ISIS

ISIS is a routing protocol which is described in ISO10589, RFC 1195, RFC 5308. ISIS is an IGP. Compared with RIP, ISIS can provide scalable network support and faster convergence times like OSPF. ISIS is widely used in large networks such as ISP and carrier backbone networks.

Configuring isisd

There are no isisd specific options. Common options can be specified (Common Invocation Options) to isisd. isisd needs to acquire interface information from zebra in order to function. Therefore zebra must be running before invoking isisd. Also, if zebra is restarted then isisd must be too.

Like other daemons, isisd configuration is done in ISIS specific configuration file isisd.conf.

ISIS router

To start the ISIS process you have to specify the ISIS router. As of this writing, isisd does not support multiple ISIS processes.

router isis WORD [vrf NAME]

Enable or disable the ISIS process by specifying the ISIS domain with ‘WORD’. isisd does not yet support multiple ISIS processes but you must specify the name of ISIS process. The ISIS process name ‘WORD’ is then used for interface (see command ip router isis WORD).

net XX.XXXX. ... .XXX.XX

Set/Unset network entity title (NET) provided in ISO format.

hostname dynamic

Enable support for dynamic hostname.

area-password [clear | md5] <password>
domain-password [clear | md5] <password>

Configure the authentication password for an area, respectively a domain, as clear text or md5 one.

attached-bit [receive ignore | send]

Set attached bit for inter-area traffic:

  • receive If LSP received with attached bit set, create default route to neighbor

  • send If L1|L2 router, set attached bit in LSP sent to L1 router

log-adjacency-changes

Log changes in adjacency state.

metric-style [narrow | transition | wide]

Set old-style (ISO 10589) or new-style packet formats:

  • narrow Use old style of TLVs with narrow metric

  • transition Send and accept both styles of TLVs during transition

  • wide Use new style of TLVs to carry wider metric. FRR uses this as a default value

set-overload-bit

Set overload bit to avoid any transit traffic.

purge-originator

Enable or disable RFC 6232 purge originator identification.

lsp-mtu (128-4352)

Configure the maximum size of generated LSPs, in bytes.

ISIS Timer

lsp-gen-interval [level-1 | level-2] (1-120)

Set minimum interval in seconds between regenerating same LSP, globally, for an area (level-1) or a domain (level-2).

lsp-refresh-interval [level-1 | level-2] (1-65235)

Set LSP refresh interval in seconds, globally, for an area (level-1) or a domain (level-2).

max-lsp-lifetime [level-1 | level-2] (360-65535)

Set LSP maximum LSP lifetime in seconds, globally, for an area (level-1) or a domain (level-2).

spf-interval [level-1 | level-2] (1-120)

Set minimum interval between consecutive SPF calculations in seconds.

ISIS Fast-Reroute

Unless stated otherwise, commands in this section apply to all LFA flavors (local LFA, Remote LFA and TI-LFA).

spf prefix-priority [critical | high | medium] WORD

Assign a priority to the prefixes that match the specified access-list.

By default loopback prefixes have medium priority and non-loopback prefixes have low priority.

fast-reroute priority-limit [critical | high | medium] [level-1 | level-2]

Limit LFA backup computation up to the specified prefix priority.

fast-reroute lfa tiebreaker [downstream | lowest-backup-metric | node-protecting] index (1-255) [level-1 | level-2]

Configure a tie-breaker for multiple local LFA backups. Lower indexes are processed first.

fast-reroute load-sharing disable [level-1 | level-2]

Disable load sharing across multiple LFA backups.

fast-reroute remote-lfa prefix-list [WORD] [level-1 | level-2]

Configure a prefix-list to select eligible PQ nodes for remote LFA backups (valid for all protected interfaces).

ISIS region

is-type [level-1 | level-1-2 | level-2-only]

Define the ISIS router behavior:

  • level-1 Act as a station router only

  • level-1-2 Act as both a station router and an area router

  • level-2-only Act as an area router only

ISIS interface

<ip|ipv6> router isis WORD

Activate ISIS adjacency on this interface. Note that the name of ISIS instance must be the same as the one used to configure the ISIS process (see command router isis WORD). To enable IPv4, issue ip router isis WORD; to enable IPv6, issue ipv6 router isis WORD.

isis circuit-type [level-1 | level-1-2 | level-2]

Configure circuit type for interface:

  • level-1 Level-1 only adjacencies are formed

  • level-1-2 Level-1-2 adjacencies are formed

  • level-2-only Level-2 only adjacencies are formed

isis csnp-interval (1-600) [level-1 | level-2]

Set CSNP interval in seconds globally, for an area (level-1) or a domain (level-2).

isis hello padding

Add padding to IS-IS hello packets.

isis hello-interval (1-600) [level-1 | level-2]

Set Hello interval in seconds globally, for an area (level-1) or a domain (level-2).

isis hello-multiplier (2-100) [level-1 | level-2]

Set multiplier for Hello holding time globally, for an area (level-1) or a domain (level-2).

isis metric [(0-255) | (0-16777215)] [level-1 | level-2]

Set default metric value globally, for an area (level-1) or a domain (level-2). Max value depend if metric support narrow or wide value (see command metric-style [narrow | transition | wide]).

isis network point-to-point

Set network type to ‘Point-to-Point’ (broadcast by default).

isis passive

Configure the passive mode for this interface.

isis password [clear | md5] <password>

Configure the authentication password (clear or encoded text) for the interface.

isis priority (0-127) [level-1 | level-2]

Set priority for Designated Router election, globally, for the area (level-1) or the domain (level-2).

isis psnp-interval (1-120) [level-1 | level-2]

Set PSNP interval in seconds globally, for an area (level-1) or a domain (level-2).

isis three-way-handshake

Enable or disable RFC 5303 Three-Way Handshake for P2P adjacencies. Three-Way Handshake is enabled by default.

isis fast-reroute lfa [level-1 | level-2]

Enable per-prefix local LFA fast reroute link protection.

isis fast-reroute lfa [level-1 | level-2] exclude interface IFNAME

Exclude an interface from the local LFA backup nexthop computation.

isis fast-reroute remote-lfa tunnel mpls-ldp [level-1 | level-2]

Enable per-prefix Remote LFA fast reroute link protection. Note that other routers in the network need to be configured to accept LDP targeted hello messages in order for RLFA to work.

isis fast-reroute remote-lfa maximum-metric (1-16777215) [level-1 | level-2]

Limit Remote LFA PQ node selection within the specified metric.

Enable per-prefix TI-LFA fast reroute link or node protection. When node protection is used, option link-fallback enables the computation and use of link-protecting LFAs for destinations unprotected by node protection.

Showing ISIS information

show isis summary

Show summary information about ISIS.

show isis hostname

Show information about ISIS node.

show isis interface [detail] [IFNAME]

Show state and configuration of ISIS specified interface, or all interfaces if no interface is given with or without details.

show isis neighbor [detail] [SYSTEMID]

Show state and information of ISIS specified neighbor, or all neighbors if no system id is given with or without details.

show isis database [detail] [LSPID]

Show the ISIS database globally, for a specific LSP id without or with details.

show isis topology [level-1|level-2]

Show topology IS-IS paths to Intermediate Systems, globally, in area (level-1) or domain (level-2).

show isis route [level-1|level-2] [prefix-sid|backup]

Show the ISIS routing table, as determined by the most recent SPF calculation.

show isis fast-reroute summary [level-1|level-2]

Show information about the number of prefixes having LFA protection, and network-wide LFA coverage.

Traffic Engineering

Note

At this time, FRR offers partial support for some of the routing protocol extensions that can be used with MPLS-TE. FRR does not currently support a complete RSVP-TE solution.

mpls-te on

Enable Traffic Engineering LSP flooding.

mpls-te router-address <A.B.C.D>

Configure stable IP address for MPLS-TE.

show isis mpls-te interface
show isis mpls-te interface INTERFACE

Show MPLS Traffic Engineering parameters for all or specified interface.

show isis mpls-te router

Show Traffic Engineering router parameters.

Segment Routing

This is an EXPERIMENTAL support of Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.

Known limitations:
  • No support for level redistribution (L1 to L2 or L2 to L1)

  • No support for binding SID

  • No support for SRMS

  • No support for SRLB

  • Only one SRGB and default SPF Algorithm is supported

segment-routing on

Enable Segment Routing.

segment-routing global-block (16-1048575) (16-1048575) [local-block (16-1048575) (16-1048575)]

Set the Segment Routing Global Block i.e. the label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535. Optionally sets also the Segment Routing Local Block. The negative command always unsets both.

segment-routing local-block (16-1048575) (16-1048575)

Set the Segment Routing Local Block i.e. the label range used by MPLS to store label in the MPLS FIB for Adjacency SID. Note that the block size may not exceed 65535. This command is deprecated in favor of the combined ‘segment-routing global-block A B local-block C D’ command.

segment-routing node-msd (1-16)

Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane. E.g. for Linux kernel, since version 4.13 the maximum value is 32.

segment-routing prefix <A.B.C.D/M|X:X::X:X/M> <absolute (16-1048575)|index (0-65535) [no-php-flag|explicit-null] [n-flag-clear]

prefix. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs.

show isis segment-routing nodes

Show detailed information about all learned Segment Routing Nodes.

Debugging ISIS

debug isis adj-packets

IS-IS Adjacency related packets.

debug isis checksum-errors

IS-IS LSP checksum errors.

debug isis events

IS-IS Events.

debug isis local-updates

IS-IS local update packets.

debug isis packet-dump

IS-IS packet dump.

debug isis protocol-errors

IS-IS LSP protocol errors.

debug isis route-events

IS-IS Route related events.

debug isis snp-packets

IS-IS CSNP/PSNP packets.

debug isis spf-events
debug isis spf-statistics
debug isis spf-triggers

IS-IS Shortest Path First Events, Timing and Statistic Data and triggering events.

debug isis update-packets

Update related packets.

debug isis sr-events

IS-IS Segment Routing events.

debug isis lfa

IS-IS LFA events.

show debugging isis

Print which ISIS debug level is activate.

ISIS Configuration Examples

A simple example, with MD5 authentication enabled:

!
interface eth0
 ip router isis FOO
 isis network point-to-point
 isis circuit-type level-2-only
!
router isis FOO
net 47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00
 metric-style wide
 is-type level-2-only

A Traffic Engineering configuration, with Inter-ASv2 support.

First, the zebra.conf part:

hostname HOSTNAME
password PASSWORD
log file /var/log/zebra.log
!
interface eth0
 ip address 10.2.2.2/24
 link-params
  max-bw 1.25e+07
  max-rsv-bw 1.25e+06
  unrsv-bw 0 1.25e+06
  unrsv-bw 1 1.25e+06
  unrsv-bw 2 1.25e+06
  unrsv-bw 3 1.25e+06
  unrsv-bw 4 1.25e+06
  unrsv-bw 5 1.25e+06
  unrsv-bw 6 1.25e+06
  unrsv-bw 7 1.25e+06
  admin-grp 0xab
!
interface eth1
 ip address 10.1.1.1/24
 link-params
  enable
  metric 100
  max-bw 1.25e+07
  max-rsv-bw 1.25e+06
  unrsv-bw 0 1.25e+06
  unrsv-bw 1 1.25e+06
  unrsv-bw 2 1.25e+06
  unrsv-bw 3 1.25e+06
  unrsv-bw 4 1.25e+06
  unrsv-bw 5 1.25e+06
  unrsv-bw 6 1.25e+06
  unrsv-bw 7 1.25e+06
  neighbor 10.1.1.2 as 65000

Then the isisd.conf itself:

hostname HOSTNAME
password PASSWORD
log file /var/log/isisd.log
!
!
interface eth0
 ip router isis FOO
!
interface eth1
 ip router isis FOO
!
!
router isis FOO
 isis net 47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00
  mpls-te on
  mpls-te router-address 10.1.1.1
!
line vty

A Segment Routing configuration, with IPv4, IPv6, SRGB and MSD configuration.

hostname HOSTNAME
password PASSWORD
log file /var/log/isisd.log
!
!
interface eth0
 ip router isis SR
 isis network point-to-point
!
interface eth1
 ip router isis SR
!
!
router isis SR
 net 49.0000.0000.0000.0001.00
 is-type level-1
 topology ipv6-unicast
 lsp-gen-interval 2
 segment-routing on
 segment-routing node-msd 8
 segment-routing prefix 10.1.1.1/32 index 100 explicit-null
 segment-routing prefix 2001:db8:1000::1/128 index 101 explicit-null
!

ISIS Vrf Configuration Examples

A simple vrf example:

!
interface eth0 vrf RED
 ip router isis FOO vrf RED
 isis network point-to-point
 isis circuit-type level-2-only
!
router isis FOO vrf RED
 net 47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00
 metric-style wide
 is-type level-2-only