sub-optimal routing. Figure 4.9 shows how OSPF routes inter-area versus intra-area traf- fic. Consider traffic flowing between the two leaf-sites S (source) and D (destination). Traffic arrives at the ABR and OSPF has two routes available to route that traffic – one direct route (the intra-area) over two low-speed T1 circuits, and another route that leads over the backbone (the inter-area route), which has one T1 segment less and plenty of bandwidth available, as there is a Gigabit Ethernet segment in the path. But just like any other hierarchical routing protocol, OSPF prefers to get inter-area backbone traffic to intra-area routes as soon as possible. So ultimately the traffic takes the path indicated by the gray arrow. Common practice to fix that problem in OSPF is to spend money to put another link between the two Area Border Routers as indicated by the thick black dotted line. This link is configured to run in Area 52 and produces a lot of new, low-cost paths to avoid the slower T1 hopping of traffic. In IS-IS the problem is solved similarly, except that you do not have to expense two Gigabit Ethernet router ports! Figure 4.10 shows how IS-IS avoids this expense by the level between the routers that were OSPF Area Border Routers IS-IS L1L2 capable. Now, over the same physical circuit (the Gigabit Ethernet Segment), IS-IS forms adjacencies on a per-level basis, and both Level-1 and Level-2 adjacencies form on the same link. Therefore, the Gigabit Ethernet link is an integral part of Area 52 and preferred when traffic travels from S to D. 4.3.2 Route Leaking Between Levels Every routing protocol passes a certain amount of routing information up the routing hierarchy, and other routing information is passed down the routing hierarchy. There is a bi-directional flow of routing information known as route leaking. To better understand how IS-IS leaks routes between levels, first look at how OSPF passes routing information up and down. Figure 4.11 shows how OSPF leaks information between levels. For sim- plicity reasons, this example uses the default behaviour of how OSPF leaks routes. Of Levels 87 Area 52 Area 0 (Backbone) 1000 Mbps 1.544 Mbps 1.544 Mbps 1.544 Mbps Area 51 1.544 Mbps D S FIGURE 4.9. The OSPF constraint that one interface can only be in one area can cause sub-optimal routing 88 4. IS-IS Basics Area 52 1000 Mbps 1.544 Mbps 1.544 Mbps 1.544 Mbps S D Level 2 Topology Level 1 Topology 1.544 Mbps FIGURE 4.10. IS-IS can share a link between Level-1 and Level-2 topologies – this fixes the sub- optimal routing problem in a cost-effective way routes to BB Area 51 Area 52 Area 53 Area 0 routes to BB routes to BB routes from BB routes from BB routes from BB FIGURE 4.11. OSPF short-circuits reachability information between all areas, which can be a scaling harm course, there are lots of other ways to leak OSPF routes between areas, such as Totally- Stubby-Areas, Stub-Areas and Not-So-Stubby-Areas (NSSA), but this is just an example. In our example network, there are three areas interconnected by three OSPF Area Border Routers, and the backbone is OSPF Area 0. In OSPF, each ABR takes the routes it cal- culated from the non-zero areas and redistributes it automatically to the backbone. The gray arrow indicates this step. The backbone in turn redistributes all the routes it has learned from all of the areas and feeds back that information to each as well. Ultimately, each router gets all the routing information. This is one of the scaling issues of OSPF: the fact that each area sees all the routes. This has resulted in all the add-on OSPF concepts (Totally-Stubby-Areas, NSSA) to fix that behaviour. IS-IS is very different in this respect. Similarly to OSPF, it leaks information from Level-1 to Level-2. However, IS-IS does not leak down any information from Level-2 to Level-1. Figure 4.12 shows how IS-IS deals with route distribution in a hierarchical routing environment. IS-IS sets a bit in its routing messages for the respective areas. This particu- lar bit is called the Attach bit or, for short, the ATT bit. Any router that is part of the Level-2 topology (that is, the router has at least one adjacency on a Level-2 circuit in the “Up” state) must set the ATT bit on messages. The routers in the areas simply calculate their shortest Levels 89 Area 11 Area 12 Area 13 r outes to BB ATT ATT ATT routes to BB routes to BB FIGURE 4.12. IS-IS does not distribute all reachability information down to the Level-2. Routes just flow up and never down the hierarchy, which is a good scaling property path to the closest router that has sent messages with the ATT bit set and installs a default 0/0 route in its routing/forwarding table pointing to the closest L1L2 router. This is exactly the behaviour of Totally-Stubby-Areas in OSPF, and no wonder, since both address the same issue. However, in IS-IS you can do a few things that cannot be achieved using Totally-Stubby-Areas in OSPF, like injecting external routing information into the cloud. Luckily, OSPF NSSAs fix that problem. So to quickly explain to those familiar with OSPF the way that IS-IS leaks its routing information, it is safe to say “Almost like NSSA!”. There will be more details on how exactly route leakage works in IS-IS, using a lot of examples and router configurations, in Chapter 12 “IP Reachability Information”. Assigning links arbitrarily to the two topologies proved to be a very flexible design tool that today no network designer would be without. It would seem, then, that address- ing and address allocation is not an important aspect of an IS-IS network design, but do not be misled. A careful area design is what prepares an IS-IS network for all kinds of migration and expansion. A clear understanding of the differences between area address- ing and the routing hierarchy is at first a bit difficult to understand in IS-IS. However, there is also a lot of operational flexibility that results from this differentiation, particu- larly when it comes to migrating areas. 4.4 Area Migration Scenarios In contrast to OSPF, an IS-IS router can be in multiple areas at the same time. Having support for more than one area is mandatory to migrate area addresses. If a routing proto- col has only support for one area at a time, then the change of area addresses becomes highly disruptive. Just think about the disruptive nature of migrating an OSPF area, which is a routing protocol that supports just one area address per adjacency. You cannot migrate an OSPF network’s area during normal business hours: you need to allocate a maintenance window for it. IS-IS is friendlier to migrations in this respect. In the IS-IS Hello messages there is room enough to support more than one Area-ID. In each IS-IS message, the first 8 bytes are called the common header. Figure 4.13 shows the common header that is prepended to all IS-IS messages. The last byte in the common header is a pre-indicator of the maximum amount of Area-IDs the system is going to advertise. However, most IS-IS implementa- tions (including IOS and JUNOS) do not support more than 3 areas in these messages (of course, the total number of areas in the network is another matter). This is no real limitation in practice, as support for three areas for one router at the same time supports all the area migration scenarios of interest, which are: • Merging two areas into a single area • Splitting one area into two areas • Renumbering two areas to a new area How does IS-IS treat a pair of routers that have different Area-IDs? And how is adja- cency formation affected by different Area-IDs? IS-IS does not require that the Area-ID matches before a Level-1 adjacency comes up – support for multiple Area-IDs has been mentioned already. So there is no single Area-ID that has to match. But first IS-IS collects 90 4. IS-IS Basics the advertised Area-IDs from both sides of the link. Then IS-IS looks to see if there is an Area-ID in common. If there is at least one matching area address then the Level-1 adja- cency goes into the Up state. Figure 4.14 shows four routers (A, B, C, D), and not all of them are in the same area. No problem! As long as there is at least a single pair of routers that is present in both areas (Router A and B), the adjacency between A and B goes into the Up state and the routes of all four routers get distributed and finally received by all the routers in the Level-1 network. Area Migration Scenarios 91 Intra-domain Routing Protocol Discriminator Header Length Indicator Version/Protocol ID Extension 0x83 Bytes 1 1 1 1 1 1 1 1 1 ID Length PDU Type R 0 R 0 R 0 PDU Version Reserved Maximum Area Addresses 6 (0) 1 3 (0) 0 PDU specific fields 17–33 TLV section 0–1467 FIGURE 4.13. The IS-IS common header consists of 8 bytes that are contained in every IS-IS message. The last byte consists of the number of areas that the router supports Area 11 Area 12 A B DC Level 2 Topology Level 1 Topology FIGURE 4.14. In an IS-IS Level-1 network there can even be multiple area addresses as long there is at least a pair of routers present in both areas Before going into the details of the migration scenarios, it will be helpful to show some configuration snippets from JUNOS and IOS and also show for the first time the ISO Network Entity Titles (NETs), which may be new. All you really need to know is that the first few bytes of the NET specify the Area-ID, but the exact number of bytes varies. The reason why there is no fixed mapping of the Area-ID into the NET is because the NETs are variable in size and, depending on the address format, the Area-ID size also varies. There is a more detailed presentation of NETs later in this chapter, in the “OSI Addressing” section. The most common migration scenarios will demonstrate how flexible IS-IS interprets the term area. 4.4.1 Merging Areas Figure 4.15 shows two disjoint Areas 11 and 12, which are ultimately to be joined into a common Area 11. The figure shows the network before and after the migration. Next to the router there is the corresponding configuration snippet – a snippet far from being complete – just the IS-IS-related configuration commands are presented. This migration is rather simple. First, there are two pairs of routers, each pair is disjoint to the other pair. As this is a multivendor book, there are configuration snippets from the two dominant (IOS and JUNOS) IS-IS implementations in the Internet included. The migration does not happen atomically (in a single step). Several transient configu- rations have to be followed for a smooth transition. To be non-disruptive, first an additional NET is configured on Router A. For a short period of time Router A is configured with two NETs: 11.aaaa.aaaa.aaaa.00 and 12.aaaa.aaaa.aaaa.00. In the next step, add the common Areas NETs to Router C as well. Now all the routers have Area-ID 12 configured. Now we can clean up existing configurations and remove the Area 11 NET off Routers A and C. So the areas have been merged into a common area in a non-disruptive way. 4.4.2 Splitting Areas Splitting areas is done in a similar fashion to merging areas, just (in a sense) in the oppos- ite direction. Figure 4.16 gives an example of how to break an existing area into two smaller areas. First, the pair of routers has to be determined that will have both Area-IDs. In this example, Routers A and B are the routers which have both Area-IDs configured. The migration “style” here is again from the centre to the edge. So, first, the Area 11 NETs are configured on the Routers B, A, and D. Finally, Area 12 is removed from Router C. Again, the whole area can be configured in a non-disruptive fashion as long as the con- figuration order is maintained. 4.4.3 Renumbering Areas Renumbering areas means that one or more areas get a new Area-ID. This example change of Area-IDs does not just affect some routers in the network, but all routers in the network. Nevertheless, if the correct order is followed, even this complex migration can be accomplished in a simple and non-disruptive fashion. 92 4. IS-IS Basics Figure 4.17 shows that, first, the new area that all routers should migrate to is configured on all the routers. This can be done without regard for any specific order. Next, both Area 11 and Area 12 are removed by deleting the NETs from the respective routers. That simple! Recall that the maximum number of NETs supported on a single router is three. So having the freedom of assigning three different Router IDs to a single router enables you to accomplish any arbitrarily complex area migration scenario, since more than three Area- IDs are never required. Levels are a handy tool that allows the routing hierarchy to be independent of the area addressing. The next section contains a short overview on how IS-IS stores its route information and calculates routes throughout the network. Area Migration Scenarios 93 Area 11 Area 12 router-c# show running-configuration interface POS0/0 ip router isis router isis net 11.cccc.cccc.cccc.00 hannes@router-a> show configuration interfaces { so-2/0/0 { unit 0 { family iso; } } so-3/0/0 { unit 0 { family iso; } } lo0 { unit 0 { family iso { address 11.aaaa.aaaa.aaaa.00; } } } } protocols { isis { interface lo0.0; interface so-2/0/0.0; interface so-3/0/0.0; } } Area 12 router-b# show running-configuration interface POS1/0 ip router isis interface POS3/0 ip router isis router isis net 12.bbbb.bbbb.bbbb.00 router-c# show running-configuration interface POS0/0 ip router isis router isis net 12.cccc.cccc.cccc.00 hannes@router-a> show configuration interfaces { so-2/0/0 { unit 0 { family iso; } } so-3/0/0 { unit 0 { family iso; } } lo0 { unit 0 { family iso { address 12.aaaa.aaaa.aaaa.00; } } } } protocols { isis { interface lo0.0; interface so-2/0/0.0; interface so-3/0/0.0; } }` hannes@router-d> show configuration interfaces { so-0/0/0 { unit 0 { family iso; family iso; } } lo0 { unit 0 { family iso { address 12.dddd.dddd.dddd.00; } } } } protocols { isis { interface lo0.0; interface so-0/0/0.0; } } A B DC Level 2 Topology Level 1 Topology A B DC router-b# show running-configuration interface POS1/0 ip router isis interface POS3/0 ip router isis router isis net 12.bbbb.bbbb.bbbb.00 hannes@router-d> show configuration interfaces { so-0/0/0 { unit 0 { family iso; } } lo0 { unit 0 { family iso { address 12.dddd.dddd.dddd.00; } } } } protocols { isis { interface lo0.0; interface so-0/0/0.0; } } FIGURE 4.15. IS-IS area merging example 4.5 Local SPF Computation IS-IS follows a simple principle called distributed databases and local computation. Distributed databases means that all routers agree how many routers are in the network and how they are connected with each other. Local computation means that each router receivers the same topological information and prefixes unaltered. So, for example, no router is allowed to change the originator’s information. IS-IS stores all information about other routers and links in the link-state database (LSDB). There is a dedicated LSDB per Level: one for the Level-1 and one for the Level-2. 94 4. IS-IS Basics Area 12 router-b# show running-configuration interface POS1/0 ip router isis interface POS3/0 ip router isis router isis net 12.bbbb.bbbb.bbbb.00 router-c# show running-configuration interface POS0/0 ip router isis router isis net 12.cccc.cccc.cccc.00 hannes@router-a> show configuration interfaces { so-2/0/0 { unit 0 { family iso; } } so-3/0/0 { unit 0 { family iso; } } lo0 { unit 0 { family iso { address 12.aaaa.aaaa.aaaa.00; } } } } protocols { isis { interface lo0.0; interface so-2/0/0.0; interface so-3/0/0.0; } } hannes@router-d> show configuration interfaces { so-0/0/0 { unit 0 { family iso; } } lo0 { unit 0 { family iso { address 12.dddd.dddd.dddd.00; } } } } protocols { isis { interface lo0.0; interface so-0/0/0.0; } } Area 11 Area 12 router-b# show running-configuration interface POS1/0 ip router isis interface POS3/0 ip router isis router isis net 12.bbbb.bbbb.bbbb.00 net 11.bbbb.bbbb.bbbb.00 router-c# show running-configuration interface POS0/0 ip router isis router isis net 11.cccc.cccc.cccc.00 hannes@router-a> show configuration interfaces { so-2/0/0 { unit 0 { family iso { address 12.aaaa.aaaa.aaaa.00; } } } so-3/0/0 { unit 0 { family iso; } } lo0 { unit 0 { family iso { address 11.aaaa.aaaa.aaaa.00; } } } } protocols { isis { interface lo0.0; interface so-2/0/0.0; interface so-3/0/0.0; } } hannes@router-d> show configuration interfaces { so-0/0/0 { unit 0 { family iso; } } lo0 { unit 0 { family iso { address 12.dddd.dddd.dddd.0 0 } } } } protocols { isis { interface lo0.0; interface so-0/0/0.0; } } Level 2 Topology Level 1 Topology A B DC A B D C FIGURE 4.16. Area splitting example You can display the contents of the database using the show isis database com- mand on both IOS and JUNOS. IOS command The show isis database command shows first the Level-1 and next the Level-2 database. Local SPF Computation 95 Area 11 Area 12 router-b# show running-configuration interface POS1/0 ip router isis interface POS3/0 ip router isiser isis rout net 12.bbbb.bbbb.bbbb.00 net 11.bbbb.bbbb.bbbb.00 router-c# show running-configuration interface POS0/0 ip router isis router isis net 11.cccc.cccc.cccc.00 hannes@router-a> show configuration interfaces { so-2/0/0 { unit 0 { family iso { address 12.aaaa.aaaa.aaaa.00; } } } so-3/0/0 { unit 0 { family iso; } } lo0 { unit 0 { family iso { address 11.aaaa.aaaa.aaaa.00; } } } } protocols { isis { interface lo0.0; interface so-2/0/0.0; interface so-3/0/0.0; } } hannes@router-d> show configuration interfaces { so-0/0/0 { unit 0 { family iso; } } lo0 { unit 0 { family iso { address 12.dddd.dddd.dddd.00; } } } } protocols { isis { interface lo0.0; interface so-0/0/0.0; interface so-0/0/0.0; } } Area 13 router-b# show running-configuration interface POS1/0 ip router isis interface POS3/0 ip router isis router isis net 13.bbbb.bbbb.bbbb.00 router-c# show running-configuration interface POS0/0 ip router isis router isis net 13.cccc.cccc.cccc.00 hannes@router-a> show configuration interfaces { so-2/0/0 { unit 0 { family iso; } } so-3/0/0 { unit 0 { family iso; } } lo0 { unit 0 { family iso { address 13.aaaa.aaaa.aaaa.00; } } } } protocols { isis { interface lo0.0; interface so-2/0/0.0; interface so-3/0/0.0; } } hannes@router-d> show configuration interfaces { so-0/0/0 { unit 0 { family iso; } } lo0 { unit 0 { family iso { address 13.dddd.dddd.dddd.00; } } } } protocols { isis { interface lo0.0; interface so-0/0/0.0; } } Level 2 Topology Level 1 Topology A B D C A B D C FIGURE 4.17. Area renumbering example – during configuration the worst case is that 3 areas are necessary, which is the reason that 3 areas is the default that every vendor does support Frankfurt#show isis database IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL Frankfurt.00–00 * 0x000003db 0x4BA7 692 0/0/0 London.00–00 * 0x00000570 0xCD17 42134 0/0/0 […] JUNOS command The JUNOS show isis database output looks similar to the IOS output: hannes@London> show isis database IS-IS level 1 link-state database: 0 LSPs IS-IS level 2 link-state database: LSP ID Sequence Checksum Lifetime Attributes Frankfurt.00–00 0x3db 0x4ba7 62094 L1 L2 London.00–00 0x570 0xcd17 63349 L1 L2 [ … ] After receipt of all LSPs in a given IS-IS network, the router runs a shortest path first (SPF) calculation to find out the “shortest path” for a given prefix through the network. The SPF calculation is an algorithm derived from graph theory that can find, in a finite numbers of steps, the shortest distance between a pair of nodes. There is an entire chap- ter dedicated to the internals of the SPF calculation and the associated commands to troubleshoot SPF problems, Chapter 10 “SPF and Route Calculation”. 4.6 IS-IS Addressing When people begin studying IS-IS, the first pitfall for them is OSI addressing. Variable length addressing and complicated delegation schemes are bad enough. But IS-IS inherit- ing its addressing scheme from the CLNP address family creates another level of confusion because sometimes the boundaries between CLNP and IS-IS are not clear to the novice. IS-IS addressing follows a different semantic style and paradigm than IP addresses do. However, it is surprisingly simple compared to IP addressing. In this chapter, the OSI addressing paradigm will be discussed in comparison to IP. At the end, several examples of addressing schemes, plus guidelines for assigning and delegating OSI addresses in a network, will be presented. 4.6.1 IP Addressing Before introducing OSI addressing, consider the basics of IPv4 addressing. (This book does not consider IPv6 addressing, but IS-IS works just as well with IPv6 as IPv4, another advantage compared with the extensive re-writes needed for OSPFv6.) The IPv4, address 96 4. IS-IS Basics . passes a certain amount of routing information up the routing hierarchy, and other routing information is passed down the routing hierarchy. There is a bi-directional flow of routing information known. Area 11. The figure shows the network before and after the migration. Next to the router there is the corresponding configuration snippet – a snippet far from being complete – just the IS-IS- related. varies. The reason why there is no fixed mapping of the Area-ID into the NET is because the NETs are variable in size and, depending on the address format, the Area-ID size also varies. There is a