Multilevel IS-IS Networks

Advanced Junos
Multilevel IS-IS Networks

Service Provider Routing
LY
N
O
SE
U
AL
N
R
TE
IN
LY
N
O
SE
U
AL
IS-IS Level 2 Operation

N
The IS-IS protocol advertises either a Level 1 LSP or a Level 2 LSP for each adjacency formed with a neighbor. The type of
LSP advertised depends on the level at which the adjacency is formed.
R
Also recall that an IS-IS Level 1 LSP can be flooded only within a specific area because a Level 1 adjacency cannot form
across an area boundary. Level 2 LSPs include the routing information carried in Level 1 LSPs, which results in the L2
TE
backbone knowing routes for all areas and levels.

In the example on the slide, routing information from all routers is present in all databases in the network. The presence of a
single L2 database shared by all routers occurs because all of the adjacencies in the network are at Level 2, and Level 2
LSPs are flooded both within, and across, IS-IS area boundaries.
IN
2 www.juniper.net
LY
N
O
SE
U
AL
IS-IS Level 1 Operation

N
This slide details a single area Level 1 IS-IS network. In this example, all routers in the network share a Level 1 database
containing identical information. The presence of a common Level 1 database in all routers occurs in this case because all
R
adjacencies are Level 1 in nature, and all routers are within the same IS-IS area (49.4444). Level 1 LSP flooding will reach all
routers in the network because of the single area.
TE
IN
www.juniper.net 3
LY
N
O
SE
U
AL
Multilevel IS-IS Operation

N
In this example, routing information for each router is present in all Level 2 databases in the network. This routing
information is present because Level 1 routing information is summarized at the L1/L2 boundary and flooded throughout
R
the Level 2 backbone in Level 2 link-state protocol data units (PDUs). The Level 1 routers within each Level 1 area have a
single Level 1 database that contains routing information for that area only. The Level 1 routers use the attached bit in an
advertised Level 1 link-state PDU (LSP) to install a local default route. The Level 1 router forwards packets to the metrically
TE
closest attached router when routing to destinations outside of their Level 1 area.
Level 1 routers are isolated from routing changes in other areas, and summarization of Level 1 information prevents Level 2
routers from having to perform a full SPF calculation for topology changes within a Level 1 area. This isolation and
summarization of routing information improves the scalability of a multilevel IS-IS network.
IN
4 www.juniper.net
LY
N
O
SE
U
AL
Multilevel IS-IS Operation Is Similar to OSPF NSSA

N
You can readily compare the operation of a multiarea IS-IS network to an OSPF not-so-stubby area (NSSA) with the
no-summaries and default-metric options configured. In a multiarea IS-IS network, each Level 1 IS-IS router has
R
complete routing knowledge of the routes local to its Level 1 area only. Level 1 routers reach other IS-IS destinations by using
a 0.0.0.0/0 default route generated by the detection of L1/L2 attached routers. As with an OSPF NSSA, you can inject
external routing information into the Level 1 area. The Level 2 LSPs of the attached routers in the area advertise the internal
TE
Level 1 routes to other IS-IS Level 2 areas.
L1/L2 Border Router Is a Natural Boundary

IN
Although a Level 2 LSP advertises all Level 1 internal routes, routing information for the Level 2 backbone is constrained by
the L1/L2-attached router. Thus, Level 2 routes are not advertised into the Level 1 area by default; hence the need for a
default route in the Level 1 area. Level 1 routes advertised as external routes into Level 1 are not advertised to any Level 2
routers by default; routing policy is needed to effect the leaking of Level 1 externals into the L2 backbone. Note that the use
of wide-metrics-only alters the natural L1/L2 boundary in that routes are no longer distinguishable as being internal
or external. The use of wide metrics therefore results in the automatic leaking of all Level 1 routes into Level 2, because they
will all appear to be internal routes.
Continued on next page.
www.juniper.net 5
L2 Routers Set the Attached Bit
To provide interarea reachability for Level 1 routers, an L1/L2 router with a Level 2 adjacency to a router in another area sets
its attached bit in its Level 1 LSPs. Level 1 routers install a 0.0.0.0/0 default route to the metrically closest attached router
when they detect Level 1 LSPs with the attached bit set. Note that while each possible metric type (default, delay, expense,
and error) is associated with its own attached bit, the Junos OS supports only the default metric type.
You can disable the generation of a default route by including the ignore-attached-bit statement at the [edit
protocols isis] configuration hierarchy.
LY
N
O
SE
U
AL
N
R
TE
IN
6 www.juniper.net
LY
N
O
SE
U
AL
Ignoring the Attached Bit

N
In some corner situations you might want to prevent the installation of a default route based on the presence of Level 1 LSPs
with attached bits. The slide provides an example of one such application in which a multilevel IS-IS network with Level 2 to
R
Level 1 route leaking in place.

Because the leaking of Level 2 routing information into the Level 1 areas provides all routers with complete IS-IS routing
TE
information, a default route is no longer needed for routing to destinations outside of a given Level 1 area. Because the goal
of a multilevel IS-IS design is normally to reduce database size for routers in Level 1 areas, you might ask yourself why
someone would design a multilevel IS-IS topology only to leak Level 2 routes into Level 1.
In this example, the network operator wants to leverage the built-in LSP flooding scope of a multilevel IS-IS network to
IN
provide some level of isolation in the event that a malformed LSP is generated. For example, if a malformed Level 1 LSP is
generated in area 49.7777, this LSP will not be flooded into the Level 2 backbone (the contents of Level 1 LSPs are
repackaged into a Level 2 LSP for submission to the Level 2 backbone by an attached router, but the Level 1 LSP itself is not
flooded into Level 2).
Another application for the ignore-attached-bit option relates to the fact that using the metrically closest attached
router might not always yield optimal interarea routing. In these cases it might be desirable to use a locally defined static or
generated route, in which case the IS-IS derived default route might no longer be needed.
www.juniper.net 7
LY
N
O
SE
U
AL
IS-IS Interfaces Operate in L1/L2 Mode

N
The default operation of the IS-IS protocol within the Junos OS is to enable both Level 1 and Level 2 capabilities for all
interfaces. This default behavior is designed to promote connectivity with all neighbors. If an adjacency can be formed
R
between two routers, it will. One consequence of this default, however, is that you might form both a Level 1 and a Level 2
relationship with a given neighbor, which results in two separate adjacencies and two separate LSP flooding topologies.
TE
To disable the operation of a particular level on an interface, use the disable keyword as shown on the slide. The so-0/
0/0.0 interface only operates at Level 2, and the ge-0/1/0.0 interface only operates at Level 1. As a shortcut, you can
disable all Level 1 or Level 2 processing on the router, which will result in all interfaces being Level 2, or Level 1, respectively.
For example, the set protocols isis level 1 disable statement will result in all interfaces operating at Level 2
only.
IN
We recommend that you explicitly configure the lo0.0 interface within the IS-IS protocol, even when the router's network
entity title (NET) is assigned to another interface. Although its omission does not harm the operational aspects of IS-IS
(adjacencies still form), the IP address configured on the lo0 interface will not be advertised in TLV 128 or TLV 135, making
the loopback address unreachable. Note that in most cases you must run the IS-IS protocol on the lo0 interface for proper
operation because the router’s NET is normally assigned to loopback interface for resiliency reasons.
Because the loopback interface operates in passive mode, you do not need to disable a particular level on that interface. By
default, the IP address on the interface is advertised in both the Level 1 and Level 2 LSPs generated by the router. You can
restrict the advertisement of the router’s loopback address in a particular level by disabling that level in the lo0.0
statement in the isis stanza.
8 www.juniper.net
LY
N
O
SE
U
AL
Case Study: Route Leaking

N
As previously discussed, Level 2 routes are not advertised into Level 1 areas by default. In this example, the network
operator wants to advertise, or leak, Level 2 routes into Area 49.0001. This action will require a routing policy on R2, the L1/
R
L2 area border router (ABR), specifying that the matching routes are Level 2 and will be advertised in Level1.
TE
IN
www.juniper.net 9
LY
N
O
SE
U
AL
Policy Used to Advertise Routes

N
Because the L1/L2 border router naturally stops the transmission of Level 2 routes into a Level 1 area, it is the logical
location to override that default. You can accomplish this goal with a Junos routing policy.
R
You configure this policy within the [edit policy-options] configuration hierarchy, and then apply the policy to the
IS-IS instance at the global IS-IS level, that is, [edit protocols isis].
TE
In the example on the slide, the match criterion within the route-leak policy is all IS-IS routes within the subnet
192.168.16.0/20 that are currently Level 2 routes and are eligible to be sent to Level 1. Once these routes are found, the
configured action is to accept these routes. The use of the from and to keywords allows granular control about the desired
direction of route leaking.
IN
Once the routing policy is exported into the IS-IS protocol, the Level 2 routes are inserted into the Level 1 LSP of the L1/L2
border router and are advertised into the Level 1 area.
Recall from a previous slide that the L1/L2 border router also blocks external Level 1 routes from being advertised into Level
2. A similar policy is used to advertise Level 1 external routes into the Level 2 backbone. This new policy simply reverses the
Level 2 and Level 1 notations and makes use of an appropriate route filter statement. Once you apply this policy, the external
routes are included in the Level 2 LSPs.
10 www.juniper.net
LY
N
O
SE
U
AL
Up/Down Bit Prevents Looping

N
Previous slides described the default action of an L1/L2 router with regard to the advertisement of internal Level 1 routes
within its Level 2 LSP. Conceptually, the policy referenced on the slide could interact with this default action to create a
R
routing loop.
For example, consider the case illustrated on the slide. If R1 has a policy to advertise Level 2 routes into Level 1, then R1 will
TE
include the Level 2 routes in its Level 1 LSP. As this LSP is flooded throughout the Level 2 area, it eventually arrives at R2. R2
has a policy in place that will leak Level 2 LSPs into its Level 1. Eventually, this information makes it way around to R4. If R4
advertises the Level 2 routes back into Level 2, a routing loop can form.
The potential for route leaking-induced routing loops is averted by a bit in the LSP known as the
IN
up/down (U/D) bit. The purpose of this bit is to inform the L1/L2 routers whether a configured policy can advertise a route.
Only routes marked with the up direction are eligible for advertisement from Level 1 to Level 2. All internal Level 1 routes will
have the up/down bit set in this manner. If the
up/down bit is set to down, the route has already been leaked from Level 2 into a Level 1 area and, as such, the route cannot
be sent back into the Level 2 backbone by R4.
www.juniper.net 11
LY
N
O
SE
U
AL
Summarize Routes at the L1/L2 Router

N
Routes that are naturally bound by the L1/L2 border router are eligible for route summarization. These routes include
external Level 1 routes and Level 2 routes from other IS-IS areas. In addition, you can also summarize internal Level 1 routes
R
that are normally advertised into Level 2 automatically.

TE
Create an Aggregate Route and Advertise It with Policy

No concept of an area-range command exists in IS-IS. To summarize routes, you must create an aggregate route on the
L1/L2 border router within the [edit routing-options] hierarchy that encompasses the routes you want to
summarize.
IN
To advertise the aggregate route, you create a policy similar to the example shown on the slide. This policy is applied as an
export to the IS-IS instance at the global [edit protocols isis] level. In this example, the goal is to advertise a
172.16.20.0/22 aggregate into the Level 2 backbone to represent Level 1 external routing information in the Level 1 area.
When summarizing routes from one level into another, you might need to alter the default IS-IS export policy to ensure that
specific prefixes are not advertised along with the corresponding aggregate. You can accomplish the altering of the export
policy with a reject action associated with a route filter that will match on the specific routes in question.
12 www.juniper.net
LY
N
O
SE
U
AL
Internal Level 1 Route Summarization

N
Internal Level 1 routes are automatically advertised in a Level 2 LSP into the Level 2 backbone. The Junos OS provides a
method for altering this default action with a routing policy. The example on the slide shows that the Level 1 Area 49.0001
R
contains multiple internal routes within the 10.0.4.0/22 address space. These routes are currently advertised individually to
R3, as shown in the following output:
TE
user@R3# show route 10.0.4/22
inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both
IN
10.0.4.12/30 *[IS-IS/18] 00:28:50, metric 20

> to 10.0.2.2 via ge-0/2/1.0
10.0.5.0/24 *[IS-IS/18] 00:28:50, metric 30
> to 10.0.2.2 via ge-0/2/1.0
10.0.6.1/32 *[IS-IS/18] 00:28:50, metric 20
> to 10.0.2.2 via ge-0/2/1.0
Administratively, we want to suppress these specific internal Level 1 routes while advertising a single 10.0.4.0/22 summary
in their place. We accomplish this configuration by using a combination of a routing policy and a local aggregate route
defined on R2.
www.juniper.net 13
LY
N
O
SE
U
AL
Level 1 Route Summarization Policy

N
The sample policy shown on the slide meets our administrative requirements of advertising only a single summary route for
the internal Level 1 routes. The first term in the policy matches and accepts the locally defined summary route on R2 for
R
advertisement to the Level 2 backbone. The second policy term serves to override the default IS-IS export policy for routes
matching the 10.0.4.0/22 route filter. It specifies that these routes will not be advertised to R3 in the Level 2 LSP generated
by R2.
TE
After applying the internal-L1-summary-route policy as an export policy in R2’s IS-IS instance, we can confirm its
success on R3:
user@R3# show route 10.0.4/22
IN

10.0.4.0/22 *[IS-IS/165] 00:00:20, metric 20

> to 10.0.2.2 via ge-0/2/1.0
14 www.juniper.net
LY
N
O
SE
U
AL
Apply Export Policy at Global Level of the IS-IS Instance

N
One or more export policies can be applied at the global level of an IS-IS instance, as shown on the slide. Both the
external-L1-summary-route and internal-L1-summary-route policies will be used to control the routes
R
advertised by the local router.

When wanted, you can apply multiple export policies to the same IS-IS instance. The same effect is normally possible
TE
through the use of a single policy containing multiple terms, but in some cases it might be easier to reuse existing policies in
such a manner. Note that normal policy processing will proceed from left to right, and that policy processing will terminate
once a given route meets with either an accept or reject action.
IN
www.juniper.net 15
LY
N
O
SE
U
AL
Case Study: Route Leaking and Summarization—Part 1

N
This slide shows the sample topology used for this case study. Current highlights include the following:
R
• There are three separate IS-IS Level 1 areas, with three routers per area.
• The R3, R5, and R7 routers are connected through IS-IS Level 2 connections.
TE
• Three different sets of external routes are introduced through the R2, R6, and R8 routers.
• No route leaking or summarization is currently configured. That is, default IS-IS behavior is in effect.
IN
16 www.juniper.net
LY
N
O
SE
U
AL

N
First, we verify default IS-IS behavior is occurring on an arbitrary Level 2 router—R3 in this case. The sample shows that R3
has visibility to external routes originating in its own Level 1 area. Moreover, because it’s a Level 2 router connected to the
R
other Level 2 routers, it has visibility to all loopbacks and interconnect routes from all three areas. Outputs from the other
Level 2 routers, R5 and R7, would be similar.
TE
IN
www.juniper.net 17
LY
N
O
SE
U
AL

N
This slide shows sample output from the viewpoint of an arbitrary Level 1 router—the R1 router, in this case. The R1 router
has specific routes to only the loopbacks, interconnects, and external routes in its area. Compared to the R3 router, the R1
R
router appears to have limited visibility. However, this isn’t the case as it can reach the other area loopbacks and
interconnect routes through the default route installed because of the attached bit it receives from the R3 Level 2 router.
This functionality does not apply to the external routes from the other areas, though. Outputs from the other Level 1 routers
TE
in the network would be similar. You can see the attached bit attribute in the following output.
user@R1> show isis database
IS-IS level 1 link-state database:
IN
LSP ID Sequence Checksum Lifetime Attributes

mxA-1-R1.00-00 0x1c 0xb0ec 1191 L1 L2
mxA-1-R2.00-00 0x21 0x5342 644 L1 L2
mxA-1-R3.00-00 0x1b 0x57b 388 L1 L2 Attached
3 LSPs
IS-IS level 2 link-state database:

LSP ID Sequence Checksum Lifetime Attributes
mxA-1-R1.00-00 0x1d 0xc117 940 L1 L2
1 LSPs
18 www.juniper.net
LY
N
O
SE
U
AL

N
Now that we’ve established a default IS-IS behavior baseline, let’s leak some routes from all Level 1 areas to our Level 2
area. As mentioned previously, route leaking is accomplished, in IS-IS, through the use of a policy. As shown in the slide, the
R
same policy is created and applied to each of the Level 2 routers (R3, R5, and R7).
TE
IN
www.juniper.net 19
LY
N
O
SE
U
AL

N
The slide shows the results of our changes. The R3 router now has specific routes for all the external routes in the Level 1
areas. Routers R5 and R7 would see similar changes. All Level 1 routers’ routing tables remain unchanged. We show a
R
sample output from R1 on slide.

TE
IN
20 www.juniper.net
LY
N
O
SE
U
AL

N
To leak routes from Level 2 to Level 1, the same type of policy is used. Of course, the levels are switched in this policy. Note
that you can export multiple policies under IS-IS but, as an alternative, you could write a single policy with multiple terms. As
R
before, the policy is applied on the R3, R5, and R7 Level 2 routers.
TE
IN
www.juniper.net 21
LY
N
O
SE
U
AL

N
The slides shows the changes to the R1 router which now has specific routes to all external routes, loopbacks, and
interconnects. That is, there is no more reliance on the 0/0 default route as shown in the following output.
R
user@R1> show route 192.168.0.9

TE
192.168.0.9/32 *[IS-IS/18] 00:30:29, metric 30

> to 10.0.1.1 via ge-1/1/7.0
IN
You could use the ignore-attached-bit option on R1 (or any Level 1 router) to remove the default route from the table.
[edit]
user@R1# set protocols isis ignore-attached-bit
[edit]
user@R1# commit
commit complete
[edit]
user@R1# run show route 0/0 exact
[edit]
user@R1#
22 www.juniper.net
LY
N
O
SE
U
AL

N
Unlike OSPF, there is no area-range statement to summarize routes in IS-IS. To summarize routes in IS-IS requires a three
step process: creating an aggregate route, creating a matching policy, and then exporting that policy into IS-IS. The slide
R
example shows how to do this from the R3 router. Similar policy would be created and applied on R5 and R7. The following
output shows an abbreviated view of R3’s routing table. Note that the /24 addresses from Area 49.0002 and Area 49.0003
are gone and only the /22 summary route is visible. As before, outputs on R5 and R7 would be similar.
TE
user@R3> show route terse table inet.0

IN
A V Destination P Prf Metric 1 Metric 2 Next hop AS path

* ? 1.1.0.0/22 A 130 Reject
* ? 1.1.0.0/24 I 160 10 >10.0.1.10
* ? 1.1.1.0/24 I 160 10 >10.0.1.10
* ? 1.1.2.0/24 I 160 10 >10.0.1.10
* ? 1.1.3.0/24 I 160 10 >10.0.1.10
* ? 2.2.0.0/22 I 165 20 >10.0.10.2
* ? 3.3.0.0/22 I 165 20 >10.0.10.6
[...]
www.juniper.net 23
LY
N
O
SE
U
AL
IS-IS Best Practices—Part 1

N
This slide lists some examples of best practices to use in regards to IS-IS. These examples include the following:
R
• Enable wide metrics using the wide-metrics-only option. Using the default narrow metrics, you can only
specify metric values between 1-63. This is not very scalable in today’s service provide networks. Enable wide
metrics allows you to specify metric values between 1-16777215.
TE
• You can reduce the amount of control traffic generated by IS-IS using the lsp-lifetime option.
• Adjust how quickly IS-IS performs an SPF calculation after detecting a topology change using the
spf-options delay command. Most routers nowadays have plenty of CPU resources and can easily handle
a lower setting than default.
IN
• Use the overload timeout option to prevent transit traffic through a newly booted router, giving it time to
get all protocols up and running. Keep in mind that this option also has effect if routing is restarted on a
currently running router.
24 www.juniper.net
LY
N
O
SE
U
AL
IS-IS Best Practices—Part 2

N
This slide lists some further examples of best practices to use in regards to IS-IS. These additional examples include the
following:
R
• Use the ignore-attached-bit option to avoid certain cases of suboptimal routing where the default route
selected through the attached bit behavior is not the one you want to use. Also, there may be times, such as
TE
during a denial of service (DoS) attack, that you do not want a Level 1 router to be able to forward traffic based
on a default route.
• Enabling Bidirectional Forwarding Detection (BFD) between interfaces can drastically reduce failure detection
times in comparison to the default protocol timers. In BFD, hello packets are sent at a specified, regular
IN
interval. A neighbor failure is detected when the router stops receiving a reply after a specified interval. Keep in
mind that BFD can result in churn so these timers are also adaptive and can be adjusted to be more or less
aggressive. For example, the timers can adapt to a higher value if the adjacency fails, or a neighbor can
negotiate a higher value for a timer than the one configured. Note that BFD works with a wide variety of network
environments and topologies, not just IS-IS.
• Even though it might go without saying, use authentication.
www.juniper.net 25

Multilevel IS-IS Networks

Uploaded by

Copyright:

Available Formats

Multilevel IS-IS Networks

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Multilevel IS-IS Networks

Uploaded by

Copyright:

Available Formats

Advanced Junos

Multilevel IS-IS Networks

IS-IS Level 2 Operation

backbone knowing routes for all areas and levels.

IS-IS Level 1 Operation

Multilevel IS-IS Operation

Multilevel IS-IS Operation Is Similar to OSPF NSSA

Level 1 routes to other IS-IS Level 2 areas.

L1/L2 Border Router Is a Natural Boundary

Ignoring the Attached Bit

Level 1 route leaking in place.

IS-IS Interfaces Operate in L1/L2 Mode

Case Study: Route Leaking

Policy Used to Advertise Routes

Up/Down Bit Prevents Looping

Summarize Routes at the L1/L2 Router

that are normally advertised into Level 2 automatically.

Create an Aggregate Route and Advertise It with Policy

Internal Level 1 Route Summarization

user@R3# show route 10.0.4/22

inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)

10.0.4.12/30 *[IS-IS/18] 00:28:50, metric 20

Level 1 Route Summarization Policy

inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)

10.0.4.0/22 *[IS-IS/165] 00:00:20, metric 20

Apply Export Policy at Global Level of the IS-IS Instance

advertised by the local router.

Case Study: Route Leaking and Summarization—Part 1

Case Study: Route Leaking and Summarization—Part 2

Case Study: Route Leaking and Summarization—Part 3

LSP ID Sequence Checksum Lifetime Attributes

IS-IS level 2 link-state database:

Case Study: Route Leaking and Summarization—Part 4

Case Study: Route Leaking and Summarization—Part 5

sample output from R1 on slide.

Case Study: Route Leaking and Summarization—Part 6

Case Study: Route Leaking and Summarization—Part 7

user@R1> show route 192.168.0.9

+ = Active Route, - = Last Active, * = Both

192.168.0.9/32 *[IS-IS/18] 00:30:29, metric 30

Case Study: Route Leaking and Summarization—Part 8

user@R3> show route terse table inet.0

inet.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path

IS-IS Best Practices—Part 1

IS-IS Best Practices—Part 2

You might also like