IS-IS is an Interior Gateway Protocol (IGP) developed in the 1980s by DEC and submitted to the International Organization for Standardization (ISO) as the routing protocol for Open System Interconnection (OSI). The creation of IS-IS was part of an attempt to produce an international standard protocol suite that could compete with TCP/IP.
IS-IS was developed to provide
A nonproprietary protocol
A large and hierarchical addressing scheme
An efficient protocol, allowing for fast, accurate convergence and low network overhead
The United States mandated that every system operated by the government be capable of running OSI; IS-IS was extended to pass IP routes to aid in this transition to OSI. In the end, however, the Internet, built on TCP/IP, prevailed as the de facto alternative to an international standard.
When IS-IS is used to support IP, it is properly referred to as Integrated IS-IS. This book simplifies that to "IS-IS" in many cases because any mention of IS-IS herein refers to its use as an IP routing protocol.
In recent years there has been renewed interest in IS-IS. This new interest is because IS-IS is protocol independent, scales well, and has the capacity to define type of service (ToS) routing (but ToS routing is not supported by IOS). IS-IS has been dusted off as a routing protocol for IPv6 or for use with MPLS, but this interest has yet to extend to widespread adoption.
In OSI-speak, a router is referred to as an intermediate-system (IS) and a PC is called an end-system (ES). Thus, IS-IS is a router-to-router protocol.
The network layer protocol in OSI is called the Connectionless Network Protocol (CLNP) and is used for the Connectionless Network Service (CLNS). IS-IS implementers need to understand only one detail of OSI: CLNS addressing. Because IS-IS started as an OSI routing protocol it uses a CLNS address as a router ID and to group the routers into areas. No actual CLNS traffic needs to be passed; the address is only used administratively.
OSI supports four routing levels, with IS-IS used for the middle two:
Level 0 routing is used to find end-systems and uses end system-to-intermediate system (ES-IS).
Level 1 routing is used to exchange routes within an area.
Level 2 is the backbone between areas.
Level 3 routing is used between autonomous systems and is the province of the Interdomain Routing Protocol (IDRP).
IS-IS is responsible for Levels 1 and 2. Routers may be in a Level 1 area, in the Level 2 backbone, or both. Level 1-2 routers connect areas to the backbone. Each level uses Dijkstra's SPF algorithm to select paths and each level converges quickly.
The IS-IS protocol data unit (PDU) is encapsulated directly into the data-link frame. All IS-IS packets share the same eight-octet header. After the fixed header, there are a number of optional variable-length fields that contain specific routing-related information. These variable-length fields are called TLV.
Each IS-IS PDU begins with a standard header. Next are the specific fields and the variable-length fields. The following sections describe the three IS-IS packet types: Hellos, LSPs, and SNPs.
Adjacencies are formed by exchanging hellos—there are three different types of hellos.
End system hellos (ESH)— ISO end systems use ESHs to attach to routers. IP end systems do not speak ESH, so IS-IS just attaches the local subnet.
Intermediate system hellos (ISH)— Routers use ISHs to announce themselves back to the ES.
Intermediate-to-intermediate hellos (IIH)— Routers use IIHs to meet IS neighbors. IIH is transmitted separately at Level 1 and Level 2.
Because the point-to-point and broadcast media work differently, adjacencies are formed differently. A point-to-point network has only one other router with which to communicate. Broadcast networks are multiaccess networks and can have a mixture of both Level 1 and Level 2 routers. For this reason, the broadcast or LAN network has two Hello formats: the Level 1 format and the Level 2 format. Hellos for broadcast media are referred to as LAN Hellos. Point-to-point Hello packets are used over point-to-point links. LAN Hello packets are used over broadcast links.
Table 9-2 summarizes the hellos used by IS-IS.
|Hello||Goes from||Goes to||Description|
|ESH||OSI ES||IS||Attaches ES to IS|
|ISH||IS||OSI ES||Announces IS|
|Level 1 IIH||L1 IS||L1 IS||Builds area|
|Level 2 IIH||L2 IS||L2 IS||Passes Level 2 adjacencies|
The LSP from a Level 1 router is flooded to all routers in the area. The LSP contains a list of all the adjacencies.
Likewise, a Level 2 router floods the LSP to every other Level 2 router in the domain. However, this LSP contains the list of adjacencies to other Level 2 routers and the areas that the transmitting router can reach. The TLVs hold the Level 1 and Level 2 information, allowing the LSP format to be the same for both Level 1 and Level 2 routers.
TLVs are one of the strengths of IS-IS. TLVs provide flexibility and extensibility for the protocol. The protocol can adapt to changing needs and advances in technology by simply defining a new TLV.
The following is the structure of the TLV:
Type— Identifies the advertisement and all characteristics that pertain to it. For example, TLV 128 is an IP advertisement.
Length— The length of the following field. This is important because the Value field can be variable length.
Value— The advertisement, which takes the form of IP routes, IS neighbors, or authentication.
It is important to know which TLVs your equipment supports because this determines the design and configuration of the network. The receiving router ignores TLVs that are not supported.
Integrated IS-IS and OSPF share a common heritage. Both protocols were developed around the same time, and reputedly borrowed ideas from one another. Therefore, IS-IS has more similarities than differences to OSPF. In fact, IS-IS could be described as "OSPF using only totally stubby areas."
IS-IS and OSPF are both link-state routing protocols based on the Dijkstra SPF algorithm. Both have a two-level hierarchy, support VLSM, and converge quickly. Both use hellos to meet and greet their neighbors and build a topology.
The main differences between OSPF and IS-IS are
OSPF has a central area, whereas IS-IS has a backbone on top of its areas.
IS-IS uses a single designated router (called a designated intermediate system [DIS]) and different timers.
IS-IS sends advertisements in a standard form and in a single set of packets. OSPF advertisements vary based on type and are transmitted by type.
IS-IS is encapsulated at the data link layer.
OSPF is more closely associated with TCP/IP and is common in IP networks; IS-IS was deployed to support CLNS and IP concurrently in early ISP backbones.
The following sections elaborate on the differences between the two protocols as a way of describing IS-IS; however, it is important to understand that in all the most important ways the two protocols are similar.
Both OSPF and IS-IS support a two-level hierarchy. OSPF has a central area (Area 0) to which all other areas attach. OSPF interfaces belong in an area; routers that straddle two areas are called Area Border Routers (ABR).
In IS-IS the router is wholly in a Level 1 area. Level 1-2 routers, which are similar to OSPF ABRs, are in one area at Level 1 and also route separately at Level 2. IS-IS Level 2 may wind through Level 1 areas. Level 1 routers must be in the same area to exchange local routes and receive a default route from a Level 1-2 router. Level 2 routers send Level 2 updates across the backbone. These roles are shown in Figure 9-1.
Like an OSPF designated router (DR), an IS-IS DIS exists to simulate a point-to-point topology across a multipoint environment. Because of this, a DIS is sometimes called a pseudonode. Despite their similarities, the IS-IS DIS is subtly different from OSPF.
The DIS exists separately at Level 1 and Level 2, and there is not a backup DIS. An OSPF DR is elected for life; IS-IS allows preemption if another router comes on line with a higher priority. Fewer adjacencies are formed in OSPF because the routers form adjacencies only with the DR and the BDR. In IS-IS, every router makes an adjacency with every other router on the medium. IS-IS LSPs are sent out only by the DIS on behalf of the pseudonode.
OSPF advertisements are packaged by type and an OSPF router may produce many packets to advertise current connectivity. IS-IS advertisements are all in a standard form: Type, Length, Value (TLV). The TLV structure means that advertisements can be easily grouped and advertised together. This results in fewer packets needed for LSPs and makes IS-IS adaptable. Table 9-3 lists the type codes supported by Cisco IOS.
|1||Area Addresses||ISO 10589||Hello and LSPs||Area addresses of the router.|
|2||IS Neighbors||ISO 10589||LSPs||Lists IS neighbors. Neighbor ID is system ID plus an extra octet. If a pseudonode, the octet is a positive value. If a router, the octet is 0x00.|
|3||ES Neighbors||ISO 10589||Level 1 LSP||Lists ES neighbors, assuming the same cost as media.|
|5||Prefix Neighbors||ISO 10589||Level 2 LSP||The same as TLV 3 but stating a prefix rather than an ES.|
|6||IS Neighbors||ISO 10589||Hello||Lists system IDs from which a valid Hello has been received. Level 1 routers list Level 1 neighbors; Level 2 routers list Level 2 neighbors.|
|8||Padding||ISO 10589||Hello||Ignored. Used to pad to minimum length.|
|9||LSP Entries||ISO 10589||SNP||LSP state including remaining Lifetime, LSP ID, sequence number, and Checksum. Identifies LSP and ensures no duplication or corruption.|
|10||Authentication||ISO 10589||Hello, Level 1 and Level 2 LSP, and SNP||First octet states type of authentication (only clear text is defined in ISO 10589). An interface can be configured with a password and neighbors reject packets if the expected password is not found.|
|128||IP Internal Reachability||RFC 1195||Level 1 and Level 2 LSP||IP addresses known from interfaces within the area.|
|129||Protocols Supported||RFC 1195||Hello||Protocols that the transmitter supports (CLNS only, IP only, or both).|
|131||InterDomain Routing Protocol||RFC 1195||Level 2 LSP||Allows information from external routing protocols to be carried in Level 2 LSPs.|
|132||IP Interface Address||RFC 1195||Hello, LSP||IP address or addresses of the transmitting interface.|
IS-IS advertisements are called sequence number packets (SNP). SNPs list the LSPs in the transmitting router's link-state database in a condensed format. SNPs are never flooded but only sent between neighbors. SNPs are specific to each level of routing and can be a complete SNP (CSNP), which lists every LSP, or a partial SNP (PSNP), which lists some of the LSPs.
The way that the LSPs are handled is also slightly different and influences the design of networks running either protocol. Unrecognized LSPs are ignored and flooded in IS-IS; OSPF ignores and drops unrecognized LSAs.
Another major difference between IS-IS and OSPF is the encapsulation of the two protocols. IS-IS is protocol independent because it runs directly on top of the data link layer. OSPF is encapsulated into IP. This difference means that IS-IS can be adapted to circumstances by simply drafting a new TLV.
One example of the benefit of this approach to encapsulation is IPv6. When a new Layer 3 protocol was developed, IS-IS was quickly adapted to support it by creating new Ipv6 TLVs. OSPF took longer to adapt and its adaptation involved creating a new version of the protocol—OSPFv3.
Development of IS-IS has been largely at a standstill for a number of years; however, it has picked up recently and Cisco is committed to bringing it into parity with OSPF in the future. Currently, OSPF has more area types and larger metrics. Information about OSPF is fairly well distributed, so finding good books and engineers prepared to work with OSPF is not difficult. At this point, the IS-IS advantages—encapsulation, TLV structure, and LSP processes—are not appreciated by enterprise users in the same way that OSPF is valued.
IS-IS is the product of a committee, and it has the feel of an academic solution that is intended to resolve every eventuality. Its addressing scheme thinks not just locally, but globally.
Where OSPF uses an IP address for a router id, IS-IS uses an ISO address for that same purpose. The ISO address comes in two forms, depending on what type of device is being addressed:
Network Service Access Point (NSAP)
Network Entity Title (NET)
The IS-IS addressing scheme is complex, but is defined by clear rules.
An ISO address varies from 8 to 20 octets (IP uses 4 bytes). ISO 10589 defines three parts to the address:
Area— Area is like an IP subnet, describing a group or location.
ID— ID identifies a particular member at that location, like the host portion of an IP address.
SEL— Similar to a TCP port, SEL identifies a process on the host.
Figure 9-2 shows the complete ISO address.
|AFI (1 octet)||IDI||High Order DSP||System ID (1-8 octets)||NSEL (1 octet)|
The following list explains the parts of an ISO address and their relationship:
Inter Domain Part (IDP)— External routing. The IDP is used to route to the autonomous system. IDP is given by ISO and identifies the organization responsible for assigning the format for the rest of the address by defining the DSP structure. The IDP is subdivided into two parts:
Domain Specific Part (DSP)— DSP is used to route within the autonomous system, and contains three fields:
The fact that the address can take so many forms can cause confusion; remember, however, that there are only two layers of hierarchy. By providing such flexibility in the address space, the ISO has ensured a decentralized address allocation and management, in addition to the ability to scale the network.
As with TCP/IP, the addressing scheme within an autonomous system can be the result of the creative genius of the network administrator or can be obtained from the AFI, an authorized ISO body such as ANSI or GOSIP.
The next sections discuss ISO addresses for Integrated IS-IS, and include an explanation of NETs and NSAP and a description of the rules for IS-IS addressing.
NETs and NSAPs are ISO addresses. The NET address is specifically the NSAP address of the host, with the NSEL set to 0x00. The NET is the form of the address used to identify routers.
The following list indicates a few rules that clarify ISO addressing:
The ISO address is assigned to the system, not the interface.
Typically, a router has one NET address. The limit is three NETs in a conventional IS-IS implementation; the limit is three NETs per area in a multi-area Integrated IS-IS implementation. Multiple addresses are used during transitions.
If multiple NETs are configured on the same router, they all must have the same system ID.
The area address must be the same for all routers in the same area.
All Level 2 routers must have a system ID that is unique for the entire Level 2 domain. All Level 1 routers must have a system ID that is unique for the entire Level 1 area. Put simply: All routers must have a unique system ID.
The system ID must be the same length for all ISs and ESs within a routing domain and Cisco only supports six-byte system IDs.
The following are examples of NET addresses. AFI 49 means "make up your own address structure." Because we only need to differentiate areas, notice that the IDI has been left out.
The first example shows a NET address that uses the host MAC address as the system ID: 49.0005.AA00.0301.16CD.00. When interpreting an address, a Cisco router knows that the first byte is AFI, last byte is SEL, and the preceding six bytes are system ID. Anything between AFI and system ID is interpreted as area, so IDI is not necessary.
|To the Domain||Within the Domain|
The second example shows a NET address that transliterates the host's loopback IP address of 126.96.36.199 as the system ID: 49.0001.1441.3201.6019.00.
|To the Domain||Within the Domain|
The following example shows a GOSIP address with external routing information, along with the way IS-IS for IP would interpret it: 47. 0005.80ff.f800.0000. 0001.0000.0c00.1234.00. This structure is overly complicated for the way IS-IS is used today.
IP subnets are treated as leaf-objects in the IS-IS SPF tree. Areas—recognized by the format of their NET—produce a summary into Level 2 and the Level 1-2 router and introduce a default route back into Level 1.
Routing to destinations within an area is straightforward. The first IS matches the destination to an entry in its routing table and selects the shortest path in exactly the same way OSPF would.
Routing between areas is only slightly complicated. The first IS receives traffic for an IP destination that is not in its routing table and decides to forward the traffic to the nearest Level 1-2 router. The Level 1-2 router uses its routing table to route it across Level 2 toward the nearest Level 1-2 router advertising a matching summary.
Borders in Integrated IS-IS are defined on the link, meaning that the entire router is in the Level 1 area. For Level 2 routing updates to be exchanged, all the routers capable of sending Level 2 updates must be contiguous. This is shown in Figure 9-3.
Routers sharing a common data link layer become IS-IS neighbors if the Hello packets that they exchange meet the criteria for forming an adjacency. Although the process of finding a neighbor differs slightly depending on the media, the information sent in the Hellos is essentially the same.
Each Hello states the originator of the Hello and the capabilities of its interface. If the Hellos are exchanged and the criteria are met, an adjacency is formed and the Integrated IS-IS neighbors exchange routing information in the form of LSPs. In this way, every router gathers the connected networks of every other router to create identical detailed topology maps of the network.
For an adjacency to be formed and maintained, both interfaces must agree on the following:
The maximum packet size (MTU) of the interface must be the same.
Both routers must support the same level of routing. A Level 1 router becomes adjacent to another Level 1 or a Level 1-2 router in the same area. A Level 2 router can become adjacent to a Level 2 or to a Level 1-2 router.
To connect to another area, at least one of the routers must be configured as a Level 1-2.
The system ID must be unique to each router.
If authentication is configured, it must be configured identically on both routers.
The Hello and hold timers must match.
Integrated IS-IS defines two network types—broadcast subnetworks and point-to-point networks—whereas OSPF uses five types. A broadcast network, as in OSPF, is a multiaccess data link that supports broadcasts and multicasts. The point-to-point links are deemed to be nonbroadcast and can be permanent virtual circuits (PVC) or dedicated lines.
IS-IS does not have an NBMA link type, so non-broadcast multiaccess links must be setup as either broadcasts or point-to-point networks. The recommended solution is to set them up as point-to-point using subinterfaces.
When point-to-point links are used, adjacency occurs after a Hello packet has been received. Next, each side sends a CSNP. The CSNP is a list of all the links held in the link-state database, which triggers a synchronization of the link-state database on each machine.
Periodic Hellos maintain the adjacency. If a router does not hear a Hello within the Hello holdtime, the neighbor is declared dead and the database is purged of any entries associated with the router. Cisco sets the default Hello multiplier to three. The holdtime is defined as the Hello time multiplied by the Hello multiplier, which makes the hold timer expire every 30 seconds.
On broadcast links, each IS receives packets sent by the DIS, minimizing the amount of traffic that needs to be generated to maintain the adjacencies and databases. The DIS has the responsibility of flooding the LSPs to all connected systems running Integrated IS-IS.
The adjacencies with the other routers are maintained by the DIS, which sends out Hellos every 3.3 seconds, three times the speed of other routers. This is to ensure the integrity of the adjacencies by identifying a problem very quickly. If there is a problem with the DIS, or a router with a higher priority appears, it is quickly identified and a new router is elected in the place of the old DIS, which is forced into retirement. The election is based first on the highest priority and then on the highest data-link address.
The creation and maintenance of adjacencies becomes more complicated when used over non-broadcast links. An NBMA link is neither a broadcast medium nor a point-to-point link; it is a little of both. Furthermore, IS-IS does not have an NBMA link type. Using PVCs, NBMAs provide multiple connections, which could be viewed as a LAN. The confusion occurs when Integrated IS-IS sees the link is multiaccess. Having no knowledge of multiaccess WAN clouds, Integrated IS-IS believes that the medium is some form of LAN and therefore has broadcast capabilities. Although the LAN can be simulated, the WAN cloud has no inherent broadcast capabilities.
To avoid complications and possible errors, Cisco recommends that you configure the links as a series of point-to-point links. Do not use IS-IS on temporary connections such as dial-up.
This section describes how the databases for IS-IS are created and maintained.
The routing process for IS-IS is divided into four stages:
The following sections focus on the update and decision processes.
The router can forward data packets to the remote destination only if it understands the topology. Each router generates an LSP that lists the router's neighbors and propagates it throughout the network. The flooding of LSPs ensures every router has an identical link-state database.
The affected routers generate LSPs whenever there is a change in the network. Any of the following trigger a new LSP to be flooded throughout the network:
An adjacency either comes up or down.
An interface changes state or is assigned a new metric.
A route changes (for example, because of redistribution).
The following sections describe sending and receiving LSPs and determining whether the LSP in the database is valid.
Routers store new LSPs in the link-state database and mark them for flooding. If the LSP is already present in the database, the router just acknowledges it and ignores it. The router sends the new LSP to its neighbors, which in turn flood to their neighbors and so on. Because Level 1 and Level 2 routers have their own link-state databases, Level 1 LSPs are flooded throughout the area; Level 2 LSPs are sent across all Level 2 adjacencies.
The process of propagating LSPs differs slightly depending on which medium the LSP was received.
A point-to-point link does not need to ensure that multiple systems have synchronized databases. With only one other router with which to work, some reliance is given to the router's capability to determine the need to update so that bandwidth can be optimized.
The following list describes the point-to-point flooding process:
When an adjacency is established, both sides send a complete sequence number packet (CSNP) with a compressed version of their link-state database (router ID and the sequence number).
If there are any LSPs in the receiving router's database that were not in the received CSNP, the process sends a copy of the missing LSPs to the other router.
Likewise, if the database is missing any LSPs received in the CSNP, the receiving router requests the detailed or full LSP to be sent.
The individual LSPs are requested, sent, and acknowledged via partial-sequence number packets (PSNP).
When an LSP is sent, the router sets a timer, and if no explicit acknowledgement has been received before the timer expires, the LSP is re-sent. This timer is the minimumLSPTransmissionInterval and can be configured; the default on a Cisco router is five seconds.
A psuedonode on a broadcast link may need to send out both Level 1 and Level 2 updates. It sends these updates, using multicast MAC addresses, to all Level 1 routers and all Level 2 routers. Because the pseudonode is just that—a pretend system—a real node or system must enter the charade and perform the tasks of the pseudonode. The designated intermediate system (DIS) takes on much of the responsibility for synchronizing the databases on behalf of the pseudonode (recall that the DIS is comparable to the OSPF DR). The DIS has three tasks:
Creating and maintaining adjacencies
Creating and updating the pseudonode LSP
Flooding the LSPs over the LAN
Following are the main steps in the flooding process:
On receipt of a CSNP, the router compares each compressed LSP with the link-state database.
If the database has a newer version of the LSP sent in the CSNP, or if there is no instance of a LSP in the CSNP, the router multicasts the LSP onto the LAN.
If the database is missing an LSP that was in the CSNP, it sends a PSNP requesting the full LSP. Although the router multicasts, it is only the DIS that responds.
Figure 9-4 summarizes the flow of CSNPs and PSNPs on broadcast and point-to-point links.
The LSP contains three fields that help determine whether the LSP that has been received is more recent than that held in the database, and whether it is intact or has been corrupted. These three fields are as follows:
Remaining Lifetime— This is used to age-out old LSPs. If an LSP has been in the database for 20 minutes, it is assumed that the originating router has died. The refresh timer is set to 15 minutes.
If the lifetime expires, the LSP has the content removed, leaving only the header. The lifetime is set to show that it is a new LSP, and then it is flooded through the network. All receiving routers accept the mutilated LSP, recognize that this means the route is bad, and purge the existing LSP from their databases.
Sequence Number— This is an unsigned 32-bit linear number. The first LSP is allocated the sequence number 1, and the following LSPs are incremented.
Checksum— If a router receives an LSP and the checksum does not compute correctly, the LSP is flushed and the lifetime is set to 0. The router floods the LSP, all routers purge the LSP, and the originating router retransmits a new LSP.
After the link-state databases have been synchronized, it is necessary to decide which path to take to reach the destination. Because the routers and hosts may have multiple connections to each other, there may be many paths from which to choose.
To make the best path decision, link-state protocols employ the algorithm defined by Dijkstra. This algorithm creates a tree that shows the shortest paths to all destinations. The tree is used in turn to create the routing table.
If there is more than one path to a remote destination, the criteria by which the lowest cost paths are selected and placed in the forwarding database are as follows:
If there is more than one path with the lowest value metric, Cisco equipment places some or all paths into the table. Older versions of IOS support as many as six load-sharing paths, newer versions support more.
Internal paths are chosen before external paths.
Level 1 paths within the area are more attractive than Level 2 paths.
The address with the most specific address in IP is the address with the longest IP subnet mask.
If there is no path, the forwarding database sends the packet to the nearest Level 2 router, which is the default router.
The metric defines the cost of the path. Integrated IS-IS has four metrics, only one of which is required and supported. The metrics defined in ISO 10589 are as follows:
Default— Every Integrated IS-IS router must support this metric. Cisco set the default for all interfaces to 10.
Delay— Cisco does not support the transit delay metric.
Expense— Cisco does not support the expense metric.
Error— Cisco does not support the error metric.
By default, six-bit metrics are configured on the outgoing interface. A 10-bit field describes the total path cost. These default metrics are referred to as narrow.
Because it considered these inadequate, Cisco increased the metric size to 24 bits. This larg