1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
|
.. include:: /_include/need_improvement.txt
.. _routing-isis:
#####
IS-IS
#####
:abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state
interior gateway protocol (IGP) which is described in ISO10589,
:rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF)
algorithm to create a database of the network’s topology, and
from that database to determine the best (that is, lowest cost) path to a
destination. The intermediate systems (the name for routers) exchange topology
information with their directly conencted neighbors. IS-IS runs directly on
the data link layer (Layer 2). IS-IS addresses are called
:abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are
generally 10 bytes long. The tree database that is created with IS-IS is
similar to the one that is created with OSPF in that the paths chosen should
be similar. Comparisons to OSPF are inevitable and often are reasonable ones
to make in regards to the way a network will respond with either IGP.
*******
General
*******
Configuration
=============
Mandatory Settings
------------------
For IS-IS top operate correctly, one must do the equivalent of a Router ID in
CLNS. This Router ID is called the :abbr:`NET (Network Entity Title)`. This
must be unique for each and every router that is operating in IS-IS. It also
must not be duplicated otherwise the same issues that occur within OSPF will
occur within IS-IS when it comes to said duplication.
.. cfgcmd:: set protocols isis net <network-entity-title>
This commad sets network entity title (NET) provided in ISO format.
Here is an example :abbr:`NET (Network Entity Title)` value:
.. code-block:: none
49.0001.1921.6800.1002.00
The CLNS address consists of the following parts:
* :abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value
49 is what IS-IS uses for private addressing.
* Area identifier: ``0001`` IS-IS area number (numberical area ``1``)
* System identifier: ``1921.6800.1002`` - for system idetifiers we recommend
to use IP address or MAC address of the router itself. The way to construct
this is to keep all of the zeroes of the router IP address, and then change
the periods from being every three numbers to every four numbers. The
address that is listed here is ``192.168.1.2``, which if expanded will turn
into ``192.168.001.002``. Then all one has to do is move the dots to have
four numbers instead of three. This gives us ``1921.6800.1002``.
* :abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This
setting indicates "this system" or "local system."
.. cfgcmd:: set protocols isis interface <interface>
This command enables IS-IS on this interface, and allows for
adjacency to occur. Note that the name of IS-IS instance must be
the same as the one used to configure the IS-IS process.
IS-IS Global Configuration
--------------------------
.. cfgcmd:: set protocols isis dynamic-hostname
This command enables support for dynamic hostname TLV. Dynamic hostname
mapping determined as described in :rfc:`2763`, Dynamic Hostname
Exchange Mechanism for IS-IS.
.. cfgcmd:: set protocols isis level <level-1|level-1-2|level-2>
This command defines the IS-IS router behavior:
* **level-1** - Act as a station (Level 1) router only.
* **level-1-2** - Act as a station (Level 1) router and area (Level 2) router.
* **level-2-only** - Act as an area (Level 2) router only.
.. cfgcmd:: set protocols isis lsp-mtu <size>
This command configures the maximum size of generated
:abbr:`LSPs (Link State PDUs)`, in bytes. The size range is 128 to 4352.
.. cfgcmd:: set protocols isis metric-style <narrow|transition|wide>
This command sets old-style (ISO 10589) or new style packet formats:
* **narrow** - Use old style of TLVs with narrow metric.
* **transition** - Send and accept both styles of TLVs during transition.
* **wide** - Use new style of TLVs to carry wider metric.
.. cfgcmd:: set protocols isis purge-originator
This command enables :rfc:`6232` purge originator identification. Enable
purge originator identification (POI) by adding the type, length and value
(TLV) with the Intermediate System (IS) identification to the LSPs that do
not contain POI information. If an IS generates a purge, VyOS adds this TLV
with the system ID of the IS to the purge.
.. cfgcmd:: set protocols isis set-attached-bit
This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`.
.. cfgcmd:: set protocols isis set-overload-bit
This command sets overload bit to avoid any transit traffic through this
router. It is described in :rfc:`3787`.
.. cfgcmd:: set protocols isis name default-information originate <ipv4|ipv6>
level-1
This command will generate a default-route in L1 database.
.. cfgcmd:: set protocols isis name default-information originate <ipv4|ipv6>
level-2
This command will generate a default-route in L2 database.
.. cfgcmd:: set protocols isis ldp-sync
This command will enable IGP-LDP synchronization globally for ISIS. This
requires for LDP to be functional. This is described in :rfc:`5443`. By
default all interfaces operational in IS-IS are enabled for synchronization.
Loopbacks are exempt.
.. cfgcmd:: set protocols isis ldp-sync holddown <seconds>
This command will change the hold down value globally for IGP-LDP
synchronization during convergence/interface flap events.
Interface Configuration
-----------------------
.. cfgcmd:: set protocols isis interface <interface> circuit-type
<level-1|level-1-2|level-2-only>
This command specifies circuit type for interface:
* **level-1** - Level-1 only adjacencies are formed.
* **level-1-2** - Level-1-2 adjacencies are formed
* **level-2-only** - Level-2 only adjacencies are formed
.. cfgcmd:: set protocols isis interface <interface> hello-interval
<seconds>
This command sets hello interval in seconds on a given interface.
The range is 1 to 600.
.. cfgcmd:: set protocols isis interface <interface> hello-multiplier
<seconds>
This command sets multiplier for hello holding time on a given
interface. The range is 2 to 100.
.. cfgcmd:: set protocols isis interface <interface> hello-padding
This command configures padding on hello packets to accommodate asymmetrical
maximum transfer units (MTUs) from different hosts as described in
:rfc:`3719`. This helps to prevent a premature adjacency Up state when one
routing devices MTU does not meet the requirements to establish the adjacency.
.. cfgcmd:: set protocols isis interface <interface> metric <metric>
This command set default metric for circuit.
The metric range is 1 to 16777215 (Max value depend if metric support narrow
or wide value).
.. cfgcmd:: set protocols isis interface <interface> network
point-to-point
This command specifies network type to Point-to-Point. The default
network type is broadcast.
.. cfgcmd:: set protocols isis interface <interface> passive
This command configures the passive mode for this interface.
.. cfgcmd:: set protocols isis interface <interface> password
plaintext-password <text>
This command configures the authentication password for the interface.
.. cfgcmd:: set protocols isis interface <interface> priority <number>
This command sets priority for the interface for
:abbr:`DIS (Designated Intermediate System)` election. The priority
range is 0 to 127.
.. cfgcmd:: set protocols isis interface <interface> psnp-interval
<number>
This command sets PSNP interval in seconds. The interval range is 0
to 127.
.. cfgcmd:: set protocols isis interface <interface>
no-three-way-handshake
This command disables Three-Way Handshake for P2P adjacencies which
described in :rfc:`5303`. Three-Way Handshake is enabled by default.
.. cfgcmd:: set protocols isis interface <interface> ldp-sync disable
This command disables IGP-LDP sync for this specific interface.
.. cfgcmd:: set protocols isis interface <interface> ldp-sync holddown
<seconds>
This command will change the hold down value for IGP-LDP synchronization
during convergence/interface flap events, but for this interface only.
Route Redistribution
--------------------
.. cfgcmd:: set protocols isis redistribute ipv4 <route source> level-1
This command redistributes routing information from the given route source
into the ISIS database as Level-1. There are six modes available for route
source: bgp, connected, kernel, ospf, rip, static.
.. cfgcmd:: set protocols isis redistribute ipv4 <route source> level-2
This command redistributes routing information from the given route source
into the ISIS database as Level-2. There are six modes available for route
source: bgp, connected, kernel, ospf, rip, static.
.. cfgcmd:: set protocols isis redistribute ipv4 <route source>
<level-1|level-2> metric <number>
This command specifies metric for redistributed routes from the given route
source. There are six modes available for route source: bgp, connected,
kernel, ospf, rip, static. The metric range is 1 to 16777215.
.. cfgcmd:: set protocols isis redistribute ipv4 <route source>
<level-1|level-2> route-map <name>
This command allows to use route map to filter redistributed routes from
the given route source. There are six modes available for route source:
bgp, connected, kernel, ospf, rip, static.
Timers
------
.. cfgcmd:: set protocols isis lsp-gen-interval <seconds>
This command sets minimum interval in seconds between regenerating same
LSP. The interval range is 1 to 120.
.. cfgcmd:: set protocols isis lsp-refresh-interval <seconds>
This command sets LSP refresh interval in seconds. IS-IS generates LSPs
when the state of a link changes. However, to ensure that routing
databases on all routers remain converged, LSPs in stable networks are
generated on a regular basis even though there has been no change to
the state of the links. The interval range is 1 to 65235. The default
value is 900 seconds.
.. cfgcmd:: set protocols isis max-lsp-lifetime <seconds>
This command sets LSP maximum LSP lifetime in seconds. The interval range
is 350 to 65535. LSPs remain in a database for 1200 seconds by default.
If they are not refreshed by that time, they are deleted. You can change
the LSP refresh interval or the LSP lifetime. The LSP refresh interval
should be less than the LSP lifetime or else LSPs will time out before
they are refreshed.
.. cfgcmd:: set protocols isis spf-interval <seconds>
This command sets minimum interval between consecutive SPF calculations in
seconds.The interval range is 1 to 120.
.. cfgcmd:: set protocols isis spf-delay-ietf holddown <milliseconds>
.. cfgcmd:: set protocols isis spf-delay-ietf init-delay
<milliseconds>
.. cfgcmd:: set protocols isis spf-delay-ietf long-delay
<milliseconds>
.. cfgcmd:: set protocols isis spf-delay-ietf short-delay
<milliseconds>
.. cfgcmd:: set protocols isis spf-delay-ietf time-to-learn
<milliseconds>
This commands specifies the Finite State Machine (FSM) intended to
control the timing of the execution of SPF calculations in response
to IGP events. The process described in :rfc:`8405`.
Loop Free Alternate (LFA)
-------------------------
.. cfgcmd:: set protocols isis fast-reroute lfa remote prefix-list <name>
<level-1|level-2>
This command enables IP fast re-routing that is part of :rfc:`5286`.
Specifically this is a prefix list which references a prefix in which
will select eligible PQ nodes for remote LFA backups.
.. cfgcmd:: set protocols isis fast-reroute lfa local load-sharing disable
<level-1|level-2>
This command disables the load sharing across multiple LFA backups.
.. cfgcmd:: set protocols isis fast-reroute lfa local tiebreaker
<downstream|lowest-backup-metric|node-protecting> index <number>
<level-1|level-2>
This command will configure a tie-breaker for multiple local LFA backups.
The lower index numbers will be processed first.
.. cfgcmd:: set protocols isis fast-reroute lfa local priority-limit
<medium|high|critical> <level-1|level-2>
This command will limit LFA backup computation up to the specified
prefix priority.
********
Examples
********
Enable IS-IS
============
**Node 1:**
.. code-block:: none
set interfaces loopback lo address '192.168.255.255/32'
set interfaces ethernet eth1 address '192.0.2.1/24'
set protocols isis interface eth1
set protocols isis interface lo
set protocols isis net '49.0001.1921.6825.5255.00'
**Node 2:**
.. code-block:: none
set interfaces ethernet eth1 address '192.0.2.2/24'
set interfaces loopback lo address '192.168.255.254/32'
set interfaces ethernet eth1 address '192.0.2.2/24'
set protocols isis interface eth1
set protocols isis interface lo
set protocols isis net '49.0001.1921.6825.5254.00'
This gives us the following neighborships, Level 1 and Level 2:
.. code-block:: none
Node-1@vyos:~$ show isis neighbor
Area VyOS:
System Id Interface L State Holdtime SNPA
vyos eth1 1 Up 28 0c87.6c09.0001
vyos eth1 2 Up 28 0c87.6c09.0001
Node-2@vyos:~$ show isis neighbor
Area VyOS:
System Id Interface L State Holdtime SNPA
vyos eth1 1 Up 29 0c33.0280.0001
vyos eth1 2 Up 28 0c33.0280.0001
Here's the IP routes that are populated. Just the loopback:
.. code-block:: none
Node-1@vyos:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I 192.0.2.0/24 [115/20] via 192.0.2.2, eth1 inactive, weight 1, 00:02:22
I>* 192.168.255.254/32 [115/20] via 192.0.2.2, eth1, weight 1, 00:02:22
Node-2@vyos:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I 192.0.2.0/24 [115/20] via 192.0.2.1, eth1 inactive, weight 1, 00:02:21
I>* 192.168.255.255/32 [115/20] via 192.0.2.1, eth1, weight 1, 00:02:21
Enable IS-IS and redistribute routes not natively in IS-IS
==========================================================
**Node 1:**
.. code-block:: none
set interfaces dummy dum0 address '203.0.113.1/24'
set interfaces ethernet eth1 address '192.0.2.1/24'
set policy prefix-list EXPORT-ISIS rule 10 action 'permit'
set policy prefix-list EXPORT-ISIS rule 10 prefix '203.0.113.0/24'
set policy route-map EXPORT-ISIS rule 10 action 'permit'
set policy route-map EXPORT-ISIS rule 10 match ip address prefix-list 'EXPORT-ISIS'
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6800.1002.00'
set protocols isis redistribute ipv4 connected level-2 route-map 'EXPORT-ISIS'
**Node 2:**
.. code-block:: none
set interfaces ethernet eth1 address '192.0.2.2/24'
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6800.2002.00'
Routes on Node 2:
.. code-block:: none
Node-2@r2:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
I 203.0.113.0/24 [115/10] via 192.0.2.1, eth1, 00:03:42
Enable IS-IS and IGP-LDP synchronization
========================================
**Node 1:**
.. code-block:: none
set interfaces loopback lo address 192.168.255.255/32
set interfaces ethernet eth0 address 192.0.2.1/24
set protocols isis interface eth0
set protocols isis interface lo passive
set protocols isis ldp-sync
set protocols isis net 49.0001.1921.6825.5255.00
set protocols mpls interface eth0
set protocols mpls ldp discovery transport-ipv4-address 192.168.255.255
set protocols mpls ldp interface lo
set protocols mpls ldp interface eth0
set protocols mpls ldp parameters transport-prefer-ipv4
set protocols mpls ldp router-id 192.168.255.255
This gives us IGP-LDP synchronization for all non-loopback interfaces with
a holddown timer of zero seconds:
.. code-block:: none
Node-1@vyos:~$ show isis mpls ldp-sync
eth0
LDP-IGP Synchronization enabled: yes
holddown timer in seconds: 0
State: Sync achieved
Enable IS-IS with Segment Routing (Experimental)
================================================
**Node 1:**
.. code-block:: none
set interfaces loopback lo address '192.168.255.255/32'
set interfaces ethernet eth1 address '192.0.2.1/24'
set protocols isis interface eth1
set protocols isis interface lo
set protocols isis net '49.0001.1921.6825.5255.00'
set protocols isis segment-routing global-block high-label-value '599'
set protocols isis segment-routing global-block low-label-value '550'
set protocols isis segment-routing prefix 192.168.255.255/32 index value '1'
set protocols isis segment-routing prefix 192.168.255.255/32 index explicit-null
set protocols mpls interface 'eth1'
**Node 2:**
.. code-block:: none
set interfaces loopback lo address '192.168.255.254/32'
set interfaces ethernet eth1 address '192.0.2.2/24'
set protocols isis interface eth1
set protocols isis interface lo
set protocols isis net '49.0001.1921.6825.5254.00'
set protocols isis segment-routing global-block high-label-value '599'
set protocols isis segment-routing global-block low-label-value '550'
set protocols isis segment-routing prefix 192.168.255.254/32 index value '2'
set protocols isis segment-routing prefix 192.168.255.254/32 index explicit-null
set protocols mpls interface 'eth1'
This gives us MPLS segment routing enabled and labels for far end loopbacks:
.. code-block:: none
Node-1@vyos:~$ show mpls table
Inbound Label Type Nexthop Outbound Label
----------------------------------------------------------------------
552 SR (IS-IS) 192.0.2.2 IPv4 Explicit Null <-- Node-2 loopback learned on Node-1
15000 SR (IS-IS) 192.0.2.2 implicit-null
15001 SR (IS-IS) fe80::e87:6cff:fe09:1 implicit-null
15002 SR (IS-IS) 192.0.2.2 implicit-null
15003 SR (IS-IS) fe80::e87:6cff:fe09:1 implicit-null
Node-2@vyos:~$ show mpls table
Inbound Label Type Nexthop Outbound Label
---------------------------------------------------------------------
551 SR (IS-IS) 192.0.2.1 IPv4 Explicit Null <-- Node-1 loopback learned on Node-2
15000 SR (IS-IS) 192.0.2.1 implicit-null
15001 SR (IS-IS) fe80::e33:2ff:fe80:1 implicit-null
15002 SR (IS-IS) 192.0.2.1 implicit-null
15003 SR (IS-IS) fe80::e33:2ff:fe80:1 implicit-null
Here is the routing tables showing the MPLS segment routing label operations:
.. code-block:: none
Node-1@vyos:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I 192.0.2.0/24 [115/20] via 192.0.2.2, eth1 inactive, weight 1, 00:07:48
I>* 192.168.255.254/32 [115/20] via 192.0.2.2, eth1, label IPv4 Explicit Null, weight 1, 00:03:39
Node-2@vyos:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I 192.0.2.0/24 [115/20] via 192.0.2.1, eth1 inactive, weight 1, 00:07:46
I>* 192.168.255.255/32 [115/20] via 192.0.2.1, eth1, label IPv4 Explicit Null, weight 1, 00:03:43
|
