ISIS¶

ISIS is a routing protocol which is described in ISO10589, RFC 1195, RFC 5308. ISIS is an IGP. Compared with RIP, ISIS can provide scalable network support and faster convergence times like OSPF. ISIS is widely used in large networks such as ISP and carrier backbone networks.

Configuring isisd¶

There are no isisd specific options. Common options can be specified (Common Invocation Options) to isisd. isisd needs to acquire interface information from zebra in order to function. Therefore zebra must be running before invoking isisd. Also, if zebra is restarted then isisd must be too.

Like other daemons, isisd configuration is done in ISIS specific configuration file isisd.conf.

ISIS router¶

To start the ISIS process you have to specify the ISIS router. As of this writing, isisd does not support multiple ISIS processes.

router isis WORD [vrf NAME]¶: Enable or disable the ISIS process by specifying the ISIS domain with 'WORD'. isisd does not yet support multiple ISIS processes but you must specify the name of ISIS process. The ISIS process name 'WORD' is then used for interface (see command ip router isis WORD).

net XX.XXXX. ... .XXX.XX¶: Set/Unset network entity title (NET) provided in ISO format.

hostname dynamic¶: Enable support for dynamic hostname.

area-password [clear | md5] <password>¶

domain-password [clear | md5] <password>¶: Configure the authentication password for an area, respectively a domain, as clear text or md5 one.

attached-bit [receive ignore | send]¶

Set attached bit for inter-area traffic:

receive If LSP received with attached bit set, create default route to neighbor
send If L1|L2 router, set attached bit in LSP sent to L1 router

log-adjacency-changes¶: Log changes in adjacency state.

metric-style [narrow | transition | wide]¶

Set old-style (ISO 10589) or new-style packet formats:

narrow Use old style of TLVs with narrow metric
transition Send and accept both styles of TLVs during transition
wide Use new style of TLVs to carry wider metric. FRR uses this as a default value

set-overload-bit¶: Set overload bit to avoid any transit traffic.

purge-originator¶: Enable or disable RFC 6232 purge originator identification.

lsp-mtu (128-4352)¶: Configure the maximum size of generated LSPs, in bytes.

ISIS Timer¶

lsp-gen-interval [level-1 | level-2] (1-120)¶: Set minimum interval in seconds between regenerating same LSP, globally, for an area (level-1) or a domain (level-2).

lsp-refresh-interval [level-1 | level-2] (1-65235)¶: Set LSP refresh interval in seconds, globally, for an area (level-1) or a domain (level-2).

max-lsp-lifetime [level-1 | level-2] (360-65535)¶: Set LSP maximum LSP lifetime in seconds, globally, for an area (level-1) or a domain (level-2).

spf-interval [level-1 | level-2] (1-120)¶: Set minimum interval between consecutive SPF calculations in seconds.

ISIS Fast-Reroute¶

Unless stated otherwise, commands in this section apply to all LFA flavors (local LFA, Remote LFA and TI-LFA).

spf prefix-priority [critical | high | medium] WORD¶

Assign a priority to the prefixes that match the specified access-list.

By default loopback prefixes have medium priority and non-loopback prefixes have low priority.

fast-reroute priority-limit [critical | high | medium] [level-1 | level-2]¶: Limit LFA backup computation up to the specified prefix priority.

fast-reroute lfa tiebreaker [downstream | lowest-backup-metric | node-protecting] index (1-255) [level-1 | level-2]¶: Configure a tie-breaker for multiple local LFA backups. Lower indexes are processed first.

fast-reroute load-sharing disable [level-1 | level-2]¶: Disable load sharing across multiple LFA backups.

fast-reroute remote-lfa prefix-list [WORD] [level-1 | level-2]¶: Configure a prefix-list to select eligible PQ nodes for remote LFA backups (valid for all protected interfaces).

ISIS region¶

is-type [level-1 | level-1-2 | level-2-only]¶

Define the ISIS router behavior:

level-1 Act as a station router only
level-1-2 Act as both a station router and an area router
level-2-only Act as an area router only

ISIS interface¶

<ip|ipv6> router isis WORD¶: Activate ISIS adjacency on this interface. Note that the name of ISIS instance must be the same as the one used to configure the ISIS process (see command router isis WORD). To enable IPv4, issue ip router isis WORD; to enable IPv6, issue ipv6 router isis WORD.

isis circuit-type [level-1 | level-1-2 | level-2]¶

Configure circuit type for interface:

level-1 Level-1 only adjacencies are formed
level-1-2 Level-1-2 adjacencies are formed
level-2-only Level-2 only adjacencies are formed

isis csnp-interval (1-600) [level-1 | level-2]¶: Set CSNP interval in seconds globally, for an area (level-1) or a domain (level-2).

isis hello padding¶: Add padding to IS-IS hello packets.

isis hello-interval (1-600) [level-1 | level-2]¶: Set Hello interval in seconds globally, for an area (level-1) or a domain (level-2).

isis hello-multiplier (2-100) [level-1 | level-2]¶: Set multiplier for Hello holding time globally, for an area (level-1) or a domain (level-2).

isis metric [(0-255) | (0-16777215)] [level-1 | level-2]¶: Set default metric value globally, for an area (level-1) or a domain (level-2). Max value depend if metric support narrow or wide value (see command metric-style [narrow | transition | wide]).

isis network point-to-point¶: Set network type to 'Point-to-Point' (broadcast by default).

isis passive¶: Configure the passive mode for this interface.

isis password [clear | md5] <password>¶: Configure the authentication password (clear or encoded text) for the interface.

isis priority (0-127) [level-1 | level-2]¶: Set priority for Designated Router election, globally, for the area (level-1) or the domain (level-2).

isis psnp-interval (1-120) [level-1 | level-2]¶: Set PSNP interval in seconds globally, for an area (level-1) or a domain (level-2).

isis three-way-handshake¶: Enable or disable RFC 5303 Three-Way Handshake for P2P adjacencies. Three-Way Handshake is enabled by default.

isis fast-reroute lfa [level-1 | level-2]¶: Enable per-prefix local LFA fast reroute link protection.

isis fast-reroute lfa [level-1 | level-2] exclude interface IFNAME¶: Exclude an interface from the local LFA backup nexthop computation.

isis fast-reroute remote-lfa tunnel mpls-ldp [level-1 | level-2]¶: Enable per-prefix Remote LFA fast reroute link protection. Note that other routers in the network need to be configured to accept LDP targeted hello messages in order for RLFA to work.

isis fast-reroute remote-lfa maximum-metric (1-16777215) [level-1 | level-2]¶: Limit Remote LFA PQ node selection within the specified metric.

isis fast-reroute ti-lfa [level-1|level-2] [node-protection [link-fallback]]¶: Enable per-prefix TI-LFA fast reroute link or node protection. When node protection is used, option link-fallback enables the computation and use of link-protecting LFAs for destinations unprotected by node protection.

Showing ISIS information¶

show isis summary¶: Show summary information about ISIS.

show isis hostname¶: Show information about ISIS node.

show isis interface [detail] [IFNAME]¶: Show state and configuration of ISIS specified interface, or all interfaces if no interface is given with or without details.

show isis neighbor [detail] [SYSTEMID]¶: Show state and information of ISIS specified neighbor, or all neighbors if no system id is given with or without details.

show isis database [detail] [LSPID]¶: Show the ISIS database globally, for a specific LSP id without or with details.

show isis topology [level-1|level-2]¶: Show topology IS-IS paths to Intermediate Systems, globally, in area (level-1) or domain (level-2).

show isis route [level-1|level-2] [prefix-sid|backup]¶: Show the ISIS routing table, as determined by the most recent SPF calculation.

show isis fast-reroute summary [level-1|level-2]¶: Show information about the number of prefixes having LFA protection, and network-wide LFA coverage.

Traffic Engineering¶

Note

At this time, FRR offers partial support for some of the routing protocol extensions that can be used with MPLS-TE. FRR does not currently support a complete RSVP-TE solution.

mpls-te on¶: Enable Traffic Engineering LSP flooding.

mpls-te router-address <A.B.C.D>¶: Configure stable IP address for MPLS-TE.

show isis mpls-te interface¶

show isis mpls-te interface INTERFACE¶: Show MPLS Traffic Engineering parameters for all or specified interface.

show isis mpls-te router¶: Show Traffic Engineering router parameters.

Segment Routing¶

This is an EXPERIMENTAL support of Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.

Known limitations:

No support for level redistribution (L1 to L2 or L2 to L1)
No support for binding SID
No support for SRMS
No support for SRLB
Only one SRGB and default SPF Algorithm is supported

segment-routing on¶: Enable Segment Routing.

segment-routing global-block (16-1048575) (16-1048575) [local-block (16-1048575) (16-1048575)]¶: Set the Segment Routing Global Block i.e. the label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535. Optionally sets also the Segment Routing Local Block. The negative command always unsets both.

segment-routing local-block (16-1048575) (16-1048575)¶: Set the Segment Routing Local Block i.e. the label range used by MPLS to store label in the MPLS FIB for Adjacency SID. Note that the block size may not exceed 65535. This command is deprecated in favor of the combined 'segment-routing global-block A B local-block C D' command.

segment-routing node-msd (1-16)¶: Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane. E.g. for Linux kernel, since version 4.13 the maximum value is 32.

segment-routing prefix <A.B.C.D/M|X:X::X:X/M> <absolute (16-1048575)|index (0-65535) [no-php-flag|explicit-null] [n-flag-clear]¶: prefix. The 'no-php-flag' means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The 'explicit-null' flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The 'n-flag-clear' option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs.

show isis segment-routing prefix-sids¶: Show detailed information about all learned Segment Routing Prefix-SIDs.

show isis segment-routing nodes¶: Show detailed information about all learned Segment Routing Nodes.

Debugging ISIS¶

debug isis adj-packets¶: IS-IS Adjacency related packets.

debug isis checksum-errors¶: IS-IS LSP checksum errors.

debug isis events¶: IS-IS Events.

debug isis local-updates¶: IS-IS local update packets.

debug isis packet-dump¶: IS-IS packet dump.

debug isis protocol-errors¶: IS-IS LSP protocol errors.

debug isis route-events¶: IS-IS Route related events.

debug isis snp-packets¶: IS-IS CSNP/PSNP packets.

debug isis spf-events¶

debug isis spf-statistics¶

debug isis spf-triggers¶: IS-IS Shortest Path First Events, Timing and Statistic Data and triggering events.

debug isis update-packets¶: Update related packets.

debug isis sr-events¶: IS-IS Segment Routing events.

debug isis lfa¶: IS-IS LFA events.

show debugging isis¶: Print which ISIS debug level is activate.

ISIS Configuration Examples¶

A simple example, with MD5 authentication enabled:

!
interface eth0
 ip router isis FOO
 isis network point-to-point
 isis circuit-type level-2-only
!
router isis FOO
net 47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00
 metric-style wide
 is-type level-2-only

A Traffic Engineering configuration, with Inter-ASv2 support.

First, the zebra.conf part:

hostname HOSTNAME
password PASSWORD
log file /var/log/zebra.log
!
interface eth0
 ip address 10.2.2.2/24
 link-params
  max-bw 1.25e+07
  max-rsv-bw 1.25e+06
  unrsv-bw 0 1.25e+06
  unrsv-bw 1 1.25e+06
  unrsv-bw 2 1.25e+06
  unrsv-bw 3 1.25e+06
  unrsv-bw 4 1.25e+06
  unrsv-bw 5 1.25e+06
  unrsv-bw 6 1.25e+06
  unrsv-bw 7 1.25e+06
  admin-grp 0xab
!
interface eth1
 ip address 10.1.1.1/24
 link-params
  enable
  metric 100
  max-bw 1.25e+07
  max-rsv-bw 1.25e+06
  unrsv-bw 0 1.25e+06
  unrsv-bw 1 1.25e+06
  unrsv-bw 2 1.25e+06
  unrsv-bw 3 1.25e+06
  unrsv-bw 4 1.25e+06
  unrsv-bw 5 1.25e+06
  unrsv-bw 6 1.25e+06
  unrsv-bw 7 1.25e+06
  neighbor 10.1.1.2 as 65000

Then the isisd.conf itself:

hostname HOSTNAME
password PASSWORD
log file /var/log/isisd.log
!
!
interface eth0
 ip router isis FOO
!
interface eth1
 ip router isis FOO
!
!
router isis FOO
 isis net 47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00
  mpls-te on
  mpls-te router-address 10.1.1.1
!
line vty

A Segment Routing configuration, with IPv4, IPv6, SRGB and MSD configuration.

hostname HOSTNAME
password PASSWORD
log file /var/log/isisd.log
!
!
interface eth0
 ip router isis SR
 isis network point-to-point
!
interface eth1
 ip router isis SR
!
!
router isis SR
 net 49.0000.0000.0000.0001.00
 is-type level-1
 topology ipv6-unicast
 lsp-gen-interval 2
 segment-routing on
 segment-routing node-msd 8
 segment-routing prefix 10.1.1.1/32 index 100 explicit-null
 segment-routing prefix 2001:db8:1000::1/128 index 101 explicit-null
!

ISIS Vrf Configuration Examples¶

A simple vrf example:

!
interface eth0 vrf RED
 ip router isis FOO vrf RED
 isis network point-to-point
 isis circuit-type level-2-only
!
router isis FOO vrf RED
 net 47.0023.0000.0000.0000.0000.0000.0000.1900.0004.00
 metric-style wide
 is-type level-2-only