1. Introduction to RBFS IS-IS
The RtBrick Full Stack (RBFS) is a distributed, web-scale network operating system based on micro-service architecture and packaged in a Linux container currently based on Ubuntu 18.04. The RBFS decreases the complexity of a network by providing users with capabilities such as composability, programmability, and elasticity in a visionary way.
The RBFS operating system operates on the leaf and spine framework. This framework provides the network operators with methods to configure and manage a network brick by brick, and provides full control of the network so the focus can be on the deployment of the new services and not the constant juggling of hardware. The Intermediate System-to-Intermediate System (IS-IS) protocol is an interior gateway protocol (IGP) that uses link-state information to make routing decisions.
1.1. IS-IS CLI Overview
This guide provides the various IS-IS configuration and show CLI commands for RBFS. It shows you how to configure IS-IS using the confd daemon, view the command hierarchy, and make configuration changes.
1.2. RBFS IS-IS Instance Hierarchy
The RBFS uses a distinct hierarchy for the IS-IS statements and commands. When installed, the RBFS runs a default instance named “default.”
You can apply IS-IS configuration statements and commands at the instance, address family, or protocol IS-IS hierarchy level.
The figure below shows the IS-IS command hierarchy:
The table below shows the IS-IS configuration modes and CLI prompts:
Configuration Mode | Prompt |
---|---|
Root |
|
Instance |
|
Interface |
|
Interface level [level-1 | level-2] |
|
Address Family [ipv4 | ipv6] |
|
Redistribute |
|
1.2.1. Modes and Commands
All edit and set operations are performed through the configuration daemon CONFD. Their end result is similar, but the terms apply to slightly different configuration methods:
-
Mode: An “edit” is used to provide a hierarchical configuration option for the module instance.
-
Commands: A “set” is used to set the statement parameters and attributes for the module instance.
In a typical configuration session, you will use both methods.
Syntax
root@is-is-router:confd> edit instance red [ instance red ] root@is-is-router:confd> edit protocol isis [ instance red protocol isis ]
You can execute the exit command to exit the current level of the statement hierarchy, returning to the level prior to the last edit command. To exit from the configuration mode, enter the end and exit commands. |
1.2.2. IS-IS Instance
To enter into the IS-IS default instance mode, enter the following command:
root@rta:confd> edit instance protocol isis [ instance protocol isis ] root@rta:confd>
1.2.3. Interface
In this mode, you can configure the interface-specific IS-IS properties.
Example (Default Instance)
root@is-is-router:confd> edit interface twc-0/0/1/2/1 [ instance protocol isis interface twc-0/0/1/2/1 ] root@rta:confd>
Example (VRF Instance)
root@is-is-router:confd> edit interface twc-0/0/1/2/1 [ instance red protocol isis interface twc-0/0/1/2/1 ] root@rta:confd>
1.2.4. Level (IS-IS Interfaces)
The level mode enables you to configure the IS-IS operational characteristics of the interface at Level 1 and/or Level 2. Level 1 and Level 2 can be configured inside a logical interface. By default, an interface operates in both Level 1 and Level 2 modes.
-
Level 1: Specifies the IS-IS operational characteristics of the interface at level 1.
-
Level 2: Specifies the IS-IS operational characteristics of the interface at level 2.
Example (Default Instance)
root@is-is-router:confd> edit level-1 [ instance protocol isis interface twc-0/0/1/2/1 level-1 ] root@is-is-router:confd> edit level-2 [ instance protocol isis interface twc-0/0/1/2/1 level-2 ]
Example (VRF Instance)
root@is-is-router:confd> edit level-1 [ instance red protocol isis interface twc-0/0/1/2/1 level-1 ] root@is-is-router:confd> edit level-2 [ instance red protocol isis interface twc-0/0/1/2/1 level-2 ]
1.2.5. Redistribute
IS-IS determines support for route redistribution based on address family. The selected address family can redistribute local interface routes, static routes, routes learned by IS-IS, and so on.
The examples below show the route redistribution options:
Example (Default Instance)
root@isr1:confd> edit instance protocol isis address-family ipv4 unicast [ instance protocol isis address-family ipv4 unicast ] root@isr1:confd>
Example (VRF Instance)
root@ is-is-router:confd> edit instance vrf1 instance vrf1 ] root@ is-is-router:confd> edit address-family ipv4 unicast [ instance vrf1 address-family ipv4 unicast ]
1.3. IS-IS Instance Configuration Commands
This section describes the commands used to configure IS-IS in an instance.
1.3.1. IS-IS Instance
To enter into the IS-IS default instance mode configuration mode, enter the following command:
root@rta:confd> edit instance protocol isis [ instance protocol isis ] root@rta:confd>
root@isr1:confd> edit instance protocol isis [ instance protocol isis ] root@isr1:confd> root@isr1:confd> set address-family Address family config area ISO area holding-time ISIS neighbor hold time hostname ISIS System Host Name interface Interface Configuration lsp LSP Flooding Related Configuration overload Set ISIS Overload bit in LSP system-id ISO system id associated with the system [ instance protocol isis ] root@isr1:confd>
1.3.2. area
This command specifies the ISO area.
<area> |
The area can be represented in 1, 3, 5, 13 bytes format. |
root@rta:confd> edit instance protocol isis root@rta:confd> set area 49.0001/24
1.3.3. holding-time
This command sets the adjacency expiry interval. This is a global setting for the instance.
<seconds> |
Specifies the adjacency expiry and the hello interval time in seconds. Default value: 30 seconds Range: 1 through 65535 seconds Note: You need to adjust the hold time configuration for stable operations. |
root@rta:confd> edit instance protocol isis root@rta:confd> set holding-time 30000
1.3.4. lsp lifetime
This command sets the link-state PDU (LSP) lifetime, after which the LSP expires.
<seconds> |
Specifies the LSP lifetime in seconds. Default value: 20 seconds Range: 5 through 65535 seconds |
root@rta:confd> edit instance protocol isis root@rta:confd> set lsp lifetime 30000
1.3.5. hostname
This command sets the IS-IS hostname of the node.
<name> |
Specifies the IS-IS hostname of the node. |
root@rta:confd> edit instance protocol isis root@rta:confd> set hostname rta
1.3.6. overload
This command sets the IS-IS overload bit in a link-state PDU (LSP).
root@rta:confd> edit instance protocol isis root@rta:confd> set overload
1.3.7. system-id
This command sets the ISO system ID.
<system ID> |
Six-byte value that identifies a system in an area. |
root@rta:confd> edit instance protocol isis root@rta:confd> set system-id 1921.0000.1001
1.4. IS-IS Interface Configuration Commands
This section describes the IS-IS interface mode configuration commands.
1.4.1. interface-type
This command sets the interface type. You can execute this command from the Instance mode.
<interface-type> |
Specifies the interface type. Note: The point-to-point is the default interface type and hence you actually do not need to configure it. |
root@isr1:confd> edit instance protocol isis interface twc-0/0/1/2/1 [ instance protocol isis interface twc-0/0/1/2/1 ] [ instance protocol isis interface twc-0/0/1/2/1 ] root@isr1:confd> set interface-type point-to-point
1.4.2. passive
This command sets the interface in passive mode. In this mode, no IS-IS hello packets are sent out on the interface and no IS-IS adjacencies are created. But the IP prefixes will be mentioned in the self LSP to make the network reachable via other links. You can execute this command from the interface mode.
root@isr1:confd> edit instance protocol isis interface twc-0/0/1/2/1 [ instance protocol isis interface twc-0/0/1/2/1 ] root@isr1:confd> set passive
1.5. IS-IS Level (Interface) Configuration Commands
This section describes the IS-IS interface level configuration mode commands.
1.5.1. level-1 disable
This command disables level-1 adjacencies on an interface. By default, it is enabled. You can execute this command from the interface level mode.
root@isr1:confd> edit instance protocol isis interface twc-0/0/1/2/1 level-1 [ instance protocol isis interface twc-0/0/1/2/1 level-1 ] root@isr1:confd> set disable
1.5.2. level-2 disable
This command disables the level-2 adjacencies on an interface. By default, it is enabled. You can execute this command from the interface level mode.
root@isr1:confd> edit instance protocol isis interface twc-0/0/1/2/1 level-2 [ instance protocol isis interface twc-0/0/1/2/1 level-2 ] root@isr1:confd> set disable
1.5.3. level-1 metric
This command sets the interface level-1 metric value. If the metric value is not set, the default value is set to 1000000. You can execute this command from the interface level mode.
<metric value> |
This option sets the level-1 metric value. Default Value: 1000000 |
[ instance protocol isis interface twc-0/0/1/2/1 ] root@isr1:confd> set level-1 metric 10
1.5.4. level-2 metric
This command sets the interface level-2 metric value. If the metric value is not set, the default value is set to 1000000. You can execute this command from the interface level mode.
<metric value> |
Specifies the level-2 metric value. Default Value: 1000000 |
[ instance protocol isis interface twc-0/0/1/2/1 ] root@isr1:confd> set level-2 metric 10
1.6. IS-IS Redistribute Configuration Commands
This section describes the IS-IS redistribute configuration commands.
1.6.1. redistribute source
This command redistributes route from a selected source into a selected IS-IS level database. This configuration command can be executed from the redistribute or address family modes.
<source> |
Specifies the source from which the routes are to be redistributed from. The available options are bgp, ospf, direct, and static. |
level-1 | level-2 |
Specifies the IS-IS level database into which the selected routes will be redistribute to. |
root@isr1:confd> edit instance protocol isis address-family ipv4 unicast [ instance protocol isis address-family ipv4 unicast ] root@isr1:confd> set r source Source to be distibuted [<Enter>] Execute the command [ instance protocol isis address-family ipv4 unicast ] root@isr1:confd> set redistribute sou bgp <source> direct <source> ospf <source> static <source> [ instance protocol isis address-family ipv4 unicast ] root@isr1:confd> set redistribute source st level-1 <dest-sub-type> level-2 <dest-sub-type> [ instance protocol isis address-family ipv4 unicast ] root@isr1:confd> set redistribute source static into isis level-1
1.7. IS-IS Show Commands for IOD
Configuration statements can be shown to be working properly using show commands. IS-IS is implemented in two modules: IOD and APPD.
This section details the fields displayed by IS-IS show commands handled by the IOD module.
1.7.1. show isis neighbors
This command shows the summary of the IS-IS neighbors.
<instance name> |
Displays the neighbors in the specified instance. By default, the neighbors in the default instance are shown. |
ubuntu@isr1:~$ rtb isis.iod.1 show isis neighbors ISIS neighbor information summary for the mentioned instance is given below: Instance: default Interface System Level State Type UP from Expires in twc-0/0/1/2/1 1921.6800.1002 L1 Up P2P 0d:1h:3m:32s expires in 28s 38... twc-0/0/1/3/1 1921.6800.1003 L1 Up P2P 0d:1h:2m:40s expires in 20s 22... ubuntu@isr1:~$
Name | Description |
---|---|
Interface |
Name of the interface on which the neighbor is identified |
System |
System ID of the neighbor |
Level |
Specifies the interface level (1, 2) |
State |
State of the IS-IS neighbor (Up, Down, etc.) |
Type |
Type of the adjacency on which neighbor is identified |
UP from |
The time for which session is in UP state |
Expires in |
Number of seconds until adjacency expires |
ubuntu@bangalore:~$ rtb isis.iod.1 show isis neighbors instance isisvrf ISIS neighbor information summary for the mentioned instance is given below: Instance: isisvrf Interface System Level State Type UP from Expires in ifl-0/0/2/1/1 1921.6800.1001 L1L2 Down P2P 0d:0h:0m:0s expires in 49710d... ifl-0/0/2/1/1 1921.6800.1002 L1L2 Up P2P 0d:0h:3m:48s expires in 24s 77...
1.7.2. show isis neighbors detail
This command shows the detailed information about the IS-IS neighbors.
<instance name> |
Displays the neighbors in the specified instance. By default, the neighbors in the default instance are shown. |
ubuntu@isr1:~$ rtb isis.iod.1 show isis neighbors detail Neighbor System ID: 1921.6800.1002, Interface: twc-0/0/1/2/1 State: Up, Level: L1, Adjacency type: P2P Holding time: 30, Expiry time: 24s 640162us Local IPv4 address: 12.1.1.1, Remote IPv4 address: 12.1.1.2 Local IPv6 address: fe80::2:0:faff:febd:1020, Remote IPv6 address: fe80::2:0:faff:febd:2010 Last Down Reason: Parameter change Neighbor Up Since: 0d:1h:5m:54s Last transition times: Last transition time: 2019-11-13T14:14:09.250134+0530 Neighbor System ID: 1921.6800.1003, Interface: twc-0/0/1/3/1 State: Up, Level: L1, Adjacency type: P2P Holding time: 30, Expiry time: 20s 404566us Local IPv4 address: 13.1.1.1, Remote IPv4 address: 13.1.1.2 Local IPv6 address: fe80::2:0:faff:febd:1030, Remote IPv6 address: fe80::2:0:faff:febd:3010 Last Down Reason: Parameter change Neighbor Up Since: 0d:1h:5m:2s Last transition times: Last transition time: 2019-11-13T14:15:01.717950+0530
Name | Description |
---|---|
Interface |
Interface through which the neighbor is reachable |
Neighbor System ID |
System ID of the neighbor |
Level |
Level negotiated for neighbor
|
State |
State of the IS-IS neighbor |
Adjacency type |
Adjacencies established on the interface. The value is P2P. |
Type |
Type of the adjacency on which neighbor is identified |
Last Down Reason |
Reason the adjacency is down |
Neighbor Up Since |
The time for which session is in UP state |
Expiry time |
The time after which the session expires |
Holding time |
The adjacency expiry interval configured |
Local IPv4 address |
Local IP address from matching subnet with neighbor |
Remote IPv4 address |
Remote IP address from matching subnet with neighbor |
Local IPv6 address |
Local IPv6 address from matching subnet with neighbor |
Remote IPv6 address |
Remote IPv6 address from matching subnet with neighbor |
1.7.3. show isis interface
This command shows the summary of IS-IS interfaces.
<instance name> |
Displays the neighbors in the specified instance. By default, the neighbors in the default instance is shown. |
ubuntu@isr1:~$ rtb isis.iod.1 show isis interface ISIS interface information summary for the mentioned instance is given below: Instance: default Interface Level Adjacencies Metric Type Passive twc-0/0/1/2/1 1 1 10 point-to-point false twc-0/0/1/2/1 2 1 10 point-to-point false twc-0/0/1/3/1 1 1 10 point-to-point false twc-0/0/1/3/1 2 1 10 point-to-point false ubuntu@isr1:~$
Name | Description |
---|---|
Interface |
Interface configured for IS-IS |
Level |
Configured level of IS-IS
|
Adjacencies |
Number of neighbors in UP state |
Type |
Type of the interface, that is, point-to-point |
Metric |
Metric configured on the interface |
Passive |
Interface passive state |
1.7.4. show isis interface level
This command shows the detailed information of a specific IS-IS interface per level.
<interface name> |
Interface configured for IS-IS Level |
ubuntu@isr1:~$ rtb isis.iod.1 show isis interface twc-0/0/1/2/1 level-1 Interface: twc-0/0/1/2/1, Level: 1 Adjacencies: 1, Metric: 10, Interface type: point-to-point Local Circuit ID: 1, Passive: false CSNP : In: 10 , Out: 113 , Fail: 0 PSNP : In: 6 , Out: 6 , Fail: 0 LSP : In: 8 , Out: 6 , Fail: 0 , Processed: 3 , Purge In: 0 IIH : In: 413 , Out: 416 ubuntu@isr1:~$ rtb isis.iod.1 show isis interface twc-0/0/1/2/1 level-2 Interface: twc-0/0/1/2/1, Level: 2 Adjacencies: 1, Metric: 10, Interface type: point-to-point Local Circuit ID: 1, Passive: false CSNP : In: 46 , Out: 113 , Fail: 0 PSNP : In: 4 , Out: 9 , Fail: 0 LSP : In: 12 , Out: 4 , Fail: 0 , Processed: 10 , Purge In: 0 IIH : In: 32 , Out: 418 ubuntu@isr1:~$
Name | Description |
---|---|
Interface |
Name of the interface on which IS-IS is configured |
Level |
Configured level of IS-IS
|
Adjacencies |
Number of neighbors in UP state |
Interface type |
Type of the interface - point-to-point |
Metric |
Metric configured on the interface |
Passive |
Interface passive state |
CSNP In |
Count of incoming CSNP packets on that interface for the specified level |
CSNP Out |
Count of outgoing CSNP packets on that interface for the specified level |
CSNP Fail |
Count of failed parse cases for CSNP packets on that interface for the specified level |
PSNP In |
Count of incoming PSNP packets on that interface for the specified level |
PSNP Out |
Count of outgoing PSNP packets on that interface for the specified level |
PSNP Fail |
Count of failed parse cases for Partial Sequence Number Packets (PSNP) on that interface for the specified level |
LSP In |
Count of incoming LSP packets on that interface for the specified level |
LSP Out |
Count of outgoing LSP packets on that interface for the specified Level |
LSP Fail |
Count of failed parse cases for LSP packets on that interface for the specified level |
LSP Processed |
Count of non-duplicate LSP packets processed on that interface for the specified level |
LSP Purge In |
Count of LSP purge packets processed on that interface for the specified level |
IIH In |
Count of incoming IS-IS Hello (IIH) packets on that interface for the specified level |
IIH Out |
Count of outgoing IIH packets on that interface for the specified level |
1.7.5. show isis lsp database
This command shows the IS-IS LSP database summary for L1 and L2.
<instance name> |
Displays the neighbors in the specified instance. By default, the neighbors in the default instance are displayed. |
ubuntu@isr1:~$ rtb isis.iod.1 show isis lsp database ISIS database summary for the mentioned instance is given below: Instance: default Level: 1 ID Level Sequence Checksum Lifetime Expiry Status Purged 1921.6800.1001.00-00 1 7 52839 65535 expires in 17h 3m 57s 96564... 1921.6800.1002.00-00 1 5 36037 65534 expires in 17h 3m 5s 685363us 1921.6800.1003.00-00 1 5 41602 65534 expires in 17h 3m 57s 97062... ISIS database summary for the mentioned instance is given below: Instance: default Level: 2 ID Level Sequence Checksum Lifetime Expiry Status Purged 1921.6800.1001.00-00 2 12 24073 65535 expires in 17h 4m 81219us 1921.6800.1002.00-00 2 13 48990 65526 expires in 17h 3m 58s 87700... 1921.6800.1003.00-00 2 13 11067 65526 expires in 17h 3m 58s 87703... 1921.6800.1004.00-00 2 5 58170 65434 expires in 16h 57m 27s 4173... 1921.6800.1005.00-00 2 5 26798 65494 expires in 16h 57m 27s 4105... 1921.6800.1006.00-00 2 5 60451 65454 expires in 16h 57m 27s 4260... ubuntu@isr1:~$
Name | Description |
---|---|
ID |
The LSP identifier |
Level |
Configured level of IS-IS
|
Sequence |
Sequence number of LSP |
Checksum |
Checksum of the entire LSP packet |
Lifetime |
Link-state PDU lifetime, in seconds |
Expiry Status |
Time after which LSP expires |
Purged |
This field is set if the LSP is in purge holddown mode |
1.7.6. show isis lsp database level
This command shows the IS-IS Link State Database (LSDB) summary for a specific level (level-1 or level-2).
level-1 | level-2 |
This option will select the level database to be displayed. |
<instance name> |
This option will list the neighbors in the specified instance. By default, the neighbors in the default instance is shown. |
ubuntu@isr1:~$ rtb isis.iod.1 show isis lsp database level-1 ISIS database summary for the mentioned instance is given below: Instance: default Level: 1 ID Level Sequence Checksum Lifetime Expiry Status Purged 1921.6800.1001.00-00 1 3 44687 65535 expires in 18h 4m 59s 88463us 1921.6800.1002.00-00 1 3 17129 65534 expires in 18h 4m 58s 61250... 1921.6800.1003.00-00 1 3 21971 65533 expires in 18h 4m 58s 23672... ubuntu@isr1:~$
Name | Description |
---|---|
ID |
The LSP identifier |
Level |
Configured level of IS-IS
|
Sequence |
Sequence number of LSP |
Checksum |
Checksum of the entire LSP packet |
Lifetime |
Link-state PDU lifetime, in seconds |
Expiry status |
Time after which LSP expires |
1.7.7. show isis lsp database level detail
This command shows the actual content of the link state database.
level-1 | level-2 |
This option will select the level database to be displayed. |
<instance name> |
This option will list the neighbors in the specified instance. By default, the neighbors in the default instance is shown. |
ubuntu@isr1:~$ rtb isis.iod.1 show isis lsp database level-1 detail LSP ID: 1921.6800.1001.00-00, Level: 1 Sequence no: 3, Checksum: 44687, Remaining Lifetime: 65535 Attached bit: 0, Overload bit: 0 Last received time: 2019-11-18T17:31:37.083306+0530 Expiry time: expires in 18h 8m 24s 123427us Supported Protocols: Protocol supported: IPv6 Protocol supported: IPv4 Neighbor List: Node ID: 1921.6800.1002.00, Metric: 10 IPv4 Prefix List: Prefix: 12.1.1.0/24, Metric: 10 Prefix: 1.1.1.1/32, Metric: 10 IPv6 Prefix List: LSP ID: 1921.6800.1002.00-00, Level: 1 Sequence no: 3, Checksum: 17129, Remaining Lifetime: 65534 Attached bit: 0, Overload bit: 0 Last received time: 2019-11-18T17:31:37.607666+0530 Expiry time: expires in 18h 8m 23s 647289us Supported Protocols: Protocol supported: IPv6 Protocol supported: IPv4 Neighbor List: Node ID: 1921.6800.1001.00, Metric: 10 Node ID: 1921.6800.1003.00, Metric: 10 IPv4 Prefix List: Prefix: 12.1.1.0/24, Metric: 10 Prefix: 23.1.1.0/24, Metric: 10 Prefix: 2.2.2.2/32, Metric: 10 IPv6 Prefix List: LSP ID: 1921.6800.1003.00-00, Level: 1 Sequence no: 3, Checksum: 21971, Remaining Lifetime: 65533 Attached bit: 0, Overload bit: 0 Last received time: 2019-11-18T17:31:38.232094+0530 Expiry time: expires in 18h 8m 23s 271164us Supported Protocols: Protocol supported: IPv6 Protocol supported: IPv4 Neighbor List: Node ID: 1921.6800.1002.00, Metric: 10 IPv4 Prefix List: Prefix: 23.1.1.0/24, Metric: 10 Prefix: 3.3.3.3/32, Metric: 10 IPv6 Prefix List: ubuntu@isr1:~$
Name | Description |
---|---|
ID |
The LSP identifier |
Level |
Configured level of IS-IS
|
Sequence |
Sequence number of LSP |
Checksum |
Checksum of the entire LSP packet |
Remaining Lifetime |
Link-state PDU lifetime, in seconds |
Expiry status |
Time after which LSP expires |
1.8. IS-IS Show Commands for APPD
This section details the fields displayed by IS-IS show commands handled by the APPD module.
1.8.1. show isis spf-results level
This command shows the IS-IS SPF results for a specific level and topology.
level-1 | level-2 |
Displays the configured level of IS-IS
|
<instance name> |
Displays the neighbors in the specified instance. By default, the neighbors in the default instance is shown. |
ipv4-unicast | ipv6-unicast |
This option will select the topology |
ubuntu@isr1:~$ rtb isis.appd.1 show isis spf-results level level-1 topology ipv4-unicast Node Metric Nexthop 1921.6800.1001.00 0 via local 1921.6800.1002.00 10 12.1.1.2 via twc-0/0/1/2/1 1921.6800.1003.00 10 13.1.1.2 via twc-0/0/1/3/1 ubuntu@isr1:~$
Name | Description |
---|---|
Node |
IS-IS Node ID |
Metric |
Metric value associated with the route |
Nexthop |
Displays the nexthop IP address |
1.8.2. show isis routes
This command shows the IS-IS routes for the selected topology.
<instance name> |
Displays the neighbors in the specified instance. By default, the neighbors in the default instance are displayed. |
ipv4-unicast | ipv6-unicast |
This option will select the topology. |
ubuntu@isr1:~$ rtb isis.appd.1 show isis routes ipv4-unicast summary Prefix Metric Source Nexthop 12.1.1.0/24 10 isis via local 13.1.1.0/24 10 isis via local 23.1.1.0/24 20 isis 12.1.1.2 via twc-0/0/1/2/1 24.1.1.0/24 20 isis 12.1.1.2 via twc-0/0/1/2/1 25.1.1.0/24 20 isis 12.1.1.2 via twc-0/0/1/2/1 26.1.1.0/24 20 isis 12.1.1.2 via twc-0/0/1/2/1 1.1.1.1/32 10 isis via local 2.2.2.2/32 20 isis 12.1.1.2 via twc-0/0/1/2/1 3.3.3.3/32 20 isis 13.1.1.2 via twc-0/0/1/3/1 4.4.4.4/32 30 isis 12.1.1.2 via twc-0/0/1/2/1 5.5.5.5/32 30 isis 12.1.1.2 via twc-0/0/1/2/1 6.6.6.6/32 30 isis 12.1.1.2 via twc-0/0/1/2/1 ubuntu@isr1:~$
Name | Description |
---|---|
Prefix |
The IPv4/IPv6 prefix and mask |
Metric |
Metric value associated with the route |
Source |
Source of the route. This value is always IS-IS. |
Nexthop |
Displays the nexthop IP address |
2. Configuring IS-IS
2.1. Introduction
Segment Routing (SR) allows for a flexible definition of end-to-end paths within IGP topologies by encoding paths as sequences of topological sub-paths, called "segments". These “segments” need to be advertised by a routing protocol such as IS-IS. Prefix segments represent a shortest-path to a prefix (or a node), as per the state of the IGP topology. Adjacency segments represent a hop over a specific adjacency between two nodes in the IGP.
2.2. Supported Hardware
-
Edgecore AS5916-XKS
-
RBFS Virtual Service Router
2.3. Guidelines and Limitations
-
Support only Prefix SID with Node Flag, that is, SID can be configured only on Loopback interfaces.
-
Support only for configuration of single SRGB block.
2.4. Prerequisites
-
All the nodes in the network are SR enabled. So, if the intermediate router has no SR enabled, the previous SR-enabled router will not install SID for that node. So, the path can be incomplete.
2.5. System Overview
This section shows the interaction of this ISIS-SR feature with various daemons in RBFS. The figure below shows the interaction on with respect to this feature.
CONFD |
Confd is RBFS configuration daemon. It stores ISIS SR configurations. ISIS IOD and ISIS APPD daemons subscribes for the following configuration:
|
HALD |
ISIS IOD interacts with HALD to send and receive ISIS packets. All ISIS SR related information is sent and received from other routers through HALD. |
FWDD |
ISIS APPD interacts with FWDD to download the SR routes. FWDD subscribes labeled unicast table with ISIS APPD. |
2.6. Configuring Segment Routing for IS-IS Protocol
Segment routing on the IS-IS control plane supports the following:
-
IPv4 control plane
-
Level 1 and level 2 routing
-
Prefix SIDs for host prefixes on loopback interfaces
To configure segment routing for the IS-IS protocol, perform the following steps:
-
Enter into the IS-IS default instance mode, and enable IS-IS routing for the specified routing instance.
root@is-is-router:confd> edit instance red [ instance red ] root@is-is-router:confd> edit protocol isis [ instance red protocol isis ]
-
Enter into the IS-IS configuration mode.
root@rtbrick:confd> edit instance protocol isis [ instance protocol isis ]
-
Configure SRGB (base label and range).
[ instance protocol isis ] set segment-routing srgb start-label <base-value> index-range <range-value>
-
Configure index (either ipv4 or ipv6) on an interface.
[ instance protocol isis ] set interface <ifl-name> segment-routing <ipv4 | ipv6> index <sid-value>
For more information about the configuration and show commands, see the chapters below.
2.7. Configuration Commands
2.7.1. Instance Level Commands
-
srgb start-label
2.7.1.1. srgb start-label
This command assigns a segment routing SRGB global block.
set instance protocol isis segment-routing srgb start-label <base-value> index-range <range-value>
Command arguments
<base-value> |
SRGB Start Label |
<index-range> |
SRGB range value |
[instance protocol isis]
The following example shows how to configure SRGB with start-label 5000 and index-range 100. The start label of the label block is 5000 and the end of the label block is 5099.
The SRGB label values 0 to 15 are reserved. |
[ ] root@rtbrick:confd> edit instance protocol isis [ instance protocol isis ] root@rtbrick:confd> set segment-routing start-label 5000 index-range 100
To delete the operation that you performed, enter the following command:
delete instance isisvrf protocol isis segment-routing srgb
2.7.2. Interface Level Commands
-
segment-routing index
2.7.2.1. segment-routing index
This command assigns a label from the configured global SRGB range for address assigned to this interface.
set instance protocol isis interface <ifl-name> segment-routing <ipv4 | ipv6> index <sid-value>
<ifl-name> |
Interface name |
<ipv4 | ipv6> |
Specifies ipv4 or ipv6 address family |
<sid-value> |
Segment routing index from the SRGB range assigned to this interface |
[instance protocol isis] [instance protocol isis interface <ifl-name>]
[ ] root@rtbrick:confd> edit instance protocol isis [ instance protocol isis ] root@rtbrick:confd> edit interface lo-0/0/0/1/0 [ instance protocol isis interface lo-0/0/0/1/0] root@rtbrick:confd> set segment-routing ipv4 index 100
To delete the operation that you performed, enter the following command:
delete instance protocol isis interface <ifl-name> segment-routing <ipv4 | ipv6> index
2.8. IS-IS Anycast Configuration Commands
2.8.1. ISIS ipv4/ipv6 Anycast
This command configure ISIS Anycast index for IPv4/IPv6.
set instance protocol isis interface <ifl-name> segment-routing <ipv4 | ipv6> anycast index <sid-value>
<ifl-name> |
Interface name |
<ipv4 | ipv6> |
Specifies ipv4 or ipv6 address family |
<sid-value> |
IS-IS index range assigned to this interface |
[instance protocol isis] [instance protocol isis interface <ifl-name>]
[ ] root@rtbrick:confd> edit instance protocol isis [ instance protocol isis ] root@rtbrick:confd> edit interface lo-0/0/0/1/0 [ instance protocol isis interface lo-0/0/0/1/0] root@rtbrick:confd> set segment-routing ipv4 anycast index 100
To delete the operation that you performed, enter the following command:
delete instance protocol isis interface <ifl-name> segment-routing <ipv4 | ipv6> anycast index
2.9. Show Commands
-
show isis overview
-
show isis route
2.9.1. show isis overview
You can use this command to view the IS-IS SRGB-related information.
show isis overview
ubuntu@blr:~$ rtb isis.iod.1 show isis overview Instance: default System-ID: 1921.6800.1002, Areas: 49.0001/24 SRGB start-label: 100, index-range: 100 Neighbor Hold Time: 30000ms, LSP Lifetime Interval: 65535ms System OverLoad: false, System OverLoad Timeout: 60000ms Current Up Neighbors Count : 2, Neighbors Flap Count : 0 ubuntu@blr:~$
2.9.2. show isis route
This command displays all the labelled unicast (SR) prefixes for the IPv4 Address Family Identifiers (AFI).
show isis route instance <instance-name> <afi> <safi>
<instance-name> |
Name of the instance |
<afi> |
IPv4 Address Family Identifier (AFI) |
<safi> |
Subsequent address family identifier (unicast | labeled-unicast | multicast) |
rtb isis.appd
ubuntu@blr:~/development/libisis$ rtb isis.appd.1 show isis route instance default ipv4 unicast Table: default.isis.fib-local.ipv4.unicast Prefix Metric Nexthop 12.1.1.0/24 10 via local 23.1.1.0/24 10 via local 2.2.2.2/32 10 via local ubuntu@blr:~/development/libisis$
2.9.3. show isis database
This command displays the entries in the IS-IS link-state database.
show isis database <level 1|2> detail
show isis database instance <instance name>
<level 1|2> |
Displays the IS-IS link-state database entries for the specified IS-IS level |
<instance name> |
Displays the IS-IS link-state database entries for the specified instance |
ubuntu@blr:~/development/libisis$ rtb isis.iod.1 show isis database detail 1921.6800.1001.00-00, Instance: default, Level: 1 Sequence no: 0x3, Checksum: 0x8, Remaining Lifetime: 65534ms Attached bit: 0, Overload bit: 0 Last received time: 2019-12-10T14:45:15.610799+0530 Expiry time: expires in 17h 58m 4s 672416us Supported Protocols: Protocol supported: IPv6 Protocol supported: IPv4 Neighbor List: Node ID: 1921.6800.1002.00, Metric: 10 IPv4 Prefix List: Prefix: 12.1.1.0/24, Metric: 10 Prefix: 1.1.1.1/32, Metric: 10 IPv6 Prefix List: SRGB List: 1921.6800.1003.00-00, Instance: default, Level: 1 Sequence no: 0x3, Checksum: 0xd, Remaining Lifetime: 65534ms Attached bit: 0, Overload bit: 0 Last received time: 2019-12-10T14:45:15.610884+0530 Expiry time: expires in 17h 58m 4s 671564us Supported Protocols: Protocol supported: IPv6 Protocol supported: IPv4 Neighbor List: Node ID: 1921.6800.1002.00, Metric: 10 IPv4 Prefix List: Prefix: 23.1.1.0/24, Metric: 10 Prefix: 3.3.3.3/32, Metric: 10 IPv6 Prefix List: SRGB List: 1921.6800.1002.00-00, Instance: default, Level: 1 Sequence no: 0x5, Checksum: 0xb, Remaining Lifetime: 65535ms Attached bit: 0, Overload bit: 0 Last received time: 2019-12-10T14:47:07.340859+0530 Expiry time: expires in 17h 59m 57s 400741us Supported Protocols: Protocol supported: IPv6 Protocol supported: IPv4 Neighbor List: Node ID: 1921.6800.1001.00, Metric: 10 Node ID: 1921.6800.1003.00, Metric: 10 IPv4 Prefix List: Prefix: 12.1.1.0/24, Metric: 10 Prefix: 23.1.1.0/24, Metric: 10 Prefix: 2.2.2.2/32, Metric: 10, Segment-Index: 10, Flags: Node IPv6 Prefix List: SRGB List: SRGB start-label: 100, index-range: 100
3. Configuring Flood Filter for IS-IS Protocol
3.1. Introduction
IS-IS flood filtering reduces flooding that allows to match and filter on specific IS-IS systems IDs.
3.2. Topology
3.3. Commands to configure ISIS Flood Filter
3.3.1. Global Config Command
Use these commands to filter flooding Globally.
Syntax
-
set isis flood-filter <flood_filter_name> ordinal <ordinal_number> ordinal-name <ordinal_name>
-
set isis flood-filter <flood_filter_name> ordinal <ordinal_number> match system-id <system_id>
-
set isis flood-filter <flood_filter_name> ordinal <ordinal_number> action <flood/block>
Command arguments
<flood_filter_name> |
Filter-name which binds a flooding filter to an IS-IS interface |
<ordinal_number> |
Number to filter rule |
<ordinal_name> |
Name to filter rule |
<system_id> |
ID which matches ISIS system-ID |
<flood/block> |
Action required to flood or not |
Command modes
[isis.flood-filter.ordinal]
Example
edit isis edit flood-filter spine1_lsr1_flood_filter edit ordinal 1 set ordinal-name spine1 set match system-id 1920.0100.4001 set action flood exit exit exit
3.3.2. Interface-level Config Command
Use this command to filter flooding on interface level.
Syntax
set instance <instance_name> protocol isis interface <spine_lsr_ifl> flood-filter <flood_filter_name>
Command arguments
<instance_name> |
configured Instance vrf name |
<spine_lsr_ifl> |
Interface name |
<flood_filter_name> |
Filter-name which binds a flooding filter to an IS-IS interface |
Command modes
[instance.protocol.interface]
Example
edit instance ip2vrf edit protocol isis edit interface memif-0/1/6/16 set flood-filter spine1_lsr1_flood_filter exit exit exit
3.4. Configuration Example
The following examples shows how to configure IS-IS Flood Filter on Spine1 and Spine2
Spine1:
rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 1 ordinal-name spine1 rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 1 match system-id 1920.0100.4001 rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 1 action flood rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 2 ordinal-name spine2 rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 2 match system-id 1920.0100.4002 rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 2 action flood
Spine2:
rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 1 ordinal-name spine1 rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 1 match system-id 1920.0100.4001 rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 1 action flood rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 2 ordinal-name spine2 rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 2 match system-id 1920.0100.4002 rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 2 action flood
3.5. Viewing the Configuration
The show running configuration command displays the current configuration:
show running-configuration "isis": [ { "flood-filter:spine1_lsr1_flood_filter": { "ordinal:1": { "ordinal-name": "spine1", "match-sysid": "1920.0100.4001", "action": "flood" }, "ordinal:2": { "ordinal-name": "spine2", "match-sysid": "1920.0100.4002", "action": "flood" } }, "protocol isis": "isis interface:memif-0/1/6/16": { "interface-type": "point-to-point", "level2-disable": true, "flood-filter-name": "spine1_lsr1_flood_filter"
4. Configuring IS-IS Authentication
The IS-IS protocol traffic can be authenticated to guarantee that only trusted routing devices participate in the autonomous system (AS) routing.
The authentication of ISIS Protocol Data Units (PDUs) can use Hashed Message Authentication Codes - Message Digest 5 (HMAC MD5) authentication or the Clear Text authentication. These authentication features enable you to verify the authenticity of the sender. These can also be used to detect any errors in the transmitted frames.
Currently RBFS supports the following two types of authentication:
- Clear Text (Simple Text)
-
In this type of authentication, the password is encoded as a clear string and sent in the packet over the wire.
- HMAC-MD5
-
This type of encoding scheme uses HMAC-MD5 hashes. By using MD5 hashes the password does not travel in clear text format over the circuit, instead a message digest is calculated from PDU and it is sent as a secret password. The HMAC-MD5 algorithm is documented in RFC 2104. It describes a one-way operation to get a hash based on a bit field and a shared secret password. This means that, it is based on the hash and the bit field, and therefore the password cannot be reconstructed.
By default, IS-IS authentication is disabled. It is enabled when you configure the authentication type and authentication key. |
4.1. Configuring Authentication at Instance Level
4.1.1. Configuring Authentication Type
Enter the following command to configure the authentication type.
Command Parameters
Parameter | Description |
---|---|
[vrf-name] |
Name of the routing and forwarding (VRF) instance |
<level> |
level-1 or level-2 |
<algo> |
Specifies the authentication algorithm - clear_text, md5 or sha1. |
Example
set instance ip2vrf protocol isis level-1 authentication type clear_text set instance ip2vrf protocol isis level-1 authentication type md5 set instance ip2vrf protocol isis level-1 authentication type sha1
4.1.1.1. Deleting Authentication Type
Enter the following command to delete an authentication type.
4.1.2. Configuring Authentication Key
Enter the following command to configure the authentication key.
|
Command Parameters
Parameter | Description |
---|---|
[vrf-name] |
Name of the routing and forwarding (VRF) instance |
<level> |
level-1 or level-2 |
<value> |
Identifies an authentication key. Prefix 0(zero) is used to store the key in hash. |
Example
set instance ip2vrf protocol isis level-1 authentication key 0test123
4.1.2.1. Deleting Authentication Key
Enter the following command to delete an authentication key.
4.1.3. Configuring Authentication Key2
Enter the following command to configure the authentication key2.
The authentication key2 is an optional parameter. The authentication key2 is used as receive key if authentication key fails. This attribute is used for all authentication types (clear_text|md5|sha1).
|
Command Parameters
Parameter | Description |
---|---|
[vrf-name] |
Name of the routing and forwarding (VRF) instance |
<level> |
level-1 or level-2 |
<value> |
Identifies an authentication key. Prefix 0(zero) is used to store they key in hash. |
Example
set instance ip2vrf protocol isis level-1 authentication key2 0test123
4.1.3.1. Deleting Authentication Key2
Enter the following command to delete an authentication key2.
4.1.4. Configuring Authentication Key-id
Enter the following command to configure the authentication key-id.
The authentication key-id is an optional parameter. If the authentication key-id is not specified, it is set to 1 by default. This attribute is applicable for sha authentication type.
|
Command Parameters
Parameter | Description |
---|---|
[vrf-name] |
Name of the routing and forwarding (VRF) instance |
<level> |
level-1 or level-2 |
<value> - |
Identifies an authentication key |
Example
set instance ip2vrf protocol isis level-1 authentication key-id 10
4.1.4.1. Deleting Authentication Key-id
Enter the following command to delete an authentication key-id.
4.1.5. Configuring Authentication Key-id2
Enter the following command to configure the authentication key-id.
The authentication key-id2 is an optional parameter. If authentication key-id2 is not specified, it is set to 2 by default. This attribute is applicable for the sha authentication type.
|
Command Parameters
Parameter | Description |
---|---|
[vrf-name] |
Name of the routing and forwarding (VRF) instance |
<level> |
level-1 or level-2 |
<value> |
Identifies an authentication key |
Example
set instance ip2vrf protocol isis level-1 authentication key-id2 20
4.1.5.1. Deleting Authentication Key-id2
Enter the following command to delete an authentication key-id2
4.1.6. Configuring No Authentication Check
Enter the following command to configure the no authentication check.
Command Parameters
Parameter | Description |
---|---|
[vrf-name] |
Name of the routing and forwarding (VRF) instance |
<level> |
level-1 or level-2 |
Example
set instance ip2vrf protocol isis level-1 authentication authentication-check disable
4.1.6.1. Deleting the No Authentication Check Configuration
Enter the following command to delete the no authentication check configuration.
4.2. Configuring Authentication at Interface Level
4.2.1. Configuring No Hello Authentication
Enter the following command to configure the no hello authentication.
Command Parameters
Parameter | Description |
---|---|
[vrf-name] |
Name of the routing and forwarding (VRF) instance |
<interface name> |
Name of the interface that you to configure |
<level> |
level-1 or level-2 |
Example
set instance ip2vrf protocol isis interface ifl-0/1/2/1 level-1 hello-authentication disable
4.2.1.1. Deleting No Hello Authentication Configuration
Enter the following command to delete the no hello authentication configuration.
4.2.2. Configuring No Sequence Number PDU (SNP) Authentication
Enter the following command to configure the no SNP authentication.
Command Parameters
Parameter | Description |
---|---|
[vrf-name] |
Name of the routing and forwarding (VRF) instance |
<interface name> |
Name of the interface that you to configure |
<level> |
level-1 or level-2 |
Example
set instance ip2vrf protocol isis interface ifl-0/1/2/1 level-1 snp-authentication disable
4.2.2.1. Deleting No SNP Authentication Configuration
Enter the following command to delete the no SNP authentication configuration.
5. IS-IS Theory of Operation
5.1. Adjacency
5.2. LSP Generation
5.3. Route Calculation
©Copyright 2020 RtBrick, Inc. All rights reserved. The information contained herein is subject to change without notice. The trademarks, logos and service marks ("Marks") displayed in this documentation are the property of RtBrick in the United States and other countries. Use of the Marks are subject to RtBrick’s Term of Use Policy, available at https://www.rtbrick.com/privacy. Use of marks belonging to other parties is for informational purposes only.