Networking / Beginners

IS-IS for IPv6

The Intermediate System-to-Intermediate System (IS-IS) protocol is described in ISO Standard 10589. This link-state, OSI routing protocol was not originally developed for IP but rather to provide the routing functionality between the routers of Connectionless Network Protocol (CLNP)-based networks. With the addition of IPv4 support (RFC 1195), the protocol, sometimes referred to as Integrated IS-IS (I/IS-IS), was widely adopted as the IGP of choice for many ISP and large enterprise networks.

In many respects, IS-IS is similar to OSPF, but some terminology and implementation differences do exist. For example, packet encoding in IS-IS is Type Length Value (TLV) based and makes the protocol easily extensible. Nested TLVs also offer granularity in the protocol extensions.

The link state, link prefix/mask, link weight, and other local connectivity parameters are advertised in link state packets (LSPs). Unlike the OSPF LSAs that are exchanged at the IP level, the IS-IS LSPs are exchanged at layer 2. This makes IS-IS less vulnerable to spoofing or other attacks.

Note: Before deploying IS-IS in an IPv6 network using tunnels, it is important to make sure that the tunneling mechanisms used can forward the IS-IS LSPs.

Similar to OSPF, IS-IS also elects a DR, called a designated intermediate system (DIS). The DIS, however, does not select a BDR. Should the DIS fail, a new DIS election process is started. Notably, IS-IS does not have direct support for NBMA networks.

IS-IS implements a two-level routing hierarchy as well, an important feature for scalability. Despite that, most IS-IS deployments are rather flat. Unlike OSPF, where interfaces are bound to areas (thus enabling routers to belong to multiple areas), in IS-IS the routers belong to a single area. A router (called intermediate system, or IS) performing intra-area functions is a level 1 router. A router performing inter-area functions is a level 2 router.

IS-IS, like OSPF, supports authentication, it supports CIDR, and it transports MPLS traffic engineering link information. Both protocols are deployed in enterprise as well as ISP networks (with OSPF more common in enterprise networks, and IS-IS more common in large ISP networks).

Support for IPv6

The third network protocol supported by I/IS-IS is IPv6 (draft-ietf-isis-ipv6-02.txt). The implementation required a new protocol ID (0X8E) that was set to be used by the IPv6 routers to signal their capability to support ISISv6 and two new TLVs: IPv6_Reachability (0XEC) and IPv6_Interface_Address (0XE8). Extending IS-IS to support IPv6 is an exercise similar to extending it to support IPv4, unlike OSPF where a new protocol had to be developed. For this reason, IS-ISv6 is operationally similar to IS-ISv4. Few IPv6-specific differences exist. Neighbors are listed in the adjacency table with their link-local address. Because the link-local is used in the Hello packets, adjacencies can be built between neighbors even if they do not share the same prefix. From a user perspective, a new address family was added for IPv6. Most configuration commands available for IS-ISv4 are also available for IS-ISv6 with minimal format changes.

IS-IS uses a single topology and runs the same SPF calculation for all protocols supported. This mode of operation leads to certain deployment constraints.

Single Topology

By default, IS-IS runs with a single topology for all protocols supported and a single instance of the SPF calculation per level (1 = area, 2 = domain). This could be a benefit in that fewer resources are being used by the routers to operate it. On the other hand, the single topology mode comes with some restrictions:

  • All routers within an area (level 1 or level 2) must support the same set of address families on all interfaces. This ensures topology consistency. It also means that the single topology mode is not suitable in IPv4 networks where only some islands of IPv6 will be deployed.
  • The interface configured metric applies to both IPv4 and IPv6.

This need for capabilities consistency raises this question: What will happen when an IS-ISv4 network is migrated to the IS-ISv4+IS-ISv6 network? Because routers are configured with the additional IPv6 address family, the adjacencies will be dropped until the consistency is reestablished. To avoid impacting the operating IPv4 service, you can disable the adjacency checking.

Note: To avoid inconsistencies in the operational network, only disable adjacency checking during the migration process.

Multitopology

IS-IS was later enhanced to support independent topologies and SPF calculations for each protocol (draft-ietf-isis-wg-multi-topology.txt). In this case, various routers can support different sets of address families. To add multitopology support for IPv6, a new Multi_Topology_Reachable_IPv6_Prefixes TLV is defined. The multitopology operation can be enabled under the IPv6 address family. In this mode of operation, you can set the IPv6 metric independently of the IPv4 one.

To facilitate the migration from single topology to multitopology, you can enable a transition mode. In this case, both types of TLVs are advertised in LSPs. Larger LSPs are thus traded off for a smooth transition.

Configuration Example

The simplest way to configure a router to run IS-IS for IPv6 is to enable the protocol on an interface with an IPv6 address. No changes are needed to the configuration of the IS-IS process for IPv4, as illustrated in Example-11.

Example-11. IS-IS Configuration Example
router isis example-area
 net 49.0001.0000.0000.0001.00
!
interface FastEthernet0/1
 ip address 10.7.1.33 255.255.255.252
 ip router isis example-area
 ipv6 address 2001:FFFF:FFFF::2/64
 ipv6 enable
 ipv6 router isis example-area

Note: You must configure IPv6 on the interface for the IS-ISv6 process to start.

In this example, IS-IS is operating in single-topology mode. The show ipv6 protocol command indicates that IS-IS is running on the interface (highlighted below). The adjacencies built with other routers show both IP protocol addresses, as highlighted in Example-12.

Example-12. ISIS Neighbor Status
Router1#show clns is-neighbors detail
System Id   Interface  State  Type Priority  Circuit Id  Format
Router2     Fa0/1      Up     L1L2 64/64     Router2.01  Phase V
  Area Address(es): 49.0001
  IP Address(es):  10.7.1.34*
  IPv6 Address(es): FE80::2B0:4AFF:FE5C:ACA9
  Uptime: 00:01:25
  NSF capable

The IPv6 adjacency is identified through the link-local address, so the global prefix configured on the interface is not relevant for it. A look at the database reveals the capabilities of the neighbors. The following output obtained from the show isis command illustrates the level 1 circuit of the Router2 neighbor.

Example-13. IS-IS Database
Router1#show isis database verbose level-1
...
IS-IS Level-1 Link State Database:
LSPID             LSP Seq Num  LSP Checksum  LSP Holdtime   ATT/P/OL
Router2.00-00     0x0000000B   0xAB35        1020           0/0/0
  Area Address: 49.0001
  NLPID:        0xCC 0x8E
  Hostname: Router2
  IP Address:   10.7.1.34
  Metric: 10         IP 10.7.1.32 255.255.255.252
  IPv6 Address: 2001:FFFF:FFFF::1
  Metric: 10         IPv6 2001:FFFF:FFFF::/64
  Metric: 10         IS Router2.01

The protocol ID number 8E indicates the support for IPv6. Because in this case IS-IS runs a single topology, no distinction is made in the output between IPv4 and IPv6. By the same token, there is no output for show isis ipv6 topology.

Further protocol customization can be done similar to IPv4, from enabling authentication and summarization to adjusting metrics. The important thing to remember is that in the single-topology mode, you cannot configure the changes on a per-protocol basis.

If the network design requires the two IP protocols to operate independently at the cost of more router resources used by the two instances of the protocol, you can migrate IS-IS to a multitopology mode. In this case, you specifically configure the IPv6 address family under the IS-IS process, as shown in the configuration excerpt in Example-14.

Example-14. Migrating IS-IS to Multitopology Mode
router isis example-area
 net 49.0001.0000.0000.0001.00
 metric-style wide transition
 !
 address-family ipv6
 multi-topology transition

The transition option is elected to allow routers in different modes to coexist during the migration. You should remote this option when the migration is completed.

With the change to the new operation mode, the outputs of the show commands reflect the existence of two distinct topologies for the two IP protocols.

Example-15. Multitopology IS-IS Neighbor Details
Router1#show clns is-neighbors detail
System Id   Interface  State  Type Priority   Circuit Id    Format
Router2     Fa0/1      Up     L1L2 64/64      Router2.01  Phase V
  Area Address(es): 49.0001
  IP Address(es):  10.7.1.34*
  IPv6 Address(es): FE80::2B0:4AFF:FE5C:ACA9
  Uptime: 00:00:14
  NSF capable
  Topology: IPv4, IPv6

You can now view the IPv6-specific topology.

Example-16. Multitopology IS-IS Topology
Router1#show isis ipv6 topology level-1
IS-IS IPv6 paths to level-1 routers
System Id     Metric    Next-Hop    Interface   SNPA
Router2       10        Router2     Fa0/1       00b0.4a5c.aca9

The database information also reflects the multitopology mode of operation.

Example-17. Mutiltopology IS-IS Database
Router1#show isis database verbose level-1
IS-IS Level-1 Link State Database:
LSPID          LSP Seq Num  LSP Checksum  LSP Holdtime  ATT/P/OL
Router2.00-00  0x00000014   0x8B3E        1086          0/0/0
  Area Address: 49.0001
  Topology:     IPv4 (0x0) IPv6 (0x2)
  NLPID:        0xCC 0x8E
  Hostname: Router2
  IP Address:   10.7.1.34
  Metric: 10         IP 10.7.1.32/30
  IPv6 Address: 2001:FFFF:FFFF::1
  Metric: 10         IPv6 (MT-IPv6) 2001:FFFF:FFFF::/64
  Metric: 10         IS (MT-IPv6) Router2.01

Again, the configuration can be detailed further as it is done in IPv4. In this mode, however, you can tweak the IS-IS operation independently for each protocol with commands such as isis ipv6 metric that adjust the metric on an interface only for IPv6.

[Previous] [Contents] [Next]