IS-IS routing
NOTES:
- You must have an advanced features license to use IS-IS routing.
- This feature is supported only on the SVI.
Intermediate System to Intermediate System Protocol (IS-IS) allows routing of ISO’s OSI protocol stack Connectionless Network Service (CLNS). IS-IS is an Interior Gateway Protocol (IGP) that is not intended to be used between Autonomous Systems (AS).
IS-IS is a link state protocol that is well-suited to smaller networks. It is in widespread use and has near universal support on routing hardware. It is quick to configure and works well if there are no redundant paths. However, IS-IS updates are sent out node-by-node, so it can be slow to find a path around network outages. IS-IS also lacks good authentication, can not choose routes based on different quality-of-service methods, and can create network loops if you are not careful. IS-IS uses Djikstra’s algorithm to find the best path, like OSPF.
While OSPF is more widely known, IS-IS is a viable alternative to OSPF in enterprise networks and ISP infrastructures, largely due to its native support for IPv6 and its nondisruptive methods for splitting, merging, migrating, and renumbering network areas.
This chapter covers the following topics:
Terminology
TLV: IS-IS uses type-length-value (TLV) parameters to carry information in Link-State PDUs (LSPs). The TLV field consists of one octet of type (T), one octet of length (L), and “L” octets of value (V).
Link-state PDU (LSP): The LSP contains information about each router in an area and its connected interfaces.
Complete sequence number PDU (CSNP): CSNPs contain a list of all LSPs in the current LSDB.
Authentication keychain: A keychain is a list of one or more authentication keys including the send and receive lifetimes for each key. Keys are used for authenticating routing packets only during the specified lifetimes.
Configuring IS-IS
Configuring IS-IS on the FortiSwitch unit includes the following major steps:
- Enter the IS-IS configuration mode.
- Configure the interface.
- Configure the network.
- Redistribute non-IS-IS routes. Advertise these non-IS-IS routes within IS-IS.
1. Enter the IS-IS configuration mode
Enter the IS-IS configuration mode to access all of the IS-IS configuration commands:
# config router isis
2. Configure the interface
Enable the status option for IPv4 traffic or the status6 option for IPv6 traffic on the specified interface:
config interface
edit <IS-IS interface name>
set auth-keychain-hello <string>
set auth-mode-hello {md5 | password}
set auth-password-hello <password>
set bfd {enable | disable}
set bfd6 {enable | disable}
set circuit-type {level-1 | level-1-2 | level-2}
set csnp-interval-l1 <1-65535 seconds>
set csnp-interval-l2 <1-65535 seconds>
set hello-interval-l1 <1-65535 seconds; 0 to use 1-second hold time>
set hello-interval-l2 <1-65535 seconds; 0 to use 1-second hold time>
set hello-multiplier-l1 <2-100>
set hello-multiplier-l2 <2-100>
set hello-padding {disable | enable}
set metric-l1 <1-63>
set metric-l2 <1-63>
set passive {disable | enable}
set priority-l1 <0-127>
set priority-l2 <0-127>
set status {disable | enable}
set status6 {disable | enable}
set wide-metric-l1 <1-16777214>
set wide-metric-l2 <1-16777214>
end
3. Configure the network
Configure the IS-IS network:
config net
edit <identifier>
set <IS-IS net xx.xxxx. ... .xxxx.xx>
end
4. Redistribute non-IS-IS routes
Redistribute non-IS-IS routes within IS-IS for IPv4 traffic or for IPv6 traffic:
config redistribute {bgp | connected | ospf | rip | static}
set status {disable | enable}
set metric <0-4261412864>
set metric-type {external | internal}
set level {level-1 | level-1-2 | level-2}
set routemap <string>
end
config redistribute6 {bgp6 | connected | ospf6 | ripng | static}
set status {disable | enable}
set metric <0-4261412864>
set level {level-1 | level-1-2 | level-2}
set routemap <string>
end
The following is an example of an IS-IS configuration for IPv4 traffic:
config router isis
set default-information-metric 60
config interface
edit "vlan100"
set circuit-type level-1
set priority-l1 80
set wide-metric-l1 200
next
edit "vlan102"
set circuit-type level-2
next
end
config net
edit 1
set net 49.0002.0000.0000.1048.00
next
end
set metric-style wide
config redistribute "connected"
set status enable
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
end
The following is an example of an IS-IS configuration for IPv6 traffic:
config router isis
config interface
edit "vlan10"
next
end
config net
edit 1
set net 49.0000.0010.0100.1001.00
next
end
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
config redistribute6 "connected"
end
config redistribute6 "static"
end
config redistribute6 "ospf6"
end
config redistribute6 "ripng"
end
end
Configuring BFD for IS-IS
You can use bidirectional forwarding detection (BFD) for the IS-IS routing protocol using IPv4 or IPv6 addresses:
config router isis
config interface
edit <IS-IS interface name>
set bfd {enable| disable}
set bfd6 {enable| disable}
next
end
end
For example, if you want to enable IPv4 BFD on vlan100:
config router isis
config interface
edit "vlan100"
set bfd enable
next
end
end
Checking the IS-IS configuration
Use the following commands to check your IS-IS configuration:
get router info isis interface
get router info isis route
get router info isis summary
get router info isis topology
get router info6 isis interface
get router info6 isis route
get router info6 isis summary
get router info6 isis topology