1

IS-IS

Link-state routingIntermediate system to Intermediate System

Olof Hagsand KTH CSC

DD2490 p4 2010

2

Literature

•Read:CISCO: Introduction to Intermediate System-to-Intermediate System System Protocol

• link from home page -> literature

•Reference onlyOriginal standard: ISO DP 10589

• Rewritten in RFC 1142

IETF RFC 1195: How to use IS-IS for IPv4IETF RFC 1069: How to encode IP addresses in ISISIETF work-group: IS-IS for IP Internets (isis)

• IPv6, traffic-engineering, etc

3

Link-state routing

•Each router spreads information about its links to its neighbours.•This information is flooded to every router in the routing domain so that every router has knowledge of the entire network topology.•Using Dijkstra's algorithm, the shortest path to each prefix in the network is calculated

4

Comparison with Distance-Vector

•Link-state uses a distributed database model•Distance-vector uses a distributed processing model•Link-state pros:

–More functionality due to distribution of original data, no dependency on intermediate routers

• Easier to troubleshoot–Fast convergence: when the network changes, new routes are computed quickly–Less bandwidth consuming

•Distance-vector pros:–Less complex – easier to implement and administrate–Needs less memory

5

Dijkstra's shortest path

From the link-state database, compute a shortest path delivery tree using a permanent set S and a tentative set Q:1) Define the root of the tree: the router2) Assign a cost of 0 to this node and make it the first

permanent node.3) Examine each neighbor node of the last permanent node.4) Assign a cumulative cost to each node and make it tentative.5) Among the list of tentative nodes:

• Find the node with the smallest cumulative cost and make it permanent.

• If a node can be reached from more than one direction, select the direction with the smallest cumulative cost.

6) Repeat steps 3 to 5 until every node is permanent.

6

Dijkstra pseudo-codefunction Dijkstra(G, w, s)for each vertex v in V[G] // Initializations d[v] := infinity previous[v] := undefinedd[s] := 0S := empty set // S: Permanent setQ := set of all vertices // Q: Tentative setwhile Q is not an empty set // The algorithm itself u := Extract_Min(Q) S := S union {u} for each edge (u,v) outgoing from u if d[v] > d[u] + w(u,v) // Relax (u,v) d[v] := d[u] + w(u,v) previous[v] := u

(from Wikipedia)

7

RT1N1

RT2N2

3

3

N3

1

RT4

1

RT3

N4

2

1

1RT5

RT6

8 8

8 6

N12

N13

N14

N15

8

88

6

7

RT9N11

RT12

N10

3

10

N9

1

1

H1

2

1

RT11

2

N8

RT10

6

Ia 7

Ib

3

N6

1

RT8

1

4

N7

RT7

6

1

9

6

2

RFC 2328 fig 2

Network example

8

RT1N1

RT2N2

3

3

N31

RT4

1RT3

N4

2

1

1 RT5

RT6

8

8

8

6

N12

N13

N14

N15

8

88

6

7

RT9N11

RT12

N10

3

10

N9

1

1

H1

2

1RT11

2

N8

RT10

5

Ib

7

Ia

3

N6

1

RT8

0

4

N7

RT7

6

1

9

6

2

0 0

0 0

5

1

00

0

00

0

Database, graphical form

0

External

7

9

RT1N1

RT2N2

3

3

N3

RT4

1RT3

N4

2

RT5

RT66

N12

N13

N14

N15

8

88

6

RT9N11

RT12

N10

3

10

N9

H1

2

1RT11 N8

RT10

5

Ib

7

Ia

3

N6

1

RT8

0

4

N7

RT7

92

0

0

5

00

0

Shortest path tree from RT6

0

7

0

10

Building a routing table•Local routing table (RIB) computed from Dijkstra shortest path calculation•Next-hop routing: only nexthop router even if complete path is known

Example: RT6 Local destinations Remote

Destination Next Hop Distance__________________________________N1 RT3 10N2 RT3 10N3 RT3 7N4 RT3 8Ib * 7Ia RT10 12N6 RT10 8N7 RT10 12N8 RT10 10N9 RT10 11N10 RT10 13N11 RT10 14H1 RT10 21__________________________________RT5 RT5 6RT7 RT10 8

Destination Next Hop Distance__________________________________N12 RT10 10N13 RT5 14N14 RT5 14N15 RT10 17

11

From Network to FIB: Summary

1)Network topology and metrics2)Construct local link-states3)Flood link-state4)Construct topology database5)Compute Dijkstra6)Construct OSPF Routing table7)Merge with other routing protocols: RIB 8)Compile forwarding table: FIB

12

OSPF and IS-IS comparison

•Both are link-state protocols•IS-IS has a longer history from Digital via OSI•OSPF is newer and developed in IETF•Area difference

–OSPF defines area boundaries between interfaces–IS-IS defines area boundaries between nodes–IS-IS areas leads to simpler configuration

•Protocol dependency–IS-IS can run many protocols (IPv6, CLNP)–OSPF only IPv4, (OSPFv3 supports IPv6)

•OSPF is implemented on more platforms and more deployed•IS-IS often popular among backbone networks

13

OSPF Network Topology•Area 0 is the backbone area. All (inter-area) traffic goes via the backbone.•All other areas are connected to the backbone (1-level hierarchy)•An Area Border Router (ABR) has one interface in each area.•An AS Boundary Router (ASBR) – redistributes external routes•Backbone router – at least one interface in backbone area

AS2Area 0

Area 1 Area 2 Area 3

Area Border Router:Interfaces in different

areas

AS boundary router:External routing

All areas connected tobackbone area

Internal router +

ASBR

Internal router

External

External

14

IS-IS Network Topology•Area borders are between routers•Areas are called L1•Backbone is called L2•A router can be L1, L2, or L1+L2.•All inter-area traffic via L2 •L2 must be connected (1-level hierarchy)

L1 Area 1 L1 Area 2

L2

L1-L2Redistributes between

L1 and L2

L1 RouterDefault and intra-area L2 Router

Inter-area routes

15

History

•IS-IS came out of DECnet (Digital) •Used by ISO in its OSI effort

OSI was thought to be the internetworking standard protocolWhat survived was the OSI reference model

•IETF defined integrated IS-IS (or dual IS-IS) to work both for OSI (CLNP) and IP networkingthis is why it so easily could be extended with IPv6

16

L7: Application

L6: Presentation

L5: Session

L4: Transport

L3: Network

L2: Data Link

L1: Physical

The TCP/IP stack and OSI ref model

SMTP HTTP FTP DNS SSH ...

TCP UDP

IP

ICMP IGMP

ARP

Ethernet PPP WLAN ATM ...

SCTP

17

OSI and IP comparison

TCP/IPIPICMPARPRouterHostASPacketDR

OSICLNS~CLNP~ES-ISIS (Intermediate system)ES (End System)Routing DomainPDU (Protocol data unit)DIS (Designated IS)

18

ISO addressingISO addresses are:•Variable length: 6-20 bytes (48-160 bits)•Hierarchical structure•Node addresses (not link or interface)•A CLNS network-layer address is called an NSAP•From an IS-IS perspective, such an address looks like below with the following fields(*)

AFI - Authority and format identifier. 49 corresponds to private address spaceArea ID - Unique area identifierSystem ID - Per-area unique IDNSEL - NSAP selector. Zero means intermediate system

AFI49

AREA ID SYSTEM ID NSEL00

•Example: 49.0201.1920.1210.3047.00

Length[bytes]: 1 2-12 6 1

(*) Actually, ISO addressing is much more complex,....

19

OSI addresses (more complex)

•AFI (Authority Format Identifier)Specifies the format of the rest of the adress

•IDI/ICD (Initial Domian Identifier/International Code Designator)Speficies the authority for the adress space

• HO-DSP (High Order Domain Specific Part)Indicates the sub authority for the routing domain

•Area•System ID•Nsel (N Selector)

20

Example of NET address in .se

•AFI (Authority Format Identifier) 39•IDI (Initial Domain Identifier) SE 752•DFI (Domain Format Identifier) 100•AAI (Administrative Authority Identifier) 0014•RSVD (Reserved)•RD (Routing domain)•Area, System ID and sel.

21

Encapsulation

•OSPF runs over IPAllows virtual linksRelies on fragmentation if OSPF messages > links MTUVulnerable to spoofing and denial-of-service

•ISIS runs over link-layerRouting protocol independent of routed protocolMore difficult to spoof and attackHarder to implement (there are many link-layers,...)

22

Packet types

•Hellos - IS-to-IS Hello (IIH)Link-level multicast

•Link-state Packets (LSP)Pseudo-nodes (cf OSPF network LSA), Example N2 below.Nonpseduo-node (cf OSPF router LSA), Example RT3-RT6Also level 1 / level 2 LSPs (area support)

•Sequence number PDUs: (CSNP/PSNP)Complete sequence number PDU (CSNP)

• A list of all LSPs of current database

• Similar to OSPF DD packet

Partial sequence number PDU (PSNP)

• Request or ack specific LSPs

RT3 RT4

RT5 RT6

RT3

RT4

RT4

RT6

N2

N2

Designated IS

23

Encoding

•OSPF Positional fieldsHard-wired for IPv432 bit alignmentUnknown LSAs are discarded

•ISIS uses TLV (Type - Length - Value)No alignmentExtensible Unknown LSAs are floodedNested TLV gives a lot of flexibility

24

Adjacency forming

•Send IIHs (IS-IS Hellos) over L2•Detect point-to-point or broadcast media•Match timers: holding time before defining a neighbor dead•Circuit-type (level 1 / level 2)•Priority - higher is better•On a broadcast link, a Designated IS is selected using priority and thereafter MAC address•A DIS with better prio (or mac address) pre-empts another DIS which makes DIS forming deterministic

In OSPF DR election is non-deterministic

•No need for BDR (backup)•Hellos are typically padded to full MTU size

To detect mismatching MTUs on same linkOSPF does this at DD

25

Areas

•IS-IS areas are named L1. •L2 represents inter-area routes•A router can be L1, L2 or L1-L2•A router can have most two link-state databases (L1 and L2)•An L1 area corresponds to an OSPF totally stub area with only intra-area routes and a default route to the nearest L2 router.•The L1 area is specified by the AREA-ID in the OSI address.

Therefore only one area per router

•Areas are formed as part of the hello protocol

26

Areas example•Two areas: 0001 and 0002 connected by inter-area L1-L2, and L2 routes•L2 corresponds to a backbone: all inter-area traffic must go via L2•The L1-L2 routers are area border routers

They redistribute routes from the L1 to the L2 link-state DBThey redistribute a default route from L2 to L1

L2L1: 0001

L2 L2L1: 0002

L1: 0002L1: 0001

27

Areas adjacency

•Two L1 routers can form L1 adjacencies only if areaid match•L2 routers always match

L1: 0002L1: 0001

L1: 0001L1: 0001MATCH!

NOMATCH!

L2L1: 0002

L2L1: 0001

L2L1: 0001

L2L1: 0001

MATCH!

MATCH!

L2L2MATCH!

28

L2 vs OSPF backbone

•L2 routers must be contiguous but is not an area in itself•There is even a mechanism for repairing partitioned L1 areas using L2 in IS-IS•L1 routers send all non intra-area traffic to the nearest L2 routers

Area 2

Area 1 Area 3

Area 4L1

L1

L1

L1

L1/L2

L1/L2

L1/L2L1/L2 L2

L1/L2

29

Route leaking

•Totally stub areas (only default route) can lead to sub-optimal routing

Why? Because if area is multi-homed, a single default route may not provide the best route

•It is possible to extend ISIS L1 areas to something similar to OSPF areas•L2 routes can be ”leaked” to L1 routers•L1 routers can then make better route calculations

30

Database

•OSPF Stores Database AdvertisementsLSAs are usually many and smallNetwork and Router LSA can get largeLSAs are grouped into LSA Updates when floodingLSA Updates need to be rebuilt at each hopTherefore both LSA and OSPF message chsksums are needed

•IS-IS stores LSP packetsLSPs are organized by the originating routerLSPs are always flooded intact, never changed

• The same minimum MTU is required in the whole network!

Each topology change gives a new LSP

31

Extensions

•OSPF was never built to be extendedHardwired for IPv4IPv6 requires a new protocol (OSPFv3)

•ISIS is extendableSo far extending ISIS has straightforwardIPv6 ready (just like it's IPv4 and IPX ready...)

A side-note: Some researchers claim that routing protocols should be completely independ of each other, that they should act like ”ships in the night”: CLNP, IPX, IPv4 and IPv6 routing should be run by different protocols. But one can still run the same protocol in different instances, and then you get all benefits of configuration reuse, etc, of using the same protocol

32

Deployment

•IS-IS very popular in the ISP worldespecially large ISPs

•OSPF popular in enterprises•What are the reasons for this?•Availability of implementations:

Only the large routing vendors have good IS-IS implementations: CISCO, JUNIPERExample: There is no stable open-source IS-IS implementation available

•Many claim that IS-IS is easier to configure.

33

IS-IS lab

•IS-IS in pair, square and cross•IS-IS areas: a single L1, one L1/L2 and two L2 routers connected to all other groups.•IPv6 and ISIS

34

Conclusions

•For most topologies, IS-IS and OSPF are functionally identical•Stability and scalability are mostly a matter of hardware, software and topology, not protocol•Choose the one you are most comfortable with