Contents

Configuring IS-IS·· 1

Overview· 1

Terminology· 1

IS-IS address format 1

NET· 3

IS-IS area· 3

IS-IS network types· 5

IS-IS PDUs· 6

Protocols and standards· 8

IS-IS configuration task list 9

Configuring basic IS-IS· 10

Configuration prerequisites· 10

Enabling IS-IS· 10

Setting the IS level and circuit level 10

Configuring P2P network type for an interface· 11

Configuring IS-IS route control 12

Configuration prerequisites· 12

Configuring IS-IS link cost 12

Specifying a preference for IS-IS· 13

Configuring the maximum number of ECMP routes· 14

Configuring IS-IS route summarization· 14

Advertising a default route· 15

Configuring IS-IS route redistribution· 15

Configuring IS-IS route filtering· 16

Configuring IS-IS route leaking· 17

Tuning and optimizing IS-IS networks· 17

Configuration prerequisites· 17

Specifying the interval for sending IS-IS hello packets· 18

Specifying the IS-IS hello multiplier 18

Specifying the interval for sending IS-IS CSNP packets· 19

Configuring a DIS priority for an interface· 19

Disabling an interface from sending/receiving IS-IS packets· 19

Enabling an interface to send small hello packets· 20

Configuring LSP parameters· 20

Controlling SPF calculation interval 24

Configuring convergence priorities for specific routes· 24

Setting the LSDB overload bit 25

Configuring the ATT bit 25

Configuring the tag value for an interface· 26

Configuring system ID to host name mappings· 26

Enabling the logging of neighbor state changes· 28

Enabling IS-IS ISPF· 28

Enabling prefix suppression· 28

Configuring IS-IS network management 29

Configuring IS-IS PIC· 30

Enhancing IS-IS network security· 31

Configuration prerequisites· 31

Configuring neighbor relationship authentication· 31

Configuring area authentication· 32

Configuring routing domain authentication· 32

Configuring IS-IS GR· 33

Configuring IS-IS NSR· 34

Configuring BFD for IS-IS· 35

Configuring IS-IS FRR· 35

Configuration prerequisites· 36

Configuration guidelines· 36

Configuration procedure· 36

Displaying and maintaining IS-IS· 38

IS-IS configuration examples· 39

Basic IS-IS configuration example· 39

DIS election configuration example· 44

IS-IS route redistribution configuration example· 48

IS-IS authentication configuration example· 51

IS-IS GR configuration example· 54

IS-IS NSR configuration example· 55

BFD for IS-IS configuration example· 59

IS-IS FRR configuration example· 62

 

Configuring IS-IS

Overview

Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the ISO to operate on the connectionless network protocol (CLNP).

IS-IS was modified and extended in RFC 1195 by the IETF for application in both TCP/IP and OSI reference models, called "Integrated IS-IS" or "Dual IS-IS."

IS-IS is an IGP used within an AS. It uses the SPF algorithm for route calculation.

Terminology

·     Intermediate system—Similar to a router in TCP/IP, IS is the basic unit used in an IS-IS routing domain to generate and propagate routing information. Throughout this chapter, an IS refers to a router.

·     End system—Similar to a host in TCP/IP, an ES does not run IS-IS. ISO defines the ES-IS protocol for communication between an ES and an IS.

·     Routing domain—An RD comprises a group of ISs that exchange routing information with each other by using the same routing protocol.

·     Area—An IS-IS routing domain can be split into multiple areas.

·     Link State Database—All link states in the network form the LSDB. Each IS has a minimum of one LSDB. An IS uses the SPF algorithm and LSDB to generate IS-IS routes.

·     Link State Protocol Data Unit or Link State Packet —An IS advertises link state information in an LSP.

·     Network Protocol Data Unit—An NPDU is a network layer protocol packet in OSI, similar to an IP packet in TCP/IP.

·     Designated IS—A DIS is elected on a broadcast network.

·     Network service access point—An NSAP is an OSI network layer address. The NSAP identifies an abstract network service access point and describes the network address format in the OSI reference model.

IS-IS address format

NSAP

As shown in Figure 1, an NSAP address comprises the Initial Domain Part (IDP) and the Domain Specific Part (DSP). The IDP is analogous to the network ID of an IP address, and the DSP is analogous to the subnet and host ID.

The IDP includes the Authority and Format Identifier (AFI) and the Initial Domain Identifier (IDI).

The DSP includes:

·     High Order Part of DSP (HO-DSP)—Identifies the area.

·     System ID—Identifies the host.

·     SEL—Identifies the type of service.

The IDP and DSP are variable in length. The length of an NSAP address is in the range of 8 to 20 bytes.

Figure 1 NSAP address format

 

Area address

The area address comprises the IDP and the HO-DSP of the DSP, which identify the area and the routing domain. Different routing domains cannot have the same area address.

Typically, a router only needs one area address, and all nodes in the same area must have the same area address. To support smooth area merging, partitioning, and switching, a router can have a maximum of three area addresses.

System ID

A system ID uniquely identifies a host or router. It has a fixed length of 48 bits (6 bytes).

The system ID of a device can be generated from the router ID. For example, suppose a router uses the IP address 168.10.1.1 of Loopback 0 as the router ID. The system ID can be obtained in the following steps:

1.     Extend each decimal number of the IP address to three digits by adding 0s from the left, such as 168.010.001.001.

2.     Divide the extended IP address into three sections that each has four digits to get the system ID 1680.1000.1001.

If you use other methods to define a system ID, make sure that it can uniquely identify the host or router.

SEL

The N-SEL, or the NSAP selector (SEL), is similar to the protocol identifier in IP. Different transport layer protocols correspond to different SELs. All SELs in IP are 00.

Routing method

The IS-IS address format identifies the area, so a Level-1 router can easily identify packets destined to other areas. IS-IS routers perform routing as follows:

·     A Level-1 router performs intra-area routing according to the system ID. If the destination address of a packet does not belong to the local area, the Level-1 router forwards it to the nearest Level-1-2 router.

·     A Level-2 router performs inter-area routing according to the area address.

NET

A network entity title (NET) identifies the network layer information of an IS. It does not include transport layer information. A NET is a special NSAP address with the SEL being 0. The length of a NET is in the range of 8 to 20 bytes, same as a NSAP address.

A NET includes the following parts:

·     Area ID—Has a length of 1 to 13 bytes.

·     System ID—A system ID uniquely identifies a host or router in the area and has a fixed length of 6 bytes.

·     SEL—Has a value of 0 and a fixed length of 1 byte.

For example, for a NET ab.cdef.1234.5678.9abc.00, the area ID is ab.cdef, the system ID is 1234.5678.9abc, and the SEL is 00.

Typically, a router only needs one NET, but it can have a maximum of three NETs for smooth area merging and partitioning. When you configure multiple NETs, make sure the system IDs are the same.

IS-IS area

IS-IS has a 2-level hierarchy to support large-scale networks. A large-scale routing domain is divided into multiple areas. Typically, a Level-1 router is deployed within an area. A Level-2 router is deployed between areas. A Level-1-2 router is deployed between Level-1 and Level-2 routers.

Level-1 and Level-2

·     Level-1 router—A Level-1 router establishes neighbor relationships with Level-1 and Level-1-2 routers in the same area. It maintains an LSDB comprising intra-area routing information. A Level-1 router forwards packets destined for external areas to the nearest Level-1-2 router. Level-1 routers in different areas cannot establish neighbor relationships.

·     Level-2 router—A Level-2 router establishes neighbor relationships with Level-2 and Level-1-2 routers in the same area or in different areas. It maintains a Level-2 LSDB containing inter-area routing information. All the Level-2 and Level-1-2 routers must be contiguous to form the backbone of the IS-IS routing domain. Level-2 routers can establish neighbor relationships even if they are in different areas.

·     Level-1-2 router—A router with both Level-1 and Level-2 router functions is a Level-1-2 router. It can establish Level-1 neighbor relationships with Level-1 and Level-1-2 routers in the same area. It can establish Level-2 neighbor relationships with Level-2 and Level-1-2 routers in different areas. A Level-1 router can reach other areas only through a Level-1-2 router. The Level-1-2 router maintains two LSDBs, a Level-1 LSDB for intra-area routing and a Level-2 LSDB for inter-area routing.

Figure 2 shows one IS-IS network topology. Area 1 is the backbone that comprises a set of Level-2 routers. The other four areas are non-backbone areas connected to the backbone through Level-1-2 routers.

Figure 2 IS-IS topology 1

 

Figure 3 shows another IS-IS topology. The Level-1-2 routers connect to the Level-1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology. The backbone comprises all contiguous Level-2 and Level-1-2 routers in different areas. The IS-IS backbone does not need to be a specific area.

Figure 3 IS-IS topology 2

 

Both the Level-1 and Level-2 routers use the SPF algorithm to generate the shortest path tree.

Route leaking

Level-2 and Level-1-2 routers form a Level-2 area. An IS-IS routing domain comprises only one Level-2 area and multiple Level-1 areas. A Level-1 area must connect to the Level-2 area rather than another Level-1 area.

Level-1-2 routers send the routing information of Level-1 areas to the Level-2 area. Level-2 routers know the routing information of the entire IS-IS routing domain. By default, a Level-2 router does not advertise the routing information of other areas to a Level-1 area. A Level-1 router simply sends packets destined for other areas to the nearest Level-1-2 router. The path passing through the Level-1-2 router might not be the best. To solve this problem, IS-IS provides the route leaking feature.

Route leaking enables a Level-1-2 router to advertise the routes of other areas to the connected Level-1 area so that the Level-1 routers can select the optimal routes.

IS-IS network types

Network types

IS-IS supports only broadcast networks (for example, Ethernet and Token Ring).

DIS and pseudonodes

IS-IS routers on a broadcast network must elect a DIS.

The Level-1 and Level-2 DISs are elected separately. You can assign different priorities to a router for different level DIS elections. The higher the router priority, the more likely the router becomes the DIS. If multiple routers with the same highest DIS priority exist, the one with the highest Subnetwork Point of Attachment (SNPA) address will be elected. On a broadcast network, the SNPA address is the MAC address. A router can be the DIS for different levels.

IS-IS DIS election differs from OSPF DIS election in the following ways:

·     A router with priority 0 can also participate in the DIS election.

·     When a router with a higher priority is added to the network, an LSP flooding process is performed to elect the router as the new DIS.

As shown in Figure 4, the same level routers on a network, including non-DIS routers, establish adjacency with each other.

Figure 4 DIS in the IS-IS broadcast network

 

The DIS creates and updates pseudonodes, and generates LSPs for the pseudonodes, to describe all routers on the network.

A pseudonode represents a virtual node on the broadcast network. It is not a real router. In IS-IS, it is identified by the system ID of the DIS and a 1-byte Circuit ID (a non-zero value).

Using pseudonodes simplifies network topology and can reduce the amount of resources consumed by SPF.

 

	NOTE: On an IS-IS broadcast network, all routers establish adjacency relationships, but they synchronize their LSDBs through the DIS.

 

IS-IS PDUs

PDU

IS-IS PDUs are encapsulated into link layer frames. An IS-IS PDU has two parts, the headers and the variable length fields. The headers comprise the PDU common header and the PDU specific header. All PDUs have the same PDU common header. The specific headers vary by PDU type.

Figure 5 PDU format

 

Table 1 PDU types

Type	PDU Type	Acronym
15	Level-1 LAN IS-IS hello PDU	L1 LAN IIH
16	Level-2 LAN IS-IS hello PDU	L2 LAN IIH
17	Point-to-Point IS-IS hello PDU	P2P IIH
18	Level-1 Link State PDU	L1 LSP
20	Level-2 Link State PDU	L2 LSP
24	Level-1 Complete Sequence Numbers PDU	L1 CSNP
25	Level-2 Complete Sequence Numbers PDU	L2 CSNP
26	Level-1 Partial Sequence Numbers PDU	L1 PSNP
27	Level-2 Partial Sequence Numbers PDU	L2 PSNP

 

Hello PDU

IS-to-IS hello (IIH) PDUs are used by routers to establish and maintain neighbor relationships. On broadcast networks, Level-1 routers use Level-1 LAN IIHs, and Level-2 routers use Level-2 LAN IIHs. The P2P IIHs are used on point-to-point networks.

LSP

The LSPs carry link state information. LSPs include Level-1 LSPs and Level-2 LSPs. The Level-2 LSPs are sent by the Level-2 routers, and the Level-1 LSPs are sent by the Level-1 routers. The Level-1-2 router can send both types of LSPs.

SNP

A sequence number PDU (SNP) describes the complete or partial LSPs for LSDB synchronization.

SNPs include CSNP and PSNP, which are further divided into Level-1 CSNP, Level-2 CSNP, Level-1 PSNP, and Level-2 PSNP.

A CSNP describes the summary of all LSPs for LSDB synchronization between neighboring routers. On broadcast networks, CSNPs are sent by the DIS periodically (every 10 seconds by default). On point-to-point networks, CSNPs are sent only during the first adjacency establishment.

A PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request missing LSPs from a neighbor.

CLV

The variable fields of PDU comprise multiple Code-Length-Value (CLV) triplets.

Figure 6 CLV format

 

Table 2 shows that different PDUs contain different CLVs. Codes 1 through 10 are defined in ISO 10589 (code 3 and 5 are not shown in the table). Codes 128 through 132 are defined in RFC 1195. Codes 222 through 237 are defined in RFC 5120.

Table 2 CLV codes and PDU types

CLV Code	Name	PDU Type
1	Area Addresses	IIH, LSP
2	IS Neighbors (LSP)	LSP
4	Partition Designated Level 2 IS	L2 LSP
6	IS Neighbors (MAC Address)	LAN IIH
7	IS Neighbors (SNPA Address)	LAN IIH
8	Padding	IIH
9	LSP Entries	SNP
10	Authentication Information	IIH, LSP, SNP
128	IP Internal Reachability Information	LSP
129	Protocols Supported	IIH, LSP
130	IP External Reachability Information	L2 LSP
131	Inter-Domain Routing Protocol Information	L2 LSP
132	IP Interface Address	IIH, LSP
222	MT-ISN	LSP
229	M-Topologies	IIH, LSP
235	MT IP. Reach	LSP
237	MT IPv6 IP. Reach	LSP

 

Protocols and standards

·     ISO 10589 ISO IS-IS Routing Protocol

·     ISO 9542 ES-IS Routing Protocol

·     ISO 8348/Ad2 Network Services Access Points

·     RFC 1195, Use of OSI IS-IS for Routing in TCP/IP and Dual Environments

·     RFC 2763, Dynamic Hostname Exchange Mechanism for IS-IS

·     RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS

·     RFC 2973, IS-IS Mesh Groups

·     RFC 3277, IS-IS Transient Blackhole Avoidance

·     RFC 3358, Optional Checksums in ISIS

·     RFC 3373, Three-Way Handshake for IS-IS Point-to-Point Adjacencies

·     RFC 3567, Intermediate System to Intermediate System (IS-IS) Cryptographic Authentication

·     RFC 3719, Recommendations for Interoperable Networks using IS-IS

·     RFC 3786, Extending the Number of IS-IS LSP Fragments Beyond the 256 Limit

·     RFC 3787, Recommendations for Interoperable IP Networks using IS-IS

·     RFC 3847, Restart Signaling for IS-IS

·     RFC 4444, Management Information Base for Intermediate System to Intermediate System (IS-IS)

·     RFC 5303, Three-Way Handshake for IS-IS Point-to-Point Adjacencies

·     RFC 5310, IS-IS Generic Cryptographic Authentication

IS-IS configuration task list

Tasks at a glance
Configuring basic IS-IS: ·     (Required.) Enabling IS-IS ·     (Optional.) Setting the IS level and circuit level ·     (Optional.) Configuring P2P network type for an interface
(Optional.) Configuring IS-IS route control: ·     Configuring IS-IS link cost ·     Specifying a preference for IS-IS ·     Configuring the maximum number of ECMP routes ·     Configuring IS-IS route summarization ·     Advertising a default route ·     Configuring IS-IS route redistribution ·     Configuring IS-IS route filtering ·     Configuring IS-IS route leaking
(Optional.) Tuning and optimizing IS-IS networks: ·     Specifying the interval for sending IS-IS hello packets ·     Specifying the IS-IS hello multiplier ·     Specifying the interval for sending IS-IS CSNP packets ·     Configuring a DIS priority for an interface ·     Disabling an interface from sending/receiving IS-IS packets ·     Enabling an interface to send small hello packets ·     Configuring LSP parameters ·     Controlling SPF calculation interval ·     Configuring convergence priorities for specific routes ·     Setting the LSDB overload bit ·     Configuring the ATT bit ·     Configuring the tag value for an interface ·     Configuring system ID to host name mappings ·     Enabling the logging of neighbor state changes ·     Enabling IS-IS ISPF ·     Enabling prefix suppression ·     Configuring IS-IS network management ·     Configuring IS-IS PIC
(Optional.) Enhancing IS-IS network security: ·     Configuring neighbor relationship authentication ·     Configuring area authentication ·     Configuring routing domain authentication
(Optional.) Configuring IS-IS GR
(Optional.) Configuring IS-IS NSR
(Optional.) Configuring BFD for IS-IS
(Optional.) Configuring IS-IS FRR

 

Configuring basic IS-IS

Configuration prerequisites

Before the configuration, complete the following tasks:

·     Configure the link layer protocol.

·     Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.

Enabling IS-IS

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enable IS-IS and enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	By default, IS-IS is disabled.
3.     Assign a NET.	network-entity net	By default, NET is not assigned.
4.     Return to system view.	quit	N/A
5.     Enter interface view.	interface interface-type interface-number	N/A
6.     Enable IS-IS on the interface.	isis enable [ process-id ]	By default, IS-IS is disabled.

 

Setting the IS level and circuit level

Follow these guidelines when you configure the IS level for routers in only one area:

·     Set the IS level of all routers to Level-1 or Level-2 rather than different levels because the routers do not need to maintain two identical LSDBs.

·     Set the IS level to Level-2 on all routers in an IP network for good scalability.

For an interface of a Level-1 or Level-2 router, the circuit level can only be Level-1 or Level-2. For an interface of a Level-1-2 router, the default circuit level is Level-1-2. If the router only needs to form Level-1 or Level-2 neighbor relationships, set the circuit level for its interfaces to Level-1 or Level-2. This will limit neighbor relationship establishment.

To configure the IS level and circuit level:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Specify the IS level.	is-level { level-1 | level-1-2 | level-2 }	By default, the IS level is Level-1-2.
4.     Return to system view.	quit	N/A
5.     Enter interface view.	interface interface-type interface-number	N/A
6.     Specify the circuit level.	isis circuit-level [ level-1 | level-1-2 | level-2 ]	By default, an interface can establish either the Level-1 or Level-2 adjacency.

 

Configuring P2P network type for an interface

Perform this task only for a broadcast network that has up to two attached routers.

Interfaces with different network types operate differently. For example, broadcast interfaces on a network must elect the DIS and flood CSNP packets to synchronize the LSDBs. However, P2P interfaces on a network do not need to elect the DIS, and have a different LSDB synchronization mechanism.

If only two routers exist on a broadcast network, set the network type of attached interfaces to P2P. This avoids DIS election and CSNP flooding, saving network bandwidth and speeding up network convergence.

To configure P2P network type for an interface:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Configure P2P network type for an interface.	isis circuit-type p2p	By default, the network type of an interface varies by physical media. The network type of a VLAN interface is broadcast.

 

Configuring IS-IS route control

Configuration prerequisites

Before the configuration, complete the following tasks:

·     Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.

·     Enable IS-IS.

Configuring IS-IS link cost

The IS-IS cost of an interface is determined in the following order:

1.     IS-IS cost specified in interface view.

2.     IS-IS cost specified in system view.

The cost is applied to the interfaces associated with the IS-IS process.

3.     Automatically calculated cost.

If the cost style is wide or wide-compatible, IS-IS automatically calculates the cost using the formula: Interface cost = (Bandwidth reference value / Expected interface bandwidth) × 10, in the range of 1 to 16777214. For other cost styles, Table 3 applies.

Configure the expected bandwidth of an interface with the bandwidth command. For more information, see Interface Command Reference.

Table 3 Automatic cost calculation scheme for cost styles other than wide and wide-compatible

Interface bandwidth	Interface cost
≤ 10 Mbps	60
≤ 100 Mbps	50
≤ 155 Mbps	40
≤ 622 Mbps	30
≤ 2500 Mbps	20
> 2500 Mbps	10

 

4.     If none of the above costs is used, a default cost of 10 applies.

Configuring an IS-IS cost for an interface

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     (Optional.) Specify an IS-IS cost style.	cost-style { narrow | wide | wide-compatible | { compatible | narrow-compatible } [ relax-spf-limit ] }	By default, the IS-IS cost type is narrow.
4.     Return to system view.	quit	N/A
5.     Enter interface view.	interface interface-type interface-number	N/A
6.     Specify a cost for the IS-IS interface.	isis cost cost-value [ level-1 | level-2 ]	By default, no cost for the interface is specified.

 

Configuring a global IS-IS cost

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     (Optional.) Specify an IS-IS cost style.	cost-style { narrow | wide | wide-compatible | { compatible | narrow-compatible } [ relax-spf-limit ] }	By default, the IS-IS cost type is narrow.
4.     Specify a global IS-IS cost.	circuit-cost cost-value [ level-1 | level-2 ]	By default, no global cost is specified.

 

Enabling automatic IS-IS cost calculation

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Enable automatic IS-IS cost calculation.	auto-cost enable	By default, automatic IS-IS cost calculation is disabled.
4.     (Optional.) Configure a bandwidth reference value for automatic IS-IS cost calculation.	bandwidth-reference value	The default setting is 100 Mbps.

 

Specifying a preference for IS-IS

If multiple routing protocols find routes to the same destination, the route found by the routing protocol that has the highest preference is selected as the optimal route.

Perform this task to assign a preference to IS-IS directly or by using a routing policy. For more information about the routing policy, see "Configuring routing policies."

To configure a preference for IS-IS:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS IPv4 unicast address family view.	a     isis [ process-id ] [ vpn-instance vpn-instance-name ] b     cost-style { wide | wide-compatible } c     address-family ipv4 [ unicast ]	N/A
3.     Configure a preference for IS-IS.	preference { preference | route-policy route-policy-name } *	The default setting is 15.

 

Configuring the maximum number of ECMP routes

Perform this task to implement load sharing over ECMP routes.

To configure the maximum number of ECMP routes:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS IPv4 unicast address family view.	a     isis [ process-id ] [ vpn-instance vpn-instance-name ] b     cost-style { wide | wide-compatible } c     address-family ipv4 [ unicast ]	N/A
3.     Specify the maximum number of ECMP routes.	maximum load-balancing number	By default, the maximum number of ECMP routes supported by IS-IS equals the maximum number of ECMP routes supported by the system.

 

Configuring IS-IS route summarization

Perform this task to summarize specific routes, including IS-IS routes and redistributed routes, into a single route. Route summarization can reduce the routing table size and the LSDB scale.

Route summarization applies only to locally generated LSPs. The cost of the summary route is the lowest one among the costs of the more-specific routes.

To configure route summarization:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS IPv4 unicast address family view.	a     isis [ process-id ] [ vpn-instance vpn-instance-name ] b     cost-style { wide | wide-compatible } c     address-family ipv4 [ unicast ]	N/A
3.     Configure IS-IS route summarization.	summary ip-address { mask-length | mask } [ avoid-feedback | generate_null0_route | [ level-1 | level-1-2 | level-2 ] | tag tag ] *	By default, route summarization is not configured.

 

Advertising a default route

IS-IS cannot redistribute a default route to its neighbors. This task enables IS-IS to advertise a default route of 0.0.0.0/0 in an LSP to the same-level neighbors. Upon receiving the default route, the neighbors add it into their routing table.

To advertise a default route:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS IPv4 unicast address family view.	a     isis [ process-id ] [ vpn-instance vpn-instance-name ] b     cost-style { wide | wide-compatible } c     address-family ipv4 [ unicast ]	N/A
3.     Advertise a Level-1 or Level-2 default route.	default-route-advertise [ [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name ] *	By default, IS-IS does not advertise a Level-1 or Level-2 default route.

 

Configuring IS-IS route redistribution

Perform this task to redistribute routes from other routing protocols into IS-IS. You can specify a cost for redistributed routes and specify the maximum number of redistributed routes.

To configure IS-IS route redistribution from other routing protocols:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS IPv4 unicast address family view.	a     isis [ process-id ] [ vpn-instance vpn-instance-name ] b     cost-style { wide | wide-compatible } c     address-family ipv4 [ unicast ]	N/A
3.     Redistribute routes from other routing protocols or other IS-IS processes.	import-route protocol [ as-number ] [ process-id | all-processes | allow-ibgp ] [ allow-direct | cost cost-value | cost-type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] *	By default, no route is redistributed. By default, if no level is specified, this command redistributes routes into the Level-2 routing table. This command redistributes only active routes. To display active routes, use the display ip routing-table protocol command.
4.     (Optional.) Configure the maximum number of redistributed Level 1/Level 2 IPv4 routes.	import-route limit number	By default, the maximum number of redistributed Level 1/Level 2 IPv4 routes is not configured.

 

Configuring IS-IS route filtering

You can use an ACL, IP prefix list, or routing policy to filter routes calculated using received LSPs and routes redistributed from other routing protocols.

Filtering routes calculated from received LSPs

IS-IS saves LSPs received from neighbors in the LSDB, and uses the SPF algorithm to calculate the shortest path tree with itself as the root. IS-IS installs the calculated routes to the IS-IS routing table and the optimal routes to the IP routing table.

Perform this task to filter calculated routes. Only routes that are not filtered can be added to the IP routing table. The filtered routes retain in the IS-IS routing table and can be advertised to neighbors.

To filter routes calculated using received LSPs:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS IPv4 unicast address family view.	a     isis [ process-id ] [ vpn-instance vpn-instance-name ] b     cost-style { wide | wide-compatible } c     address-family ipv4 [ unicast ]	N/A
3.     Filter routes calculated using received LSPs.	filter-policy { ipv4-acl-number | prefix-list prefix-list-name | route-policy route-policy-name } import	By default, IS-IS route filtering is not configured.

 

Filtering redistributed routes

IS-IS can redistribute routes from other routing protocols or other IS-IS processes, add them to the IS-IS routing table, and advertise them in LSPs.

Perform this task to filter redistributed routes. Only routes that are not filtered can be added to the IS-IS routing table and advertised to neighbors.

To filter redistributed routes:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS IPv4 unicast address family view.	a     isis [ process-id ] [ vpn-instance vpn-instance-name ] b     cost-style { wide | wide-compatible } c     address-family ipv4 [ unicast ]	N/A
3.     Filter routes redistributed from other routing protocols or IS-IS processes.	filter-policy { ipv4-acl-number | prefix-list prefix-list-name | route-policy route-policy-name } export [ protocol [ process-id ] ]	By default, IS-IS route filtering is not configured.

 

Configuring IS-IS route leaking

Perform this task to control route advertisement (route leaking) between Level-1 and Level-2.

You can configure IS-IS to advertise routes from Level-2 to Level-1, and to not advertise routes from Level-1 to Level-2.

To configure IS-IS route leaking:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS IPv4 unicast address family view.	a     isis [ process-id ] [ vpn-instance vpn-instance-name ] b     cost-style { wide | wide-compatible } c     address-family ipv4 [ unicast ]	N/A
3.     Configure route leaking from Level-1 to Level-2.	import-route isis level-1 into level-2 [ filter-policy { ipv4-acl-number | prefix-list prefix-list-name | route-policy route-policy-name } | tag tag ] *	By default, IS-IS advertises routes from Level-1 to Level-2.
4.     Configure route leaking from Level-2 to Level-1.	import-route isis level-2 into level-1 [ filter-policy { ipv4-acl-number | prefix-list prefix-list-name | route-policy route-policy-name } | tag tag ] *	By default, IS-IS does not advertise routes from Level-2 to Level-1.

 

Tuning and optimizing IS-IS networks

Configuration prerequisites

Before you tune and optimize IS-IS networks, complete the following tasks:

·     Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.

·     Enable IS-IS.

Specifying the interval for sending IS-IS hello packets

If a neighbor does not receive any hello packets from the router within the advertised hold time, it considers the router down and recalculates the routes. The hold time is the hello multiplier multiplied by the hello interval.

To specify the interval for sending hello packets:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Specify the interval for sending hello packets.	isis timer hello seconds [ level-1 | level-2 ]	The default setting is 10 seconds. The interval between hello packets sent by the DIS is 1/3 the hello interval set with the isis timer hello command.

 

Specifying the IS-IS hello multiplier

The hello multiplier is the number of hello packets a neighbor must miss before it declares that the router is down.

If a neighbor receives no hello packets from the router within the advertised hold time, it considers the router down and recalculates the routes. The hold time is the hello multiplier multiplied by the hello interval.

On a broadcast link, Level-1 and Level-2 hello packets are advertised separately. You must set a hello multiplier for each level.

On a P2P link, Level-1 and Level-2 hello packets are advertised in P2P hello packets. You do not need to specify Level-1 or Level-2.

To specify the IS-IS hello multiplier:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Specify the hello multiplier.	isis timer holding-multiplier value [ level-1 | level-2 ]	The default setting is 3.

 

Specifying the interval for sending IS-IS CSNP packets

On a broadcast network, perform this task on the DIS that uses CSNP packets to synchronize LSDBs.

To specify the interval for sending IS-IS CSNP packets:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Specify the interval for sending CSNP packets on the DIS of a broadcast network.	isis timer csnp seconds [ level-1 | level-2 ]	The default setting is 10 seconds.

 

Configuring a DIS priority for an interface

On a broadcast network, IS-IS must elect a router as the DIS at a routing level. You can specify a DIS priority at a level for an interface. The greater the interface's priority, the more likely it becomes the DIS. If multiple routers in the broadcast network have the same highest DIS priority, the router with the highest MAC address becomes the DIS.

To configure a DIS priority for an interface:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Configure a DIS priority for the interface.	isis dis-priority priority [ level-1 | level-2 ]	The default setting is 64.

 

Disabling an interface from sending/receiving IS-IS packets

After being disabled from sending and receiving hello packets, an interface cannot form any neighbor relationship, but can advertise directly connected networks in LSPs through other interfaces. This can save bandwidth and CPU resources, and ensures that other routers know networks directly connected to the interface.

To disable an interface from sending and receiving IS-IS packets:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Disable the interface from sending and receiving IS-IS packets.	isis silent	By default, the interface can send and receive IS-IS packets.

 

Enabling an interface to send small hello packets

IS-IS messages cannot be fragmented at the IP layer because they are directly encapsulated in frames. Any two IS-IS neighboring routers must negotiate a common MTU. To avoid sending big hellos to save bandwidth, enable the interface to send small hello packets without CLVs.

To enable an interface to send small hello packets:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Enable the interface to send small hello packets without CLVs.	isis small-hello	By default, the interface can send standard hello packets.

 

Configuring LSP parameters

Configuring LSP timers

1.     Specify the maximum age of LSPs.

Each LSP has an age that decreases in the LSDB. Any LSP with an age of 0 is deleted from the LSDB. You can adjust the age value based on the scale of a network.

To specify the maximum age of LSPs:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Specify the maximum LSP age.	timer lsp-max-age seconds	The default setting is 1200 seconds.

 

2.     Specify the LSP refresh interval and generation interval.

Each router needs to refresh its LSPs at a configurable interval and send them to other routers to prevent valid routes from aging out. A smaller refresh interval speeds up network convergence but consumes more bandwidth.

When network topology changes such as neighbor state, interface metric, system ID, or area ID changes occur, the router generates an LSP after a configurable interval. If such a change occurs frequently, excessive LSPs are generated, consuming a large amount of router resources and bandwidth. To solve the problem, you can adjust the LSP generation interval.

When network changes are not frequent, the minimum-interval is adopted. If network changes become frequent, the LSP generation interval is incremented by incremental-interval × 2n-2 (n is the number of calculation times) each time a generation occurs until the maximum-interval is reached.

To specify the LSP refresh interval and generation interval:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Specify the LSP refresh interval.	timer lsp-refresh seconds	By default, the LSP refresh interval is 900 seconds.
4.     Specify the LSP generation interval.	timer lsp-generation maximum-interval [ minimum-interval [ incremental-interval ] ] [ level-1 | level-2 ]	By default: ·     The maximum interval is 5 seconds. ·     The minimum interval is 50 milliseconds. ·     The incremental interval is 200 milliseconds.

 

3.     Specify LSP sending intervals.

If a change occurs in the LSDB, IS-IS advertises the changed LSP to neighbors. You can specify the minimum interval for sending these LSPs to control the amount of LSPs on the network.

On a P2P link, IS-IS requires an advertised LSP be acknowledged. If no acknowledgment is received within a configurable interval, IS-IS will retransmit the LSP.

To configure LSP sending intervals:

 

Step	Command		Remarks
1.     Enter system view.	system-view		N/A
2.     Enter interface view.	interface interface-type interface-number		N/A
3.     Specify the minimum interval for sending LSPs and the maximum LSP number that can be sent at a time.		isis timer lsp time [ count count ]	By default, the minimum interval is 33 milliseconds, and the maximum LSP number that can be sent at a time is 5.
4.     Specify the LSP retransmission interval on a P2P link.		isis timer retransmit seconds	By default, the LSP retransmission interval on a P2P link is 5 seconds.

 

Specifying LSP lengths

IS-IS messages cannot be fragmented at the IP layer because they are directly encapsulated in frames. IS-IS routers in an area must send LSPs smaller than the smallest interface MTU in the area.

If the IS-IS routers have different interface MTUs, configure the maximum size of generated LSP packets to be smaller than the smallest interface MTU in the area. Without the configuration, the routers must dynamically adjust the LSP packet size to fit the smallest interface MTU, which takes time and affects other services.

To specify LSP lengths:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Specify the maximum length of generated Level-1 LSPs or Level-2 LSPs.	lsp-length originate size [ level-1 | level-2 ]	By default, the maximum length of generated Level-1 LSPs or Level-2 LSPs is 1497 bytes.
4.     Specify the maximum length of received LSPs.	lsp-length receive size	By default, the maximum length of received LSPs is 1497 bytes.

 

Enabling LSP flash flooding

Changed LSPs can trigger SPF recalculation. To advertise the changed LSPs before the router recalculates routes for faster network convergence, enable LSP flash flooding.

To enable LSP flash flooding:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Enable LSP flash flooding.	flash-flood [ flood-count flooding-count | max-timer-interval flooding-interval | [ level-1 | level-2 ] ] *	By default, LSP flash flooding is disabled.

 

Enabling LSP fragment extension

Perform this task to enable IS-IS fragment extension for an IS-IS process. The MTUs of all interfaces running the IS-IS process must not be less than 512. Otherwise, LSP fragment extension does not take effect.

To enable LSP fragment extension:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Enable LSP fragment extension.	lsp-fragments-extend [ level-1 | level-1-2 | level-2 ]	By default, this feature is disabled.
4.     Configure a virtual system ID.	virtual-system virtual-system-id	By default, no virtual system ID is configured. Configure a minimum of one virtual system to generate extended LSP fragments.

 

Limiting LSP flooding

In some networks, many P2P links exist. As shown in Figure 7, Routers A, B, C and D run IS-IS. When Router A generates an LSP, it floods the LSP out of GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3. After Router D receives the LSP from GigabitEthernet 1/0/3, it floods it out of GigabitEthernet 1/0/2 and GigabitEthernet 1/0/1 to Router B and Router C. However, Router B and Router C have already received the LSP from Router A. Repeated LSP flooding consumes extra bandwidth.

Figure 7 Network diagram of a fully meshed network

 

‌

To avoid this problem, you can add interfaces to a mesh group or block some interfaces.

·     An interface in a mesh group floods a received LSP only to interfaces not in the mesh group.

·     A blocked interface sends LSPs only after receiving LSP requests.

Before you configure this task, you must consider redundancy for interfaces in case LSP packets cannot be flooded because of link failures.

To add an interface to a mesh group or block an interface:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Add the interface to a mesh group or block the interface.	·     Add the interface to a mesh group: isis mesh-group mesh-group-number ·     Block the interface: isis mesh-group mesh-blocked	By default, the interface does not belong to any mesh group and is not blocked. The mesh group feature takes effect only on P2P interfaces.

 

Controlling SPF calculation interval

Based on the LSDB, an IS-IS router uses the SPF algorithm to calculate the shortest path tree with itself being the root, and uses the shortest path tree to determine the next hop to a destination network. By adjusting the SPF calculation interval, you can prevent bandwidth and router resources from being over consumed due to frequent topology changes.

When network changes are not frequent, the minimum-interval is adopted. If network changes become frequent, the SPF calculation interval is incremented by incremental-interval × 2n-2 (n is the number of calculation times) each time a calculation occurs until the maximum-interval is reached.

To control SPF calculation interval:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Configure the SPF calculation interval.	timer spf maximum-interval [ minimum-interval [ incremental-interval ] ]	By default: ·     The maximum interval is 5 seconds. ·     The minimum interval is 50 milliseconds. ·     The incremental interval is 200 milliseconds.

 

Configuring convergence priorities for specific routes

A topology change causes IS-IS routing convergence. To improve convergence speed, you can assign convergence priorities to IS-IS routes. Convergence priority levels are critical, high, medium, and low. The higher the convergence priority, the faster the convergence speed.

By default, IS-IS host routes have medium convergence priority, and other IS-IS routes have low convergence priority.

To assign convergence priorities to specific IS-IS routes:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS IPv4 unicast address family view.	a     isis [ process-id ] [ vpn-instance vpn-instance-name ] b     cost-style { wide | wide-compatible } c     address-family ipv4 [ unicast ]	N/A
3.     Assign convergence priorities to specific IS-IS routes.	·     Method 1: prefix-priority { critical | high | medium } { prefix-list prefix-list-name | tag tag-value } ·     Method 2: prefix-priority route-policy route-policy-name	By default, IS-IS routes, except IS-IS host routes, have the low convergence priority.

 

Setting the LSDB overload bit

By setting the overload bit in sent LSPs, a router informs other routers of failures that make it unable to select routes and forward packets.

When an IS-IS router cannot record the complete LSDB, for example, because of memory insufficiency, it will calculate wrong routes. To make troubleshooting easier, temporarily isolate the router from the IS-IS network by setting the overload bit.

To set the LSDB overload bit:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Set the overload bit.	set-overload [ on-startup [ [ start-from-nbr system-id [ timeout1 [ nbr-timeout ] ] ] | timeout2 | wait-for-bgp [ timeout3 ] ] ] [ allow { external | interlevel } * ]	By default, the overload bit is not set.

 

Configuring the ATT bit

A Level-1-2 router sends Level-1 LSPs with an ATT bit to inform the Level-1 routers that it can reach other areas.

Configuring IS-IS not to calculate the default route through the ATT bit

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Configure IS-IS not to calculate the default route through the ATT bit.	ignore-att	By default, IS-IS uses the ATT bit to calculate the default route.

 

Setting the ATT bit of Level-1 LSPs

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Set the ATT bit of Level-1 LSPs.	set-att { always | never }	By default, the ATT bit is not set for Level-1 LSPs.

 

Configuring the tag value for an interface

Perform this task when the link cost style is wide, wide-compatible, or compatible.

When IS-IS advertises a prefix with a tag value, IS-IS adds the tag to the IP reachability information TLV of the prefix.

To configure the tag value for an interface:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Configure the tag value for the interface.	isis tag tag	By default, the tag value of the interface is not configured.

 

Configuring system ID to host name mappings

A 6-byte system ID in hexadecimal notation uniquely identifies a router or host in an IS-IS network. To make a system ID easy to read, the system allows you to use host names to identify devices. It also provides mappings between system IDs and host names.

The mappings can be configured manually or dynamically. Follow these guidelines when you configure the mappings:

·     To view host names rather than system IDs by using the display isis lsdb command, you must enable dynamic system ID to host name mapping.

·     If you configure both dynamic mapping and static mapping on a router, the host name specified for dynamic mapping applies.

Configuring a static system ID to host name mapping

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Configure a system ID to host name mapping for a remote IS.	is-name map sys-id map-sys-name	By default, no system ID to host name mapping is configured for a remote IS. A system ID can correspond to only one host name.

 

Configuring dynamic system ID to host name mapping

Static system ID to host name mapping requires you to manually configure a mapping for each router in the network. When a new router is added to the network or a mapping must be modified, you must configure all routers manually.

When you use dynamic system ID to host name mapping, you only need to configure a host name for each router in the network. Each router advertises the host name in a dynamic host name CLV to other routers so all routers in the network can have all mappings.

To help check the origin of LSPs in the LSDB, you can configure a name for the DIS in a broadcast network.

To configure dynamic system ID to host name mapping:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Specify a host name for the IS and enable dynamic system ID to host name mapping.	is-name sys-name	By default, no host name is specified for the router.
4.     Return to system view.	quit	N/A
5.     Enter interface view.	interface interface-type interface-number	N/A
6.     Configure a DIS name.	isis dis-name symbolic-name	By default, no DIS name is configured. This command takes effect only on a router enabled with dynamic system ID to host name mapping. This command is not available on P2P interfaces.

 

Enabling the logging of neighbor state changes

With this feature enabled, the router delivers logs about neighbor state changes to its information center. The information center processes the logs according to user-defined output rules (whether to output logs and where to output). For more information about the information center, see Network Management and Monitoring Configuration Guide.

To enable the logging of neighbor state changes:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Enable the logging of neighbor state changes.	log-peer-change	By default, the logging of neighbor state changes is enabled.

 

Enabling IS-IS ISPF

When the network topology changes, Incremental Shortest Path First (ISPF) computes only the affected part of the SPT, instead of the entire SPT.

To enable IS-IS ISPF:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Enable IS-IS ISPF.	ispf enable	By default, IS-IS is disabled.

 

Enabling prefix suppression

Perform this task to disable an interface from advertising its prefix in LSPs. This enhances network security by preventing IP routing to the interval nodes and speeds up network convergence.

To enable prefix suppression:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Enable prefix suppression on the interface.	isis prefix-suppression	By default, prefix suppression is disabled on the interface. This command is also applicable to the secondary IP address of the interface.

 

Configuring IS-IS network management

This task includes the following configurations:

·     Bind an IS-IS process to MIB so that you can use network management software to manage the specified IS-IS process.

·     Enable IS-IS notifications to report important events.

Notifications are delivered to the SNMP module, which outputs the notifications according to the configured output rules. For more information about SNMP notifications, see Network Management and Monitoring Configuration Guide.

TRILL uses the IS-IS MIB to provide the TRILL object management function for NMS. Because the MIB objects defined in the IS-IS MIB are single-instance management objects, NMS cannot manage IS-IS and TRILL at the same time. According to the management for multiple OSPF instances defined in RFC 4750, you can set a context name for the SNMP object for managing TRILL. In this way, the SNMP requests for managing IS-IS and the SNMP requests for managing TRILL from NMS can be distinguished. Because the context name is a concept specific to SNMPv3, the community names are mapped to context names for distinguishing different protocols in SNMPv1/v2c.

To configure IS-IS network management:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Bind MIB to an IS-IS process.	isis mib-binding process-id	By default, MIB is bound to the IS-IS process with the smallest process ID.
3.     Enable IS-IS notification sending.	snmp-agent trap enable isis [ adjacency-state-change | area-mismatch | authentication | authentication-type | buffsize-mismatch | id-length-mismatch | lsdboverload-state-change | lsp-corrupt | lsp-parse-error | lsp-size-exceeded | manual-address-drop | max-seq-exceeded | maxarea-mismatch | own-lsp-purge | protocol-support | rejected-adjacency | skip-sequence-number | version-skew ] *	By default, IS-IS notification sending is enabled.
4.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
5.     Configure the context name for the SNMP object for managing IS-IS.	snmp context-name context-name	By default, no context name is set for the SNMP object for managing IS-IS.

 

Configuring IS-IS PIC

Prefix Independent Convergence (PIC) enables the device to speed up network convergence by ignoring the number of prefixes.

When both IS-IS PIC and IS-IS FRR are configured, IS-IS FRR takes effect.

IS-IS PIC applies only to LSPs sent by neighbors.

Enabling IS-IS PIC

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Enable PIC for IS-IS.	pic [ additional-path-always ]	By default, IS-IS PIC is enabled.

 

Enabling BFD for IS-IS PIC

By default, IS-IS PIC does not use BFD to detect primary link failures. To speed up IS-IS convergence, enable BFD for IS-IS PIC to detect primary link failures.

To enable BFD control packet mode for IS-IS PIC:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Enable BFD control packet mode for IS-IS PIC.	isis primary-path-detect bfd ctrl	By default, BFD control packet mode is disabled for IS-IS PIC.

 

To configure BFD echo packet mode for IS-IS PIC:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Configure the source IP address of BFD echo packets.	bfd echo-source-ip ip-address	By default, the source IP address of BFD echo packets is not configured. The source IP address cannot be on the same network segment as any local interface's IP address. For more information, see High Availability Command Reference.
3.     Enter interface view.	interface interface-type interface-number	N/A
4.     Enable BFD echo packet mode for IS-IS PIC.	isis primary-path-detect bfd echo	By default, BFD echo packet mode is disabled for IS-IS PIC.

 

Enhancing IS-IS network security

To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication involves neighbor relationship authentication, area authentication, and routing domain authentication.

Configuration prerequisites

Before the configuration, complete the following tasks:

·     Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.

·     Enable IS-IS.

Configuring neighbor relationship authentication

With neighbor relationship authentication configured, an interface adds the key in the specified mode into hello packets to the peer and checks the key in the received hello packets. If the authentication succeeds, it forms the neighbor relationship with the peer.

The authentication mode and key at both ends must be identical.

To prevent packet exchange failure in case of an authentication key change, configure the interface not to check the authentication information in the received packets.

To configure neighbor relationship authentication:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Specify the authentication mode and key.	isis authentication-mode { { gca key-id { hmac-sha-1 | hmac-sha-224 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 } [ nonstandard ] | md5 | simple } { cipher | plain } string | keychain keychain-name } [ level-1 | level-2 ] [ ip | osi ]	By default, no authentication is configured.
4.     (Optional.) Configure the interface not to check the authentication information in the received hello packets.	isis authentication send-only [ level-1 | level-2 ]	When the authentication mode and key are configured, the interface checks the authentication information in the received packets by default.

 

Configuring area authentication

Area authentication prevents the router from installing routing information from untrusted routers into the Level-1 LSDB. The router encapsulates the authentication key in the specified mode in Level-1 packets (LSP, CSNP, and PSNP). It also checks the key in received Level-1 packets.

Routers in a common area must have the same authentication mode and key.

To prevent packet exchange failure in case of an authentication key change, configure IS-IS not to check the authentication information in the received packets.

To configure area authentication:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Specify the area authentication mode and key.	area-authentication-mode { { gca key-id { hmac-sha-1 | hmac-sha-224 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 } [ nonstandard ] | md5 | simple } { cipher | plain } string | keychain keychain-name } [ ip | osi ]	By default, no area authentication is configured.
4.     (Optional.) Configure the interface not to check the authentication information in the received Level-1 packets, including LSPs, CSNPs, and PSNPs.	area-authentication send-only	When the authentication mode and key are configured, the interface checks the authentication information in the received packets by default.

 

Configuring routing domain authentication

Routing domain authentication prevents untrusted routing information from entering into a routing domain. A router with the authentication configured encapsulates the key in the specified mode into Level-2 packets (LSP, CSNP, and PSNP) and check the key in received Level-2 packets.

All the routers in the backbone must have the same authentication mode and key.

To prevent packet exchange failure in case of an authentication key change, configure IS-IS not to check the authentication information in the received packets.

To configure routing domain authentication:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Specify the routing domain authentication mode and key.	domain-authentication-mode { { gca key-id { hmac-sha-1 | hmac-sha-224 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 } [ nonstandard ] | md5 | simple } { cipher | plain } string | keychain keychain-name } [ ip | osi ]	By default, no routing domain authentication is configured.
4.     (Optional.) Configure the interface not to check the authentication information in the received Level-2 packets, including LSPs, CSNPs, and PSNPs.	domain-authentication send-only	When the authentication mode and key are configured, the interface checks the authentication information in the received packets by default.

 

Configuring IS-IS GR

GR ensures forwarding continuity when a routing protocol restarts or an active/standby switchover occurs.

Two routers are required to complete a GR process. The following are router roles in a GR process.

·     GR restarter—Graceful restarting router. It must have GR capability.

·     GR helper—A neighbor of the GR restarter. It assists the GR restarter to complete the GR process. By default, the device acts as the GR helper.

Configure IS-IS GR on the GR restarter.

GR restarter uses the following timers:

·     T1 timer—Specifies the times that GR restarter can send a Restart TLV with the RR bit set. When rebooted, the GR restarter sends a Restart TLV with the RR bit set to its neighbor. If the GR restarter receives a Restart TLV with the RA set from its neighbor before the T1 timer expires, the GR process starts. Otherwise, the GR process fails.

·     T2 timer—Specifies the LSDB synchronization interval. Each LSDB has a T2 timer. The Level-1-2 router has a Level-1 timer and a Level-2 timer. If the LSDBs have not synchronized before the two timers expire, the GR process fails.

·     T3 timer—Specifies the GR interval. The GR interval is set as the holdtime in hello PDUs. Within the interval, the neighbors maintain their adjacency with the GR restarter. If the GR process has not completed within the holdtime, the neighbors tear down the neighbor relationship and the GR process fails.

 

	IMPORTANT: IS-IS GR and IS-IS NSR are mutually exclusive. Do not configure them at the same time.

 

To configure GR on the GR restarter:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enable IS-IS and enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Enable IS-IS GR.	graceful-restart	By default, the GR capability for IS-IS is disabled.
4.     (Optional.) Suppress the SA bit during restart.	graceful-restart suppress-sa	By default, the SA bit is not suppressed. By enabling the GR restarter to suppress the Suppress-Advertisement (SA) bit in the hello PDUs, the neighbors will still advertise their adjacency with the GR restarter.
5.     (Optional.) Configure the T1 timer.	graceful-restart t1 seconds count count	By default, the T1 timer is 3 seconds and can expire 10 times.
6.     (Optional.) Configure the T2 timer.	graceful-restart t2 seconds	By default, the T2 timer is 60 seconds.
7.     (Optional.) Configure the T3 timer.	graceful-restart t3 seconds	By default, the T2 timer is 300 seconds.

 

Configuring IS-IS NSR

After an active/standby switchover, the GR restarter obtains routing information from its neighbors, and the IS-IS process must learn all the routes. If the network topology changes during the switchover, removed routes cannot be updated to the device, which can result in blackhole routes.

NSR solves the problem by backing up IS-IS link state information from the active process to the standby process. After an active/standby switchover, NSR can complete link state recovery and route regeneration without requiring the cooperation of other devices.

 

	IMPORTANT: IS-IS NSR and IS-IS GR are mutually exclusive. Do not configure them at the same time.

 

To configure IS-IS NSR:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter IS-IS view.	isis [ process-id ] [ vpn-instance vpn-instance-name ]	N/A
3.     Enable IS-IS NSR.	non-stop-routing	By default, IS-IS NSR is disabled. IS-IS NSR takes effect on a per-process basis. As a best practice, enable NSR for each IS-IS process.

 

Configuring BFD for IS-IS

BFD provides a single mechanism to quickly detect and monitor the connectivity of links between IS-IS neighbors, reducing network convergence time. For more information about BFD, see High Availability Configuration Guide.

To configure BFD for IS-IS:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Enable IS-IS on an interface.	isis enable [ process-id ]	N/A
4.     Enable BFD on an IS-IS interface.	isis bfd enable	By default, an IS-IS interface is not enabled with BFD.

 

Configuring IS-IS FRR

A link or router failure on a path can cause packet loss and routing loop. IS-IS FRR enables fast rerouting to minimize the failover time.

Figure 8 Network diagram for IS-IS FRR

 

In Figure 8, after you enable FRR on Router B, IS-IS automatically calculates or designates a backup next hop when a link failure is detected. In this way, packets are directed to the backup next hop to reduce traffic recovery time. Meanwhile, IS-IS calculates the shortest path based on the new network topology, and forwards packets over the path after network convergence.

You can assign a backup next hop for IS-IS FRR through the following ways:

·     Enable IS-IS FRR to calculate a backup next hop through Loop Free Alternate (LFA) calculation.

·     Designate a backup next hop with a routing policy for routes matching specific criteria.

Configuration prerequisites

Before you configure IS-IS FRR, complete the following tasks:

·     Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.

·     Enable IS-IS.

Configuration guidelines

The LFA calculation of FRR and that of TE are mutually exclusive.

Configuration procedure

Configuring IS-IS FRR to calculate a backup next hop through LFA calculation

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     (Optional.) Disable LFA calculation on the interface.	isis fast-reroute lfa-backup exclude	By default, the interface participates in LFA calculation, and can be elected as a backup interface.
4.     Return to system view.	quit	N/A
5.     Enter IS-IS IPv4 unicast address family view.	a     isis [ process-id ] [ vpn-instance vpn-instance-name ] b     cost-style { wide | wide-compatible } c     address-family ipv4 [ unicast ]	N/A
6.     Enable IS-IS FRR to calculate a backup next hop through LFA calculation.	fast-reroute lfa	By default, IS-IS FRR is disabled.

 

Configuring IS-IS FRR using a routing policy

You can use the apply fast-reroute backup-interface command to specify a backup next hop in a routing policy for routes matching specific criteria. You can also perform this task to reference the routing policy for IS-IS FRR. For more information about the apply fast-reroute backup-interface command and routing policy configurations, see "Configuring routing policies."

To configure IS-IS FRR using a routing policy:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     (Optional.) Disable LFA calculation on the interface.	isis fast-reroute lfa-backup exclude	By default, the interface participates in LFA calculation, and can be elected as a backup interface.
4.     Return to system view.	quit	N/A
5.     Enter IS-IS IPv4 unicast address family view.	a     isis [ process-id ] [ vpn-instance vpn-instance-name ] b     cost-style { wide | wide-compatible } c     address-family ipv4 [ unicast ]	N/A
6.     Enable IS-IS FRR using a routing policy.	fast-reroute route-policy route-policy-name	By default, this feature is not enabled.

 

Enabling BFD for IS-IS FRR

By default, IS-IS FRR does not use BFD to detect primary link failures. To speed up IS-IS convergence, enable BFD for IS-IS FRR to detect primary link failures.

To enable BFD control packet mode for IS-IS FRR:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Enter interface view.	interface interface-type interface-number	N/A
3.     Enable BFD control packet mode for IS-IS FRR.	isis primary-path-detect bfd ctrl	By default, BFD control packet mode is disabled for IS-IS FRR.

 

To enable BFD echo packet mode for IS-IS FRR:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Configure the source IP address of BFD echo packets.	bfd echo-source-ip ip-address	By default, the source IP address of BFD echo packets is not configured. The source IP address cannot be on the same network segment as any local interface's IP address. For more information, see High Availability Command Reference.
3.     Enter interface view.	interface interface-type interface-number	N/A
4.     Enable BFD echo packet mode for IS-IS FRR.	isis primary-path-detect bfd echo	By default, BFD echo packet mode is disabled for IS-IS FRR.

 

Displaying and maintaining IS-IS

Execute display commands in any view and the reset command in user view.

 

Task	Command
Display IS-IS process information.	display isis [ process-id ]
(In standalone mode.) Display IS-IS GR log information.	display isis graceful-restart event-log slot slot-number
(In IRF mode.) Display IS-IS GR log information.	display isis graceful-restart event-log chassis chassis-number slot slot-number
Display the IS-IS GR status.	display isis graceful-restart status [ level-1 | level-2 ] [ process-id ]
Display IS-IS interface information.	display isis interface [ [ interface-type interface-number ] [ verbose ] | statistics ] [ process-id ]
Display IS-IS LSDB information.	display isis lsdb [ [ level-1 | level-2 ] | local | lsp-id lspid | [ lsp-name lspname ] | verbose ] * [ process-id ]
Display IS-IS mesh group information.	display isis mesh-group [ process-id ]
Display the host name to system ID mapping table.	display isis name-table [ process-id ]
(In standalone mode.) Display IS-IS NSR log information.	display isis non-stop-routing event-log slot slot-number
(In IRF mode.) Display IS-IS NSR log information.	display isis non-stop-routing event-log chassis chassis-number slot slot-number
Display the IS-IS NSR status.	display isis non-stop-routing status
Display IS-IS packet statistics.	display isis packet { csnp | hello | lsp | psnp } [ verbose ] [ interface-type interface-number ] [ process-id ]
Display IS-IS neighbor information.	display isis peer [ statistics | verbose ] [ process-id ]
Display IS-IS redistributed route information.	display isis redistribute [ ipv4 [ ip-address mask-length ] ] [ level-1 | level-2 ] [ process-id ]
Display IS-IS IPv4 routing information.	display isis route [ ipv4 [ ip-address mask-length ] ] [ [ level-1 | level-2 ] | verbose ] * [ process-id ]
Display IS-IS IPv4 topology information.	display isis spf-tree [ ipv4 ] [ [ level-1 | level-2 ] | verbose ] * [ process-id ]
Display IS-IS statistics.	display isis statistics [ ipv4 ] [ level-1 | level-1-2 | level-2 ] [ process-id ]
(In standalone mode.) Display OSI connection information.	display osi [ slot slot-number ]
(In IRF mode.) Display OSI connection information.	display osi [ chassis chassis-number slot slot-number ]
(In standalone mode.) Display OSI connection statistics.	display osi statistics [ slot slot-number ]
(In IRF mode.) Display OSI connection statistics.	display osi statistics [ chassis chassis-number slot slot-number ]
Clear IS-IS process data structure information.	reset isis all [ process-id ] [ graceful-restart ]
(In standalone mode.) Clear IS-IS GR log information.	reset isis graceful-restart event-log slot slot-number
(In IRF mode.) Clear IS-IS GR log information.	reset isis graceful-restart event-log chassis chassis-number slot slot-number
(In standalone mode.) Clear IS-IS NSR log information.	reset isis non-stop-routing event-log slot slot-number
(In IRF mode.) Clear IS-IS NSR log information.	reset isis non-stop-routing event-log chassis chassis-number slot slot-number
Clear IS-IS packet statistics.	reset isis packet [ csnp | hello | lsp | psnp ] by-interface [ interface-type interface-number ] [ process-id ]
Clear the data structure information of an IS-IS neighbor.	reset isis peer system-id [ process-id ]
Clear OSI connection statistics.	reset osi statistics

 

IS-IS configuration examples

Basic IS-IS configuration example

Network requirements

As shown in Figure 9, Switch A, Switch B, Switch C, and Switch D reside in an IS-IS AS.

Switch A and B are Level-1 switches, Switch D is a Level-2 switch, and Switch C is a Level-1-2 switch. Switch A, Switch B, and Switch C are in Area 10, and Switch D is in Area 20.

Figure 9 Network diagram

 

Configuration procedure

1.     Configure IP addresses for interfaces. (Details not shown.)

2.     Configure IS-IS:

# Configure Switch A.

<SwitchA> system-view

[SwitchA] isis 1

[SwitchA-isis-1] is-level level-1

[SwitchA-isis-1] network-entity 10.0000.0000.0001.00

[SwitchA-isis-1] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] isis enable 1

[SwitchA-Vlan-interface100] quit

# Configure Switch B.

<SwitchB> system-view

[SwitchB] isis 1

[SwitchB-isis-1] is-level level-1

[SwitchB-isis-1] network-entity 10.0000.0000.0002.00

[SwitchB-isis-1] quit

[SwitchB] interface vlan-interface 200

[SwitchB-Vlan-interface200] isis enable 1

[SwitchB-Vlan-interface200] quit

# Configure Switch C.

<SwitchC> system-view

[SwitchC] isis 1

[SwitchC-isis-1] network-entity 10.0000.0000.0003.00

[SwitchC-isis-1] quit

[SwitchC] interface vlan-interface 100

[SwitchC-Vlan-interface100] isis enable 1

[SwitchC-Vlan-interface100] quit

[SwitchC] interface vlan-interface 200

[SwitchC-Vlan-interface200] isis enable 1

[SwitchC-Vlan-interface200] quit

[SwitchC] interface vlan-interface 300

[SwitchC-Vlan-interface300] isis enable 1

[SwitchC-Vlan-interface300] quit

# Configure Switch D.

<SwitchD> system-view

[SwitchD] isis 1

[SwitchD-isis-1] is-level level-2

[SwitchD-isis-1] network-entity 20.0000.0000.0004.00

[SwitchD-isis-1] quit

[SwitchD] interface vlan-interface 100

[SwitchD-Vlan-interface100] isis enable 1

[SwitchD-Vlan-interface100] quit

[SwitchD] interface vlan-interface 300

[SwitchD-Vlan-interface300] isis enable 1

[SwitchD-Vlan-interface300] quit

Verifying the configuration

# Display the IS-IS LSDB on each switch to verify the LSPs.

[SwitchA] display isis lsdb

 

                       Database information for IS-IS(1)

                       ---------------------------------

 

                          Level-1 Link State Database

                          ---------------------------

 

LSPID                 Seq Num      Checksum   Holdtime   Length  ATT/P/OL

--------------------------------------------------------------------------

0000.0000.0001.00-00* 0x00000004   0xdf5e     1096       68      0/0/0

0000.0000.0002.00-00  0x00000004   0xee4d     1102       68      0/0/0

0000.0000.0002.01-00  0x00000001   0xdaaf     1102       55      0/0/0

0000.0000.0003.00-00  0x00000009   0xcaa3     1161       111     1/0/0

0000.0000.0003.01-00  0x00000001   0xadda     1112       55      0/0/0

 

    *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload

[SwitchB] display isis lsdb

 

                       Database information for IS-IS(1)

                       ---------------------------------

 

                          Level-1 Link State Database

                          ---------------------------

 

LSPID                 Seq Num      Checksum   Holdtime    Length  ATT/P/OL

--------------------------------------------------------------------------

0000.0000.0001.00-00  0x00000006   0xdb60     988         68      0/0/0

0000.0000.0002.00-00* 0x00000008   0xe651     1189        68      0/0/0

0000.0000.0002.01-00* 0x00000005   0xd2b3     1188        55      0/0/0

0000.0000.0003.00-00  0x00000014   0x194a     1190        111     1/0/0

0000.0000.0003.01-00  0x00000002   0xabdb     995         55      0/0/0

 

    *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload

[SwitchC] display isis lsdb

 

                       Database information for IS-IS(1)

                       ---------------------------------

 

                          Level-1 Link State Database

                          ---------------------------

 

LSPID                 Seq Num      Checksum   Holdtime    Length  ATT/P/OL

--------------------------------------------------------------------------

0000.0000.0001.00-00  0x00000006   0xdb60     847         68      0/0/0

0000.0000.0002.00-00  0x00000008   0xe651     1053        68      0/0/0

0000.0000.0002.01-00  0x00000005   0xd2b3     1052        55      0/0/0

0000.0000.0003.00-00* 0x00000014   0x194a     1051        111     1/0/0

0000.0000.0003.01-00* 0x00000002   0xabdb     854         55      0/0/0

 

    *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload

 

                          Level-2 Link State Database

                          ---------------------------

 

LSPID                 Seq Num      Checksum   Holdtime    Length  ATT/P/OL

--------------------------------------------------------------------------

0000.0000.0003.00-00* 0x00000012   0xc93c     842         100     0/0/0

0000.0000.0004.00-00  0x00000026   0x331      1173        84      0/0/0

0000.0000.0004.01-00  0x00000001   0xee95     668         55      0/0/0

 

    *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload

[SwitchD] display isis lsdb

 

                       Database information for IS-IS(1)

                       ---------------------------------

 

                          Level-2 Link State Database

                          ---------------------------

 

LSPID                 Seq Num      Checksum      Holdtime      Length  ATT/P/OL

-------------------------------------------------------------------------------

0000.0000.0003.00-00  0x00000013   0xc73d        1003          100     0/0/0

0000.0000.0004.00-00* 0x0000003c   0xd647        1194          84      0/0/0

0000.0000.0004.01-00* 0x00000002   0xec96        1007          55      0/0/0

 

    *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload

# Display the IS-IS routing information on each switch.

[SwitchA] display isis route

 

                         Route information for IS-IS(1)

                         ------------------------------

 

                         Level-1 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 10.1.1.0/24          10         NULL    Vlan100         Direct          D/L/-

 10.1.2.0/24          20         NULL    Vlan100         10.1.1.1        R/-/-

 192.168.0.0/24       20         NULL    Vlan100         10.1.1.1        R/-/-

 0.0.0.0/0            10         NULL    Vlan100         10.1.1.1        R/-/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

[SwitchC] display isis route

 

                         Route information for IS-IS(1)

                         ------------------------------

 

                         Level-1 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 192.168.0.0/24       10         NULL    Vlan300         Direct          D/L/-

 10.1.1.0/24          10         NULL    Vlan100         Direct          D/L/-

 10.1.2.0/24          10         NULL    Vlan200         Direct          D/L/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

 

                         Level-2 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 192.168.0.0/24       10         NULL                                    D/L/-

 10.1.1.0/24          10         NULL                                    D/L/-

 10.1.2.0/24          10         NULL                                    D/L/-

 172.16.0.0/16        20         NULL    Vlan300         192.168.0.2     R/-/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

[SwitchD] display isis route

 

                         Route information for IS-IS(1)

                         ------------------------------

 

                         Level-2 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 192.168.0.0/24       10         NULL    Vlan300         Direct          D/L/-

 10.1.1.0/24          20         NULL    Vlan300         192.168.0.1     R/-/-

 10.1.2.0/24          20         NULL    Vlan300         192.168.0.1     R/-/-

 172.16.0.0/16        10         NULL    Vlan100         Direct          D/L/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

The output shows that the routing table of Level-1 switches contains a default route with the next hop as the Level-1-2 switch. The routing table of Level-2 switch contains both routing information of Level-1 and Level-2.

DIS election configuration example

Network requirements

As shown in Figure 10, Switches A, B, C, and D reside in IS-IS area 10 on a broadcast network (Ethernet). Switch A and Switch B are Level-1-2 switches, Switch C is a Level-1 switch, and Switch D is a Level-2 switch.

Change the DIS priority of Switch A to make it elected as the Level-1-2 DIS router.

Figure 10 Network diagram

 

Configuration procedure

1.     Configure IP addresses for interfaces. (Details not shown.)

2.     Enable IS-IS:

# Configure Switch A.

<SwitchA> system-view

[SwitchA] isis 1

[SwitchA-isis-1] network-entity 10.0000.0000.0001.00

[SwitchA-isis-1] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] isis enable 1

[SwitchA-Vlan-interface100] quit

# Configure Switch B.

<SwitchB> system-view

[SwitchB] isis 1

[SwitchB-isis-1] network-entity 10.0000.0000.0002.00

[SwitchB-isis-1] quit

[SwitchB] interface vlan-interface 100

[SwitchB-Vlan-interface100] isis enable 1

[SwitchB-Vlan-interface100] quit

# Configure Switch C.

<SwitchC> system-view

[SwitchC] isis 1

[SwitchC-isis-1] network-entity 10.0000.0000.0003.00

[SwitchC-isis-1] is-level level-1

[SwitchC-isis-1] quit

[SwitchC] interface vlan-interface 100

[SwitchC-Vlan-interface100] isis enable 1

[SwitchC-Vlan-interface100] quit

# Configure Switch D.

<SwitchD> system-view

[SwitchD] isis 1

[SwitchD-isis-1] network-entity 10.0000.0000.0004.00

[SwitchD-isis-1] is-level level-2

[SwitchD-isis-1] quit

[SwitchD] interface vlan-interface 100

[SwitchD-Vlan-interface100] isis enable 1

[SwitchD-Vlan-interface100] quit

# Display information about IS-IS neighbors on Switch A.

[SwitchA] display isis peer

 

                          Peer information for IS-IS(1)

                          ----------------------------

  System Id: 0000.0000.0002

  Interface: Vlan-interface100       Circuit Id: 0000.0000.0003.01

  State: Up     HoldTime: 21s        Type: L1(L1L2)     PRI: 64

 

  System Id: 0000.0000.0003

  Interface: Vlan-interface100       Circuit Id: 0000.0000.0003.01

  State: Up     HoldTime: 27s        Type: L1           PRI: 64

 

  System Id: 0000.0000.0002

  Interface: Vlan-interface100       Circuit Id: 0000.0000.0004.01

  State: Up     HoldTime: 28s        Type: L2(L1L2)     PRI: 64

 

  System Id: 0000.0000.0004

  Interface: Vlan-interface100       Circuit Id: 0000.0000.0004.01

  State: Up     HoldTime: 30s        Type: L2          PRI: 64

# Display information about IS-IS interfaces on Switch A.

[SwitchA] display isis interface

 

                       Interface information for IS-IS(1)

                       ----------------------------------

 

  Interface:  Vlan-interface100

  Index     IPv4.State      IPv6.State     CircuitID   MTU   Type   DIS

  00001     Up              Down           1           1497  L1/L2  No/No

# Display information about IS-IS interfaces on Switch C.

[SwitchC] display isis interface

 

                       Interface information for IS-IS(1)

                       ----------------------------------

 

  Interface:  Vlan-interface100

  Index     IPv4.State      IPv6.State     CircuitID   MTU   Type   DIS

  00001     Up              Down           1           1497  L1/L2  Yes/No

# Display information about IS-IS interfaces on Switch D.

[SwitchD] display isis interface

 

                       Interface information for IS-IS(1)

                       ----------------------------------

 

  Interface:  Vlan-interface100

  Index     IPv4.State      IPv6.State     CircuitID   MTU   Type   DIS

  00001     Up              Down           1           1497  L1/L2  No/Yes

The output shows that when the default DIS priority is used, Switch C is the DIS for Level-1, and Switch D is the DIS for Level-2. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01.

#Configure the DIS priority of Switch A.

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] isis dis-priority 100

[SwitchA-Vlan-interface100] quit

# Display IS-IS neighbors on Switch A.

[SwitchA] display isis peer

 

                          Peer information for IS-IS(1)

                          ----------------------------

  System Id: 0000.0000.0002

  Interface: Vlan-interface100       Circuit Id: 0000.0000.0001.01

  State: Up     HoldTime: 21s        Type: L1(L1L2)     PRI: 64

 

  System Id: 0000.0000.0003

  Interface: Vlan-interface100       Circuit Id: 0000.0000.0001.01

  State: Up     HoldTime: 27s        Type: L1           PRI: 64

 

 

  System Id: 0000.0000.0002

  Interface: Vlan-interface100       Circuit Id: 0000.0000.0001.01

  State: Up     HoldTime: 28s        Type: L2(L1L2)     PRI: 64

 

  System Id: 0000.0000.0004

  Interface: Vlan-interface100       Circuit Id: 0000.0000.0001.01

  State: Up     HoldTime: 30s        Type: L2           PRI: 64

# Display information about IS-IS interfaces on Switch A.

[SwitchA] display isis interface

 

                       Interface information for IS-IS(1)

                       ----------------------------------

 

  Interface:  Vlan-interface100

  Index     IPv4.State      IPv6.State     CircuitID   MTU   Type   DIS

  00001     Up              Down           1           1497  L1/L2  Yes/Yes

The output shows that after the DIS priority configuration, Switch A becomes the DIS for Level-1-2, and the pseudonode is 0000.0000.0001.01.

# Display information about IS-IS neighbors and interfaces on Switch C.

[SwitchC] display isis peer

 

                          Peer information for IS-IS(1)

                          ----------------------------

  System Id: 0000.0000.0002

  Interface: Vlan-interface100       Circuit Id: 0000.0000.0001.01

  State: Up     HoldTime: 25s        Type: L1           PRI: 64

 

  System Id: 0000.0000.0001

  Interface:  Vlan-interface100       Circuit Id: 0000.0000.0001.01

  State: Up     HoldTime: 7s         Type: L1           PRI: 100

[SwitchC] display isis interface

 

                       Interface information for IS-IS(1)

                       ----------------------------------

 

  Interface: Vlan-interface100

  Index     IPv4.State      IPv6.State     CircuitID   MTU   Type   DIS

  00001     Up              Down           1           1497  L1/L2  No/No

# Display information about IS-IS neighbors and interfaces on Switch D.

[SwitchD] display isis peer

 

                          Peer information for IS-IS(1)

                          ----------------------------

  System Id: 0000.0000.0001

  Interface: Vlan-interface100       Circuit Id: 0000.0000.0001.01

  State: Up     HoldTime: 9s         Type: L2           PRI: 100

 

  System Id: 0000.0000.0002

  Interface: Vlan-interface100       Circuit Id: 0000.0000.0001.01

  State: Up     HoldTime: 28s        Type: L2           PRI: 64

[SwitchD] display isis interface

 

                       Interface information for IS-IS(1)

                       ----------------------------------

 

  Interface:  Vlan-interface100

  Index     IPv4.State      IPv6.State     CircuitID   MTU   Type   DIS

  00001     Up              Down           1           1497  L1/L2  No/No

IS-IS route redistribution configuration example

Network requirements

As shown in Figure 11, Switch A, Switch B, Switch C, and Switch D reside in the same AS. They use IS-IS to interconnect. Switch A and Switch B are Level-1 routers, Switch D is a Level-2 router, and Switch C is a Level-1-2 router.

Redistribute RIP routes into IS-IS on Switch D.

Figure 11 Network diagram

 

Configuration procedure

1.     Configure IP addresses for interfaces. (Details not shown.)

2.     Configure basic IS-IS:

# Configure Switch A.

<SwitchA> system-view

[SwitchA] isis 1

[SwitchA-isis-1] is-level level-1

[SwitchA-isis-1] network-entity 10.0000.0000.0001.00

[SwitchA-isis-1] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] isis enable 1

[SwitchA-Vlan-interface100] quit

# Configure Switch B.

<SwitchB> system-view

[SwitchB] isis 1

[SwitchB-isis-1] is-level level-1

[SwitchB-isis-1] network-entity 10.0000.0000.0002.00

[SwitchB-isis-1] quit

[SwitchB] interface vlan-interface 200

[SwitchB-Vlan-interface200] isis enable 1

[SwitchB-Vlan-interface200] quit

# Configure Switch C.

<SwitchC> system-view

[SwitchC] isis 1

[SwitchC-isis-1] network-entity 10.0000.0000.0003.00

[SwitchC-isis-1] quit

[SwitchC] interface vlan-interface 200

[SwitchC-Vlan-interface200] isis enable 1

[SwitchC-Vlan-interface200] quit

[SwitchC] interface vlan-interface 100

[SwitchC-Vlan-interface100] isis enable 1

[SwitchC-Vlan-interface100] quit

[SwitchC] interface vlan-interface 300

[SwitchC-Vlan-interface300] isis enable 1

[SwitchC-Vlan-interface300] quit

# Configure Switch D.

<SwitchD> system-view

[SwitchD] isis 1

[SwitchD-isis-1] is-level level-2

[SwitchD-isis-1] network-entity 20.0000.0000.0004.00

[SwitchD-isis-1] quit

[SwitchD] interface interface vlan-interface 300

[SwitchD-Vlan-interface300] isis enable 1

[SwitchD-Vlan-interface300] quit

[SwitchD] interface interface vlan-interface 400

[SwitchD-Vlan-interface400] isis enable 1

[SwitchD-Vlan-interface400] quit

# Display IS-IS routing information on each switch.

[SwitchA] display isis route

 

                         Route information for IS-IS(1)

                         ------------------------------

 

                         Level-1 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 10.1.1.0/24          10         NULL    VLAN100         Direct          D/L/-

 10.1.2.0/24          20         NULL    VLAN100         10.1.1.1        R/-/-

 192.168.0.0/24       20         NULL    VLAN100         10.1.1.1        R/-/-

 0.0.0.0/0            10         NULL    VLAN100         10.1.1.1        R/-/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

[SwitchC] display isis route

 

                         Route information for IS-IS(1)

                         ------------------------------

 

                         Level-1 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 10.1.1.0/24          10         NULL    VLAN100         Direct          D/L/-

 10.1.2.0/24          10         NULL    VLAN200         Direct          D/L/-

 192.168.0.0/24       10         NULL    VLAN300         Direct          D/L/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

 

                         Level-2 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 10.1.1.0/24          10         NULL                                    D/L/-

 10.1.2.0/24          10         NULL                                    D/L/-

 192.168.0.0/24       10         NULL                                    D/L/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

[SwitchD] display isis route

 

                         Route information for IS-IS(1)

                         ------------------------------

 

                         Level-2 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 192.168.0.0/24       10         NULL    VLAN300         Direct          D/L/-

 10.1.1.0/24          20         NULL    VLAN300         192.168.0.1     R/-/-

 10.1.2.0/24          20         NULL    VLAN300         192.168.0.1     R/-/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

3.     Run RIPv2 between Switch D and Switch E, and configure IS-IS to redistribute RIP routes on Switch D:

# Configure RIPv2 on Switch D.

[SwitchD] rip 1

[SwitchD-rip-1] network 10.0.0.0

[SwitchD-rip-1] version 2

[SwitchD-rip-1] undo summary

# Configure RIPv2 on Switch E.

[SwitchE] rip 1

[SwitchE-rip-1] network 10.0.0.0

[SwitchE-rip-1] version 2

[SwitchE-rip-1] undo summary

# Configure IS-IS to redistribute RIP routes on Switch D.

[SwitchD-rip-1] quit

[SwitchD] isis 1

[SwitchD–isis-1] address-family ipv4

[SwitchD–isis-1-ipv4] import-route rip level-2

# Display IS-IS routing information on Switch C.

[SwitchC] display isis route

 

                         Route information for IS-IS(1)

                         ------------------------------

 

                         Level-1 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 10.1.1.0/24          10         NULL    VLAN100         Direct          D/L/-

 10.1.2.0/24          10         NULL    VLAN200         Direct          D/L/-

 192.168.0.0/24       10         NULL    VLAN300         Direct          D/L/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

 

                         Level-2 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 10.1.1.0/24          10         NULL                                    D/L/-

 10.1.2.0/24          10         NULL                                    D/L/-

 192.168.0.0/24       10         NULL                                    D/L/-

 10.1.4.0/24          20         NULL    VLAN300         192.168.0.2     R/L/-

 10.1.5.0/24          10         0       VLAN300         192.168.0.2     R/L/-

 10.1.6.0/24          10         0       VLAN300         192.168.0.2     R/L/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

IS-IS authentication configuration example

Network requirements

As shown in Figure 12, Switch A, Switch B, Switch C, and Switch D reside in the same IS-IS routing domain. Run IS-IS among them.

Switch A, Switch B, and Switch C belong to Area 10, and Switch D belongs to Area 20.

·     Configure neighbor relationship authentication between neighbors.

·     Configure area authentication in Area 10 to prevent untrusted routes from entering into the area.

·     Configure routing domain authentication on Switch C and Switch D to prevent untrusted routes from entering the routing domain.

Figure 12 Network diagram

 

Configuration procedure

1.     Configure IP addresses for interfaces. (Details not shown.)

2.     Configure basic IS-IS:

# Configure Switch A.

<SwitchA> system-view

[SwitchA] isis 1

[SwitchA-isis-1] network-entity 10.0000.0000.0001.00

[SwitchA-isis-1] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] isis enable 1

[SwitchA-Vlan-interface100] quit

# Configure Switch B.

<SwitchB> system-view

[SwitchB] isis 1

[SwitchB-isis-1] network-entity 10.0000.0000.0002.00

[SwitchB-isis-1] quit

[SwitchB] interface vlan-interface 200

[SwitchB-Vlan-interface200] isis enable 1

[SwitchB-Vlan-interface200] quit

# Configure Switch C.

<SwitchC> system-view

[SwitchC] isis 1

[SwitchC-isis-1] network-entity 10.0000.0000.0003.00

[SwitchC-isis-1] quit

[SwitchC] interface vlan-interface 200

[SwitchC-Vlan-interface200] isis enable 1

[SwitchC-Vlan-interface200] quit

[SwitchC] interface vlan-interface 300

[SwitchC-Vlan-interface300] isis enable 1

[SwitchC-Vlan-interface300] quit

[SwitchC] interface vlan-interface 300

[SwitchC-Vlan-interface300] isis enable 1

[SwitchC-Vlan-interface300] quit

# Configure Switch D.

<SwitchD> system-view

[SwitchD] isis 1

[SwitchD-isis-1] network-entity 20.0000.0000.0001.00

[SwitchD-isis-1] quit

[SwitchD] interface vlan-interface 300

[SwitchD-Vlan-interface300] isis enable 1

[SwitchD-Vlan-interface300] quit

3.     Configure neighbor relationship authentication between neighbors:

# Set the authentication mode to MD5 and set the plaintext key to eRq on VLAN-interface 100 of Switch A and on VLAN-interface 100 of Switch C.

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] isis authentication-mode md5 plain eRg

[SwitchA-Vlan-interface100] quit

[SwitchC] interface vlan-interface 100

[SwitchC-Vlan-interface100] isis authentication-mode md5 plain eRg

[SwitchC-Vlan-interface100] quit

# Set the authentication mode to MD5 and set the plaintext key to t5Hr on VLAN-interface 200 of Switch B and on VLAN-interface 200 of Switch C.

[SwitchB] interface vlan-interface 200

[SwitchB-Vlan-interface200] isis authentication-mode md5 plain t5Hr

[SwitchB-Vlan-interface200] quit

[SwitchC] interface vlan-interface 200

[SwitchC-Vlan-interface200] isis authentication-mode md5 plain t5Hr

[SwitchC-Vlan-interface200] quit

# Set the authentication mode to MD5 and set the plaintext key to hSec on VLAN-interface 300 of Switch D and on VLAN-interface 300 of Switch C.

[SwitchC] interface vlan-interface 300

[SwitchC-Vlan-interface300] isis authentication-mode md5 plain hSec

[SwitchC-Vlan-interface300] quit

[SwitchD] interface vlan-interface 300

[SwitchD-Vlan-interface300] isis authentication-mode md5 plain hSec

[SwitchD-Vlan-interface300] quit

4.     Set the area authentication mode to MD5 and set the plaintext key to 10Sec on Switch A, Switch B, and Switch C.

[SwitchA] isis 1

[SwitchA-isis-1] area-authentication-mode md5 plain 10Sec

[SwitchA-isis-1] quit

[SwitchB] isis 1

[SwitchB-isis-1] area-authentication-mode md5 plain 10Sec

[SwitchB-isis-1] quit

[SwitchC] isis 1

[SwitchC-isis-1] area-authentication-mode md5 plain 10Sec

[SwitchC-isis-1] quit

5.     Set routing domain authentication mode to MD5 and set the plaintext key to 1020Sec on Switch C and Switch D.

[SwitchC] isis 1

[SwitchC-isis-1] domain-authentication-mode md5 plain 1020Sec

[SwitchC-isis-1] quit

[SwitchD] isis 1

[SwitchD-isis-1] domain-authentication-mode md5 plain 1020Sec

IS-IS GR configuration example

Network requirements

As shown in Figure 13, Switch A, Switch B, and Switch C belong to the same IS-IS routing domain.

Figure 13 Network diagram

 

Configuration procedure

1.     Configure IP addresses and subnet masks for interfaces. (Details not shown.)

2.     Configure IS-IS on the switches to make sure Switch A, Switch B, and Switch C can communicate with each other at layer 3 and dynamic route update can be implemented among them with IS-IS. (Details not shown.)

3.     Enable IS-IS GR on Switch A.

<SwitchA> system-view

[SwitchA] isis 1

[SwitchA-isis-1] graceful-restart

[SwitchA-isis-1] return

Verifying the configuration

# Restart the IS-IS process on Switch A.

<SwitchA> reset isis all 1 graceful-restart

Reset IS-IS process? [Y/N]:y

# Check the GR state of the IS-IS process on Switch A.

<SwitchA> display isis graceful-restart status

 

                        Restart information for IS-IS(1)

                        --------------------------------

Restart status: COMPLETE

Restart phase: Finish

Restart t1: 3, count 10; Restart t2: 60; Restart t3: 300

SA Bit: supported

 

                          Level-1 restart information

                          ---------------------------

Total number of interfaces: 1

Number of waiting LSPs: 0

 

                          Level-2 restart information

                          ---------------------------

Total number of interfaces: 1

Number of waiting LSPs: 0

IS-IS NSR configuration example

Network requirements

As shown in Figure 14, Switch S, Switch A, and Switch B belong to the same IS-IS routing domain.

·     Run IS-IS on all the switches to interconnect them with each other.

·     Enable IS-IS NSR on Switch S to ensure forwarding continuity between Switch A and Switch B when an active/standby switchover occurs on Switch S.

Figure 14 Network diagram

 

Configuration procedure

1.     Configure the IP addresses and subnet masks for interfaces on the switches. (Details not shown.)

2.     Configure IS-IS on the switches to make sure Switch S, Switch A, and Switch B can communicate with each other at Layer 3 and dynamic route update can be implemented among them with IS-IS. (Details not shown.)

3.     Enable IS-IS NSR on Switch S.

<SwitchS> system-view

[SwitchS] isis 1

[SwitchS-isis-1] non-stop-routing

[SwitchS-isis-1] return

Verifying the configuration

# Reoptimize process placement on Switch S to trigger an active/standby switchover.

<SwitchS> system-view

[SwitchS] placement reoptimize

Predicted changes to the placement

Program                           Current location       New location

---------------------------------------------------------------------

syslog                            0/0                    0/0

diagusageratio                    0/0                    0/0

l3vpn                             0/0                    0/0

fc                                0/0                    0/0

dns                               0/0                    0/0

lauth                             0/0                    0/0

aaa                               0/0                    0/0

lsm                               0/0                    0/0

rm                                0/0                    0/0

rm6                               0/0                    0/0

track                             0/0                    0/0

ip6addr                           0/0                    0/0

ipaddr                            0/0                    0/0

rpm                               0/0                    0/0

trange                            0/0                    0/0

tunnel                            0/0                    0/0

lagg                              0/0                    0/0

bfd                               0/0                    0/0

acl                               0/0                    0/0

slsp                              0/0                    0/0

usr6                              0/0                    0/0

usr                               0/0                    0/0

qos                               0/0                    0/0

fczone                            0/0                    0/0

ethbase                           0/0                    0/0

ipcim                             0/0                    0/0

ip6base                           0/0                    0/0

ipbase                            0/0                    0/0

eth                               0/0                    0/0

eviisis                           0/0                    0/0

ifnet                             NA                     NA

isis                              0/0                    1/0

Continue? [y/n]:y

Re-optimization of the placement start. You will be notified on completion

Re-optimization of the placement complete. Use 'display placement' to view the new placement

# During the switchover period, display IS-IS neighbor information on Switch A to verify the neighborship between Switch A and Switch S.

<SwitchA> display isis peer

 

                         Peer information for IS-IS(1)

                         ----------------------------

 

 System Id: 0000.0000.0001

 Interface: vlan100                 Circuit Id: 0000.0000.0001.01

 State: Up     HoldTime:  25s       Type: L1(L1L2)     PRI: 64

 

 System Id: 0000.0000.0001

 Interface: vlan100                 Circuit Id: 0000.0000.0001.01

 State: Up     HoldTime:  27s       Type: L2(L1L2)     PRI: 64

# Display IS-IS routing information on Switch A to verify that Switch A has a route to the loopback interface of Switch B.

<SwitchA> display isis route

 

                         Route information for IS-IS(1)

                         -----------------------------

 

                         Level-1 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 12.12.12.0/24        10         NULL    vlan100         Direct          D/L/-

 22.22.22.22/32       10         NULL    Loop0           Direct          D/-/-

 14.14.14.0/32        10         NULL    vlan100         12.12.12.2      R/L/-

 44.44.44.44/32       10         NULL    vlan100         12.12.12.2      R/L/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

 

                         Level-2 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 12.12.12.0/24        10         NULL    vlan100         Direct          D/L/-

 22.22.22.22/32       10         NULL    Loop0           Direct          D/-/-

 14.14.14.0/32        10         NULL

 44.44.44.44/32       10         NULL

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

# Display IS-IS neighbor information on Switch B to verify the neighborship between Switch B and Switch S.

<SwitchB> display isis peer

 

                         Peer information for IS-IS(1)

                         ----------------------------

 

 System Id: 0000.0000.0001

 Interface: vlan200                 Circuit Id: 0000.0000.0001.01

 State: Up     HoldTime:  25s       Type: L1(L1L2)     PRI: 64

 

 System Id: 0000.0000.0001

 Interface: vlan200                 Circuit Id: 0000.0000.0001.01

 State: Up     HoldTime:  27s       Type: L2(L1L2)     PRI: 64

# Display IS-IS routing information on Switch B to verify that Switch B has a route to the loopback interface of Switch A.

<SwitchB> display isis route

 

                         Route information for IS-IS(1)

                         -----------------------------

 

                         Level-1 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 14.14.14.0/24        10         NULL    vlan200         Direct          D/L/-

 44.44.44.44/32       10         NULL    Loop0           Direct          D/-/-

 12.12.12.0/32        10         NULL    vlan200         14.14.14.4      R/L/-

 22.22.22.22/32       10         NULL    vlan200         14.14.14.4      R/L/-

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

 

                         Level-2 IPv4 Forwarding Table

                         -----------------------------

 

 IPv4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags

-------------------------------------------------------------------------------

 14.14.14.0/24        10         NULL    vlan200         Direct          D/L/-

 44.44.44.44/32       10         NULL    Loop0           Direct          D/-/-

 12.12.12.0/32        10         NULL

 22.22.22.22/32       10         NULL

 

      Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

The output shows that the neighbor information and routing information on Switch A and Switch B have not changed during the active/standby switchover on Switch S. The neighbors are unaware of the switchover.

BFD for IS-IS configuration example

Network requirements

·     As shown in Figure 15, run IS-IS on Switch A, Switch B and Switch C so that can reach each other at the network layer.

·     After the link over which Switch A and Switch B communicate through the Layer-2 switch fails, BFD can quickly detect the failure and notify IS-IS of the failure. Switch A and Switch B then communicate through Switch C.

Figure 15 Network diagram

 

Table 4 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Switch A	Vlan-int10	10.1.0.102/24	Switch B	Vlan-int10	10.1.0.100/24
	Vlan-int11	11.1.1.1/24		Vlan-int13	13.1.1.1/24
	Loop0	121.1.1.1/32		Loop0	120.1.1.1/32
Switch C	Vlan-int11	11.1.1.2/24
	Vlan-int13	13.1.1.2/24

 

Configuration procedure

1.     Configure IP addresses for interfaces. (Details not shown.)

2.     Configure basic IS-IS:

# Configure Switch A.

<SwitchA> system-view

[SwitchA] isis

[SwitchA-isis-1] network-entity 10.0000.0000.0001.00

[SwitchA-isis-1] quit

[SwitchA] interface loopback 0

[SwitchA-LoopBack0] isis enable

[SwitchA-LoopBack0] quit

[SwitchA] interface vlan-interface 10

[SwitchA-Vlan-interface10] isis enable

[SwitchA-Vlan-interface10] quit

[SwitchA] interface vlan-interface 11

[SwitchA-Vlan-interface11] isis enable

[SwitchA-Vlan-interface11] quit

# Configure Switch B.

<SwitchB> system-view

[SwitchB] isis

[SwitchB-isis-1] network-entity 10.0000.0000.0002.00

[SwitchB-isis-1] quit

[SwitchB] interface loopback 0

[SwitchB-LoopBack0] isis enable

[SwitchB-LoopBack0] quit

[SwitchB] interface vlan-interface 10

[SwitchB-Vlan-interface10] isis enable

[SwitchB-Vlan-interface10] quit

[SwitchB] interface vlan-interface 13

[SwitchB-Vlan-interface13] isis enable

[SwitchB-Vlan-interface13] quit

# Configure Switch C.

<SwitchC> system-view

[SwitchC] isis

[SwitchC-isis-1] network-entity 10.0000.0000.0003.00

[SwitchC-isis-1] quit

[SwitchC] interface vlan-interface 11

[SwitchC-Vlan-interface11] isis enable

[SwitchC-Vlan-interface11] quit

[SwitchC] interface vlan-interface 13

[SwitchC-Vlan-interface13] isis enable

[SwitchC-Vlan-interface13] quit

3.     Configure BFD functions:

# Enable BFD and configure BFD parameters on Switch A.

[SwitchA] bfd session init-mode passive

[SwitchA] interface vlan-interface 10

[SwitchA-Vlan-interface10] isis bfd enable

[SwitchA-Vlan-interface10] bfd min-receive-interval 500

[SwitchA-Vlan-interface10] bfd min-transmit-interval 500

[SwitchA-Vlan-interface10] bfd detect-multiplier 7

# Enable BFD and configure BFD parameters on Switch B.

[SwitchB] bfd session init-mode active

[SwitchB] interface vlan-interface 10

[SwitchB-Vlan-interface10] isis bfd enable

[SwitchB-Vlan-interface10] bfd min-receive-interval 500

[SwitchB-Vlan-interface10] bfd min-transmit-interval 500

[SwitchB-Vlan-interface10] bfd detect-multiplier 8

[SwitchB-Vlan-interface10] return

Verifying the configuration

# Display the BFD session information on Switch A.

<SwitchA> display bfd session

 

 Total Session Num: 1     Up Session Num: 1     Init Mode: Active

 

 IPv4 Session Working Under Ctrl Mode:

 

 LD/RD          SourceAddr      DestAddr        State    Holdtime    Interface

 3/1            192.168.0.102   192.168.0.100   Up       1700ms      Vlan10

# Display routes destined for 120.1.1.1/32 on Switch A.

<SwitchA> display ip routing-table 120.1.1.1 verbose

 

Summary Count : 1

 

Destination: 120.1.1.1/32

   Protocol: IS_L1             

 Process ID: 1

  SubProtID: 0x1                     Age: 04h20m37s

       Cost: 10               Preference: 10

      IpPre: N/A              QosLocalID: N/A

        Tag: 0                     State: Active Adv

  OrigTblID: 0x0                 OrigVrf: default-vrf

    TableID: 0x2                  OrigAs: 0

      NibID: 0x26000002           LastAs: 0

     AttrID: 0xffffffff         Neighbor: 0.0.0.0

      Flags: 0x1008c         OrigNextHop: 192.168.0.100

      Label: NULL            RealNextHop: 192.168.0.100

    BkLabel: NULL              BkNextHop: N/A

  Tunnel ID: Invalid           Interface: Vlan-interface10

BkTunnel ID: Invalid         BkInterface: N/A

   FtnIndex: 0x0            TrafficIndex: N/A

  Connector: N/A

The output shows that Switch A and Switch B communicate through VLAN-interface 10. Then the link over VLAN-interface 10 fails.

# Display routes destined for 120.1.1.1/32 on Switch A.

<SwitchA> display ip routing-table 120.1.1.1 verbose

 

Summary Count : 1

 

Destination: 120.1.1.1/32

   Protocol: IS_L1             

 Process ID: 1

  SubProtID: 0x1                     Age: 04h20m37s

       Cost: 20               Preference: 10

      IpPre: N/A              QosLocalID: N/A

        Tag: 0                     State: Active Adv

  OrigTblID: 0x0                 OrigVrf: default-vrf

    TableID: 0x2                  OrigAs: 0

      NibID: 0x26000002           LastAs: 0

     AttrID: 0xffffffff         Neighbor: 0.0.0.0

      Flags: 0x1008c         OrigNextHop: 10.1.1.100

      Label: NULL            RealNextHop: 10.1.1.100

    BkLabel: NULL              BkNextHop: N/A

  Tunnel ID: Invalid           Interface: Vlan-interface11

BkTunnel ID: Invalid         BkInterface: N/A

   FtnIndex: 0x0            TrafficIndex: N/A

  Connector: N/A

The output shows that Switch A and Switch B communicate through VLAN-interface 11.

IS-IS FRR configuration example

Network requirements

As shown in Figure 16, Switch A, Switch B, and Switch C belong to the same IS-IS routing domain. Configure IS-IS FRR so that when the Link A fails, traffic can be switched to Link B immediately.

Figure 16 Network diagram

 

Table 5 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Switch A	Vlan-int100	12.12.12.1/24	Switch B	Vlan-int101	24.24.24.4/24
	Vlan-int200	13.13.13.1/24		Vlan-int200	13.13.13.2/24
	Loop0	1.1.1.1/32		Loop0	4.4.4.4/32
Switch C	Vlan-int100	12.12.12.2/24
	Vlan-int101	24.24.24.2/24

 

Configuration procedure

1.     Configure IP addresses and subnet masks for interfaces on the switches. (Details not shown.)

2.     Configure IS-IS on the switches to make sure Switch A, Switch B, and Switch C can communicate with each other at Layer 3. (Details not shown.)

3.     Configure IS-IS FRR:

Enable IS-IS FRR to calculate a backup next hop through LFA calculation, or designate a backup next hop by using a referenced routing policy.

¡     (Method 1.) Enable IS-IS FRR to calculate a backup next hop through LFA calculation:

# Configure Switch A.

<SwitchA> system-view

[SwitchA] isis 1

[SwitchA-isis-1] address-family ipv4

[SwitchA-isis-1-ipv4] fast-reroute lfa

[SwitchA-isis-1-ipv4] quit

[SwitchA-isis-1] quit

# Configure Switch B.

<SwitchB> system-view

[SwitchB] isis 1

[SwitchB-isis-1] address-family ipv4

[SwitchB-isis-1-ipv4] fast-reroute lfa

[SwitchB-isis-1-ipv4] quit

[SwitchB-isis-1] quit

¡     (Method 2.) Enable IS-IS FRR to designate a backup next hop by using a referenced routing policy:

# Configure Switch A.

<SwitchA> system-view

[SwitchA] ip prefix-list abc index 10 permit 4.4.4.4 32

[SwitchA] route-policy frr permit node 10

[SwitchA-route-policy-frr-10] if-match ip address prefix-list abc

[SwitchA-route-policy-frr-10] apply fast-reroute backup-interface vlan-interface 100 backup-nexthop 12.12.12.2

[SwitchA-route-policy-frr-10] quit

[SwitchA] isis 1

[SwitchA-isis-1] address-family ipv4

[SwitchA-isis-1-ipv4] fast-reroute route-policy frr

[SwitchA-isis-1-ipv4] quit

[SwitchA-isis-1] quit

# Configure Switch B.

<SwitchB> system-view

[SwitchB] ip prefix-list abc index 10 permit 1.1.1.1 32

[SwitchB] route-policy frr permit node 10

[SwitchB-route-policy-frr-10] if-match ip address prefix-list abc

[SwitchB-route-policy-frr-10] apply fast-reroute backup-interface vlan-interface 101 backup-nexthop 24.24.24.2

[SwitchB-route-policy-frr-10] quit

[SwitchB] isis 1

[SwitchB-isis-1] address-family ipv4

[SwitchB-isis-1-ipv4] fast-reroute route-policy frr

[SwitchB-isis-1-ipv4] quit

[SwitchB-isis-1] quit

Verifying the configuration

# Display route 4.4.4.4/32 on Switch A to view the backup next hop information.

[SwitchA] display ip routing-table 4.4.4.4 verbose

 

Summary Count : 1

 

Destination: 4.4.4.4/32

   Protocol: IS_L1             

 Process ID: 1

  SubProtID: 0x1                     Age: 04h20m37s

       Cost: 10               Preference: 10

      IpPre: N/A              QosLocalID: N/A

        Tag: 0                     State: Active Adv

  OrigTblID: 0x0                 OrigVrf: default-vrf

    TableID: 0x2                  OrigAs: 0

      NibID: 0x26000002           LastAs: 0

     AttrID: 0xffffffff         Neighbor: 0.0.0.0

      Flags: 0x1008c         OrigNextHop: 13.13.13.2

      Label: NULL            RealNextHop: 13.13.13.2

    BkLabel: NULL              BkNextHop: 12.12.12.2

  Tunnel ID: Invalid           Interface: Vlan-interface200

BkTunnel ID: Invalid         BkInterface: Vlan-interface100

   FtnIndex: 0x0            TrafficIndex: N/A

  Connector: N/A

# Display route 1.1.1.1/32 on Switch B to view the backup next hop information.

[SwitchB] display ip routing-table 1.1.1.1 verbose

 

Summary Count : 1

 

Destination: 1.1.1.1/32

   Protocol: IS_L1             

 Process ID: 1

  SubProtID: 0x1                     Age: 04h20m37s

       Cost: 10               Preference: 10

      IpPre: N/A              QosLocalID: N/A

        Tag: 0                     State: Active Adv

  OrigTblID: 0x0                 OrigVrf: default-vrf

    TableID: 0x2                  OrigAs: 0

      NibID: 0x26000002           LastAs: 0

     AttrID: 0xffffffff         Neighbor: 0.0.0.0

      Flags: 0x1008c         OrigNextHop: 13.13.13.1

      Label: NULL            RealNextHop: 13.13.13.1

    BkLabel: NULL              BkNextHop: 24.24.24.2

  Tunnel ID: Invalid           Interface: Vlan-interface200

BkTunnel ID: Invalid         BkInterface: Vlan-interface101

   FtnIndex: 0x0            TrafficIndex: N/A

  Connector: N/A