Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 4: Intermediate System To Intermediate System

Copyright © 2001, Juniper Networks, Inc.

Release 5.1, Revision 0

Advanced Juniper Networks Routing

Module 4: Intermediate System

To Intermediate System (IS-IS)


Module Objectives

Review the basic components and functionality of the IS-IS Protocol

Take a look at the IS-IS addressing schemes and the different topology levels

Discuss neighbor adjacency formations Configure IS-IS on a Juniper Networks router


IS-IS PDUs

IS-IS exchanges protocol information using protocol data units (PDUs)– IS-IS hello (IIH) PDUs– Link-state PDUs (LSPs)– Sequence Number Packets (SNP)

Complete sequence number PDUs (CSNPs)

Partial sequence number PDUs (PSNPs)

IS-IS hello (IIH) PDUs– Broadcast to discover identity of neighboring IS-IS systems– Determine whether neighbors are Level 1 or Level 2 intermediate

systems

Link-state PDUs (LSPs)– Describes the state of adjacencies in neighboring IS-IS systems– Flooded periodically throughout an area


IS-IS PDU Format

Describes the state of adjacencies in neighboring IS-IS systems

Flooded periodically throughout an area Contains multiple type, length, value (TLV) segments

Protocolidentifier

Headerlength

VersionID

lengthPDUtype

Version ReservedMaximum

areaaddress

1 1 1 1 1 1 1 1

Field length,in bytes

PDUlength

Remaininglifetime

LSP IDSequencenumber

ChecksumP, ATT, & IS Type

BitsTLVs

2 2 8 4 2 1 Variable


IS-IS PDU Notes

PDU type field denotes a L1 or L2 PDU– Level 1 PDU = 18– Level 2 PDU = 20

ATT bit is set if IS is connected to another area OL bit is set is the link-state database is overloaded IS Type bits determine a L1 or L2 router

– Level 1 router = 1– Level 2 router = 3

TLVs populate the LSDB– Level 1 PDU = 1, 2, 10, 22, 128, 129, 132, 134, 135, 137, 222,

229, 232, 235, 236– Level 2 PDU = 1, 2, 10, 22, 128, 129, 130, 132, 134, 135, 137,

222, 229, 232, 235, 236


PDU TLVs

TLVs are added to LSPs as needed– TLV 1 = Area Address– TLV 2 = IS reachability– TLV 10 = Authentication– TLV 22 = Extended IS reachability– TLV 128 = IP internal reachability– TLV 129 = Protocols supported– TLV 130 = IP external reachability– TLV 132 = IP interface address– TLV 134 = TE IP router ID– TLV 135 = Extended IP reachability– TLV 137 = Dynamic hostname resolution

Multiple topologies (routing instances) are supported– TLVs 222, 229, and 235

IPv6 is supported via TLVs 232 and 236


Level 2 PDU Headers

user@host> show isis database extensive

Tokyo.00-00 Sequence: 0x6, Checksum: 0xcf2c, Lifetime: 1190 secs

Header: LSP id: Tokyo.00-00, Length: 218 bytes Allocated length: 218 bytes, Router ID: 192.168.24.1 Remaining lifetime: 1190 secs, Level: 2,Interface: 4 Estimated free bytes: 0, Actual free bytes: 0 Aging timer expires in: 1190 secs Protocols: IP

Packet: LSP id: Tokyo.00-00, Length: 218 bytes, Lifetime : 1198 secs Checksum: 0xcf2c, Sequence: 0x6, Attributes: 0x3 <L1 L2> NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes Packet type: 20, Packet version: 1, Max area: 0


Level 2 PDU TLVsuser@host> show isis database extensive

TLVs: Area address: 49.4949 (3) Speaks: IP Speaks: IPv6 IP router id: 192.168.24.1 IP address: 192.168.24.1 Hostname: Tokyo IS neighbor: HongKong.00, Internal, Metric: default 10 IS neighbor: London.00, Internal, Metric: default 10 IS neighbor: HongKong.00, Metric: default 10 IP address: 10.222.28.2 Neighbor's IP address: 10.222.28.1 IS neighbor: London.00, Metric: default 10 IP address: 10.222.4.1 Neighbor's IP address: 10.222.4.2 IP prefix: 10.222.4.0/24, Internal, Metric: default 10 IP prefix: 10.222.28.0/24, Internal, Metric: default 10 IP prefix: 192.168.24.1/32, Internal, Metric: default 0 IP prefix: 10.222.4.0/24 metric 10 up IP prefix: 10.222.28.0/24 metric 10 up IP prefix: 192.168.24.1/32 metric 0 up IP external prefix: 192.168.25.0/24, Internal, Metric: default 20 IP prefix: 192.168.25.0/24 metric 20 up No queued transmissions

TLV 1

TLV 129

TLV 134

TLV 137

TLV 2

TLV 128

TLV 130

TLV 132


Sample IS-IS Database

user@host> show isis database

IS-IS level 1 link-state database:LSP ID Sequence Checksum Lifetime AttributesHongKong.00-00 0x8 0xcc42 957 L1 L2 AttachedSanJose.00-00 0x9 0xbdfa 1055 L1Montreal.00-00 0x7 0x54d2 500 L1Montreal.02-00 0x4 0xdddb 677 L1 4 LSPs

IS-IS level 2 link-state database:LSP ID Sequence Checksum Lifetime AttributesHongKong.00-00 0x6 0xa5a1 1102 L1 L2Tokyo.00-00 0x9 0xc92f 909 L1 L2London.00-00 0x6 0xd7d2 1109 L1 L2 3 LSPs


LSP Flooding Scopes

Area 49.1111 Area 49.2222 Area 49.3333

ExternalRoutes

Area 49.1111L2 PDU

Area 49.1111L1 PDU

L1L2

L1L2

L1L2 L1L2

L1L2

L1L2L1L2

L1L2

Area 49.2222L1 PDU

Area 49.3333L1 PDU

Area 49.2222L2 PDU

Area 49.3333L2 PDU

Area 49.1111L2 PDU

Area 49.2222L2 PDU

Area 49.3333L2 PDU

Area 49.1111L2 PDU

Area 49.2222L2 PDU

Area 49.3333L2 PDU


IS-IS Cost

Cost of an interface indicates the overhead required to send packets out a particular interface

Default IS-IS cost for all links is 10 Cost can be set on a per interface basis

– Each level on an interface can also have a different cost

[edit protocols]user@host# show isis { interface so-0/0/0.0 { level 2 metric 10; level 1 metric 20; } interface ge-0/1/0.0 { level 2 metric 5; }}


Reference Bandwidth

The interface cost can be changed to use the formula reference-bandwidth/bandwidth– Automatically alters the cost of interfaces– Allows for a consistent change across all interfaces

Use the reference-bandwidth command within [edit protocols isis]

[edit protocols isis]user@host# set reference-bandwidth 1g

[edit protocols isis]user@host# show isis { reference-bandwidth 1g; interface so-0/0/0.0; interface ge-0/1/0.0;}


IS-IS Wide Metrics

The maximum metric supported on an individual interface is 63

All values advertised in an LSP that have a higher value are interpreted as a metric of 63

The use of wide metrics allows for a maximum value of 16,777,215– Configured for an entire level

[edit protocols isis]user@host# set level 2 wide-metrics-only

[edit protocols isis]user@host# show isis { level 2 { wide-metrics-only; } interface so-0/0/0.0; interface ge-0/1/0.0;}


Effects of Altering Metrics

Metric values are advertised via the TLV values within a LSP and populate link-state database

As each router runs SPF algorithm, each LSP is examined individually for cost of outgoing interface– That cost is used in the final metric calculation

Routers can disagree about the cost on a network link– HongKong sees a cost of 45 to reach Amsterdam– Amsterdam sees a cost of 60 to reach HongKong

HongKong SanJose Montreal Amsterdam

5 10 15 20 25 30


IS-IS Authentication

Authentication can occur within multiple places– Link-state PDUs and sequence number packets within:

The entire domain

A single IS-IS level 1 area

A single IS-IS level 2 area

– IS-IS Hello packets: On a specific interface

Three authentication types are supported– None (default)– Simple– MD5

MD5 includes an encrypted checksum with all packets– Provides better security than type simple


Authentication Configuration

[edit protocols isis]user@host# show /* This is for the entire IS-IS Domain */authentication-key "$9$bssYomPQ69pkq39puhc8X7V2a"; # SECRET-DATAauthentication-type md5;level 2 { /* This is for the entire IS-IS Level */ authentication-key "$9$dXVYoDjqQ39gomTz6CAvW8X-ViHmFnCDi1h"; # SECRET-DATA authentication-type simple;}interface so-0/0/0.0 { /* This is for all hellp packets on this interface */ hello-authentication-key "$9$1sEEclws4JUH-db2oGq.Ctp01h7NbgaU"; # SECRET-DATA hello-authentication-type md5;}

More specific level authentication references take precedence over global settings

Comments are made with the annotate command


Authentication Issues

Hello authentication only secures IS-IS Hello packets– Determines whether an adjacency forms between 2 routers

Global or level authentication secures:– LSP packets– CSNP packets– PSP packets– IS-IS Hello packets

Authentication for LSPs allows other routers to read the TLV values and use that information in the SPF calculation

The authentication check can be disabled with the no-authentication-check command– Useful for migration purposes


Mesh Groups

IS-IS LSPs are flooded to all neighbors by default Certain physical topologies make this unnecessary

– Amsterdam will receive 3 copies of the same LSP

Once configured, the group members will not re-flood LSPs within the group

HongKong

SanJose

Montreal

Amsterdam


Mesh Group Configuration

Each interface is configured with a group number– 32-bit numbers can be different on separate interfaces

To prevent an interface from flooding any LSPs, the keyword blocked can be used

[edit protocols]user@host# show isis { interface so-0/0/0.0 { mesh-group 2; } interface ge-0/1/0.0 { mesh-group 1; } interface at-0/2/0.100 { mesh-group blocked; }}


Overload Bit

Used to advertise information to neighbors, but not be used for transit traffic– Other routers ignore the LSP during SPF calculation

Can be set permanently or with a timeout value– Timer is between 60 and 1800 seconds– Timer only runs after RPD starts

[edit protocols]user@host# show isis { overload; interface so-0/0/0.0; interface ge-0/1/0.0;}

user@host> show isis databaseIS-IS level 2 link-state database:LSP ID Sequence Checksum Lifetime AttributesRouter-1.00-00 0x36f 0x8cf7 1007 L1 L2host.00-00 0x37f 0x4c3a 1067 L1 L2 Overload


CSNP Interval

CSNP packets are sent on a LAN interface every 10 seconds if you are the DIS

Can be altered on a per interface basis– Value can be between 1 and 65,535 seconds

[edit]user@host# run show isis interface detail IS-IS interface database:ge-0/2/0.0 Index: 3, State: 0x6, Circuit id: 0x2, Circuit type: 2 LSP interval: 100 ms, CSNP interval: 10 s Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router 2 1 64 10 3 9 SanJose.02 (us)

[edit]user@host# set protocols isis interface ge-0/2/0 csnp-interval 40

[edit]user@host# run show isis interface detail IS-IS interface database:ge-0/2/0.0 Index: 3, State: 0x6, Circuit id: 0x2, Circuit type: 2 LSP interval: 100 ms, CSNP interval: 40 s Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router 2 1 64 10 3 9 SanJose.02 (us)


IS-IS Configuration

Configured at the [edit protocols] hierarchy level List each interface separately

– Loopback 0 must be explicitly configured

protocols { isis { interface <interface-name>; interface <interface-name>; interface <interface-name>; }}


Review Questions

Documents

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 4: Intermediate System To Intermediate System