5.6. Configuring IS-IS with CLI
This section provides information to configure the Intermediate System-to-Intermediate System (IS-IS) protocol using the command line interface.
Topics in this section include:
5.7. IS-IS Configuration Overview
The 7705 SAR supports multi-instance IS-IS (MI-IS-IS). For IS-IS to operate on 7705 SAR routers, IS-IS must be explicitly enabled for each instance, and at least one area address and interface must be configured for the instance. If IS-IS is enabled but no area address or interface is configured, no routes are exchanged. When at least one area address and interface are configured, adjacencies can be formed and routes exchanged.
This section contains the following topics:
5.7.1. Router Levels
The router’s IS-IS level capability can be configured globally and on a per-interface basis. The interface level parameters specify the interface’s routing level. The neighbor capability and parameters define the adjacencies that are established.
When an IS-IS instance is enabled, the global default level capability is level 1/2, which enables the router to operate as either a level 1 and/or a level 2 router with the associated databases. The router runs separate shortest path first (SPF) calculations for the level 1 area routing and for the level 2 multi-area routing to create the IS-IS routing table for the IS-IS instance.
The level value can be modified on both or either of the global and interface levels to be only level 1-capable, only level 2-capable, or both level 1- and level 2-capable.
If the default value is not modified on any routers in the area, the routers try to form both level 1 and level 2 adjacencies on all IS-IS interfaces. If the default values are modified to level 1 or level 2, the number of adjacencies formed are limited to that level only.
5.7.2. Area Addresses
The area-id command specifies the area address portion of the NET, which is used to define the IS-IS area to which the router will belong. At least one area ID must be configured per instance for each router participating in IS-IS. A maximum of three area IDs can be configured per router instance.
The area address identifies a point of connection to the network, such as a router interface, and is called a network service access point (NSAP). The routers in an area manage routing tables of destinations within the area. The Network Entity Title (NET) value is used to identify the IS-IS area to which the router belongs.
NSAP addresses are divided into three parts. Only the area ID portion is configurable:
- area ID – a variable-length field between 1 and 13 bytes that identifies the area to which the router belongs. This field includes the Authority and Format Identifier (AFI) as the first (most significant byte) and the area identifier.
- system ID – A 6-byte system identifier. This value is not configurable. The system ID is derived from the system or router ID and uniquely identifies the router.
- selector ID – A 1-byte selector identifier that is always 00 for an NET. This value is not configurable.
The area ID portion of the NET can be manually configured with 1 to 13 bytes. If fewer than 13 bytes are entered, the rest of the field is padded with zeros.
5.7.3. Interface Level Capability
The level capability value configured on the interface level is compared to the level capability value configured on the global level to determine the type of adjacencies that can be established. The default value for 7705 SAR routers and interfaces is level 1/2. Table 49 lists capability combinations and the potential adjacencies that can be formed.
Table 49: Potential Adjacency Capabilities
Global Level | Interface Level | Potential Adjacency |
Level 1/2 | Level 1/2 | Level 1 and/or level 2 |
Level 1/2 | Level 1 | Level 1 only |
Level 1/2 | Level 2 | Level 2 only |
Level 2 | Level 1/2 | Level 2 only |
Level 2 | Level 2 | Level 2 only |
Level 2 | Level 1 | None |
Level 1 | Level 1/2 | Level 1 only |
Level 1 | Level 2 | None |
Level 1 | Level 1 | Level 1 only |
5.7.4. Route Leaking
An autonomous system running IS-IS can be divided into level 1 areas with a level 2-connected subset (backbone) of the topology that interconnects all of the level 1 areas. Within each level 1 area, the routers exchange link-state information. Level 2 routers also exchange level 2 link-state information to compute routes between areas.
Routers in a level 1 area typically only exchange information within the level 1 area. For IP destinations not found in the prefixes in the level 1 database, the level 1 router forwards PDUs to the nearest level 1/2 router with the attachment bit set in its level 1 link-state PDU.
Routing to the closest level 1/2 router may lead to sub-optimal routing, because the shortest path to the destination is not always through the closest router. To reduce sub-optimal routing, route leaking provides a mechanism to leak (or redistribute) level 2 information into level 1 areas. By distributing more detailed information into the level 1 area, a level 1 router is able to make a better decision as to which level 1/2 router should forward the packet.
The 7705 SAR implementation of IS-IS route leaking is in compliance with RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS.
5.8. Basic IS-IS Configuration
The basic IS-IS configuration tasks that must be performed are:
- enable IS-IS
- modify the level capability on the global level from the default level 1/2 (if required)
- define area addresses
- configure IS-IS interfaces
The following output displays IS-IS default values:
5.9. Configuring IS-IS Components
The following sections show the CLI syntax for:
5.9.1. Enabling IS-IS
An IS-IS instance must be enabled in order for the protocol to be active. If the isis command is used without an isis-instance specified, the default (“base”) instance is used.
 | Note: Careful planning is essential when implementing commands that can affect the behavior of global and interface levels. |
To configure an IS-IS instance on a router, enter the following command:
5.9.2. Configuring an IS-IS Instance Level
When an IS-IS instance is enabled, the default level-capability is level 1/2. This means that the instance operates with both level 1 and level 2 routing capabilities. To change the default value in order for the instance to operate as a level 1 router or a level 2 router only, you must explicitly modify the level-capability value.
Select level-1 to route traffic only within an area. Select level-2 to route traffic to destinations outside an area, toward other eligible level 2 routers.
If the level-capability is modified, the protocol restarts, which likely affects adjacencies and routes.
The level-capability value can be configured on the global level and on the interface level. The level-capability value determines which level values can be assigned on the router instance level or on an interface level.
The level command lets you configure parameters for level 1 or level 2 instances (or both).
For more information on level and level-capability, see Router Levels and Interface Level Capability.
To configure the router instance level, enter the following command:
The following example displays a level configuration:
5.9.3. Configuring ISO Area Addresses
Use the following syntax to configure an ISO area address. A maximum of three area addresses can be configured per router instance.
For more information on area addresses, see Area Addresses.
The following example shows the commands to configure the area ID.
The following example displays an area ID configuration:
5.9.4. Configuring Global IS-IS Parameters
Commands and parameters configured on the global level are inherited by the interface levels. Parameters specified in the interface configuration override the global configuration for that interface.
Use the following syntax to configure global IS-IS parameters:
The following example displays a global level configuration:
5.9.5. Configuring Interface Parameters
By default, there are no interfaces associated with IS-IS. You must configure at least one IS-IS interface in order for IS-IS to work. An interface belongs to all areas configured on a router. Interfaces cannot belong to separate areas.
To enable IS-IS on an interface, first configure an IP interface in the config>router>interface context. Then, apply the interface in the config>router>isis>interface context.
You can configure both level 1 parameters and level 2 parameters on an interface. The level-capability value determines which level values are used.
| Note: For point-to-point interfaces, only the values configured under level 1 are used, regardless of the operational level of the interface. |
Use the following syntax to configure interface parameters:
The following example displays a global level and interface configuration:
5.9.5.1. Example 1: Configuring a Level 1 Area
Interfaces are configured in the config>router>interface context. Figure 15 shows a level 1 area configuration.
Figure 15: Configuring a Level 1 Area
The following example shows the commands to configure a level 1 area:
The following example displays a level 1 area configuration:
5.9.5.2. Example 2: Modifying Router Level Capability
In the previous example, ALU-A, ALU-B, and ALU-C are configured as level 1 systems. Level 1 systems communicate with other level 1 systems in the same area. In this example, ALU-A is modified to set the level capability to level 1/2. Now the level 1 systems in the area with NET 49.0180.0001 forward PDUs to ALU-A for destinations that are not in the local area, as shown in Figure 16.
Figure 16: Configuring a Level 1/2 Area
The following example shows the commands to configure a level 1/2 area for ALU-A:
5.9.6. Configuring Authentication
Authentication must be explicitly configured and can be done using two separate mechanisms:
- configuration of an explicit authentication key and algorithm using the authentication-key and authentication-type commands in the IS-IS global or IS-IS level contexts; configuration of a Hello PDU authentication key using the hello-authentication-key and hello-authentication-type commands in the IS-IS interface and IS-IS interface level contexts
- configuration of an authentication keychain using the auth-keychain command in the config>system>security>keychain context and associating the keychain in the applicable IS-IS contexts
Either the authentication-key command or the auth-keychain command can be used by IS-IS, but both cannot be supported at the same time. If both commands are configured, the auth-keychain configuration will be applied and the authentication-key command will be ignored.
Use the following CLI syntax to configure authentication:
Use the following CLI syntax to associate IS-IS at the global level or IS-IS level with an authentication keychain and to associate an IS-IS interface or interface level with a Hello authentication keychain. The keychain must already be defined in the system>security>keychain context.
5.9.7. Configuring Leaking
IS-IS allows a two-level hierarchy to route PDUs. Level 1 areas can be interconnected by a contiguous level 2 backbone.
The level 1 link-state database contains information only about that area. The level 2 link-state database contains information about the level 2 system and each of the level 1 systems in the area. A level 1/2 router contains information about both level 1 and level 2 databases. A level 1/2 router advertises information about its level 1 area toward the other level 1/2 or level 2 routers.
Packets with destinations outside the level 1 area are forwarded toward the closest level 1/2 router which, in turn, forwards the packets to the destination area.
Sometimes, the shortest path to an outside destination is not through the closest level 1/2 router, or the only level 1/2 router to forward packets out of an area is not operational. Route leaking provides a mechanism to leak level 2 information to level 1 routers to provide routing information regarding inter-area routes. Therefore, a level 1 router has more options to forward packets.
Configure a route policy to leak routes from level 2 into level 1 areas in the config> router>policy-options>policy-statement context. For more information on creating route policies, refer to the 7705 SAR Router Configuration Guide.
For more information on leaking, see Route Leaking.
The following example shows the commands to configure prefix list (“loops”) and policy statement (“leak”) parameters in the config>router context.
The following example displays a prefix list and policy statement configuration:
Next, apply the policy in order to leak routes from level 2 into level 1 routers on ALU-A:
Then, after the policy is applied, create a policy statement (“isis-ext”) to redistribute external IS-IS routes from level 1 routers into the level 2 backbone (see Redistributing External IS-IS Routers). In the config>router context, configure the following policy statement parameters:
5.9.8. Redistributing External IS-IS Routers
By default, IS-IS does not redistribute level 1 external routes into level 2. The policy to redistribute external IS-IS routes must be explicitly applied. Policies are created in the config>router>policy-options context. Refer to the 7705 SAR Router Configuration Guide for information on creating policies.
The following example displays the policy statement configuration:
5.10. IS-IS Configuration Management Tasks
This section discusses the following IS-IS configuration management tasks:
5.10.1. Disabling IS-IS
The shutdown command disables an IS-IS instance on the router. The configuration settings are not changed, reset, or removed.
Use the following CLI syntax to disable an IS-IS instance on a router:
5.10.2. Removing IS-IS
The no isis command deletes an IS-IS instance and reverts its configuration to default values for its next use.
Use the following CLI syntax to remove an IS-IS instance:
5.10.3. Modifying Global IS-IS Parameters
You can modify, disable, or remove global IS-IS parameters without shutting down entities. The changes are applied immediately. Modifying the level capability on the global level causes the IS-IS instance to restart.
The following example displays an IS-IS global parameter modification.
The following example displays the IS-IS configuration with the modifications entered in the previous example:
5.10.4. Modifying IS-IS Interface Parameters
You can modify, disable, or remove interface level IS-IS parameters without shutting down entities. Changes take effect immediately. Modifying the level capability on the interface causes the IS-IS instance on the interface to restart.
To remove an interface, use the no interface ip-int-name command.
To disable an interface, use the shutdown command in the interface context.
The following example displays an IS-IS interface parameter modification.
The following example displays the IS-IS configuration with the modifications entered in the previous example: