Call for Contributions
This section needs improvements, examples and explanations.
Please take a look at the Contributing Guide for our Write Documentation.
IS-IS
IS-IS is a link-state interior gateway protocol (IGP) which is described in ISO10589, RFC 1195, RFC 5308. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called NETs and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP.
General
Configuration
Mandatory Settings
For IS-IS top operate correctly, one must do the equivalent of a Router ID in CLNS. This Router ID is called the NET. This must be unique for each and every router that is operating in IS-IS. It also must not be duplicated otherwise the same issues that occur within OSPF will occur within IS-IS when it comes to said duplication.
This command sets network entity title (NET) provided in ISO format.
Here is an example NET value:
49.0001.1921.6800.1002.00
The CLNS address consists of the following parts:
AFI -
49
The AFI value 49 is what IS-IS uses for private addressing.Area identifier:
0001
IS-IS area number (numerical area1
)System identifier:
1921.6800.1002
- for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is192.168.1.2
, which if expanded will turn into192.168.001.002
. Then all one has to do is move the dots to have four numbers instead of three. This gives us1921.6800.1002
.NET selector:
00
Must always be 00. This setting indicates “this system” or “local system.”
IS-IS Global Configuration
This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in RFC 2763, Dynamic Hostname Exchange Mechanism for IS-IS.
This command defines the IS-IS router behavior:
level-1 - Act as a station (Level 1) router only.
level-1-2 - Act as a station (Level 1) router and area (Level 2) router.
level-2-only - Act as an area (Level 2) router only.
This command configures the maximum size of generated LSPs, in bytes. The size range is 128 to 4352.
This command sets old-style (ISO 10589) or new style packet formats:
narrow - Use old style of TLVs with narrow metric.
transition - Send and accept both styles of TLVs during transition.
wide - Use new style of TLVs to carry wider metric.
This command enables RFC 6232 purge originator identification. Enable purge originator identification (POI) by adding the type, length and value (TLV) with the Intermediate System (IS) identification to the LSPs that do not contain POI information. If an IS generates a purge, VyOS adds this TLV with the system ID of the IS to the purge.
This command sets ATT bit to 1 in Level1 LSPs. It is described in RFC 3787.
This command sets overload bit to avoid any transit traffic through this router. It is described in RFC 3787.
This command will generate a default-route in L1 database.
This command will generate a default-route in L2 database.
This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in RFC 5443. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt.
Interface Configuration
This command specifies circuit type for interface:
level-1 - Level-1 only adjacencies are formed.
level-1-2 - Level-1-2 adjacencies are formed
level-2-only - Level-2 only adjacencies are formed
This command sets hello interval in seconds on a given interface. The range is 1 to 600.
This command sets multiplier for hello holding time on a given interface. The range is 2 to 100.
This command configures padding on hello packets to accommodate asymmetrical maximum transfer units (MTUs) from different hosts as described in RFC 3719. This helps to prevent a premature adjacency Up state when one routing devices MTU does not meet the requirements to establish the adjacency.
This command set default metric for circuit.
The metric range is 1 to 16777215 (Max value depend if metric support narrow or wide value).
This command specifies network type to Point-to-Point. The default network type is broadcast.
This command configures the passive mode for this interface.
This command configures the authentication password for the interface.
This command sets priority for the interface for DIS election. The priority range is 0 to 127.
This command sets PSNP interval in seconds. The interval range is 0 to 127.
This command disables Three-Way Handshake for P2P adjacencies which described in RFC 5303. Three-Way Handshake is enabled by default.
This command disables IGP-LDP sync for this specific interface.
Route Redistribution
This command redistributes routing information from the given route source into the ISIS database as Level-1. There are six modes available for route source: bgp, connected, kernel, ospf, rip, static.
This command redistributes routing information from the given route source into the ISIS database as Level-2. There are six modes available for route source: bgp, connected, kernel, ospf, rip, static.
This command specifies metric for redistributed routes from the given route source. There are six modes available for route source: bgp, connected, kernel, ospf, rip, static. The metric range is 1 to 16777215.
Timers
This command sets minimum interval in seconds between regenerating same LSP. The interval range is 1 to 120.
This command sets LSP refresh interval in seconds. IS-IS generates LSPs when the state of a link changes. However, to ensure that routing databases on all routers remain converged, LSPs in stable networks are generated on a regular basis even though there has been no change to the state of the links. The interval range is 1 to 65235. The default value is 900 seconds.
This command sets LSP maximum LSP lifetime in seconds. The interval range is 350 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed.
This command sets minimum interval between consecutive SPF calculations in seconds.The interval range is 1 to 120.
This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in RFC 8405.
Loop Free Alternate (LFA)
This command enables IP fast re-routing that is part of RFC 5286. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups.
This command disables the load sharing across multiple LFA backups.
Examples
Enable IS-IS
Node 1:
set interfaces loopback lo address '192.168.255.255/32'
set interfaces ethernet eth1 address '192.0.2.1/24'
set protocols isis interface eth1
set protocols isis interface lo
set protocols isis net '49.0001.1921.6825.5255.00'
Node 2:
set interfaces ethernet eth1 address '192.0.2.2/24'
set interfaces loopback lo address '192.168.255.254/32'
set interfaces ethernet eth1 address '192.0.2.2/24'
set protocols isis interface eth1
set protocols isis interface lo
set protocols isis net '49.0001.1921.6825.5254.00'
This gives us the following neighborships, Level 1 and Level 2:
Node-1@vyos:~$ show isis neighbor
Area VyOS:
System Id Interface L State Holdtime SNPA
vyos eth1 1 Up 28 0c87.6c09.0001
vyos eth1 2 Up 28 0c87.6c09.0001
Node-2@vyos:~$ show isis neighbor
Area VyOS:
System Id Interface L State Holdtime SNPA
vyos eth1 1 Up 29 0c33.0280.0001
vyos eth1 2 Up 28 0c33.0280.0001
Here’s the IP routes that are populated. Just the loopback:
Node-1@vyos:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I 192.0.2.0/24 [115/20] via 192.0.2.2, eth1 inactive, weight 1, 00:02:22
I>* 192.168.255.254/32 [115/20] via 192.0.2.2, eth1, weight 1, 00:02:22
Node-2@vyos:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I 192.0.2.0/24 [115/20] via 192.0.2.1, eth1 inactive, weight 1, 00:02:21
I>* 192.168.255.255/32 [115/20] via 192.0.2.1, eth1, weight 1, 00:02:21
Enable IS-IS and redistribute routes not natively in IS-IS
Node 1:
set interfaces dummy dum0 address '203.0.113.1/24'
set interfaces ethernet eth1 address '192.0.2.1/24'
set policy prefix-list EXPORT-ISIS rule 10 action 'permit'
set policy prefix-list EXPORT-ISIS rule 10 prefix '203.0.113.0/24'
set policy route-map EXPORT-ISIS rule 10 action 'permit'
set policy route-map EXPORT-ISIS rule 10 match ip address prefix-list 'EXPORT-ISIS'
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6800.1002.00'
set protocols isis redistribute ipv4 connected level-2 route-map 'EXPORT-ISIS'
Node 2:
set interfaces ethernet eth1 address '192.0.2.2/24'
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6800.2002.00'
Routes on Node 2:
Node-2@r2:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
I 203.0.113.0/24 [115/10] via 192.0.2.1, eth1, 00:03:42
Enable IS-IS and IGP-LDP synchronization
Node 1:
set interfaces loopback lo address 192.168.255.255/32
set interfaces ethernet eth0 address 192.0.2.1/24
set protocols isis interface eth0
set protocols isis interface lo passive
set protocols isis ldp-sync
set protocols isis net 49.0001.1921.6825.5255.00
set protocols mpls interface eth0
set protocols mpls ldp discovery transport-ipv4-address 192.168.255.255
set protocols mpls ldp interface lo
set protocols mpls ldp interface eth0
set protocols mpls ldp parameters transport-prefer-ipv4
set protocols mpls ldp router-id 192.168.255.255
This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:
Node-1@vyos:~$ show isis mpls ldp-sync
eth0
LDP-IGP Synchronization enabled: yes
holddown timer in seconds: 0
State: Sync achieved
Enable IS-IS with Segment Routing (Experimental)
Node 1:
set interfaces loopback lo address '192.168.255.255/32'
set interfaces ethernet eth1 address '192.0.2.1/24'
set protocols isis interface eth1
set protocols isis interface lo
set protocols isis net '49.0001.1921.6825.5255.00'
set protocols isis segment-routing global-block high-label-value '599'
set protocols isis segment-routing global-block low-label-value '550'
set protocols isis segment-routing prefix 192.168.255.255/32 index value '1'
set protocols isis segment-routing prefix 192.168.255.255/32 index explicit-null
set protocols mpls interface 'eth1'
Node 2:
set interfaces loopback lo address '192.168.255.254/32'
set interfaces ethernet eth1 address '192.0.2.2/24'
set protocols isis interface eth1
set protocols isis interface lo
set protocols isis net '49.0001.1921.6825.5254.00'
set protocols isis segment-routing global-block high-label-value '599'
set protocols isis segment-routing global-block low-label-value '550'
set protocols isis segment-routing prefix 192.168.255.254/32 index value '2'
set protocols isis segment-routing prefix 192.168.255.254/32 index explicit-null
set protocols mpls interface 'eth1'
This gives us MPLS segment routing enabled and labels for far end loopbacks:
Node-1@vyos:~$ show mpls table
Inbound Label Type Nexthop Outbound Label
----------------------------------------------------------------------
552 SR (IS-IS) 192.0.2.2 IPv4 Explicit Null <-- Node-2 loopback learned on Node-1
15000 SR (IS-IS) 192.0.2.2 implicit-null
15001 SR (IS-IS) fe80::e87:6cff:fe09:1 implicit-null
15002 SR (IS-IS) 192.0.2.2 implicit-null
15003 SR (IS-IS) fe80::e87:6cff:fe09:1 implicit-null
Node-2@vyos:~$ show mpls table
Inbound Label Type Nexthop Outbound Label
---------------------------------------------------------------------
551 SR (IS-IS) 192.0.2.1 IPv4 Explicit Null <-- Node-1 loopback learned on Node-2
15000 SR (IS-IS) 192.0.2.1 implicit-null
15001 SR (IS-IS) fe80::e33:2ff:fe80:1 implicit-null
15002 SR (IS-IS) 192.0.2.1 implicit-null
15003 SR (IS-IS) fe80::e33:2ff:fe80:1 implicit-null
Here is the routing tables showing the MPLS segment routing label operations:
Node-1@vyos:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I 192.0.2.0/24 [115/20] via 192.0.2.2, eth1 inactive, weight 1, 00:07:48
I>* 192.168.255.254/32 [115/20] via 192.0.2.2, eth1, label IPv4 Explicit Null, weight 1, 00:03:39
Node-2@vyos:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
I 192.0.2.0/24 [115/20] via 192.0.2.1, eth1 inactive, weight 1, 00:07:46
I>* 192.168.255.255/32 [115/20] via 192.0.2.1, eth1, label IPv4 Explicit Null, weight 1, 00:03:43