ISIS Routing Protocol: · ISIS DIS elected with highest interface priority (default is 64) and highest MAC address. · In IS-IS it has separate DIS for level-1 and level-2, there is nothing like backup DIS (not as DR/BDR in OSPF) · Uses TLV structure · IS-IS use IEH or IIH hellos to build the adjacency and it does three-way handshaking, each peer router confirm about whether remote router receiving hello or not by verifying TLV 240 system ID field. · LAN has two different Hellos for level-1 and level-2 (PDU type 15 for level-1 and PDU type 16 for level-2) · Point to point use only one hello packet for both levels and that is PDU Type 17 · Metric Style: o Narrow o Transition o Wide (use 24bits for interface and 32 bits for path, TLV 22 and 135) · IS-IS is by default stub area · Overload bit: (OSPF doesn't has OVERLOAD BIT, it uses the max-metrics command) o On startup o Wait for BGP · IS-IS hello: 10 sec (pt to pt) and 333ms from DIS to non-DIS. · By default router is level-1 and level-2; Router store level-1 and level-2 LSP in separate database. · Not an IP protocol · Extended to support IP routing · On NBMA network you need to resolve CLNS to layer-2 address (frame-relay map clns <dlci>) · Use NET as a router-ID (max 20 byte and min 8 byte; Three part of NET: Area/Sys-ID/N-Selector) o NET indicate area o NET indicate System-ID (Should be unique in ISIS domain) o N-Selector is always set to ZERO · Cisco IS-IS doesn’t support virtual link to connect broken Level-2 domain. · By default Level-1 routes preferred at first over level-2. · Level-1 in ISIS is by default NSSA area as per OSPF as it have intra area, default route (ATT from level-2 router) as well as redistributed route. · Level-2 & Level-1 router in ISIS is same as ABR router in OSPF. Level-2 router injects the default route into level-1 using “ATTACHED (ATT)” bit.
Network TYPE: · IS-IS has only two network type: o Broadcast (any Multipoint interface is treated as broadcast network type (including FR/ATM NBMA as well as Ethernet interface), Use DIS on broadcast network type) o Point-to-Point · If you see LAN Hello in debug then it is Broadcast network type. · If you have Point-to-Multipoint then converts it to Point-to-Point DIS: · No backup DIS, if router with higher priority join network it will become DIS. · You can configure priority using “isis priority” or Highest System-ID if priority is same. ISIS on NBMA Interface config: · If you don’t see IS-IS neighbor adj established via NBMA network then run following debug to find out an issue: debug isis adj-packet: · Here you will see by default ISIS will send LAN Hello on ATM or FR (NBMA) interface as it will be treated as Broadcast network type. · If you see Encapsulation failed then ISIS is not able to find layer-2 resolution to send packet. o Solution to problem: On ATM use “protocol clns 00 broadcast” & On FR use “frame-relay map clns <DLCI> broadcast” Convert that link to point-to-point link. Configuration BEST Practice:
Authentication: · Setting authentication password for each interface configure “isis password” under interface configuration. (Password is plain text so not enhanced security) · Setting Area password: o ISIS level-1 area password can be configured using “area-password” under router isis configuration o ISIS level-2 area password can be configured using “domain-password” under router isis configuration · ISIS also supports MD5
IGP Convergence and design: · Try to keep IGP table as smaller as you can (5k to 6K prefixes) · If BGP is running in the network then redistribute external routes in BGP, try to avoid redistribution in IGP. · In IS-IS or OSPF keep the link-state database small, so LSA or update packets cannot exceed the MTU (This is used to avoid the fragmentation) · Try to advertise the Next-hop (LOOPBACKs) address of the POP instead of advertising the connected links. · Use BGP next-hop, to make the IBGP reachable to the outside prefixes, rather than redistributing the connected link between EBGP peers. · If you can configure area or part of network as a STUB then make it. · Use "ip ospf database-filter all out" on hub router to prevent the sending update, accept everything from the spokes. · Use "ip ospf flood-reduction" to reduce the flooding of OSPF. · In NBMA kind of topology always prefer the "POINT TO MULTIPOINT" network type; Point to point network type can increase the database size. · In OSPF: o OSPF Prefix Suppression: When OSPF is enabled on the interface, it always advertise directly connected subnet, so to prevent it use o Use ip unnumber (This doesn't do the suppression but you are using the existing interface IP) o ip ospf prefix-suppression (can use under router mode as well as interface mode IOS 12.4(15)T) NETWORK CONVERGENCE control parameters: · Carrier Delays · Hello/Dead timers · Bi-Directional Forwarding Detection (BFD) · LSA Packet Pacing · Interface event dampening · Exponential throttle timers for LSA and SPF · Min LSArrival Interval · Incremental SPF · Stub Router · Graceful Restart
Database OVERLOAD PROTECTION: max-lsa <max> & redistribute maximum-prefix maximum [threshold] [warning-only] CE-PE OSPF: 1. With different OSPF process on both ends CE and no domain ID CE (OSPF) LSA Type-1 ---> PE LSA Type-5 ---> CE (OSPF) Type-5 2. With different OSPF process on both ends CE and domain ID CE (OSPF) Domain ID/LSA Type-1 ---> PE LSA Type-5 ---> CE (OSPF) Domain ID/Type-3 3. With same OSPF process on both ends CE and no domain ID CE (OSPF) LSA Type-1 ---> PE LSA Type-5 ---> CE (OSPF) Type-3 OSPF use domain-id to control the types of route that are generated. Downbit (LSA-3) & Domain-tag (LSA-5 & 7) is used for loop prevention. By default Domain-tag value is BGP AS number which will be copied during BGP to OSPF redistribution. Domain-tag will be different if both the PE belong to different AS which might cause the loop in network, to avoid loop configure the same domain-id on both PE belong to two different AS. In MPLS VPN environment OSPF running at CE end will learn OSPF routes from other site will always in "inter area or external" form. Only SHAM link in MPLS VPN will introduce "intra area (O)" routes in CE sites. DR/BDR: Election is based on higher IP address. BDR will take over the function of DR if DR fail. BDR take care of retransmission of LSA when DR is active other than that BDR does not do any thing when DR is active. DR use 224.0.0.5 to send update to all routers. All router send update to DR using 224.0.0.6. OSPF Area design: · Keep the same link speed spokes in same area · Aggregation or Summarization (area <area-id> range <summary address block with subnet mask>) · If OSPF area has multiple ABR then divide the subnet block into two part and advertise it to the other area from particular ABR and also play with metric so you can achieve load balancing For ex, if you have 10.0.0.0/24 then advertise 10.0.0.0/25 from ABR1 to area 0 and 10.0.0.128/25 from ABR2 to area0 and tune Local area so you can achieve symmetric routing. OSPF: LSA1: Router LSA, it carries the active interface of the local router and its neighbor. LSA2: Network LSA, it describe the network type to which local router is connected LSA3: Network Summary LSA, useful in hierarchical routing LSA4: ASBR Summary LSA, useful in hierarchical routing LSA5: AS external LSA, useful in hierarchical routing. LSA6: MOSP LSA, used for Multicast OSPF. LSA7: NSSA LSA generated in NSSA area only. LSA8: External attributes LSA, used to carry BGP path information in lieu of IBGP (AS-path info). If you do redistribution from BGP to OSPF and there is no IBGP is running in the network then OSPF will carry the AS Path info inside the LSA-8 and at other BGP router when you do OSPF to BGP redistribution then that AS-Path information from LSA-8 will be used to recover the full AS path of the prefix as well as to advertise other BGP speaking router. LSA9: Opaque LSA (Link Local), this LSA will be flooded on local segment only. LSA10: Opaque LSA (area wide). This LSA will be flooded with in AREA, this LSA will not travel to any other area. MPLS TE use this LSA. "show ip ospf database opaque-area" will display the LSA10 database. LSA11: Opaque LSA (Autonomous System wide), This LSA will be flooded in all the areas. This LSA is used in AS wide deployment. In OSPF LSA if the sequence number is same then it will check age and LS Checksum field before it declares that the two instances are identical. OSPFv1 was using lollipop shaped sequence number and OSPFv2 uses the linier sequence number. LSA database is updated at least once every 30 minutes. If LSA has not been updated after an hour (MAX AGE Time), LSA is assumed to be no longer valid and it is removed from the database. OSPF run on the top of IP, It does not use the TCP or UDP, Router can identify the OSPF packet by reading the protocol number 89 in the IP Packet. So after IP header there will be OSPF data (not TCP or UDP) OSPF interface cost is outgoing cost on router from that interface. Multiple ABR: In case of multiple ABR, router with highest RID performs the translations from LSA7 to LSA5 and advertise it to Area 0.
ISIS vs. OSPF:
|