advertisement
Configuring IS-IS
This chapter describes how to configure IS-IS for IPv4 networks.
Overview
Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the ISO to operate on the connectionless network protocol (CLNP).
IS-IS was modified and extended in RFC 1195 by the IETF for application in both TCP/IP and OSI reference models, called "Integrated IS-IS" or "Dual IS-IS."
IS-IS is an IGP used within an AS. It uses the SPF algorithm for route calculation.
Terminology
•
Intermediate system—Similar to a router in TCP/IP, IS is the basic unit used in an IS-IS routing domain to generate and propagate routing information. Throughout this chapter, an IS refers to a router.
• End system—Similar to a host in TCP/IP, an ES does not run IS-IS. ISO defines the ES-IS protocol for communication between an ES and an IS.
•
Routing domain—An RD comprises a group of ISs that exchange routing information with each other by using the same routing protocol.
•
Area—An IS-IS routing domain can be split into multiple areas.
•
Link State Database—All link states in the network form the LSDB. Each IS has at least one LSDB. An
IS uses the SPF algorithm and LSDB to generate IS-IS routes.
• Link State Protocol Data Unit or Link State Packet —An IS advertises link state information in an LSP.
•
Network Protocol Data Unit—An NPDU is a network layer protocol packet in OSI, similar to an IP packet in TCP/IP.
• Designated IS—A DIS is elected on a broadcast network.
• Network service access point—An NSAP is an OSI network layer address. The NSAP identifies an abstract network service access point and describes the network address format in the OSI reference model.
IS-IS address format
NSAP
, an NSAP address comprises the Initial Domain Part (IDP) and the Domain
Specific Part (DSP). The IDP is analogous to the network ID of an IP address, and the DSP is analogous to the subnet and host ID.
The IDP includes the Authority and Format Identifier (AFI) and the Initial Domain Identifier (IDI).
The DSP includes:
• High Order Part of DSP (HO-DSP)—Identifies the area.
• System ID—Identifies the host.
108
• SEL—Identifies the type of service.
The IDP and DSP are variable in length. The length of an NSAP address ranges from 8 bytes to 20 bytes.
Figure 30 NSAP address format
Area address
The area address comprises the IDP and the HO-DSP of the DSP, which identify the area and the routing domain. Different routing domains cannot have the same area address.
Typically, a router only needs one area address, and all nodes in the same area must have the same area address. To support smooth area merging, partitioning, and switching, a router can have a maximum of three area addresses.
System ID
A system ID uniquely identifies a host or router. It has a fixed length of 48 bits (6 bytes).
The system ID of a device can be generated from the router ID. For example, suppose a router uses the
IP address 168.10.1.1 of Loopback 0 as the router ID. The system ID can be obtained in the following steps:
1.
Extend each decimal number of the IP address to three digits by adding 0s from the left, such as
168.010.001.001.
2.
Divide the extended IP address into three sections that each has four digits to get the system ID
1680.1000.1001.
If you use other methods to define a system ID, make sure that it can uniquely identify the host or router.
SEL
The N-SEL, or the NSAP selector (SEL), is similar to the protocol identifier in IP. Different transport layer protocols correspond to different SELs. All SELs in IP are 00.
Routing method
The IS-IS address format identifies the area, so a Level-1 router can easily identify packets destined to other areas. IS-IS routers perform routing as follows:
•
A Level-1 router performs intra-area routing according to the system ID. If the destination address of a packet does not belong to the local area, the Level-1 router forwards it to the nearest Level-1-2 router.
• A Level-2 router performs inter-area routing according to the area address.
NET
A network entity title (NET) identifies the network layer information of an IS. It does not include transport layer information. A NET is a special NSAP address with the SEL being 0. The length of a NET ranges from 8 bytes to 20 bytes, same as a NSAP address.
A NET includes the following parts:
• Area ID—Has a length of 1 to 13 bytes.
109
• System ID—A system ID uniquely identifies a host or router in the area and has a fixed length of 6 bytes.
•
SEL—Has a value of 0 and a fixed length of 1 byte.
For example, for a NET ab.cdef.1234.5678.9abc.00, the area ID is ab.cdef, the system ID is
1234.5678.9abc, and the SEL is 00.
Typically, a router only needs one NET, but it can have a maximum of three NETs for smooth area merging and partitioning. When you configure multiple NETs, make sure the system IDs are the same.
IS-IS area
IS-IS has a 2-level hierarchy to support large-scale networks. A large-scale routing domain is divided into multiple areas. Typically, a Level-1 router is deployed within an area, a Level-2 router is deployed between areas, and a Level-1-2 router is deployed between Level-1 and Level-2 routers.
Level-1 and Level-2
•
Level-1 router—A Level-1 router establishes neighbor relationships with Level-1 and Level-1-2 routers in the same area. It maintains a LSDB comprising intra-area routing information. A Level-1 router forwards packets destined for external areas to the nearest Level-1-2 router. Level-1 routers in different areas cannot establish neighbor relationships.
•
Level-2 router—A Level-2 router establishes neighbor relationships with Level-2 and Level-1-2 routers in the same area or in different areas. It maintains a Level-2 LSDB containing inter-area routing information. All the Level-2 and Level-1-2 routers must be contiguous to form the backbone of the IS-IS routing domain. Level-2 routers can establish neighbor relationships regardless of the areas they reside in.
• Level-1-2 router—A router with both Level-1 and Level-2 router functions is a Level-1-2 router. It can establish Level-1 neighbor relationships with Level-1 and Level-1-2 routers in the same area, and establish Level-2 neighbor relationships with Level-2 and Level-1-2 routers in different areas. A Level-1 router can reach other areas only through a Level-1-2 router. The Level-1-2 router maintains two LSDBs, a Level-1 LSDB for intra-area routing and a Level-2 LSDB for inter-area routing.
shows one IS-IS network topology. Area 1 is the backbone that comprises a set of Level-2 routers. The other four areas are non-backbone areas connected to the backbone through Level-1-2 routers.
110
Figure 31 IS-IS topology 1
Area 2
L1/L2
L1
L2
L2
L1/L2
Area 3
L2
Area 1
L2
L1/L2
Area 5
L1/L2
L1
Area 4
L1 L1
L1 L1
shows another IS-IS topology. The Level-1-2 routers connect to the Level-1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology. The backbone comprises all contiguous Level-2 and Level-1-2 routers in different areas. The IS-IS backbone does not need to be a specific area.
Figure 32 IS-IS topology 2
Area 3
Area 2
L1/L2
L1
L2
Area 4
L2
L1/L2
L2
Area 1
L2
L1/L2
Area 5
L1/L2
L1
L1
L1 L1
L1
Both the Level-1 and Level-2 routers use the SPF algorithm to generate the shortest path tree.
111
Route leaking
Level-2 and Level-1-2 routers form a Level-2 area. An IS-IS routing domain comprises only one Level-2 area and multiple Level-1 areas. A Level-1 area must connect to the Level-2 area rather than other Level-1 area.
The routing information of each Level-1 area is sent to the Level-2 area through a Level-1-2 router, so a
Level-2 router knows the routing information of the entire IS-IS routing domain. By default, a Level-2 router does not advertise the routing information of other Level-1 areas and the Level-2 area to a Level-1 area, so a Level-1 router simply sends packets destined for other areas to the nearest Level-1-2 router. The path passing through the Level-1-2 router may not be the best. To solve this problem, IS-IS provides the route leaking feature.
Route leaking enables a Level-1-2 router to advertise the routes of other Level-1 areas and the Level-2 area to the connected Level-1 area so that the Level-1 routers can select the optimal routes for packets.
IS-IS network types
Network types
IS-IS supports the broadcast network (for example, Ethernet and Token Ring) and the point-to-point network (for example, PPP and HDLC).
For an NBMA interface, such as an ATM interface, you must configure point-to-point or broadcast subinterfaces. IS-IS cannot run on P2MP links.
DIS and pseudonodes
IS-IS routers on a broadcast network must elect a DIS.
The Level-1 and Level-2 DISs are elected separately. You can assign different priorities to a router for different level DIS elections. The higher the router priority, the more likely the router becomes the DIS. If multiple routers with the same highest DIS priority exist, the one with the highest SNPA (Subnetwork Point of Attachment) address (MAC address on a broadcast network) will be elected. A router can be the DIS for different levels.
IS-IS DIS election differs from OSPF DIS election in the following ways:
• A router with priority 0 can also participate in the DIS election.
•
When a router with a higher priority is added to the network, an LSP flooding process is performed to elect the router as the new DIS.
, the same level routers on a network, including non-DIS routers, establish adjacency with each other.
Figure 33 DIS in the IS-IS broadcast network
L1/L2 L1/L2
L2 adjacencies
L1 adjacencies
L1
DIS
L2
DIS
112
The DIS creates and updates pseudonodes, and generates LSPs for the pseudonodes, to describe all routers on the network.
A pseudonode represents a virtual node on the broadcast network. It is not a real router. In IS-IS, it is identified by the system ID of the DIS and a 1-byte Circuit ID (a non-zero value).
Using pseudonodes simplifies network topology and can reduce the amount of resources consumed by
SPF.
NOTE:
On an IS-IS broadcast network, all routers establish adjacency relationships, but they synchronize their
LSDBs through the DIS.
IS-IS PDUs
PDU
IS-IS PDUs are encapsulated into link layer frames. An IS-IS PDU has two parts, the headers and the variable length fields. The headers comprise the PDU common header and the PDU specific header. All
PDUs have the same PDU common header. The specific headers vary by PDU type.
Figure 34 PDU format
Table 4 PDU types
18
20
24
25
15
16
17
Level-1 LAN IS-IS hello PDU
Level-2 LAN IS-IS hello PDU
Point-to-Point IS-IS hello PDU
Level-1 Link State PDU
Level-2 Link State PDU
Level-1 Complete Sequence Numbers PDU
Level-2 Complete Sequence Numbers PDU
L1 LAN IIH
L2 LAN IIH
P2P IIH
L1 LSP
L2 LSP
L1 CSNP
L2 CSNP
26
Hello PDU
27
Level-1 Partial Sequence Numbers PDU
Level-2 Partial Sequence Numbers PDU
L1 PSNP
L2 PSNP
IS-to-IS hello (IIH) PDUs are used by routers to establish and maintain neighbor relationships. On broadcast networks, Level-1 routers use Level-1 LAN IIHs, and Level-2 routers use Level-2 LAN IIHs. The
P2P IIHs are used on point-to-point networks.
LSP
The LSPs carry link state information. LSPs include Level-1 LSPs and Level-2 LSPs. The Level-2 LSPs are sent by the Level-2 routers, and the Level-1 LSPs are sent by the Level-1 routers. The Level-1-2 router can send both types of LSPs.
113
SNP
A sequence number PDU (SNP) describes the complete or partial LSPs for LSDB synchronization.
SNPs include CSNP and PSNP, which are further divided into Level-1 CSNP, Level-2 CSNP, Level-1 PSNP, and Level-2 PSNP.
A CSNP describes the summary of all LSPs for LSDB synchronization between neighboring routers. On broadcast networks, CSNPs are sent by the DIS periodically (every 10 seconds by default). On point-to-point networks, CSNPs are sent only during the first adjacency establishment.
A PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request missing LSPs from a neighbor.
CLV
The variable fields of PDU comprise multiple Code-Length-Value (CLV) triplets.
Figure 35 CLV format
10
128
129
130
131
132
shows that different PDUs contain different CLVs. Codes 1 through 10 are defined in ISO 10589
(code 3 and 5 are not shown in the table), and others are defined in RFC 1195.
Table 5 CLV codes and PDU types
CLV Code
1
Name
Area Addresses
6
7
2
4
IS Neighbors (LSP)
Partition Designated Level2 IS
IS Neighbors (MAC Address)
IS Neighbors (SNPA Address)
8 Padding
Authentication Information
IP Internal Reachability Information
Protocols Supported
IP External Reachability Information
Inter-Domain Routing Protocol Information
IP Interface Address
PDU Type
IIH, LSP
LSP
L2 LSP
LAN IIH
LAN IIH
IIH
SNP
IIH, LSP, SNP
LSP
IIH, LSP
L2 LSP
L2 LSP
IIH, LSP
Protocols and standards
• ISO 10589 ISO IS-IS Routing Protocol
114
• ISO 9542 ES-IS Routing Protocol
•
ISO 8348/Ad2 Network Services Access Points
•
RFC 1195, Use of OSI IS-IS for Routing in TCP/IP and Dual Environments
• RFC 2763, Dynamic Hostname Exchange Mechanism for IS-IS
• RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS
•
RFC 2973, IS-IS Mesh Groups
•
RFC 3277, IS-IS Transient Blackhole Avoidance
• RFC 3358, Optional Checksums in ISIS
• RFC 3373, Three-Way Handshake for IS-IS Point-to-Point Adjacencies
•
RFC 3567, Intermediate System to Intermediate System (IS-IS) Cryptographic Authentication
•
RFC 3719, Recommendations for Interoperable Networks using IS-IS
• RFC 3786, Extending the Number of IS-IS LSP Fragments Beyond the 256 Limit
•
RFC 3787, Recommendations for Interoperable IP Networks using IS-IS
•
RFC 3847, Restart Signaling for IS-IS
IS-IS configuration task list
Tasks at a glance
•
(Required.)
•
(Optional.) Configuring the IS level and circuit level
•
(Optional.) Configuring P2P network type for an interface
(Optional.) Configuring IS-IS route control
•
•
Specifying a preference for IS-IS
•
Configuring the maximum number of ECMP routes
•
Configuring IS-IS route summarization
•
•
Configuring IS-IS route redistribution
•
Configuring IS-IS route filtering
•
Configuring IS-IS route leaking
115
Tasks at a glance
(Optional.) Tuning and optimizing IS-IS networks
•
Specifying intervals for sending IS-IS hello and CSNP packets
•
Specifying the IS-IS hello multiplier
•
Configuring a DIS priority for an interface
•
Disabling an interface from sending/receiving IS-IS packets
•
Enabling an interface to send small hello packets
•
•
Controlling SPF calculation interval
•
Configuring convergence priorities for specific routes
•
•
Configuring system ID to host name mappings
•
Enabling the logging of neighbor state changes
•
(Optional.) Enhancing IS-IS network security
•
Configuring neighbor relationship authentication
•
Configuring area authentication
•
Configuring routing domain authentication
(Optional.) Configuring IS-IS GR
(Optional.) Configuring BFD for IS-IS
(Optional.) Configuring IS-IS FRR
Configuring basic IS-IS
Configuration prerequisites
Before the configuration, complete the following tasks:
•
Configure the link layer protocol.
• Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
Enabling IS-IS
Step Command
1. Enter system view. system-view
2. Create an IS-IS process and enter its view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Assign a NET. network-entity net
4. Return to system view. quit
5. Enter interface view. interface interface-type
interface-number
6. Enable an IS-IS process on the interface. isis enable [ process-id ]
Remarks
N/A
By default, the IS-IS process is disabled.
By default, NET is not assigned.
N/A
N/A
By default, no IS-IS process is enabled.
116
Configuring the IS level and circuit level
Follow these guidelines when you configure the IS level for routers in only one area:
• Configure the IS level of all routers as Level-1 or Level-2 rather than different levels because the routers do not need to maintain two identical LSDBs.
•
Configure the IS level as Level-2 on all routers in an IP network for good scalability.
For an interface of a Level-1 (or Level-2) router, the circuit level can only be Level-1 (or Level-2). For an interface of a Level-1-2 router, the default circuit level is Level-1-2; if the router only needs to form Level-1 (or
Level-2) neighbor relationships, configure the circuit level for its interfaces as Level-1 (or Level-2) to limit neighbor relationship establishment.
To configure the IS level and circuit level:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Specify the IS level.
4. Return to system view.
5. Enter interface view. is-level { level-1 | level-1-2 | level-2 } quit interface interface-type
interface-number
N/A
By default, the IS level is Level-1-2.
N/A
N/A
6. Specify the circuit level. isis circuit-level [ level-1 | level-1-2
| level-2 ]
By default, an interface can establish either the Level-1 or Level-2 adjacency.
Configuring P2P network type for an interface
Perform this task only for a broadcast network that has up to two attached routers.
Interfaces with different network types operate differently. For example, broadcast interfaces on a network must elect the DIS and flood CSNP packets to synchronize the LSDBs, but P2P interfaces on a network do not need to elect the DIS, and have a different LSDB synchronization mechanism.
If only two routers exist on a broadcast network, configure the network type of attached interfaces as P2P to avoid DIS election and CSNP flooding, saving network bandwidth and speeding up network convergence.
To configure P2P network type for an interface:
Step Command
1. Enter system view. system-view
2. Enter interface view. interface interface-type
interface-number
Remarks
N/A
N/A
117
Step Command
3. Configure P2P network type for an interface. isis circuit-type p2p
Remarks
By default, the network type of an interface depends on the physical media. The network type of a
VLAN interface is broadcast.
Configuring IS-IS route control
Configuration prerequisites
Before the configuration, complete the following tasks:
•
Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
•
Enable IS-IS.
Configuring IS-IS link cost
The IS-IS cost of an interface is determined in the following order:
1.
IS-IS cost specified in interface view.
2.
3.
IS-IS cost specified in system view. The cost is applied to the interfaces associated with the IS-IS process.
Automatically calculated cost. If the cost style is wide or wide-compatible, IS-IS automatically calculates the cost using the formula: interface cost = (bandwidth reference value/interface bandwidth) ×10, in the range of 1 to16777214. For other cost styles,
Table 6 Automatic cost calculation scheme for cost styles other than wide and wide-compatible
Interface bandwidth
≤ 10 Mbps
≤ 100 Mbps
≤ 155 Mbps
≤ 622 Mbps
Interface cost
60
50
40
30
≤ 2500 Mbps 20
> 2500 Mbps
4.
10
If none of the above costs is used, a default cost of 10 applies.
Configuring an IS-IS cost for an interface
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
118
Step Command
3. (Optional.) Specify an
IS-IS cost style. cost-style { narrow | wide | wide-compatible
| { compatible | narrow-compatible }
[ relax-spf-limit ] }
4. Return to system view. quit
5. Enter interface view. interface interface-type interface-number
6. (Optional.) Specify a cost for the IS-IS interface. isis cost value [ level-1 | level-2 ]
Configuring a global IS-IS cost
Remarks
By default, the IS-IS cost type is narrow.
N/A
N/A
By default, no cost for the interface is specified.
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
Remarks
N/A isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A
3. (Optional.) Specify an IS-IS cost style. cost-style { narrow | wide | wide-compatible |
{ compatible | narrow-compatible }
[ relax-spf-limit ] }
4. Specify a global
IS-IS cost. circuit-cost value [ level-1 | level-2 ]
Enabling automatic IS-IS cost calculation
By default, the IS-IS cost style is narrow.
By default, no global cost is specified.
Step Command
1. Enter system view. system-view
Remarks
N/A
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
N/A
3. Specify an IS-IS cost style. cost-style { wide | wide-compatible } By default, the IS-IS cost is narrow.
4. Enable automatic IS-IS cost calculation.
5. (Optional.) Configure a bandwidth reference value for automatic IS-IS cost calculation. auto-cost enable bandwidth-reference value
By default, automatic IS-IS cost calculation is disabled.
The default setting is100 Mbps.
Specifying a preference for IS-IS
If multiple routing protocols find routes to the same destination, the route found by the routing protocol that has the highest preference is selected as the optimal route.
Perform this task to assign a preference to IS-IS directly or by using a routing policy. For more information about the routing policy, see "Configuring routing policies."
To configure a preference for IS-IS:
119
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
3. Configure a prefrence for
IS-IS. isis [ process-id ] [ vpn-instance
vpn-instance-name ] preference { preference | route-policy
route-policy-name } *
Remarks
N/A
N/A
The default setting is
15.
Configuring the maximum number of ECMP routes
Perform this task to implement load sharing over ECMP routes.
To configure the maximum number of ECMP routes:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
3. Specify the maximum number of ECMP routes. maximum load-balancing number
By default, the maximum number of ECMP routes is the same as that configured in the max-ecmp-num command. For more information about the max-ecmp-num command, see IP Routing
Command Reference.
Configuring IS-IS route summarization
Perform this task to summarize specific routes, including IS-IS routes and redistributed routes, into a single route. Route summarization can reduce the routing table size and the LSDB scale.
Route summarization applies only to locally generated LSPs. The cost of the summary route is the lowest one among the costs of the more-specific routes.
To configure route summarization:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
3. Configure IS-IS route summarization. isis [ process-id ] [ vpn-instance
vpn-instance-name ] summary ip-address { mask | mask-length }
[ avoid-feedback | generate_null0_route |
[ level-1 | level-1-2 | level-2 ] | tag tag ] *
Remarks
N/A
N/A
By default, route summarization is not configured.
120
Advertising a default route
IS-IS cannot redistribute a default route to its neighbors. This task enables IS-IS to advertise a default route of 0.0.0.0/0 in an LSP to the same-level neighbors. Upon receiving the default route, the neighbors add it into their routing table.
To advertise a default route:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
3. Advertise a default route. default-route-advertise [ [ level-1 | level-1-2
| level-2 ] | route-policy route-policy-name ]
*
By default, IS-IS does not advertise a default route.
The generated routes are advertised to only the same-level neighbors.
Configuring IS-IS route redistribution
Perform this task to redistribute routes from other routing protocols into IS-IS. You can specify a cost for redistributed routes and specify the maximum number of redistributed routes.
To configure IS-IS route redistribution from other routing protocols:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
3. Redistribute routes from other routing protocols or other IS-IS processes. import-route protocol [ process-id | all-processes | allow-ibgp ] [ cost cost
| cost-type { external | internal } |
[ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag
tag ] *
By default, no route is redistributed.
By default, if no level is specified, this command redistributes routes into the
Level-2 routing table.
This command redistributes only active routes. To display active routes, use the display ip routing-table protocol command.
4. (Optional.) Configure the maximum number of redistributed Level
1/Level 2 IPv4 routes. import-route limit number
By default, the maximum number of redistributed Level 1/Level 2 IPv4 routes is not configured.
Configuring IS-IS route filtering
You can use an ACL, IP prefix list, or routing policy to filter routes calculated using received LSPs and routes redistributed from other routing protocols.
121
Filtering routes calculated from received LSPs
IS-IS saves LSPs received from neighbors in the LSDB, uses the SPF algorithm to calculate the shortest path tree with itself as the root, and installs the routes to the IS-IS routing table.
Perform this task to filter calculated routes. Only routes that are not filtered can be added to the IS-IS routing table.
To filter routes calculated using received LSPs:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
3. Filter routes calculated using received LSPs. filter-policy { acl-number | prefix-list
prefix-list-name | route-policy
route-policy-name } import
By default, IS-IS accepts all routes calculated using received LSPs.
Filtering redistributed routes
IS-IS can redistribute routes from other routing protocols or other IS-IS processes, add them to the IS-IS routing table, and advertise them in LSPs.
Perform this task to filter redistributed routes. Only routes that are not filtered can be added to the IS-IS routing table and advertised to neighbors.
To filter redistributed routes:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
3. Filter routes redistributed from other routing protocols or IS-IS processes. isis [ process-id ] [ vpn-instance
vpn-instance-name ] filter-policy { acl-number | prefix-list
prefix-list-name | route-policy
route-policy-name } export [ protocol
[ process-id ] ]
Remarks
N/A
N/A
By default, IS-IS accepts all redistributed routes.
Configuring IS-IS route leaking
Perform this task to control route advertisement (route leaking) between Level-1 and Level-2.
You can configure IS-IS to advertise routes from Level-2 to Level-1, and to not advertise routes from Level-1 to Level-2.
To configure IS-IS route leaking:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
122
Step Command
3. Configure route leaking from Level-1 to
Level-2. import-route isis level-1 into level-2 [ filter-policy
{ acl-number | prefix-list prefix-list-name | route-policy route-policy-name } | tag tag ] *
4. Configure route leaking from Level-2 to
Level-1. import-route isis level-2 into level-1 [ filter-policy
{ acl-number | prefix-list prefix-list-name | route-policy route-policy-name } | tag tag ] *
Remarks
By default, IS-IS advertises routes from Level-1 to
Level-2.
By default, IS-IS does not advertise routes from
Level-2 to Level-1.
Tuning and optimizing IS-IS networks
Configuration prerequisites
Before you tune and optimize IS-IS networks, complete the following tasks:
• Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
•
Enable IS-IS.
Specifying intervals for sending IS-IS hello and CSNP packets
Step Command
1. Enter system view. system-view
2. Enter interface view. interface interface-type
interface-number
Remarks
N/A
N/A
3. Specify the interval for sending hello packets. isis timer hello seconds [ level-1 | level-2 ]
The default setting is10 seconds.
The interval between hello packets sent by the DIS is 1/3 the hello interval set with the isis timer hello command.
4. Specify the interval for sending CSNP packets on the
DIS of a broadcast network. isis timer csnp seconds [ level-1 | level-2 ]
The default setting is10 seconds.
Specifying the IS-IS hello multiplier
If a neighbor receives no hello packets from the router within the advertised hold time, it considers the router down and recalculates the routes. The hold time is the hello multiplier multiplied by the hello interval.
On a broadcast link, Level-1 and Level-2 hello packets are advertised separately. You must set a hello multiplier for each level.
On a P2P link, Level-1 and Level-2 hello packets are advertised in P2P hello packets. You do not need to specify Level-1 or Level-2.
To specify the IS-IS hello multiplier:
Step Command
1. Enter system view. system-view
Remarks
N/A
123
Step Command
2. Enter interface view. interface interface-type
interface-number
3. Specify the number of hello packets a neighbor must miss before declaring the router is down. isis timer holding-multiplier value
[ level-1 | level-2 ]
Remarks
N/A
The default setting is
3.
Configuring a DIS priority for an interface
On a broadcast network, IS-IS must elect a router as the DIS at a routing level. You can specify a DIS priority at a level for an interface. The greater the interface's priority, the more likely it becomes the DIS.
If multiple routers in the broadcast network have the same highest DIS priority, the router with the highest
MAC address becomes the DIS.
To configure a DIS priority for an interface:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter interface view.
3. Configure a DIS priority for the interface. interface interface-type
interface-number isis dis-priority value [ level-1 | level-2 ]
N/A
The default setting is 64.
Disabling an interface from sending/receiving IS-IS packets
After being disabled from sending and receiving hello packets, an interface cannot form any neighbor relationship, but can advertise directly connected networks in LSPs through other interfaces. This can save bandwidth and CPU resources, and ensures that other routers know networks directly connected to the interface.
To disable an interface from sending and receiving IS-IS packets:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter interface view. interface interface-type
interface-number
3. Disable the interface from sending and receiving IS-IS packets. isis silent
N/A
By default, the interface can send and receive IS-IS packets.
Enabling an interface to send small hello packets
IS-IS messages cannot be fragmented at the IP layer because they are directly encapsulated in frames.
Any two IS-IS neighboring routers must negotiate a common MTU. To avoid sending big hellos to save bandwidth, enable the interface to send small hello packets without CLVs.
To enable an interface to send small hello packets:
124
Step Command
1. Enter system view. system-view
2. Enter interface view. interface interface-type
interface-number
3. Enable the interface to send small hello packets without
CLVs. isis small-hello
Remarks
N/A
N/A
By default, the interface can send standard hello packets.
Configuring LSP parameters
Configuring LSP timers
1.
Specify the maximum age of LSPs.
Each LSP has an age that decreases in the LSDB. IS-IS runs a process to delete any LSP with an age of 0 from the LSDB. You can adjust the age value based on the scale of a network.
To specify the maximum age of LSPs:
Step Command
1. Enter system view. system-view
Remarks
N/A
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
N/A
2.
3. Specify the maximum LSP age. timer lsp-max-age seconds
The default setting is1200 seconds.
Specify the LSP refresh interval and generation interval.
Each router needs to refresh its LSPs at a configurable interval and send them to other routers to prevent valid routes from aging out. A smaller refresh interval speeds up network convergence but consumes more bandwidth.
When the network topology changes, for example, a neighbor is down or up, or the interface metric, system ID, or area ID is changed, the router generates an LSP after a configurable interval.
If such a change occurs frequently, excessive LSPs are generated, consuming a large amount of router resources and bandwidth. To solve the problem, you can adjust the LSP generation interval.
When network changes are not frequent, the minimum-interval is adopted. If network changes become frequent, the LSP generation interval is incremented by incremental-interval × 2 n-2
(n is the number of calculation times) each time a generation occurs until the maximum-interval is reached.
To specify the LSP refresh interval and generation interval:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Specify the LSP refresh interval. timer lsp-refresh seconds
Remarks
N/A
N/A
By default, the LSP refresh interval is 900 seconds.
125
Step Command
4. Specify the LSP generation interval. timer lsp-generation maximum-interval
[ minimum-interval [ incremental-interval ] ]
[ level-1 | level-2 ]
Remarks
By default:
•
The maximum interval is 2 seconds.
•
The minimum interval is 0 milliseconds.
•
The incremental interval is
0 milliseconds.
3.
Specify LSP sending intervals.
If a change occurs in the LSDB, IS-IS advertises the changed LSP to neighbors. You can specify the minimum interval for sending such LSPs.
To avoid unnecessary retransmissions, configure an LSP sending interval according to the number of IS-IS interfaces or routes.
To configure LSP sending intervals:
Step Command
1. Enter system view. system-view
Remarks
N/A
2. Enter interface view. interface interface-type
interface-number
N/A
3. Specify the minimum interval for sending LSPs and the maximum LSP number that can be sent at a time. isis timer lsp time [ count count ]
By default, the minimum interval is 33 milliseconds, and the maximum LSP number that can be sent at a time is 5.
Specifying LSP lengths
IS-IS messages cannot be fragmented at the IP layer because they are directly encapsulated in frames.
IS-IS routers in an area must send LSPs smaller than the smallest interface MTU in the area.
If the IS-IS routers have different interface MTUs, HP recommends configuring the maximum size of generated LSP packets to be smaller than the smallest interface MTU in the area. Otherwise, the routers must dynamically adjust the LSP packet size to fit the smallest interface MTU, which takes time and affects other services.
To specify LSP lengths:
Remarks
N/A
Step Command
1. PreferenceEnter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Specify the maximum length of generated Level-1 LSPs or
Level-2 LSPs. lsp-length originate size [ level-1 | level-2 ]
4. Specify the maximum length of received LSPs. lsp-length receive size
N/A
By default, the maximum length of generated Level-1 LSPs or
Level-2 LSPs is 1497 bytes.
By default, the maximum length of received LSPs is 1497 bytes.
126
Enabling LSP flash flooding
Changed LSPs can trigger SPF recalculation. To advertise the changed LSPs before the router recalculates routes for faster network convergence, enable LSP flash flooding.
To enable LSP flash flooding:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
Remarks
N/A isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A
3. Enable LSP flash flooding. flash-flood [ flood-count flooding-count | max-timer-interval flooding-interval | [ level-1 | level-2 ] ] *
By default, LSP flash flooding is disabled.
Enabling LSP fragment extension
Perform this task to enable IS-IS fragment extension for an IS-IS process. The MTUs of all interfaces running the IS-IS process must not be less than 512. Otherwise, LSP fragment extension does not take effect.
To enable LSP fragment extension:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
3. Enable LSP fragment extension. isis [ process-id ] [ vpn-instance
vpn-instance-name ] lsp-fragments-extend [ level-1 | level-1-2 | level-2 ]
Remarks
N/A
N/A
By default, this feature is disabled.
4. Configure a virtual system
ID. virtual-system virtual-system-id
By default, no virtual system ID is configured.
Configure at least one virtual system to generate extended LSP fragments.
Controlling SPF calculation interval
Based on the LSDB, an IS-IS router uses the SPF algorithm to calculate the shortest path tree with itself being the root, and uses the shortest path tree to determine the next hop to a destination network. By adjusting the SPF calculation interval, you can prevent bandwidth and router resources from being overconsumed due to frequent topology changes.
When network changes are not frequent, the minimum-interval is adopted. If network changes become frequent, the SPF calculation interval is incremented by incremental-interval × 2 n-2 (n is the number of calculation times) each time a calculation occurs until the maximum-interval is reached.
To control SPF calculation interval:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
127
Step Command
3. Configure the SPF calculation interval. timer spf maximum-interval
[ minimum-interval [ incremental-interval ] ]
Remarks
By default:
•
The maximum interval is 5 seconds.
•
The minimum interval is 50 milliseconds.
•
The incremental interval is
200 milliseconds.
Configuring convergence priorities for specific routes
A topology change causes IS-IS routing convergence. To improve convergence speed, you can assign different convergence priorities to specific IS-IS routes, including critical, high, medium, and low. The higher the convergence priority, the faster the convergence speed.
IS-IS host routes have the medium convergence priority.
To assign convergence priorities to specific IS-IS routes:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
3. Assign convergence priorities to specific IS-IS routes. isis [ process-id ] [ vpn-instance
vpn-instance-name ] priority { critical | high | medium }
{ prefix-list prefix-list-name | tag
tag-value }
Remarks
N/A
N/A
By default, IS-IS routes have the lowest convergence priority.
Setting the LSDB overload bit
By setting the overload bit in sent LSPs, a router informs other routers of failures that make it unable to select routes and forward packets.
When an IS-IS router cannot record the complete LSDB, for example, because of memory insufficiency, it will calculate wrong routes. To make troubleshooting easier, temporarily isolate the router from the IS-IS network by setting the overload bit.
To set the LSDB overload bit:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ]
3. Set the overload bit. set-overload [ on-startup [ [ start-from-nbr system-id
[ timeout1 [ nbr-timeout ] ] ] | timeout2 ] [ allow { external
| interlevel } * ]
Remarks
N/A
N/A
By default, the overload bit is not set.
128
Configuring system ID to host name mappings
A 6-byte system ID in hexadecimal notation uniquely identifies a router or host in an IS-IS network. To make a system ID easy to read, the system allows you to use host names to identify devices and provides mappings between system IDs and host names.
The mappings can be configured manually or dynamically. Follow these guidelines when you configure the mappings:
• To view host names rather than system IDs by using the display isis lsdb command, you must enable dynamic system ID to host name mapping.
•
If you configure both dynamic mapping and static mapping on a router, the host name specified for dynamic mapping applies.
Configuring a static system ID to host name mapping
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Configure a system ID to host name mapping for a remote
IS. is-name map sys-id map-sys-name
Configuring dynamic system ID to host name mapping
Remarks
N/A
N/A
A system ID can correspond to only one host name.
Static system ID to host name mapping requires you to manually configure a mapping for each router in the network. When a new router is added to the network or a mapping must be modified, you must configure all routers manually.
When you use dynamic system ID to host name mapping, you only need to configure a host name for each router in the network. Each router advertises the host name in a dynamic host name CLV to other routers so all routers in the network can have all mappings.
To help check the origin of LSPs in the LSDB, you can configure a name for the DIS in a broadcast network.
To configure dynamic system ID to host name mapping:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Specify a host name for the IS and enable dynamic system ID to host name mapping. is-name sys-name
4. Return to system view. quit
5. Enter interface view. interface interface-type
interface-number
N/A
By default, no host name is specified for the router.
N/A
N/A
129
Step Command
6. Configure a DIS name. isis dis-name symbolic-name
Remarks
By default, no DIS name is configured.
This command takes effect only on a router enabled with dynamic system ID to host name mapping.
This command is not available on P2P interfaces.
Enabling the logging of neighbor state changes
With this feature enabled, the router delivers information about neighbor state changes to the terminal for display.
To enable the logging of neighbor state changes:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Enable the logging of neighbor state changes. log-peer-change
N/A
By default, the logging of neighbor state is enabled.
Enabling IS-IS ISPF
When the network topology changes, Incremental Shortest Path First (ISPF) computes only the affected part of the SPT, instead of the entire SPT.
To enable IS-IS ISPF:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view.
Remarks
N/A isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A
3. Enable IS-IS ISPF. ispf enable By default, IS-IS is disabled.
Enhancing IS-IS network security
To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication involves neighbor relationship authentication, area authentication, and routing domain authentication.
Configuration prerequisites
Before the configuration, complete the following tasks:
• Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
•
Enable IS-IS.
130
Configuring neighbor relationship authentication
With neighbor relationship authentication configured, an interface adds the password in the specified mode into hello packets to the peer and checks the password in the received hello packets. If the authentication succeeds, it forms the neighbor relationship with the peer.
The authentication mode and password at both ends must be identical.
To configure neighbor relationship authentication:
Step Command
1. Enter system view. system-view
2. Enter interface view.
Remarks
N/A interface interface-type interface-number N/A
3. Specify the authentication mode and password. isis authentication-mode { md5 | simple }
{ cipher cipher-string | plain plain-string }
[ level-1 | level-2 ] [ ip | osi ]
By default, no authentication is configured.
Configuring area authentication
Area authentication prevents the router from installing routing information from untrusted routers into the
Level-1 LSDB. The router encapsulates the authentication password in the specified mode in Level-1 packets (LSP, CSNP, and PSNP) and checks the password in received Level-1 packets.
Routers in a common area must have the same authentication mode and password.
To configure area authentication:
Remarks
N/A
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
3. Specify the area authentication mode and password. area-authentication-mode { md5 | simple } { cipher cipher-string | plain
plain-string } [ ip | osi ]
N/A
By default, no area authentication is configured.
Configuring routing domain authentication
Routing domain authentication prevents untrusted routing information from entering into a routing domain. A router with the authentication configured encapsulates the password in the specified mode into Level-2 packets (LSP, CSNP, and PSNP) and check the password in received Level-2 packets.
All the routers in the backbone must have the same authentication mode and password.
To configure routing domain authentication:
Step Command
1. Enter system view. system-view
2. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
131
Step Command
3. Specify the routing domain authentication mode and password. domain-authentication-mode
{ md5 | simple } { cipher
cipher-string | plain plain-string }
[ ip | osi ]
Remarks
By default, no routing domain authentication is configured.
Configuring IS-IS GR
GR ensures the continuity of packet forwarding when a routing protocol restarts.
• GR Restarter—Graceful restarting router. It must have GR capability.
•
GR Helper—A neighbor of the GR Restarter. It assists the GR Restarter to complete the GR process.
By default, a device acts as the GR Helper. Configure IS-IS GR on the GR Restarter.
GR Restarter uses the following timers:
• T1 timer—Specifies the times that GR Restarter can send a Restart TLV with the RR bit set. After restart, the GR Restarter sends a Restart TLV with the RR bit set to its neighbor. If the restarting router receives a Restart TLV with the RA set from its neighbor before the T1 timer expires, the GR process starts. Otherwise, the GR process fails.
• T2 timer—Specifies the LSDB synchronization interval. Each LSDB has a T2 timer. The Level-1-2 router has two T2 timers: a Level-1 timer and a Level-2 timer. If the LSDBs have not achieved synchronization before the two timers expire, the GR process fails.
• T3 timer—Specifies the GR interval. The GR interval is set as the holdtime in hello PDUs. Within the interval, the neighbors maintain their adjacency with the GR Restarter. If the GR process has not completed within the holdtime, the neighbors tear down the neighbor relationship and the GR process fails.
To configure GR on the GR Restarter:
Step Command
1. Enter system view. system-view
2. Enable IS-IS and enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
Remarks
N/A
N/A
3. Enable IS-IS GR.
4. (Optional.) Suppress the SA bit during restart. graceful-restart graceful-restart suppress-sa graceful-restart t1 seconds count
count
By default, the GR capability for IS-IS is disabled.
By default, the SA bit is not suppressed.
By enabling the GR Restarter to suppress the
Suppress-Advertisement (SA) bit in the hello
PDUs, the neighbors will still advertise their adjacency with the GR Restarter.
By default, the T1 timer is 3 seconds and can expire 10 times.
5. (Optional.) Configure the T1 timer.
6. (Optional.) Configure the T2 timer.
7. (Optional.) Configure the T3 timer. graceful-restart t2 seconds graceful-restart t3 seconds
By default, the T2 timer is 60 seconds.
By default, the T2 timer is 300 seconds.
132
Configuring BFD for IS-IS
BFD provides a single mechanism to quickly detect and monitor the connectivity of links between OSPF neighbors, reducing network convergence time. For more information about BFD, see High Availability
Configuration Guide.
To configure BFD for IS-IS:
Step Command
1. Enter system view. system-view
2. Enter interface view.
Remarks
N/A interface interface-type interface-number N/A
3. Enable IS-IS on an interface. isis enable [ process-id ] N/A
4. Enable BFD on an IS-IS interface. isis bfd enable
By default, an IS-IS interface is not enabled with BFD.
Configuring IS-IS FRR
A link or router failure on a path can cause packet loss and even routing loop. Such problems arise until
IS-IS completes the routing convergence based on the new network topology. IS-IS FRR enables fast rerouting to minimize the impact of link or node failures.
Figure 36 Network diagram for IS-IS FRR
hop when a link failure is detected. In this way, packets are directed to the backup next hop to reduce traffic recovery time. Meanwhile, IS-IS calculates the shortest path based on the new network topology, and forwards packets over the path after network convergence.
You can either enable IS-IS FRR to calculate a backup next hop automatically, or designate a backup next hop with a routing policy for routes matching specific criteria.
Configuration prerequisites
Before you configure IS-IS FRR, complete the following tasks:
• Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
•
Enable IS-IS.
133
Configuration guidelines
Do not use FRR and BFD at the same time. Otherwise, FRR may fail to take effect.
Configuring IS-IS FRR to automatically calculate a backup next hop
Step Command
1. Enter system view. system-view
2. Configure the source address of echo packets. bfd echo-source-ip ip-address
3. Enter IS-IS view. isis [ process-id ] [ vpn-instance
vpn-instance-name ]
4. Enable IS-IS FRR to automatically calculate a backup next hop. fast-reroute auto
Remarks
N/A
By default, the source address of echo packets is not configured.
N/A
By default, IS-IS FRR is disabled.
Configuring IS-IS FRR using a routing policy
You can use the apply fast-reroute backup-interface command to specify a backup next hop in a routing policy for routes matching specific criteria, and perform this task to reference the routing policy for IS-IS
FRR. For more information about the apply fast-reroute backup-interface command and routing policy configurations, see "Configuring routing policies."
To configure IS-IS FRR using a routing policy:
Step Command
1. Enter system view. system-view
2. Configure the source address of echo packets. bfd echo-source-ip ip-address
3. Enter IS-IS view.
4. Enable IS-IS FRR using a routing policy. isis [ process-id ] [ vpn-instance
vpn-instance-name ] fast-reroute route-policy
route-policy-name
Remarks
N/A
By default, the source address of echo packets is not configured.
N/A
By default, this feature is not enabled.
Displaying and maintaining IS-IS
Execute display commands in any view and the reset command in user view.
Task Command
Display brief IS-IS configuration information. display isis brief [ process-id ]
Display the IS-IS GR status. display isis graceful-restart status [ level-1 | level-2 ] [ process-id ]
134
Task Command
Display information about IS-IS enabled interfaces. display isis interface [ [ interface-type interface-number ] [ verbose ]
| statistics] [ process-id ]
Display IS-IS LSDB information. display isis lsdb [ [ level-1 | level-2 ] | local | lsp-id lspid |
[ lsp-name lspname ] | verbose ] * [ process-id ]
Display the host name to system ID mapping table.
Display IS-IS neighbor information.
Display IS-IS redistributed route information
Display IS-IS IPv4 routing information. display isis name-table [ process-id ] display isis peer [ statistics | verbose ] [ process-id ] display isis redistribute [ ipv4 [ ip-address mask-length ] ] [ level-1 | level-2 ] [ process-id ] display isis route [ ipv4 [ ip-address mask-length ] ] [ [ level-1 | level-2 ] | verbose ] * [ process-id ] display isis statistics [ level-1 | level-1-2 | level-2 ] [ process-id ] Display IS-IS statistics.
Clear IS-IS process data structure information.
Clear the data structure information of an
IS-IS neighbor. reset isis all [ process-id ] [ graceful-restart ] reset isis peer system-id [ process-id ]
IS-IS configuration examples
Basic IS-IS configuration example
Network requirements
As shown in
Figure 37 , Switch A, Switch B, Switch C, and Switch D reside in an IS-IS AS.
Switch A and B are Level-1 switches, Switch D is a Level-2 switch, and Switch C is a Level-1-2 switch. Switch
A, Switch B, and Switch C are in Area 10, and Switch D is in Area 20.
Figure 37 Network diagram
Configuration procedure
1.
Configure IP addresses for interfaces. (Details not shown.)
135
2.
Configure IS-IS:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] isis 1
[SwitchA-isis-1] is-level level-1
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis enable 1
[SwitchA-Vlan-interface100] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] isis 1
[SwitchB-isis-1] is-level level-1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] isis enable 1
[SwitchB-Vlan-interface200] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
[SwitchC] interface vlan-interface 100
[SwitchC-Vlan-interface100] isis enable 1
[SwitchC-Vlan-interface100] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] isis enable 1
[SwitchC-Vlan-interface200] quit
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] isis enable 1
[SwitchC-Vlan-interface300] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] isis 1
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] network-entity 20.0000.0000.0004.00
[SwitchD-isis-1] quit
[SwitchD] interface vlan-interface 100
[SwitchD-Vlan-interface100] isis enable 1
[SwitchD-Vlan-interface100] quit
[SwitchD] interface vlan-interface 300
[SwitchD-Vlan-interface300] isis enable 1
[SwitchD-Vlan-interface300] quit
Verifying the configuration
# Display the IS-IS LSDB on each switch to verify the LSPs.
136
[SwitchA] display isis lsdb
Database information for IS-IS(1)
---------------------------------
Level-1 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
--------------------------------------------------------------------------
0000.0000.0001.00-00* 0x00000004 0xdf5e 1096 68 0/0/0
0000.0000.0002.00-00 0x00000004 0xee4d 1102 68 0/0/0
0000.0000.0002.01-00 0x00000001 0xdaaf 1102 55 0/0/0
0000.0000.0003.00-00 0x00000009 0xcaa3 1161 111 1/0/0
0000.0000.0003.01-00 0x00000001 0xadda 1112 55 0/0/0
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
[SwitchB] display isis lsdb
Database information for IS-IS(1)
---------------------------------
Level-1 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
--------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000006 0xdb60 988 68 0/0/0
0000.0000.0002.00-00* 0x00000008 0xe651 1189 68 0/0/0
0000.0000.0002.01-00* 0x00000005 0xd2b3 1188 55 0/0/0
0000.0000.0003.00-00 0x00000014 0x194a 1190 111 1/0/0
0000.0000.0003.01-00 0x00000002 0xabdb 995 55 0/0/0
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
[SwitchC] display isis lsdb
Database information for IS-IS(1)
---------------------------------
Level-1 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
--------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000006 0xdb60 847 68 0/0/0
0000.0000.0002.00-00 0x00000008 0xe651 1053 68 0/0/0
0000.0000.0002.01-00 0x00000005 0xd2b3 1052 55 0/0/0
0000.0000.0003.00-00* 0x00000014 0x194a 1051 111 1/0/0
137
0000.0000.0003.01-00* 0x00000002 0xabdb 854 55 0/0/0
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
--------------------------------------------------------------------------
0000.0000.0003.00-00* 0x00000012 0xc93c 842 100 0/0/0
0000.0000.0004.00-00 0x00000026 0x331 1173 84 0/0/0
0000.0000.0004.01-00 0x00000001 0xee95 668 55 0/0/0
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
[SwitchD] display isis lsdb
Database information for IS-IS(1)
---------------------------------
Level-2 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0003.00-00 0x00000013 0xc73d 1003 100 0/0/0
0000.0000.0004.00-00* 0x0000003c 0xd647 1194 84 0/0/0
0000.0000.0004.01-00* 0x00000002 0xec96 1007 55 0/0/0
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
# Display the IS-IS routing information on each switch.
[SwitchA] display isis route
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL Vlan100 Direct D/L/-
10.1.2.0/24 20 NULL Vlan100 10.1.1.1 R/-/-
192.168.0.0/24 20 NULL Vlan100 10.1.1.1 R/-/-
0.0.0.0/0 10 NULL Vlan100 10.1.1.1 R/-/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
[SwitchC] display isis route
138
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
192.168.0.0/24 10 NULL Vlan300 Direct D/L/-
10.1.1.0/24 10 NULL Vlan100 Direct D/L/-
10.1.2.0/24 10 NULL Vlan200 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
192.168.0.0/24 10 NULL Vlan300 Direct D/L/-
10.1.1.0/24 10 NULL Vlan100 Direct D/L/-
10.1.2.0/24 10 NULL Vlan200 Direct D/L/-
172.16.0.0/16 20 NULL Vlan300 192.168.0.2 R/-/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
[SwitchD] display isis route
Route information for IS-IS(1)
------------------------------
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
192.168.0.0/24 10 NULL Vlan300 Direct D/L/-
10.1.1.0/24 20 NULL Vlan300 192.168.0.1 R/-/-
10.1.2.0/24 20 NULL Vlan300 192.168.0.1 R/-/-
172.16.0.0/16 10 NULL Vlan100 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
The output shows that the routing table of Level-1 switches contains a default route with the next hop as the Level-1-2 switch. The routing table of Level-2 switch contains both routing information of Level-1 and
Level-2.
139
DIS election configuration example
Network requirements
Switch A and Switch B are Level-1-2 switches, Switch C is a Level-1 switch, and Switch D is a Level-2 switch.
Change the DIS priority of Switch A to make it elected as the Level-1-2 DIS router.
Figure 38 Network diagram
Configuration procedure
1.
2.
Configure IP addresses for interfaces. (Details not shown.)
Enable IS-IS:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] isis 1
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis enable 1
[SwitchA-Vlan-interface100] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] isis 1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] isis enable 1
[SwitchB-Vlan-interface100] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] is-level level-1
[SwitchC-isis-1] quit
140
[SwitchC] interface vlan-interface 100
[SwitchC-Vlan-interface100] isis enable 1
[SwitchC-Vlan-interface100] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] isis 1
[SwitchD-isis-1] network-entity 10.0000.0000.0004.00
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] quit
[SwitchD] interface vlan-interface 100
[SwitchD-Vlan-interface100] isis enable 1
[SwitchD-Vlan-interface100] quit
# Display information about IS-IS neighbors on Switch A.
[SwitchA] display isis peer
Peer information for IS-IS(1)
----------------------------
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0003.01
State: Up HoldTime: 21s Type: L1(L1L2) PRI: 64
System Id: 0000.0000.0003
Interface: Vlan-interface100 Circuit Id: 0000.0000.0003.01
State: Up HoldTime: 27s Type: L1 PRI: 64
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0004.01
State: Up HoldTime: 28s Type: L2(L1L2) PRI: 64
System Id: 0000.0000.0004
Interface: Vlan-interface100 Circuit Id: 0000.0000.0004.01
State: Up HoldTime: 30s Type: L2 PRI: 64
# Display information about IS-IS interfaces on Switch A.
[SwitchA] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
Id IPv4.State IPv6.State MTU Type DIS
001 Up Down 1497 L1/L2 No/No
# Display information about IS-IS interfaces on Switch C.
[SwitchC] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
141
Id IPv4.State IPv6.State MTU Type DIS
001 Up Down 1497 L1/L2 Yes/No
# Display information about IS-IS interfaces on Switch D.
[SwitchD] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
Id IPv4.State IPv6.State MTU Type DIS
001 Up Down 1497 L1/L2 No/Yes
The output shows that when the default DIS priority is used, Switch C is the DIS for Level-1, and
Switch D is the DIS for Level-2. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01.
#Configure the DIS priority of Switch A.
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis dis-priority 100
[SwitchA-Vlan-interface100] quit
# Display IS-IS neighbors on Switch A.
[SwitchA] display isis peer
Peer information for IS-IS(1)
----------------------------
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 21s Type: L1(L1L2) PRI: 64
System Id: 0000.0000.0003
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 27s Type: L1 PRI: 64
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 28s Type: L2(L1L2) PRI: 64
System Id: 0000.0000.0004
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 30s Type: L2 PRI: 64
# Display information about IS-IS interfaces on Switch A.
[SwitchA] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
Id IPv4.State IPv6.State MTU Type DIS
142
001 Up Down 1497 L1/L2 Yes/Yes
The output shows that after the DIS priority configuration, Switch A becomes the DIS for Level-1-2, and the pseudonode is 0000.0000.0001.01.
# Display information about IS-IS neighbors and interfaces on Switch C.
[SwitchC] display isis peer
Peer information for IS-IS(1)
----------------------------
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 25s Type: L1 PRI: 64
System Id: 0000.0000.0001
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 7s Type: L1 PRI: 100
[SwitchC] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
Id IPv4.State IPv6.State MTU Type DIS
001 Up Down 1497 L1/L2 No/No
# Display information about IS-IS neighbors and interfaces on Switch D.
[SwitchD] display isis peer
Peer information for IS-IS(1)
----------------------------
System Id: 0000.0000.0001
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 9s Type: L2 PRI: 100
System Id: 0000.0000.0002
Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01
State: Up HoldTime: 28s Type: L2 PRI: 64
[SwitchD] display isis interface
Interface information for IS-IS(1)
----------------------------------
Interface: Vlan-interface100
Id IPv4.State IPv6.State MTU Type DIS
001 Up Down 1497 L1/L2 No/No
143
IS-IS route redistribution configuration example
Network requirements
As shown in
Figure 39 , Switch A, Switch B, Switch C, and Switch D reside in the same AS. They use IS-IS
to interconnect. Switch A and Switch B are Level-1 routers, Switch D is a Level-2 router, and Switch C is a
Level-1-2 router.
Redistribute RIP routes into IS-IS on Switch D.
Figure 39 Network diagram
Configuration procedure
1.
2.
Configure IP addresses for interfaces. (Details not shown.)
Configure basic IS-IS:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] isis 1
[SwitchA-isis-1] is-level level-1
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis enable 1
[SwitchA-Vlan-interface100] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] isis 1
[SwitchB-isis-1] is-level level-1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] isis enable 1
[SwitchB-Vlan-interface200] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] isis 1
144
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] isis enable 1
[SwitchC-Vlan-interface200] quit
[SwitchC] interface vlan-interface 100
[SwitchC-Vlan-interface100] isis enable 1
[SwitchC-Vlan-interface100] quit
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] isis enable 1
[SwitchC-Vlan-interface300] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] isis 1
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] network-entity 20.0000.0000.0004.00
[SwitchD-isis-1] quit
[SwitchD] interface interface vlan-interface 300
[SwitchD-Vlan-interface300] isis enable 1
[SwitchD-Vlan-interface300] quit
# Display IS-IS routing information on each switch.
[SwitchA] display isis route
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL VLAN100 Direct D/L/-
10.1.2.0/24 20 NULL VLAN100 10.1.1.1 R/-/-
192.168.0.0/24 20 NULL VLAN100 10.1.1.1 R/-/-
0.0.0.0/0 10 NULL VLAN100 10.1.1.1 R/-/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
[SwitchC] display isis route
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL VLAN100 Direct D/L/-
145
3.
10.1.2.0/24 10 NULL VLAN200 Direct D/L/-
192.168.0.0/24 10 NULL VLAN300 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL VLAN100 Direct D/L/-
10.1.2.0/24 10 NULL VLAN200 Direct D/L/-
192.168.0.0/24 10 NULL VLAN300 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
[SwitchD] display isis route
Route information for IS-IS(1)
------------------------------
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
192.168.0.0/24 10 NULL VLAN300 Direct D/L/-
10.1.1.0/24 20 NULL VLAN300 192.168.0.1 R/-/-
10.1.2.0/24 20 NULL VLAN300 192.168.0.1 R/-/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
Run RIPv2 between Switch D and Switch E, and configure IS-IS to redistribute RIP routes on Switch
D:
# Configure RIPv2 on Switch D.
[SwitchD] rip 1
[SwitchD-rip-1] network 10.0.0.0
[SwitchD-rip-1] version 2
[SwitchD-rip-1] undo summary
# Configure RIPv2 on Switch E.
[SwitchE] rip 1
[SwitchE-rip-1] network 10.0.0.0
[SwitchE-rip-1] version 2
[SwitchE-rip-1] undo summary
# Configure IS-IS to redistribute RIP routes on Switch D.
[SwitchD-rip-1] quit
[SwitchD] isis 1
[SwitchD–isis-1] import-route rip level-2
# Display IS-IS routing information on Switch C.
146
[SwitchC] display isis route
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL VLAN100 Direct D/L/-
10.1.2.0/24 10 NULL VLAN200 Direct D/L/-
192.168.0.0/24 10 NULL VLAN300 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.1.1.0/24 10 NULL VLAN100 Direct D/L/-
10.1.2.0/24 10 NULL VLAN200 Direct D/L/-
192.168.0.0/24 10 NULL VLAN300 Direct D/L/-
10.1.4.0/24 10 NULL VLAN300 192.168.0.2 R/L/-
10.1.5.0/24 20 NULL VLAN300 192.168.0.2 R/L/-
10.1.6.0/24 20 NULL VLAN300 192.168.0.2 R/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set
IS-IS authentication configuration example
Network requirements
, Switch A, Switch B, Switch C, and Switch D reside in the same IS-IS routing domain. Run IS-IS among them.
Switch A, Switch B, and Switch C belong to Area 10, and Switch D belongs to Area 20.
Configure neighbor relationship authentication between neighbors. Configure area authentication in
Area 10 to prevent untrusted routes from entering into the area. Configure routing domain authentication on Switch C and Switch D to prevent untrusted routes from entering the routing domain.
147
Figure 40 Network diagram
Configuration procedure
1.
2.
Configure IP addresses for interfaces. (Details not shown.)
Configure basic IS-IS:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] isis 1
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis enable 1
[SwitchA-Vlan-interface100] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] isis 1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] isis enable 1
[RouterB--Vlan-interface200] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] isis enable 1
[SwitchC-Vlan-interface200] quit
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] isis enable 1
[SwitchC-Vlan-interface300] quit
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] isis enable 1
148
3.
4.
5.
[SwitchC-Vlan-interface300] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] isis 1
[SwitchD-isis-1] network-entity 20.0000.0000.0001.00
[SwitchD-isis-1] quit
[SwitchD] interface vlan-interface 300
[SwitchD-Vlan-interface300] isis enable 1
[SwitchD-Vlan-interface300] quit
Configure neighbor relationship authentication between neighbors:
# Configure the authentication mode as MD5 and set the plaintext password to eRq on
VLAN-interface 100 of Switch A and on VLAN-interface 100 of Switch C.
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] isis authentication-mode md5 plain eRg
[SwitchA-Vlan-interface100] quit
[SwitchC] interface vlan-interface 100
[SwitchC-Vlan-interface100] isis authentication-mode md5 plain eRg
[SwitchC-Vlan-interface100] quit
# Configure the authentication mode as MD5 and set the plaintext password to t5Hr on
VLAN-interface 200 of Switch B and on VLAN-interface 200 of Switch C.
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] isis authentication-mode md5 plain t5Hr
[SwitchB-Vlan-interface200] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] isis authentication-mode md5 plain t5Hr
[SwitchC-Vlan-interface200] quit
# Configure the authentication mode as MD5 and set the plaintext password to hSec on
VLAN-interface 300 of Switch D and on VLAN-interface 300 of Switch C.
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] isis authentication-mode md5 plain hSec
[SwitchC-Vlan-interface300] quit
[SwitchD] interface vlan-interface 300
[SwitchD-Vlan-interface300] isis authentication-mode md5 plain hSec
[SwitchD-Vlan-interface300] quit
Configure the area authentication mode as MD5 and set the plaintext password to 10Sec on
Switch A, Switch B, and Switch C.
[SwitchA] isis 1
[SwitchA-isis-1] area-authentication-mode md5 plain 10Sec
[SwitchA-isis-1] quit
[SwitchB] isis 1
[SwitchB-isis-1] area-authentication-mode md5 plain 10Sec
[SwitchB-isis-1] quit
[SwitchC] isis 1
[SwitchC-isis-1] area-authentication-mode md5 plain 10Sec
[SwitchC-isis-1] quit
Configure routing domain authentication mode as MD5 and set the plaintext password to
1020Sec on Switch C and Switch D.
149
[SwitchC] isis 1
[SwitchC-isis-1] domain-authentication-mode md5 plain 1020Sec
[SwitchC-isis-1] quit
[SwitchD] isis 1
[SwitchD-isis-1] domain-authentication-mode md5 plain 1020Sec
IS-IS Graceful Restart configuration example
Network requirements
As shown in
Figure 41 , Switch A, Switch B, and Switch C belong to the same IS-IS routing domain.
Figure 41 Network diagram
Configuration procedure
1.
2.
3.
Configure IP addresses and subnet masks for interfaces. (Details not shown.)
Configure IS-IS on the switches to make sure Switch A, Switch B, and Switch C can communicate with each other at layer 3 and dynamic route update can be implemented among them with IS-IS.
(Details not shown.)
Configure IS-IS GR:
# Enable IS-IS GR on Switch A.
<SwitchA> system-view
[SwitchA] isis 1
[SwitchA-isis-1] graceful-restart
[SwitchA-isis-1] return
Verifying the configuration
After Switch A establishes adjacencies with Switch B and Switch C, they begin to exchange routing information. Restart IS-IS on Switch A, which enters the restart state and sends connection requests to its neighbors through the Graceful Restart mechanism to synchronize the LSDB. To display the IS-IS GR status on Switch A, use the display isis graceful-restart status command.
# Restart the IS-IS process on Switch A.
<SwitchA> reset isis all 1 graceful-restart
Reset IS-IS process? [Y/N]:y
# Check the Graceful Restart status of IS-IS on Switch A.
<SwitchA> display isis graceful-restart status
Restart information for IS-IS(1)
--------------------------------
150
Restart status: COMPLETE
Restart phase: Finish
Restart t1: 3, count 10; Restart t2: 60; Restart t3: 300
SA Bit: supported
Level-1 restart information
---------------------------
Total number of interfaces: 1
Number of waiting LSPs: 0
Level-2 restart information
---------------------------
Total number of interfaces: 1
Number of waiting LSPs: 0
BFD for IS-IS configuration example
Network requirements
•
As shown in Figure 42 , run IS-IS on Switch A, Switch B and Switch C so that can reach each other
at the network layer.
•
After the link over which Switch A and Switch B communicate through the Layer-2 switch fails, BFD can quickly detect the failure and notify IS-IS of the failure. Switch A and Switch B then communicate through Switch C.
Figure 42 Network diagram
Switch A
Switch C
Vlan-int10
Vlan-int11
10.1.0.102/24
11.1.1.2/24
Device
Switch B
Configuration procedure
1.
2.
Configure IP addresses for interfaces. (Details not shown.)
Configure basic IS-IS:
# Configure Switch A.
<SwitchA> system-view
Interface IP address
Vlan-int10 10.1.0.100/24
Vlan-int13 13.1.1.1/24
151
3.
[SwitchA] isis
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlan-interface 10
[SwitchA-Vlan-interface10] isis enable
[SwitchA-Vlan-interface10] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] isis enable
[SwitchA-Vlan-interface11] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] isis
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlan-interface 10
[SwitchB-Vlan-interface10] isis enable
[SwitchB-Vlan-interface10] quit
[SwitchB] interface vlan-interface 13
[SwitchB-Vlan-interface13] isis enable
[SwitchB-Vlan-interface13] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] isis
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
[SwitchC] interface vlan-interface 11
[SwitchC-Vlan-interface11] isis enable
[SwitchC-Vlan-interface11] quit
[SwitchC] interface vlan-interface 13
[SwitchC-Vlan-interface13] isis enable
[SwitchC-Vlan-interface13] quit
Configure BFD functions:
# Enable BFD and configure BFD parameters on Switch A.
[SwitchA] bfd session init-mode passive
[SwitchA] interface vlan-interface 10
[SwitchA-Vlan-interface10] isis bfd enable
[SwitchA-Vlan-interface10] bfd min-receive-interval 500
[SwitchA-Vlan-interface10] bfd min-transmit-interval 500
[SwitchA-Vlan-interface10] bfd detect-multiplier 7
# Enable BFD and configure BFD parameters on Switch B.
[SwitchB] bfd session init-mode active
[SwitchB] interface vlan-interface 10
[SwitchB-Vlan-interface10] isis bfd enable
[SwitchB-Vlan-interface10] bfd min-receive-interval 500
[SwitchB-Vlan-interface10] bfd min-transmit-interval 500
[SwitchB-Vlan-interface10] bfd detect-multiplier 8
[SwitchB-Vlan-interface10] return
152
Verifying the configuration
# Display the BFD session information on Switch A.
<SwitchA> display bfd session
Total Session Num: 1 Up Session Num: 1 Init Mode: Active
IPv4 Session Working Under Ctrl Mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
3/1 192.168.0.102 192.168.0.100 Up 1700ms Vlan10
# Display routes destined for 120.1.1.0/24 on Switch A.
<SwitchA> display ip routing-table 120.1.1.0 verbose
Summary Count : 1
Destination: 120.1.1.0/24
Protocol: ISIS Process ID: 1
SubProtID: 0x1 Age: 04h20m37s
Cost: 10 Preference: 10
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 0
NBRID: 0x26000002 LastAs: 0
AttrID: 0xffffffff Neighbor: 0.0.0.0
Flags: 0x1008c OrigNextHop: 192.168.0.100
Label: NULL RealNextHop: 192.168.0.100
BkLabel: NULL BkNextHop: N/A
Tunnel ID: Invalid Interface: Vlan-interface10
BkTunnel ID: Invalid BkInterface: N/A
The output shows that Switch A and Switch B communicate through VLAN-interface 10. Then the link over
VLAN-interface 10 fails.
# Display routes destined for 120.1.1.0/24 on Switch A.
<SwitchA> display ip routing-table 120.1.1.0 verbose
Summary Count : 1
Destination: 120.1.1.0/24
Protocol: ISIS Process ID: 1
SubProtID: 0x1 Age: 04h20m37s
Cost: 20 Preference: 10
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 0
NBRID: 0x26000002 LastAs: 0
AttrID: 0xffffffff Neighbor: 0.0.0.0
Flags: 0x1008c OrigNextHop: 10.1.1.100
Label: NULL RealNextHop: 10.1.1.100
153
BkLabel: NULL BkNextHop: N/A
Tunnel ID: Invalid Interface: Vlan-interface11
BkTunnel ID: Invalid BkInterface: N/A
The output shows that Switch A and Switch B communicate through VLAN-interface 11.
IS-IS FRR configuration example
Network requirements
As shown in
, Switch S, Switch A, and Switch D belong to the same IS-IS routing domain.
Configure IS-IS FRR so that when the Link A fails, traffic can be switched to Link B immediately.
Figure 43 Network diagram nt1
00
Vla n-i
12
.12
.12
.2/
24
Switch A
Link B
Vla
24.2
n-in
4.2
t10
4.2
1
/24
Vla n-i nt1
00
12
.12
.12
.1/
24
Link A
24.2
Vla
4.2
n-in
4.4
t10
/24
1
Loop 0
1.1.1.1/32
Switch S
Vlan-int200
13.13.13.1/24
Vlan-int200
13.13.13.2/24
Switch D
Loop 0
4.4.4.4/32
Configuration procedure
1.
2.
3.
Configure IP addresses and subnet masks for interfaces on the switches. (Details not shown.)
Configure IS-IS on the switches to make sure Switch A, Switch D, and Switch S can communicate with each other at Layer 3. (Details not shown.)
Configure IS-IS FRR:
Enable IS-IS FRR to automatically calculate a backup next hop, or designate a backup next hop by using a referenced routing policy.
{
(Method 1.) Enable IS-IS FRR to automatically calculate a backup next hop:
# Configure Switch S.
<SwitchS> system-view
{
[SwitchS] bfd echo-source-ip 1.1.1.1
[SwitchS] isis 1
[SwitchS-isis-1] fast-reroute auto
[SwitchS-isis-1] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] bfd echo-source-ip 4.4.4.4
[SwitchD] isis 1
[SwitchD-isis-1] fast-reroute auto
[SwitchD-isis-1] quit
(Method 2.) Enable IS-IS FRR to designate a backup next hop by using a referenced routing policy:
# Configure Switch S.
<SwitchS> system-view
[SwitchS] bfd echo-source-ip 1.1.1.1
154
[SwitchS] ip prefix-list abc index 10 permit 4.4.4.4 32
[SwitchS] route-policy frr permit node 10
[SwitchS-route-policy-frr-10] if-match ip address prefix-list abc
[SwitchS-route-policy-frr-10] apply fast-reroute backup-interface vlan-interface
100 backup-nexthop 12.12.12.2
[SwitchS-route-policy-frr-10] quit
[SwitchS] isis 1
[SwitchS-isis-1] fast-reroute route-policy frr
[SwitchS-isis-1] quit
# Configure Switch D.
<SwitchD> system-view
[SwitchD] bfd echo-source-ip 4.4.4.4
[SwitchD] ip prefix-list abc index 10 permit 1.1.1.1 32
[SwitchD] route-policy frr permit node 10
[SwitchD-route-policy-frr-10] if-match ip address prefix-list abc
[SwitchD-route-policy-frr-10] apply fast-reroute backup-interface vlan-interface
101 backup-nexthop 24.24.24.2
[SwitchD-route-policy-frr-10] quit
[SwitchD] isis 1
[SwitchD-isis-1] fast-reroute route-policy frr
[SwitchD-isis-1] quit
Verifying the configuration
# Display route 4.4.4.4/32 on Switch S to view the backup next hop information.
[SwitchS] display ip routing-table 4.4.4.4 verbose
Summary Count : 1
Destination: 4.4.4.4/32
Protocol: ISIS Process ID: 1
SubProtID: 0x1 Age: 04h20m37s
Cost: 10 Preference: 10
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 0
NBRID: 0x26000002 LastAs: 0
AttrID: 0xffffffff Neighbor: 0.0.0.0
Flags: 0x1008c OrigNextHop: 13.13.13.2
Label: NULL RealNextHop: 13.13.13.2
BkLabel: NULL BkNextHop: 12.12.12.2
Tunnel ID: Invalid Interface: Vlan-interface200
BkTunnel ID: Invalid BkInterface: Vlan-interface100
# Display route 1.1.1.1/32 on Switch D to view the backup next hop information.
[SwitchD] display ip routing-table 1.1.1.1 verbose
Summary Count : 1
Destination: 1.1.1.1/32
155
Protocol: ISIS Process ID: 1
SubProtID: 0x1 Age: 04h20m37s
Cost: 10 Preference: 10
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 0
NBRID: 0x26000002 LastAs: 0
AttrID: 0xffffffff Neighbor: 0.0.0.0
Flags: 0x1008c OrigNextHop: 13.13.13.1
Label: NULL RealNextHop: 13.13.13.1
BkLabel: NULL BkNextHop: 24.24.24.2
Tunnel ID: Invalid Interface: Vlan-interface200
BkTunnel ID: Invalid BkInterface: Vlan-interface101
156
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 1 Title Page
- 3 Contents
- 11 IP routing basics
- 11 Routing table
- 12 Dynamic routing protocols
- 12 Route preference
- 13 Load sharing
- 13 Route backup
- 13 Route recursion
- 13 Route redistribution
- 14 Configuring the maximum number of ECMP routes
- 14 Displaying and maintaining a routing table
- 16 Configuring static routing
- 16 Configuring a static route
- 17 Configuring BFD for static routes
- 17 Bidirectional control mode
- 18 Single-hop echo mode
- 19 Configuring static route FRR
- 19 Configuration guidelines
- 19 Configuration procedure
- 20 Displaying and maintaining static routes
- 20 Static route configuration examples
- 20 Basic static route configuration example
- 20 Network requirements
- 21 Configuration procedure
- 21 Verifying the configuration
- 22 BFD for static routes configuration example (direct next hop)
- 22 Network requirements
- 23 Configuration procedure
- 23 Verifying the configuration
- 24 BFD for static routes configuration example (indirect next hop)
- 24 Network requirements
- 25 Configuration procedure
- 25 Verifying the configuration
- 27 Static route FRR configuration example
- 27 Network requirements
- 27 Configuration procedure
- 27 Verifying the configuration
- 29 Configuring a default route
- 30 Configuring RIP
- 30 Overview
- 30 RIP route entries
- 30 Routing loop prevention
- 30 RIP operation
- 31 RIP versions
- 31 Protocols and standards
- 31 RIP configuration task list
- 32 Configuring basic RIP
- 32 Enabling RIP
- 33 Controlling RIP reception and advertisement on interfaces
- 33 Configuring a RIP version
- 34 Configuring RIP route control
- 34 Configuring an additional routing metric
- 35 Configuring RIPv2 route summarization
- 35 Enabling RIPv2 automatic route summarization
- 35 Advertising a summary route
- 36 Disabling host route reception
- 36 Advertising a default route
- 36 Configuring inbound/outbound route filtering
- 37 Configuring a preference for RIP
- 37 Configuring RIP route redistribution
- 38 Tuning and optimizing RIP networks
- 38 Configuration prerequisites
- 38 Configuring RIP timers
- 39 Configuring split horizon and poison reverse
- 39 Enabling split horizon
- 39 Enabling poison reverse
- 39 Configuring the maximum number of ECMP routes
- 40 Enabling zero field check on incoming RIPv1 messages
- 40 Enabling source IP address check on incoming RIP updates
- 41 Configuring RIPv2 message authentication
- 41 Configuring the RIP packet sending rate
- 41 Configuring RIP Graceful Restart
- 42 Configuring BFD for RIP
- 42 Configuring RIP FRR
- 43 Configuration restrictions and guidelines
- 43 Configuration prerequisites
- 43 Configuration procedure
- 43 Displaying and maintaining RIP
- 44 RIP configuration examples
- 44 Configuring basic RIP
- 44 Network requirements
- 44 Configuration procedure
- 46 Configuring RIP route redistribution
- 46 Network requirements
- 46 Configuration procedure
- 48 Configuring an additional metric for a RIP interface
- 48 Network requirements
- 48 Configuration procedure
- 50 Configuring RIP to advertise a summary route
- 50 Network requirements
- 50 Configuration procedure
- 52 Configuring BFD for RIP (single-hop echo detection)
- 52 Network requirements
- 53 Configuration procedure
- 54 Verifying the configuration
- 55 Configuring RIP FRR
- 55 Network requirements
- 55 Configuration procedure
- 56 Verifying the configuration
- 58 Configuring OSPF
- 58 Overview
- 58 OSPF packets
- 58 LSA types
- 59 OSPF areas
- 60 Backbone area and virtual links
- 61 Stub area and totally stub area
- 61 NSSA area and totally NSSA area
- 61 Router types
- 62 Route types
- 63 Route calculation
- 63 OSPF network types
- 63 DR and BDR
- 64 DR and BDR election
- 64 Protocols and standards
- 65 OSPF configuration task list
- 66 Enabling OSPF
- 66 Configuration prerequisites
- 66 Configuration guidelines
- 67 Configuration procedure
- 67 Configuring OSPF areas
- 68 Configuring a stub area
- 68 Configuring an NSSA area
- 69 Configuring a virtual link
- 69 Configuring OSPF network types
- 70 Configuration prerequisites
- 70 Configuring the broadcast network type for an interface
- 70 Configuring the NBMA network type for an interface
- 71 Configuring the P2MP network type for an interface
- 72 Configuring the P2P network type for an interface
- 72 Configuring OSPF route control
- 72 Configuration prerequisites
- 72 Configuring OSPF route summarization
- 72 Configuring route summarization on an ABR
- 73 Configuring route summarization when redistributing routes into OSPF on an ASBR
- 73 Configuring inbound OSPF route filtering
- 74 Configuring Type-3 LSA filtering
- 74 Configuring an OSPF cost for an interface
- 75 Configuring the maximum number of ECMP routes
- 75 Configuring OSPF preference
- 75 Configuring OSPF route redistribution
- 76 Configuring OSPF to redistribute routes from another routing protocol
- 76 Configuring OSPF to redistribute a default route
- 77 Configuring default parameters for redistributed routes
- 77 Advertising a host route
- 77 Tuning and optimizing OSPF networks
- 77 Configuration prerequisites
- 78 Configuring OSPF timers
- 78 Specifying LSA transmission delay
- 79 Specifying SPF calculation interval
- 79 Specifying the LSA arrival interval
- 80 Specifying the LSA generation interval
- 80 Disabling interfaces from receiving and sending OSPF packets
- 81 Configuring stub routers
- 81 Configuring OSPF authentication
- 82 Adding the interface MTU into DD packets
- 82 Configuring the maximum number of external LSAs in LSDB
- 82 Configuring OSPF exit overflow interval
- 83 Enabling compatibility with RFC 1583
- 83 Logging neighbor state changes
- 83 Configuring OSPF network management
- 84 Configuring the LSU transmit rate
- 84 Enabling OSPF ISPF
- 85 Configuring OSPF Graceful Restart
- 85 Configuring the OSPF GR Restarter
- 85 Configuring the IETF OSPF GR Restarter
- 85 Configuring the non-IETF OSPF GR Restarter
- 86 Configuring OSPF GR Helper
- 86 Configuring the IETF OSPF GR Helper
- 86 Configuring the non-IETF OSPF GR Helper
- 87 Triggering OSPF Graceful Restart
- 87 Configuring BFD for OSPF
- 87 Configuring bidirectional control detection
- 87 Configuring single-hop echo detection
- 88 Configuring OSPF FRR
- 88 Configuration prerequisites
- 88 Configuration guidelines
- 88 Configuring OSPF FRR to calculate a backup next hop using the LFA algorithm
- 89 Configuring OSPF FRR to specify a backup next hop using a routing policy
- 89 Displaying and maintaining OSPF
- 90 OSPF configuration examples
- 90 Configuring basic OSPF
- 90 Network requirements
- 91 Configuration procedure
- 92 Verifying the configuration
- 93 Configuring OSPF route redistribution
- 93 Network requirements
- 94 Configuration procedure
- 94 Verifying the configuration
- 95 Configuring OSPF to advertise a summary route
- 95 Network requirements
- 95 Configuration procedure
- 98 Configuring an OSPF stub area
- 98 Network requirements
- 98 Configuration procedure
- 100 Configuring an OSPF NSSA area
- 100 Network requirements
- 101 Configuration procedure
- 102 Configuring OSPF DR election
- 102 Network requirements
- 103 Configuration procedure
- 106 Configuring OSPF virtual links
- 106 Network requirements
- 107 Configuration procedure
- 108 Configuring OSPF Graceful Restart
- 108 Network requirements
- 109 Configuration procedure
- 110 Verifying the configuration
- 111 Configuring BFD for OSPF
- 111 Network requirements
- 111 Configuration procedure
- 112 Verifying the configuration
- 114 Configuring OSPF FRR
- 114 Network requirements
- 114 Configuration procedure
- 115 Verifying the configuration
- 116 Troubleshooting OSPF configuration
- 116 No OSPF neighbor relationship established
- 116 Symptom
- 116 Analysis
- 116 Solution
- 116 Incorrect routing information
- 116 Symptom
- 116 Analysis
- 116 Solution
- 118 Configuring IS-IS
- 118 Overview
- 118 Terminology
- 118 IS-IS address format
- 118 NSAP
- 119 Area address
- 119 System ID
- 119 SEL
- 119 Routing method
- 119 NET
- 120 IS-IS area
- 120 Level-1 and Level-2
- 122 Route leaking
- 122 IS-IS network types
- 122 Network types
- 122 DIS and pseudonodes
- 123 IS-IS PDUs
- 123 PDU
- 123 Hello PDU
- 123 LSP
- 124 SNP
- 124 CLV
- 124 Protocols and standards
- 125 IS-IS configuration task list
- 126 Configuring basic IS-IS
- 126 Configuration prerequisites
- 126 Enabling IS-IS
- 127 Configuring the IS level and circuit level
- 127 Configuring P2P network type for an interface
- 128 Configuring IS-IS route control
- 128 Configuration prerequisites
- 128 Configuring IS-IS link cost
- 128 Configuring an IS-IS cost for an interface
- 129 Configuring a global IS-IS cost
- 129 Enabling automatic IS-IS cost calculation
- 129 Specifying a preference for IS-IS
- 130 Configuring the maximum number of ECMP routes
- 130 Configuring IS-IS route summarization
- 131 Advertising a default route
- 131 Configuring IS-IS route redistribution
- 131 Configuring IS-IS route filtering
- 132 Filtering routes calculated from received LSPs
- 132 Filtering redistributed routes
- 132 Configuring IS-IS route leaking
- 133 Tuning and optimizing IS-IS networks
- 133 Configuration prerequisites
- 133 Specifying intervals for sending IS-IS hello and CSNP packets
- 133 Specifying the IS-IS hello multiplier
- 134 Configuring a DIS priority for an interface
- 134 Disabling an interface from sending/receiving IS-IS packets
- 134 Enabling an interface to send small hello packets
- 135 Configuring LSP parameters
- 135 Configuring LSP timers
- 136 Specifying LSP lengths
- 137 Enabling LSP flash flooding
- 137 Enabling LSP fragment extension
- 137 Controlling SPF calculation interval
- 138 Configuring convergence priorities for specific routes
- 138 Setting the LSDB overload bit
- 139 Configuring system ID to host name mappings
- 139 Configuring a static system ID to host name mapping
- 139 Configuring dynamic system ID to host name mapping
- 140 Enabling the logging of neighbor state changes
- 140 Enabling IS-IS ISPF
- 140 Enhancing IS-IS network security
- 140 Configuration prerequisites
- 141 Configuring neighbor relationship authentication
- 141 Configuring area authentication
- 141 Configuring routing domain authentication
- 142 Configuring IS-IS GR
- 143 Configuring BFD for IS-IS
- 143 Configuring IS-IS FRR
- 143 Configuration prerequisites
- 144 Configuration guidelines
- 144 Configuring IS-IS FRR to automatically calculate a backup next hop
- 144 Configuring IS-IS FRR using a routing policy
- 144 Displaying and maintaining IS-IS
- 145 IS-IS configuration examples
- 145 Basic IS-IS configuration example
- 145 Network requirements
- 145 Configuration procedure
- 146 Verifying the configuration
- 150 DIS election configuration example
- 150 Network requirements
- 150 Configuration procedure
- 154 IS-IS route redistribution configuration example
- 154 Network requirements
- 154 Configuration procedure
- 157 IS-IS authentication configuration example
- 157 Network requirements
- 158 Configuration procedure
- 160 IS-IS Graceful Restart configuration example
- 160 Network requirements
- 160 Configuration procedure
- 160 Verifying the configuration
- 161 BFD for IS-IS configuration example
- 161 Network requirements
- 161 Configuration procedure
- 163 Verifying the configuration
- 164 IS-IS FRR configuration example
- 164 Network requirements
- 164 Configuration procedure
- 165 Verifying the configuration
- 167 Configuring BGP
- 167 Overview
- 167 BGP speaker and BGP peer
- 167 BGP message types
- 168 BGP path attributes
- 172 BGP route selection
- 172 BGP route advertisement rules
- 172 BGP load balancing
- 173 Settlements for problems in large-scale BGP networks
- 176 MP-BGP
- 176 MP-BGP extended attributes
- 177 Address family
- 177 BGP configuration views
- 178 Protocols and standards
- 178 BGP configuration task list
- 181 Configuring basic BGP
- 181 Enabling BGP
- 181 Configuring a BGP peer
- 181 Configuring an IPv4 BGP peer
- 182 Configuring an IPv6 BGP peer
- 183 Configuring a BGP peer group
- 183 Configuring an IBGP peer group
- 184 Configuring an EBGP peer group
- 188 Specifying the source interface for TCP connections
- 189 Generating BGP routes
- 190 Injecting a local network
- 190 Redistributing IGP routes
- 191 Controlling route distribution and reception
- 192 Configuring BGP route summarization
- 192 Configuring automatic route summarization
- 192 Configuring manual route summarization
- 193 Advertising optimal routes in the IP routing table
- 193 Advertising a default route to a peer or peer group
- 194 Limiting routes received from a peer or peer group
- 195 Configuring BGP route filtering policies
- 195 Configuration prerequisites
- 195 Configuring BGP route distribution filtering policies
- 198 Configuring BGP route reception filtering policies
- 200 Configuring BGP route dampening
- 201 Controlling BGP path selection
- 201 Specifying a preferred value for routes received
- 202 Configuring preferences for BGP routes
- 203 Configuring the default local preference
- 204 Configuring the MED attribute
- 204 Configuring the default MED value
- 205 Enabling MED comparison for routes from different ASs
- 206 Enabling MED comparison for routes on a per-AS basis
- 207 Enabling MED comparison for routes from confederation peers
- 208 Configuring the NEXT_HOP attribute
- 210 Configuring the AS_PATH attribute
- 210 Permitting local AS number to appear in routes from a peer or peer group
- 211 Disabling BGP from considering AS_PATH during best route selection
- 211 Advertising a fake AS number to a peer or peer group
- 212 Configuring AS number substitution
- 213 Removing private AS numbers from updates sent to an EBGP peer or peer group
- 214 Ignoring the first AS number of EBGP route updates
- 215 Tuning and optimizing BGP networks
- 215 Configuring the keepalive interval and hold time
- 216 Configuring the interval for sending updates for the same route
- 217 Enabling BGP to establish an EBGP session over multiple hops
- 218 Enabling immediate reestablishment of direct EBGP connections upon link failure
- 218 Enabling 4-byte AS number suppression
- 219 Configuring MD5 authentication for BGP
- 220 Configuring BGP load balancing
- 221 Disabling BGP to establish a session to a peer or peer group
- 221 Configuring BGP soft-reset
- 222 Enabling route-refresh
- 223 Saving updates
- 224 Configuring manual soft-reset
- 225 Protecting an EBGP peer when memory usage reaches level 2 threshold
- 226 Configuring a large-scale BGP network
- 226 Configuring BGP community
- 228 Configuring a BGP route reflector
- 228 Configuring a BGP confederation
- 229 Configuring a BGP confederation
- 229 Configuring confederation compatibility
- 229 Configuring BGP GR
- 230 Enabling trap
- 231 Enabling logging of session state changes
- 231 Configuring BFD for BGP
- 232 Displaying and maintaining BGP
- 235 IPv4 BGP configuration examples
- 235 Basic BGP configuration example
- 235 Network requirements
- 235 Configuration considerations
- 235 Configuration procedure
- 239 Verifying the configuration
- 239 BGP and IGP route redistribution configuration example
- 239 Network requirements
- 239 Configuration considerations
- 239 Configuration procedure
- 241 Verifying the configuration
- 242 BGP route summarization configuration example
- 242 Network requirements
- 242 Configuration procedure
- 244 Verifying the configuration
- 245 BGP load balancing configuration example
- 245 Network requirements
- 245 Configuration considerations
- 245 Configuration procedure
- 247 Verifying the configuration
- 248 BGP community configuration example
- 248 Network requirements
- 248 Configuration procedure
- 250 Verifying the configuration
- 251 BGP route reflector configuration example
- 251 Network requirements
- 251 Configuration procedure
- 252 Verifying the configuration
- 253 BGP confederation configuration example
- 253 Network requirements
- 253 Configuration procedure
- 255 Verifying the configuration
- 257 BGP path selection configuration example
- 257 Network requirements
- 257 Configuration procedure
- 260 BGP GR configuration example
- 260 Network requirements
- 261 Configuration procedure
- 262 Verifying the configuration
- 262 BFD for BGP configuration example
- 262 Network requirements
- 263 Configuration procedure
- 264 Verifying the configuration
- 266 IPv6 BGP configuration examples
- 266 IPv6 BGP basic configuration example
- 266 Network requirements
- 266 Configuration procedure
- 267 Verifying the configuration
- 269 IPv6 BGP route reflector configuration example
- 269 Network requirements
- 269 Configuration procedure
- 270 Verifying the configuration
- 271 BFD for IPv6 BGP configuration example
- 271 Network requirements
- 272 Configuration procedure
- 273 Verifying the configuration
- 275 Troubleshooting BGP
- 275 Symptom
- 275 Analysis
- 275 Solution
- 277 Configuring PBR
- 277 Introduction to PBR
- 277 Policy
- 277 if-match clause
- 277 apply clause
- 277 Relationship between the match mode and clauses on the node
- 278 PBR and track
- 278 PBR configuration task list
- 278 Configuring a policy
- 278 Creating a node
- 278 Configuring match criteria for a node
- 279 Configuring actions for a node
- 279 Configuring PBR
- 279 Displaying and maintaining PBR
- 280 Packet type-based interface PBR configuration example
- 280 Network requirements
- 280 Configuration procedure
- 281 Verifying the configuration
- 282 Configuring IPv6 static routing
- 282 Configuring an IPv6 static route
- 282 Configuring BFD for IPv6 static routes
- 283 Bidirectional control mode
- 284 Single-hop echo mode
- 284 Displaying and maintaining IPv6 static routes
- 285 IPv6 static routing configuration examples
- 285 Basic IPv6 static route configuration example
- 285 Network requirements
- 285 Configuration procedure
- 286 BFD for IPv6 static routes configuration example (direct next hop)
- 286 Network requirements
- 287 Configuration procedure
- 288 Verifying the configuration
- 289 BFD for IPv6 static routes configuration example (indirect next hop)
- 289 Network requirements
- 289 Configuration procedure
- 290 Verifying the configuration
- 292 Configuring an IPv6 default route
- 293 Configuring RIPng
- 293 Overview
- 293 RIPng route entries
- 293 RIPng packets
- 294 Protocols and standards
- 294 RIPng configuration task list
- 294 Configuring basic RIPng
- 295 Configuring RIPng route control
- 295 Configuring an additional routing metric
- 295 Configuring RIPng route summarization
- 296 Advertising a default route
- 296 Configuring inbound/outbound route filtering
- 296 Configuring a preference for RIPng
- 297 Configuring RIPng route redistribution
- 297 Tuning and optimizing the RIPng network
- 297 Configuring RIPng timers
- 298 Configuring split horizon and poison reverse
- 298 Configuring split horizon
- 298 Configuring poison reverse
- 298 Configuring zero field check on RIPng packets
- 299 Configuring the maximum number of ECMP routes
- 299 Configuring RIPng Graceful Restart
- 300 Displaying and maintaining RIPng
- 300 RIPng configuration examples
- 300 Basic RIPng configuration example
- 300 Network requirements
- 300 Configuration procedure
- 302 Configuring RIPng route redistribution
- 302 Network requirements
- 303 Configuration procedure
- 306 Configuring OSPFv3
- 306 OSPFv3 overview
- 306 OSPFv3 packets
- 306 OSPFv3 LSA types
- 307 Protocols and standards
- 307 OSPFv3 configuration task list
- 308 Enabling OSPFv3
- 309 Configuring OSPFv3 area parameters
- 309 Configuration prerequisites
- 309 Configuring a stub area
- 309 Configuring an OSPFv3 virtual link
- 310 Configuring OSPFv3 network types
- 310 Configuration prerequisites
- 310 Configuring the OSPFv3 network type for an interface
- 311 Configuring an NBMA or P2MP neighbor
- 311 Configuring OSPFv3 route control
- 311 Configuration prerequisites
- 311 Configuring OSPFv3 route summarization
- 311 Configuring OSPFv3 inbound route filtering
- 312 Configuring Inter-Area-Prefix-LSA filtering
- 312 Configuring an OSPFv3 cost for an interface
- 313 Configuring the maximum number of OSPFv3 ECMP routes
- 313 Configuring a preference for OSPFv3
- 313 Configuring OSPFv3 route redistribution
- 314 Tuning and optimizing OSPFv3 networks
- 314 Configuration prerequisites
- 314 Configuring OSPFv3 timers
- 315 Specifying LSA transmission delay
- 315 Specifying SPF calculation interval
- 316 Specifying the LSA generation interval
- 316 Configuring a DR priority for an interface
- 316 Ignoring MTU check for DD packets
- 317 Disabling interfaces from receiving and sending OSPFv3 packets
- 317 Enabling the logging of neighbor state changes
- 317 Configuring OSPFv3 GR
- 318 Configuring GR Restarter
- 318 Configuring GR Helper
- 318 Configuring BFD for OSPFv3
- 319 Displaying and maintaining OSPFv3
- 320 OSPFv3 configuration examples
- 320 Configuring OSPFv3 areas
- 320 Network requirements
- 320 Configuration procedure
- 324 Configuring OSPFv3 DR election
- 324 Network requirements
- 324 Configuration procedure
- 327 Configuring OSPFv3 route redistribution
- 327 Network requirements
- 327 Configuration procedure
- 330 Configuring OSPFv3 GR
- 330 Network requirements
- 330 Configuration procedure
- 331 Verifying the configuration
- 331 Configuring BFD for OSPFv3
- 331 Network requirements
- 331 Configuration procedure
- 333 Verifying the configuration
- 334 Configuring IPv6 IS-IS
- 334 Overview
- 334 Configuring basic IPv6 IS-IS
- 335 Configuring IPv6 IS-IS route control
- 336 Configuring BFD for IPv6 IS-IS
- 336 Displaying and maintaining IPv6 IS-IS
- 337 IPv6 IS-IS configuration examples
- 337 IPv6 IS-IS basic configuration example
- 337 Network requirements
- 337 Configuration procedure
- 338 Verifying the configuration
- 341 BFD for IPv6 IS-IS configuration example
- 341 Network requirements
- 341 Configuration procedure
- 342 Verifying the configuration
- 344 Configuring IPv6 PBR
- 344 Introduction to IPv6 PBR
- 344 Policy
- 344 if-match clause
- 344 apply clause
- 344 Relationship between the match mode and clauses on the node
- 345 PBR and track
- 345 IPv6 PBR configuration task list
- 345 Configuring an IPv6 policy
- 345 Creating an IPv6 node
- 345 Configuring match criteria for an IPv6 node
- 346 Configuring actions for an IPv6 node
- 346 Configuring IPv6 PBR
- 346 Displaying and maintaining IPv6 PBR
- 347 Packet type-based IPv6 interface PBR configuration example
- 347 Network requirements
- 347 Configuration procedure
- 348 Verifying the configuration
- 349 Configuring routing policies
- 349 Overview
- 349 Filters
- 349 ACL
- 349 IP prefix list
- 349 AS path list
- 349 Community list
- 349 Extended community list
- 350 Routing policy
- 350 Configuring filters
- 350 Configuration prerequisites
- 350 Configuring an IP prefix list
- 350 Configuring an IPv4 prefix list
- 351 Configuring an IPv6 prefix list
- 351 Configuring an AS path list
- 351 Configuring a community list
- 352 Configuring an extended community list
- 352 Configuring a routing policy
- 352 Configuration prerequisites
- 352 Creating a routing policy
- 353 Configuring if-match clauses
- 354 Configuring apply clauses
- 355 Configuring a continue clause
- 356 Displaying and maintaining the routing policy
- 356 Routing policy configuration examples
- 356 Applying a routing policy to IPv4 route redistribution
- 356 Network Requirements
- 357 Configuration procedure
- 359 Applying a routing policy to IPv6 route redistribution
- 359 Network requirements
- 359 Configuration procedure
- 360 Verifying the configuration
- 362 Support and other resources
- 362 Contacting HP
- 362 Subscription service
- 362 Related information
- 362 Documents
- 362 Websites
- 363 Conventions
- 363 Command conventions
- 363 GUI conventions
- 363 Symbols
- 364 Network topology icons
- 364 Port numbering in examples
- 365 Index