IS-IS Configuration

Configuration Hierarchy

The diagram below illustrates the IS-IS configuration hierarchy.

IS-IS Configuration Hierarchy

Configuration Syntax and Commands

The following sections describe the IS-IS configuration syntax and commands.

Instance Configuration

The instance configuration hierarchy includes parameters that are required for or used by IS-IS.

Syntax:

set instance <instance-name> protocol isis <attribute> <value>

Attribute	Description
<name>	Name of the IS-IS instance
area <area>	IS-IS area-address. The area can be represented in 1, 3, 5, 13 bytes format.
authentication <…>	Specifies the authentication scheme for IS-IS. Refer to section IS-IS Authentication Configuration for the IS-IS authentication configuration details.
holding-time <holding-time>	Specifies how long a neighbor should consider this routing device to be operative without receiving another hello packet. Default value: 30 seconds Range: 3 to 180 seconds
hostname <hostname>	Specifies the hostname mapped to the system identifier.
ignore-attached-bit [true/false]	This configuration allows you to enable the routing device to ignore the attached bit on incoming Level 1 link-state PDUs. If the attached bit is ignored, no default route, which points to the routing device which has set the attached bit, is installed.
interface <…>	Name of the interface. Refer to section Configuring IS-IS Interface for the interface configuration details.
ipv6-disable [true/false]	Specifies whether the ipv6-disable configuration is enabled or not. When you set this value to "true", it indicates that IPv6 configuration is disabled.
[level-1/level-2] address-family <…>	Protocol ISIS level-1/level-2 address-family configuration. Refer to section IS-IS Address-Family Configuration for the address family configuration details.
level1-to-level2 route-leak [enable/disable]	Specifies whether the level1-to-level2 route-leak is enabled or not. When set to disable, IS-IS will not leak routing information from a Level 1 area to a Level 2 area. By default, this option is enabled.
lsp-lifetime <lsp-lifetime>	IS-IS link-state PDUs maximum lifetime. Default value: 65535 seconds
multipath <multipath>	Load sharing among multiple ISIS paths. Default value: 256
no-mpls-transit-path [true/false]	When set to true, IS-IS will not install segment routing transit path. Default: false
overload [true/false]	When set to true, IS-IS overload bit is set. Default: false
router-id <router-id>	ISIS router identifier (ipv4 format: A.B.C.D)
system-id <system-id>	Specifies the system ID of the device.

Attribute

Description

<name>

Name of the IS-IS instance

area <area>

IS-IS area-address. The area can be represented in 1, 3, 5, 13 bytes format.

authentication <…>

Specifies the authentication scheme for IS-IS. Refer to section IS-IS Authentication Configuration for the IS-IS authentication configuration details.

holding-time <holding-time>

Specifies how long a neighbor should consider this routing device to be operative without receiving another hello packet.

Default value: 30 seconds

Range: 3 to 180 seconds

hostname <hostname>

Specifies the hostname mapped to the system identifier.

ignore-attached-bit [true/false]

This configuration allows you to enable the routing device to ignore the attached bit on incoming Level 1 link-state PDUs. If the attached bit is ignored, no default route, which points to the routing device which has set the attached bit, is installed.

interface <…>

Name of the interface. Refer to section Configuring IS-IS Interface for the interface configuration details.

ipv6-disable [true/false]

Specifies whether the ipv6-disable configuration is enabled or not. When you set this value to "true", it indicates that IPv6 configuration is disabled.

[level-1/level-2] address-family <…>

Protocol ISIS level-1/level-2 address-family configuration. Refer to section IS-IS Address-Family Configuration for the address family configuration details.

level1-to-level2 route-leak [enable/disable]

Specifies whether the level1-to-level2 route-leak is enabled or not. When set to disable, IS-IS will not leak routing information from a Level 1 area to a Level 2 area. By default, this option is enabled.

lsp-lifetime <lsp-lifetime>

IS-IS link-state PDUs maximum lifetime. Default value: 65535 seconds

multipath <multipath>

Load sharing among multiple ISIS paths. Default value: 256

no-mpls-transit-path [true/false]

When set to true, IS-IS will not install segment routing transit path. Default: false

overload [true/false]

When set to true, IS-IS overload bit is set. Default: false

router-id <router-id>

ISIS router identifier (ipv4 format: A.B.C.D)

system-id <system-id>

Specifies the system ID of the device.

Example 1: IS-IS Instance Configuration

supervisor@rtbrick>spine1: cfg>show config instance default protocol isis
{
  "rtbrick-config:isis": {
    "system-id": "1921.6800.1001",
    "area": [
      "49.0001/24"
      ],
    "hostname": "isr1",
 <...>

Example 2: Disabling IS-IS Route Leaking from a Level 1 Area to a Level 2 Area

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis level1-to-level2
{
  "rtbrick-config:level1-to-level2": {
    "route-leak": "disable"
  }
}

IS-IS Authentication Configuration

Syntax:

set instance <instance-name> protocol isis authentication [level-1 | level-2] <attribute> <value>

Attribute	Description
check [disable / enable]	Specifies an authentication check to reject PDUs that do not match the type or key requirements. You can enable or disable the authentication check.
key-id1 <key-id1> / key-id2 <key-id2>	The key ID allows you to specify the key identifiers for level-1/level-2 authentication.
key1-encrypted-text <key1-encrypted-text> / key2-encrypted-text <key2-encrypted-text>	Authentication key1 and key 2 encrypted text
key1-plain-text <key1-plain-text> / key2-plain-text <key2-plain-text>	The level-1/level-2 authentication keys specify the authentication keys (passwords) that are used by the neighboring routing devices to verify the authenticity of packets sent from this interface. For the key to work, you also must include the authentication-type statement.
type	Enables you to specify the authentication scheme for IS-IS. If you enable authentication, you must specify a password by including the authentication-key statement. The following authentication types are supported: clear_text md5 sha1

Attribute

Description

check [disable / enable]

Specifies an authentication check to reject PDUs that do not match the type or key requirements. You can enable or disable the authentication check.

key-id1 <key-id1> / key-id2 <key-id2>

The key ID allows you to specify the key identifiers for level-1/level-2 authentication.

key1-encrypted-text <key1-encrypted-text> / key2-encrypted-text <key2-encrypted-text>

Authentication key1 and key 2 encrypted text

key1-plain-text <key1-plain-text> / key2-plain-text <key2-plain-text>

The level-1/level-2 authentication keys specify the authentication keys (passwords) that are used by the neighboring routing devices to verify the authenticity of packets sent from this interface. For the key to work, you also must include the authentication-type statement.

type

Enables you to specify the authentication scheme for IS-IS. If you enable authentication, you must specify a password by including the authentication-key statement.

The following authentication types are supported:

clear_text
md5
sha1

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis authentication
{
  "rtbrick-config:authentication": {
    "level-1": {
      "type": "md5",
      "key1-encrypted-text": "$24a6f10525a11077bec3b451be8855877"
    },
    "level-2": {
      "type": "md5",
      "key1-encrypted-text": "$2d787015bf84f3b58d5fd393a96c9639c"
    }
  }
}

IS-IS Address-Family Configuration

The address-family command allows you to enable the address families that IS-IS will route and configure settings that are specific to that address family.

Syntax:

set instance <instance-name> protocol isis [level-1 | level-2] address-family <attribute> <value>

Attribute	Description
<afi>	Address family identifier (AFI). Supported values: ipv4, ipv6
<safi>	Subsequent address family identifier (SAFI). Supported values: unicast or labeled-unicast

Attribute

Description

<afi>

Address family identifier (AFI). Supported values: ipv4, ipv6

<safi>

Subsequent address family identifier (SAFI). Supported values: unicast or labeled-unicast

Configuring Route Redistribution

Syntax:

set instance <instance-name> protocol isis [level-1 | level-2] address-family <afi> <safi> redistribute <attribute> <value>

Attribute Description

Attribute	Description
<afi>	Address family identifier (AFI). Supported values: ipv4, ipv6
<safi>	Subsequent address family identifier (SAFI). Supported values: unicast or labeled-unicast
redistribute <protocol>	Specifies the source from which the routes are to be redistributed from. The available options include `arp-nd`, `bgp`, `bgp-local`, `bgp-local-origin`, `direct`, `igmp`, `ospf`, `l2tpv2`, `ldp`, `local`, `pim`, `ppp`, `rib`, and `static`.
redistribute <protocol> <policy>	Specifies the name of the policy map. The redistribute attach point allows routes from other sources to be advertised by IS-IS. Policy can be applied only to the routes that are redistributed from other sources to IS-IS. The support for inter-level leaking through policy is unavailable.

<afi>

Address family identifier (AFI). Supported values: ipv4, ipv6

<safi>

Subsequent address family identifier (SAFI). Supported values: unicast or labeled-unicast

redistribute <protocol>

Specifies the source from which the routes are to be redistributed from. The available options include arp-nd, bgp, bgp-local, bgp-local-origin, direct, igmp, ospf, l2tpv2, ldp, local, pim, ppp, rib, and static.

redistribute <protocol> <policy>

Specifies the name of the policy map. The redistribute attach point allows routes from other sources to be advertised by IS-IS. Policy can be applied only to the routes that are redistributed from other sources to IS-IS. The support for inter-level leaking through policy is unavailable.

Example: IS-IS address-family configuration

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis level-1
{
  "rtbrick-config:level-1": {
    "address-family": [
      {
        "afi": "ipv4",
        "safi": "unicast",
        "redistribute": [
          {
            "source": "static",
            "policy": "filter-link-address"
          }
        ]
      },
      {
        "afi": "ipv6",
        "safi": "unicast",
        "redistribute": [
          {
            "source": "static",
            "policy": "filter-link6-address"
          }
        ]
      }
    ]
  }
}

Segment Routing Configuration

IS-IS segment routing extensions allow to advertise labels with prefixes.

RBFS currently supports the following IS-IS segment routing features:

MPLS data plane
IPv4 prefixes (TLV 135) and IPv6 prefixes (TLV 236)
Prefix SID with node flag (Node SID) on loopback interface
Anycast SID
A single global SRGB block
Adjacency SIDs

Syntax:

set instance <instance-name> protocol isis segment-routing <attribute> <value>

Attribute	Description
srgb base <srgb base>	Specifies the segment routing global block (SRGB) in source packet routing. SRGB is used for prefix SIDs. Supported MPLS label values are 0 - 1048575. The reserved MPLS label range is 0 - 15. In RBFS, BGP uses the label range 20000 - 100000. It is recommended to assign label values outside of these reserved ranges to avoid conflicts.
srgb range <srgb range>	IS-IS system range of labels from the base label.
srlb base <srlb base>	Specifies the segment routing local block (SRLB) in source packet routing. SRLB is used for adjacency SIDs. Supported MPLS label values are 0 - 1048575. The reserved MPLS label range is 0 - 15. In RBFS, BGP uses the label range 20000 - 100000. It is recommended to assign label values outside of these reserved ranges to avoid conflicts.
srlb range <srlb range>	IS-IS system range of labels from the base label.

Attribute

Description

srgb base <srgb base>

Specifies the segment routing global block (SRGB) in source packet routing. SRGB is used for prefix SIDs.
Supported MPLS label values are 0 - 1048575. The reserved MPLS label range is 0 - 15. In RBFS, BGP uses the label range 20000 - 100000. It is recommended to assign label values outside of these reserved ranges to avoid conflicts.

srgb range <srgb range>

IS-IS system range of labels from the base label.

srlb base <srlb base>

Specifies the segment routing local block (SRLB) in source packet routing. SRLB is used for adjacency SIDs.
Supported MPLS label values are 0 - 1048575. The reserved MPLS label range is 0 - 15. In RBFS, BGP uses the label range 20000 - 100000. It is recommended to assign label values outside of these reserved ranges to avoid conflicts.

srlb range <srlb range>

IS-IS system range of labels from the base label.

Example: IS-IS Segment Routing Configuration

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis segment-routing
{
  "rtbrick-config:segment-routing": {
    "srlb": {
      "base": 2000,
      "range": 1000
    },
    "srgb": {
      "base": 1000,
      "range": 1000
    }
  }
}

Configuring IS-IS Interface

By default, there are no interfaces associated with IS-IS. You must configure at least one IS-IS interface for IS-IS adjacency formation.

Syntax:

set instance <instance> protocol isis interface <name> <attribute> <value>

Attribute	Description
<name>	Specifies the name of the IS-IS interface.
flood-filter <flood-filter>	Specifies the IS-IS flood filter name
hello-interval	Specifies IS-IS system interface hello interval. NOTE: To configure hello-interval, the user can either configure holding-time/hello-interval under interface or hello-interval under level [broadcast interface only]. The order of priority, from highest to lowest, is as follows: * For Broadcast interface type: hello-interval under interface level 1/2 > hello-interval under interface > holding-time under instance * For Point-to-Point interface type: hello-interval under interface > holding-time under instance
level-1 / level-2	Specify IS-IS interface level configuration. Refer to section IS-IS Interface Level Configuration for the IS-IS interface level configuration details.
lsp-interval <lsp-interval>	IS-IS system interface LSP interval. Default value: 100
passive [true / false]	Enable interface in passive mode. Default: false
system-id <system-id>	Interface level system id
type [broadcast / point-to-point]	Specifies the type of the IS-IS system interface. Default: point-to-point. broadcast—Specifies a broadcast (or LAN) interface. point-to-point—Specifies a point-to-point interface.
ldp-synchronization [enable / disable]	Enable LDP IGP synchronization. Default: disable

Attribute

Description

<name>

Specifies the name of the IS-IS interface.

flood-filter <flood-filter>

Specifies the IS-IS flood filter name

hello-interval

Specifies IS-IS system interface hello interval.

NOTE: To configure hello-interval, the user can either configure holding-time/hello-interval under interface or hello-interval under level [broadcast interface only].
The order of priority, from highest to lowest, is as follows:
* For Broadcast interface type:
hello-interval under interface level 1/2 > hello-interval under interface > holding-time under instance
* For Point-to-Point interface type:
hello-interval under interface > holding-time under instance

level-1 / level-2

Specify IS-IS interface level configuration. Refer to section IS-IS Interface Level Configuration for the IS-IS interface level configuration details.

lsp-interval <lsp-interval>

IS-IS system interface LSP interval. Default value: 100

passive [true / false]

Enable interface in passive mode. Default: false

system-id <system-id>

Interface level system id

type [broadcast / point-to-point]

Specifies the type of the IS-IS system interface. Default: point-to-point.

broadcast—Specifies a broadcast (or LAN) interface.
point-to-point—Specifies a point-to-point interface.

ldp-synchronization [enable / disable]

Enable LDP IGP synchronization. Default: disable

Example 1: IS-IS Interface Configuration

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface
{
  "rtbrick-config:interface": [
    {
      "name": "ifl-0/0/2/0",
      "type": "point-to-point",
      "passive": "false",
      "level-1": {
        "snp-authentication": "disable",
        "hello-authentication": "disable"
      },
      "level-2": {}
    },
    {
      "name": "ifl-0/0/2/1",
      "flood-filter": "spine1_lsr1_flood_filter",
      "type": "broadcast",
      "lsp-interval": 200,
      "ldp-synchronization": "enable",
      "level-1": {
        "snp-authentication": "enable",
        "hello-authentication": "enable",
        "metric": 1000,
        "adjacency-disable": "false",
        "priority": 100,
        "hello-interval": 20
      },
      "level-2": {
        "priority": 100,
        "hello-interval": 20
      }
    },
    {
      "name": "lo-0/0/0/0",
      "passive": "true",
      "segment-routing": {
        "ipv4": {
          "index": 100
        },
        "ipv6": {
          "index": 102
        }
      },
      "level-1": {},
      "level-2": {}
    }
  ]
}

Example 2: IS-IS Interface Level Flood Filter Configuration

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/1 flood-filter
{
  "rtbrick-config:flood-filter": "spine1_lsr1_flood_filter"
}

Example 3: IS-IS Interface Configuration with enabled LDP synchronization

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/1 ldp-synchronization
{
  "rtbrick-config:ldp-synchronization": "enable"
}

Example 4: IS-IS Interface Configuration for a Broadcast Interface.

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/1 type
{
  "rtbrick-config:type": "broadcast"
}

IS-IS Interface Level Configuration

Syntax:

set instance <instance> protocol isis interface <name> [level-1 | level-2] <attribute> <value>

Attribute Description

Attribute	Description
adjacency-disable [true/false]	Specify the level-1/level-2 adjacency on an interface. Default: false.
hello-authentication [disable/enable]	Authentication on hello packets.
hello-interval	Specifies the length of time between the sending of IS-IS hello PDUs. Default: 10. The hello interval can be set for both `broadcast` and `point-to-point` interfaces that are configured for Levels 1 and 2. NOTE:
priority	Specify the priority on a broadcast interface. Default: 64.
metric <metric>	Level-1/Level-2 metric on an interface. Default: 1000000.
snp-authentication [enable/disable]	Authentication on CSNP/PSNP packets.

adjacency-disable [true/false]

Specify the level-1/level-2 adjacency on an interface. Default: false.

hello-authentication [disable/enable]

Authentication on hello packets.

hello-interval

Specifies the length of time between the sending of IS-IS hello PDUs. Default: 10. The hello interval can be set for both broadcast and point-to-point interfaces that are configured for Levels 1 and 2.

NOTE:

priority

Specify the priority on a broadcast interface. Default: 64.

metric <metric>

Level-1/Level-2 metric on an interface. Default: 1000000.

snp-authentication [enable/disable]

Authentication on CSNP/PSNP packets.

Example 1: IS-IS Interface Level Configuration

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/1
{
  "rtbrick-config:interface": [
    {
      "name": "ifl-0/0/2/1",
      "flood-filter": "spine1_lsr1_flood_filter",
      "type": "broadcast",
      "lsp-interval": 200,
      "ldp-synchronization": "enable",
      "level-1": {
        "snp-authentication": "enable",
        "hello-authentication": "enable",
        "metric": 1000,
        "adjacency-disable": "false",
        "priority": 100,
        "hello-interval": 20
      },
      "level-2": {
        "priority": 100,
        "hello-interval": 20
      }
    }
  ]
}

Interface-level Segment Routing Configuration

Syntax:

set instance <instance> protocol isis interface <name> segment-routing <attribute> <value>

Attribute	Description
segment-routing [ipv4 / ipv6] anycast-index <anycast-index>	Anycast index segment-ID. The prefix SIDs and anycast SIDs are applied on loopback interface only.
segment-routing [ipv4 / ipv6] index <index>	Prefix index segment ID.
segment-routing point-to-point [ipv4 / ipv6] adjacency-index <adjacency-index>	Adjacency index segment-ID. The adjacency SIDs are applied on active IS-IS interfaces on which adjacencies are established.

Attribute

Description

segment-routing [ipv4 / ipv6] anycast-index <anycast-index>

Anycast index segment-ID. The prefix SIDs and anycast SIDs are applied on loopback interface only.

segment-routing [ipv4 / ipv6] index <index>

Prefix index segment ID.

segment-routing point-to-point [ipv4 / ipv6] adjacency-index <adjacency-index>

Adjacency index segment-ID. The adjacency SIDs are applied on active IS-IS interfaces on which adjacencies are established.

Example 1: IS-IS Interface Level Segment Routing Configuration for Prefix and Anycast SID

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface
{
  "rtbrick-config:instance": [
      {
        "name": "default",
        "protocol": {
          "isis": {
            "interface": [
              {
                "name": "lo-0/0/0",
                "segment-routing": {
                  "ipv4": {
                    "index": 100
                  },
                  "ipv6": {
                    "index": 200
                  }
                }
              },
              {
                "name": "lo-0/0/1",
                "segment-routing": {
                  "ipv4": {
                    "anycast-index": 110
                  },
                  "ipv6": {
                    "anycast-index": 210
                  }
                }
              }
            ]
          }
        }
      }
    ]
  }
}

Example 2: IS-IS Interface Level Segment Routing Configuration for Adjacency SID

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/0 segment-routing
{
  "rtbrick-config:segment-routing": {
    "point-to-point": {
      "ipv4": {
        "adjacency-index": 111
      },
      "ipv6": {
        "adjacency-index": 112
      }
    }
  }
}

IS-IS Global Configuration

IS-IS Flood Filter Configuration

In IS-IS, by default all routers flood link-state packets, so that all routers will have a complete topology view. IS-IS flood filters allow to modify this behavior and limit the exchange of LSPs. For example, if two spine routers in a spine/leaf fabric are symmetrically connected to two upstream label-switch routers (LSR) like shown in the figure below, you can use a flood filter to not advertise LSPs learned from LSR A back to the LSR B via the second spine switch.

The flooding filter configuration is part of the global configuration hierarchy and therefore you can configure filtering globally, i.e. not per instance, so that the filter configurations can be reused across instances.

Syntax:

set global protocol isis flood-filter <filter-name> <ordinal> <attribute> <value>

Attribute	Description
<filter-name>	Filter-name which binds a flooding filter to an IS-IS interface
<ordinal>	Number to filter rule
action [block/flood]	Action required to flood or not
ordinal-name <ordinal-name>	Name for the filter rule
system-id <system-id>	IS-IS instance system-id
system-id-mask <system-id-mask>	System ID mask on which the filter should match

Attribute

Description

<filter-name>

Filter-name which binds a flooding filter to an IS-IS interface

Number to filter rule

action [block/flood]

Action required to flood or not

ordinal-name <ordinal-name>

Name for the filter rule

system-id <system-id>

IS-IS instance system-id

system-id-mask <system-id-mask>

System ID mask on which the filter should match

Example: IS-IS Flood Filter Configuration

supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/1 flood-filter
{
  "rtbrick-config:flood-filter": "spine1_lsr1_flood_filter"
}