Basic Concepts of IS-IS
isis (Intermediate System to Intermediate Routing Protocol)
Link state routing protocol, IGP, classless routing protocol;
IS-IS is a link-state routing protocol. IS-IS is very similar to OSPF in many respects: Directly connected devices running IS-IS protocol discover each other by sending Hello packets, then establish adjacencies, and exchange links. Road status information.
IS-IS is a part of CLNS (ConnectionLess Network Service, connectionless network service) in the OSI protocol stack defined by ISO .
CLNS consists of the following three parts:
ES: End System, a terminal system, similar to a host in an IP network environment.
ES-IS: End System to Intermediate System, end system to intermediate system.
ISIS work process
1. Establish isis neighbor relationship
2. Synchronize LSDB (isis does not have a state machine for certificate adjacency, and there is no state change when synchronizing LSDB)
LSDB: All routers running isis have it, storing LSP;
LSP (Link State Protocol Data Unit): Carries link state information of isis routing (including routing information and topology information)
3. The isis device will calculate the spf according to the synchronized LSDB, get the network topology, get the optimal route and put it into the routing table
isis message
Structure: isis layer - data link layer header (802.3)
Sending method: multicast sending
dmac:01-80-C2-00-00-14 (for all level-1 routers, this address is a multicast address)
01-80-C2-00-00-15 (for all level-2 routers)
The isis message carries key information in TLV format:
T: type L: length V: value
Benefits: 1. Improve the message carrying capacity and only carry what is needed;
2. Enhance scalability, such as supporting ipv6, only need to add TLV;
Message classification:
1. hello message (IIH)
Function: discover, establish, maintain isis neighbors, sense the departure of isis neighbors (period 10s/time, timeout is three times hello: default 30s);
2. CSNP message (full sequence number message)
Carry the summary information of all LSPs in its own LSDB, which is used to inform neighbors which LSPs are contained in its own LSDB
3. PSNP message (partial sequence number message)
Carry the LSP that you need to request and after receiving the LSP, carry the summary information of the received LSP to confirm receipt;
4. LSP (Link State Packet)
Carry the link state information of the isis router, which is used to respond when receiving a PSNP request;
Regional division
Classification: level-1 (non-backbone area), level-2 (backbone area)
Based on router division;
Division principle: There is only one backbone area, and the non-backbone area needs to be built around the backbone area (communication in the non-backbone area needs to pass through the backbone area)
Area id: not used to distinguish between backbone and non-backbone areas, one isis router can be configured with three;
isis router type
1. Level-1 router: only belongs to the level-1 area, and only maintains the LSDB of the level-1 area; (L1)
2. Level-2 router: only belongs to the level-2 area, and only maintains the LSDB of the level-2 area; (L2)
3. Level-1-2: belong to the level-1 area and level-2 area, and maintain the LSDB of the level-1 and level-2 areas at the same time; (L1-2)
Default belongs to L1-2
level-1 routers: can establish level-1 neighbors with level-1 routers and level-1-2 routers;
level-2 routers: can establish level-2 neighbors with level-2 routers and level-1-2 routers;
The isis neighbor cannot be established between level-1 and level-2 routers;
Level-1 and level-2 neighbors can be established between level-1-2 routers;
NSAP address
NSAP (Network Service Access Point, Network Service Access Point) is an address used to locate resources in the OSI protocol stack, and is mainly used to provide an interface between the network layer and upper-layer applications. NSAP includes IDP and DSP, as shown in the following figure:
NET
NET (Network Entity Title, network entity name) is the network layer information of the device in the OSI protocol stack. It is mainly used for routing calculations. It consists of an area address (Area ID) and a System ID. It can be regarded as a special NSAP (SEL is 00 NSAP).
Each network device running IS-IS must have at least one NET. Of course, one device can also be configured with multiple NETs at the same time, but the System IDs of these NETs must be the same.
Uniquely identify an isis router;
Composition: area id+sys id+SEL
Size: 8~20B
Area id (1~13B): the general format is xx.xxxx, which is used to identify an area;
When establishing L1 neighbors, the area ids are required to be consistent;
When establishing L2 neighbors, the area ids can be inconsistent;
system id (6B): used to uniquely identify the router, only one device can be configured;
Format: xxxx.xxxx.xxxx
SEL (1B): represents the network environment under which isis works;
00——Represents ip network
Non-00 - non-ip network
NET address: a special NSAP address, where the SEL value is fixed at 00;
EG: 49.0001.0000.0000.0001.00——R1 works in the area 49.0001;
49.0003.0000.0000.0005.00 - R5 is working in zone 49.0003;
isis basic configuration
isis 1 //创建isis进程
is-level level-1 //修改isis路由器类型为L1,默认为L1-2
network-entity 49.0001.0000.0000.0001.00 //设置NET地址
interface GigabitEthernet0/0/0
isis enable 1 //进入接口使能该接口进isis进程1;
display isis peer //查看isis邻居
interface GigabitEthernet0/0/1
isis circuit-level level-2
//修改接口等级,一般在L1-2上做,可以使该接口只发送某个等级的hello报文,可以节省链路资源;Difference Between IS-IS and OSPF Area Division
In IS-IS, each router belongs to only one area; while in OSPF, different interfaces of a router can belong to different areas.
In IS-IS, there is no concept of backbone and non-backbone areas in a single area (the entire backbone area includes not only all routers in Area49.0002, but also Level 2 and Level-1-2 routers in other areas); while in OSPF, Area0 is defined as the backbone area.
In IS-IS, both Level-1 and Level-2 routes use the SPF algorithm to generate the shortest path tree SPT (which may not be in the same area) (Shortest Path Tree); in OSPF, only in the same area Only when the SPF algorithm is used, the routes between areas need to be forwarded through the backbone area.
Network Type
| underlying link |
Whether to elect DIS |
Message sending method |
|
| p2p |
point-to-point link |
do not choose |
09-00-2B-00-00-05 |
| broadcast network |
ethernet link |
select |
01-80-C2-00-00-14/15 |
Under the interface: isis circuit-type p2p //Modify the interface network type to P2P
IS-IS overhead value
IS-IS uses cost (cost) as the route metric value, and the smaller the cost value, the better the path. The cost of an IS-IS link is related to the interface of the device. Similar to OSPF, each IS-IS-enabled interface maintains the interface cost. However, unlike OSPF, the cost of an IS-IS interface is not related to the interface bandwidth by default (in actual deployment, IS-IS also supports adjusting the cost value according to the bandwidth), regardless of the interface bandwidth, the default The cost is 10.
The cost of an IS-IS path is equal to the sum of the costs of all the outbound interfaces of the links along the route from the router to the target network segment.
IS-IS has three ways to determine the cost of an interface, in order of priority from high to low:
Interface Cost: Set the cost for a single interface.
Global Cost: Set the cost for all interfaces.
Automatically calculate overhead: automatically calculate overhead based on interface bandwidth.
By default, the overhead type adopted by Huawei routers is narrow.
TLV used under the narrow type:
TLV No. 128 (IP Internal Reachability TLV): used to carry IS-IS routing information in the routing domain.
TLV 130 (IP External Reachability TLV): Used to carry IS-IS routing information outside the routing domain.
TLV No. 2 (IS Neighbors TLV): Used to carry neighbor information.
TLV used under wide type:
TLV No. 135 (Extended IP Reachability TLV): It is used to replace the original IP reachability TLV and carry IS-IS routing information. It expands the range of routing overhead values and can carry sub TLVs.
TLV No. 22 (IS Extended Neighbors TLV): Used to carry neighbor information.
Detailed working process of isis (neighborhood state machine)
1. Create an isis neighbor
1. P2P network
(1) 3-way (default mode)
down: The initial state of the ISIS router. The device in this state indicates that it has not received any ISIS packets and can send hello packets to discover neighbors;
init: When the isis router receives the hello message, and the TLV-240 does not carry its own sys id, it enters this state;
TLV-240: carries the sys id of the neighbor, which is exclusive to the P2P network;
up: When the isis router receives the hello message, and the TLV-240 carries its own sys id, it enters this state;
When the two parties enter the up state, the isis neighbor relationship is established;
(2) 2-way mode
down: The initial state of the ISIS router. The device in this state indicates that it has not received any ISIS packets and can send hello packets to discover neighbors;
up: As long as the isis router receives the hello message, it can enter the up state
Advantages: fast convergence speed;
Defect: Unreliable. If there is a single-pass failure in the network, it will cause one side to be up and one side to be down, which will further cause the up side to try to synchronize LSDB, which will lead to waste of link resources;
If one side is 2-way and the other side is 3-way, the isis neighbor can be established normally;
If one side is 2-way and the other side is 3-way only, the isis neighbor cannot be established normally;
configuration
interface GigabitEthernet0/0/0
isis circuit-type p2p
isis ppp-negotiation 2-way //将接口的建立isis邻居的模式修改为2-way
isis ppp-negotiation 3-way only //修改接口建立isis邻居的方式为3-way only,只接受通过3-way建立,不向2-way兼容;2. Broadcast network
(1) Only 3-way mode
down: The initial state of the ISIS router. The device in this state indicates that it has not received any ISIS packets and can send hello packets to discover neighbors;
init: When the isis router receives the hello message, and the TLV-6 does not carry its own mac address, it enters this state;
TLV-6: carries the mac address of the neighbor, which is exclusive to the broadcast network;
up: When the isis router receives the hello message, and the TLV-6 carries its own mac address, it enters this state;
When the two parties enter the up state, the isis neighbor relationship is established;
Adjacency establishment process in broadcast network
Two routers running IS-IS must first establish an adjacency relationship before exchanging protocol packets to implement the routing function. On different types of networks, IS-IS adjacency establishment methods are different. In broadcast networks, a three-way handshake is used to establish adjacencies.
2. Synchronize LSDB
During the process of synchronizing LSDB, the status of neighbors will not change;
1. P2P network
(1) After the neighbor is established, the two parties will send each other a CSNP message to inform the other end which LSPs are included in their LSDB;
(2) Both parties compare their own LSDB with the received CSNP, and send PSNP to request according to the LSP they lack;
(3) Respond to LSP after receiving PSNP;
(4) After receiving the LSP, send PSNP for confirmation;
2. Broadcast network
(1) After the broadcast network neighbor is established, the dis election will be carried out first;
Election rules: the priority is higher than that of dis, the bigger the better; (the default is 64, the adjustable range is 0~127, and 0 has no special meaning)
Compared with the mac address, the bigger the better;
Features: hello time will change to 3.3s;
Send a CSNP message every 10s;
(2) After the election of dis, the isis router will send out the LSPs in its LSDB, and then receive the LSPs that it does not have as needed;
(3) dis will send a CSNP message every 10s to ensure that the LSDB synchronization of the isis device in the broadcast network is completed;
(4) If other devices find that they have missing LSPs after receiving the CSNP from the DIS, they will send a PSNP to the DIS to request a message, and the DIS will respond to the LSP after receiving it without confirmation;
(5) If other devices find that the DIS lacks its own LSP after receiving the CSNP from the DIS, it will directly send the LSP to the DIS, and the DIS does not need to confirm it after receiving it;
The difference between broadcast network and P2P network in the process of synchronizing LSDB
1. When receiving an LSP in a P2P network, it is necessary to send a PSNP for confirmation, which is not required in a broadcast network;
2. The P2P network will only send CSNP once when synchronizing LSDBS, and the DIS will send it periodically in the broadcast network;
3. All devices in P2P network can send CSNP, and only DIS can send in broadcast network
DIS (Designated Intermediate System)
Function: Used to periodically send CSNP to ensure that LSDB can be successfully synchronized in a broadcast network;
The number of adjacencies cannot be reduced;
Act as a pseudo node in a broadcast network (when calculating SPF)
hello time: 3.3s
Is there a backup: no
Preemption: support
Election time: Once the neighbors are established, they can be elected;
interface GigabitEthernet0/0/0
isis dis-priority 65 //修改接口的dis优先级
dis isis int //查看接口的isis信息,其中可以查看是否为dis;DR
Function: reduce the number of adjacency relationships
Act as a pseudo node in a broadcast network (when calculating SPF)
hello time: 10s
Is there a backup: BDR as a backup
Preemption: not supported
Election time: 120s
LSP (Link State Packet)
Function: carry the topology and routing information of the isis router;
Unique identification: LSP-ID (8B);
LSP-ID: system id + pseudo node number + fragment number;
xxxx.xxxx.xxxx(6B).xx(1B).xx(1B)
system id: identifies the device that generated the LSP;
Pseudo-node number: identifies whether the LSP is a pseudo-node LSP;
=/=0——pseudo node LSP;
=0——real node LSP;
LSP classification
(1) Classified according to the transmission range: L1 LSP, L2 LSP
(2) Classification according to the content carried:
a. Pseudo-node LSP
Only DIS will be generated to describe the topology information of the broadcast network;
b. Non-pseudo node LSP (real node LSP)
All isis routers will be generated to describe the routing and topology information of the P2P network and the routing information of the broadcast network;
configuration command
dis isis LSDB //查看isis的LSDB;
dis isis LSDB {LSP id} verbose //查看某一份LSP的详细信息
isis开销:
默认情况下,isis中所有的接口开销均为10;
interface GigabitEthernet0/0/1
isis cost 5 //修改接口开销CSNP
The CSNP contains all the LSP summaries in the LSDB of the device, and the router judges whether it needs to synchronize the LSDB by exchanging the CSNP.
Source ID : System ID of the router that sends the CSNP message.
Start LSP : ID value of the first LSP in the CSNP message.
End LSP ID : ID value of the last LSP in the CSNP message
PSNP
PSNP only contains summary information of some LSPs (different from CSNP):
In a point-to-point network, when receiving an LSP, use PSNP to confirm the received LSP
Cost Calculation
(1) narrow metrics (default)
Overhead adjustment range: 1~63
Internal and external routes can be distinguished:
Internal routing: carried by TLV128;
External routing: carried by TLV130;
(2) Width amount
Overhead Adjustment Range: Infinite
Unable to distinguish internal and external routes;
All routes are carried via TLV-135;
configuration command
isis 1
cost-style wide //修改开销度量方式为宽度量Note: When one side is wide and the other is narrow, the route cannot be calculated normally (the TLVs used are inconsistent and cannot be identified with each other)
Therefore, if the overhead measurement method of a device is modified, the devices of the entire process need to be adjusted;
Exchange of visits between isis regions
1. L2 area to L1 area
The route advertised in the L1 area will be transmitted in the L1 area as an L1-LSP. When it reaches the L1-2 router, the L1-2 router will convert the L1-LSP into an L2-LSP and transmit it in the L2 area;
Therefore, devices in the L2 area can learn the detailed routes of the L1 area and access them;
2. L1 area to L2 area
The routes advertised in the L2 area will be transmitted in the L2 area through the L2-LSP, and cannot be transmitted to the L1 area. The L1 area cannot learn the detailed routes of the L2 area, and devices in the L1 area access the L2 area through the default route;
The generation process of the default route:
(1) The L1-2 router will generate an LSP with ATT=1 to transmit in the L1 area, and other L1 routers will generate a default route after receiving the LSP with ATT=1, pointing to the generator of the LSP;
ATT setting condition: ensure that the generated device is a boundary device in the L1 area;
a. L1-2 router;
b. Both L1 and L2 neighbor relationships exist;
c. The area id of the L1 neighbor needs to be consistent, and the area id of the L2 neighbor cannot be consistent;
Defect: The L1 area cannot know the link overhead of the L2 area, so it is prone to suboptimal problems;
Solution: route penetration (introduce L2 routes to L1 area on L1-2 router)
Problems that may be caused by route penetration: Loop formation (L2 routes are transmitted through L1 LSPs in the L1 area through penetration, and when they reach L1-2 routers, L1-2 routers will convert the routes L2 area)
Solution: UP/DOWN in isis routing (exists by default, no manual configuration required)
The up/down bit of the isis route that enters the L1 area through route penetration will be set to down, and the route with the down bit cannot be transmitted back to the L2 area through the L1-2 router;
TYPE BLOCK bit in LSP:
1. ATT (area boundary bit)
2. P (area repair bit) == 0 (not needed temporarily)
3. OL (overload, overload bit)
Default is 0;
The device that enters the overload mode will send out an LSP with OL=1, and other devices will not consider the overloaded device as the path when calculating its non-directly connected route after receiving it;
Application: Protection performance cannot support continuous working equipment;
isis 1
set-overload //Set the device to overload mode
isis routing summary
Configure device: configure on the device that generates the LSP;
By default, only L2-LSP is summarized;
isis 1
summary 4.4.4.0 255.255.255.0 //Summary for the L2-LSP generated by itself
summary 4.4.4.0 255.255.255.0 level-1 //Summary for the L1-LSP generated by itself
isis certification
verification method:
1. Interface authentication: authenticate all hello packets under this interface;
2. Area authentication: authenticate the SNP and LSP packets in the L1 area;
3. Routing domain authentication: authenticate the SNP and LSP packets in the L2 area;
Authentication type: plaintext, MD5, keychain
配置:
interface GigabitEthernet0/0/0
isis authentication-mode simple plain huawei //接口配置明文认证;
isis 1
area-authentication-mode simple plain huawei //区域认证,针对L1区域的所有SNP以及LSP报文做认证,整个L1区域的设备均需要配置;
area-authentication-mode simple plain huawei snp-packet authentication-avoid //针对L1区域的所有LSP报文做认证
domain-authentication-mode md5 plain huawei //路由域认证,针对L2区域的所有SNP以及LSP报文做认证,整个L2区域的设备均需要配置;
isis路由引入
注意事项:默认只会在level-2区域引入,如果需要在level-1区域进行路由引入,引入时需要增加参数:
isis 1
import-route direct level-1
isis引入路由的开销计算方式:内部开销+外部开销(默认为0)+64(固定数值)
isis 1
import-route direct level-1 cost x //引入时修改外部开销Factors affecting the establishment of isis neighbors
1. Router types need to have an intersection (L1 routers and L2 routers cannot be established)
2. The system id cannot conflict;
3. The timeout time can be inconsistent; (the hello of DIS is 3.3s, and the timeout time is 9s)
4. The area ids between L1 neighbors must be consistent, and L2 neighbors can be inconsistent; (TLV-1)
5. Both parties need to be on the same network segment;
Check by carrying TLV-132 (interface ip) in the hello message;
6. The MTU at both ends must be the same;
By putting the padding field (TLV-8) in the hello message, the size of the hello message is controlled to the MTU value of the interface for negotiation;
7. If authentication is configured, the authentication needs to be passed; (the authentication information is carried through TLV-10);
8. The interface is not silent;
9. The network type needs to be consistent (the packets used by P2P and broadcast networks are different)
10. Overhead calculation method; (Wide and narrow metrics can establish neighbors, but routing calculations will be wrong because the TLVs used are inconsistent)
The difference between ospf and isis
| ospf |
isis |
|
| TCP/IP |
network |
data link |
| area type |
diverse |
L1/L2 |
| Network Type |
4 | 2 |
| convergence speed |
quick |
faster |
| safety |
high |
Higher, certification can be more precise |
| routing capacity |
Strong (type 2, 3, 5, 7 lsa, one copy corresponds to one route) |
(One LSP can carry more routes through TLV) |
| Scalability | weak |
Strong (by adding TLV, it can adapt to network changes) |
| application |
Suitable for heavily heterogeneous networks (Medium and large enterprise network) |
Applicable to networks with high network performance requirements and high device performance (Operator network) |
Comprehensive Experiment
1. Configure the ip address according to the requirements of the topic
2. As shown in the figure, the isis process is running between R1\R2\R3\R5\R6 1
All routers belong to level-2 routers and belong to the 49.0005 area;
the system id requirements are as follows:
R1: 0000.0000.0001
R2: 0000.0000.0002
R3: 0000.0000.0003
R5: 0000.0000.0005
R6: 0000.0000.0006
And enable
ospf process 1 between interface 3 and R3/R4/R7 in the figure, and divide the area according to the requirements in the figure, declare network segment
4, deploy vlink in the ospf process, and realize that R3 can access the loopback interface of R7 ;
5. Configure interface authentication between R3 and R4. The authentication type is required to be clear text authentication, and the password is huawei.
6. Modify the network type so that there is no DIS between R2 and R3, and between R5 and R6;
7. Perform on R3 Two-way introduction, so that R6 and R7 can visit each other;
8. Through route summary technology, only 192.168.1.0/24 route is learned in the ospf process
9. By modifying the interface cost of G0/0/2 of R5 to 100, R6 can access At R7, take R5-R2-R3-R4-R7
1. Configure the ip address
sy
sysname R1
interface GigabitEthernet0/0/1
ip address 10.1.13.2 255.255.255.0
其他路由都类似
2. Configure isis
R1
isis 1
is-level level-2
network-entity 49.0005.0000.0000.0001.00
interface GigabitEthernet0/0/0
isis enable 1 //进入接口使能该接口进isis进程1;
display isis peer //查看isis邻居
配置loopback接口
interface LoopBack0
ip address 192.168.1.1 255.255.255.255
其他路由都类似,只需要按题意修改49.0005.0000.0000.0002.00
4.
R4
ospf 1
area 0.0.0.2
network 10.1.34.0 0.0.0.255
vlink-peer 3.3.3.3
R3和R4部署vlink
R3
area 0.0.0.2
network 10.1.34.0 0.0.0.255
vlink-peer 4.4.4.4
做到这里,ospf内部以及isis内部可以通5.
R3
interface GigabitEthernet0/0/2
ip address 10.1.34.3 255.255.255.0
ospf authentication-mode simple plain huawei
R4
interface GigabitEthernet0/0/0
ip address 10.1.34.4 255.255.255.0
ospf authentication-mode simple plain huawei 6.
在对应接口下将接口类型改为p2p
interface GigabitEthernet0/0/1
isis circuit-type p2p
7. Two-way introduction on R3, so that R6 and R7 can communicate with each other, because R3 runs ospf and isis at the same time
ospf 1 router-id 3.3.3.3
import-route isis 1
isis 1
is-level level-2
import-route ospf 1
8.
ospf 1 router-id 3.3.3.3
asbr-summary 192.168.1.0 255.255.255.09. The default calculation method of overhead is narrow measurement only 1~63
isis 1
is-level level-2
cost-style wide //宽度量
interface GigabitEthernet0/0/2
isis enable 1
isis cost 100