London POP London-1 London-2 peer-gw vpn-gw customer-gw BRAS IS Reachability TLV London-1.00 LSP cost 10 cost 10 cost 10 cost 10 cost 10 London-2.00 peer-gw.00 vpn-gw.00 customer-gw.00 BRAS.00 IS Reachability TLV peer-gw.00 LSP cost 10 cost 10 cost 10 cost 10 cost 10 London-1.00 London-2.00 vpn-gw.00 customer-gw.00 BRAS.00 IS Reachability TLV London-2.00 LSP cost 10 cost 10 cost 10 cost 10 cost 10 London-1.00 peer-gw.00 vpn-gw.00 customer-gw.00 BRAS.00 IS Reachability TLV vpn-gw.00 LSP cost 10 cost 10 cost 10 cost 10 cost 10 London-1.00 London-2.00 peer-gw.00 customer-gw.00 BRAS.00 IS Reachability TLV customer-gw.00 LSP cost 10 cost 10 cost 10 cost 10 cost 10 London-1.00 London-2.00 peer-gw.00 vpn-gw.00 BRAS.00 IS Reachability TLV BRAS.00 LSP cost 10 cost 10 cost 10 cost 10 cost 10 London-1.00 London-2.00 peer-gw.00 vpn-gw.00 customer-gw.00 F IGURE 7.4. Five routers on the LAN require O (N 2 ) storage space to accommodate all adjacencies 187 The IS-IS protocol design team was challenged to turn this N 2 problem into a linear problem in order to scale more nicely. The solution to this problem is changing the rep- resentation of the LAN in the link-state database. The LAN is represented by so-called pseudonodes. Pseudonodes are comparable to the Network LSA Type #2 in OSPF and are a very common concept in link-state routing protocols. 7.2.2 Pseudonode Representation The solution the IS-IS design team came up with is quite straightforward: the router-to- router relationship is modelled in the link-state database just like the real physical con- nection relationship: • Each router is connected to the LAN • The LAN is connected to all the routers So the idea of giving the LAN a nodal representation in the link-state database was born. Figure 7.6 shows how the LAN is represented in the link-state database as a node similar to a router. The question is now who inserts the LAN node in the link-state database? How can we make the LAN node speak and perform all the necessary tasks that a real IS-IS router has to do, like generating, refreshing and if necessary removing LSPs? One thing is clear: a LAN is a dumb piece of wire and has no logic to perform said tasks. Therefore some router on the LAN has to represent the LAN in the link-state database. It is almost like lending the LAN its voice. On each LAN circuit a Designated Intermediate System (DIS) is elected. The DIS is a router among the IS-IS routers on the LAN, which has, additionally to its normal duties, the purpose of representing the LAN in the link-state database. Because the node that the DIS generates in addition to its very own node is not a real routing node it is called a pseudonode. Changing the representation from an any-to-any IS-reach mesh to a star topology with the pseudonode in the middle, greatly reduces the amount of adjacencies that routers on 188 7. Pseudonodes and Designated Routers IS-IS adjacencies on broadcast LANs 0 100 200 300 400 500 600 700 800 900 1 5 9 13172125293337 Speakers Adcacencies p2p adjacencies to keep on a LAN p2p adjacencies to keep on a LAN with a pseudonode FIGURE 7.5. The number of required IS relationships grows by N 2 POP physical representation London-1 London-2 peer-gw vpn-gw customer-gw BRAS LSDB nodal representation London-1 London-2 peer-gw vpn-gw customer-gw BRAS LAN F IGURE 7.6. In the nodal representation of the link-state database the LAN becomes a node similar to a router 189 the LAN have to report. The original O(N 2 ) scaling property turns into a O(N) scaling behaviour. The LSP dynamics are improved as well. Once a new router comes online and declares the adjacency with the DIS up only two new LSPs will be generated. In the tcpdump output you can see that after processing the adjacency only two new LSPs are generated. The first LSP is the pseudonode and contains the LAN to Router #3 IS Reachability. The second LSP describes the Router #3 to LAN Reachability. Tcpdump output On this LAN there is an established adjacency between Router #1 and #2. Next, Router #3 comes online and after processing all the 3-way handshake and padding procedures two new LSPs are generated. 17:37:45.769638 OSI, IS-IS, L1 CSNP, src-id 0000.0000.0001, length 99 17:37:45.799403 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0001, lan-id 0000.0000.0001.02, prio 120, length 56 17:37:48.619494 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0001, lan-id 0000.0000.0001.02, prio 120, length 56 17:37:50.204522 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0002, lan-id 0000.0000.0001.02, prio 65, length 74 17:37:51.089607 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0001, lan-id 0000.0000.0001.02, prio 120, length 56 17:37:51.273316 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0003, lan-id 0000.0000.0003.02, prio 64, length 78 17:37:51.276579 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0001, lan-id 0000.0000.0001.02, prio 120, length 1492 17:37:51.278286 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0002, lan-id 0000.0000.0001.02, prio 65, length 1492 17:37:51.282142 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0003, lan-id 0000.0000.0003.02, prio 64, length 1492 [… ] 17:37:51.364655 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0002, lan-id 0000.0000.0001.02, prio 65, length 1492 17:37:51.365221 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0001, lan-id 0000.0000.0001.02, prio 120, length 1492 17:37:51.367212 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0003, lan-id 0000.0000.0001.02, prio 64, length 1492 17:37:51.370734 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0001, lan-id 0000.0000.0001.02, prio 120, length 62 17:37:51.374205 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0002, lan-id 0000.0000.0001.02, prio 65, length 80 17:37:51.374484 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0003, lan-id 0000.0000.0001.02, prio 64, length 92 17:37:51.376143 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0001, lan-id 0000.0000.0001.02, prio 120, length 62 17:37:51.379266 OSI, IS-IS, L1 Lan IIH, src-id 0000.0000.0002, lan-id 0000.0000.0001.02, prio 65, length 80 190 7. Pseudonodes and Designated Routers 17:37:51.390010 OSI, IS-IS, L1 LSP, lsp-id 0000.0000.0001.02-00, seq 0x00000065, lifetime 65533s, length 62 17:37:51.455648 OSI, IS-IS, L1 LSP, lsp-id 0000.0000.0003.00-00, seq 0x0000000c, lifetime 65533s, length 205 17:37:53.789837 OSI, IS-IS, L1 CSNP, src-id 0000.0000.0001, length 99 Using pseudonodes a single adjacency change triggers only two new LSPs which greatly reduces LSP churn. Also the original N 2 problem has been reduced to a linear problem. In the next section you will learn how the DIS allocates a unique Node-ID in order to represent the LAN in the link-state database. 7.2.3 Pseudonode ID Selection Based upon Figure 7.4 we will explore how the pseudonode gets its Node-ID. Figure 7.4 shows a small LAN in the POP which connects six routers: two core facing routers (London-1 and London-2) and four customer facing access routers. Assume the London-1 core router is already the elected DIS. We will shortly explore how the DIS is elected: assume for now that London-1 is the DIS. Each of the six routers gets its 6-byte System-ID from the NET that was configured on all the six routers. Figure 7.7 shows the structure of a link-state PDU ID (LSP-ID). Each LSP in the network carries an LSP-ID in its packet header. The first 6 bytes are set to the System-ID of the originating node. The last byte is used for Fragmentation. Fragmentation and the notion of the Fragment-ID will be explained in Chapter 9 “Fragmentation”. The seventh byte is called the Pseudonode-ID and it is used for Pseudonode incarnations of the originating system. The first seven bytes is often referred to as the Node-ID. The Pseudonode-ID number 0 has a special meaning. A zero indicates that this is the real instance of the router. A non-zero value represents a pseudonode. Figure 7.8 shows the nodal representation of the POP routers in the link-state database. Each square box represents an LSP. In the header you can see the Node-ID of the originating router in two representations. The upper line show the more convenient representation where the 6-byte System-ID gets replaced with a name. The lower line of the header also shows the Node-ID in digit representation. The System-ID name translation service will not be dis- cussed further because it is described in Chapter 13 “IS-IS Extensions”. Note that all routing nodes have their pseudonode byte (7th) set to zero. Except the London-1 (1921.6804.4001.02) Node-ID carries a non-zero pseudonode byte. This Pseudonodes 191 System-ID Pseudonode- ID Fragment- ID 1921.6820.4003.02-00 Node-ID LSP-ID FIGURE 7.7. The LSP-ID dedicates one byte for pseudonode incarnations London POP London-1 London-2 peer-gw vpn-gw customer-gw BRAS IS Reachability TLV London-1.00 LSP 1921.6804.4001.00 cost 10 London-1.02 peer-gw.00 LSP 1921.6804.4012.00 London-2.00 LSP 1921.6804.4002.00 vpn-gw.00 LSP 1921.6804.4010.00 customer-gw.00 LSP 1921.6804.4010.00 BRAS.00 LSP 1921.6804.4011.00 IS Reachability TLV London-1.02 LSP 1921.6804.4001.02 cost 0 cost 0 cost 0 cost 0 cost 0 cost 0 London-1.00 London-2.00 peer-gw.00 vpn-gw.00 customer-gw.00 BRAS.00 IS Reachability TLV cost 10 London-1.02 IS Reachability TLV cost 10 London-1.02 IS Reachability TLV cost 10 London-1.02 IS Reachability TLV cost 10 London-1.02 IS Reachability TLV cost 10 London-1.02 F IGURE 7.8. The pseudonode borrows the System-ID from the DIS 192 Node-ID represents the pseudonode for the LAN. The pseudonode borrows the System- ID from the DIS on that LAN. London-1 is the DIS in our example and therefore the Pseudonode-ID is composed using the DIS System-ID plus an extra byte that makes it distinguishable from the DIS itself. There is no problem if several LSPs with the same System-ID are floating around as long the pseudonode byte makes the incarnation (DIS non DIS) clear. The 8-bit wide Pseudonode field supports theoretically 255 pseudonodes. For most IS-IS implementations this is also the upper boundary of supported broad circuits. Most IS-IS implementations do allocate a Pseudonode-ID per broadcast circuit. Arguably the system would only need to allocate a unique Pseudonode-ID once it becomes the DIS on a LAN – however, there is yet no clear procedure how the system should behave when it runs out of Pseudonode-IDs. The most likely behaviour would be to set the LAN priority to 0 thereby indicating that the system does not wish to participate in the DIS election. 7.2.4 Link-state Database Modelling Each adjacency on a LAN has a certain cost. Once a DIS generates pseudonodes it must make sure that the overall cost of the path through the LAN is not fudged. IS-IS does this by assigning asymmetrical cost to the pseudonode. Asymmetrical cost means that the cost from a router to reach the pseudonode is different than the cost from the pseudonode to reach a router. Figure 7.9 shows, for example, how a LAN cost of 10 is represented in the link-state database. Note that the cost to reach the pseudonode is the local configured IS-IS metric. In Figure 7.9 all IS-IS metrics are set to 10. The reverse direction from the pseudonode to the router has always a cost of zero. For real nodes an adjacency cost of 0 Pseudonodes 193 Pseudonode costs London-1 London-2 peer-gw vpn-gw customer-gw BRAS LAN 10 10 10 10 10 10 0 0 0 0 0 0 FIGURE 7.9. The cost to reach the pseudonode equals the link cost – the cost from the pseudonode to the real node is always zero is an illegal value, accept for pseudonodes. You will see later in Chapter 10 “SPF and Route Calculation” that the pseudonode needs a special treatment during the SPF calcu- lation because of those zero cost adjacencies. The cost of adjacencies can be checked on the router’s command line interface. You can check the cost between the Nodes using the show isis database detail command: JUNOS command output The JUNOS show isis database detail command displays how the routers are linked to the pseudonodes. The IOS command show isis database detail provides a sim- ilar output. hannes@Stockholm> show isis database detail IS-IS level 1 link-state database: Amsterdam.00-00 Sequence: 0x187, Checksum: 0xbda7, Lifetime: 59556 secs IS neighbor: Stockholm.02 Metric: 10 IP prefix: 172.16.1.0/24 Metric: 0 Internal Up IP prefix: 192.168.1.1/32 Metric: 0 Internal Up The first node is a real router carrying the Amsterdam.00 Node-ID. The router is linked to a Pseudonode Stockholm.02. Note the cost of 10 to reach the pseudonode. Stockholm.00-00 Sequence: 0x2e, Checksum: 0x7157, Lifetime: 59554 secs IS neighbor: Stockholm.02 Metric: 10 IP prefix: 172.16.0.4/24 Metric: 0 Internal Up IP prefix: 192.168.1.2/32 Metric: 0 Internal Up The second node is a real router carrying the Stockholm.00 Node-ID. The router is also linked to the Stockholm.02 Pseudonode. Note the cost of 10 to reach the pseudonode. Stockholm.02-00 Sequence: 0x69, Checksum: 0x2d26, Lifetime: 59556 secs IS neighbor: Amsterdam.00 Metric: 0 IS neighbor: Stockholm.00 Metric: 0 The third node is a pseudonode carrying the Stockholm.02 Node-ID. Note the zero cost which connects the pseudonode back to the two real routers. The pseudonode also does not carry any higher-level protocol information like IP addresses. The pseudonode can be seen as a protocol independent node which only carries IS-Reach and optional authentication information. Arguably the notion of protocol independence matches also the physical setup: the pseudonode represents a LAN and a LAN can carry any Layer-3 protocol. 194 7. Pseudonodes and Designated Routers Ethernet Amsterdam.00 Stockholm.00 Stockholm.00 Amsterdam.00 LAN Stockholm.00 Amsterdam.00 Stockholm.02 F IGURE 7.10. Two routers connected by an Ethernet link can be represented in tw o ways in the IS-IS link stake database 195 196 7. Pseudonodes and Designated Routers Pseudonodes were intended to relieve routers from additional processing overhead. However, there are deployment scenarios where the generation and maintenance of a pseudonode generates more overhead than the original point-to-point behaviour. 7.2.5 Pseudonode Suppression on p2p LANs With the rise of Gigabit Ethernet (GE) the once for-access-only media has become a cheap and fast router-to-router pipe. The overall cost of transmission for a Gigabit Ethernet pipe is lower than for a pipe which was the major driver that GE is being deployed in p2p fashion. Historically, transmission of the odd sized (in the sense that it does not fit exactly in the SONET/SDH digital hierarchy) Gigabit Frames turned out to be an expen- sive operation. Today there are affordable DWDM systems available that allow a service provider to multiplex dozens of GE pipes on a single fibre. The mandate to generate a pseudonode on the LAN circuit even if there are just two speakers on a LAN seems to be a useless exercise. Consider Figure 7.10 which illus- trates how two routers connected by a p2p broadcast circuit need to generate a third node in order to represent the LAN in the link-state database. The nodal graph is shown in the top left corner. It is evident that for just two routers pseudonode generation is more than a overhead than a contribution to scaling LAN adjacencies, which was the original goal of pseudonodes. In the IETF the idea of pseudonode suppression has been born. Internet draft draft-ietf-isis-igp-p2p-over-lan-03 gives describes a method to avoid sending the pseudonode generation. How can a system avoid generating a pseudonode by not breaking things? The idea of the draft is simple: Just send a p2p Hello encapsulated in an Ethernet frame. Recall the p2p PDU type is only used on p2p media like ATM, POS or Frame Relay. If a p2p-IIH is encapsulated in an Ethernet frame and both sides agree to suppress the pseudonode then no DIS election and subsequently no pseudonode generation needs to be executed. The tcpdump output shows the odd frame. First the frame is sent to the MAC address All-IS (09.00:2b:00:00:05). Normally this MAC address is never used as the L1-LAN- IIH and L2-LAN-IIH is sent to the ALL-L1-IS (01:80:C2:00:00:14) and All-L2-IS (01:80:C2:00:00:15) functional MAC address. Next the PDU type is the p2p IIH which is otherwise never used on LAN circuits. Finally there is the p2p Adjacency State TLV which is also sent on p2p circuits only. Recall on LAN media the IS Neighbour TLV #6 is typically used for the 3-way handshake. Tcpdump output If an isis interface is marked as point-to-point then the router will pack a p2p Hello containing p2p relevant TLVs on the Ethernet frame and ship it to the All-IS LAN multicast Address. 23:41:19.490748 00:90:69:b2:58:2d > 09:00:2b:00:00:05, OSI, IS-IS, length: 58 p2p IIH, hlen: 20, v: 1, pdu-v: 1, sys-id-len: 6 (0), max-area: 3 (0) source-id: 0000.0000.0002, holding time: 27s, Flags: [Level 1, Level 2] circuit-id: 0x01, PDU length: 58 . elected. The DIS is a router among the IS-IS routers on the LAN, which has, additionally to its normal duties, the purpose of representing the LAN in the link-state database. Because the node that the. 10 London-1.02 F IGURE 7.8. The pseudonode borrows the System-ID from the DIS 192 Node-ID represents the pseudonode for the LAN. The pseudonode borrows the System- ID from the DIS on that LAN. London-1 is the DIS. like the real physical con- nection relationship: • Each router is connected to the LAN • The LAN is connected to all the routers So the idea of giving the LAN a nodal representation in the link-state