Category: IS-IS


IS-IS is a true multi-protocol routing protocol as it supports IPv6, all it simply does is use different TLVs for IPv6 addresses, just like IPv4 prefixes are transported, IPv6 prefixes are exchanged the exact same way.

What’s more is IS-IS doesn’t use separate instances or address families to transport IPv4 and IPv6 addresses, it can transport those prefixes using a single instance of IS-IS.  Adjacencies, LSPs, Level 1 and Level 2 routing are all identical to IPv4 prefix sharing.

IS-IS: Authentication

IS-IS adds an additional TLV record to LSPs to facilitate the authentication password that’s used.  Since LSPs cannot be modified by any router other than the originating router, all routers within an area must have the same name configured.

LSP Authentication passwords are separated by LSP type.  L1 LSPs can have one password while using a different password for L2 LSPs.  You can manually define these passwords using the respective IOS commands for each LSP type.

You can configure authentication to be in IIH LSPs, but you can also enable authentication on CSNPs, and PSNPs but configuring the password under the IS-IS process itself.

If passwords do not match this will force adjacencies to fail.  Authentication passwords can be set to clear text or MD5.

IS-IS: Attached, Partition Repair, Overload Bit

There are three LSP flags that can potentially be turned on in IS-IS messaging:

  • Attached bit
  • Partition Repair bit
  • Overload bit

Attached bit – When an L1L2 router forms adjacencies or learns routes to other outside areas, that router will turn the Attached bit on and begin flooding LSPs with it.  This will be received by other L1 routers in its area, and indicate to those other routers that it’s attached to other areas.  This will cause those L1 routers to install a default route to the closest L2 router with the Attached bit set.

Partition Repair bit – this bit indicates if a router is capable of an optional feature that allows healing a partitioned are over a L2 subdomain, Cisco does not support this so it is always off and set to 0

Overload bit – this was meant to inform other routers that for any reason the originating router was unable to store all LSPs in its memory.  An effect of this would be other area routers removing this device from being considered in the SPF topology and would converge network traffic around this device so its no longer used in routing.

A useful method for the Overload bit would be to turn it on manually for a network maintenance to allow the network to immediately converge across a different path so that device can be taken out and worked on.

IS-IS: Areas

Routers are usually assigned a single NSAP address belonging to a single area. It is possible for up to three NSAP addresses to be configured provided all System IDs in each NSAP are the same but have different area identifiers.

A router with multiple NSAP addresses will maintain a single LSDB per level of prefixes it learns. This essentially merges all of its configured areas together in the LSDB. This allows flexibility when changing area numbers since you can maintain neighborship when bringing a new area number online and taking the old one down.

IS-Is areas normal operation depend on the routing level enabled on the routers. L1 routers in an area have no L2 LSDB and no information from other areas carried by L2 routers. L2 routers will create adjacencies with other L2 routers regardless of area ID and will share all information in their L2 LSDB.

Multiple areas in a domain are created usually for the purpose of address summarization, in Is-IS area summarization should be configured on each L1L2 router in the area. Area summarization is simply configured by the summary-address command inside the router isis section.

IS-IS: Operation over Broadcast Links

IS-IS routers must create adjacencies, sync their databases, and keep them synchronized as usual.  Nothing different here.  However IS-IS packets for Level 1 are sent to multicast address 0180.c200.0014.  Level 2 packets are sent to multicast address 0180.c200.0015.

IIHs are still used to discover neighbors and they will include the SNPA of all neighbors the originating router receives IIHs from.  When routers receive these IIHs and see their own SNPA they know to turn their adjacency all the way up.

IS-IS will also determine a DIS over a multiaccess network.  The DIS is elected based off the following criteria:

  • the router with the highest interface priority
  • If there is a tie, the router with the highest SNPA
  • In case SNPAs are not comparable, the router with the highest System ID.  This rule is for Frame Relay and ATM networks as IS-IS treats these interfaces as broadcast interfaces.

One thing to keep in mind about DIS elections is that IS-IS routers are preemptive and will take over the role of DIS if a new routers priority or SPNA or System ID is highest.

A DIS is responsible for two things:

  • Helping routers on a broadcast segment synchronize
  • Representing the broadcast segment in the LSDB as a standalone object or Pseudonode

The pseudonode will send CSNPs on a very short interval every ten seconds.  IS-IS routers process these CSNPs as they would normally do from a regular IS-IS neighbor.  PSNPs will be sent for any unknown or outdated LSPIDs as usual to the DIS and the DIS would flood those requested LSPs as needed.

The Pseudonode must have its own database with each neighbor in order for path selection to work.  To do this the DIS must send a unique LSP for the DIS out to the network on behalf of the pseudonode.

IS-IS: Operation over Point-to-Point

IS-IS expects to detect a single neighbor, bring up an adjacency and sync LSDBs on point to point interfaces.  RFC3373 (now RFC5303) introduced a threey way handshake for point to point IS-IS routers to become neighbors.

On point to point networks the Local Circuit ID of the interface appears on IIH packets.  These are only used to detect any change in the Local Circuit Id on the other end of the link.

The Local Circuit Id limits a router to 256 interfaces, when the three way handshake was introduced it also included Extended Local Circuit Id support that is 4 octets long.

The three way handshake IIH packets include the following fields:

  • Adjacency Three Way State – this is the state of the adjacency as seen by the sending router
  • Extended Local Circuit ID – The ID of the sending routers interface
  • Neighbor System ID – This value is set to the ID of the neighboring router whose IIHs have been successfully received.
  • Neighbor Extended Local Circuit ID – This value is set to the Extended Local Circuit ID field value from the neighbors IIH packets.

When neighbors are sending IIHs to each other when one side receives the IIH, it will begin sending IIHs with the Adjacency three Way State set to Initializing and includes the Neighbors System Id and Local Circuit Id to indicate that it hears the neighbor.

When the originating neighbor receives an IIH with its own System ID and Local Circuit Id and it matches what it’s advertising, that neighbor sets his state to Up and begins sending IIHs with the other neighbors System ID and Circuit ID.

When the receiving neighbor gets the IIH from the originating neighbor who is UP, and it sees its own System ID and Circuit ID in the message and it matches what it’s sending, it then turns its neighbor state up and concludes the handshake.

As a security measure IS-IS routers will only accept IIHs for three way adjacencies if the following are met:

  • The Neighbor System ID, Neighbor Extended Local Circuit ID, are not present
  • The Neighbor System ID matches the receiving routers System Id and the Neighbor Extended Local Circuit ID matches the receiving interfaces ID.

If these are not met incoming IIHs are dropped.

When neighbors initially come up their first intention is to flood all known LSPs to the new neighbor, CSNPs will be sent in addition to all the LSPs for redundancy to ensure any LSPs missing during the exchange are resent and acknowledged using PSNP packets.

IS-IS: Operation over Different Network Types

IS-IS natively supports only broadcast and point to point network types, and there are no special provisions needed to correctly operate over partially meshed data link layer topologies.  However running Is-Is over those types of networks can result in partial visibility or incomplete routing tables, its best to configure point to point sub interfaces and run IS-IS over the point to point links.

IS-IS neighbors have three adjacency states:

  • Down – initial state no IIHs have been received
  • Initializing – IIHs have been received but its not certain that the originating router is receiving the IIHs from the receiving router.
  • Up – IIHs have been received from the neighbor and both neighbors can see each other.


IS-IS: CSNP and PSNP Packets

Complete Sequence Number PDUs are similar to OSPF DBD packets.  The purpose of these types of packets is to advertise a complete list of LSPs in the senders LSDB.  Any neighbor who receives these CSNP packets can compare their existing LSDB to the contents of the CSNP, if any LSPs have higher sequence numbers in the CSNP then the neighbor knows it needs to request an update of the LSP to update its LSDB to the most recent version or get any LSP it may not already be aware of.

CSNP packets advertise all the LSPs from the sender in Ascending order starting with 0000.0000.0000.00-00 and ending at FFFF.FFFF.FFFF.FF-FF.  If there are so many LSPs that a CSNP needs to be broken up, it will do so with as many LSP headers that can fit, and pick up where it left off on subsequent CSNP packets.

Point to point links exchange CSNP packets during initial adjacency buildup.

Broadcast networks have CSNP packets sent at regular intervals by the DIS.

Partial Sequence Number Packets are used by IS-IS routers to request updated LSPs from neighbors and acknowledge that they have received them.  a single PSNP can request multiple LSPs.


IS-IS: Link State PDUs

A Link State Protocol Data Unit (LSP) is used to advertise the routing information of the network.  In IS-IS the smallest element of a LSDB would be the LSP.  There are no different types of LSPs instead to describe specific network elements, with in an LSP distinct TLV records are used inside an LSPs variably sized payload.

LSPs are identified by a unique number that consists of three parts:

  • System ID – is this is System Id of the router that originated the LSP (6 octets taken from the NET address of the originator)
  • Pseudonode ID – this differentiates between the LSP describing the router itself and the LSPs for multiaccess networks in which the router is a DIS
  • LSP Number – this denotes the fragment number of the LSP.  the LSP number is also called the Fragment Number or Fragment for short.

these three parts together are referred to as the LSPID.

For LSPs that describe routers themselves, the Pseudonode ID is always 0.

to distinguish between various versions of the same LSP, a sequence number is used.  Sequence numbers are 32 bit unsigned integers starting at 0x00000001 and ending at 0xFFFFFFFF.  Each modification of an LSP causes the sequence number to increment by 1. This is how IS-IS informs neighbors of changes to a specific link, when the sequence number in the advertised LSPs increases, it causes neighbors to update their LSDBs with the most up to date LSP being received.

LSPs have a lifetime value associated with it.  This is set to 1200 seconds and is decreased.  If the lifetime decreases to 0, the router will delete the LSPs body from the LSDB, keep only the header, and advertise an empty LSP with the lifetime set to 0.  This is referred to as an LSP purge, this allows other routers to learn the purged route and Cisco devices will hold the empty LSP header for another 20 minutes before it’s removed entirely frio the LSDB.

Since IS-IS encapsulates its messages within a layer 2 frame, whose max payload size (MTU) is limited IS-IS must implement its own form of fragmentation for LSPs whose size exceeds that of the Frame MTU.  If an LSP were to have so many TLVs that it exceeded the MTU, it would simply break them up and send multiple LSPs.  This ‘fragmentation’ is only performed by the originating router.  This makes having MTU set to be the same across a network to ensure frames are not dropped.  If there is a varying difference in MTU within a network, IS-IS must be configured to account for the smallest MTU on the network.

The address information about all networks are contained in LSPs of each router connected to the network.  The topological information about the network and the connected routers are contained in the Pseudonode LSP generated by the DIS.  This means  that an IS-IS router on a specific level of routing will generate one LSP for itself and all topological information, and one LSP describing itself and one more Pseudonode LSP for each network it is a DIS in.

IS-IS: Hello Packets

Hello packets also referred to as IIH (IS-IS Hello) are used to perform tasks such as detecting neighboring routers, establishing and maintaining adjacencies, and electing a Designated IS (DIS).

On broadcast type interfaces IS-IS uses separate L1 and L2 Hello packets.

On point to point interfaces IS-IS uses a single L1L2 packet, also referred to as a point to point hello.

Hellos are sent every 10 seconds by default and can be configured between 1 – 65535 seconds using interface sub commands.

Instead of defining a specific Hold time, its based off a multiplier to determine the amount of time it takes for Hellos to detect a change.  The default hello multiplier value is 3, resulting in a default of 30 seconds hold time.  This can also be changed per interface using interface subcommands.  Timers do not need to match for IS-IS adjacencies to form.

DIS timers are always one third of the configured timers this allows the DIS to more readily inform the areas neighbors that it has gone down.