1. IS-IS routing leak
IS-IS supports multi-region hierarchical design of the network structure-L1 area and L2 area, where the L2 area is used as the backbone area, and multiple L1 areas are interconnected through the L2 area. And by default, the L1 area of IS-IS is similar to the complete stub area of OSPF, with only routing information within the area. When the L1/2 routers in each L1 area send L1 LSPs to the area, they will set the ATT position in the LSP to 1 to indicate that it is connected to other areas.
In this way, the L1 router will install a default route in the router, which points to the nearest L1/2 router, which means that the L1 router uses the nearest L1/2 router as the default gateway to access the backbone and other L1 areas .
In the network shown in the figure below, R1 and R2 are L1/2 routers in area 49.0001. They are connected to the backbone area and have two link state databases; R3 and R4 are L1 routers in area 49.0001, and their link state data is only Routing information in this area.
At this time, both R1 and R2 will set the ATT bit in the L1 LSP advertised to area 49.0001. The following figure shows the link state database of R3 and R4 respectively: The
above output shows that both R3 and R4 have received two ATTs. Set LSP (sent by R1 and R2 respectively). It should be noted here that not all L1 LSPs sent by L1/2 routers will set the ATT bit. The condition for setting the ATT bit is that the L1/2 router must have an active L2 connection. Obviously, R1 and R2 in the network meet The condition.
After the L1 router receives the LSP with the ATT set, it will generate a default route based on the nearest L1/2 router, and all packets visiting other areas will use this L1/2 router as the default network exit. According to the cost value of each link shown in the topology diagram, it is obvious that both R3 and R4 use R2 as the default exit. The following output shows the routing tables of R3 and R4:
From the above output, it can be found that there are only L1 routes in the routing tables of R3 and R4, and there is also a default route. All data forwarded to other areas are used The default route. The following output shows the use of the Tracert command on R3. to trace the path of access to 5.5.5.0/24. It can be found that the path taken by R3 to access network 5.5.5.0/24 is R3→R4→R2→R1→R5 , This is obviously not the optimal path (the optimal path should be R3→R1→R5).
To enable R3 to access the network 5.5.5.0/24 using the optimal path, we can import the L2 route of area 49.0002 to area 49.0001 on routers R1 and R2. This process is called route leakage. The following output shows how to configure route leakage in R1.
The following output shows the situation of R3's routing table after routing leaks on R1. It can be found that R1 has received routes from area 49.0002 like 5.5.5.0/24. At this time, R3 access 5.5.5.0/24 becomes The path with a total cost of 30: R3→R1→R5.
If there is no need to leak all the routes in the L2 area to the L1 area, then route filtering needs to be performed when leaking. After the route leakage command, a filter-policy can be used to filter the route. The specific method is given below. The following output shows that only the 5.5.5.0/24 network in the area 49.0002 is introduced into the area 49.0001.
Through the above experiment, we can know that the L1 area can receive the specific path information (network prefix and cost value) of other areas through route leakage, so that the problem of suboptimal paths can be avoided. Considering that some services deployed in the network may only run in the L2 area, there is no need to infiltrate these routes into the L1 area. You can configure policies to only infiltrate some of the routes in the L2 area into the L1 area. In addition, this method can also be used to filter the route leakage from the L1 area to the L2 area. By default, all routes in the L1 area will leak to the L2 area.
2. IS-IS route aggregation
Route aggregation in the network has two advantages: one is to reduce the number of routes advertised, to reduce the size of the routing table, to save router system resources, and to improve the efficiency of data packet forwarding; the other is to enhance the stability of the network, because of aggregation The routing hides and isolates the breakdown of the detailed network.
Like the OSPF protocol, IS-IS also supports the aggregation of inter-area and external routes. The routes advertised between areas must be aggregated on the L1/2 router, and they can also be aggregated when the border device imports external routes. IS-IS has no automatic aggregation capability and can only be aggregated manually. Let us take a look at how to perform IS-IS route aggregation in the network.
As shown in the figure, there are two IS-IS areas in the network. Area 49.0001 is configured as L2 area, area 49.0002 is configured as L1 area, all routers in area 49.0001 are L2 routers, and R7 in area 49.0002 is L1 router ( A Huawei low-end router), R5 and R7 are L1/2 routers.
Because there are too many routing entries in the IS-IS network (with a large number of network prefixes of 1.1.xy/24), these routes will cause the R7 system resources to be overloaded when they are advertised into the L1 area. It is now required to reduce the consumption of R7 system resources. Route aggregation is performed when the routes in the L2 area are advertised into the L1 area on R5 and R6. After reducing the number of advertised routes, the size of the routing table of R7 is reduced and the resource overhead is reduced. The following output shows the route aggregation configuration method on R5 and R6:
After aggregation, it can be observed that only one aggregated route is received in the routing table of R7, and there is no detailed routing information. However, the problem that needs to be noted here is that by default, after IS-IS completes the aggregation route, an aggregation route pointing to the black hole interface (null0) will not be automatically generated in the local routing table, which will cause problems in some cases The problem of routing loops.
In the network shown above, if the network 1.1.1.0/24 fails, the IS-IS protocol will no longer have the route in the routing tables in R5 and R6 after convergence. However, because both R5 and R6 routers are advertising aggregated routes, the result is that both R5 and R6 will receive each other's aggregated routes (the routing table information of R5 and R6 is shown below) and put them into the routing table, resulting in routing loops The appearance of the road. Assuming that there is a data stream with the destination of network 1.1.1.0/24 arriving at R5 or R6, R5 will send this data stream to R6 according to the aggregated route, and R6 will also send the data stream to R5, which results in The data loop problem between R5 and R6.
To avoid the above problems, Huawei equipment provides the following three methods:
-
Configure avoid-feedback after the route aggregation command to avoid receiving the aggregated route from other devices, for example: summary 1.1.0.0 255.255.0.0 level-1 avoid-feedback
-
Configure generate_ null0_ route after the route aggregation command to generate an aggregated route entry pointing to null0 in the local routing table, for example: summary 1.1 .0.0 255 255.0.0 level-1 generate null0 route
-
Manually configure an aggregated route pointing to the null0 interface, for example: ip route-static 1.1.0.0 255.255.0.0 null0 preference 5
Through these three methods, you can avoid traffic matching to aggregated routes and prevent loops.
IS-IS, as a link state routing protocol, does not have the flexibility of a distance vector routing protocol when doing route aggregation. Like RIP, it can do route aggregation on any interface, while link state protocols can only work in areas. Route aggregation is done on the border or edge routers connected to the external network. There is no way to aggregate routes advertised in the area.
3. IS-IS route advertisement and filtering
Here is the scene in the previous section as an example, assuming that it is now at R5 and R6. The route from the L2 area to the L1 area has been configured to leak, but the routes from R5 and R6 are still not learned on R7. Check the R7 neighbor table and find that the neighbor relationship is normal:
further check the link state database of R7 and find R7 has received the LSP from R5 and R7:
As shown below, further check the LSP details of
R5 and R6 : The cost value of the route advertised by R5 and R6 can be seen, the cost type used by R5 and R6 is widemetric, and R7 uses the default cost type: narrow, which causes the calculation of the route to fail. At this time, the cost type of R7 is changed to wide, and the problem is solved:
only when neighbors use the same cost type, can the learned route be calculated correctly. If one end is configured as narrow and the other end is configured as wide or wide-compatible, the two ends cannot learn routes from each other; if one end is configured as narrow-compatible and the other end is configured as wide, the two ends cannot learn routes from each other. Other combinations of cost types can learn routing.
In order to save resource overhead, R7 only needs to forward part of the business traffic of the backbone area network. For example, it only needs to forward the traffic corresponding to the 1.1.1.0/24 and 2.2.2.0/24 networks. We know that IP packets are based on the IP routing table. Forwarded. The routing entry in the IS-IS routing table needs to be successfully delivered to the IP routing table for the routing entry to take effect.
Therefore, you can configure basic ACL, IP-Prefix, routing policy, etc., to allow only matching IS-IS routes to be delivered to the IP routing table. IS-IS routes that do not match will be prevented from entering the IP routing table, and will not be preferred. The following output shows the specific configuration of R7:
Observing the routing table of R7, you can find that in addition to the routes of the directly connected network, there are only 1.1.1.0/24 and 2.2.2.0/24
in the R7 routing table: If R7 is in the area 49.0002 There is also a router below (R8, as shown in the figure below). So what is the routing table of this router?
In fact, R8 will have all routes from the backbone network, because the filter-policy in the inbound direction of the area will only affect the local routing table and will not filter LSPs, so R8. still has all the routes in the backbone area. The routing table of R8 is displayed:
What will happen if the filter-policy in the inbound direction is applied on the boundary of the area? For example, the route of 7.7.7.0 /24 in the area 49.0002 is filtered out on R5. At this time, in R5 There is no route in the 7.7.7.0/24 network in the routing table, can the backbone area still receive the route of 7.7.7.0/24 advertised by R5? The answer is no.
Because R5 is an L1/2 router, it is responsible for advertising the routes of the L1 area into the L2 area, and advertising the routes of the L1 area into the L2 area must meet a condition, that is, the routes of the L1 area must exist in the local routing table Medium (because the link state protocol advertises routes between areas to comply with distance vector routing characteristics). Therefore, R5 will not advertise the route 7.7.7.0/24 to the backbone area.
Fourth, IS-IS advertises the default route
Configuring IS-IS to advertise default routes on border devices with external routes enables the device to advertise a default route of 0.0.0.0/0 in the IS-IS routing domain. After performing this configuration, when other devices in the IS-IS domain forward traffic, they forward all traffic destined for the external routing domain to this device first, and then to the external routing domain through this device.
Although this function can also be implemented by configuring a static default route, when there are a large number of devices in the existing network, the configuration workload is huge and not conducive to management.
In addition, using IS-IS to advertise default routes is more flexible. For example, if there are multiple border devices, you can configure routing policies so that a certain border device only advertises the default route when the conditions are met, so as to avoid routing black holes.
Huawei equipment configuration:
- Run the isis [process-id] command to enter the IS-IS view.
- Run the command default-route-advertise [always | match default | route-policy route-policy-name] [cost cost | tag tag | [level-1 | level-1-2 | level-2]] * [avoid-learning ], configure IS-IS to advertise the default route. By default, IS-IS devices do not generate default routes.
Organize data sources: "HCIE Routing and Exchange Learning Guide", Huawei hedex document