IS-IS
Intermediate System to Intermediate System (IS-IS) is a link-state IGP that uses the Shortest Path First (SPF) algorithm to determine routes. Routing decisions are made using the link-state information. IS-IS evaluates topology changes and, if necessary, performs SPF recalculations.
Entities within IS-IS include networks, intermediate systems, and end systems. In IS-IS, a network is an Autonomous System (AS), or routing domain, with end systems and intermediate systems. A router is an intermediate system that sends, receives, and forwards Protocol Data Units (PDUs). End systems are network devices that send and receive PDUs.
End system and intermediate system protocols allow routers and nodes to identify each other. IS-IS sends out link-state updates periodically throughout the network, so each router can maintain current network topology information.
IS-IS supports large ASs by using a two-level hierarchy. A large AS can be administratively divided into smaller, more manageable areas. A system logically belongs to one area. Level 1 routing is performed within an area. Level 2 routing is performed between areas. You can configure routers as Level 1, Level 2, or both Level 1 and 2.
The following summarizes SR Linux support for IS-IS:
-
Level 1, Level 2, and Level 1/2 IS types
-
Configurable Network Entity Title (NET) per IS-IS instance
-
support for IPv4/v6 routing
-
ECMP with up to 64 next hops per destination
-
IS-IS export policies (redistribution of other types of routes into IS-IS)
-
authentication of LSP, CSNP, PSNP, and hello PDUs, using an authentication key or keychain specified as follows:
- per instance or per level for all PDU types
- per interface or per interface and level for Hello PDUs
-
authentication keychains with a single key per named keychain
-
Purge Originator ID TLV (RFC 6232)
-
options to ignore and suppress the attached bit
-
ability to set the overload bit immediately or after each subsequent restart of the IS-IS manager application and leave it on for a configurable duration each time
-
control over the link-state PDU (LSP) MTU size, with range from 490 bytes to 9490 bytes
-
configuration control over timers for LSP lifetime, LSP refresh interval, SPF calculation triggers, and LSP generation
-
hello padding (strict, loose, and adaptive modes)
-
graceful restart, acting in restarting router mode and helper router mode
-
Level 1 to Level 2 route summary
-
BFD for fast failure detection
-
configurable hello timer with multiple per interface and level
-
wide metrics (configurable per level)
-
configurable route preference for each route type, Level 1-internal, Level 1-external, Level 2-internal and Level 2-external
- detailed statistics for interfaces, adjacencies, and levels
- Multi-instance IS-IS (MI-ISIS), which allows multiple instances of IS-IS to operate on a single circuit
- Multi-Topology MT-ID 0 and MT-ID 2 support, with MT-ID2 reserved for IPv6 network topology
-
Multi-Topology Intermediate System to Intermediate System (MT-ISIS) MT0 and MT2 support
The info detail command displays default values for an IS-IS instance on SR Linux as shown in the following example:
--{ * candidate shared default }--[ network-instance default protocols isis ]--
# info detail
instance i1 {
admin-state disable
level-capability L2
max-ecmp-paths 1
poi-tlv false
attached-bit {
ignore false
suppress false
}
overload {
advertise-interlevel false
advertise-external false
immediate {
set-bit false
max-metric false
}
on-boot {
set-bit false
max-metric false
}
}
timers {
lsp-lifetime 1200
lsp-refresh {
interval 600
half-lifetime true
}
spf {
initial-wait 1000
second-wait 1000
max-wait 10000
}
lsp-generation {
initial-wait 1000
second-wait 1000
max-wait 5000
}
}
transport {
lsp-mtu-size 1492
}
ipv4-unicast {
admin-state enable
}
ipv6-unicast {
admin-state enable
multi-topology false
}
graceful-restart {
helper-mode false
}
auto-cost {
}
authentication {
csnp-authentication false
psnp-authentication false
hello-authentication false
}
inter-level-propagation-policies {
level1-to-level2 {
}
}
}
Basic IS-IS configuration
To configure IS-IS, perform the following tasks:
Enable an IS-IS instance
If necessary, modify the level capability on the global IS-IS instance level
Define area addresses
Configure IS-IS interfaces
Enabling an IS-IS instance
On SR Linux, you can enable an IS-IS instance within a network-instance. The following example enables an IS-IS instance within the default network-instance.
--{ * candidate shared default }--[ ]--
# info network-instance default protocols isis
network-instance default {
protocols {
isis {
instance i1 {
}
}
}
}
Configuring the router level
You can configure routers as Level 1, Level 2, or both Level 1 and 2. When IS-IS is enabled, the default level-capability value is Level 2. This means that the router operates with Level 2 routing capabilities. To change the default value in order for the router to operate as a Level 1 router or a Level 1/2 router, you must explicitly modify the level value.
The level-capability value can be configured on the global IS-IS instance level and also on the interface level. The level-capability value determines which level values can be assigned on the router level or on an interface-basis.
In order for the router to operate as a Level 1 only router or as a Level 2 only router, you must explicitly specify the level-number value.
-
Specify Level 1 to route only within an area
-
Specify Level 2 to route to destinations outside an area, toward other eligible Level 2 routers
The following example configures the level capability for an IS-IS instance to Level 2.
--{ * candidate shared default }--[ network-instance default protocols ]--
# info isis
isis {
instance i1 {
level-capability L2
}
}
Configuring the Network Entity Title
On SR Linux, you can configure the Network Entity Title (NET) per IS-IS instance. The NET is 8-20 octets long and consists of 3 parts: the area address (1-13 octets), the system ID (6 octets), and the n-selector (1 octet, must be 00)
The area address portion of the NET defines the IS-IS area to which the router belongs. At least one area address should be configured on each router participating in IS-IS.
The area address portion of the NET identifies a point of connection to the network, such as a router interface. The routers in an area manage routing tables about destinations within the area. The NET value is used to identify the IS-IS area to which the router belongs.
The NET value is divided into three parts. Only the Area ID portion is configurable.
1. Area ID — A variable length field between 1 and 13 bytes. This includes the Authority and Format Identifier (AFI) as the most significant byte and the area ID.
2. System ID — A 6-byte system identifier. This value is not configurable. The system ID is derived from the system or router ID.
3. Selector ID — A 1-byte selector identifier that must contain zeros when configuring a NET. This value is not configurable. The selector ID is always 00.
The following example configures a NET for an IS-IS instance:
--{ * candidate shared default }--[ network-instance default protocols ]--
# info isis
isis {
instance i1 {
net 49.0001.1921.6800.1002.00
}
}
}
Configuring global parameters
You can configure the commands and parameters on the global IS-IS instance level.
Commands and parameters configured on the global IS-IS instance level are inherited by the interface levels. Parameters specified in the interface and interface-level configurations take precedence over global configurations.
The following example shows the command usage to configure global-level IS-IS. The LSP PDU authentication setting references a keychain defined at the system level (see Protocol authentication).
--{ * candidate shared default }--[ network-instance default protocols ]--
# info isis
isis {
instance i1 {
level-capability L2
overload {
on-boot {
timeout 90
}
}
authentication {
lsp-authentication {
generate true
check-received strict
keychain isisglobal
}
}
}
}
Configuring interface parameters
There are no interfaces associated with IS-IS by default. An interface belongs to all areas configured on a router. Interfaces cannot belong to separate areas. There are no default interfaces applied to the router IS-IS instance. You must configure at least one IS-IS interface in order for IS-IS to work.
You can configure both the Level 1 parameters and the Level 2 parameters on an interface. The level-capability value determines which level values are used.
The following example configures interface parameters for an IS-IS instance:
--{ * candidate shared default }--[ network-instance default protocols isis ]--
# info instance i1
instance i1 {
interface ethernet-1/2.1 {
circuit-type point-to-point
ipv4-unicast {
admin-state enable
}
level 1 {
authentication {
hello-authentication {
generate true
check-received strict
keychain Hello
}
}
}
}
level 1 {
}
}
Configuring authentication keys
IS-IS supports authentication for PDUs using shared keys, which are changed at regular intervals using keys configured in a keychain. This authentication mechanism is described in Protocol authentication.
In addition to using shared keys, authentication for IS-IS Hello, CSNP, PSNP, and LSP PDUs can be done using directly configured keys. You can specify the key used for authenticating IS-IS PDUs associated with a specific IS-IS instance, received or transmitted on a specific interface, and associated with a specific level.
If a Hello PDU is received or transmitted on a specific interface, it is authenticated using the key configured for that interface. If no key exists for the interface, the key configured for the instance is used. For CSNP, PSNP. and LSP PDUs, authentication is performed using the key configured for the level. If no key exists for the level, the key configured for the instance is used.
To configure a key, you specify the secret key (auth-password
) and
cryptographic algorithm to be used for generating the key.
The following example configures keys for an IS-IS instance, interface, and level.
--{ candidate shared default }--[ ]--
# info network-instance default protocols isis
network-instance default {
protocols {
isis {
instance i1 {
authentication {
key {
crypto-algorithm cleartext
auth-password $aes$9G3XrtckZzMg=$In9WuOvKPsTw6ehDX5YLgA==
}
}
interface ethernet-1/1.1 {
authentication {
key {
crypto-algorithm hmac-md5
auth-password $aes$97mfUA4Swx6I=$PfF02Mtu0gUXH5LwT/ltqQ==
}
}
}
level 1 {
authentication {
key {
crypto-algorithm hmac-sha-256
auth-password $aes$9YHCLtkxaLGw=$7HXuQHhR4wPXwifkGekFaQ==
}
}
}
}
}
}
}
IS-IS graceful restart
IS-IS graceful restart is a mechanism to prevent routing protocol re-convergence during a control plane switchover, reset, or upgrade.
Without graceful restart, when an IS-IS router restarts, its IS-IS neighbors detect that the router has gone down and remove routes that pass through that neighbor, resulting in data loss even if the restarting router is able to maintain its forwarding table state.
Configuring graceful restart can prevent this data loss. To do this, the restarting router relies on neighbor routers, which have also been configured for graceful restart, to maintain forwarding state while the router restarts. These neighbor routers are known as helper routers.
-
restarting router mode when its own IS-IS manager application (isis_mgr) restarts, or the application is killed
-
helper router mode when it detects that an adjacent IS-IS router has restarted
Restarting router mode
When the router is configured to operate in restarting router node, if the SR Linux IS-IS manager application restarts or is killed, routes that are published by the IS-IS manager (associated with any IS-IS instance), and used for programming the FIB, remain programmed for a duration of time sufficient to allow a warm restart of the IS-IS manager application. The system starts sending periodic IS-IS Hello (IIH) PDUs (with the Restart Request (RR) flag set) on all IS-IS interfaces so that neighbors do not time out their adjacencies.
The helper router on each interface responds with an IIH PDU containing a Restart Acknowledgement (RA). The exchange of IIH PDUs on each interface causes adjacencies to reform. After each adjacency comes up, the helper router on the associated interface transmits a complete set of CSNPs to the restarting router.
Helper router mode
When the router is configured to operate in helper router node, SR Linux advertises TLV 211 in IIH PDUs sent on all IS-IS interfaces, which indicates that the IS-IS instance is able to help any adjacent neighbor that signals a restart.
When the router receives an IIH PDU with the RR flag set from an adjacent neighbor, the router maintains its adjacency with the neighbor, responds with an IIH PDU with the RA flag set, and sends a complete set of CSNP PDUs to the restarting router.
Configuring IS-IS graceful restart
You can configure SR Linux to operate as a restarting router (informing adjacent routers when the IS-IS manager application restarts or is killed) and as a helper router (indicating to adjacent routers that it can help those signaling a restart). By default, both restarting router mode and helper router mode are disabled.
Configure restarting router mode
To configure the router to operate in restarting router mode for IS-IS graceful restart, enable non-stop-forwarding for IS-IS. For example:
--{ candidate shared default }--[ ]--
# info network-instance green protocols isis
network-instance default {
protocols {
isis {
non-stop-forwarding {
admin-state enable
}
}
}
}
Configure helper router mode
The following example enables the router to operate in helper router mode:
--{ candidate shared default }--[ ]--
# info network-instance green protocols isis instance i1 graceful-restart
network-instance default {
protocols {
isis {
instance i1 {
graceful-restart {
helper-mode true
acceptable-duration 120
}
}
}
}
}
The acceptable-duration parameter sets the amount of time in seconds that SR Linux advertises as the Remaining Time in the Restart TLV with the RA flag set when this router starts to help another router that has entered restart mode. By default, this is 60 seconds.
Displaying IS-IS information
Use the commands shown in this section to display the following information for an IS-IS instance running in a specified network instance:
-
interface information
-
adjacency information
-
IS-IS link state database information
IS-IS summary information
To display summary information for an IS-IS instance:
# show network-instance green_default protocols isis summary
------------------------------------------------------------------------------------------
Network instance "green_default", isis instance "default" is enable and up
Level Capability : L1L2
Export policy : None
------------------------------------------------------------------------------------------
System-id : 0050.0500.5005
NET : [ 49.0001.0050.0500.5005.00 ]
Area-id : [ 49.0001 ]
------------------------------------------------------------------------------------------
IPv4 routing is enable
IPv6 routing is enable using None
Max ECMP path : 1
------------------------------------------------------------------------------------------
Ldp Synchronization is Disabled
------------------------------------------------------------------------------------------
Overload
Current Status : not in overload
------------------------------------------------------------------------------------------
Metric
Reference bandwidth: NA
L1 metric style: wide
L2 metric style: wide
------------------------------------------------------------------------------------------
Graceful Restart
Helper Mode : disabled
Current Status : not helping any neighbors
------------------------------------------------------------------------------------------
Timers
LSP Lifetime : 1200
LSP Refresh : 600
SPF initial wait : 1000
SPF second wait : 1000
SPF max wait : 10000
LSP generation initial wait : 10
LSP generation second wait : 1000
LSP generation max wait : 5000
------------------------------------------------------------------------------------------
Route Preference
L1 internal : 15
L1 external : 160
L2 internal : 18
L2 external : 165
------------------------------------------------------------------------------------------
L1->L2 Summary Addresses Not configured
------------------------------------------------------------------------------------------
Instance Statistics
SPF run : 29
Last SPF : 2022-03-23T16:16:16.200Z
Partial SPF run : 16
Last Partial SPF : 2022-03-23T16:16:17.200Z
------------------------------------------------------------------------------------------
PDU Statistics
------------------------------------------------------------------------------------------
| pdu-name | received | processed | dropped | sent |
+==========+==================+==================+==================+==================+
| LSP | 460 | 457 | 3 | 528 |
| IIH | 308 | 281 | 27 | 497 |
| CSNP | 52 | 51 | 1 | 116 |
| PSNP | 30 | 30 | 0 | 3 |
------------------------------------------------------------------------------------------
IS-IS interface information
To display interface information for an IS-IS instance:
# show network-instance green_default protocols isis interface
------------------------------------------------------------------------------------------
Network Instance : green_default
Instance : default
------------------------------------------------------------------------------------------
| Interface Name | Oper State | Level | Circuit id | Circuit type | Ipv4 Metric L1/L2 | Ipv6 Metric L1/L2
===============================================================================================
| ethernet-1/1.1 | up | L1L2 | 2 | point-to-point | 10/10 | 10/10
| ethernet-1/2.1 | up | L1L2 | 2 | broadcast | 10/10 | 10/10
| ethernet-1/3.1 | up | L1L2 | 3 | broadcast | 10/10 | 10/10
| ethernet-1/16. | up | L1L2 | 4 | broadcast | 10/10 | 10/10
| 1 | | | | | |
| lo0.1 | up | L1L2 | 5 | broadcast | 0/0 | 0/0
-----------------------------------------------------------------------------------------------
IS-IS interface detail information
To display detail information for a specific IS-IS interface:
# show network-instance green_default protocols isis interface ethernet-1/1.1 detail
----------------------------------------------------------------------------------------
Network Instance : green_default
Instance : default
----------------------------------------------------------------------------------------
Interface-Name : ethernet-1/1.1
Status : IS-IS is admin enabled, oper up
Circuit : id 1 is broadcast and not passive
Hello Authentication Generate : True
Hello Authentication Check Received : Strict
Hello Padding : disable
Csnp Interval : 10
Lsp Pacing : 100
Ldp Sync State : disabled
Ldp Sync Duration : 3274
---------------------------------------------------------------------------------------
Level : 1
Status : enabled
Adjacencies : 1
Hello Authentication Generate : True
Hello Authentication Check Received : Strict
Priority : 64
Hello Interval : 9
Hello Multiplier : 3
Ipv4 Metric : 10
Ipv6 Metric : 10
----------------------------------------------------------------------------------------
Level : 2
Status : enabled
Adjacencies : 1
Hello Authentication Generate : True
Hello Authentication Check Received : Strict
Priority : 64
Hello Interval : 9
Hello Multiplier : 3
Ipv4 Metric : 10
Ipv6 Metric : 10
----------------------------------------------------------------------------------------
IS-IS adjacency information
To display IS-IS adjacency information:
# show network-instance default protocols isis adjacency
--------------------------------------------------------------------------------------
Network-instance : default
IS-IS instance : global
--------------------------------------------------------------------------------------
System-Id Adj-Level Interface IPv4-Address State Uptime Rem-Hold
<hostname1> L1 ethernet-1/1.0 10.0.0.1 Up 0d 00:46:43 19s
<hostname1> L2 ethernet-1/1.0 10.0.0.1 Up 0d 00:46:43 19s
--------------------------------------------------------------------------------------
Adjacencies: 2
--------------------------------------------------------------------------------------
IS-IS link state database information
To display information for the IS-IS link state database:
# show network-instance green_default protocols isis database
--------------------------------------------------------------------------------------
Network-instance : green_default
IS-IS instance : default
--------------------------------------------------------------------------------------
| Level Number | Lsp Id | Sequence | Checksum | Lifetime | Attributes |
+==============+======================+==========+==========+==========+============+
| 1 | 0010.0100.1001.00-00 | 0x33 | 0x1672 | 1167 | L1 L2 |
| 1 | 0020.0200.2002.00-00 | 0x35 | 0xd562 | 1014 | L1 L2 |
| 1 | 0030.0300.3003.00-00 | 0x38 | 0xf447 | 640 | L1 L2 |
| 1 | 0030.0300.3003.01-00 | 0x2f | 0x4db6 | 1005 | L1 L2 |
| 1 | 0030.0300.3003.02-00 | 0x2e | 0xd355 | 709 | L1 L2 |
| 1 | 0040.0400.4004.00-00 | 0x39 | 0x6f2a | 638 | L1 L2 |
| 1 | 0040.0400.4004.01-00 | 0x2f | 0xf0ef | 822 | L1 L2 |
| 1 | 0040.0400.4004.02-00 | 0x2f | 0xa5f8 | 999 | L1 L2 |
| 1 | 0050.0500.5005.00-00 | 0x38 | 0xfbbb | 905 | L1 L2 |
| 1 | 0050.0500.5005.01-00 | 0x31 | 0x3937 | 745 | L1 L2 |
| 1 | 0050.0500.5005.02-00 | 0x2f | 0xd19 | 657 | L1 L2 |
| 1 | 0060.0600.6006.00-00 | 0x37 | 0xf287 | 967 | L1 L2 |
| 1 | 0060.0600.6006.01-00 | 0x2f | 0xadfb | 753 | L1 L2 |
| 1 | 0060.0600.6006.02-00 | 0x2f | 0x5f95 | 819 | L1 L2 |
| 1 | 0070.0700.7007.00-00 | 0x33 | 0x48dd | 1058 | L1 L2 |
| 1 | 0070.0700.7007.01-00 | 0x2f | 0xadb2 | 1164 | L1 L2 |
| 1 | 0070.0700.7007.02-00 | 0x2e | 0xdf8e | 852 | L1 L2 |
| 2 | 0010.0100.1001.00-00 | 0x3e | 0xb92f | 1150 | L1 L2 |
| 2 | 0010.0100.1001.00-01 | 0x3c | 0x1875 | 818 | L1 L2 |
| 2 | 0020.0200.2002.00-00 | 0x41 | 0x540f | 1177 | L1 L2 |
| 2 | 0020.0200.2002.00-01 | 0x3f | 0x2db9 | 699 | L1 L2 |
| 2 | 0030.0300.3003.00-00 | 0x3c | 0x302f | 1058 | L1 L2 |
| 2 | 0030.0300.3003.00-01 | 0x3f | 0x5150 | 668 | L1 L2 |
| 2 | 0030.0300.3003.01-00 | 0x30 | 0xb518 | 915 | L1 L2 |
| 2 | 0030.0300.3003.02-00 | 0x2f | 0xe113 | 1035 | L1 L2 |
| 2 | 0040.0400.4004.00-00 | 0x3e | 0xa17b | 657 | L1 L2 |
| 2 | 0040.0400.4004.00-01 | 0x3e | 0x260b | 1018 | L1 L2 |
| 2 | 0040.0400.4004.01-00 | 0x30 | 0x1511 | 1066 | L1 L2 |
| 2 | 0040.0400.4004.02-00 | 0x2f | 0x27a7 | 1035 | L1 L2 |
| 2 | 0050.0500.5005.00-00 | 0x41 | 0x59d6 | 608 | L1 L2 |
| 2 | 0050.0500.5005.00-01 | 0x44 | 0xf165 | 1110 | L1 L2 |
| 2 | 0050.0500.5005.01-00 | 0x33 | 0x7709 | 584 | L1 L2 |
| 2 | 0050.0500.5005.02-00 | 0x31 | 0xa74 | 657 | L1 L2 |
| 2 | 0060.0600.6006.00-00 | 0x3d | 0xd5ed | 903 | L1 L2 |
| 2 | 0060.0600.6006.00-01 | 0x44 | 0xdc97 | 666 | L1 L2 |
| 2 | 0060.0600.6006.01-00 | 0x30 | 0x9024 | 1145 | L1 L2 |
| 2 | 0060.0600.6006.02-00 | 0x30 | 0xbc66 | 1020 | L1 L2 |
| 2 | 0070.0700.7007.00-00 | 0x3a | 0x81fd | 862 | L1 L2 |
| 2 | 0070.0700.7007.00-01 | 0x3e | 0xf82a | 765 | L1 L2 |
| 2 | 0070.0700.7007.01-00 | 0x30 | 0xbad5 | 658 | L1 L2 |
| 2 | 0070.0700.7007.02-00 | 0x2f | 0x1ecb | 675 | L1 L2 |
+--------------+----------------------+----------+----------+----------+------------+
LSP Count: 41
-------------------------------------------------------------------------------------
# show network-instance green_default protocols isis database 1
--------------------------------------------------------------------------------------
Network-instance : green_default
IS-IS instance : default
--------------------------------------------------------------------------------------
| Level Number | Lsp Id | Sequence | Checksum | Lifetime | Attributes |
+==============+======================+==========+==========+==========+============+
| 1 | 0010.0100.1001.00-00 | 0x33 | 0x1672 | 1048 | L1 L2 |
| 1 | 0020.0200.2002.00-00 | 0x35 | 0xd562 | 894 | L1 L2 |
| 1 | 0030.0300.3003.00-00 | 0x39 | 0x7762 | 1179 | L1 L2 |
| 1 | 0030.0300.3003.01-00 | 0x2f | 0x4db6 | 886 | L1 L2 |
| 1 | 0030.0300.3003.02-00 | 0x2f | 0x4ace | 1188 | L1 L2 |
| 1 | 0040.0400.4004.00-00 | 0x3a | 0xcd9f | 1135 | L1 L2 |
| 1 | 0040.0400.4004.01-00 | 0x2f | 0xf0ef | 703 | L1 L2 |
| 1 | 0040.0400.4004.02-00 | 0x2f | 0xa5f8 | 879 | L1 L2 |
| 1 | 0050.0500.5005.00-00 | 0x38 | 0xfbbb | 785 | L1 L2 |
| 1 | 0050.0500.5005.01-00 | 0x31 | 0x3937 | 625 | L1 L2 |
| 1 | 0050.0500.5005.02-00 | 0x30 | 0xb86e | 1148 | L1 L2 |
| 1 | 0060.0600.6006.00-00 | 0x37 | 0xf287 | 847 | L1 L2 |
| 1 | 0060.0600.6006.01-00 | 0x2f | 0xadfb | 633 | L1 L2 |
| 1 | 0060.0600.6006.02-00 | 0x2f | 0x5f95 | 700 | L1 L2 |
| 1 | 0070.0700.7007.00-00 | 0x33 | 0x48dd | 938 | L1 L2 |
| 1 | 0070.0700.7007.01-00 | 0x2f | 0xadb2 | 1044 | L1 L2 |
| 1 | 0070.0700.7007.02-00 | 0x2e | 0xdf8e | 733 | L1 L2 |
+--------------+----------------------+----------+----------+----------+------------+
LSP Count: 17
--------------------------------------------------------------------------------------
Clearing IS-IS information
To clear information for an IS-IS instance, use the tools commands below:
Clear statistics
To clear statistics for an IS-IS instance running in a specified network instance:
# tools network-instance default protocols isis instance i1 statistics clear
Clear link state database information
To clear link state database information for a level:
# tools network-instance default protocols isis instance i1 link-state-database clear
Clear IS-IS adjacency information
To clear IS-IS adjacency information for an interface:
# tools network-instance default protocols isis instance i1 interface ethernet-1/1.1 adjacencies clear
IS-IS weighted ECMP
Weighted IP ECMP, also known as UCMP (unequal cost multipath), allows the installation of a multipath route in the FIB, where the ECMP flow hashing distributes traffic by directing flows to each next-hop in a ratio proportional to the weight assigned to each next-hop. Multipath routes are the routes that have multiple next-hops.
Weighted ECMP (wECMP) distributes traffic unequally over multiple paths and uses available bandwidth more efficiently for better load balancing. For example, if you have four equal-cost paths to a destination, but one path has a lower bandwidth than the other three, you can use wECMP to assign more traffic to the higher bandwidth path and less traffic to the lower bandwidth paths.
The wECMP feature is available on 7250 IXR-6/10/6e/10e and 7250 IXR-X platforms. It is supported for both IS-IS IPv4 and IPv6 routes.
Enabling weighted ECMP
You can enable the weighted ECMP per IS-IS instance. wECMP can be configured for an IS-IS instance under a default network instance or network instance of type ip-vrf . Enabling weighted ECMP, triggers weighted ECMP programming for all eligible multipath IS-IS routes associated with the instance. To program an IS-IS route as a multipath route, all the multipaths must have an equal total path cost to the destination.
The ECMP weights (load-balancing-weight) are normalized based on the number of hash buckets per next-hop group (NHG). The sum of all normalized datapath weights must not exceed the hash bucket limit.
You must configure the maximum number of ECMP hash buckets used for IS-IS weighted
ECMP routing on a per IS-IS instance basis. If the hash bucket limit is
T
and the normalized datapath weight of each next-hop is
Ni
then the sum of all
Ni
in each mutipath set (NHG) cannot exceed
T
. The system normalizes the weights used in weighted ECMP
according to the algorithm described in Normalizing datapath weights.
The 7250 IXR-6/10/6e/10e and 7250 IXR-X platforms have a 128 hash bucket limit. Datapath resources can be conserved by configuring a lower value for the bucket size. However, this reduces the granularity or fine distribution of the traffic. With a smaller bucket size, there are fewer next-hop options available for load balancing, which can limit the flexibility and precision of traffic distribution. You cannot reduce the hash bucket limit below the ECMP limit of the IS-IS instance.
The following example enables weighted ECMP per IS-IS instance:
Enabling weighted ECMP
--{ * candidate shared default }--[ ]--
# info network-instance default protocols isis
network-instance mgmt {
protocols {
isis {
instance test {
weighted-ecmp {
admin-state enable
max-ecmp-hash-buckets-per-next-hop-group 56
}
}
}
}
}
Where, - admin-state
When set to enable, triggers weighted ECMP programming for all eligible multipath IS-IS routes associated with the instance. The default is disable. This ensures backward compatibility with previous releases that only supported ECMP wherein the traffic was distributed in equal proportion.
- max-ecmp-hash-buckets-per-next-hop-group
Specify the maximum number of ECMP hash buckets per next-hop-group. Default bucket size is
128
.Note: The configured value of max-ecmp-hash-buckets-per-next-hop-group must always be greater than or equal to max-ecmp-paths (network-instance.protocols.isis.instance.max-ecmp-paths
).
Disabling weighted ECMP
--{ * candidate shared default }--[ ]--
# info network-instance default protocols isis
network-instance mgmt {
protocols {
isis {
instance test {
weighted-ecmp {
admin-state disable
max-ecmp-hash-buckets-per-next-hop-group 1
}
}
}
}
}
You can disable the weighted ECMP per ISIS instance. When you disable
the weighted ECMP in an IS-IS instance, all IS-IS routes computed by this instance is
programmed in the FIB with classic ECMP programming. This means no weights are assigned
to the next-hops, even if some or all of the next-hop interfaces in a multipath set have
a non-zero load balancing weight (load-balancing-weight
)
configured.Configuring weighted load-balancing over interface next-hops
When the weighted ECMP feature is enabled, the IS-IS route linked to the routing instance can be programmed into the datapath. This allows for weighted load-balancing across the interface next-hops of the route.
In order for weighted ECMP to be supported across the interface next-hops of an IS-IS route the following conditions must be met:
-
All ECMP next-hops must be interface next-hops
-
All next-hop interfaces are configured with non-zero load-balancing weights.
To configure load-balancing weight, set the parameter
load-balancing-weight under
network-instance.protocols.isis.instance.interface.level.weighted-ecmp
.
This parameter can be set to a static value, or you can choose to use the options
auto
or none
. The static value assigned must
be between 1
and 4294967295
.
If all the
next-hop interfaces in the multipath set have a
load-balancing-weight, which is either automatically derived
from the port/LAG bandwidth using the auto
option or configured
with a static value, then the route is programmed in the FIB with wECMP. If one or
more next-hop interfaces have zero weight (load-balancing-weight
=
none
), then the wECMP load-balancing falls back to classic ECMP
operation and equally distributes the traffic.
In the NHG for the IS-IS route, each next-hop is assigned a non-zero weight. In SR Linux, the wECMP programming capability is available even if some multipath next-hop interfaces are connected to different adjacent routers.
The following example configures weighted load-balancing over interface next-hops:Configuring weighted load-balancing over interface next-hops
--{ * candidate shared default }--[ ]--
# info network-instance default protocols isis
network-instance mgmt {
protocols {
isis {
instance test {
interface mgmt0.0 {
weighted-ecmp {
load-balancing-weight auto
}
}
}
}
}
}
Here the load-balancing-weight value is automatically derived from the port/LAG bandwidth.
Normalizing datapath weights
The ECMP weights (load-balancing-weight) are normalized based on the number of hash buckets (max-ecmp-hash-buckets-per-next-hop-group) defined per NHG. The sum of all normalized datapath weights must not exceed the hash bucket limit.
- Calculate the Greatest Common Divisor (GCD) of all datapath weights.
- Divide all datapath weights by the GCD.
- If
the sum of normalized weights is less than the maximum number of buckets, weight
determination process is complete.
Or
- If the sum of normalized weights exceeds the bucket size,
- Assign each nexthop a minimum of one bucket.
- Distribute the remaining buckets (max_buckets - num_nexthops) to each nexthop based on the ratio of each nexthop's weight to the total weight (rounded down). There may be cases where no extra buckets are assigned.
Multi-instance IS-IS
Multi-instance IS-IS (MI-ISIS), defined in RFC 8202, allows multiple instances of IS-IS to operate on a single circuit. To configure MI-ISIS in SR Linux, you set the instance identifier (IID), which identifies an IS-IS instance, and enable sending of the IID-TLV in IS-IS PDUs. The IID-TLV identifies the IS-IS instance and topology.
MI-ISIS uses the following route-selection tie-break mechanism:
- When multiple MI-ISIS instances contain an identical route, the route with the lowest metric is selected as the active route and used for forwarding.
- When multiple MI-ISIS instances have an identical route with identical metric, the route from the instance with the lowest IID is selected as the active route and used for forwarding.
When MI-ISIS is used in combination with ECMP, then only active RTM routes of the same MI-ISIS instance can be load-balanced. ECMP load-balancing between MI-ISIS instances is not supported.
Configuring the IID
The IID is a numerical instance identification number (0-127) and is used to identify the local IS-IS instance and to populate the IID-TLV when MI-ISIS is configured. In an MI-ISIS configuration, each IS-IS instance must have a unique name and can only be associated with a single unique IID within a network instance. The default IS-IS instance has an IID of 0.
The following example configures an IID for an IS-IS instance:
--{ * candidate shared default }--[ ]--
# info network-instance default protocols isis instance i1 instance-id
network-instance default {
protocols {
isis {
instance i1 {
instance-id 2
}
}
}
}
Enabling the IID-TLV
To configure MI-ISIS, you enable SR Linux to include the IID-TLV for the IS-IS instance in IS-IS PDUs. The IID-TLV includes the configured IID and identifies the instance-specific topology or topologies to which the PDU applies.
The following example enables the system to send the IID-TLV for an IS-IS instance :
--{ * candidate shared default }--[ ]--
# info network-instance default protocols isis
network-instance default {
protocols {
isis {
instance i1 {
iid-tlv true
}
}
}
}
If iid-tlv
is set to false
, the configured IID has
only local relevance. Interfaces enabled in such IS-IS instances establish
adjacencies unaware of any other instances. The router originates link state packets
without the IID-TLV and expects other routers in the area not to advertise any
IID-TLV either.
Displaying MI-ISIS information
You can display information about the MI-ISIS configuration using
show
reports or info from state
output.
Display IID-TLV information
The following example displays the configured IID-TLV and any received IID-TLVs for an IS-IS instance:
--{ + candidate shared default }--[ ]--
# info from state network-instance default protocols isis instance MyInstance2
admin-state enable
instance-id 2
level-capability L2
max-ecmp-paths 1
poi-tlv false
iid-tlv true
export-policy MyPolicy
hello-padding disable
enable-csnp-on-p2p-links true
oper-state up
oper-system-id 0000.0000.8521
net [
49.0000.0000.8521.00
]
oper-area-id [
49
]
....
<snip>
....
level 2 {
metric-style wide
<snip>
link-state-database {
lsp 0000.0000.8521.00-00 {
maximum-area-addresses 3
<snip>
tlvs {
<snip>
tlv instance-id {
instance-ids {
instance-id 2 {
topology-id [
0
]
}
}
}
Multi-Topology IS-IS MT0 and MT2
SR Linux supports Multi-Topology (MT) Routing for IS-IS, as defined in RFC 5120. Multi-Topology IS-IS (MT-ISIS), allows multiple independent IP routing topologies within a single IS-IS domain.
MT-ISIS support within SR Linux enables the creation of separate IPv4 unicast and IPv6 unicast topologies within the IS-IS domain. These topologies contribute routes to specific route tables, allowing for non-congruent topologies between different routing tables. As a result, networks can control the links or nodes that are used for forwarding different types of traffic.
For example, MT-ISIS can enable all links to carry IPv4 traffic, while only a subset of links can also carry IPv6 traffic.
-
MT-ID 0 (standard IPv4 and IPv6 topology)
-
MT-ID 2 (IPv6-only topology)
IPv4 or IPv6 routing
When an IS-IS instance is created, IPv4 routing is enabled by default and is restricted to Multi-Topology IS-IS (MT-IS-IS) with topology identifier MT0. This configuration ensures that the IS-IS instance is initially set up to handle IPv4 routing within the default topology, MT0, as specified by RFC 5120.
Unlike MT0, which is the default for IPv4, MT2 is not enabled by default and must be configured to manage IPv6 traffic. You must explicitly enable IPv6 routing in an IS-IS instance. IPv6 routing can be configured for either the MT0 or MT2 topology, with MT0 being the default topology for IPv6.
For information about enabling IPv6 routing, see Configuring an IPv6 routing, and for MT2 topology configuration details, see Configuring MT2 topology.
Configuring an IPv6 routing
Use the command
.network-instance.[name].protocols.isis.instance.[instance-name].ipv6-unicast.admin-state.enable
to enable IPv6 unicast routing for an IS-IS instance.
The following example enables IPv6 unicast routing for an IS-IS instance.
--{ candidate shared default }--[ ]--
info network-instance default protocols isis instance srl_isis_instance
network-instance default {
protocols {
isis {
instance srl_isis_instance {
ipv6-unicast {
admin-state enable
}
}
}
}
}
Configuring MT2 topology
To configure the default MT2 topology for an IPv6 routing, set the parameter
multi-topology
under the
.network-instance.[name].protocols.isis.instance.[instance-name].ipv6-unicast.
context to true
.
The following config example enables IPv6 routing for an IS-IS instance.
--{ candidate shared default }--[ ]--
info network-instance default protocols isis instance srl_isis_instance
network-instance default {
protocols {
isis {
instance srl_isis_instance {
ipv6-unicast {
admin-state enable
multi-topology true
}
}
}
}
}
IS-IS extensions for Traffic Engineering (TE)
IS-IS TE extensions allow network operators to encode and flood traffic engineering information throughout a network using TE-enabled links.
IGPs (IS-IS/OSPF) use only an interface metric to find the shortest path to a destination without considering factors such as bandwidth and link delay. For traffic engineering computations, link attributes such as available bandwidth, maximum reservable bandwidth, TE metric, and link affinity are required. The IS-IS TE extensions contain the TLVs and sub-TLVs that specify these link attributes. IS-IS link-state PDUs include these TLVs. Flooding algorithms used by link-state IGPs ensure that link attributes are distributed evenly across all routers in the routing domain.
Enabling advertisement of IS-IS TE TLVs/sub-TLVs
SR Linux supports the transmission and reception of Traffic Engineering (TE)-related
TLV and sub-TLV fields in IS-IS Link State Packets (LSPs) to share network resource
information. The network-instance.traffic-engineering
container
enables and configures TE functionality for both IPv4 and IPv6. When TE is enabled,
the TE-related TLVs and sub-TLVs are incorporated into the LSPs generated by the
Interior Gateway Protocol (IGP).
To enable advertising of TLVs and sub-TLVs, set the advertisement
parameter to true
within the
network-instance.protocols.isis.instance.traffic-engineering
container. By default, the TE advertisement
parameter is set to
false
.
In the following example, the IS-IS TE TLVs and sub-TLVs are included in the IS-IS LSP.
--{ * candidate shared default }--[ ]--
# info network-instance default protocols isis instance test traffic-engineering advertisement
network-instance default {
protocols {
isis {
instance test {
traffic-engineering {
advertisement true
}
}
}
}
}
TE router ID TLV
A TE router ID uniquely identifies a router in an IGP TE domain. The router ID must be operationally active within the IS-IS instance and associated with a system or loopback address.
For the IPv4 and IPv6 address families, IS-IS advertises the IPv4 router ID using TLV 134 as specified in [RFC5305] and the IPv6 router ID using TLV 140 as specified [RFC6119], for use within an IS-IS area.
IPv4 TE router ID TLV
The IPv4 Traffic Engineering (TE) Router ID TLV (Type 134) contains the 4-octet router ID of the router originating the LSP. According to RFC5305, the TE Router ID TLV can be advertised by a router regardless of whether IPv4 TE is enabled.
If IPv4 TE is disabled, the IPv4 TE Router ID TLV is advertised only if the
network-instance.default.router-id
parameter is configured,
regardless of whether the router ID is reachable. If the
network-instance.default.router-id
parameter is not configured,
then IPv4 TE Router ID TLV is not advertised.
network-instance.default.protocol.isis.instance.traffic-engineering.ipv4-te-router-id
- If not available,
network-instance.default.traffic-engineering.ipv4-te-router-id
value is selected. - If neither is available,
network-instance.default.router-id
value is selected.
When IPv4 routing is disabled and IPv6 TE is enabled with router capability advertised, the IPv4 router ID TLV is not advertised. However, another ipv4-router-id TLV set to 0.0.0.0 is included within the router capability top-level TLV, ensuring compliance with the RFC7981 standard.
IPv6 TE router ID TLV
The IPv6 router ID can be advertised in top-level TLV 140, defined in RFC6119, or within the Router Capability sub-TLV12, as defined in RFC5305.
- IPv6 and TE must be enabled
and
- A configured routable IPv6 TE router interface address must
exist
and
- The advertisement of TE-related TLVs and sub-TLVs must be enabled by setting
the
advertisement
parameter to true within thenetwork-instance.traffic-engineering
container.
If IPv6 or TE is disabled, the IPv6 TE router ID TLV 140 is not advertised.
network-instance.default.protocol.isis.instance.traffic-engineering.ipv6-te-router-id <value>
- If not available,
network-instance.default.traffic-engineering.ipv6-te-router-id <value>
is selected. - If neither is available,
interface.subinterface.ipv6.address xx:xx::xx/128
is selected.Note:A configured and enabled IPv6 loopback address is selected for advertisement.
ipv6-te-router-id
that is
operationally active within the IS-IS instance and associated with a system or
loopback address is eligible for advertisement in accordance with the above priority
list.RFC 7981 implication to IPv6 Router IDs
RFC 7981 defines IS-IS Router Capability TLV, which allows routers to announce their capabilities within an IS-IS level or across the entire routing domain. The IS-IS router capability TLV consists of multiple sub-TLVs.
Enabling IPv6 TE and advertising router capability results in the advertisement of both the IPv6 Router ID TLV 140 and the IPv6 Router ID TLV 12 within the Router Capability TLV.
The Router Capability sub-TLV12 as defined in RFC 5316, is used when the IPv6 TE Router ID must be
distributed to all routers within an entire IS-IS routing domain, instead of being
restricted to an area scope. In SR Linux, sub-TLV 12 is advertised only when IPv4
unicast routing is explicitly disabled using the
network-instance.default.protocols.isis.instance.ipv4-unicast.admin-state
disable
command.
Advertising IPv4 TE router ID TLV
A TE router ID must be a unique and stable address within the IS-IS domain. When IPv4 TE is enabled, the advertised IPv4 TE router ID TLV value is selected in a specific order of preference. For preference details, see IPv4 TE router ID TLV.
The following configurations enable the advertisement of the IPv4 router ID and TE link parameters using the legacy TE encoding defined in RFC 5305.
Advertising IPv4 router ID TLV using IS-IS TE router ID
In the following configuration example, IPv4 router ID (192.168.0.0) configured within the IS-IS TE instance is selected for advertising IPv4 TE router ID TLV.
--{ * candidate shared default }--[ ]--
# info network-instance default protocols isis instance test traffic-engineering ipv4-te-router-id
network-instance default {
protocols {
isis {
instance test {
traffic-engineering {
ipv4-te-router-id 192.168.0.0
}
}
}
}
}
Advertising IPv4 router ID TLV using network instance TE router ID
In the following configuration example, IPv4 router ID (192.168.11.1) configured within a default network instance with TE capabilities is selected for advertising IPv4 TE router ID TLV.
--{ * candidate shared default }--[ ]--
# info network-instance default traffic-engineering ipv4-te-router-id
network-instance default {
traffic-engineering {
ipv4-te-router-id 192.168.11.1
}
}
Advertising IPv4 router ID TLV using default network instance router ID
In the following configuration example, IPv4 router ID (192.0.5.1) configured within a default network instance is selected for advertising IPv4 TE router ID TLV.
--{ * candidate shared default }--[ ]--
# info network-instance default
network-instance default {
router-id 192.0.5.1
}
Advertising IPv6 TE router ID TLV
A TE router ID must be a unique and stable address within the IS-IS domain. When IPv6 TE is enabled, the advertised IPv6 TE router ID TLV value is selected in a specific order of preference. For preference details, see IPv6 TE router ID TLV.
The following configurations enable the traffic engineering behavior with IPv6 TE links. The IS-IS instance automatically advertises the IPv6 TE TLVs, and sub-TLVs defined in RFC6119. For information about IPv6 TE router ID TLV, see IPv6 TE router ID TLVAdvertising IPv6 router ID TLV using an IS-IS TE router ID
In the following configuration example, IPv6 router ID (2001:db8::1) configured within the IS-IS TE instance is selected for advertising IPv4 TE router ID TLV.
--{ * candidate shared default }--[ ]--
# info network-instance default protocols isis instance test traffic-engineering ipv6-te-router-id
network-instance default {
protocols {
isis {
instance test {
traffic-engineering {
ipv6-te-router-id 2001:db8::1
}
}
}
}
}
Advertising IPv6 router ID TLV using default network instance TE router ID
In the following configuration example, IPv6 router ID (2001:db8::8) configured within a default network instance with TE capabilities is selected for advertising IPv4 TE router ID TLV.
--{ * candidate shared default }--[ ]--
# info network-instance default traffic-engineering ipv6-te-router-id
network-instance default {
traffic-engineering {
ipv6-te-router-id 2001:db8::8
}
}
Advertising IPv6 router ID TLV using subinterface IPv6 address
In the following configuration example, the value of IPv6 address (2002::1234:abcd:ffff:c0a8:101/64) configured within a subinterface is selected for advertising IPv6 TE router ID TLV.
--{ * candidate shared default }--[ ]--
# info interface ethernet-1/1 subinterface 0 ipv6
interface ethernet-1/1 {
subinterface 0 {
ipv6 {
address 2002::1234:abcd:ffff:c0a8:101/64 {
}
}
}
}
Advertising TE attributes using legacy and ASLA TLVs
When network-instance.default.protocols.isis instance.default traffic-engineering
advertisement
is enabled, the router advertises TE TLVs.
IS-IS allows advertising the protocol enabled on a TE-link by using the Application Specific Link Attributes (ASLA) sub-TLV as per draft-ietf-isis-te-app (RFC 8919). The router receiving the link TE attributes can identify the enabled application on the advertising router. For backward compatibility, the router continues to support the legacy mode of advertising link TE attributes, as recommended in RFC 5305. For information about the legacy mode of advertising link TE attributes, see Enabling advertisement of TE attributes in legacy mode.
Name | TLV | Sub TLV | Decoding in LSDB YANG |
---|---|---|---|
Admin group | 22 | 3 | Yes |
Link local/remote identifiers | 22 | 4 | Yes |
IPv4 interface address | 22 | 6 | Yes |
IPv4 neighbor address | 22 | 8 | Yes |
Maximum link bandwidth | 22 | 9 | No |
IPv6 interface address | 22 | 12 | Yes |
IPv6 neighbor address | 22 | 13 | Yes |
TE metric | 22 | 18 | Yes |
Unidirectional link delay | 22 | 33 | Yes |
Min/max unidirectional link delay | 22 | 34 | Yes |
TE IPv4 router ID | 134 | NA | Yes |
IPv4 SRLG | 138 | NA | Yes |
IPv6 SRLG | 139 | NA | Yes |
TE IPv6 router ID | 140 | NA | Yes |
Name | TLV | Sub TLV | Sub-Sub TLV | Decoding in LSDB YANG |
---|---|---|---|---|
Admin group | 22 | 16 | 3 | Yes |
Maximum link bandwidth | 22 | 16 | 9 | Yes |
TE metric | 22 | 16 | 18 | Yes |
Min/max unidirectional link delay | 22 | 16 | 34 | Yes |
Enabling advertisement of TE attributes in legacy mode
SR Linux supports advertising of TE attributes using either the
legacy-link-attribute-advertisement or ASLA (application-specific link attributes)
encodings, or both. For disabling the advertisement of TE attributes in legacy mode,
set the legacy-link-attribute-advertisement
parameter to
false
.
The following example configuration disables advertisement of TE attributes in legacy
mode. For enabling, set legacy-link-attribute-advertisement
to
true
.
--{ * candidate shared default }--[ ]--
# info network-instance default protocols isis instance test traffic-engineering legacy-link-attribute-advertisement
network-instance default {
protocols {
isis {
instance test {
traffic-engineering {
legacy-link-attribute-advertisement false
}
}
}
}
}