IS-IS Configuration
Configuration Syntax and Commands
The following sections describe the IS-IS configuration syntax and commands.
Instance Configuration
The instance configuration hierarchy includes parameters that are required for or used by IS-IS.
Syntax:
set instance <instance-name> protocol isis <attribute> <value>
Attribute | Description |
---|---|
<name> |
Name of the IS-IS instance |
area <area> |
IS-IS area-address. The area can be represented in 1, 3, 5, 13 bytes format. |
authentication <…> |
Specifies the authentication scheme for IS-IS. Refer to section IS-IS Authentication Configuration for the IS-IS authentication configuration details. |
holding-time <holding-time> |
Specifies how long a neighbor should consider this routing device to be operative without receiving another hello packet. Default value: 30 seconds Range: 3 to 180 seconds |
hostname <hostname> |
Specifies the hostname mapped to the system identifier. |
ignore-attached-bit [true/false] |
This configuration allows you to enable the routing device to ignore the attached bit on incoming Level 1 link-state PDUs. If the attached bit is ignored, no default route, which points to the routing device which has set the attached bit, is installed. |
interface <…> |
Name of the interface. Refer to section Configuring IS-IS Interface for the interface configuration details. |
ipv6-disable [true/false] |
Specifies whether the ipv6-disable configuration is enabled or not. When you set this value to "true", it indicates that IPv6 configuration is disabled. |
[level-1/level-2] address-family <…> |
Protocol ISIS level-1/level-2 address-family configuration. Refer to section IS-IS Address-Family Configuration for the address family configuration details. |
level1-to-level2 route-leak [enable/disable] |
Specifies whether the level1-to-level2 route-leak is enabled or not. When set to disable, IS-IS will not leak routing information from a Level 1 area to a Level 2 area. By default, this option is enabled. |
lsp-lifetime <lsp-lifetime> |
IS-IS link-state PDUs maximum lifetime. Default value: 65535 seconds |
multipath <multipath> |
Load sharing among multiple ISIS paths. Default value: 256 |
no-mpls-transit-path [true/false] |
When set to true, IS-IS will not install segment routing transit path. Default: false |
overload [true/false] |
When set to true, IS-IS overload bit is set. Default: false |
router-id <router-id> |
ISIS router identifier (ipv4 format: A.B.C.D) |
system-id <system-id> |
Specifies the system ID of the device. |
Example 1: IS-IS Instance Configuration
supervisor@rtbrick>spine1: cfg>show config instance default protocol isis
{
"rtbrick-config:isis": {
"system-id": "1921.6800.1001",
"area": [
"49.0001/24"
],
"hostname": "isr1",
<...>
Example 2: Disabling IS-IS Route Leaking from a Level 1 Area to a Level 2 Area
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis level1-to-level2
{
"rtbrick-config:level1-to-level2": {
"route-leak": "disable"
}
}
IS-IS Authentication Configuration
Syntax:
set instance <instance-name> protocol isis authentication [level-1 | level-2] <attribute> <value>
Attribute | Description |
---|---|
check [disable / enable] |
Specifies an authentication check to reject PDUs that do not match the type or key requirements. You can enable or disable the authentication check. |
key-id1 <key-id1> / key-id2 <key-id2> |
The key ID allows you to specify the key identifiers for level-1/level-2 authentication. |
key1-encrypted-text <key1-encrypted-text> / key2-encrypted-text <key2-encrypted-text> |
Authentication key1 and key 2 encrypted text |
key1-plain-text <key1-plain-text> / key2-plain-text <key2-plain-text> |
The level-1/level-2 authentication keys specify the authentication keys (passwords) that are used by the neighboring routing devices to verify the authenticity of packets sent from this interface. For the key to work, you also must include the authentication-type statement. |
type |
Enables you to specify the authentication scheme for IS-IS. If you enable authentication, you must specify a password by including the authentication-key statement. The following authentication types are supported:
|
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis authentication
{
"rtbrick-config:authentication": {
"level-1": {
"type": "md5",
"key1-encrypted-text": "$24a6f10525a11077bec3b451be8855877"
},
"level-2": {
"type": "md5",
"key1-encrypted-text": "$2d787015bf84f3b58d5fd393a96c9639c"
}
}
}
IS-IS Address-Family Configuration
The address-family command allows you to enable the address families that IS-IS will route and configure settings that are specific to that address family.
Syntax:
set instance <instance-name> protocol isis [level-1 | level-2] address-family <attribute> <value>
Attribute | Description |
---|---|
<afi> |
Address family identifier (AFI). Supported values: ipv4, ipv6 |
<safi> |
Subsequent address family identifier (SAFI). Supported values: unicast or labeled-unicast |
Configuring Route Redistribution
Syntax:
set instance <instance-name> protocol isis [level-1 | level-2] address-family <afi> <safi> redistribute <attribute> <value>
Attribute | Description |
---|---|
<afi> |
Address family identifier (AFI). Supported values: ipv4, ipv6 |
<safi> |
Subsequent address family identifier (SAFI). Supported values: unicast or labeled-unicast |
redistribute <protocol> |
Specifies the source from which the routes are to be redistributed from. The available options include |
redistribute <protocol> <policy> |
Specifies the name of the policy map. The redistribute attach point allows routes from other sources to be advertised by IS-IS. Policy can be applied only to the routes that are redistributed from other sources to IS-IS. The support for inter-level leaking through policy is unavailable. |
Example: IS-IS address-family configuration
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis level-1
{
"rtbrick-config:level-1": {
"address-family": [
{
"afi": "ipv4",
"safi": "unicast",
"redistribute": [
{
"source": "static",
"policy": "filter-link-address"
}
]
},
{
"afi": "ipv6",
"safi": "unicast",
"redistribute": [
{
"source": "static",
"policy": "filter-link6-address"
}
]
}
]
}
}
Segment Routing Configuration
IS-IS segment routing extensions allow to advertise labels with prefixes.
RBFS currently supports the following IS-IS segment routing features:
-
MPLS data plane
-
IPv4 prefixes (TLV 135) and IPv6 prefixes (TLV 236)
-
Prefix SID with node flag (Node SID) on loopback interface
-
Anycast SID
-
A single global SRGB block
-
Adjacency SIDs
Syntax:
set instance <instance-name> protocol isis segment-routing <attribute> <value>
Attribute | Description |
---|---|
srgb base <srgb base> |
Specifies the segment routing global block (SRGB) in source packet routing. SRGB is used for prefix SIDs. |
srgb range <srgb range> |
IS-IS system range of labels from the base label. |
srlb base <srlb base> |
Specifies the segment routing local block (SRLB) in source packet routing. SRLB is used for adjacency SIDs. |
srlb range <srlb range> |
IS-IS system range of labels from the base label. |
Example: IS-IS Segment Routing Configuration
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis segment-routing
{
"rtbrick-config:segment-routing": {
"srlb": {
"base": 2000,
"range": 1000
},
"srgb": {
"base": 1000,
"range": 1000
}
}
}
Configuring IS-IS Interface
By default, there are no interfaces associated with IS-IS. You must configure at least one IS-IS interface for IS-IS adjacency formation.
Syntax:
set instance <instance> protocol isis interface <name> <attribute> <value>
Attribute | Description | ||
---|---|---|---|
<name> |
Specifies the name of the IS-IS interface. |
||
flood-filter <flood-filter> |
Specifies the IS-IS flood filter name |
||
hello-interval |
Specifies IS-IS system interface hello interval.
|
||
level-1 / level-2 |
Specify IS-IS interface level configuration. Refer to section IS-IS Interface Level Configuration for the IS-IS interface level configuration details. |
||
lsp-interval <lsp-interval> |
IS-IS system interface LSP interval. Default value: 100 |
||
passive [true / false] |
Enable interface in passive mode. Default: false |
||
system-id <system-id> |
Interface level system id |
||
type [broadcast / point-to-point] |
Specifies the type of the IS-IS system interface. Default: point-to-point. broadcast—Specifies a broadcast (or LAN) interface. |
||
ldp-synchronization [enable / disable] |
Enable LDP IGP synchronization. Default: disable |
Example 1: IS-IS Interface Configuration
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface
{
"rtbrick-config:interface": [
{
"name": "ifl-0/0/2/0",
"type": "point-to-point",
"passive": "false",
"level-1": {
"snp-authentication": "disable",
"hello-authentication": "disable"
},
"level-2": {}
},
{
"name": "ifl-0/0/2/1",
"flood-filter": "spine1_lsr1_flood_filter",
"type": "broadcast",
"lsp-interval": 200,
"ldp-synchronization": "enable",
"level-1": {
"snp-authentication": "enable",
"hello-authentication": "enable",
"metric": 1000,
"adjacency-disable": "false",
"priority": 100,
"hello-interval": 20
},
"level-2": {
"priority": 100,
"hello-interval": 20
}
},
{
"name": "lo-0/0/0/0",
"passive": "true",
"segment-routing": {
"ipv4": {
"index": 100
},
"ipv6": {
"index": 102
}
},
"level-1": {},
"level-2": {}
}
]
}
Example 2: IS-IS Interface Level Flood Filter Configuration
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/1 flood-filter
{
"rtbrick-config:flood-filter": "spine1_lsr1_flood_filter"
}
Example 3: IS-IS Interface Configuration with enabled LDP synchronization
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/1 ldp-synchronization
{
"rtbrick-config:ldp-synchronization": "enable"
}
Example 4: IS-IS Interface Configuration for a Broadcast Interface.
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/1 type
{
"rtbrick-config:type": "broadcast"
}
IS-IS Interface Level Configuration
Syntax:
set instance <instance> protocol isis interface <name> [level-1 | level-2] <attribute> <value>
Attribute | Description |
---|---|
adjacency-disable [true/false] |
Specify the level-1/level-2 adjacency on an interface. Default: false. |
hello-authentication [disable/enable] |
Authentication on hello packets. |
hello-interval |
Specifies the length of time between the sending of IS-IS hello PDUs. Default: 10. The hello interval can be set for both NOTE: |
priority |
Specify the priority on a broadcast interface. Default: 64. |
metric <metric> |
Level-1/Level-2 metric on an interface. Default: 1000000. |
snp-authentication [enable/disable] |
Authentication on CSNP/PSNP packets. |
Example 1: IS-IS Interface Level Configuration
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/1
{
"rtbrick-config:interface": [
{
"name": "ifl-0/0/2/1",
"flood-filter": "spine1_lsr1_flood_filter",
"type": "broadcast",
"lsp-interval": 200,
"ldp-synchronization": "enable",
"level-1": {
"snp-authentication": "enable",
"hello-authentication": "enable",
"metric": 1000,
"adjacency-disable": "false",
"priority": 100,
"hello-interval": 20
},
"level-2": {
"priority": 100,
"hello-interval": 20
}
}
]
}
Interface-level Segment Routing Configuration
Syntax:
set instance <instance> protocol isis interface <name> segment-routing <attribute> <value>
Attribute | Description |
---|---|
segment-routing [ipv4 / ipv6] anycast-index <anycast-index> |
Anycast index segment-ID. The prefix SIDs and anycast SIDs are applied on loopback interface only. |
segment-routing [ipv4 / ipv6] index <index> |
Prefix index segment ID. |
segment-routing point-to-point [ipv4 / ipv6] adjacency-index <adjacency-index> |
Adjacency index segment-ID. The adjacency SIDs are applied on active IS-IS interfaces on which adjacencies are established. |
Example 1: IS-IS Interface Level Segment Routing Configuration for Prefix and Anycast SID
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface
{
"rtbrick-config:instance": [
{
"name": "default",
"protocol": {
"isis": {
"interface": [
{
"name": "lo-0/0/0",
"segment-routing": {
"ipv4": {
"index": 100
},
"ipv6": {
"index": 200
}
}
},
{
"name": "lo-0/0/1",
"segment-routing": {
"ipv4": {
"anycast-index": 110
},
"ipv6": {
"anycast-index": 210
}
}
}
]
}
}
}
]
}
}
Example 2: IS-IS Interface Level Segment Routing Configuration for Adjacency SID
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/0 segment-routing
{
"rtbrick-config:segment-routing": {
"point-to-point": {
"ipv4": {
"adjacency-index": 111
},
"ipv6": {
"adjacency-index": 112
}
}
}
}
IS-IS Global Configuration
IS-IS Flood Filter Configuration
In IS-IS, by default all routers flood link-state packets, so that all routers will have a complete topology view. IS-IS flood filters allow to modify this behavior and limit the exchange of LSPs. For example, if two spine routers in a spine/leaf fabric are symmetrically connected to two upstream label-switch routers (LSR) like shown in the figure below, you can use a flood filter to not advertise LSPs learned from LSR A back to the LSR B via the second spine switch.
The flooding filter configuration is part of the global configuration hierarchy and therefore you can configure filtering globally, i.e. not per instance, so that the filter configurations can be reused across instances.
Syntax:
set global protocol isis flood-filter <filter-name> <ordinal> <attribute> <value>
Attribute | Description |
---|---|
<filter-name> |
Filter-name which binds a flooding filter to an IS-IS interface |
<ordinal> |
Number to filter rule |
action [block/flood] |
Action required to flood or not |
ordinal-name <ordinal-name> |
Name for the filter rule |
system-id <system-id> |
IS-IS instance system-id |
system-id-mask <system-id-mask> |
System ID mask on which the filter should match |
Example: IS-IS Flood Filter Configuration
supervisor@rtbrick>spine1: cfg> show config instance default protocol isis interface ifl-0/0/2/1 flood-filter
{
"rtbrick-config:flood-filter": "spine1_lsr1_flood_filter"
}