35.2 IS-IS
These sections describe IS-IS configuration tasks:
35.2.1 Enabling IS-IS
For the normal operation of the IS-IS protocol, the router isis command must be used to enable the IS-IS instance. Then the net command is used to set a Network Entity Title (NET) for the device. Next, you must configure at least one address-family. Lastly, the isis enable command is used to enable IS-IS on the desired interface. The IS-IS protocol is enabled upon the completion of these configurations.
To enable IS-IS, the following tasks must be performed.
35.2.1.1 Enable IS-IS Globally and Specify an IS-IS Instance
The switch supports only one IS-IS routing instance per VRF. The routing instance uniquely identifies the switch to other devices. IS-IS configuration commands apply globally to the IS-IS instance.
The switch must be in router IS-IS configuration mode to run IS-IS configuration commands. The router isis command places the switch in router IS-IS configuration mode.
Example
These commands place the switch in IS-IS configuration mode. It also creates an IS-IS routing instance named Osiris.
switch(config)#router isis Osiris
switch(config-router-isis)#
35.2.1.2 Configure the Network Entity Title (NET)
After creating an IS-IS routing instance, you should also configure the Network Entity Title (NET) with the net command. The NET defines the current IS-IS area address and the system ID of the device.
Example
These commands define the current IS-IS area address and the system ID of the device.
switch(config)#router isis Osiris
switch(config-router-isis)# net 49.0001.1010.1040.1030.00
35.2.1.3 Set the Address Family Configuration
The address-family command allows you to enable the address families that IS-IS will route and also enter a configuration sub-mode to configure settings that are distinct to that address family. The address families supported are IPv4 unicast and IPv6 unicast.
Example
These commands enable and enter the address family mode for IPv4 unicast.
switch(config)#router isis Osiris
switch(config-router-isis)#address-family ipv4 unicast
switch(config-router-isis-af)#
35.2.1.4 Enable IS-IS on a Specified Interface
After enabling IS-IS, you need to specify on which interface IS-IS will be run with the isis enable command.
Example
These commands enable IS-IS on the specified interface Ethernet 4.
switch(config-router-isis)#interface ethernet 4
switch(config-if-Eth4)#isis enable Osiris
35.2.2 IS-IS Optional Global Parameters
After globally enabling IS-IS, the following global parameters can be configured.
35.2.2.1 Set the Router Type
The is-type command sets the routing level for an IS-IS instance.
Example
These commands specify level-2 for the IS-IS instance.
switch(config)#router isis Osiris
switch(config-router-isis)#is-type level-2
switch(config-router-isis)#
35.2.2.2 Configuring Redistribution of Connected or Static non-ISIS Routes
The redistribute (IS-IS) command configures redistribution of connected or static non-ISIS routes.
Example
These commands redistribute connected routes into the IS-IS domain.
switch(config)#router isis Osiris
switch(config-router-isis)#redistribute connected
switch(config-router-isis)#
35.2.2.3 Configuring Redistribution of Connected or Static non-ISIS Routes into Level-1
The non-ISIS routes can be exported into Level-1, Level-2 or both by using route map’s set condition. By default, the routes are exported only to Level-2. The Level-1 or Level-2 routes can also be filtered using the route map’s match statement. The route map is then used when redistributing routes in ISIS.
The following example shows the steps to configure route redistribution into Level-1 or Level-2:
Example
Step 1 Place the switch in route-map mode and use set isis level command to configure a route map to set the IS-IS level.
Switch(config-route-map-rm)#set isis level [level-1|level-2|level-1-2]
Step 2 The configured route map is then used while redistributing routes in ISIS using the redistribute (IS-IS) command.
Switch(config-router-isis)#redistribute [connected|static] route-map <route-map name>
Output of show isis database detail is used to make sure that the route shows up in the exported level.
35.2.2.4 Configuring Redistribution of BGP Routes into ISIS Network
The redistribute bgp route-map command advertises the routes learned through BGP routes into the IS-IS network. It also allows the user to selectively advertise some routes and modify route attributes before advertising using route-maps.
The command is available in both address-family mode and router IS-IS mode, however, the command is rejected if configured in both address-family mode and router mode at the same time.
Note If the command is configured in router address family mode, it only redistributes routes with matching address family. If it is configured in router mode, it applies to all enabled address-families.
Use show isis database detail command to verify that routes are advertised with correct attributes.
Examples
In this example the redistribute bgp route-map command redistributes the BGP routes into ISIS domain, in address-family mode.
Switch(config)#router isis 1
Switch(config-router-isis)#address-family ipv4
Switch(config-router-isis-af)#redistribute bgp route-map bgp-to-isis-v4
In this example the redistribute bgp route-map command redistributes the BGP routes into ISIS, in router isis mode.
Switch(config)#router isis 1
Switch(config-router-isis)#redistribute bgp route-map bgp-to-isis
35.2.2.5 Set the Overload Bit
The set-overload-bit command used without the on-startup option, informs other devices not to use the local router to forward transit traffic. When used with the on-startup option, the overload bit is set for the interval specified after startup.
In scenarios when Border Gateway Protocol (BGP) routes are resolved using an Interior Gateway Protocol (IGP), if the transit router reboots and becomes available again, the IGP will consider the transit router as an optimal path again. After rebooting, the transit router will blackhole traffic until the transit router learns the external destination reachability information via BGP.
Examples
These commands configure the switch and sets the overload bit to 120 seconds after startup.
switch(config)#router isis Osiris
switch(config-router-isis)#set-overload-bit on-startup 120
switch(config-router-isis)#
These commands configure the overload bit until BGP converges. If BGP fails to converge within the set timeout default period, then the overload bit gets cleared.
switch(config)#router isis Osiris
switch(config-router-isis)#set-overload-bit on-startup wait-for-bgp
switch(config-router-isis)#set-overload-bit on-startup wait-for-bgp timeout 750
switch(config-router-isis)#
35.2.2.6 Configure IS-IS MD5 Authentication
To configure authentication for the IS-IS instance causing LSPs, CSNPs and PSNPs to be authenticated, use the authentication mode and authentication key commands. To configure authentication on the interface, causing IS-IS Hellos to be authenticated, use the isis authentication mode. and isis authentication key commands on the interface.
Two forms of authentication are supported by the IS-IS routing protocol: Clear-text authentication and MD5 authentication. The difference between the two forms of authentication is in the level of security provided. In the case of clear-text authentication, the password is specified as text in the authentication TLV, making it possible for an attacker to break authentication by sniffing and capturing IS-IS PDUs on the network. Arista recommends using the MD5 authentication.
HMAC MD5 authentication provides much stronger authentication by computing the message digest (on the IS-IS PDU contents) using the secret key to produce a hashed message authentication code (HMAC). Different modes of authentication can be specified on the interface, which authenticates IIH PDUs (IS-IS hello PDUs), and globally in the router IS-IS mode, in which the LSPs, CSNPs and PSNPs are authenticated. Area-wide and domain-wide authentication can be specified for L1 and L2 routers respectively.
Example
These commands configure authentication for the IS-IS instance causing LSPs, CSNPs and PSNPs to be authenticated.
switch(config)#router isis 1
switch(config-router-isis)#authentication mode md5
switch(config-router-isis)#authentication key secret
switch(config-router-isis)#
These commands configure authentication on the interface causing IS-IS Hellos to be authenticated.
switch(config)#interface Ethernet 3/6
switch(config-if-Et3/6)#isis authentication mode text
switch(config-if-Et3/6)#isis authentication key 7 cAm28+9a/xPi04o7hjd8Jw==
switch(config-if-Et3/6)#
To maximize interoperability, Arista recommends using the same key in both interface mode and in router isis mode.
35.2.2.7 Set the SPF Interval
The SPF timer interval defines the maximum interval between two successive SPF calculations. IS-IS runs SPF calculations following a change in the network topology or the link-state database. The spf-interval command defines the following intervals:
Maximum wait interval: The maximum time a switch will wait before running an SPF after a topology change.
Initial wait interval: In a network that has been stable throughout the hold interval, this interval defines the initial wait time of a switch for performing an SPF calculation after a topology change. As several link-state updates must be sent after a topology change, the initial wait interval allows the network to settle before a switch computes an SPF. If the topology changes during an initial wait interval, an SPF is calculated after the initial wait interval expires and no further changes are made to throttle timers.
Hold time: This interval delays SPF calculations during network instability. If the topology changes during a hold time, an SPF is computed when the hold time expires. Subsequent hold intervals are doubled up to the configured maximum wait interval for continuous topology changes. If the next topology change occurs after the hold interval expires, the hold interval is reset to its configured value and the SPF is computed after the initial wait interval.
Note EOS does not support configuring topology-specific SPF timers in multi-topology deployments and IS-IS level-specific SPF timers.
Example
This command configures maximum wait interval, initial wait interval, and hold time to 10 seconds, 2000 ms, and 1000 ms respectively.
switch(config)#router isis inst1
switch(config-router-isis)#spf-interval 10 2000 1000
35.2.2.8 Configuring IS-IS Segment Routing Global Adjacency-SID
IS-IS Segment Routing (SR) now supports global adjacency SIDs for point-to-point interfaces. The adjacency SID is configured as an index using the adjacency-segment command.
Global adjacency segments are represented using an index instead of actual MPLS labels. The index is an offset into the Segment Routing Global Block (SRGB) advertised by a router, resulting in an MPLS label. The default value of SRGB in EOS is Base: 900000 and Size: 65536.
The same index may be used to configure multiple interfaces so that MPLS forms an ECMP group, and the same index may be applied to IPv4 and IPv6 adjacencies.
Example
In this example, the global adjacency is configured on a point-to-point interface Ethernet Et1, with an index value 10.
Arista(config-if-Et1)#adjacency-segment ipv4 p2p index 10 global
Displaying Adjacency SID Information
The command show isis segment-routing adjacency-segments displays the global adjacency SID value and other related information.
Examples
In this example an interface is configured as follows:
interface Ethernet1
ip address 1.1.1.1/24
ipv6 address 1000::1/64
isis enable isis1
isis network point-to-point
adjacency-segment ipv4 p2p index 1 global
adjacency-segment ipv6 p2p index 2 global
The show output for the above interface configuration:
Switch# show isis segment-routing adjacency-segments
 
System ID: 1000.0000.0002                       Instance: isis1
SR supported Data-plane: MPLS                   SR Router ID: 1.1.1.4
Adj-SID allocation mode: SR-adjacencies
Adj-SID allocation pool: Base: 100000     Size: 16384
Adjacency Segment Count: 2
Flag Descriptions: F: Ipv6 address family, B: Backup, V: Value
                  L: Local, S: Set
 
Segment Status codes: L1 - Level-1 adjacency, L2 - Level-2 adjacency, P2P - Point-to-Point adjacency, LAN - Broadcast adjacency
 
Locally Originated Adjacency Segments
Adj IP Address     Local Intf    SID      SID Source    Flags                Type        
----------------  ----------    ------  -------------  ---------------     -------
     1.1.1.2         Et1         1        Configured   F:0 B:0 V:0 L:0 S:0  P2P L1
fe80::1:ff:fe65:0    Et1         2        Configured   F:1 B:0 V:0 L:0 S:0  P2P L1
 
 
Received Global   Adjacency Segments
  SID             Originator                 Neighbor              Flags    
---------        --------------------        ----------------     ---------
    0                 rtrmpls1                 1000.0000.0002      F:0 B:0 V:0 L:0 S:0
35.2.2.9 Enable Logging for Peer Changes
The log-adjacency-changes (IS-IS) command configures the switch to send syslog messages when it detects IS-IS neighbor adjacency state changes.
Example
These commands configure the switch to send a syslog message when a neighbor goes up or down.
switch(config)#router isis Osiris
switch(config-router-isis)#log-adjacency-changes
switch(config-router-isis)#
35.2.2.10 Set the IS-IS hostname
The is-hostname command configures the use of a human-readable string to represent the symbolic name of an IS-IS router. It also changes the output of IS-IS show commands, to show the IS-IS hostname in place of system IDs if the corresponding IS-IS hostname is known. However, syslogs still use IS-IS system IDs and not the IS-IS hostname.
By default if there’s a hostname configured on the switch, it is used as the IS-IS hostname. It is also possible to un-configure an assigned hostname for IS-IS using the no is-hostname command. When the IS-IS hostname is removed, the switch goes back to using the switch’s hostname as the IS-IS hostname.
Examples
These commands configure the IS-IS hostname to the symbolic name “ishost1” for the IS-IS router.
switch(config)#router isis inst1
switch(config-router-isis)#is-hostname ishost1
switch(config-router-isis)#
These commands unconfigure the IS-IS hostname of the symbolic name “ishost1” for the IS-IS router.
switch(config)#router isis inst1
switch(config-router-isis)#no is-hostname ishost1
switch(config-router-isis)#
35.2.2.11 Configuring IS-IS Multi-Topology
The multi-topology command configures IS-IS Multi-Topology (MT) support (disabled by default), enabling an IS-IS router to compute a separate topology for IPv4 and IPv6 links in the network. With MT configured, not all the links in a network need to support both IPv4 and IPv6. Some can support IPv4 or IPv6 individually. The IPv4 SPF will install IPv4 routes using the IPv4 topology, and similarly, the IPv6 SPF will install IPv6 routes using the IPv6 topology. Without MT support, all links in an IS-IS network need to support the same set of address families.
When MT is enabled, and each link has a separate IPv4 metric and IPv6 metric.
The isis ipv6 metric command configures the IPv6 metric.
The isis multi-topology command configures the IPv4 or IPv6 address family individually on an interface with both IPv4 and IPv6 addresses.
The address families that are enabled on an interface are based on the global address families enabled in router IS-IS configuration mode, and the addresses configured on the interface. To enable a particular address family on an interface, it needs to have an address configured in that address family. In the case where both IPv4 and IPv6 address families are enabled in router IS-IS configuration mode, then if an interface has IPv4 and IPv6 addresses, both IPv4 and IPv6 address families are enabled on that interface. In the case of an interface with only an IPv4 address family, the IPv4 address family is enabled on that interface. Where an interface only has an IPv6 address family, the IPv6 address family is enabled on that interface. Finally, where only the IPv6 address family is enabled in router IS-IS config mode and MT is enabled, then the IPv6 address family is enabled on all interfaces which have an IPv6 address configured.
Examples
These commands configure MT for the IS-IS router.
switch(config)#router isis 1
switch(config-router-isis)#address-family ipv6 unicast
switch(config-router-isis-af)#multi-topology
switch(config-router-isis-af)#
These commands unconfigure MT for the IS-IS router.
switch(config)#router isis 1
switch(config-router-isis)#address-family ipv6 unicast
switch(config-router-isis-af)#no multi-topology
switch(config-router-isis-af)#
These commands configure the IPv6 metric.
switch(config)#interface Ethernet 5/6
switch(config-if-Et5/6)#isis ipv6 metric 30
switch(config-if-Et5/6)#
These commands configure the IPv4 address family on an interface with both IPv4 and IPv6 addresses.
switch(config)#interface Ethernet1
switch(config-if-Et1)#isis multi-topology address-family ipv4 unicast
switch(config-if-Et1)#
These commands configure the IPv6 address family on an interface with both IPv4 and IPv6 addresses.
switch(config)#interface Ethernet1
switch(config-if-Et1)#isis multi-topology address-family ipv6 unicast
switch(config-if-Et1)#
These commands configure both the IPv4 and IPv6 address families on an interface.
switch(config)#interface Ethernet1
switch(config-if-Et1)#no isis multi-topology address-family unicast
switch(config-if-Et1)#
35.2.3 IS-IS Interface Optional Parameters
After globally enabling IS-IS, the following parameters can be configured on individual interfaces.
35.2.3.1 Set the Hello Packet Interval
The isis hello-interval command sets the time interval between the hello packets that maintain an IS-IS adjacency.
Example
These commands configure a hello interval of 60 seconds for Ethernet 4.
switch(config)#interface ethernet 4
switch(config-if-Et4)#isis hello-interval 60
switch(config-if-Et4)#
35.2.3.2 Configure the Hello Multiplier for the Interface
The switch maintains the adjacency by sending/receiving hello packets. When receiving no hello packets from the peer within a time interval, the local switch considers the neighbors invalid.
The isis hello-multiplier command calculates the hold time announced in hello packets by multiplying this number with the configured isis hello-interval.
Example
These commands configure a hello multiplier of 5 for Ethernet 4.
switch(config)#interface ethernet 4
switch(config-if-Et4)#isis hello-interval 60
switch(config-if-Et4)#isis hello-multiplier 5
switch(config-if-Et4)#
35.2.3.3 Configure the IS-IS Metric
The isis metric command sets the cost for sending information over a specific interface. At present only wide metrics are supported.
Example
These commands configure a metric cost of 30 for sending information over Ethernet 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#isis metric 30
switch(config-if-Et5)#
35.2.3.4 Set the LSP Transmission Interval
The isis lsp tx interval command configures the minimum interval between successive LSP transmissions on an interface.
Example
This command sets the LSP transmission interval on interface Ethernet 5 to 50 milliseconds.
switch(config)#interface ethernet 5
switch(config-if-Et5)# isis lsp tx interval 50
switch(config-if-Et5)#
35.2.3.5 Set the IS-IS Priority
The isis priority command determines which device will be the Designated Intermediate System (DIS). The device with the highest priority on the LAN will become the DIS.
Example
These commands configure a device priority of 60 on interface Ethernet 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#isis priority 60
switch(config-if-Et5)#
35.2.3.6 Configure an Interface as Passive
The isis passive and passive (IS-IS) commands configure IS-IS interfaces as passive to interfaces where adjacencies are wanted. The interface does not send or receive IS-IS packets when configured as passive.
Examples
These commands configure Ethernet interface 10 as a passive interface.
switch(config)#interface ethernet 10
switch(config-if-Etl0)#isis passive
switch(config-if-Etl0)#
These commands configure Ethernet interface 10 as a passive interface in the router IS-IS mode.
switch(config)#router isis Osiris
switch(config-router-isis)#passive interface ethernet 10
switch(config-router-isis)#
35.2.3.7 Configure BFD support for IS-IS for IPv4
The isis bfd and bfd all-interfaces commands configure Bidirectional Forwarding Detection (BFD). BFD is supported for both IS-IS IPv4 and IPv6 routes.
Examples
These commands enable BFD (for the IPv4 address family) for all the interfaces on which IS-IS is enabled. By default, BFD is disabled on all interfaces.
switch(config)#router isis 1
switch(config-router-isis)#address-family ipv4
switch(config-router-af)#bfd all-interfaces
switch(config-router-af)#
These commands enable BFD on an IS-IS interface.
switch(config)#interface Ethernet 5/6
switch(config-if-Et5/6)#isis bfd
switch(config-if-Et5/6)#
 
35.2.4 Disabling IS-IS
An IS-IS instance can be shut down globally or can be disabled on individual interfaces.
The shutdown (IS-IS) command shuts down an IS-IS instance globally.
Example
These commands disable IS-IS globally without modifying the IS-IS configuration.
switch(config)#router isis Osiris
switch(config-router-isis)#shutdown
switch(config-router-isis)#
The no isis enable command disables IS-IS on an interface.
Example
These commands disable IS-IS on interface Ethernet 4.
switch(config-router-isis)#interface ethernet 4
switch(config-if-Eth4)#no isis enable
35.2.5 Verifying IS-IS
The following tasks verify the IS-IS peer and connection configuration:
35.2.5.1 Verify the Link State Database
To display the link state database of IS-IS, use the show isis database command.
Example
This command displays the IS-IS link state database.
switch>show isis database
 
ISIS Instance: Osiris
  ISIS Level 2 Link State Database
    LSPID                 Seq Num   Cksum  Life  IS Flags
    1212.1212.1212.00-00  4         714    1064  L2 <>
    1212.1212.1212.0a-00  1         57417  1064  L2 <>
    2222.2222.2222.00-00  6         15323  1116  L2 <>
    2727.2727.2727.00-00  10        15596  1050  L2 <>
    3030.3030.3030.00-00  12        62023  1104  L2 <>
    3030.3030.3030.c7-00  4         53510  1104  L2 <>
switch>
35.2.5.2 Verify the Interface Information for the IS-IS Instance
To display interface information related to the IS-IS instance, use the show isis interface command.
Example
This command displays IS-IS interface information.
switch>show isis interface
 
ISIS Instance: Osiris
  Interface Vlan20:
    Index: 59 SNPA: 0:1c:73:c:5:7f
    MTU: 1497 Type: broadcast
    Level 2:
      Metric: 10, Number of adjacencies: 2
      LAN-ID: 1212.1212.1212, Priority: 64
      DIS: 1212.1212.1212, DIS Priority: 64
  Interface Ethernet30:
    Index: 36 SNPA: 0:1c:73:c:5:7f
    MTU: 1497 Type: broadcast
    Level 2:
      Metric: 10, Number of adjacencies: 1
      LAN-ID: 3030.3030.3030, Priority: 64
      DIS: 3030.3030.3030, DIS Priority: 64
switch>
35.2.5.3 Verify the IS-IS Neighbor Information
To display general information for IS-IS neighbors that the device sees, use show isis neighbors.
Example
This command displays information for IS-IS neighbors that the device sees.
switch>show isis neighbor
 
Inst Id   System Id            Type Interface       SNPA              State Hold time
10        2222.2222.2222       L2   Vlan20          2:1:0:c:0:0       UP    30
10        1212.1212.1212       L2   Vlan20          2:1:0:d:0:0       UP    9
10        3030.3030.3030       L2   Ethernet30      2:1:0:b:0:0       UP    9
switch>
35.2.5.4 Verify IS-IS Instance Information
To display the system ID, Type, Interface, IP address, State and Hold information for IS-IS instances, use the show isis summary command. The command is also used to verify the configured maximum wait interval, initial wait interval, and hold time of SPF timers in IS-IS instances. This command also displays values of the current SPF interval, last level-1 SPF run, and last level-2 SPF run.
Example
This command displays general information about IS-IS instances.
switch>show isis summary
ISIS Instance: Osiris
  System ID: 1010.1040.1030, administratively enabled, attached
  Internal Preference: Level 1: 115, Level 2: 115
  External Preference: Level 1: 115, Level 2: 115
  IS-Type: Level 2, Number active interfaces: 1
  Routes IPv4 only
  Last Level 2 SPF run 2:32 minutes ago
  Area Addresses:
    10.0001
  level 2: number dis interfaces: 1, LSDB size: 1
switch>
This command displays the SPF interval information about IS-IS instances.
switch(config-router-isis-af)#show isis summary
 
IS-IS Instance: 1 VRF: default
System ID: 0000.0000.0001, administratively enabled
Multi Topology disabled, not attached
IPv4 Preference: Level 1: 115, Level 2: 115
IPv6 Preference: Level 1: 115, Level 2: 115
IS-Type: Level 1 and 2, Number active interfaces: 0
Routes both IPv4 and IPv6
                           Max wait(s) Initial wait(ms) Hold interval(ms)
LSP Generation Interval:     5              50               50
SPF Interval:                2            1000             1000
Current SPF hold interval(ms): Level 1: 1000, Level 2: 1000
Last Level 1 SPF run 1 seconds ago
Last Level 2 SPF run 1 seconds ago
Authentication mode: Level 1: None, Level 2: None
Graceful Restart: Disabled, Graceful Restart Helper: Enabled
Area Addresses:
   49.0001
level 1: number dis interfaces: 0, LSDB size: 1
level 2: number dis interfaces: 0, LSDB size: 1