Configuring IS-IS
Problem
You want to configure IS-IS on a JUNOS router.
Solution
There are three steps to setting up IS-IS. First, define the interfaces on which IS-IS will run and the levels to which the interfaces will be attached:
[edit protocols isis] aviva@RouterG# set interface fe-0/0/1 aviva@RouterG# set interface fe-1/0/0 level 2 disable aviva@RouterG# set interface lo0.0
Second, enable the ISO protocol family on the interfaces:
[edit interfaces] aviva@RouterG# set fe-0/0/1 unit 0 family iso aviva@RouterG# set fe-1/0/0 unit 0 family iso
Finally, configure a NET on the lo0 interface:
[edit interfaces] aviva@RouterG# set lo0 unit 0 family iso address 49.0020.1921.6801.9001.00
Discussion
The basic setup to get IS-IS up and running on your router is straightforward. Enable the protocol on all router interfaces that will participate in the IS-IS domain and specify the level at which they should run. This recipe configures the IS-IS on the router topology shown in Figure 11-1. Here, because interface fe-0/0/1 is a border node between areas 20 and 30, you need to specify only the interface name because, by default, all IS-IS interfaces are both Level 1 and Level 2 interfaces.
The other interface, fe-1/0/0, is only in area 20, so it is a Level 1 router. For this interface, you disable Level 2 operation.
Figure 11-1. IS-IS network topology with one area
In addition to the network interfaces, you should also run IS-IS on the lo0.0 interface because this is the most straightforward way to ensure that your loopback address (or addresses) is advertised into IS-IS. IS-IS automatically treats the loopback interface as passive, which means that the interface advertises its direct addresses but does not form adjacencies. (In older versions of JUNOS software, you had to include the passive statement on the loopback interface to have the interface be passive, but this has changed in newer versions.) However, to have other interfaces be passive, you must configure them explicitly by including the passive statement; for example:
[edit protocols isis] aviva@RouterG# set interface fe-1/0/1.0 level 2 passive
In the interfaces portion of the configuration, configure the interfaces that will be running IS-IS, here fe-0/0/1 and fe-1/0/0, so that they recognize and accept ISO packets. Do this by including family iso in the logical interface. Interfaces can have multiple address families on them, as you can see for fe-0/0/1:
aviva@RouterG> show configuration interfaces fe-0/0/1 unit 0 { family inet { address 10.0.1.2/24; } family iso; }
Also, you must set a NET for the router. Technically, you can set this address on any interface but, in practice, you set it on the router's loopback interface, lo0. This address is stable, and, as long as the router is up, this interface is accessible. If you assign the NET on a network interface and that interface goes down, IS-IS will stop functioning on the router. You can assign multiple NETs to the lo0 interface, which might be useful when migrating two previously independent IS-IS domains into a single domain.
After this simple configuration, the IS-IS protocol takes over. You do not have to configure neighbors. IS-IS automatically discovers them and establishes adjacencies with its neighbors by first sending IS-IS Hello ( IIH) packets to ensure that the two ends of the link can communicate.
To check that IS-IS is running on the router interfaces, use the show isis interface command:
aviva@RouterG> show isis interface IS-IS interface database: Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric fe-0/0/1.0 3 0x2 RouterG.02 RouterG.02 10/10 fe-1/0/0.0 1 0x3 RouterG.03 Disabled 10/10 lo0.0 0 0x1 Passive Passive 0/0
This output shows the two Fast Ethernet interfaces we configured for IS-IS, as well as the lo0 interface. The second column, L, shows that fe-0/0/1 is a Level 1Level 2 interface (represented by the number 3) and fe-1/0/0 is a Level 1 interface. The loopback address is also listed because a NET is configured on it but it does not participate in any IS-IS level (shown as 0 in the L column). The two DR columns show the name of the router that has been elected as the DIS for that level. Interface fe-1/0/0 has no Level 2 DR (Disabled) because it is a Level 1 interface. You may wonder how IS-IS discovers the name of the neighbor because it is not an IP routing protocol and hence doesn't support DNS. The answer is that the JUNOS software supports dynamic mapping of ISO system identifiers to the hostname. If you have configured a router name with the set system host-name command, this name, and not the router's NET, is displayed in all IS-IS output. The JUNOS implementation of IS-IS includes the hostname in the LSP, using the dynamic hostname TLV, type 137, to cache the symbolic name of the router.
In the DR columns for the lo0.0 interface, the interface is shown as Passive, which is the default when you configure IS-IS on the loopback interface.
The last column shows the link's Layer 1 and Layer 2 metrics, which are 10 by default.
You can see a brief summary of the adjacencies the router has established with the show isis adjacencies command:
aviva@RouterG> show isis adjacency Interface System L State Hold (secs) SNPA fe-0/0/1.0 RouterH 2 Up 21 0:5:85:c1:d1:d1 fe-1/0/0.0 RouterA 1 Up 6 0:5:85:ca:ca:70
The output shows the two interfaces we configured. The interface fe-0/0/1 participates in a Level 2 area, connecting to RouterH, and interface fe-1/0/0 connects to RouterA. Notice that the lo0 interface is not listed because it doesn't form any adjacencies. The State column shows that both adjacencies are operational (Up). The Hold column shows the amount of time remaining before the router closes the adjacency. By default, IS-IS sends Hello packets, which act as adjacency keepalives, every three seconds for DIS routers and every nine seconds for Level 1 routers. Non-DIS routers send Hello packets less frequently in case IS-IS needs to re-elect a DIS. While a DIS is being elected, there is likely to be traffic loss. Having a longer hello timer interval on the non-DIS systems remedies this problem. The default hold time is three times the hello interval, or 9 seconds, and 27 seconds for DIS and Level 1 routers, respectively. The SNPA column shows the subnetwork point of attachment, which is the MAC address of the next hop.
The detail version of this command gives a bit more insight into the adjacencies:
aviva@RouterG> show isis adjacency detail RouterH Interface: fe-0/0/1.0, Level: 2, State: Up, Expires in 21 secs Priority: 64, Up/Down transitions: 1, Last transition: 17:16:43 ago Circuit type: 3, Speaks: IP, IPv6, CLNS, MAC address: 0:5:85:c1:d1:d1 Topologies: Unicast Restart capable: Yes LAN id: RouterG.02, IP addresses: 10.0.1.1 RouterA Interface: fe-1/0/0.0, Level: 1, State: Up, Expires in 7 secs Priority: 64, Up/Down transitions: 1, Last transition: 16:57:54 ago Circuit type: 1, Speaks: IP, IPv6, MAC address: 0:5:85:ca:ca:70 Topologies: Unicast Restart capable: Yes LAN id: RouterA.02, IP addresses: 10.0.16.1
The output shows the other two IS-IS routers. RouterG reaches RouterH over interface fe-0/0/1, and it connects to RouterA over interface fe-1/0/0. The State field shows that the adjacencies are operational (Up), and the Expires field shows the amount of time remaining before the router closes the adjacency. The second line shows the router's DR priority, how many times the adjacency has gone down and come back up, and when the last up-down transition occurred. The third line shows the Circuit type, which is the IS-IS level. A value of 3 indicates the router is a Level 1Level 2 router, a value of 2 is a Level 2only router, and a value of 1 is a Level 1only router. The Speaks field shows the protocols that the router is running, and the MAC address field shows the subnetwork point of attachment, which is the MAC address of the next hop. The last line shows the IS-IS identifier of the router on the LAN and the router's IP address.
If the IS-IS adjacency doesn't come up, there are a few things to check when trouble-shooting. First, make sure the physical interface is operational. Here, the adjacency with RouterH is down:
aviva@RouterG> show isis adjacency Interface System L State Hold (secs) SNPA fe-0/0/1.0 RouterH 2 Down 0 0:5:85:c1:d1:d1 fe-1/0/0.0 RouterA 1 Up 8 0:5:85:ca:ca:70
RouterG's interface to RouterH is up:
aviva@RouterG> show interfaces fe-0/0/1 terse Interface Admin Link Proto Local Remote fe-0/0/1 up up fe-0/0/1.0 up up inet 10.0.1.2/24 iso
but the interface on RouterH is not:
aviva@RouterH> show interfaces fe-0/0/1 terse Interface Admin Link Proto Local Remote fe-0/0/1 down up fe-0/0/1.0 up down inet 10.0.1.1/24 iso
Checking the configuration, you see that the interface has been disabled:
aviva@RouterH> show configuration interfaces fe-0/0/1 disable; unit 0 { family inet { address 10.0.1.1/24; } family iso; }
Delete the disable statement to activate the interface.
Next, check that all interfaces in a Level 1 area are configured with the same area identifier. You can check this on the local router:
aviva@RouterG> show interfaces terse lo0.0 Interface Admin Link Proto Local Remote lo0.0 up up inet 192.168.19.1 --> 0/0 iso 49.0020.1921.6801.9001
Also check on the Level 1 neighbor:
aviva@RouterA> show interfaces terse lo0.0 Interface Admin Link Proto Local Remote lo0.0 up up inet 192.168.42.1 --> 0/0 iso 49.0020.1921.6804.2001
You see that both routers are in area 20.
You can also find the area identifier in the IS-IS TLV field in the database:
aviva@RouterG> show isis database extensive level 1 IS-IS level 1 link-state database: RouterG.00-00 Sequence: 0x63, Checksum: 0xfe33, Lifetime: 549 secs … TLVs: Area address: 49.0020 (3) …
Check the interface's MTU to make sure that it is at least 1,492 bytes:
aviva@RouterG> show interfaces fe-0/0/1.0 Logical interface fe-0/0/1.0 (Index 64) (SNMP ifIndex 40) Flags: SNMP-Traps Encapsulation: ENET2 Protocol inet, MTU: 1500 Flags: None Addresses, Flags: Is-Preferred Is-Primary Destination: 10.0.1/24, Local: 10.0.1.2, Broadcast: 10.0.1.255 Protocol iso, MTU: 1497 Flags: Is-Primary
Another common mistake that results in adjacency being down is that the IP addresses on either end of the connection are in different subnets and do not match. An example is having one router interface with an IP address of 192.168.0.1/24 connect to another router with an interface IP address of 192.168.1.2/24.
Finally, check that each interface includes an ISO family and that the lo0 interface has an NET address:
aviva@RouterG> show interfaces terse Interface Admin Link Proto Local Remote … fe-0/0/1.0 up up inet 10.0.1.2/24 iso fe-1/0/0 up up fe-1/0/0.0 up up inet 10.0.16.2/24 iso … lo0.0 up up inet 192.168.19.1 --> 0/0 iso 49.0020.1921.6801.9001 …