Friday, 5 December 2014

IS-IS Routing Protocol - Part 2

IS-IS Operation over Different Network Types

IS-IS natively supports only broadcast and point-to-point network types. IS-IS has no special provisions to correctly operate over partially meshed data link layer technologies such as hub-and-spoke Frame Relay. Recommended practice dictates that you configure such networks using point-to-point subinterfaces and run IS-IS over these point-to-point links.  It is noteworthy to mention that what IS-IS calls broadcast links should much better be
called multiaccess links.

In IS-IS, there are only three possible adjacency states:
  -Down: The initial state. No IIHs have been received from the neighbor.
  -Initializing: IIHs have been received from the neighbor, but it is not certain that the neighbor is properly receiving this router’s IIHs.
  -Up: IIHs have been received from the neighbor, and it is certain that the neighbor is properly receiving this router’s IIHs.

IS-IS Operation over Point-to-Point Links  


In OSI addressing, each router assigns a locally significant single octet number to each interface, and this number is called the Local Circuit ID.
The three-way-handshake method is based on each router on a point-to-point link advertising an adjacency state TLV in its IIH packets that contains the following fields:
  -Adjacency Three Way State: This is the state of adjacency as seen by the sending router.
  -Extended Local Circuit ID: This is the ID of the sending router’s interface.
  -Neighbor System ID: This value is set to the ID of the neighboring router whose IIHs have been successfully received.
  -Neighbor Extended Local Circuit ID: This value is set to the Extended Local Circuit ID field value from the neighbor’s IIH packets.  

The logic of the three-way handshake (Early Cisco Implementation)
  1. If Router A receives an IIH from Router B with the Adjacency Three Way State set to Down, it is clear that Router A can hear Router B. It is not certain, though, whether Router B can hear Router A. Router A will start sending its IIH with the Adjacency Three Way State set to Initializing to tell Router B it can hear it.
  2. When Router B receives an IIH from Router A with the Adjacency Three Way State set to Initializing, it knows that these IIHs are effectively sent in response to its own IIH, and that Router A is in fact telling Router B it can hear it. Router B is now certain that bidirectional communication is possible. Therefore, it starts sending its IIH with the Adjacency Three Way State set to Up.
  3. When Router A receives an IIH from Router B with the Adjacency Three Way State set to Up, it knows Router B can hear it. Router A is now also certain that bidirectional communication is possible and starts sending its IIH with the Adjacency Three Way State set to Up, concluding the three-way handshake.  

(IETF Implementation) The adjacency state TLV was augmented with the Extended Local Circuit ID, neighbor System ID, and Neighbor Extended Local Circuit ID fields to carry additional information about the neighbor’s identity and interface.
With these fields in place, an IIH that carries a three-way adjacency state TLV is accepted only if one of the following conditions is met:
  -The Neighbor System ID and Neighbor Extended Local Circuit ID are not present (typical at the beginning of the adjacency buildup, or the neighbor implements only the early version of the three-way handshake).
  -The Neighbor System ID matches the receiving router’s System ID and the Neighbor Extended Local Circuit ID matches the receiving interface’s ID.
If these conditions are not met, the incoming IIH is silently dropped. Hence, these rules form an IIH acceptance check.
Therefore, the three-way handshake logic as described in the three previous steps changes simply by replacing all occurrences of “ receives IIH ” with “ receives and accepts IIH .”

After the adjacency is declared as Up, routers will attempt to synchronize their link-state databases. Both routers will mark all their LSPs for flooding over the point-to-point link; plus they send CSNP(Complete Sequence Number Packet) packets to each other. If a router learns from the received CSNP that its neighbor already has an LSP that is scheduled to be sent, the router will  unmark  the LSP, removing it from the set of LSPs to be flooded. This way, only the LSPs missing from the neighbor’s database will be sent to it. In addition, if a router learns from the received CSNP that the neighbor has LSPs that are newer or unknown, it will request them using a PSNP packet. Note that neither of these is necessary, as both routers nonetheless initially set up all their LSPs to be flooded across the link, without the aid of CSNP or PSNP packets. The  initial  sending of CSNPs to compare the link-state databases and PSNPs  to request missing or updated entries increases the resiliency of the synchronization process but is not strictly necessary.  Importantly, though, every LSP sent over a point-to-point link, whether during the initial database synchronization or anytime later when it is updated or purged, must be acknowledged, and this is done using PSNP or CSNP packets.

IS-IS Operation over Broadcast Links  


Detecting neighbors is again performed by IIH packets. In a fashion similar to OSPF, an IS-IS router lists the MAC addresses (or better said, SNPAs) of all neighboring routers it hears on a broadcast interface in its IIH packet sent through that interface. If a router receives an IIH from a neighbor and finds its own SNPA indicated in the IIH, it knows that the routers can see each other, and can move the adjacency to the Up state. If not, the adjacency is kept in the Initializing state. OSPF performs a similar operation, but it lists Router IDs of heard routers in its Hello packets.
IS-IS also elects one Designated IS for each broadcast network but it has no concept of a backup DIS. A DIS is elected based on these criteria:   
  -The router with the highest interface priority.  
  -In case of a tie, the router with the highest SNPA.   
  -In case the SNPAs are not comparable, the router with the highest System ID. This rule is used on Frame Relay and ATM physical interfaces and multipoint subinterfaces, which are treated as broadcast interfaces by IS-IS.
The interface priority is configurable using a perinterface isis priority priority [level] command. DIS elections in IS-IS are preemptive: Whenever a router is connected that has a higher priority than the current DIS, the same priority and higher SNPA, it will take over the DIS role.
In IS-IS, all routers on a common broadcast segment become fully adjacent, regardless of which is the DIS. This is different from OSPF. In IS-IS, 
every router can send  an LSP on the broadcast link and all others are allowed to accept it.A DIS is responsible for two important operations: 1) Helping routers on a broadcast segment to synchronize; 2) Representing the broadcast segment in the link-state database as a standalone object—the Pseudonode. 

Synchronization of IS-IS routers on a broadcast network is surprisingly simple. The DIS creates and sends a CSNP packet in regular intervals (10 seconds by default) on the segment. This CSNP packet lists all LSPs present in the DIS’s link-state database. Other routers on the segment receive this CSNP and compare it to the index of their own link-state database.
The DIS is not a relay of LSPs; rather, it is a reference point of comparison. If a router misses an LSP known by the DIS, or if the LSP is older than the one known by the DIS, the router will request the newer LSP through PSNP and the DIS will flood it. If the PSNP or the LSP gets lost during transmission, the process will simply repeat itself. Conversely, if a router knows about a newer LSP than the one known by the DIS, or if the DIS seems to miss it  completely, the router will simply flood the LSP onto the network. No explicit acknowledgment by the DIS is sent. If the LSP has arrived, the DIS will advertise it in its next periodic CSNP, and this CSNP serves as an implicit acknowledgment.. PSNPs are used on broadcast networks only to request LSPs, not to acknowledge them.  Another responsibility of the DIS is to represent the broadcast network in the link-state database so that the topological model of the network is simpler.

With a pseudonode, the broadcast network itself is represented as a node—more specifically, a pseudo node—in the topology. To exist as a pseudonode in a link-state database, a broadcast network must have its own LSP. It is the responsibility of the DIS to originate and flood the Pseudonode LSP on behalf of the broadcast network. Recall that each LSP is identified by a triplet of System 
ID, Pseudonode ID, and LSP Fragment Number. ID. In case of router LSPs, the System ID carries the ID of the router and the Pseudonode ID is set to 0. In case of network LSPs (that is, Pseudonode LSPs), the System ID is the ID of the DIS, and the Pseudonode ID is set to the Local Circuit ID of the DIS’s interface in the network. 
The show isis hostname  is used to check the mapping of hostnames to System IDs. To verify IS-IS neighbor adjacencies, show isis neighbors is useful. show isis neighbors detail would also show information about each router's SNPA and configured priority. The show isis database lists Pseudonode LSP that is recognizable by its Pseudonode ID being non-zero. To see the contents of LSPs, show isis database detail can be used. 

The router acting as a DIS shortens its own Hello and Hold time to just one-third of the configured values. This is done to allow other routers to detect its failure more rapidly. If a DIS fails, another router will be elected in its place, but because there is no additional adjacency buildup necessary (all routers on the segment are already fully adjacent), a DIS switchover is merely related to replacing the old Pseudonode LSP originated by the previous DIS with a new LSP from the newly elected DIS and remaining routers updating their LSPs to point toward the new Pseudonode LSP.

Areas in IS-IS


Because only a single NSAP address is assigned to a node, and the NSAP address contains the domain and area identifier, the entire node with all its interfaces belongs only to a single area. Because routers are also usually assigned a single NSAP address, they also belong to a single area only. It is in fact possible to configure up to three different NSAP addresses on an IS-IS router in a single IS-IS instance, provided that the System ID in all NSAP addresses is identical and the NSAP addresses differ only in their Area ID.
Multiple NSAP addresses on an IS-IS instance are nonetheless used only during network changes, and in stable operation, there should be only a single NSAP address configured per IS-IS process. IS-IS uses the entire high-order part of the NSAP address up to the start of System ID as the area identifier. Nodes in a single area must obviously be addressed using the same NSAP format, the same initial domain identifier, and the same internal area number(high-order domain specific part). Any difference in these octets would signify that the addressing format is different (and hence incomparable to any other), or the domain(that is, the autonomous system) is different, or the internal area numbering differs.

L1 routing is a process of intra-area routing. If OSI protocols such as CLNP were in use, routers would collect NSAP addresses of their directly attached end hosts and advertise them in their routing updates simply as other adjacencies. With IP protocols, each L1 router advertises its directly connected IP networks in its L1 LSP. A very important fact is that two interconnected neighboring L1 routers configured with different areas will never establish an adjacency.

L2 routing is a process of inter-area routing, that is, delivering packets between stations located in different areas. If OSI protocols were in use, routers would not collect nor advertise end host NSAP addresses. Instead, routers would only advertise their area IDs in their L2 LSPs. L2 routers therefore form a backbone of a multiarea domain, and for this backbone to operate correctly, it must be contiguous and  pervade all areas within the domain. Sometimes, the backbone as the set of L2 routers is also called an L2 subdomain. With IP protocols, IP addresses do not carry embedded area information like NSAP addresses. Each L2 router advertises its  directly connected IP networks  to achieve contiguous IP connectivity in the backbone,  plus all other L1 routes from its own area with appropriate metrics , to advertise IP networks present in particular areas. Thus, while LSPs are never leaked between L1 and L2 link-state databases, on L2 routers, IP  routing information computed from the router’s L1 link-state database is injected into its L2 LSP.  No IP networks are injected from L2 into L1 unless specifically configured.

L1 routers in an area have no L2 link-state database and therefore have no information about other areas that is carried by L2 routers. From this viewpoint, L1 routers in an area have a visibility identical to routers in an OSPF Totally Stubby Area—they see their own area but nothing more. Yet, a L1 router can still perform redistribution from external sources, and these redistributed networks will be visible both in that area and uptaken by L2 routers into the backbone. Therefore, L1 routers in an area behave more as if they were in an OSPF Not So Stubby-Totally Stubby (NSSA-TS) area.

L2 routers disrespect area boundaries when it comes to creating adjacencies and flooding link-state database contents. They create adjacencies with other L2 routers regardless of the area ID, and share all information present in their L2 link-state databases. Therefore, the entire L2 subdomain across all areas in the entire domain can be likened to a single OSPF backbone area.

IS-IS on Cisco routers defaults to L1L2 operation. Note the default administrative distance of 115 for all IS-IS-learned routes.


In show isis database  output, where three flags, ATT, P, and OL, are called ATTached, Partition repair, and Overload flags. The ATT flag is especially relevant to inter-area routing. When an L1L2 router performs its L2 SPF calculation and determines that it can reach other areas besides its own (note that LSPs also carry the area ID of their originating routers), it sets the ATT flag in its L1 LSP. L1-only routers in the area can use any router whose ATT bit is set in its L1 LSP to reach other areas. Because no IP addressing information flows down from L2 into L1, L1-only routers have no knowledge about prefixes in other areas. They automatically install a default route toward their nearest L1L2 router whose ATT bit is set into their routing table. The Partition repair bit indicates whether the router is capable of an optional feature that allows healing a partitioned area over the L2 subdomain—functionality similar to an OSPF virtual link. The Partition repair function was never widely implemented, and Cisco routers do not support it; hence they always set the P bit to 0.

Finally, the Overload bit was originally intended to signal that the router is, for whatever reason, unable to store all LSPs in its memory, and that its link-state database is overloaded. Therefore, if a router’s LSP has the O bit set, the SPF computation on other routers will ignore this router when computing shortest paths to other routers and their networks. However, the SPF will still take the directly attached  networks of this router into account because these continue to be reachable.

The O bit can also be used when a router needs to be taken out of service for maintenance without causing major disruption to the network. Instead of simply shutting the router down, setting the O bit first will make other routers immediately recalculate their routing tables, computing alternate paths (if such paths exist) that do not traverse this router. The network converges on alternate paths much sooner than it would take if the  router was simply taken offline and other routers needed to wait for its Hold timer to expire. Also, the O bit is very useful if a new router is to be attached to a network. Yet another important application of the O bit is to allow the router to settle its adjacencies  after reboot and wait for some time to stabilize while already running IS-IS and populating its routing table, before becoming a transit router. This feature is especially important with BGP that can converge significantly slower than IS-IS.

To see the contents of L2 database, the show isis database l2 detail command is used. Each the L2 LSP of each router contains both its directly connected networks along with all L1 networks in that router's area.
Identical L2 link-state database contents would be displayed on any L2-enabled router in this network. Looking at any L2 LSP in isolation, you do not even know which prefix is directly connected to the router and which one is an L1 prefix “uptaken” into L2—they are both advertised in the same manner.

Regarding redistribution, external networks are  by default injected into L2 but can be configured to be injected into L1 or both L1 and L2 on a router. If an external route is redistributed to L1, all other routers in the same area will see the route as an L1 IS-IS route. When “uptaking” L1 routes into L2 on backbone routers, they do not discriminate between internal L1 networks and external networks in the area that have been redistributed as L1 routes. Multiple areas in a domain are nowadays created primarily for the purpose of address summarization. In IS-IS, area summarization should be configured on each L1L2 router in the area using summary-address command inside the router isis section,

Authentication in IS-IS


IIH packets are authenticated independently of LSP, CSNP, and PSNP packets. In particular with LSPs, for L1 LSPs, all routers within the area must use the same  area password —the  level-1 authentication password , while for L2 LSPs, all  L2-enabled routers within the L2 subdomain must use the same  domain password —the  level-2 authentication password , to authenticate LSPs. If a single area or domain password was used to authenticate all packets, however, all routers in the area or in the backbone would be using the same password, which can be considered a security drawback. Therefore, to authenticate adjacencies themselves, IS-IS allows you to separately authenticate IIH packets.

Authentication in IS-IS can be activated independently for IIH and independently for non-IIH (LSP, CSNP, PSNP) packets. IIH authentication is configured on interfaces and applies only to IIH packets exchanged with directly connected neighbors. Therefore, different interfaces of a router can use different IIH passwords. The same type of authentication and the same password must be configured on all routers in an area if L1 non-IIH authentication is used, or on all L2 routers in the domain if L2 non-IIH authentication is used.

If IIH packets fail authentication, the routers will be completely prevented from communicating in IS-IS even if the non-IIH packets themselves passed the authentication or did not require the authentication. If IIH packets pass the authentication but the non-IIH packets fail it, the routers will be in the Up adjacency state but they will not be able to synchronize their link-state databases.

IPv6 Support in IS-IS  


IS-IS is a true multiprotocol routing protocol in the sense that it does not require any particular Layer 3 protocol to carry its packets, and in a single instance, it can carry information about destinations described by different address families. It is not necessary to start an additional IS-IS process to carry IPv6 routes along with IPv4. Instead, the existing IS-IS process is simply instructed to advertise IPv6 routes along with other information it is already advertising.


Configuring IS-IS    

Interfaces are added to IS-IS directly by configuring them with the ip router isis command. IS-IS has no network command. There is no network command in IS-IS.

If the network from the interface shall be advertised but the interface should remain passive, simply referring to it by the passive-interface  command is signal enough to IS-IS to know that the interface’s network should be advertised even though the interface itself should disallow creating any adjacencies over it. And finally, if the interface is intended to operate as an active interface, it shall be configured with the ip router isis  command.

If a router is configured for L1L2 operation, it will by default try to establish both L1 and L2 adjacencies over all active IS-IS interfaces. If it is known that an interface should be used to establish only L1 or only L2 adjacencies, it is possible to limit its operation only to the selected  level. That will prevent the router from sending and processing packets of a different routing level over that interface.

The per-interface isis authentication and per-process authentication commands support optional level-1 and  level-2 keywords to specify the desired level for which the authentication should be activated. If not specified, both levels are authenticated.

Note that unlike other IGP protocols, IS-IS does not use a separate process configuration section for its IPv6 operation. The  router isis  section is universal for all address families supported by IS-IS.

The show clns command shows a brief but useful information about this router's NET and mode of Integrated IS-IS operation

Thursday, 4 December 2014

IS-IS Routing Protocol - Part 1

IS-IS is a link-state routing protocol. IS-IS does not run over any network layer protocol; instead, it encapsulates its messages directly into data-link frames. Adjacency and addressing information in IS-IS messages is encoded as Type-Length-Value (TLV) records, thereby providing excellent flexibility and extendability.

OSI Network Layer and Addressing 


The term  End System (ES) is used for a host, and the term  Intermediate System (IS) is used for a router. An end-to-end communication between two End Systems(hosts) in a Domain (autonomous system) involves zero or more Intermediate Systems (routers) interconnected by Circuits(interfaces).

Two basic services: connection-less-mode and connection-mode network layer communication. The connectionless mode of operation is identical to the way that IP operates, as a pure datagram service without any prior session establishments. In OSI networks, the Layer 3 network protocol that provides a connectionless communication between ES entities is called ConnectionLess-mode Network Protocol(CLNP). The CLNP protocol is to OSI networks what IPv4/IPv6  are to TCP/IP networks. The set of services provided by CLNP is called ConnectionLess Network Services, or simply CLNS. For connection-oriented mode in OSI networks, an adaptation of the X.25 protocol is used. There is no analogous connection-oriented network layer protocol in TCP/IP networks.

The addressing used in OSI networks, both in connectionless and connection-oriented mode, is called NSAP addressing , with the acronym standing for Network Service Access Point representing an address of a particular network service on a particular network node in the network.

NSAP addressing bears many differences to addressing in TCP/IP networks. An NSAP address is assigned to the  entire network node , not to its individual interfaces. A single node requires only one NSAP address in a common setup, regardless of how many network interfaces it uses. As a result, NSAP addressing does not have the notion of per-interface subnets similar to IP subnets.


An NSAP address consists of two parts: The Initial Domain Part(IDP) and the Domain Specific Part(DSP). The internal format and length of these two parts are variable to a large extent and depend on the actual application in which the NSAP addressing is used.  The IDP itself consists of two fields: the Authority and Format Identifier (AFI) and the Initial Domain Identifier (IDI). The AFI value  indicates the format of the remaining address fields.The IDI field has a variable length depending on the address format indicated by AFI and might even be omitted. Together, the AFI and IDI indicate the routing domain (the autonomous system) in which the node is located.  

The DSP consists of a variable-length High-Order Domain Specific Part (HO-DSP) that identifies the part (or an  area) of the domain in which the node is located. The System ID is the unique identifier of the node itself. SEL field, also called an NSAP  Selector or NSEL, is a 1-octet-long field that identifies the particular service in or above the network layer on the destination node that should process the datagram. A rough analogy in the IP world would be the particular protocol above IP, or the transport port. 

In typical IS-IS deployments, the addressing uses the AFI of 49 in which the length and meaning of the HO-DSP field are entirely up to the administrator. If the value of the SEL octet is 0, no particular service is being addressed, and the entire NSAP address simply identifies the destination node itself without referring to any particular service on that node. An NSAP address in which  the SEL octet is set to 0 is called a Network Entity Title (NET), and this is the address that is configured on the node. Configuration of NETs will be a mandatory part of IS-IS configuration. To summarize, NSAP addresses can be thought to contain, in a single instance, information about the destination’s autonomous system, area, unique identifier, and even the requested upper-layer service. 

The written format of NSAP addresses uses hexadecimal digits separated into groups of one or more octets by a dot. 
For example, in 49.0001.1234.5678.3333.00, the AFI is 49, signifying a local address; the 0001 is the area number; the 1234.5678.3333 is the System ID of the node; and the trailing 00 is the SEL value, making this NSAP address also a NET. An NSAP address is often easier to read from right to left. In the NSAP address
49.0001.1234.5678.3333.00, the rightmost octet is the SEL value(00), the following six octets are the System ID (1234.5678.3333), followed by other HO-DSP octets(0001), IDI(not present in this NSAP) and ending with the leftmost octet, the AFI(49).  

As there is no concept of a subnet, routing between the two networks is accomplished by each IS assembling a list of all attached ES nodes and advertising it to its neighbors.  

Individual interfaces are not assigned their own addresses at the network layer. However, their Layer 2 addresses are used in the same way as TCP/IP networks use them. In OSI networks, a Layer 2 address of an interface is called a Sub Network Point of Attachment(SNPA). For purposes of distinguishing between interfaces of the same node, an IS enumerates its interfaces by a locally significant 1-octet number called the Local Circuit ID, which increments by 1 with every interface added to the IS-IS instance beginning with 0 on Cisco routers.   

Levels of Routing in OSI Networks 

Four levels of routing
  -Level 0 routing:  Routing between two ES nodes on the same link, or between an ES node and its nearest IS   
  -Level 1 routing:  Routing between ES nodes in a single area of a domain   
  -Level 2 routing:  Routing between ES nodes in different areas of a domain   
  -Level 3 routing:  Routing between ES nodes in different domains    
Level 0 routing is concerned with the way that an ES (end node) discovers its nearest IS(gateway), and conversely, how an IS knows which ES nodes are connected to it. This is accomplished by both ES and IS sending a periodic Hello message advertising their existence. Hellos sent by ES nodes are called ES Hello(ESH), while Hellos sent by IS nodes are called IS Hello(ISH). Level 0 routing is also referred to as ES-IS routing.

Level 1 routing is concerned with intra-area routing, that is, routing between ES nodes that are members of the same area. IS nodes in an area will have a detailed and complete visibility of the entire area’s topology. On Level 1, IS nodes collect lists of all ES nodes directly attached to them, and advertise these lists to each other to learn the placement of all ES nodes. Level 2 routing is concerned with inter-area routing within the same domain, that is, routing between ES nodes that reside in different areas of the same domain. On Level 2, IS nodes exchange area prefixes to learn how to reach particular areas. Hence, Level 1 routing can be described as routing by System ID, while Level 2 routing can be described as routing by area prefix. Level 2 routing constitutes the backbone of a domain, providing communication between individual areas of the domain. Level 3 routing is concerned with interdomain routing. In a TCP/IP world, this is a fairly direct analogy of inter-autonomous system routing provided by BGP.

IS-IS Metrics, Levels, and Adjacencies  


IS-IS metrics are assigned to individual interfaces (links). Four types of metrics:   
  -Default: Required to be supported by all IS-IS implementations; usually relates to the bandwidth of the link(higher value represents a slower link)   
  -Delay: Relates to the transit delay on the link   
  -Expense: Relates to the monetary cost of carrying data through the link   
  -Error: Relates to the residual bit error rate of the link    
Most IS-IS implementations today support only the default metric. Cisco IS-IS implementation assigns all interfaces the default metric of 10, regardless of their bandwidth. 
The original IS-IS specification and RFC 1195 define any single interface (link) and attached network metric to be 6 bits wide, resulting in the range of 1–63, and the complete path metric as 10 bits wide in the range of 1–1023. Today’s requirements, however, call for a much wider range of metrics. Wide metrics  were introduced, allowing for a 24-bit width for the interface metric and a 32-bit width for the entire path metric. It is ecommended to use wide metrics whenever available and supported; however, all routers in an area must use the same type of metrics.

IS-IS routers operate on each routing level independently. For each routing level, be it Level 1 or Level 2, an IS-IS router establishes separate adjacencies with its neighbors running on the same level, and maintains a separate link-state database. Two neighboring routers configured for both Level  1 and Level 2 routing will create two independent adjacencies, one for each level.


For each enabled level, a router originates and floods a Link State PDU(LSP). An LSP is similar to an OSPF Link State Update packet with one or more Link State Advertisements. IS-IS routers use Level 1 and Level 2 LSPs to describe their adjacencies on that particular level. Contents of a Level 1 link-state database are exchanged only over Level 1 adjacencies, and Level 2 link-state database contents are exchanged over Level 2 adjacencies only. 

IS-IS Packet Types  


Four types - Hello packet, Link State PDU, Complete Sequence Numbers PDU, Partial Sequence Numbers PDU.

Hello packets, also denoted as IIH (IS-IS Hello), are used to perform the usual task of detecting neighboring routers (and also their loss), verifying bidirectional visibility, establishing and maintaining adjacencies, and electing a Designated IS(DIS—similar to a Designated Router in OSPF). 10 seconds by default. The Hold time is 3 times hello time(30 sec by default). As opposed to OSPF, timers do not need to match on neighboring routers. On a DIS, the individual timers are  always  one-third of the configured timers (with default settings)—a DIS sends Hellos every 10/3=3.333 seconds, and the Hold interval is 30/3=10 seconds. This is done to detect a DIS or its outage more readily. There are three types of Hello: Level 1 Hello, Level 2 Hello (both used on broadcast networks), and L1L2 Hello (used on point-to-point interfaces).

Link State PDUs  

A Link State Protocol Data Unit (LSP) is used to advertise the routing information. An LSP is vaguely similar to an OSPF Link State Update packet containing one or more Link State Advertisements. There are, however, notable differences between OSPF LSU/LSA and IS-IS LSP. In OSPF, the smallest standalone element of the link-state database is an LSA (note that LSA is not a packet itself). In IS-IS, the smallest standalone element of the link-state database is an entire LSP. There are no different types of LSPs to describe different network objects; instead, these are described by distinct Type-Length-Value(TLV) records inside an LSP’s variably sized payload.
Similar to OSPF LSAs that are uniquely identified by their type and Link-State ID, IS-IS LSPs are also uniquely identified by a number that consists of three parts:  
  -System ID  of the router that originated this LSP (6 octets; taken from the router’s NET address)   
  -Pseudonode ID  that differentiates between the LSP describing the router itself and the LSPs for multiaccess networks in which the router is a Designated IS (1 octet) 
  -LSP Number  denoting the fragment number of this LSP (1 octet). The LSP Number is also called simply the Fragment Number or Fragment for short.  
We will denote this triplet of System ID + Pseudonode ID + LSP Number as LSPID. For LSPs that describe routers themselves, the Pseudonode ID is always set to 0. Separate LSPs are originated for Level 1 and for Level 2, depending on what levels the router operates at. To distinguish between various versions of the same LSP, each LSP has a sequence number—a 32-bit unsigned integer starting at 0x00000001 and ending at 0xFFFFFFFF. Each modification to an LSP is accompanied by incrementing its sequence number.

Each LSP has a Remaining Lifetime value associated with it. When originated, the Remaining Lifetime is set to 1200 seconds (20 minutes), and is decreased. IS-IS routers refresh their self-originated LSPs every 15 minutes. If the LSP’s Remaining Lifetime decreases to 0, the router will delete the LSP’s body from the link-state database, keep only its header, and advertise the empty LSP with the Remaining Lifetime set to 0. Flooding an empty LSP with the Remaining Lifetime set to 0 is called an  LSP purge . The expired LSP can be purged from the link-state database after an additional time called ZeroAgeLifetime set to 60 seconds. This is done to ensure that the LSP’s header is retained until the purged LSP has been safely propagated to all neighbors. 

Because IS-IS messages are encapsulated directly into Layer 2 frames whose maximum payload size—the Maximum Transmission Unit (MTU)—is limited, IS-IS must implement its own fragmentation functions for LSPs whose size exceeds the MTU. Each LSP consists of a fixed-size header and a variable-size body that contains one or more TLV records that carry the actual addressing and topological information. If putting all TLV records into a single LSP would cause it to exceed the MTU, the router will simply create multiple LSPs.  These LSPs are identified with the same System and Pseudonode ID, and with an increasing LSP Number as the fragment number, starting from 0. An important fact is that this fragmentation is performed only by the router that originates the LSP. After the LSP is flooded, it must not be modified by any other router, and also not be defragmented and/or refragmented. A consequence of this rule is that across the entire flooding scope of the LSP (an area for a Level 1 LSP, or all Level 2 routers and their interconnections for a Level 2 LSP), the MTU on interfaces must be identical. If this requirement cannot be met, IS-IS routers must be manually configured to keep each LSP not bigger than the smallest MTU.  

The show isis hostname on R1 displays the numerical System ID and the related hostname of the router with that ID. The show isis database shows the contents of the link-state database. 

In IS-IS, a router on a particular routing level generates only a single (although possibly fragmented) LSP containing all relevant information related to that router in one place:  
  -Adjacencies to neighboring routers or networks (similar to type 1 LSAs)   
  -Intra-area and inter-area prefixes(similar to prefix information collected from type 1, 2, and 3 LSAs)   
  -External prefixes(similar to type 5/7 LSAs)    

Type 2 LSA in OSPF carries two vital pieces of information: the address and netmask of a multiaccess network (address information) and a list of connected routers to this network(topological information). In IS-IS, the address information about all networks, both point-to-point and multiaccess, is contained in the LSP of each router connected to that network. The topological information about the network itself and the list of connected routers are contained in a so-called Pseudonode LSP generated by the DIS on the multiaccess network. 

An LSP has a unique identifier as a whole, and can only be flooded, requested, acknowledged, refreshed, aged, and flushed as a whole. Therefore, with any topological or addressing change, affected routers regenerate their entire LSPs and flood them. each IS-IS router originates only a single LSP (plus Pseudonode  LSPs if it is a DIS), and has therefore only a single or a few self-originated LSPs to age and refresh. 

Another difference between LSUs/LSAs and LSPs concerns their internal format with particular regard to extensibility. IS-IS encodes all topological and addressing information in Type-Length-Value records. While slightly less efficient in terms of memory and processing, this approach allows extensibility from day zero: A router will process those TLV  records it recognizes and ignore the records it does not support.

Note: LSP packets are used to carry topological and addressing information in IS-IS. An LSP describes its originator, its adjacencies to neighboring network objects, and related addressing. Each LSP is uniquely identified by the SystemID.PseudonodeID-LSPNumber. Each LSP has a sequence number, starting at 0x00000001 and ending at 0xFFFFFFFF. The lifespan of an LSP is limited by its Remaining Lifetime timer set to 1200 seconds and decreasing. After this timer expires, a router is required to wait at least another ZeroAgeLifetime (60 seconds) before flushing the LSP. LSPs are refreshed by default every 900 seconds. Separate LSPs are originated for Level 1 and Level 2.


Complete and Partial Sequence Numbers PDUs 

Complete Sequence Numbers PDU (CSNP) and Partial Sequence Numbers PDU(PSNP) packets are used to synchronize link-state databases. CSNP packets are very similar in their function to OSPF Database Description Packets. The purpose of CSNP packets is to advertise a complete list of LSPs in the sender’s link-state database. Receivers of CSNP packets can compare their link-state database contents to the list of LSPs in the CSNP and perform appropriate action. Note that CSNPs list only LSPIDs, but they do not contain LSP bodies.

On point-to-point links, CSNP packets are exchanged usually only during initial adjacency buildup; on broadcast networks, CSNP packets are originated periodically by the DIS. PSNP packets are functionally similar to OSPF Link State Request and Link State Acknowledgment packets. Using PSNP, a router can either request a particular LSP or acknowledge its arrival. A single PSNP can request or acknowledge multiple LSPs.