JNCIS-SP: ISIS lab.

Since I am not really that familiar with isis, I wanted to keep it the lab small and gradually add some routers.
The routers I'll start with are the following two:




scenario


To establish an IS-IS adjacency between the two routers, for starters, the routers both need at least one ISO address. Furthermore, the 'famiIy iso' needs to be active on the link between the two routers. This is because isis does not run on IP. Instead, OSI CLNS addressing is used.
The isis address that is shown in the picture above for R6 can be broken down into three parts;

    • area identifier: the first three bytes, 49.0000, define the area ID. The first byte is the address family identifier. The next two bytes define the area ID, 0000.
    • system identifier: the next six bytes is the system identifier that identifies the node. In case of R6, this is 0000.0000.0006.
    • Net selector: the last two bytes are the NET selector. For isis, these bytes are always '00', indicating 'this system'.
To establish an isis adjacency between the routers, isis should be activated on the loopback interface and the link between the routers like this;



scenario


After configuring this on both R6 and R7, let's observe the output:



scenario


By configuring isis on the interfaces, two adjacencies have been established between the routers. This is because by default, when isis is enabled, it is enabled for both level 1 and level 2. The isis routing domain consists of intermediate systems (ISs) which are organized hierarchically. A level 1 ISs route only within an area or towards a level 2 system. Level 2 ISs can route between areas and towards external networks

Our two starting routers will eventually become core routers in our network. They need to have access to all areas. Therefore, they will need to be level 2 routers. In order to make sure there is only a level 2 adjacency between the routers, we need to disable level 1 on both R6 and R7;



scenario


After performing the same task on both R6 and R7, there will only be 1 adjacency left, a level 2 adjacency;



scenario


After establishing a level 2 adjacency between R6 and R7, we can observe the following in the routing table;



scenario


We see all that addresses, both IPv4 and IPv6, that are configured on the R7 loopback were advertised to R6. You can use isis to be the routing protocol for both IPv4 and IPv6 (just like OSPFv3). This is due to the fact that the variable part of the isis PDU can use TLV (Type, Length, Value) parameters which can be used to convey all sorts of information.

By default, isis is enabled for both IPv4 and IPv6. To keeps things simple, let's start with just IPv4 and deactivate IPv6 on both routers;



scenario


Let's proceed and extend our network with 2 additional routers, R2 and R1. Both of these routers will be located in another area.



scenario


R1 is going to be a level 1 router forming a level 1 adjacency with R2. R2 will also have a level 2 adjacency with R6.
The configuration on R1 will be as follows:



scenario


Here, we disabled level 2 for isis. This way, we do not need to specify it on a per-interface basis. Let's go over to R2 and connect R1 with the rest of the network:



scenario


On R2, we now have connectivity to all other nodes in the network. This is not the case for R1 however. It is not receiving any routes. The only routes R1 receives are the loopback IP addresses from R2:



scenario


By default, level 1 routes are forwarded to level 2 routers. This means that R6 and R7 will have already learned the 1.1.1.1/32 prefix. Advertising level 2 routes to level 1 routers will not happen by default. You can configure route-leaking from to have a level 2 router leak it's level 2 routes to a level 1 router.
Let's leak a default route from R2 to R1 after redistributing a default route into isis from R7 like this;



scenario


The R7 part;



scenario


The route will be available on R2 immediately;



scenario


This default route will not be available on R1 just yet. Before that happens, we need to 'leak' the route from level 2 to level 1 on the R2 router. Let's to that next;



scenario


Above, we created a policy that explicitly allows isis to pass a level 2 default route to level 1. We then applied that policy as an export policy under isis.
The result is that R1 now has a default route, so it can reach the rest of the network:



scenario


Before moving on, let's examine the isis adjacency in a little more detail. Take the following output;



scenario


This is the adjacency between R1 and R2. The output tells us the following:

    • the neighbor's name is MX80-R2
    • the interface priority of the neighbor
    • the LAN id is the name of the DIS router, which is the router with the highest priority. In the event of a tie the router with the highest SNPA (MAC on Ethernet networks) wins

Let's examine this DIS. The Designated IS router, in our case R2, is the router that represents the broadcast multi-access network to the rest of the network.
The DIS is the router that creates and acts on behalf of the pseudo node. The pseudo node is perhaps easier explained through the following 2 pictures. Imagine a LAN-segment with three attached routers;



scenario


When these routers form an adjacency, they elect 1 DIS. This DIS router will then manage and create a pseudo node, sort of a virtual router. This pseudo node will simplify the LAN topology as a point-to-point topology. This is to prevent an excessive amount of neighbor relationships and protocol traffic when the number of connected routers increases.



scenario


All routers on the LAN form an adjacency with the pseudo node reducing the number of adjacencies required. All routers continuously update the pseudo node with routing information. The pseudo node is responsible for the flooding of LSPs.
Let's look at R2 for a moment. Here we can observe the following;



scenario


In the database, there are three LSP-IDs (Link-Stat PDUs). These three marked LSP-IDs represent two actual routers (R6 and R7) and a pseudo-node. The pseudo node in this case is MX80-R6.02-00. If we consult the isis database more extensively, we can see the neighbor list of the pseudo node;



scenario


If we go over to R7 and perform the following;



scenario


The R7 router will preempt R6 and become the new DIS based on priority (R6's priority is still 64).
Upon becoming the DIS, R7 will create a new pseudo node. This is visible on R2 shortly after the change on R7;



scenario


We can see that the lifetime of the previous pseudo node is set to 0 and that there is a new entry: MX80-R7.02-00.
When reading about this DIS, you might be thinking about an OSPF's DR. However, the DIS has some different characteristics. Some of which are;

    • if the priority of an interface changes, one router can preempt the current DIS
    • there is no concept of a backup DIS
    • when the DIS changes, a new set of link-state PDUs must be flooded
    • the DIS has alternate timers (3s hello interval and 9s hold-time versus 9s hello interval and 27s hold-time)

In our current lab, the segment only connects to 2 routers. This means the DIS is not really a necessity. Lets create the interface between R2 and R6 in a point-to-point interface, eliminating the DIS router on that segment:



scenario


Let's take a further look at the following command;



scenario


This command shows some of the isis PDUs;

    • LSP: Link State PDU. These are periodically flooded throughout the area and contain information about the state of adjacencies.
    • IIH: isis Hello. Packets broadcasted to discover the identity of the neighbor and to determine whether the neighbor is level 1 or level 2.
    • CSNP: Complete Sequence Number PDU. Sent periodically on all links, and carries a complete description of all LSPs in the LSDB.
    • PNSP: Partial Sequence Number PDU. Like an OSPF LSR, sent when a router detects an unknown LSP in a CNSP.


Let's keep it random and briefly touch the isis metrics.

There is the old-style and the new-style metric, which are both send by default on a Junos router. The old-style metric was limited to a maximum value of 63 with a maximum path value of 1023. To offer more granularity, the new-style metric has a significantly larger range allowing more granularity to define the cost of a link. The path metric are basically summed up on each router to determine the path value. The lower path value is preferred.
Let's move to R2 and change the metrics:



scenario


In the picture above, the level 1 metric on R2 was altered to send the new-style only. The metric for the individual link towards R1 was set to 5000. This does not mean that the default route on R1 will have a higher metric. What will happen is that the routes advertised across the link by R1 will have a higher metric.
Under show isis overview, you can see what metrics are used under the two isis levels. By specifying the 'wide-metrics-only', you basically disable the old-style metric.

Let's look at another example with the old-style metric and see the effects of changing the metrics.



scenario


If we change the metric on the link between R6 and R2, we will increase the cost of all routes that traverse the link from R6 to R2. Observe the cost of the route to 1.1.1.2/30 from R7:



scenario


It is increased from 70 to 100. Normally, the metric of the link between R6 and R2 would have been 10. We increased by 30 to 40.

I just took another look at the exam objectives of the JNCIS-SP isis section, and I think I just about covered most of it, so I'll move on to something else.

17-8-2014