIS will be elected in the segment.
Authentication
IS-IS supports both simple password and MD5 authentication types. In IS-IS, per-level or per-interface authentication is possible.
In addition, to protect from a replay attack, IS-IS uses an increasing sequence number in the IIH.
IPv6 support and multi-topology
Unlike OSPF, which operates at Layer 3, IS-IS encapsulates its PDUs into Layer 2 frames, and does not depend on Layer 3 protocols, such as IPv4 or IPv6.
In order to support IPv6 routing information TLV 232 for IPv6 interface address and TLV 236 for IPv6 reachability were added.
In order to display supported Layer 3 protocols, also called NLPID (Network Layer Protocol ID), TLV 129 is used. Here, IPv4 has code of 0xCC, while IPv6 has a code of 0x8E.
There might be an issue, if the IPv4 and IPv6 topologies do not overlap. This could happen due to misconfiguration or lack of support for IPv6 by routers in the network. For this situations, multi-topology support is added to IS-IS.
TLV 229 was added to indicate support for multi-topologies, such as IPv4 unicast and IPv6 unicast.
If multi-topology is enabled, IS-IS will calculate separate SPF tree for IPv4 and IPv6. This means twice the resource usage, but from the other side, this prevents traffic black holes.
When multi-topology is enabled, then IS-IS will use TLV 222 for Multi-topology IS reachability, TLV 235 for Multi-topology IP reachability and TLV 236 for Multi-topology IPv6 reachability.
IS-IS path selection
Depending on the configuration, the router can have either L1, L2 or both L1/L2 Link-State Databases. IS-IS uses Dijkstra's algorithm to generate the routing tables from these databases.
But there can be situations, when IS-IS router has exactly the same prefix in different level databases, or external and internal. In order to choose best path in this situations, there is a specific order in which the route goes from the most preferred to the least preferred:
- L1 intra-area with internal metric,
- L1 external with internal metric,
- L2 intra-area with internal metric,
- L2 external with internal metric,
- Inter-area (from L1 to L2) with internal metric,
- Inter-area external (from L1 to L2) with internal metric,
- Inter-area (from L2 to L1) with internal metric,
- Inter-area external (from L2 to L1) with internal metric,
- L1 external with external metric,
- L2 external with external metric,
- Inter-area external (from L1 to L2) with external metric,
- Inter-area external (from L2 to L1) with external metric.
BFD support
IS-IS has Hello packets (IIH) which carry information about the router and are used to form adjacencies. Another function of hello packets is to detect a fault between adjacent routers.
Hello packet transmission intervals can be lowered in order to detect faults faster, but this will necessarily create more load on the routers.
Instead of this, BFD can be used. BFD is a low-overhead fault detection protocol that places little demand on the CPU, and can provide sub-second fault detection.
Other uses
IS-IS is the base for the control plane in Shortest Path Bridging (SPB). SPB enables equal-cost multipath routing among Ethernet switches in a mesh topology: Ethernet frames are forwarded along multiple load-balanced, service-specific paths, which are all equally the shortest. To support this, SPB extends IS-IS with new TLVs.Template:Ref RFC
Related protocols
References
External links
- IS-IS standard (ISO/IEC 10589:2002, Second Edition) – free-of-charge PDF version
- OSPF and IS-IS: A Comparative Anatomy by Dave Katz, Juniper
- Collection of RFCs pertaining to IS-IS Template:Webarchive
- IS-IS and OSPF difference discussion (Vishwas Manral, Manav Bhatia and Yasuhiro Ohara)
- Google Quagga IS-IS implementation
- Sample isisd.conf file: used with Quagga
- IS-IS route preference for Extended IP and IPv6 Reachability