advertisement
Configuring IS-IS
This chapter describes how to configure IS-IS for IPv4 networks.
Overview
Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the ISO to operate on the connectionless network protocol (CLNP).
IS-IS was modified and extended in RFC 1195 by the IETF for application in both TCP/IP and OSI reference models, called "Integrated IS-IS" or "Dual IS-IS."
IS-IS is an IGP used within an AS. It uses the SPF algorithm for route calculation.
Terminology
•
Intermediate system—Similar to a router in TCP/IP, IS is the basic unit used in an IS-IS routing domain to generate and propagate routing information. Throughout this chapter, an IS refers to a router.
• End system—Similar to a host in TCP/IP, an ES does not run IS-IS. ISO defines the ES-IS protocol for communication between an ES and an IS.
•
Routing domain—An RD comprises a group of ISs that exchange routing information with each other by using the same routing protocol.
•
Area—An IS-IS routing domain can be split into multiple areas.
•
Link State Database—All link states in the network form the LSDB. Each IS has at least one LSDB. An
IS uses the SPF algorithm and LSDB to generate IS-IS routes.
• Link State Protocol Data Unit or Link State Packet —An IS advertises link state information in an LSP.
•
Network Protocol Data Unit—An NPDU is a network layer protocol packet in OSI, similar to an IP packet in TCP/IP.
• Designated IS—A DIS is elected on a broadcast network.
• Network service access point—An NSAP is an OSI network layer address. The NSAP identifies an abstract network service access point and describes the network address format in the OSI reference model.
IS-IS address format
NSAP
, an NSAP address comprises the Initial Domain Part (IDP) and the Domain
Specific Part (DSP). The IDP is analogous to the network ID of an IP address, and the DSP is analogous to the subnet and host ID.
The IDP includes the Authority and Format Identifier (AFI) and the Initial Domain Identifier (IDI).
The DSP includes:
• High Order Part of DSP (HO-DSP)—Identifies the area.
• System ID—Identifies the host.
108
• SEL—Identifies the type of service.
The IDP and DSP are variable in length. The length of an NSAP address ranges from 8 bytes to 20 bytes.
Figure 30 NSAP address format
Area address
The area address comprises the IDP and the HO-DSP of the DSP, which identify the area and the routing domain. Different routing domains cannot have the same area address.
Typically, a router only needs one area address, and all nodes in the same area must have the same area address. To support smooth area merging, partitioning, and switching, a router can have a maximum of three area addresses.
System ID
A system ID uniquely identifies a host or router. It has a fixed length of 48 bits (6 bytes).
The system ID of a device can be generated from the router ID. For example, suppose a router uses the
IP address 168.10.1.1 of Loopback 0 as the router ID. The system ID can be obtained in the following steps:
1.
Extend each decimal number of the IP address to three digits by adding 0s from the left, such as
168.010.001.001.
2.
Divide the extended IP address into three sections that each has four digits to get the system ID
1680.1000.1001.
If you use other methods to define a system ID, make sure that it can uniquely identify the host or router.
SEL
The N-SEL, or the NSAP selector (SEL), is similar to the protocol identifier in IP. Different transport layer protocols correspond to different SELs. All SELs in IP are 00.
Routing method
The IS-IS address format identifies the area, so a Level-1 router can easily identify packets destined to other areas. IS-IS routers perform routing as follows:
•
A Level-1 router performs intra-area routing according to the system ID. If the destination address of a packet does not belong to the local area, the Level-1 router forwards it to the nearest Level-1-2 router.
• A Level-2 router performs inter-area routing according to the area address.
NET
A network entity title (NET) identifies the network layer information of an IS. It does not include transport layer information. A NET is a special NSAP address with the SEL being 0. The length of a NET ranges from 8 bytes to 20 bytes, same as a NSAP address.
A NET includes the following parts:
• Area ID—Has a length of 1 to 13 bytes.
109
• System ID—A system ID uniquely identifies a host or router in the area and has a fixed length of 6 bytes.
•
SEL—Has a value of 0 and a fixed length of 1 byte.
For example, for a NET ab.cdef.1234.5678.9abc.00, the area ID is ab.cdef, the system ID is
1234.5678.9abc, and the SEL is 00.
Typically, a router only needs one NET, but it can have a maximum of three NETs for smooth area merging and partitioning. When you configure multiple NETs, make sure the system IDs are the same.
IS-IS area
IS-IS has a 2-level hierarchy to support large-scale networks. A large-scale routing domain is divided into multiple areas. Typically, a Level-1 router is deployed within an area, a Level-2 router is deployed between areas, and a Level-1-2 router is deployed between Level-1 and Level-2 routers.
Level-1 and Level-2
•
Level-1 router—A Level-1 router establishes neighbor relationships with Level-1 and Level-1-2 routers in the same area. It maintains a LSDB comprising intra-area routing information. A Level-1 router forwards packets destined for external areas to the nearest Level-1-2 router. Level-1 routers in different areas cannot establish neighbor relationships.
•
Level-2 router—A Level-2 router establishes neighbor relationships with Level-2 and Level-1-2 routers in the same area or in different areas. It maintains a Level-2 LSDB containing inter-area routing information. All the Level-2 and Level-1-2 routers must be contiguous to form the backbone of the IS-IS routing domain. Level-2 routers can establish neighbor relationships regardless of the areas they reside in.
• Level-1-2 router—A router with both Level-1 and Level-2 router functions is a Level-1-2 router. It can establish Level-1 neighbor relationships with Level-1 and Level-1-2 routers in the same area, and establish Level-2 neighbor relationships with Level-2 and Level-1-2 routers in different areas. A Level-1 router can reach other areas only through a Level-1-2 router. The Level-1-2 router maintains two LSDBs, a Level-1 LSDB for intra-area routing and a Level-2 LSDB for inter-area routing.
shows one IS-IS network topology. Area 1 is the backbone that comprises a set of Level-2 routers. The other four areas are non-backbone areas connected to the backbone through Level-1-2 routers.
110
Figure 31 IS-IS topology 1
Area 2
L1/L2
L1
L2
L2
L1/L2
Area 3
L2
Area 1
L2
L1/L2
Area 5
L1/L2
L1
Area 4
L1 L1
L1 L1
shows another IS-IS topology. The Level-1-2 routers connect to the Level-1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology. The backbone comprises all contiguous Level-2 and Level-1-2 routers in different areas. The IS-IS backbone does not need to be a specific area.
Figure 32 IS-IS topology 2
Area 3
Area 2
L1/L2
L1
L2
Area 4
L2
L1/L2
L2
Area 1
L2
L1/L2
Area 5
L1/L2
L1
L1
L1 L1
L1
Both the Level-1 and Level-2 routers use the SPF algorithm to generate the shortest path tree.
111
Route leaking
Level-2 and Level-1-2 routers form a Level-2 area. An IS-IS routing domain comprises only one Level-2 area and multiple Level-1 areas. A Level-1 area must connect to the Level-2 area rather than other Level-1 area.
The routing information of each Level-1 area is sent to the Level-2 area through a Level-1-2 router, so a
Level-2 router knows the routing information of the entire IS-IS routing domain. By default, a Level-2 router does not advertise the routing information of other Level-1 areas and the Level-2 area to a Level-1 area, so a Level-1 router simply sends packets destined for other areas to the nearest Level-1-2 router. The path passing through the Level-1-2 router may not be the best. To solve this problem, IS-IS provides the route leaking feature.
Route leaking enables a Level-1-2 router to advertise the routes of other Level-1 areas and the Level-2 area to the connected Level-1 area so that the Level-1 routers can select the optimal routes for packets.
IS-IS network types
Network types
IS-IS supports the broadcast network (for example, Ethernet and Token Ring) and the point-to-point network (for example, PPP and HDLC).
For an NBMA interface, such as an ATM interface, you must configure point-to-point or broadcast subinterfaces. IS-IS cannot run on P2MP links.
DIS and pseudonodes
IS-IS routers on a broadcast network must elect a DIS.
The Level-1 and Level-2 DISs are elected separately. You can assign different priorities to a router for different level DIS elections. The higher the router priority, the more likely the router becomes the DIS. If multiple routers with the same highest DIS priority exist, the one with the highest SNPA (Subnetwork Point of Attachment) address (MAC address on a broadcast network) will be elected. A router can be the DIS for different levels.
IS-IS DIS election differs from OSPF DIS election in the following ways:
• A router with priority 0 can also participate in the DIS election.
•
When a router with a higher priority is added to the network, an LSP flooding process is performed to elect the router as the new DIS.
, the same level routers on a network, including non-DIS routers, establish adjacency with each other.
Figure 33 DIS in the IS-IS broadcast network
L1/L2 L1/L2
L2 adjacencies
L1 adjacencies
L1
DIS
L2
DIS
112
The DIS creates and updates pseudonodes, and generates LSPs for the pseudonodes, to describe all routers on the network.
A pseudonode represents a virtual node on the broadcast network. It is not a real router. In IS-IS, it is identified by the system ID of the DIS and a 1-byte Circuit ID (a non-zero value).
Using pseudonodes simplifies network topology and can reduce the amount of resources consumed by
SPF.
NOTE:
On an IS-IS broadcast network, all routers establish adjacency relationships, but they synchronize their
LSDBs through the DIS.
IS-IS PDUs
PDU
IS-IS PDUs are encapsulated into link layer frames. An IS-IS PDU has two parts, the headers and the variable length fields. The headers comprise the PDU common header and the PDU specific header. All
PDUs have the same PDU common header. The specific headers vary by PDU type.
Figure 34 PDU format
Table 4 PDU types
18
20
24
25
15
16
17
Level-1 LAN IS-IS hello PDU
Level-2 LAN IS-IS hello PDU
Point-to-Point IS-IS hello PDU
Level-1 Link State PDU
Level-2 Link State PDU
Level-1 Complete Sequence Numbers PDU
Level-2 Complete Sequence Numbers PDU
L1 LAN IIH
L2 LAN IIH
P2P IIH
L1 LSP
L2 LSP
L1 CSNP
L2 CSNP
26
Hello PDU
27
Level-1 Partial Sequence Numbers PDU
Level-2 Partial Sequence Numbers PDU
L1 PSNP
L2 PSNP
IS-to-IS hello (IIH) PDUs are used by routers to establish and maintain neighbor relationships. On broadcast networks, Level-1 routers use Level-1 LAN IIHs, and Level-2 routers use Level-2 LAN IIHs. The
P2P IIHs are used on point-to-point networks.
LSP
The LSPs carry link state information. LSPs include Level-1 LSPs and Level-2 LSPs. The Level-2 LSPs are sent by the Level-2 routers, and the Level-1 LSPs are sent by the Level-1 routers. The Level-1-2 router can send both types of LSPs.
113
SNP
A sequence number PDU (SNP) describes the complete or partial LSPs for LSDB synchronization.
SNPs include CSNP and PSNP, which are further divided into Level-1 CSNP, Level-2 CSNP, Level-1 PSNP, and Level-2 PSNP.
A CSNP describes the summary of all LSPs for LSDB synchronization between neighboring routers. On broadcast networks, CSNPs are sent by the DIS periodically (every 10 seconds by default). On point-to-point networks, CSNPs are sent only during the first adjacency establishment.
A PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request missing LSPs from a neighbor.
CLV
The variable fields of PDU comprise multiple Code-Length-Value (CLV) triplets.
Figure 35 CLV format
10
128
129
130
131
132
shows that different PDUs contain different CLVs. Codes 1 through 10 are defined in ISO 10589
(code 3 and 5 are not shown in the table), and others are defined in RFC 1195.
Table 5 CLV codes and PDU types
CLV Code
1
Name
Area Addresses
6
7
2
4
IS Neighbors (LSP)
Partition Designated Level2 IS
IS Neighbors (MAC Address)
IS Neighbors (SNPA Address)
8 Padding
Authentication Information
IP Internal Reachability Information
Protocols Supported
IP External Reachability Information
Inter-Domain Routing Protocol Information
IP Interface Address
PDU Type
IIH, LSP
LSP
L2 LSP
LAN IIH
LAN IIH
IIH
SNP
IIH, LSP, SNP
LSP
IIH, LSP
L2 LSP
L2 LSP
IIH, LSP
Protocols and standards
• ISO 10589 ISO IS-IS Routing Protocol
114
• ISO 9542 ES-IS Routing Protocol
•
ISO 8348/Ad2 Network Services Access Points
•
RFC 1195, Use of OSI IS-IS for Routing in TCP/IP and Dual Environments
• RFC 2763, Dynamic Hostname Exchange Mechanism for IS-IS
• RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS
•
RFC 2973, IS-IS Mesh Groups
•
RFC 3277, IS-IS Transient Blackhole Avoidance
• RFC 3358, Optional Checksums in ISIS
• RFC 3373, Three-Way Handshake for IS-IS Point-to-Point Adjacencies
•
RFC 3567, Intermediate System to Intermediate System (IS-IS) Cryptographic Authentication
•
RFC 3719, Recommendations for Interoperable Networks using IS-IS
• RFC 3786, Extending the Number of IS-IS LSP Fragments Beyond the 256 Limit
•
RFC 3787, Recommendations for Interoperable IP Networks using IS-IS
•
RFC 3847, Restart Signaling for IS-IS
IS-IS configuration task list
Tasks at a glance
•
(Required.)
•
(Optional.) Configuring the IS level and circuit level
•
(Optional.) Configuring P2P network type for an interface
(Optional.) Configuring IS-IS route control
•
•
Specifying a preference for IS-IS
•
Configuring the maximum number of ECMP routes
•
Configuring IS-IS route summarization
•
•
Configuring IS-IS route redistribution
•
Configuring IS-IS route filtering
•
Configuring IS-IS route leaking
115
Tasks at a glance
(Optional.) Tuning and optimizing IS-IS networks
•
Specifying intervals for sending IS-IS hello and CSNP packets
•
Specifying the IS-IS hello multiplier
•
Configuring a DIS priority for an interface
•
Disabling an interface from sending/receiving IS-IS packets
•
Enabling an interface to send small hello packets
•
•
Controlling SPF calculation interval
•
Configuring convergence priorities for specific routes
•
•
Configuring system ID to host name mappings
•
Enabling the logging of neighbor state changes
•
(Optional.) Enhancing IS-IS network security
•
Configuring neighbor relationship authentication
•
Configuring area authentication
•
Configuring routing domain authentication
(Optional.) Configuring IS-IS GR
(Optional.) Configuring BFD for IS-IS
(Optional.) Configuring IS-IS FRR
Configuring basic IS-IS
Configuration prerequisites
Before the configuration, complete the following tasks:
•
Configure the link layer protocol.
• Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
Enabling IS-IS
Step Command
1. Enter system view. system-view
2. Create an IS-IS process and enter its view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Assign a NET. network-entity net
4. Return to system view. quit
5. Enter interface view. interface interface-type
interface-number
6. Enable an IS-IS process on the interface. isis enable [ process-id ]
Remarks
N/A
By default, the IS-IS process is disabled.
By default, NET is not assigned.
N/A
N/A
By default, no IS-IS process is enabled.
116
Configuring the IS level and circuit level
Follow these guidelines when you configure the IS level for routers in only one area:
• Configure the IS level of all routers as Level-1 or Level-2 rather than different levels because the routers do not need to maintain two identical LSDBs.
•
Configure the IS level as Level-2 on all routers in an IP network for good scalability.
For an interface of a Level-1 (or Level-2) router, the circuit level can only be Level-1 (or Level-2). For an interface of a Level-1-2 router, the default circuit level is Level-1-2; if the router only needs to form Level-1 (or
Level-2) neighbor relationships, configure the circuit level for its interfaces as Level-1 (or Level-2) to limit neighbor relationship establishment.
To configure the IS level and circuit level:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Specify the IS level.
4. Return to system view.
5. Enter interface view. is-level { level-1 | level-1-2 | level-2 } quit interface interface-type
interface-number
N/A
By default, the IS level is Level-1-2.
N/A
N/A
6. Specify the circuit level. isis circuit-level [ level-1 | level-1-2
| level-2 ]
By default, an interface can establish either the Level-1 or Level-2 adjacency.
Configuring P2P network type for an interface
Perform this task only for a broadcast network that has up to two attached routers.
Interfaces with different network types operate differently. For example, broadcast interfaces on a network must elect the DIS and flood CSNP packets to synchronize the LSDBs, but P2P interfaces on a network do not need to elect the DIS, and have a different LSDB synchronization mechanism.
If only two routers exist on a broadcast network, configure the network type of attached interfaces as P2P to avoid DIS election and CSNP flooding, saving network bandwidth and speeding up network convergence.
To configure P2P network type for an interface:
Step Command
1. Enter system view. system-view
2. Enter interface view. interface interface-type
interface-number
Remarks
N/A
N/A
117
Step Command
3. Configure P2P network type for an interface. isis circuit-type p2p
Remarks
By default, the network type of an interface depends on the physical media. The network type of a
VLAN interface is broadcast.
Configuring IS-IS route control
Configuration prerequisites
Before the configuration, complete the following tasks:
•
Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
•
Enable IS-IS.
Configuring IS-IS link cost
The IS-IS cost of an interface is determined in the following order:
1.
IS-IS cost specified in interface view.
2.
3.
IS-IS cost specified in system view. The cost is applied to the interfaces associated with the IS-IS process.
Automatically calculated cost. If the cost style is wide or wide-compatible, IS-IS automatically calculates the cost using the formula: interface cost = (bandwidth reference value/interface bandwidth) ×10, in the range of 1 to16777214. For other cost styles,
Table 6 Automatic cost calculation scheme for cost styles other than wide and wide-compatible
Interface bandwidth
≤ 10 Mbps
≤ 100 Mbps
≤ 155 Mbps
≤ 622 Mbps
Interface cost
60
50
40
30
≤ 2500 Mbps 20
> 2500 Mbps
4.
10
If none of the above costs is used, a default cost of 10 applies.
Configuring an IS-IS cost for an interface
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
118
Step Command
3. (Optional.) Specify an
IS-IS cost style. cost-style { narrow | wide | wide-compatible
| { compatible | narrow-compatible }
[ relax-spf-limit ] }
4. Return to system view. quit
5. Enter interface view. interface interface-type interface-number
6. (Optional.) Specify a cost for the IS-IS interface. isis cost value [ level-1 | level-2 ]
Configuring a global IS-IS cost
Remarks
By default, the IS-IS cost type is narrow.
N/A
N/A
By default, no cost for the interface is specified.
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
Remarks
N/A isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A
3. (Optional.) Specify an IS-IS cost style. cost-style { narrow | wide | wide-compatible |
{ compatible | narrow-compatible }
[ relax-spf-limit ] }
4. Specify a global
IS-IS cost. circuit-cost value [ level-1 | level-2 ]
Enabling automatic IS-IS cost calculation
By default, the IS-IS cost style is narrow.
By default, no global cost is specified.
Step Command
1. Enter system view. system-view
Remarks
N/A
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
N/A
3. Specify an IS-IS cost style. cost-style { wide | wide-compatible } By default, the IS-IS cost is narrow.
4. Enable automatic IS-IS cost calculation.
5. (Optional.) Configure a bandwidth reference value for automatic IS-IS cost calculation. auto-cost enable bandwidth-reference value
By default, automatic IS-IS cost calculation is disabled.
The default setting is100 Mbps.
Specifying a preference for IS-IS
If multiple routing protocols find routes to the same destination, the route found by the routing protocol that has the highest preference is selected as the optimal route.
Perform this task to assign a preference to IS-IS directly or by using a routing policy. For more information about the routing policy, see "Configuring routing policies."
To configure a preference for IS-IS:
119
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
3. Configure a prefrence for
IS-IS. isis [ process-id ] [ vpn-instance
vpn-instance-name ] preference { preference | route-policy
route-policy-name } *
Remarks
N/A
N/A
The default setting is
15.
Configuring the maximum number of ECMP routes
Perform this task to implement load sharing over ECMP routes.
To configure the maximum number of ECMP routes:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
3. Specify the maximum number of ECMP routes. maximum load-balancing number
By default, the maximum number of ECMP routes is the same as that configured in the max-ecmp-num command. For more information about the max-ecmp-num command, see IP Routing
Command Reference.
Configuring IS-IS route summarization
Perform this task to summarize specific routes, including IS-IS routes and redistributed routes, into a single route. Route summarization can reduce the routing table size and the LSDB scale.
Route summarization applies only to locally generated LSPs. The cost of the summary route is the lowest one among the costs of the more-specific routes.
To configure route summarization:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
3. Configure IS-IS route summarization. isis [ process-id ] [ vpn-instance
vpn-instance-name ] summary ip-address { mask | mask-length }
[ avoid-feedback | generate_null0_route |
[ level-1 | level-1-2 | level-2 ] | tag tag ] *
Remarks
N/A
N/A
By default, route summarization is not configured.
120
Advertising a default route
IS-IS cannot redistribute a default route to its neighbors. This task enables IS-IS to advertise a default route of 0.0.0.0/0 in an LSP to the same-level neighbors. Upon receiving the default route, the neighbors add it into their routing table.
To advertise a default route:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
3. Advertise a default route. default-route-advertise [ [ level-1 | level-1-2
| level-2 ] | route-policy route-policy-name ]
*
By default, IS-IS does not advertise a default route.
The generated routes are advertised to only the same-level neighbors.
Configuring IS-IS route redistribution
Perform this task to redistribute routes from other routing protocols into IS-IS. You can specify a cost for redistributed routes and specify the maximum number of redistributed routes.
To configure IS-IS route redistribution from other routing protocols:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
3. Redistribute routes from other routing protocols or other IS-IS processes. import-route protocol [ process-id | all-processes | allow-ibgp ] [ cost cost
| cost-type { external | internal } |
[ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag
tag ] *
By default, no route is redistributed.
By default, if no level is specified, this command redistributes routes into the
Level-2 routing table.
This command redistributes only active routes. To display active routes, use the display ip routing-table protocol command.
4. (Optional.) Configure the maximum number of redistributed Level
1/Level 2 IPv4 routes. import-route limit number
By default, the maximum number of redistributed Level 1/Level 2 IPv4 routes is not configured.
Configuring IS-IS route filtering
You can use an ACL, IP prefix list, or routing policy to filter routes calculated using received LSPs and routes redistributed from other routing protocols.
121
Filtering routes calculated from received LSPs
IS-IS saves LSPs received from neighbors in the LSDB, uses the SPF algorithm to calculate the shortest path tree with itself as the root, and installs the routes to the IS-IS routing table.
Perform this task to filter calculated routes. Only routes that are not filtered can be added to the IS-IS routing table.
To filter routes calculated using received LSPs:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
3. Filter routes calculated using received LSPs. filter-policy { acl-number | prefix-list
prefix-list-name | route-policy
route-policy-name } import
By default, IS-IS accepts all routes calculated using received LSPs.
Filtering redistributed routes
IS-IS can redistribute routes from other routing protocols or other IS-IS processes, add them to the IS-IS routing table, and advertise them in LSPs.
Perform this task to filter redistributed routes. Only routes that are not filtered can be added to the IS-IS routing table and advertised to neighbors.
To filter redistributed routes:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
3. Filter routes redistributed from other routing protocols or IS-IS processes. isis [ process-id ] [ vpn-instance
vpn-instance-name ] filter-policy { acl-number | prefix-list
prefix-list-name | route-policy
route-policy-name } export [ protocol
[ process-id ] ]
Remarks
N/A
N/A
By default, IS-IS accepts all redistributed routes.
Configuring IS-IS route leaking
Perform this task to control route advertisement (route leaking) between Level-1 and Level-2.
You can configure IS-IS to advertise routes from Level-2 to Level-1, and to not advertise routes from Level-1 to Level-2.
To configure IS-IS route leaking:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
122
Step Command
3. Configure route leaking from Level-1 to
Level-2. import-route isis level-1 into level-2 [ filter-policy
{ acl-number | prefix-list prefix-list-name | route-policy route-policy-name } | tag tag ] *
4. Configure route leaking from Level-2 to
Level-1. import-route isis level-2 into level-1 [ filter-policy
{ acl-number | prefix-list prefix-list-name | route-policy route-policy-name } | tag tag ] *
Remarks
By default, IS-IS advertises routes from Level-1 to
Level-2.
By default, IS-IS does not advertise routes from
Level-2 to Level-1.
Tuning and optimizing IS-IS networks
Configuration prerequisites
Before you tune and optimize IS-IS networks, complete the following tasks:
• Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
•
Enable IS-IS.
Specifying intervals for sending IS-IS hello and CSNP packets
Step Command
1. Enter system view. system-view
2. Enter interface view. interface interface-type
interface-number
Remarks
N/A
N/A
3. Specify the interval for sending hello packets. isis timer hello seconds [ level-1 | level-2 ]
The default setting is10 seconds.
The interval between hello packets sent by the DIS is 1/3 the hello interval set with the isis timer hello command.
4. Specify the interval for sending CSNP packets on the
DIS of a broadcast network. isis timer csnp seconds [ level-1 | level-2 ]
The default setting is10 seconds.
Specifying the IS-IS hello multiplier
If a neighbor receives no hello packets from the router within the advertised hold time, it considers the router down and recalculates the routes. The hold time is the hello multiplier multiplied by the hello interval.
On a broadcast link, Level-1 and Level-2 hello packets are advertised separately. You must set a hello multiplier for each level.
On a P2P link, Level-1 and Level-2 hello packets are advertised in P2P hello packets. You do not need to specify Level-1 or Level-2.
To specify the IS-IS hello multiplier:
Step Command
1. Enter system view. system-view
Remarks
N/A
123
Step Command
2. Enter interface view. interface interface-type
interface-number
3. Specify the number of hello packets a neighbor must miss before declaring the router is down. isis timer holding-multiplier value
[ level-1 | level-2 ]
Remarks
N/A
The default setting is
3.
Configuring a DIS priority for an interface
On a broadcast network, IS-IS must elect a router as the DIS at a routing level. You can specify a DIS priority at a level for an interface. The greater the interface's priority, the more likely it becomes the DIS.
If multiple routers in the broadcast network have the same highest DIS priority, the router with the highest
MAC address becomes the DIS.
To configure a DIS priority for an interface:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter interface view.
3. Configure a DIS priority for the interface. interface interface-type
interface-number isis dis-priority value [ level-1 | level-2 ]
N/A
The default setting is 64.
Disabling an interface from sending/receiving IS-IS packets
After being disabled from sending and receiving hello packets, an interface cannot form any neighbor relationship, but can advertise directly connected networks in LSPs through other interfaces. This can save bandwidth and CPU resources, and ensures that other routers know networks directly connected to the interface.
To disable an interface from sending and receiving IS-IS packets:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter interface view. interface interface-type
interface-number
3. Disable the interface from sending and receiving IS-IS packets. isis silent
N/A
By default, the interface can send and receive IS-IS packets.
Enabling an interface to send small hello packets
IS-IS messages cannot be fragmented at the IP layer because they are directly encapsulated in frames.
Any two IS-IS neighboring routers must negotiate a common MTU. To avoid sending big hellos to save bandwidth, enable the interface to send small hello packets without CLVs.
To enable an interface to send small hello packets:
124
Step Command
1. Enter system view. system-view
2. Enter interface view. interface interface-type
interface-number
3. Enable the interface to send small hello packets without
CLVs. isis small-hello
Remarks
N/A
N/A
By default, the interface can send standard hello packets.
Configuring LSP parameters
Configuring LSP timers
1.
Specify the maximum age of LSPs.
Each LSP has an age that decreases in the LSDB. IS-IS runs a process to delete any LSP with an age of 0 from the LSDB. You can adjust the age value based on the scale of a network.
To specify the maximum age of LSPs:
Step Command
1. Enter system view. system-view
Remarks
N/A
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
N/A
2.
3. Specify the maximum LSP age. timer lsp-max-age seconds
The default setting is1200 seconds.
Specify the LSP refresh interval and generation interval.
Each router needs to refresh its LSPs at a configurable interval and send them to other routers to prevent valid routes from aging out. A smaller refresh interval speeds up network convergence but consumes more bandwidth.
When the network topology changes, for example, a neighbor is down or up, or the interface metric, system ID, or area ID is changed, the router generates an LSP after a configurable interval.
If such a change occurs frequently, excessive LSPs are generated, consuming a large amount of router resources and bandwidth. To solve the problem, you can adjust the LSP generation interval.
When network changes are not frequent, the minimum-interval is adopted. If network changes become frequent, the LSP generation interval is incremented by incremental-interval × 2 n-2
(n is the number of calculation times) each time a generation occurs until the maximum-interval is reached.
To specify the LSP refresh interval and generation interval:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Specify the LSP refresh interval. timer lsp-refresh seconds
Remarks
N/A
N/A
By default, the LSP refresh interval is 900 seconds.
125
Step Command
4. Specify the LSP generation interval. timer lsp-generation maximum-interval
[ minimum-interval [ incremental-interval ] ]
[ level-1 | level-2 ]
Remarks
By default:
•
The maximum interval is 2 seconds.
•
The minimum interval is 0 milliseconds.
•
The incremental interval is
0 milliseconds.
3.
Specify LSP sending intervals.
If a change occurs in the LSDB, IS-IS advertises the changed LSP to neighbors. You can specify the minimum interval for sending such LSPs.
To avoid unnecessary retransmissions, configure an LSP sending interval according to the number of IS-IS interfaces or routes.
To configure LSP sending intervals:
Step Command
1. Enter system view. system-view
Remarks
N/A
2. Enter interface view. interface interface-type
interface-number
N/A
3. Specify the minimum interval for sending LSPs and the maximum LSP number that can be sent at a time. isis timer lsp time [ count count ]
By default, the minimum interval is 33 milliseconds, and the maximum LSP number that can be sent at a time is 5.
Specifying LSP lengths
IS-IS messages cannot be fragmented at the IP layer because they are directly encapsulated in frames.
IS-IS routers in an area must send LSPs smaller than the smallest interface MTU in the area.
If the IS-IS routers have different interface MTUs, HP recommends configuring the maximum size of generated LSP packets to be smaller than the smallest interface MTU in the area. Otherwise, the routers must dynamically adjust the LSP packet size to fit the smallest interface MTU, which takes time and affects other services.
To specify LSP lengths:
Remarks
N/A
Step Command
1. PreferenceEnter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Specify the maximum length of generated Level-1 LSPs or
Level-2 LSPs. lsp-length originate size [ level-1 | level-2 ]
4. Specify the maximum length of received LSPs. lsp-length receive size
N/A
By default, the maximum length of generated Level-1 LSPs or
Level-2 LSPs is 1497 bytes.
By default, the maximum length of received LSPs is 1497 bytes.
126
Enabling LSP flash flooding
Changed LSPs can trigger SPF recalculation. To advertise the changed LSPs before the router recalculates routes for faster network convergence, enable LSP flash flooding.
To enable LSP flash flooding:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
Remarks
N/A isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A
3. Enable LSP flash flooding. flash-flood [ flood-count flooding-count | max-timer-interval flooding-interval | [ level-1 | level-2 ] ] *
By default, LSP flash flooding is disabled.
Enabling LSP fragment extension
Perform this task to enable IS-IS fragment extension for an IS-IS process. The MTUs of all interfaces running the IS-IS process must not be less than 512. Otherwise, LSP fragment extension does not take effect.
To enable LSP fragment extension:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
3. Enable LSP fragment extension. isis [ process-id ] [ vpn-instance
vpn-instance-name ] lsp-fragments-extend [ level-1 | level-1-2 | level-2 ]
Remarks
N/A
N/A
By default, this feature is disabled.
4. Configure a virtual system
ID. virtual-system virtual-system-id
By default, no virtual system ID is configured.
Configure at least one virtual system to generate extended LSP fragments.
Controlling SPF calculation interval
Based on the LSDB, an IS-IS router uses the SPF algorithm to calculate the shortest path tree with itself being the root, and uses the shortest path tree to determine the next hop to a destination network. By adjusting the SPF calculation interval, you can prevent bandwidth and router resources from being overconsumed due to frequent topology changes.
When network changes are not frequent, the minimum-interval is adopted. If network changes become frequent, the SPF calculation interval is incremented by incremental-interval × 2 n-2 (n is the number of calculation times) each time a calculation occurs until the maximum-interval is reached.
To control SPF calculation interval:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
127
Step Command
3. Configure the SPF calculation interval. timer spf maximum-interval
[ minimum-interval [ incremental-interval ] ]
Remarks
By default:
•
The maximum interval is 5 seconds.
•
The minimum interval is 50 milliseconds.
•
The incremental interval is
200 milliseconds.
Configuring convergence priorities for specific routes
A topology change causes IS-IS routing convergence. To improve convergence speed, you can assign different convergence priorities to specific IS-IS routes, including critical, high, medium, and low. The higher the convergence priority, the faster the convergence speed.
IS-IS host routes have the medium convergence priority.
To assign convergence priorities to specific IS-IS routes:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
3. Assign convergence priorities to specific IS-IS routes. isis [ process-id ] [ vpn-instance
vpn-instance-name ] priority { critical | high | medium }
{ prefix-list prefix-list-name | tag
tag-value }
Remarks
N/A
N/A
By default, IS-IS routes have the lowest convergence priority.
Setting the LSDB overload bit
By setting the overload bit in sent LSPs, a router informs other routers of failures that make it unable to select routes and forward packets.
When an IS-IS router cannot record the complete LSDB, for example, because of memory insufficiency, it will calculate wrong routes. To make troubleshooting easier, temporarily isolate the router from the IS-IS network by setting the overload bit.
To set the LSDB overload bit:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ]
3. Set the overload bit. set-overload [ on-startup [ [ start-from-nbr system-id
[ timeout1 [ nbr-timeout ] ] ] | timeout2 ] [ allow { external
| interlevel } * ]
Remarks
N/A
N/A
By default, the overload bit is not set.
128
Configuring system ID to host name mappings
A 6-byte system ID in hexadecimal notation uniquely identifies a router or host in an IS-IS network. To make a system ID easy to read, the system allows you to use host names to identify devices and provides mappings between system IDs and host names.
The mappings can be configured manually or dynamically. Follow these guidelines when you configure the mappings:
• To view host names rather than system IDs by using the display isis lsdb command, you must enable dynamic system ID to host name mapping.
•
If you configure both dynamic mapping and static mapping on a router, the host name specified for dynamic mapping applies.
Configuring a static system ID to host name mapping
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Configure a system ID to host name mapping for a remote
IS. is-name map sys-id map-sys-name
Configuring dynamic system ID to host name mapping
Remarks
N/A
N/A
A system ID can correspond to only one host name.
Static system ID to host name mapping requires you to manually configure a mapping for each router in the network. When a new router is added to the network or a mapping must be modified, you must configure all routers manually.
When you use dynamic system ID to host name mapping, you only need to configure a host name for each router in the network. Each router advertises the host name in a dynamic host name CLV to other routers so all routers in the network can have all mappings.
To help check the origin of LSPs in the LSDB, you can configure a name for the DIS in a broadcast network.
To configure dynamic system ID to host name mapping:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Specify a host name for the IS and enable dynamic system ID to host name mapping. is-name sys-name
4. Return to system view. quit
5. Enter interface view. interface interface-type
interface-number
N/A
By default, no host name is specified for the router.
N/A
N/A
129
Step Command
6. Configure a DIS name. isis dis-name symbolic-name
Remarks
By default, no DIS name is configured.
This command takes effect only on a router enabled with dynamic system ID to host name mapping.
This command is not available on P2P interfaces.
Enabling the logging of neighbor state changes
With this feature enabled, the router delivers information about neighbor state changes to the terminal for display.
To enable the logging of neighbor state changes:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Enable the logging of neighbor state changes. log-peer-change
N/A
By default, the logging of neighbor state is enabled.
Enabling IS-IS ISPF
When the network topology changes, Incremental Shortest Path First (ISPF) computes only the affected part of the SPT, instead of the entire SPT.
To enable IS-IS ISPF:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
Remarks
N/A isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A
3. Enable IS-IS ISPF. ispf enable By default, IS-IS is disabled.
Enhancing IS-IS network security
To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication involves neighbor relationship authentication, area authentication, and routing domain authentication.
Configuration prerequisites
Before the configuration, complete the following tasks:
• Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
•
Enable IS-IS.
130
Configuring neighbor relationship authentication
With neighbor relationship authentication configured, an interface adds the password in the specified mode into hello packets to the peer and checks the password in the received hello packets. If the authentication succeeds, it forms the neighbor relationship with the peer.
The authentication mode and password at both ends must be identical.
To configure neighbor relationship authentication:
Step Command
1. Enter system view. system-view
2. Enter interface view.
Remarks
N/A interface interface-type interface-number N/A
3. Specify the authentication mode and password. isis authentication-mode { md5 | simple }
{ cipher cipher-string | plain plain-string }
[ level-1 | level-2 ] [ ip | osi ]
By default, no authentication is configured.
Configuring area authentication
Area authentication prevents the router from installing routing information from untrusted routers into the
Level-1 LSDB. The router encapsulates the authentication password in the specified mode in Level-1 packets (LSP, CSNP, and PSNP) and checks the password in received Level-1 packets.
Routers in a common area must have the same authentication mode and password.
To configure area authentication:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Specify the area authentication mode and password. area-authentication-mode { md5 | simple } { cipher cipher-string | plain
plain-string } [ ip | osi ]
N/A
By default, no area authentication is configured.
Configuring routing domain authentication
Routing domain authentication prevents untrusted routing information from entering into a routing domain. A router with the authentication configured encapsulates the password in the specified mode into Level-2 packets (LSP, CSNP, and PSNP) and check the password in received Level-2 packets.
All the routers in the backbone must have the same authentication mode and password.
To configure routing domain authentication:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
131
Step Command
3. Specify the routing domain authentication mode and password. domain-authentication-mode
{ md5 | simple } { cipher
cipher-string | plain plain-string }
[ ip | osi ]
Remarks
By default, no routing domain authentication is configured.
Configuring IS-IS GR
GR ensures the continuity of packet forwarding when a routing protocol restarts.
• GR Restarter—Graceful restarting router. It must have GR capability.
•
GR Helper—A neighbor of the GR Restarter. It assists the GR Restarter to complete the GR process.
By default, a device acts as the GR Helper. Configure IS-IS GR on the GR Restarter.
GR Restarter uses the following timers:
• T1 timer—Specifies the times that GR Restarter can send a Restart TLV with the RR bit set. After restart, the GR Restarter sends a Restart TLV with the RR bit set to its neighbor. If the restarting router receives a Restart TLV with the RA set from its neighbor before the T1 timer expires, the GR process starts. Otherwise, the GR process fails.
• T2 timer—Specifies the LSDB synchronization interval. Each LSDB has a T2 timer. The Level-1-2 router has two T2 timers: a Level-1 timer and a Level-2 timer. If the LSDBs have not achieved synchronization before the two timers expire, the GR process fails.
• T3 timer—Specifies the GR interval. The GR interval is set as the holdtime in hello PDUs. Within the interval, the neighbors maintain their adjacency with the GR Restarter. If the GR process has not completed within the holdtime, the neighbors tear down the neighbor relationship and the GR process fails.
To configure GR on the GR Restarter:
Step Command
1. Enter system view. system-view
2. Enable IS-IS and enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
3. Enable IS-IS GR.
4. (Optional.) Suppress the SA bit during restart. graceful-restart graceful-restart suppress-sa graceful-restart t1 seconds count
count
By default, the GR capability for IS-IS is disabled.
By default, the SA bit is not suppressed.
By enabling the GR Restarter to suppress the
Suppress-Advertisement (SA) bit in the hello
PDUs, the neighbors will still advertise their adjacency with the GR Restarter.
By default, the T1 timer is 3 seconds and can expire 10 times.
5. (Optional.) Configure the T1 timer.
6. (Optional.) Configure the T2 timer.
7. (Optional.) Configure the T3 timer. graceful-restart t2 seconds graceful-restart t3 seconds
By default, the T2 timer is 60 seconds.
By default, the T2 timer is 300 seconds.
132
Configuring BFD for IS-IS
BFD provides a single mechanism to quickly detect and monitor the connectivity of links between OSPF neighbors, reducing network convergence time. For more information about BFD, see High Availability
Configuration Guide.
To configure BFD for IS-IS:
Step Command
1. Enter system view. system-view
2. Enter interface view.
Remarks
N/A interface interface-type interface-number N/A
3. Enable IS-IS on an interface. isis enable [ process-id ] N/A
4. Enable BFD on an IS-IS interface. isis bfd enable
By default, an IS-IS interface is not enabled with BFD.
Configuring IS-IS FRR
A link or router failure on a path can cause packet loss and even routing loop. Such problems arise until
IS-IS completes the routing convergence based on the new network topology. IS-IS FRR enables fast rerouting to minimize the impact of link or node failures.
Figure 36 Network diagram for IS-IS FRR
hop when a link failure is detected. In this way, packets are directed to the backup next hop to reduce traffic recovery time. Meanwhile, IS-IS calculates the shortest path based on the new network topology, and forwards packets over the path after network convergence.
You can either enable IS-IS FRR to calculate a backup next hop automatically, or designate a backup next hop with a routing policy for routes matching specific criteria.
Configuration prerequisites
Before you configure IS-IS FRR, complete the following tasks:
• Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
•
Enable IS-IS.
133
Configuration guidelines
Do not use FRR and BFD at the same time. Otherwise, FRR may fail to take effect.
Configuring IS-IS FRR to automatically calculate a backup next hop
Step Command
1. Enter system view. system-view
2. Configure the source address of echo packets. bfd echo-source-ip ip-address
3. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
4. Enable IS-IS FRR to automatically calculate a backup next hop. fast-reroute auto
Remarks
N/A
By default, the source address of echo packets is not configured.
N/A
By default, IS-IS FRR is disabled.
Configuring IS-IS FRR using a routing policy
You can use the apply fast-reroute backup-interface command to specify a backup next hop in a routing policy for routes matching specific criteria, and perform this task to reference the routing policy for IS-IS
FRR. For more information about the apply fast-reroute backup-interface command and routing policy configurations, see "Configuring routing policies."
To configure IS-IS FRR using a routing policy:
Step Command
1. Enter system view. system-view
2. Configure the source address of echo packets. bfd echo-source-ip ip-address
3. Enter IS-IS view.
4. Enable IS-IS FRR using a routing policy. isis [ process-id ] [ vpn-instance
vpn-instance-name ] fast-reroute route-policy
route-policy-name
Remarks
N/A
By default, the source address of echo packets is not configured.
N/A
By default, this feature is not enabled.
Displaying and maintaining IS-IS
Execute display commands in any view and the reset command in user view.
Task Command
Display brief IS-IS configuration information. display isis brief [ process-id ]
Display the IS-IS GR status. display isis graceful-restart status [ level-1 | level-2 ] [ process-id ]
134
Task Command
Display information about IS-IS enabled interfaces. display isis interface [ [ interface-type interface-number ] [ verbose ]
| statistics] [ process-id ]
Display IS-IS LSDB information. display isis lsdb [ [ level-1 | level-2 ] | local | lsp-id lspid |
[ lsp-name lspname ] | verbose ] * [ process-id ]
Display the host name to system ID mapping table.
Display IS-IS neighbor information.
Display IS-IS redistributed route information
Display IS-IS IPv4 routing information. display isis name-table [ process-id ] display isis peer [ statistics | verbose ] [ process-id ] display isis redistribute [ ipv4 [ ip-address mask-length ] ] [ level-1 | level-2 ] [ process-id ] display isis route [ ipv4 [ ip-address mask-length ] ] [ [ level-1 | level-2 ] | verbose ] * [ process-id ] display isis statistics [ level-1 | level-1-2 | level-2 ] [ process-id ] Display IS-IS statistics.
Clear IS-IS process data structure information.
Clear the data structure information of an
IS-IS neighbor. reset isis all [ process-id ] [ graceful-restart ] reset isis peer system-id [ process-id ]
IS-IS configuration examples
Basic IS-IS configuration example
Network requirements
As shown in
Figure 37 , Switch A, Switch B, Switch C, and Switch D reside in an IS-IS AS.
Switch A and B are Level-1 switches, Switch D is a Level-2 switch, and Switch C is a Level-1-2 switch. Switch
A, Switch B, and Switch C are in Area 10, and Switch D is in Area 20.
Figure 37 Network diagram
Configuration procedure
1.
Configure IP addresses for interfaces. (Details not shown.)
135
2.
Configure IS-IS:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] isis 1
[SwitchA-isis-1] is-level level-1
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis enable 1
[SwitchA-Vlan-interface100] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] isis 1
[SwitchB-isis-1] is-level level-1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] isis enable 1
[SwitchB-Vlan-interface200] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
[SwitchC] interface vlan-interface 100
[SwitchC-Vlan-interface100] isis enable 1
[SwitchC-Vlan-interface100] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] isis enable 1
[SwitchC-Vlan-interface200] quit
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] isis enable 1
[SwitchC-Vlan-interface300] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] isis 1
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] network-entity 20.0000.0000.0004.00
[SwitchD-isis-1] quit
[SwitchD] interface vlan-interface 100
[SwitchD-Vlan-interface100] isis enable 1
[SwitchD-Vlan-interface100] quit
[SwitchD] interface vlan-interface 300
[SwitchD-Vlan-interface300] isis enable 1
[SwitchD-Vlan-interface300] quit
Verifying the configuration
# Display the IS-IS LSDB on each switch to verify the LSPs.
136
[SwitchA] display isis lsdb
Database information for IS-IS(1)
---------------------------------
Level-1 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
--------------------------------------------------------------------------
0000.0000.0001.00-00* 0x00000004 0xdf5e 1096 68 0/0/0
0000.0000.0002.00-00 0x00000004 0xee4d 1102 68 0/0/0
0000.0000.0002.01-00 0x00000001 0xdaaf 1102 55 0/0/0
0000.0000.0003.00-00 0x00000009 0xcaa3 1161 111 1/0/0
0000.0000.0003.01-00 0x00000001 0xadda 1112 55 0/0/0
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
[SwitchB] display isis lsdb
Database information for IS-IS(1)
---------------------------------
Level-1 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
--------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000006 0xdb60 988 68 0/0/0
0000.0000.0002.00-00* 0x00000008 0xe651 1189 68 0/0/0
0000.0000.0002.01-00* 0x00000005 0xd2b3 1188 55 0/0/0
0000.0000.0003.00-00 0x00000014 0x194a 1190 111 1/0/0
0000.0000.0003.01-00 0x00000002 0xabdb 995 55 0/0/0
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
[SwitchC] display isis lsdb
Database information for IS-IS(1)
---------------------------------
Level-1 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
--------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000006 0xdb60 847 68 0/0/0
0000.0000.0002.00-00 0x00000008 0xe651 1053 68 0/0/0
0000.0000.0002.01-00 0x00000005 0xd2b3 1052 55 0/0/0
0000.0000.0003.00-00* 0x00000014 0x194a 1051 111 1/0/0
137
0000.0000.0003.01-00* 0x00000002 0xabdb 854 55 0/0/0
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
--------------------------------------------------------------------------
0000.0000.0003.00-00* 0x00000012 0xc93c 842 100 0/0/0
0000.0000.0004.00-00 0x00000026 0x331 1173 84 0/0/0
0000.0000.0004.01-00 0x00000001 0xee95 668 55 0/0/0
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
[SwitchD] display isis lsdb
Database information for IS-IS(1)
---------------------------------
Level-2 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0003.00-00 0x00000013 0xc73d 1003 100 0/0/0
0000.0000.0004.00-00* 0x0000003c 0xd647 1194 84 0/0/0
0000.0000.0004.01-00* 0x00000002 0xec96 1007 55 0/0/0
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
# Display the IS-IS routing information on each switch.
[SwitchA] display isis route
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL Vlan100 Direct D/L/-
10.1.2.0/24 20 NULL Vlan100 10.1.1.1 R/-/-
192.168.0.0/24 20 NULL Vlan100 10.1.1.1 R/-/-
0.0.0.0/0 10 NULL Vlan100 10.1.1.1 R/-/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
[SwitchC] display isis route
138
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
192.168.0.0/24 10 NULL Vlan300 Direct D/L/-
10.1.1.0/24 10 NULL Vlan100 Direct D/L/-
10.1.2.0/24 10 NULL Vlan200 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
192.168.0.0/24 10 NULL Vlan300 Direct D/L/-
10.1.1.0/24 10 NULL Vlan100 Direct D/L/-
10.1.2.0/24 10 NULL Vlan200 Direct D/L/-
172.16.0.0/16 20 NULL Vlan300 192.168.0.2 R/-/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
[SwitchD] display isis route
Route information for IS-IS(1)
------------------------------
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
192.168.0.0/24 10 NULL Vlan300 Direct D/L/-
10.1.1.0/24 20 NULL Vlan300 192.168.0.1 R/-/-
10.1.2.0/24 20 NULL Vlan300 192.168.0.1 R/-/-
172.16.0.0/16 10 NULL Vlan100 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
The output shows that the routing table of Level-1 switches contains a default route with the next hop as the Level-1-2 switch. The routing table of Level-2 switch contains both routing information of Level-1 and
Level-2.
139
DIS election configuration example
Network requirements
Switch A and Switch B are Level-1-2 switches, Switch C is a Level-1 switch, and Switch D is a Level-2 switch.
Change the DIS priority of Switch A to make it elected as the Level-1-2 DIS router.
Figure 38 Network diagram
Configuration procedure
1.
2.
Configure IP addresses for interfaces. (Details not shown.)
Enable IS-IS:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] isis 1
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis enable 1
[SwitchA-Vlan-interface100] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] isis 1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] isis enable 1
[SwitchB-Vlan-interface100] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] is-level level-1
[SwitchC-isis-1] quit
140
[SwitchC] interface vlan-interface 100
[SwitchC-Vlan-interface100] isis enable 1
[SwitchC-Vlan-interface100] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] isis 1
[SwitchD-isis-1] network-entity 10.0000.0000.0004.00
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] quit
[SwitchD] interface vlan-interface 100
[SwitchD-Vlan-interface100] isis enable 1
[SwitchD-Vlan-interface100] quit
# Display information about IS-IS neighbors on Switch A.
[SwitchA] display isis peer
Peer information for IS-IS(1)
----------------------------
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0003.01
State: Up HoldTime: 21s Type: L1(L1L2) PRI: 64
System Id: 0000.0000.0003
Interface: Vlan-interface100 Circuit Id: 0000.0000.0003.01
State: Up HoldTime: 27s Type: L1 PRI: 64
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0004.01
State: Up HoldTime: 28s Type: L2(L1L2) PRI: 64
System Id: 0000.0000.0004
Interface: Vlan-interface100 Circuit Id: 0000.0000.0004.01
State: Up HoldTime: 30s Type: L2 PRI: 64
# Display information about IS-IS interfaces on Switch A.
[SwitchA] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
Id IPv4.State IPv6.State MTU Type DIS
001 Up Down 1497 L1/L2 No/No
# Display information about IS-IS interfaces on Switch C.
[SwitchC] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
141
Id IPv4.State IPv6.State MTU Type DIS
001 Up Down 1497 L1/L2 Yes/No
# Display information about IS-IS interfaces on Switch D.
[SwitchD] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
Id IPv4.State IPv6.State MTU Type DIS
001 Up Down 1497 L1/L2 No/Yes
The output shows that when the default DIS priority is used, Switch C is the DIS for Level-1, and
Switch D is the DIS for Level-2. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01.
#Configure the DIS priority of Switch A.
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis dis-priority 100
[SwitchA-Vlan-interface100] quit
# Display IS-IS neighbors on Switch A.
[SwitchA] display isis peer
Peer information for IS-IS(1)
----------------------------
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 21s Type: L1(L1L2) PRI: 64
System Id: 0000.0000.0003
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 27s Type: L1 PRI: 64
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 28s Type: L2(L1L2) PRI: 64
System Id: 0000.0000.0004
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 30s Type: L2 PRI: 64
# Display information about IS-IS interfaces on Switch A.
[SwitchA] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
Id IPv4.State IPv6.State MTU Type DIS
142
001 Up Down 1497 L1/L2 Yes/Yes
The output shows that after the DIS priority configuration, Switch A becomes the DIS for Level-1-2, and the pseudonode is 0000.0000.0001.01.
# Display information about IS-IS neighbors and interfaces on Switch C.
[SwitchC] display isis peer
Peer information for IS-IS(1)
----------------------------
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 25s Type: L1 PRI: 64
System Id: 0000.0000.0001
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 7s Type: L1 PRI: 100
[SwitchC] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
Id IPv4.State IPv6.State MTU Type DIS
001 Up Down 1497 L1/L2 No/No
# Display information about IS-IS neighbors and interfaces on Switch D.
[SwitchD] display isis peer
Peer information for IS-IS(1)
----------------------------
System Id: 0000.0000.0001
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 9s Type: L2 PRI: 100
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 28s Type: L2 PRI: 64
[SwitchD] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
Id IPv4.State IPv6.State MTU Type DIS
001 Up Down 1497 L1/L2 No/No
143
IS-IS route redistribution configuration example
Network requirements
As shown in
Figure 39 , Switch A, Switch B, Switch C, and Switch D reside in the same AS. They use IS-IS
to interconnect. Switch A and Switch B are Level-1 routers, Switch D is a Level-2 router, and Switch C is a
Level-1-2 router.
Redistribute RIP routes into IS-IS on Switch D.
Figure 39 Network diagram
Configuration procedure
1.
2.
Configure IP addresses for interfaces. (Details not shown.)
Configure basic IS-IS:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] isis 1
[SwitchA-isis-1] is-level level-1
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis enable 1
[SwitchA-Vlan-interface100] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] isis 1
[SwitchB-isis-1] is-level level-1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] isis enable 1
[SwitchB-Vlan-interface200] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] isis 1
144
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] isis enable 1
[SwitchC-Vlan-interface200] quit
[SwitchC] interface vlan-interface 100
[SwitchC-Vlan-interface100] isis enable 1
[SwitchC-Vlan-interface100] quit
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] isis enable 1
[SwitchC-Vlan-interface300] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] isis 1
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] network-entity 20.0000.0000.0004.00
[SwitchD-isis-1] quit
[SwitchD] interface interface vlan-interface 300
[SwitchD-Vlan-interface300] isis enable 1
[SwitchD-Vlan-interface300] quit
# Display IS-IS routing information on each switch.
[SwitchA] display isis route
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL VLAN100 Direct D/L/-
10.1.2.0/24 20 NULL VLAN100 10.1.1.1 R/-/-
192.168.0.0/24 20 NULL VLAN100 10.1.1.1 R/-/-
0.0.0.0/0 10 NULL VLAN100 10.1.1.1 R/-/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
[SwitchC] display isis route
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL VLAN100 Direct D/L/-
145
3.
10.1.2.0/24 10 NULL VLAN200 Direct D/L/-
192.168.0.0/24 10 NULL VLAN300 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL VLAN100 Direct D/L/-
10.1.2.0/24 10 NULL VLAN200 Direct D/L/-
192.168.0.0/24 10 NULL VLAN300 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
[SwitchD] display isis route
Route information for IS-IS(1)
------------------------------
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
192.168.0.0/24 10 NULL VLAN300 Direct D/L/-
10.1.1.0/24 20 NULL VLAN300 192.168.0.1 R/-/-
10.1.2.0/24 20 NULL VLAN300 192.168.0.1 R/-/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
Run RIPv2 between Switch D and Switch E, and configure IS-IS to redistribute RIP routes on Switch
D:
# Configure RIPv2 on Switch D.
[SwitchD] rip 1
[SwitchD-rip-1] network 10.0.0.0
[SwitchD-rip-1] version 2
[SwitchD-rip-1] undo summary
# Configure RIPv2 on Switch E.
[SwitchE] rip 1
[SwitchE-rip-1] network 10.0.0.0
[SwitchE-rip-1] version 2
[SwitchE-rip-1] undo summary
# Configure IS-IS to redistribute RIP routes on Switch D.
[SwitchD-rip-1] quit
[SwitchD] isis 1
[SwitchD–isis-1] import-route rip level-2
# Display IS-IS routing information on Switch C.
146
[SwitchC] display isis route
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL VLAN100 Direct D/L/-
10.1.2.0/24 10 NULL VLAN200 Direct D/L/-
192.168.0.0/24 10 NULL VLAN300 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL VLAN100 Direct D/L/-
10.1.2.0/24 10 NULL VLAN200 Direct D/L/-
192.168.0.0/24 10 NULL VLAN300 Direct D/L/-
10.1.4.0/24 10 NULL VLAN300 192.168.0.2 R/L/-
10.1.5.0/24 20 NULL VLAN300 192.168.0.2 R/L/-
10.1.6.0/24 20 NULL VLAN300 192.168.0.2 R/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
IS-IS authentication configuration example
Network requirements
, Switch A, Switch B, Switch C, and Switch D reside in the same IS-IS routing domain. Run IS-IS among them.
Switch A, Switch B, and Switch C belong to Area 10, and Switch D belongs to Area 20.
Configure neighbor relationship authentication between neighbors. Configure area authentication in
Area 10 to prevent untrusted routes from entering into the area. Configure routing domain authentication on Switch C and Switch D to prevent untrusted routes from entering the routing domain.
147
Figure 40 Network diagram
Configuration procedure
1.
2.
Configure IP addresses for interfaces. (Details not shown.)
Configure basic IS-IS:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] isis 1
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis enable 1
[SwitchA-Vlan-interface100] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] isis 1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] isis enable 1
[RouterB--Vlan-interface200] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] isis enable 1
[SwitchC-Vlan-interface200] quit
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] isis enable 1
[SwitchC-Vlan-interface300] quit
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] isis enable 1
148
3.
4.
5.
[SwitchC-Vlan-interface300] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] isis 1
[SwitchD-isis-1] network-entity 20.0000.0000.0001.00
[SwitchD-isis-1] quit
[SwitchD] interface vlan-interface 300
[SwitchD-Vlan-interface300] isis enable 1
[SwitchD-Vlan-interface300] quit
Configure neighbor relationship authentication between neighbors:
# Configure the authentication mode as MD5 and set the plaintext password to eRq on
VLAN-interface 100 of Switch A and on VLAN-interface 100 of Switch C.
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis authentication-mode md5 plain eRg
[SwitchA-Vlan-interface100] quit
[SwitchC] interface vlan-interface 100
[SwitchC-Vlan-interface100] isis authentication-mode md5 plain eRg
[SwitchC-Vlan-interface100] quit
# Configure the authentication mode as MD5 and set the plaintext password to t5Hr on
VLAN-interface 200 of Switch B and on VLAN-interface 200 of Switch C.
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] isis authentication-mode md5 plain t5Hr
[SwitchB-Vlan-interface200] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] isis authentication-mode md5 plain t5Hr
[SwitchC-Vlan-interface200] quit
# Configure the authentication mode as MD5 and set the plaintext password to hSec on
VLAN-interface 300 of Switch D and on VLAN-interface 300 of Switch C.
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] isis authentication-mode md5 plain hSec
[SwitchC-Vlan-interface300] quit
[SwitchD] interface vlan-interface 300
[SwitchD-Vlan-interface300] isis authentication-mode md5 plain hSec
[SwitchD-Vlan-interface300] quit
Configure the area authentication mode as MD5 and set the plaintext password to 10Sec on
Switch A, Switch B, and Switch C.
[SwitchA] isis 1
[SwitchA-isis-1] area-authentication-mode md5 plain 10Sec
[SwitchA-isis-1] quit
[SwitchB] isis 1
[SwitchB-isis-1] area-authentication-mode md5 plain 10Sec
[SwitchB-isis-1] quit
[SwitchC] isis 1
[SwitchC-isis-1] area-authentication-mode md5 plain 10Sec
[SwitchC-isis-1] quit
Configure routing domain authentication mode as MD5 and set the plaintext password to
1020Sec on Switch C and Switch D.
149
[SwitchC] isis 1
[SwitchC-isis-1] domain-authentication-mode md5 plain 1020Sec
[SwitchC-isis-1] quit
[SwitchD] isis 1
[SwitchD-isis-1] domain-authentication-mode md5 plain 1020Sec
IS-IS Graceful Restart configuration example
Network requirements
As shown in
Figure 41 , Switch A, Switch B, and Switch C belong to the same IS-IS routing domain.
Figure 41 Network diagram
Configuration procedure
1.
2.
3.
Configure IP addresses and subnet masks for interfaces. (Details not shown.)
Configure IS-IS on the switches to make sure Switch A, Switch B, and Switch C can communicate with each other at layer 3 and dynamic route update can be implemented among them with IS-IS.
(Details not shown.)
Configure IS-IS GR:
# Enable IS-IS GR on Switch A.
<SwitchA> system-view
[SwitchA] isis 1
[SwitchA-isis-1] graceful-restart
[SwitchA-isis-1] return
Verifying the configuration
After Switch A establishes adjacencies with Switch B and Switch C, they begin to exchange routing information. Restart IS-IS on Switch A, which enters the restart state and sends connection requests to its neighbors through the Graceful Restart mechanism to synchronize the LSDB. To display the IS-IS GR status on Switch A, use the display isis graceful-restart status command.
# Restart the IS-IS process on Switch A.
<SwitchA> reset isis all 1 graceful-restart
Reset IS-IS process? [Y/N]:y
# Check the Graceful Restart status of IS-IS on Switch A.
<SwitchA> display isis graceful-restart status
Restart information for IS-IS(1)
--------------------------------
150
Restart status: COMPLETE
Restart phase: Finish
Restart t1: 3, count 10; Restart t2: 60; Restart t3: 300
SA Bit: supported
Level-1 restart information
---------------------------
Total number of interfaces: 1
Number of waiting LSPs: 0
Level-2 restart information
---------------------------
Total number of interfaces: 1
Number of waiting LSPs: 0
BFD for IS-IS configuration example
Network requirements
•
As shown in Figure 42 , run IS-IS on Switch A, Switch B and Switch C so that can reach each other
at the network layer.
•
After the link over which Switch A and Switch B communicate through the Layer-2 switch fails, BFD can quickly detect the failure and notify IS-IS of the failure. Switch A and Switch B then communicate through Switch C.
Figure 42 Network diagram
Switch A
Switch C
Vlan-int10
Vlan-int11
10.1.0.102/24
11.1.1.2/24
Device
Switch B
Configuration procedure
1.
2.
Configure IP addresses for interfaces. (Details not shown.)
Configure basic IS-IS:
# Configure Switch A.
<SwitchA> system-view
Interface IP address
Vlan-int10 10.1.0.100/24
Vlan-int13 13.1.1.1/24
151
3.
[SwitchA] isis
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlan-interface 10
[SwitchA-Vlan-interface10] isis enable
[SwitchA-Vlan-interface10] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] isis enable
[SwitchA-Vlan-interface11] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] isis
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlan-interface 10
[SwitchB-Vlan-interface10] isis enable
[SwitchB-Vlan-interface10] quit
[SwitchB] interface vlan-interface 13
[SwitchB-Vlan-interface13] isis enable
[SwitchB-Vlan-interface13] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] isis
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
[SwitchC] interface vlan-interface 11
[SwitchC-Vlan-interface11] isis enable
[SwitchC-Vlan-interface11] quit
[SwitchC] interface vlan-interface 13
[SwitchC-Vlan-interface13] isis enable
[SwitchC-Vlan-interface13] quit
Configure BFD functions:
# Enable BFD and configure BFD parameters on Switch A.
[SwitchA] bfd session init-mode passive
[SwitchA] interface vlan-interface 10
[SwitchA-Vlan-interface10] isis bfd enable
[SwitchA-Vlan-interface10] bfd min-receive-interval 500
[SwitchA-Vlan-interface10] bfd min-transmit-interval 500
[SwitchA-Vlan-interface10] bfd detect-multiplier 7
# Enable BFD and configure BFD parameters on Switch B.
[SwitchB] bfd session init-mode active
[SwitchB] interface vlan-interface 10
[SwitchB-Vlan-interface10] isis bfd enable
[SwitchB-Vlan-interface10] bfd min-receive-interval 500
[SwitchB-Vlan-interface10] bfd min-transmit-interval 500
[SwitchB-Vlan-interface10] bfd detect-multiplier 8
[SwitchB-Vlan-interface10] return
152
Verifying the configuration
# Display the BFD session information on Switch A.
<SwitchA> display bfd session
Total Session Num: 1 Up Session Num: 1 Init Mode: Active
IPv4 Session Working Under Ctrl Mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
3/1 192.168.0.102 192.168.0.100 Up 1700ms Vlan10
# Display routes destined for 120.1.1.0/24 on Switch A.
<SwitchA> display ip routing-table 120.1.1.0 verbose
Summary Count : 1
Destination: 120.1.1.0/24
Protocol: ISIS Process ID: 1
SubProtID: 0x1 Age: 04h20m37s
Cost: 10 Preference: 10
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 0
NBRID: 0x26000002 LastAs: 0
AttrID: 0xffffffff Neighbor: 0.0.0.0
Flags: 0x1008c OrigNextHop: 192.168.0.100
Label: NULL RealNextHop: 192.168.0.100
BkLabel: NULL BkNextHop: N/A
Tunnel ID: Invalid Interface: Vlan-interface10
BkTunnel ID: Invalid BkInterface: N/A
The output shows that Switch A and Switch B communicate through VLAN-interface 10. Then the link over
VLAN-interface 10 fails.
# Display routes destined for 120.1.1.0/24 on Switch A.
<SwitchA> display ip routing-table 120.1.1.0 verbose
Summary Count : 1
Destination: 120.1.1.0/24
Protocol: ISIS Process ID: 1
SubProtID: 0x1 Age: 04h20m37s
Cost: 20 Preference: 10
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 0
NBRID: 0x26000002 LastAs: 0
AttrID: 0xffffffff Neighbor: 0.0.0.0
Flags: 0x1008c OrigNextHop: 10.1.1.100
Label: NULL RealNextHop: 10.1.1.100
153
BkLabel: NULL BkNextHop: N/A
Tunnel ID: Invalid Interface: Vlan-interface11
BkTunnel ID: Invalid BkInterface: N/A
The output shows that Switch A and Switch B communicate through VLAN-interface 11.
IS-IS FRR configuration example
Network requirements
As shown in
, Switch S, Switch A, and Switch D belong to the same IS-IS routing domain.
Configure IS-IS FRR so that when the Link A fails, traffic can be switched to Link B immediately.
Figure 43 Network diagram nt1
00
Vla n-i
12
.12
.12
.2/
24
Switch A
Link B
Vla
24.2
n-in
4.2
t10
4.2
1
/24
Vla n-i nt1
00
12
.12
.12
.1/
24
Link A
24.2
Vla
4.2
n-in
4.4
t10
/24
1
Loop 0
1.1.1.1/32
Switch S
Vlan-int200
13.13.13.1/24
Vlan-int200
13.13.13.2/24
Switch D
Loop 0
4.4.4.4/32
Configuration procedure
1.
2.
3.
Configure IP addresses and subnet masks for interfaces on the switches. (Details not shown.)
Configure IS-IS on the switches to make sure Switch A, Switch D, and Switch S can communicate with each other at Layer 3. (Details not shown.)
Configure IS-IS FRR:
Enable IS-IS FRR to automatically calculate a backup next hop, or designate a backup next hop by using a referenced routing policy.
{
(Method 1.) Enable IS-IS FRR to automatically calculate a backup next hop:
# Configure Switch S.
<SwitchS> system-view
{
[SwitchS] bfd echo-source-ip 1.1.1.1
[SwitchS] isis 1
[SwitchS-isis-1] fast-reroute auto
[SwitchS-isis-1] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] bfd echo-source-ip 4.4.4.4
[SwitchD] isis 1
[SwitchD-isis-1] fast-reroute auto
[SwitchD-isis-1] quit
(Method 2.) Enable IS-IS FRR to designate a backup next hop by using a referenced routing policy:
# Configure Switch S.
<SwitchS> system-view
[SwitchS] bfd echo-source-ip 1.1.1.1
154
[SwitchS] ip prefix-list abc index 10 permit 4.4.4.4 32
[SwitchS] route-policy frr permit node 10
[SwitchS-route-policy-frr-10] if-match ip address prefix-list abc
[SwitchS-route-policy-frr-10] apply fast-reroute backup-interface vlan-interface
100 backup-nexthop 12.12.12.2
[SwitchS-route-policy-frr-10] quit
[SwitchS] isis 1
[SwitchS-isis-1] fast-reroute route-policy frr
[SwitchS-isis-1] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] bfd echo-source-ip 4.4.4.4
[SwitchD] ip prefix-list abc index 10 permit 1.1.1.1 32
[SwitchD] route-policy frr permit node 10
[SwitchD-route-policy-frr-10] if-match ip address prefix-list abc
[SwitchD-route-policy-frr-10] apply fast-reroute backup-interface vlan-interface
101 backup-nexthop 24.24.24.2
[SwitchD-route-policy-frr-10] quit
[SwitchD] isis 1
[SwitchD-isis-1] fast-reroute route-policy frr
[SwitchD-isis-1] quit
Verifying the configuration
# Display route 4.4.4.4/32 on Switch S to view the backup next hop information.
[SwitchS] display ip routing-table 4.4.4.4 verbose
Summary Count : 1
Destination: 4.4.4.4/32
Protocol: ISIS Process ID: 1
SubProtID: 0x1 Age: 04h20m37s
Cost: 10 Preference: 10
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 0
NBRID: 0x26000002 LastAs: 0
AttrID: 0xffffffff Neighbor: 0.0.0.0
Flags: 0x1008c OrigNextHop: 13.13.13.2
Label: NULL RealNextHop: 13.13.13.2
BkLabel: NULL BkNextHop: 12.12.12.2
Tunnel ID: Invalid Interface: Vlan-interface200
BkTunnel ID: Invalid BkInterface: Vlan-interface100
# Display route 1.1.1.1/32 on Switch D to view the backup next hop information.
[SwitchD] display ip routing-table 1.1.1.1 verbose
Summary Count : 1
Destination: 1.1.1.1/32
155
Protocol: ISIS Process ID: 1
SubProtID: 0x1 Age: 04h20m37s
Cost: 10 Preference: 10
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 0
NBRID: 0x26000002 LastAs: 0
AttrID: 0xffffffff Neighbor: 0.0.0.0
Flags: 0x1008c OrigNextHop: 13.13.13.1
Label: NULL RealNextHop: 13.13.13.1
BkLabel: NULL BkNextHop: 24.24.24.2
Tunnel ID: Invalid Interface: Vlan-interface200
BkTunnel ID: Invalid BkInterface: Vlan-interface101
156
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement