IS-IS

Intermediate System to Intermediate System (IS-IS) is a link-state IGP that uses the Shortest Path First (SPF) algorithm to determine routes. Routing decisions are made using the link-state information. IS-IS evaluates topology changes and, if necessary, performs SPF recalculations.

Entities within IS-IS include networks, intermediate systems, and end systems. In IS-IS, a network is an Autonomous System (AS), or routing domain, with end systems and intermediate systems. A router is an intermediate system that sends, receives, and forwards Protocol Data Units (PDUs). End systems are network devices that send and receive PDUs.

End system and intermediate system protocols allow routers and nodes to identify each other. IS-IS sends out link-state updates periodically throughout the network, so each router can maintain current network topology information.

IS-IS supports large ASs by using a two-level hierarchy. A large AS can be administratively divided into smaller, more manageable areas. A system logically belongs to one area. Level 1 routing is performed within an area. Level 2 routing is performed between areas. You can configure routers as Level 1, Level 2, or both Level 1 and 2.

The following summarizes SR Linux support for IS-IS:

  • Level 1, Level 2, and Level 1/2 IS types

  • Configurable Network Entity Title (NET) per IS-IS instance

  • support for IPv4/v6 routing

  • ECMP with up to 64 next hops per destination

  • IS-IS export policies (redistribution of other types of routes into IS-IS)

  • authentication of LSP, CSNP, PSNP, and hello PDUs, using an authentication key or keychain specified as follows:
    • per instance or per level for all PDU types
    • per interface or per interface and level for Hello PDUs
  • authentication keychains with a single key per named keychain

  • Purge Originator ID TLV (RFC 6232)

  • options to ignore and suppress the attached bit

  • ability to set the overload bit immediately or after each subsequent restart of the IS-IS manager application and leave it on for a configurable duration each time

  • control over the link-state PDU (LSP) MTU size, with range from 490 bytes to 9490 bytes

  • configuration control over timers for LSP lifetime, LSP refresh interval, SPF calculation triggers, and LSP generation

  • hello padding (strict, loose, and adaptive modes)

  • graceful restart, acting in restarting router mode and helper router mode

  • Level 1 to Level 2 route summary

  • BFD for fast failure detection

  • configurable hello timer with multiple per interface and level

  • wide metrics (configurable per level)

  • configurable route preference for each route type, Level 1-internal, Level 1-external, Level 2-internal and Level 2-external

  • detailed statistics for interfaces, adjacencies, and levels
  • Multi-instance IS-IS (MI-ISIS), which allows multiple instances of IS-IS to operate on a single circuit
  • Multi-Topology MT-ID 0 and MT-ID 2 support, with MT-ID2 reserved for IPv6 network topology
  • Multi-Topology Intermediate System to Intermediate System (MT-ISIS) MT0 and MT2 support

The info detail command displays default values for an IS-IS instance on SR Linux as shown in the following example:

--{ * candidate shared default }--[ network-instance default protocols isis ]--
# info detail
    instance i1 {
        admin-state disable
        level-capability L2
        max-ecmp-paths 1
        poi-tlv false
        attached-bit {
            ignore false
            suppress false
        }
        overload {
            advertise-interlevel false
            advertise-external false
            immediate {
                set-bit false
                max-metric false
            }
            on-boot {
                set-bit false
                max-metric false
            }
        }
        timers {
            lsp-lifetime 1200
            lsp-refresh {
                interval 600
                half-lifetime true
            }
            spf {
                initial-wait 1000
                second-wait 1000
                max-wait 10000
            }
            lsp-generation {
                initial-wait 1000
                second-wait 1000
                max-wait 5000
            }
        }
        transport {
            lsp-mtu-size 1492
        }
        ipv4-unicast {
            admin-state enable
        }
        ipv6-unicast {
            admin-state enable
            multi-topology false
        }
        graceful-restart {
            helper-mode false
        }
        auto-cost {
        }
        authentication {
            csnp-authentication false
            psnp-authentication false
            hello-authentication false
        }
        inter-level-propagation-policies {
            level1-to-level2 {
            }
        }
    }

Basic IS-IS configuration

To configure IS-IS, perform the following tasks:

  • Enable an IS-IS instance

  • If necessary, modify the level capability on the global IS-IS instance level

  • Define area addresses

  • Configure IS-IS interfaces

Enabling an IS-IS instance

On SR Linux, you can enable an IS-IS instance within a network-instance. The following example enables an IS-IS instance within the default network-instance.

--{ * candidate shared default }--[  ]--
# info network-instance default protocols isis
    network-instance default {
        protocols {
            isis {
                instance i1 {
                }
            }
        }
    }

Configuring the router level

You can configure routers as Level 1, Level 2, or both Level 1 and 2. When IS-IS is enabled, the default level-capability value is Level 2. This means that the router operates with Level 2 routing capabilities. To change the default value in order for the router to operate as a Level 1 router or a Level 1/2 router, you must explicitly modify the level value.

The level-capability value can be configured on the global IS-IS instance level and also on the interface level. The level-capability value determines which level values can be assigned on the router level or on an interface-basis.

In order for the router to operate as a Level 1 only router or as a Level 2 only router, you must explicitly specify the level-number value.

  • Specify Level 1 to route only within an area

  • Specify Level 2 to route to destinations outside an area, toward other eligible Level 2 routers

The following example configures the level capability for an IS-IS instance to Level 2.

--{ * candidate shared default }--[ network-instance default protocols ]--
# info isis
 isis {
        instance i1 {
            level-capability L2
        }
    }

Configuring the Network Entity Title

On SR Linux, you can configure the Network Entity Title (NET) per IS-IS instance. The NET is 8-20 octets long and consists of 3 parts: the area address (1-13 octets), the system ID (6 octets), and the n-selector (1 octet, must be 00)

The area address portion of the NET defines the IS-IS area to which the router belongs. At least one area address should be configured on each router participating in IS-IS.

The area address portion of the NET identifies a point of connection to the network, such as a router interface. The routers in an area manage routing tables about destinations within the area. The NET value is used to identify the IS-IS area to which the router belongs.

The NET value is divided into three parts. Only the Area ID portion is configurable.

1. Area ID — A variable length field between 1 and 13 bytes. This includes the Authority and Format Identifier (AFI) as the most significant byte and the area ID.

2. System ID — A 6-byte system identifier. This value is not configurable. The system ID is derived from the system or router ID.

3. Selector ID — A 1-byte selector identifier that must contain zeros when configuring a NET. This value is not configurable. The selector ID is always 00.

The following example configures a NET for an IS-IS instance:

--{ * candidate shared default }--[ network-instance default protocols ]--
# info isis
 isis {
        instance i1 {
            net 49.0001.1921.6800.1002.00
            }
        }
    }

Configuring global parameters

You can configure the commands and parameters on the global IS-IS instance level.

Commands and parameters configured on the global IS-IS instance level are inherited by the interface levels. Parameters specified in the interface and interface-level configurations take precedence over global configurations.

The following example shows the command usage to configure global-level IS-IS. The LSP PDU authentication setting references a keychain defined at the system level (see Protocol authentication).

--{ * candidate shared default }--[ network-instance default protocols ]--
# info isis
    isis {
        instance i1 {
            level-capability L2
            overload {
                on-boot {
                    timeout 90
                }
            }
            authentication {
                lsp-authentication {
                    generate true
                    check-received strict
                    keychain isisglobal
                }
            }
        }
    }

Configuring interface parameters

There are no interfaces associated with IS-IS by default. An interface belongs to all areas configured on a router. Interfaces cannot belong to separate areas. There are no default interfaces applied to the router IS-IS instance. You must configure at least one IS-IS interface in order for IS-IS to work.

You can configure both the Level 1 parameters and the Level 2 parameters on an interface. The level-capability value determines which level values are used.

The following example configures interface parameters for an IS-IS instance:

--{ * candidate shared default }--[ network-instance default protocols isis ]--
# info instance i1
    instance i1 {
        interface ethernet-1/2.1 {
            circuit-type point-to-point
            ipv4-unicast {
                admin-state enable
            }
            level 1 {
                authentication {
                    hello-authentication {
                        generate true
                        check-received strict
                        keychain Hello
                    }
                }
            }
        }
        level 1 {
        }
    }

Configuring authentication keys

IS-IS supports authentication for PDUs using shared keys, which are changed at regular intervals using keys configured in a keychain. This authentication mechanism is described in Protocol authentication.

In addition to using shared keys, authentication for IS-IS Hello, CSNP, PSNP, and LSP PDUs can be done using directly configured keys. You can specify the key used for authenticating IS-IS PDUs associated with a specific IS-IS instance, received or transmitted on a specific interface, and associated with a specific level.

If a Hello PDU is received or transmitted on a specific interface, it is authenticated using the key configured for that interface. If no key exists for the interface, the key configured for the instance is used. For CSNP, PSNP. and LSP PDUs, authentication is performed using the key configured for the level. If no key exists for the level, the key configured for the instance is used.

To configure a key, you specify the secret key (auth-password) and cryptographic algorithm to be used for generating the key.

The following example configures keys for an IS-IS instance, interface, and level.

--{ candidate shared default }--[  ]--
# info network-instance default protocols isis
    network-instance default {
        protocols {
            isis {
                instance i1 {
                    authentication {
                        key {
                            crypto-algorithm cleartext
                            auth-password $aes$9G3XrtckZzMg=$In9WuOvKPsTw6ehDX5YLgA==
                        }
                    }
                    interface ethernet-1/1.1 {
                        authentication {
                            key {
                                crypto-algorithm hmac-md5
                                auth-password $aes$97mfUA4Swx6I=$PfF02Mtu0gUXH5LwT/ltqQ==
                            }
                        }
                    }
                    level 1 {
                        authentication {
                            key {
                                crypto-algorithm hmac-sha-256
                                auth-password $aes$9YHCLtkxaLGw=$7HXuQHhR4wPXwifkGekFaQ==
                            }
                        }
                    }
                }
            }
        }
    }

IS-IS graceful restart

IS-IS graceful restart is a mechanism to prevent routing protocol re-convergence during a control plane switchover, reset, or upgrade.

Without graceful restart, when an IS-IS router restarts, its IS-IS neighbors detect that the router has gone down and remove routes that pass through that neighbor, resulting in data loss even if the restarting router is able to maintain its forwarding table state.

Configuring graceful restart can prevent this data loss. To do this, the restarting router relies on neighbor routers, which have also been configured for graceful restart, to maintain forwarding state while the router restarts. These neighbor routers are known as helper routers.

For IS-IS graceful restart, SR Linux can operate in the following modes:
  • restarting router mode when its own IS-IS manager application (isis_mgr) restarts, or the application is killed

  • helper router mode when it detects that an adjacent IS-IS router has restarted

Restarting router mode

When the router is configured to operate in restarting router node, if the SR Linux IS-IS manager application restarts or is killed, routes that are published by the IS-IS manager (associated with any IS-IS instance), and used for programming the FIB, remain programmed for a duration of time sufficient to allow a warm restart of the IS-IS manager application. The system starts sending periodic IS-IS Hello (IIH) PDUs (with the Restart Request (RR) flag set) on all IS-IS interfaces so that neighbors do not time out their adjacencies.

The helper router on each interface responds with an IIH PDU containing a Restart Acknowledgement (RA). The exchange of IIH PDUs on each interface causes adjacencies to reform. After each adjacency comes up, the helper router on the associated interface transmits a complete set of CSNPs to the restarting router.

Helper router mode

When the router is configured to operate in helper router node, SR Linux advertises TLV 211 in IIH PDUs sent on all IS-IS interfaces, which indicates that the IS-IS instance is able to help any adjacent neighbor that signals a restart.

When the router receives an IIH PDU with the RR flag set from an adjacent neighbor, the router maintains its adjacency with the neighbor, responds with an IIH PDU with the RA flag set, and sends a complete set of CSNP PDUs to the restarting router.

Configuring IS-IS graceful restart

You can configure SR Linux to operate as a restarting router (informing adjacent routers when the IS-IS manager application restarts or is killed) and as a helper router (indicating to adjacent routers that it can help those signaling a restart). By default, both restarting router mode and helper router mode are disabled.

Configure restarting router mode

To configure the router to operate in restarting router mode for IS-IS graceful restart, enable non-stop-forwarding for IS-IS. For example:

--{ candidate shared default }--[  ]--
# info network-instance green protocols isis
    network-instance default {
        protocols {
            isis {
                non-stop-forwarding {
                    admin-state enable
                }
            }
        }
    }

Configure helper router mode

The following example enables the router to operate in helper router mode:

--{ candidate shared default }--[  ]--
# info network-instance green protocols isis instance i1 graceful-restart
    network-instance default {
        protocols {
            isis {
                instance i1 {
                    graceful-restart {
                        helper-mode true
                        acceptable-duration 120
                    }
                }
            }
        }
    }

The acceptable-duration parameter sets the amount of time in seconds that SR Linux advertises as the Remaining Time in the Restart TLV with the RA flag set when this router starts to help another router that has entered restart mode. By default, this is 60 seconds.

Displaying IS-IS information

Use the commands shown in this section to display the following information for an IS-IS instance running in a specified network instance:

  • interface information

  • adjacency information

  • IS-IS link state database information

IS-IS summary information

To display summary information for an IS-IS instance:

# show network-instance green_default protocols isis summary
------------------------------------------------------------------------------------------
Network instance "green_default", isis instance "default" is enable and up
Level Capability : L1L2
Export policy    : None
------------------------------------------------------------------------------------------
System-id : 0050.0500.5005
NET       : [ 49.0001.0050.0500.5005.00 ]
Area-id   : [ 49.0001 ]
------------------------------------------------------------------------------------------
IPv4 routing is enable
IPv6 routing is enable using None
Max ECMP path : 1
------------------------------------------------------------------------------------------
Ldp Synchronization is Disabled
------------------------------------------------------------------------------------------
Overload
Current Status : not in overload
------------------------------------------------------------------------------------------
Metric
Reference bandwidth: NA
L1 metric style: wide
L2 metric style: wide
------------------------------------------------------------------------------------------
Graceful Restart
Helper Mode    : disabled
Current Status : not helping any neighbors
------------------------------------------------------------------------------------------
Timers
LSP Lifetime                : 1200
LSP Refresh                 : 600
SPF initial wait            : 1000
SPF second wait             : 1000
SPF max wait                : 10000
LSP generation initial wait : 10
LSP generation second wait  : 1000
LSP generation max wait     : 5000
------------------------------------------------------------------------------------------
Route Preference
L1 internal : 15
L1 external : 160
L2 internal : 18
L2 external : 165
------------------------------------------------------------------------------------------
L1->L2 Summary Addresses Not configured
------------------------------------------------------------------------------------------
Instance Statistics
SPF run            : 29
Last SPF           : 2022-03-23T16:16:16.200Z
Partial SPF run    : 16
Last Partial SPF   : 2022-03-23T16:16:17.200Z
------------------------------------------------------------------------------------------
PDU Statistics
------------------------------------------------------------------------------------------
| pdu-name |     received     |    processed     |     dropped      |       sent       |
+==========+==================+==================+==================+==================+
| LSP      | 460              | 457              | 3                | 528              |
| IIH      | 308              | 281              | 27               | 497              |
| CSNP     | 52               | 51               | 1                | 116              |
| PSNP     | 30               | 30               | 0                | 3                |
------------------------------------------------------------------------------------------

IS-IS interface information

To display interface information for an IS-IS instance:

# show network-instance green_default protocols isis interface
------------------------------------------------------------------------------------------
Network Instance : green_default
Instance         : default
------------------------------------------------------------------------------------------
| Interface Name | Oper State | Level | Circuit id | Circuit type   | Ipv4 Metric L1/L2 | Ipv6 Metric L1/L2
===============================================================================================
| ethernet-1/1.1 | up         | L1L2  | 2          | point-to-point | 10/10             | 10/10
| ethernet-1/2.1 | up         | L1L2  | 2          | broadcast      | 10/10             | 10/10
| ethernet-1/3.1 | up         | L1L2  | 3          | broadcast      | 10/10             | 10/10
| ethernet-1/16. | up         | L1L2  | 4          | broadcast      | 10/10             | 10/10
| 1              |            |       |            |                |                   |      
| lo0.1          | up         | L1L2  | 5          | broadcast      | 0/0               | 0/0
-----------------------------------------------------------------------------------------------

IS-IS interface detail information

To display detail information for a specific IS-IS interface:

# show network-instance green_default protocols isis interface ethernet-1/1.1 detail
----------------------------------------------------------------------------------------
Network Instance   : green_default
Instance           : default
----------------------------------------------------------------------------------------
Interface-Name                      : ethernet-1/1.1
Status                              : IS-IS is admin enabled, oper up
Circuit                             : id 1 is broadcast and not passive
Hello Authentication Generate       : True
Hello Authentication Check Received : Strict
Hello Padding                       : disable
Csnp Interval                       : 10
Lsp Pacing                          : 100
Ldp Sync State                      : disabled
Ldp Sync Duration                   : 3274
---------------------------------------------------------------------------------------
Level                               : 1
Status                              : enabled
Adjacencies                         : 1
Hello Authentication Generate       : True
Hello Authentication Check Received : Strict
Priority                            : 64
Hello Interval                      : 9
Hello Multiplier                    : 3
Ipv4 Metric                         : 10
Ipv6 Metric                         : 10
----------------------------------------------------------------------------------------
Level                               : 2
Status                              : enabled
Adjacencies                         : 1
Hello Authentication Generate       : True
Hello Authentication Check Received : Strict
Priority                            : 64
Hello Interval                      : 9
Hello Multiplier                    : 3
Ipv4 Metric                         : 10
Ipv6 Metric                         : 10
----------------------------------------------------------------------------------------

IS-IS adjacency information

To display IS-IS adjacency information:

# show network-instance default protocols isis adjacency
--------------------------------------------------------------------------------------
Network-instance    : default
IS-IS instance      : global
--------------------------------------------------------------------------------------
System-Id      Adj-Level  Interface        IPv4-Address  State  Uptime       Rem-Hold  
<hostname1>    L1         ethernet-1/1.0   10.0.0.1      Up     0d 00:46:43  19s
<hostname1>    L2         ethernet-1/1.0   10.0.0.1      Up     0d 00:46:43  19s
--------------------------------------------------------------------------------------
Adjacencies: 2
--------------------------------------------------------------------------------------

IS-IS link state database information

To display information for the IS-IS link state database:

# show network-instance green_default protocols isis database
--------------------------------------------------------------------------------------
Network-instance    : green_default 
IS-IS instance      : default
--------------------------------------------------------------------------------------
| Level Number | Lsp Id               | Sequence | Checksum | Lifetime | Attributes |
+==============+======================+==========+==========+==========+============+
| 1            | 0010.0100.1001.00-00 | 0x33     | 0x1672   | 1167     | L1 L2      |
| 1            | 0020.0200.2002.00-00 | 0x35     | 0xd562   | 1014     | L1 L2      |
| 1            | 0030.0300.3003.00-00 | 0x38     | 0xf447   | 640      | L1 L2      |
| 1            | 0030.0300.3003.01-00 | 0x2f     | 0x4db6   | 1005     | L1 L2      |
| 1            | 0030.0300.3003.02-00 | 0x2e     | 0xd355   | 709      | L1 L2      |
| 1            | 0040.0400.4004.00-00 | 0x39     | 0x6f2a   | 638      | L1 L2      |
| 1            | 0040.0400.4004.01-00 | 0x2f     | 0xf0ef   | 822      | L1 L2      |
| 1            | 0040.0400.4004.02-00 | 0x2f     | 0xa5f8   | 999      | L1 L2      |
| 1            | 0050.0500.5005.00-00 | 0x38     | 0xfbbb   | 905      | L1 L2      |
| 1            | 0050.0500.5005.01-00 | 0x31     | 0x3937   | 745      | L1 L2      |
| 1            | 0050.0500.5005.02-00 | 0x2f     | 0xd19    | 657      | L1 L2      |
| 1            | 0060.0600.6006.00-00 | 0x37     | 0xf287   | 967      | L1 L2      |
| 1            | 0060.0600.6006.01-00 | 0x2f     | 0xadfb   | 753      | L1 L2      |
| 1            | 0060.0600.6006.02-00 | 0x2f     | 0x5f95   | 819      | L1 L2      |
| 1            | 0070.0700.7007.00-00 | 0x33     | 0x48dd   | 1058     | L1 L2      |
| 1            | 0070.0700.7007.01-00 | 0x2f     | 0xadb2   | 1164     | L1 L2      |
| 1            | 0070.0700.7007.02-00 | 0x2e     | 0xdf8e   | 852      | L1 L2      |
| 2            | 0010.0100.1001.00-00 | 0x3e     | 0xb92f   | 1150     | L1 L2      |
| 2            | 0010.0100.1001.00-01 | 0x3c     | 0x1875   | 818      | L1 L2      |
| 2            | 0020.0200.2002.00-00 | 0x41     | 0x540f   | 1177     | L1 L2      |
| 2            | 0020.0200.2002.00-01 | 0x3f     | 0x2db9   | 699      | L1 L2      |
| 2            | 0030.0300.3003.00-00 | 0x3c     | 0x302f   | 1058     | L1 L2      |
| 2            | 0030.0300.3003.00-01 | 0x3f     | 0x5150   | 668      | L1 L2      |
| 2            | 0030.0300.3003.01-00 | 0x30     | 0xb518   | 915      | L1 L2      |
| 2            | 0030.0300.3003.02-00 | 0x2f     | 0xe113   | 1035     | L1 L2      |
| 2            | 0040.0400.4004.00-00 | 0x3e     | 0xa17b   | 657      | L1 L2      |
| 2            | 0040.0400.4004.00-01 | 0x3e     | 0x260b   | 1018     | L1 L2      |
| 2            | 0040.0400.4004.01-00 | 0x30     | 0x1511   | 1066     | L1 L2      |
| 2            | 0040.0400.4004.02-00 | 0x2f     | 0x27a7   | 1035     | L1 L2      |
| 2            | 0050.0500.5005.00-00 | 0x41     | 0x59d6   | 608      | L1 L2      |
| 2            | 0050.0500.5005.00-01 | 0x44     | 0xf165   | 1110     | L1 L2      |
| 2            | 0050.0500.5005.01-00 | 0x33     | 0x7709   | 584      | L1 L2      |
| 2            | 0050.0500.5005.02-00 | 0x31     | 0xa74    | 657      | L1 L2      |
| 2            | 0060.0600.6006.00-00 | 0x3d     | 0xd5ed   | 903      | L1 L2      |
| 2            | 0060.0600.6006.00-01 | 0x44     | 0xdc97   | 666      | L1 L2      |
| 2            | 0060.0600.6006.01-00 | 0x30     | 0x9024   | 1145     | L1 L2      |
| 2            | 0060.0600.6006.02-00 | 0x30     | 0xbc66   | 1020     | L1 L2      |
| 2            | 0070.0700.7007.00-00 | 0x3a     | 0x81fd   | 862      | L1 L2      |
| 2            | 0070.0700.7007.00-01 | 0x3e     | 0xf82a   | 765      | L1 L2      |
| 2            | 0070.0700.7007.01-00 | 0x30     | 0xbad5   | 658      | L1 L2      |
| 2            | 0070.0700.7007.02-00 | 0x2f     | 0x1ecb   | 675      | L1 L2      |
+--------------+----------------------+----------+----------+----------+------------+
LSP Count: 41
-------------------------------------------------------------------------------------
To display information for a specific IS-IS link state database:
# show network-instance green_default protocols isis database 1
--------------------------------------------------------------------------------------
Network-instance    : green_default 
IS-IS instance      : default
--------------------------------------------------------------------------------------
| Level Number | Lsp Id               | Sequence | Checksum | Lifetime | Attributes |
+==============+======================+==========+==========+==========+============+
| 1            | 0010.0100.1001.00-00 | 0x33     | 0x1672   | 1048     | L1 L2      |
| 1            | 0020.0200.2002.00-00 | 0x35     | 0xd562   | 894      | L1 L2      |
| 1            | 0030.0300.3003.00-00 | 0x39     | 0x7762   | 1179     | L1 L2      |
| 1            | 0030.0300.3003.01-00 | 0x2f     | 0x4db6   | 886      | L1 L2      |
| 1            | 0030.0300.3003.02-00 | 0x2f     | 0x4ace   | 1188     | L1 L2      |
| 1            | 0040.0400.4004.00-00 | 0x3a     | 0xcd9f   | 1135     | L1 L2      |
| 1            | 0040.0400.4004.01-00 | 0x2f     | 0xf0ef   | 703      | L1 L2      |
| 1            | 0040.0400.4004.02-00 | 0x2f     | 0xa5f8   | 879      | L1 L2      |
| 1            | 0050.0500.5005.00-00 | 0x38     | 0xfbbb   | 785      | L1 L2      |
| 1            | 0050.0500.5005.01-00 | 0x31     | 0x3937   | 625      | L1 L2      |
| 1            | 0050.0500.5005.02-00 | 0x30     | 0xb86e   | 1148     | L1 L2      |
| 1            | 0060.0600.6006.00-00 | 0x37     | 0xf287   | 847      | L1 L2      |
| 1            | 0060.0600.6006.01-00 | 0x2f     | 0xadfb   | 633      | L1 L2      |
| 1            | 0060.0600.6006.02-00 | 0x2f     | 0x5f95   | 700      | L1 L2      |
| 1            | 0070.0700.7007.00-00 | 0x33     | 0x48dd   | 938      | L1 L2      |
| 1            | 0070.0700.7007.01-00 | 0x2f     | 0xadb2   | 1044     | L1 L2      |
| 1            | 0070.0700.7007.02-00 | 0x2e     | 0xdf8e   | 733      | L1 L2      |
+--------------+----------------------+----------+----------+----------+------------+
LSP Count: 17
--------------------------------------------------------------------------------------

Clearing IS-IS information

To clear information for an IS-IS instance, use the tools commands below:

Clear statistics

To clear statistics for an IS-IS instance running in a specified network instance:

# tools network-instance default protocols isis instance i1 statistics clear

Clear link state database information

To clear link state database information for a level:

# tools network-instance default protocols isis instance i1 link-state-database clear

Clear IS-IS adjacency information

To clear IS-IS adjacency information for an interface:

# tools network-instance default protocols isis instance i1 interface ethernet-1/1.1 adjacencies clear

IS-IS weighted ECMP

Weighted IP ECMP, also known as UCMP (unequal cost multipath), allows the installation of a multipath route in the FIB, where the ECMP flow hashing distributes traffic by directing flows to each next-hop in a ratio proportional to the weight assigned to each next-hop. Multipath routes are the routes that have multiple next-hops.

Weighted ECMP (wECMP) distributes traffic unequally over multiple paths and uses available bandwidth more efficiently for better load balancing. For example, if you have four equal-cost paths to a destination, but one path has a lower bandwidth than the other three, you can use wECMP to assign more traffic to the higher bandwidth path and less traffic to the lower bandwidth paths.

The wECMP feature is available on 7250 IXR-6/10/6e/10e and 7250 IXR-X platforms. It is supported for both IS-IS IPv4 and IPv6 routes.

The high-level steps for configuring wECMP are:
  1. Enabling weighted ECMP
  2. Configuring weighted load-balancing over interface next-hops
The system normalizes the weights used in weighted ECMP according to the algorithm described in Normalizing datapath weights.
Note: When a BGP next-hop is resolved by an IS-IS route with weighted ECMP next-hops, any traffic using the BGP route and directed to the BGP next-hop (in case the BGP route has multiple paths) inherits the weighted ECMP load-balancing of the resolving IS-IS route.

Enabling weighted ECMP

You can enable the weighted ECMP per IS-IS instance. wECMP can be configured for an IS-IS instance under a default network instance or network instance of type ip-vrf . Enabling weighted ECMP, triggers weighted ECMP programming for all eligible multipath IS-IS routes associated with the instance. To program an IS-IS route as a multipath route, all the multipaths must have an equal total path cost to the destination.

The ECMP weights (load-balancing-weight) are normalized based on the number of hash buckets per next-hop group (NHG). The sum of all normalized datapath weights must not exceed the hash bucket limit.

You must configure the maximum number of ECMP hash buckets used for IS-IS weighted ECMP routing on a per IS-IS instance basis. If the hash bucket limit is T and the normalized datapath weight of each next-hop is Ni then the sum of all Ni in each mutipath set (NHG) cannot exceed T. The system normalizes the weights used in weighted ECMP according to the algorithm described in Normalizing datapath weights.

The 7250 IXR-6/10/6e/10e and 7250 IXR-X platforms have a 128 hash bucket limit. Datapath resources can be conserved by configuring a lower value for the bucket size. However, this reduces the granularity or fine distribution of the traffic. With a smaller bucket size, there are fewer next-hop options available for load balancing, which can limit the flexibility and precision of traffic distribution. You cannot reduce the hash bucket limit below the ECMP limit of the IS-IS instance.

The following example enables weighted ECMP per IS-IS instance:

Enabling weighted ECMP

--{ * candidate shared default }--[  ]--
# info network-instance default protocols isis
    network-instance mgmt {
        protocols {
            isis {
                instance test {
                    weighted-ecmp {
                        admin-state enable
                        max-ecmp-hash-buckets-per-next-hop-group 56
                    }
                }
            }
        }
    }
Where,
  • admin-state

    When set to enable, triggers weighted ECMP programming for all eligible multipath IS-IS routes associated with the instance. The default is disable. This ensures backward compatibility with previous releases that only supported ECMP wherein the traffic was distributed in equal proportion.

  • max-ecmp-hash-buckets-per-next-hop-group

    Specify the maximum number of ECMP hash buckets per next-hop-group. Default bucket size is 128.

    Note: The configured value of max-ecmp-hash-buckets-per-next-hop-group must always be greater than or equal to max-ecmp-paths (network-instance.protocols.isis.instance.max-ecmp-paths).

Disabling weighted ECMP

--{ * candidate shared default }--[  ]--
# info network-instance default protocols isis
    network-instance mgmt {
        protocols {
            isis {
                instance test {
                    weighted-ecmp {
                        admin-state disable
                        max-ecmp-hash-buckets-per-next-hop-group 1
                    }
                }
            }
        }
    }
You can disable the weighted ECMP per ISIS instance. When you disable the weighted ECMP in an IS-IS instance, all IS-IS routes computed by this instance is programmed in the FIB with classic ECMP programming. This means no weights are assigned to the next-hops, even if some or all of the next-hop interfaces in a multipath set have a non-zero load balancing weight (load-balancing-weight) configured.

Configuring weighted load-balancing over interface next-hops

When the weighted ECMP feature is enabled, the IS-IS route linked to the routing instance can be programmed into the datapath. This allows for weighted load-balancing across the interface next-hops of the route.

In order for weighted ECMP to be supported across the interface next-hops of an IS-IS route the following conditions must be met:

  • All ECMP next-hops must be interface next-hops

  • All next-hop interfaces are configured with non-zero load-balancing weights.

To configure load-balancing weight, set the parameter load-balancing-weight under network-instance.protocols.isis.instance.interface.level.weighted-ecmp. This parameter can be set to a static value, or you can choose to use the options auto or none. The static value assigned must be between 1 and 4294967295.

If all the next-hop interfaces in the multipath set have a load-balancing-weight, which is either automatically derived from the port/LAG bandwidth using the auto option or configured with a static value, then the route is programmed in the FIB with wECMP. If one or more next-hop interfaces have zero weight (load-balancing-weight = none), then the wECMP load-balancing falls back to classic ECMP operation and equally distributes the traffic.

In the NHG for the IS-IS route, each next-hop is assigned a non-zero weight. In SR Linux, the wECMP programming capability is available even if some multipath next-hop interfaces are connected to different adjacent routers.

The following example configures weighted load-balancing over interface next-hops:

Configuring weighted load-balancing over interface next-hops

--{ * candidate shared default }--[  ]--
# info network-instance default protocols isis
    network-instance mgmt {
        protocols {
            isis {
                instance test {
                    interface mgmt0.0 {
                        weighted-ecmp {
                            load-balancing-weight auto
                        }
                    }
                }
            }
        }
    }

Here the load-balancing-weight value is automatically derived from the port/LAG bandwidth.

Normalizing datapath weights

The ECMP weights (load-balancing-weight) are normalized based on the number of hash buckets (max-ecmp-hash-buckets-per-next-hop-group) defined per NHG. The sum of all normalized datapath weights must not exceed the hash bucket limit.

The datapath programming of the NHG assigns Ni hash buckets to each next-hop. The value of Ni is determined by normalizing it using the following method:
  1. Calculate the Greatest Common Divisor (GCD) of all datapath weights.
  2. Divide all datapath weights by the GCD.
  3. If the sum of normalized weights is less than the maximum number of buckets, weight determination process is complete.

    Or

  4. If the sum of normalized weights exceeds the bucket size,
    1. Assign each nexthop a minimum of one bucket.
    2. Distribute the remaining buckets (max_buckets - num_nexthops) to each nexthop based on the ratio of each nexthop's weight to the total weight (rounded down). There may be cases where no extra buckets are assigned.

Multi-instance IS-IS

Multi-instance IS-IS (MI-ISIS), defined in RFC 8202, allows multiple instances of IS-IS to operate on a single circuit. To configure MI-ISIS in SR Linux, you set the instance identifier (IID), which identifies an IS-IS instance, and enable sending of the IID-TLV in IS-IS PDUs. The IID-TLV identifies the IS-IS instance and topology.

MI-ISIS uses the following route-selection tie-break mechanism:

  • When multiple MI-ISIS instances contain an identical route, the route with the lowest metric is selected as the active route and used for forwarding.
  • When multiple MI-ISIS instances have an identical route with identical metric, the route from the instance with the lowest IID is selected as the active route and used for forwarding.

When MI-ISIS is used in combination with ECMP, then only active RTM routes of the same MI-ISIS instance can be load-balanced. ECMP load-balancing between MI-ISIS instances is not supported.

Configuring the IID

The IID is a numerical instance identification number (0-127) and is used to identify the local IS-IS instance and to populate the IID-TLV when MI-ISIS is configured. In an MI-ISIS configuration, each IS-IS instance must have a unique name and can only be associated with a single unique IID within a network instance. The default IS-IS instance has an IID of 0.

The following example configures an IID for an IS-IS instance:

--{ * candidate shared default }--[  ]--
# info network-instance default protocols isis instance i1 instance-id
    network-instance default {
        protocols {
            isis {
                instance i1 {
                    instance-id 2
                }
            }
        }
    }

Enabling the IID-TLV

To configure MI-ISIS, you enable SR Linux to include the IID-TLV for the IS-IS instance in IS-IS PDUs. The IID-TLV includes the configured IID and identifies the instance-specific topology or topologies to which the PDU applies.

The following example enables the system to send the IID-TLV for an IS-IS instance :

--{ * candidate shared default }--[  ]--
# info network-instance default protocols isis
    network-instance default {
        protocols {
            isis {
                instance i1 {
                    iid-tlv true
                }
            }
        }
    }

If iid-tlv is set to false, the configured IID has only local relevance. Interfaces enabled in such IS-IS instances establish adjacencies unaware of any other instances. The router originates link state packets without the IID-TLV and expects other routers in the area not to advertise any IID-TLV either.

Displaying MI-ISIS information

You can display information about the MI-ISIS configuration using show reports or info from state output.

Display IID-TLV information

The following example displays the configured IID-TLV and any received IID-TLVs for an IS-IS instance:

--{ + candidate shared default }--[  ]--
# info from state network-instance default protocols isis instance MyInstance2
    admin-state enable
    instance-id 2
    level-capability L2
    max-ecmp-paths 1
    poi-tlv false
    iid-tlv true
    export-policy MyPolicy
    hello-padding disable
    enable-csnp-on-p2p-links true
    oper-state up
    oper-system-id 0000.0000.8521
    net [
        49.0000.0000.8521.00
    ]
    oper-area-id [
        49
    ]
....
<snip>
....
    level 2 {
        metric-style wide
        <snip>
        link-state-database {
            lsp 0000.0000.8521.00-00 {
                maximum-area-addresses 3
                <snip>
                tlvs {
                    <snip>
                    tlv instance-id {
                        instance-ids {
                            instance-id 2 {
                                topology-id [
                                    0
                                ]
                            }
                        }
                    }

Multi-Topology IS-IS MT0 and MT2

SR Linux supports Multi-Topology (MT) Routing for IS-IS, as defined in RFC 5120. Multi-Topology IS-IS (MT-ISIS), allows multiple independent IP routing topologies within a single IS-IS domain.

MT-ISIS support within SR Linux enables the creation of separate IPv4 unicast and IPv6 unicast topologies within the IS-IS domain. These topologies contribute routes to specific route tables, allowing for non-congruent topologies between different routing tables. As a result, networks can control the links or nodes that are used for forwarding different types of traffic.

For example, MT-ISIS can enable all links to carry IPv4 traffic, while only a subset of links can also carry IPv6 traffic.

SR Linux supports the following multi-topologies:
  • MT-ID 0 (standard IPv4 and IPv6 topology)

  • MT-ID 2 (IPv6-only topology)

IPv4 or IPv6 routing

When an IS-IS instance is created, IPv4 routing is enabled by default and is restricted to Multi-Topology IS-IS (MT-IS-IS) with topology identifier MT0. This configuration ensures that the IS-IS instance is initially set up to handle IPv4 routing within the default topology, MT0, as specified by RFC 5120.

Unlike MT0, which is the default for IPv4, MT2 is not enabled by default and must be configured to manage IPv6 traffic. You must explicitly enable IPv6 routing in an IS-IS instance. IPv6 routing can be configured for either the MT0 or MT2 topology, with MT0 being the default topology for IPv6.

For information about enabling IPv6 routing, see Configuring an IPv6 routing, and for MT2 topology configuration details, see Configuring MT2 topology.

Configuring an IPv6 routing

Use the command .network-instance.[name].protocols.isis.instance.[instance-name].ipv6-unicast.admin-state.enable to enable IPv6 unicast routing for an IS-IS instance.

The following example enables IPv6 unicast routing for an IS-IS instance.

--{ candidate shared default }--[  ]--
info network-instance default protocols isis instance srl_isis_instance
    network-instance default {
        protocols {
            isis {
                instance srl_isis_instance {
                    ipv6-unicast {
                        admin-state enable
                    }
                }
            }
        }
    }

Configuring MT2 topology

To configure the default MT2 topology for an IPv6 routing, set the parameter multi-topology under the .network-instance.[name].protocols.isis.instance.[instance-name].ipv6-unicast. context to true.

The following config example enables IPv6 routing for an IS-IS instance.

--{ candidate shared default }--[  ]--
info network-instance default protocols isis instance srl_isis_instance
    network-instance default {
        protocols {
            isis {
                instance srl_isis_instance {
                    ipv6-unicast {
                        admin-state enable
                        multi-topology true
                    }
                }
            }
        }
    }

IS-IS extensions for Traffic Engineering (TE)

IS-IS TE extensions allow network operators to encode and flood traffic engineering information throughout a network using TE-enabled links.

IGPs (IS-IS/OSPF) use only an interface metric to find the shortest path to a destination without considering factors such as bandwidth and link delay. For traffic engineering computations, link attributes such as available bandwidth, maximum reservable bandwidth, TE metric, and link affinity are required. The IS-IS TE extensions contain the TLVs and sub-TLVs that specify these link attributes. IS-IS link-state PDUs include these TLVs. Flooding algorithms used by link-state IGPs ensure that link attributes are distributed evenly across all routers in the routing domain.

Enabling advertisement of IS-IS TE TLVs/sub-TLVs

SR Linux supports the transmission and reception of Traffic Engineering (TE)-related TLV and sub-TLV fields in IS-IS Link State Packets (LSPs) to share network resource information. The network-instance.traffic-engineering container enables and configures TE functionality for both IPv4 and IPv6. When TE is enabled, the TE-related TLVs and sub-TLVs are incorporated into the LSPs generated by the Interior Gateway Protocol (IGP).

To enable advertising of TLVs and sub-TLVs, set the advertisement parameter to true within the network-instance.protocols.isis.instance.traffic-engineering container. By default, the TE advertisement parameter is set to false.

In the following example, the IS-IS TE TLVs and sub-TLVs are included in the IS-IS LSP.

--{ * candidate shared default }--[  ]--
# info network-instance default protocols isis instance test traffic-engineering advertisement
    network-instance default {
        protocols {
            isis {
                instance test {
                    traffic-engineering {
                        advertisement true
                    }
                }
            }
        }
    }

TE router ID TLV

A TE router ID uniquely identifies a router in an IGP TE domain. The router ID must be operationally active within the IS-IS instance and associated with a system or loopback address.

For the IPv4 and IPv6 address families, IS-IS advertises the IPv4 router ID using TLV 134 as specified in [RFC5305] and the IPv6 router ID using TLV 140 as specified [RFC6119], for use within an IS-IS area.

IPv4 TE router ID TLV

The IPv4 Traffic Engineering (TE) Router ID TLV (Type 134) contains the 4-octet router ID of the router originating the LSP. According to RFC5305, the TE Router ID TLV can be advertised by a router regardless of whether IPv4 TE is enabled.

If IPv4 TE is disabled, the IPv4 TE Router ID TLV is advertised only if the network-instance.default.router-id parameter is configured, regardless of whether the router ID is reachable. If the network-instance.default.router-id parameter is not configured, then IPv4 TE Router ID TLV is not advertised.

If IPv4 TE is enabled, the value of the advertised IPv4 TE Router ID TLV is selected based on a specific order of preference, which is as follows:
  1. network-instance.default.protocol.isis.instance.traffic-engineering.ipv4-te-router-id
  2. If not available, network-instance.default.traffic-engineering.ipv4-te-router-id value is selected.
  3. If neither is available, network-instance.default.router-id value is selected.
Note: When IPv4 TE is enabled, only the IPv4 TE Router ID that is operationally active within the IS-IS instance and associated with a system or loopback address is eligible to be advertised as per the above priority list.

When IPv4 routing is disabled and IPv6 TE is enabled with router capability advertised, the IPv4 router ID TLV is not advertised. However, another ipv4-router-id TLV set to 0.0.0.0 is included within the router capability top-level TLV, ensuring compliance with the RFC7981 standard.

IPv6 TE router ID TLV

The IPv6 router ID can be advertised in top-level TLV 140, defined in RFC6119, or within the Router Capability sub-TLV12, as defined in RFC5305.

The IPv6 TE router ID TLV is advertised when all of the following conditions are satisfied:
  • IPv6 and TE must be enabled

    and

  • A configured routable IPv6 TE router interface address must exist

    and

  • The advertisement of TE-related TLVs and sub-TLVs must be enabled by setting the advertisement parameter to true within the network-instance.traffic-engineering container.

If IPv6 or TE is disabled, the IPv6 TE router ID TLV 140 is not advertised.

The value of the advertised IPv6 router ID is selected based on a specific order of preference, as follows:
  1. network-instance.default.protocol.isis.instance.traffic-engineering.ipv6-te-router-id <value>
  2. If not available, network-instance.default.traffic-engineering.ipv6-te-router-id <value> is selected.
  3. If neither is available, interface.subinterface.ipv6.address xx:xx::xx/128 is selected.
    Note:

    A configured and enabled IPv6 loopback address is selected for advertisement.

Note: Only the ipv6-te-router-id that is operationally active within the IS-IS instance and associated with a system or loopback address is eligible for advertisement in accordance with the above priority list.

RFC 7981 implication to IPv6 Router IDs

RFC 7981 defines IS-IS Router Capability TLV, which allows routers to announce their capabilities within an IS-IS level or across the entire routing domain. The IS-IS router capability TLV consists of multiple sub-TLVs.

Enabling IPv6 TE and advertising router capability results in the advertisement of both the IPv6 Router ID TLV 140 and the IPv6 Router ID TLV 12 within the Router Capability TLV.

The Router Capability sub-TLV12 as defined in RFC 5316, is used when the IPv6 TE Router ID must be distributed to all routers within an entire IS-IS routing domain, instead of being restricted to an area scope. In SR Linux, sub-TLV 12 is advertised only when IPv4 unicast routing is explicitly disabled using the network-instance.default.protocols.isis.instance.ipv4-unicast.admin-state disable command.

Advertising IPv4 TE router ID TLV

A TE router ID must be a unique and stable address within the IS-IS domain. When IPv4 TE is enabled, the advertised IPv4 TE router ID TLV value is selected in a specific order of preference. For preference details, see IPv4 TE router ID TLV.

The following configurations enable the advertisement of the IPv4 router ID and TE link parameters using the legacy TE encoding defined in RFC 5305.

Advertising IPv4 router ID TLV using IS-IS TE router ID

In the following configuration example, IPv4 router ID (192.168.0.0) configured within the IS-IS TE instance is selected for advertising IPv4 TE router ID TLV.

--{ * candidate shared default }--[  ]--
# info network-instance default protocols isis instance test traffic-engineering ipv4-te-router-id
    network-instance default {
        protocols {
            isis {
                instance test {
                    traffic-engineering {
                        ipv4-te-router-id 192.168.0.0
                    }
                }
            }
        }
    }
Advertising IPv4 router ID TLV using network instance TE router ID

In the following configuration example, IPv4 router ID (192.168.11.1) configured within a default network instance with TE capabilities is selected for advertising IPv4 TE router ID TLV.

--{ * candidate shared default }--[  ]--
# info network-instance default traffic-engineering ipv4-te-router-id
    network-instance default {
        traffic-engineering {
            ipv4-te-router-id 192.168.11.1
        }
    }
Advertising IPv4 router ID TLV using default network instance router ID

In the following configuration example, IPv4 router ID (192.0.5.1) configured within a default network instance is selected for advertising IPv4 TE router ID TLV.

--{ * candidate shared default }--[  ]--
# info network-instance default
    network-instance default {
        router-id 192.0.5.1
    }

Advertising IPv6 TE router ID TLV

A TE router ID must be a unique and stable address within the IS-IS domain. When IPv6 TE is enabled, the advertised IPv6 TE router ID TLV value is selected in a specific order of preference. For preference details, see IPv6 TE router ID TLV.

The following configurations enable the traffic engineering behavior with IPv6 TE links. The IS-IS instance automatically advertises the IPv6 TE TLVs, and sub-TLVs defined in RFC6119. For information about IPv6 TE router ID TLV, see IPv6 TE router ID TLV
Advertising IPv6 router ID TLV using an IS-IS TE router ID

In the following configuration example, IPv6 router ID (2001:db8::1) configured within the IS-IS TE instance is selected for advertising IPv4 TE router ID TLV.

--{ * candidate shared default }--[  ]--
# info network-instance default protocols isis instance test traffic-engineering ipv6-te-router-id
    network-instance default {
        protocols {
            isis {
                instance test {
                    traffic-engineering {
                        ipv6-te-router-id 2001:db8::1
                    }
                }
            }
        }
    }
Advertising IPv6 router ID TLV using default network instance TE router ID

In the following configuration example, IPv6 router ID (2001:db8::8) configured within a default network instance with TE capabilities is selected for advertising IPv4 TE router ID TLV.

--{ * candidate shared default }--[  ]--
# info network-instance default traffic-engineering ipv6-te-router-id
    network-instance default {
        traffic-engineering {
            ipv6-te-router-id 2001:db8::8
        }
    }
Advertising IPv6 router ID TLV using subinterface IPv6 address

In the following configuration example, the value of IPv6 address (2002::1234:abcd:ffff:c0a8:101/64) configured within a subinterface is selected for advertising IPv6 TE router ID TLV.

--{ * candidate shared default }--[  ]--
# info interface ethernet-1/1 subinterface 0 ipv6
    interface ethernet-1/1 {
        subinterface 0 {
            ipv6 {
                address 2002::1234:abcd:ffff:c0a8:101/64 {
                }
            }
        }
    }

Advertising TE attributes using legacy and ASLA TLVs

When network-instance.default.protocols.isis instance.default traffic-engineering advertisement is enabled, the router advertises TE TLVs.

IS-IS allows advertising the protocol enabled on a TE-link by using the Application Specific Link Attributes (ASLA) sub-TLV as per draft-ietf-isis-te-app (RFC 8919). The router receiving the link TE attributes can identify the enabled application on the advertising router. For backward compatibility, the router continues to support the legacy mode of advertising link TE attributes, as recommended in RFC 5305. For information about the legacy mode of advertising link TE attributes, see Enabling advertisement of TE attributes in legacy mode.

SR Linux supports decoding of received TLVs and maintains the details in the LSDB YANG state model.
Table 1. TE attributes advertised by legacy TLV and sub-TLVs
Name TLV Sub TLV Decoding in LSDB YANG
Admin group 22 3 Yes
Link local/remote identifiers 22 4 Yes
IPv4 interface address 22 6 Yes
IPv4 neighbor address 22 8 Yes
Maximum link bandwidth 22 9 No
IPv6 interface address 22 12 Yes
IPv6 neighbor address 22 13 Yes
TE metric 22 18 Yes
Unidirectional link delay 22 33 Yes
Min/max unidirectional link delay 22 34 Yes
TE IPv4 router ID 134 NA Yes
IPv4 SRLG 138 NA Yes
IPv6 SRLG 139 NA Yes
TE IPv6 router ID 140 NA Yes
The table below lists the TE attributes that are advertised using the ASLA TE TLVs.
Table 2. TE attributes advertised by ASLA TLV and sub-TLVs
Name TLV Sub TLV Sub-Sub TLV Decoding in LSDB YANG
Admin group 22 16 3 Yes
Maximum link bandwidth 22 16 9 Yes
TE metric 22 16 18 Yes
Min/max unidirectional link delay 22 16 34 Yes