Section 1: Implementing IS-IS

Introduction
Integrated Intermediate System-to-Intermediate System (IS-IS) routing protocol is a link-state Interior
Gateway Protocol (IGP) developed in the late 1980s. It is still very much alive and is used in the service
provider environments and next-generation networks of today. Here you will learn technical details of
implementing IS-IS in your network, starting with the details of IS-IS terms, operation, and configuration,
as well as basic troubleshooting in multiarea, IP version 4 (IPv4), and IP version 6 (IPv6) environments.

IS-IS Introduction
IS-IS is a popular IP routing protocol in the service provider industry. The simplicity and stability of IS-IS
make it robust in large internetworks. IS-IS is found in large service providers and in some networks that
support Open Systems Interconnection (OSI) protocols.
Here are the main characteristics of the IS-IS routing protocol and IS-IS:
• Integrated IS-IS is a link-state routing protocol.
• Proven to be very stable and scalable, with very fast convergence.
• IS-IS was originally designed as the IGP for the Connectionless Network Service (CLNS), part of the
OSI protocol suite.
• The OSI protocol suite Layer 3 protocol is the CLNP.
• It is flexible and extendable to accommodate future applications.

Types of nodes in OSI:

• End system: Any nonrouting network node (hosts)
• Intermediate System: A router
Integrated IS-IS is a standards-based IGP that is widely deployed and used in large service provider
networks. It owes its presence to the fact that it is very scalable and stable, and the convergence times are
low in large networks with a large number of routers, or intermediate systems as they are called in IS-IS. IS-
IS operates directly on Layer 2, using the Connectionless Network Protocol (CLNP) for communication
between intermediate systems. It is also a very flexible protocol and has been extended to incorporate
leading-edge features, such as Cisco Multiprotocol Label Switching Traffic Engineering (MPLS TE). The
Cisco IS-IS implementation is based on the IP routing capabilities described in the International
Organization for Standardization (ISO) / International Engineering Consortium (IEC) 10589 and Request
for Comment (RFC) 1195. IS-IS development began before the development of Open Shortest Path First
(OSPF), a protocol that has many similarities to IS-IS.
ISO specifications refer to routers as intermediate systems. Thus, IS-IS is a protocol that allows routers to
communicate with other routers. OSI CLNS is a network layer service similar to bare IP service. A CLNS
entity communicates over CLNP with its peer CLNS entity. IS-IS uses CLNS addresses to identify the
routers and to build the link-state database (LSDB).

IS-IS Hierarchical Design

IS-IS protocol supports a two-level hierarchy for managing and scaling routing in large networks. Important
OSI networking terms include area, domain, Level 1 routing, and Level 2 routing. An area is a group of
contiguous networks and attached hosts that is specified to be an area by a network administrator or
manager. With IS-IS, an individual router is always in only one area, and the border between areas is on the
link that connects two routers that are in different areas. This adjacency is always Level 2. A domain is a
collection of connected areas. Routing domains provide full connectivity to all end systems within them.
Level 1 routing is routing within a Level 1 area, while Level 2 routing is routing between Level 1 areas.

The figure illustrates a hierarchical IS-IS design with these characteristics:

• Level 2 area with Level 2-only routers in the core
• Level 2 area edge with Level 1-2 routers to connect to other areas using Level 1
• Level 1 areas with Level 1-2 routers connecting areas to Level 2
• Level 1 areas with Level 1-only routers

Like OSPF, IS-IS can also be implemented in a simpler fashion with fewer areas or simply one area and one
level. A good choice and best practice when designing a flat IS-IS network is to start with a Level-1-2 flat
network because it is easier to expand to a multilevel hierarchy later with minimal network disruption. This
means that every interface will be configured for both levels, and this is the default Cisco IOS Software
behavior. Unlike OSPF, all IS-IS areas do not have to connect to a common backbone area. However, the
IS-IS backbone must be a contiguous collection of Level 2 capable routers, each of which might be in a
different area. If the connectivity in the backbone is broken, the connectivity between Level 1 areas attached
to the backbone will be broken as well.
IS-IS Characteristics
IS-IS is the dynamic link-state routing protocol for the OSI protocol stack. It distributes routing information
for routing CLNP data for the ISO CLNS environment. IS-IS operates in a way similar to that of OSPF. IS-
IS allows the routing domain to be partitioned into areas. IS-IS routers establish adjacencies by using a
Hello protocol and exchange link-state information by using link-state packets (LSPs) throughout an area to
build the LSDB.
Each router then runs the Dijkstra's Shortest Path First (SPF) algorithm against its LSDB to choose the best
paths. There is a minimal amount of information that is communicated between areas, which reduces the
burden on routers supporting the protocol.
IS-IS routing takes place at two levels within an AS—Level 1 and Level 2:
• Level 1 routing occurs within an IS-IS area. It recognizes the location of the end systems and
intermediate systems, and then it builds a routing table to reach each system. All devices in a Level 1
routing area have the same area address. Routing within an area is accomplished by looking at the
locally significant address portion (known as the system ID) and choosing the lowest-cost path.
• Level 2 routers learn the locations of Level 1 routing areas and build an interarea routing table. All
intermediate systems on a Level 2 routing area use the destination area address to route traffic, using the
lowest-cost path.

Other IS-IS characteristics:

• Each router holds the topology information for its own area only.
• IS-IS is part of OSI and was originally used with CLNS only; extended later for use with IP.
• IS-IS still uses CLNS to maintain adjacencies and build an SPF tree.
• Integrated IS-IS can also carry IPv4 and IPv6 routing information.
• The wide-style metric is used for large, high-speed service provider networks versus the legacy narrow-
style metric.
– Wide-style metric: New style, allowing 24-bit link metric and 32-bit path metric.
– Narrow-style metric: Old style, metric allowing 6-bit link metric and 10-bit path metric.
• The link cost defaults to 10.
• Each router is identified using a unique NSAP address.

Like OSPF, IS-IS is also a link-state protocol using Dijkstra’s algorithm, in which each router has topology
information for its area. IS-IS is part of the OSI standard protocol suite and was originally used with CLNS.
Each router is identified using a unique network service access point (NSAP) address, which is part of the
CLNS protocol. IS-IS still uses CLNS to maintain adjacencies and build SPF trees, but the integrated
version of IS-IS can be used for other protocols, such as IP, and can also have extensions for Cisco MPLS
TE.
The wide-style metric is the new metric type and is used for large, high-speed service provider networks
(24-bit link metric and 32-bit path metric). The link cost defaults to 10 and can be modified on a per-link
basis to reflect the desired cost. The narrow-style metric can only accommodate 63 different metric values,
allowing an interface cost between 1 and 63 (6-bit metric value), and the total path metric is limited to 1023
(the sum of all link metrics along a path). This small metric value is insufficient for large networks and new
features such as Traffic Engineering, especially with high-bandwidth links.
IS-IS Router and Link Types
The interaction between routers in an IS-IS domain depends on router types, link types, and area.

A Level 1 router knows the topology only of its own area and has Level 1 or Level 1 / Level 2 neighbors in
this area. It has a Level 1 link-state database with all the information for intra-area routing. It uses the
closest Level 2–capable router in its own area to send packets out of the area. A Level 2 router may have
neighbors in the same area or in different areas, and it has a Level 2 link-state database with all information
for interarea routing. A Level 1 / Level 2 router may have neighbors in any area. It has two link-state
databases: a Level 1 link-state database for intra-area routing and a Level 2 link-state database for interarea
routing. A Level 1 / Level 2 router runs two SPFs and may require more memory and processing as a result.
Adjacencies can be formed based on area assignment:
• Level 1 and Level 2 adjacencies can be formed between routers in the same area.
• Only Level 2 adjacencies can be formed between routers in different areas.

A Level 1-2 router automatically advertises to all Level 1 routers (within its area) that it is a potential exit
point of the area. Level 1 routers default to the nearest attached Level 1-2 router to route outside its own
area. You can consider IS-IS areas as totally stubby areas by default, although, optionally leaking Level 2
routes into Level 1 is possible.
Area boundaries fall on the links. Each IS-IS router belongs to exactly one area. Neighboring routers learn
whether they are in the same area or different areas, and they negotiate appropriate adjacencies—Level 1,
Level 2, or both. Each router keeps a copy of the LSDBs for the levels that are its responsibility.
Recall that IS-IS defines three types of routers:
• Level 1: Level 1 routers learn about paths within the areas they connect to (intra-area).
• Level 2: Level 2 routers learn about paths between areas (interarea).
• Level 1-2: Level 1-2 routers learn about paths both within and between areas. Level 1-2 routers are
equivalent to Area Border Routers (ABRs) in OSPF.
1. 0Which three router types are defined by the IS-IS protocol? (Choose three.)
a. Area Border Router
b. Level 1-2
c. Level 3
d. Level 1
e. Level 2
0Integrated IS-IS Routing
Integrated IS-IS routing is characterized by the hierarchical model. The routing logic is divided into IS-IS
levels and areas and here you will learn how that hierarchy can be set up and operated and how to influence
the routing of IP packets through your network. You will also learn some of the similarities and differences
between OSPF and IS-IS.
Integrated IS-IS, or dual IS-IS, is an implementation of the IS-IS protocol for routing multiple network
protocols, IP, and CLNS. Integrated IS-IS is specified in RFC 1195 and ISO 10589.
Integrated IS-IS tags CLNP routes with information about IP networks and subnets. As an alternative to
OSPF, Integrated IS-IS combines ISO CLNS and IP routing in one protocol. Integrated IS-IS can be used
for IP routing, CLNS routing, or for a combination of the two.
Integrated IS-IS uses its own protocol data units (PDUs), including IP reachability information, to transport
information between routers. IS-IS information is not carried within a network-layer protocol, but instead it
is carried directly within data-link layer frames.
This protocol-independence makes IS-IS easily extensible; there is also a version of Integrated IS-IS that
supports IPv6. Because IS-IS uses CLNS addresses to identify the routers and to build the LSDB, an
understanding of CLNS addresses is required to configure and troubleshoot IS-IS, even when it is used only
for routing IP.
The network environment can be IP-only, ISO CLNP-only, or both protocols in parallel. The IS-IS protocol
was originally intended to support only CLNP. RFC 1195 adapts the original IS-IS specification, ISO
10589, to support IP, in what is referred to as Integrated IS-IS. The following implementation requirements
are specified by RFC 1195:
• Pure IP domains route only IP traffic but support forwarding and processing of OSI packets required for
IS-IS operation. The extent of the OSI CLNP communication is limited to directly connected routers to
exchange actual IS-IS information.
• Pure ISO domains carry only ISO traffic, including the traffic required for IS-IS operation. In this
scenario, there is no IP traffic routed by IS-IS.
• A dual domain routes both IP (IPv4 and/or IPv6) and OSI CLNP traffic simultaneously. One protocol
has no influence on the routing of others.

Integrated IS-IS Design Principles

Effective networks are well planned. The first and most important step in building a scalable network is
developing a good addressing plan that allows for route summarization. Route summarization is possible
only when you are using a hierarchical addressing structure.
When designing your IS-IS network, consider these points:
• IP and CLNP addresses must be planned.
• The two-level hierarchy is used for scalability:
– Limits LSP flooding
– Provides an opportunity for summarization
• Example is based on classic three-layer architecture:
– Access, distribution, and core
Effective address planning presents opportunities to group devices into areas. Using areas confines the
scope of LSP propagation and saves bandwidth. Level 1-2 routers, on the border between a Level 1 area and
a Level 2 backbone, are logical places to implement route summarization.
Route summarization saves memory because each intermediate system is no longer responsible for the LSPs
of the entire routing domain. Route summarization also saves CPU usage because a smaller routing table is
easier to maintain.
Here you have to consider the metrics again, as one issue with legacy IS-IS implementations, using narrow
metrics, is that they are limited to a maximum interface metric of 63 (6 bits) and a maximum total path
metric of 1023 (10 bits). This constraint limits the ability to effectively distinguish between paths in large
networks. If this poses problems to the service provider, the solution is to transition to the wide metric
mode. Cisco IOS Software, and both XE and XR flavors, supports wide metrics that allow a 24-bit interface
and 32-bit path metrics.
IS-IS, as it is implemented on Cisco routers, does not automatically scale the interface metric. Instead, all
IS-IS interfaces have a default metric of 10; this setting can be changed manually. If the default metric is not
adjusted on each interface, the IS-IS metric becomes similar to the hop count metric that is used by the
distance vector protocols.
Similarities Between IS-IS and OSPF
The differences between OSPF and IS-IS are not as drastic as the differences between link-state protocols
and distance-vector protocols, but they do exist.
IS-IS and OSPF are more similar than dissimilar. Both routing protocols have the following characteristics:
• They are open-standard link-state routing protocols.
• They support variable-length subnet masks (VLSMs).
• They use similar mechanisms, such as link-state advertisements (LSAs), link-state aging timers, and
LSDB synchronization, to maintain the health of the LSDB.
• They use the SPF algorithm, with similar update, decision, and flooding processes.
• They are successful in the largest and most demanding deployments (service provider networks).
• They converge quickly after network changes.
• Both can be deployed in enterprise and service provider environments. OSPF is a more likely candidate
for enterprise environments, while IS-IS realizes its advantages in large service provider networks.
• Both use the concept of areas and hierarchical architecture.

Integrated IS-IS vs. OSPF: Area Design

The figure summarizes the differences between OSPF and Integrated IS-IS.

With OSPF, network design is constrained by the fact that OSPF is based on a central backbone, Area 0,
with all other areas being physically attached to Area 0. The border between areas is inside the ABRs; each
link is only in one area. When you use this type of hierarchical model, a consistent IP addressing structure is
necessary to summarize addresses into the backbone. Summarization also reduces the amount of
information that is carried in the backbone and advertised across the network.
In comparison, IS-IS has a hierarchy of Level 1, Level 2, or Level 1-2 routers, and the area borders lie on
links. IS-IS permits a more flexible approach to extending the backbone. The backbone can be extended by
simply adding more Level 2 and Level 1-2 routers, a less complex process than with OSPF.
OSPF and IS-IS Comparison

OSPF produces many small LSAs. IS-IS updates are grouped by the router and are sent as one LSP. Thus,
as network complexity increases, the number of IS-IS updates is not an issue. Each update packet must be
routed, and routing takes network resources, so more packets represent a larger impact on the network.
Because IS-IS uses significantly fewer LSPs, more routers, at least 1000, can reside in a single area, making
IS-IS more scalable than OSPF.
OSPF runs over IP, whereas IS-IS runs through CLNS.
IS-IS is also more efficient than OSPF in the use of CPU resources and in the way that it processes routing
updates. Not only are there fewer LSPs to process (LSAs, in OSPF terminology), but also the mechanism by
which IS-IS installs and withdraws prefixes is less intensive. IS-IS uses network entity title (NET) addresses
that are already summarized.
Both OSPF and IS-IS are link-state protocols so they provide fast convergence. The convergence time
depends on a number of factors, such as timers, number of nodes, and the type of router. Based on the
default timers, IS-IS detects a failure faster than OSPF; therefore, convergence occurs more rapidly. If there
are many neighboring routers and adjacencies, the convergence time may also depend on the processing
power of the router. IS-IS is less CPU-intensive than OSPF.
New features are not easily implemented in OSPF packets; they require the creation of a new LSA. The
OSPF description schema is difficult to extend because of compatibility issues, and because it was
developed exclusively for IPv4. IS-IS is easy to extend through the type, length, value (TLV) mechanism.
TLV strings, called tuples, encode all IS-IS updates. IS-IS can easily grow to cover IPv6, or any other
protocol, because extending IS-IS consists of simply creating new TLVs.
A company may choose OSPF over IS-IS because OSPF is more optimized, and because it was designed
exclusively as an IP routing protocol. For example, OSPF defines different area types (normal, stub, and
NSSA). The default OSPF metric is related to the interface bandwidth, while IS-IS defaults to a metric of 10
on all interfaces.
If a company does choose OSPF, it will require networking equipment that supports OSPF and network
engineers that are familiar with OSPF theory and operation. Finding both equipment and personnel to
support an OSPF infrastructure is relatively easy. Furthermore, OSPF documentation is much more readily
available than documentation for IS-IS.
IS-IS Addressing
Unlike IP addresses, CLNS addresses apply to entire nodes and not to interfaces. Because IS-IS was
originally designed for CLNS, IS-IS requires CLNS addresses, even if the router is only used for routing IP.
CLNS addresses that are used by routers are called NSAPs. One part of an NSAP address is the NSAP
selector (NSEL) byte. When an NSAP is specified with an NSEL of 0, the NSAP is called NET.
OSI addresses have these characteristics:
• OSI network layer addressing is implemented with NSAP addresses.
• An NSAP address identifies a system in the OSI network; an address represents an entire node, not an
interface.
• Various NSAP formats are used in various systems, because different protocols may use different
representations of NSAP.
• NSAP addresses are a maximum of 20 bytes:
– Higher-order bits identify the interarea structure.
– Lower-order bits identify systems within an area.

IS-IS LSPs use NSAP addresses to identify the router and build the topology table and the underlying IS-IS
routing tree; therefore, IS-IS requires NSAP addresses to function properly, even if it is used only for
routing IP.
NSAP addresses contain the following:
• OSI address of the device
• Link to the higher-layer process

The NSAP address is equivalent to the combination of the IP address and upper-layer protocol in an IP
header.
NSAP addresses have a maximum size of 20 bytes. The higher-order bits identify the interarea structure,
and the lower-order bits identify unique systems within an area.
There are various NSAP address formats.

The Cisco implementation of Integrated IS-IS divides the NSAP address into three fields: the area address,
system ID, and NSEL. Cisco routers routing CLNS use addressing that conforms to the ISO 10589 standard.
ISO NSAP addresses consist of these elements:
• The authority and format identifier (AFI) and the initial domain identifier (IDI) make up the initial
domain part (IDP) of the NSAP address. The IDP corresponds roughly to an IP classful major network:
– The AFI byte specifies the format of the address and the authority that is assigned to that address.
Some valid values are shown in the figure.
– Addresses starting with the AFI value of 49 are private addresses, analogous to RFC 1918 for IP
addresses. IS-IS routes these addresses; however, this group of addresses should not be advertised
to other CLNS networks because they are ad hoc addresses. Other companies that use a value of 49
may have created different numbering schemes that, when used together, could create confusion.
– The IDI identifies a subdomain under the AFI. For instance, 47.0005 is assigned to civilian
departments of the U.S. government, and 47.0006 is assigned to the U.S. Department of Defense.
• The domain specific part (DSP) contributes to routing within an IS-IS routing domain. The DSP
comprises the high-order domain specific part (HO-DSP), the system ID, and the NSEL:
– The HO-DSP subdivides the domain into areas. The HO-DSP is approximately the OSI equivalent
of a subnet in IP.
– The system ID identifies an individual OSI device. In OSI, a device has an address, just as it does in
DECnet, whereas in IP, each interface has an address.
– The NSEL identifies a process on the device and corresponds roughly to a port or socket in IP. The
NSEL is not used in routing decisions.

The simplest NSAP format, used by most companies that are running IS-IS as their IGP, comprises the
following:
• Area address: It must be at least 1 byte, separated into two parts:
– The AFI, set to 49, which signifies that the AFI is locally administered and; therefore, individual
addresses can be assigned by the company
– The area identifier (ID); the octets of the area address following the AFI.
• System ID: Cisco routers that are compliant with the U.S. Government Open Systems Interconnection
Profile (GOSIP) Version 2.0 standards require a 6-byte system ID.
• NSEL: NSEL must always be set to 0 for a router. NET is an NSAP address with an NSEL of 0.

Routers use the NET to identify themselves in the IS-IS PDUs. For example, you might assign
49.0001.0000.0c12.3456.00, which represents the following:
• AFI of 49
• Area ID of 0001
• System ID of 0000.0c12.3456, the MAC address of a LAN interface
• NSEL of 0

The area address is also referred to as the prefix.

The area address uniquely identifies the routing area, and the system ID identifies each node.
The first part of an NSAP is the area address, and it is associated with the IS-IS routing process. Unlike
OSPF, an IS-IS router can be a member of only one area. All routers in an area must use the same area
address, which defines the area. The area address is used in Level 2, that is, interarea routing.
The 6-byte NSAP system ID must be unique within an area. Using a MAC address from the router, or for
Integrated IS-IS, to encode an IP address into the system ID is customary. All system IDs in a domain must
be of equal length. Cisco enforces this OSI directive by fixing the length of the system ID at 6 bytes.
Level 1 intra-area routing is based on system IDs; therefore, each intermediate system (router) must have a
unique system ID within the area.
All Level 2 intermediate systems eventually recognize all other intermediate systems in the Level 2
backbone; therefore, they must also have unique system IDs. A good practice is that system IDs should
remain unique across the domain. If the system IDs remain unique, there can never be a conflict at Level 1
or Level 2 if, for example, when a device moves into a different area.

IS-IS Routing Logic

IS-IS routing flows naturally from the OSI address plan, in which areas are identified and unique system
IDs are given to each device.
• Level 1 router: For a destination address, compare the area address to this area:
– If not equal, pass to the nearest Level 1-2 router.
– If equal, use the Level 1 database to route by the system ID.
• Level 1-2 router: For a destination address, compare the area address to this area:
– If not equal, use the Level 2 database to route by the area address.
– If equal, use the Level 1 database to route by the system ID.
The IP routing partly involves the building of an IP forwarding table:
• IP information is included in LSPs.
• IP information does not influence the calculation of the SPF tree.
• IP routes are generated by the partial route calculation (PRC) and offered to the IP routing table:
– Routes accepted based on the usual routing rules
– Routing table shows Level 1 or Level 2 routes

The area address portion of the NSAP address can range from 1 to 13 bytes in length, as specified by the
ISO standard. Therefore, an NSAP for an IS-IS network can be as little as 8 bytes in length. The NSAP is
usually longer, to permit some granularity in the allocation of areas. The area address prefix is common to
all devices in an area and it is unique for each area. Routers are in the same area if they share the same area
address.
Routing within an area involves collecting system IDs and adjacencies for all routers in an area, and using
Dijkstra’s algorithm to compute the best paths between the devices. Level 1 routers are aware only of the
local area topology. They pass the traffic that is destined to travel outside the area to the closest Level 1-2
router.
Routing between areas is based on the area address. Level 2 routers in different areas exchange area address
information and use Dijkstra’s algorithm to compute best paths between areas. They pass traffic between
areas to the closest Level 1-2 router.
End system hello (ESH) and intermediate system hello (ISH) packets are used for routers (intermediate
systems) and end systems to detect each other. When a host is required to send a packet to another host, the
packet goes to one of the routers on a network that is directly attached to the host. If the destination host is
in the same area, the router searches for the destination system ID and forwards the packet appropriately
along the best route.
If the destination address is a host in another area, the Level 1 router sends the packet to the nearest Level 1-
2 router. Forwarding through Level 2 routers continues until the packet reaches a Level 2 (or Level 1-2)
router in the destination area.
Within the destination area, routers forward the packet along the best path until the destination host is
reached.
Because each router makes its own best-path decisions at every hop along the way, there is a significant
chance that paths will not be reciprocal. In other words, return traffic can take a different path than the
outgoing traffic. For this reason, knowing the traffic patterns within your network and tuning IS-IS for
optimal path selection is important.

Asymmetric vs. Symmetric IS-IS Routing

Asymmetric routing (packets taking different paths in different directions) is not detrimental to the network;
however, this type of routing can make troubleshooting difficult, and it is sometimes a symptom of
suboptimal design.

In the figure, Area 1 contains two routers:

• One router borders Area 2 and is a Level 1-2 intermediate system.
• The other router is contained within the area and is a Level 1 router only.

Area 2 has many routers:

• A selection of routers is specified as Level 1. The routers route either internally to that area or to the exit
points (the Level 1-2 routers).
• The three Level 1-2 routers form a chain across Area 2, linking to the neighbor Areas 1, 3, and 4.
Although the middle router of the three Level 1-2 routers does not link directly to another area, the
middle router must support Level 2 routing to ensure that the backbone is contiguous. If the middle
router fails, the other Level 1-only routers cannot perform the Level 2 function (despite having a
physical path across Area 2), and the backbone is broken.

Area 3 contains one router that borders Areas 2 and 4, yet it has no intra-area neighbors and is performing
Level 2 functions only. If you add another router to Area 3, the border router reverts to Level 1-2 functions.
In the figure, symmetric routing does not occur because Level 2 details are hidden from Level 1 routers that
recognize only a default route to the nearest Level 1-2 router. Traffic from router X to router Y flows from
router X to its closest Level 1-2 router. The Level 1-2 router then forwards the traffic along the shortest path
to the destination area (Area 2). When the traffic flows into Area 2, the traffic is routed along the shortest
intra-area path to router Y.
Router Y routes return packets to router X via its nearest Level 1-2 router. The Level 1-2 router recognizes
the best route to Area 1 via Area 4, based on the lowest-cost Level 2 path.
Because Level 1 and Level 2 computations are separate, the path taken from router Y back to router X is not
necessarily the least-cost path from router Y to router X.

Route Leaking Loop Prevention

Route leaking is a feature that allows selected Level 2 routes to leak in a controlled manner to Level 1
routers, which helps to avoid asymmetric routing.

Route leaking helps reduce suboptimal routing by providing a mechanism for leaking, or redistributing,
Level 2 information into Level 1 areas. With more detail about interarea routes, a Level 1 router is able to
make a better choice about which Level 1-2 router should receive the packet.
The example in the figure demonstrates the operation of route leaking in an IS-IS network scenario. The
requirement is to make sure that traffic for network 10.1.1.0/24 exits Area 3 via router A. You will
configure route leaking so that 10.1.1.0/24 is leaked from the Level 2 database of router A into the Level 1
routers of Area 3. This configuration will ensure that a specific route for 10.1.1.0/24 exists on all routers in
Area 3 and that it ultimately leads to router A and from there to Area 5.
The importance of the up/down bit in IS-IS loop prevention is demonstrated in the operation of router B.
Because the up/down bit is set, router B will not insert the route from the L1 database into its L2 database
and, therefore, the route will not be re-advertised into the backbone. This in turn will prevent possible
routing loops for this route since all areas are already getting that route via Level 2 routing.
Leaked routes are referred to as interarea routes in the routing table and the IS-IS database. When you are
viewing the routing table, all the leaked routes are marked with an "IA" designation.
Route leaking is defined in RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS, for use with
the narrow metric TLV types 128 and 130. The IETF has also defined route leaking for use with the wide
metric (using TLV type 135).
To implement route leaking, an up/down bit in the TLV is used to indicate whether the route that is
identified in the TLV has been leaked. If the up/down bit is set to 0, the route originated within that Level 1
area.
If the up/down bit is set to 1, the route has been redistributed into the area from Level 2. The up/down bit is
used to prevent routing loops; a Level 1-2 router does not re-advertise (into Level 2) any Level 1 routes that
have the up/down bit set to 1.
Route leaking should be planned and deployed carefully to avoid a situation in which any topology change
in one area makes it necessary to recompute many routes in all other areas.
1. 0Which three components of the NSAP address are in IS-IS? (Choose three.)
a. area address
b. system ID
c. NSEL
d. NET
e. router ID
0IS-IS Operation
Integrated IS-IS operates in broadcast mode and point-to-point mode depending on the link type. You will
learn how these modes operate and what IS-IS packets are exchanged to achieve adjacency.
• Generally, physical links can be placed in these two groups:
– Broadcast: Multiaccess subnetworks that support the addressing of a group of attached systems.
– Point-to-point: Permanent or dynamically established links.
• Only two link-state representations are available in IS-IS:
– Broadcast for LANs and multipoint WANs.
– Point-to-point for all other topologies.
• IS-IS has no concept of nonbroadcast multiaccess (NBMA) networks. Using point-to-point links, such
as point-to-point subinterfaces, over NBMA networks is recommended.

— Broadcast Point-to-point

Usage LAN, full-mesh WAN PPP, High-Level Data Link Control

(HDLC), partial-mesh WAN

Hello timer 3.3 sec for Designated Intermediate 10 sec

System (DIS), else 10 sec

Adjacencies n*(n-1)/2 n-1

Uses DIS Yes No

LSP and IS-IS Hello (IIH) Sent as multicast Sent as unicast

IIH type Level 1 IIH, Level 2 IIH Point-to-point IIH

IS-IS Packets
The OSI stack defines a unit of data as a PDU. OSI recognizes a frame as a data-link PDU and a packet as a
network PDU.
The first eight octets of all IS-IS PDUs are header fields that are common to all PDU types. The TLV
information is stored at the very end of the PDU. Different types of PDUs have a set of currently defined
TLV codes. Any TLV codes that are not recognized by a router should be ignored and passed through
unchanged.
IS-IS PDUs are encapsulated directly into an OSI data-link frame. IS-IS defines four types of PDUs:
• Hello PDU: This type of PDU is used to establish and maintain adjacencies:
– End system hello (ESH): Announces the presence of an end system. ESHs are sent by all end
systems. Intermediate systems (routers) listen for these hellos to discover the end systems.
– Intermediate system hello (ISH): Announces the presence of an intermediate system (router).
ISHs are sent by all intermediate systems. End systems listen for these hellos to discover the
intermediate systems.
 – IS-IS Hello (IIH): Enables the intermediate systems to detect IS-IS neighbors and form
adjacencies.
• LSP PDU: Used to distribute link-state information.
• Partial sequence number PDU (PSNP): Used to acknowledge and request missing pieces of link-state
information.
• Complete sequence number PDU (CSNP): Used to describe the complete list of LSPs in the LSDB of
a router.

Link-state packet:
• A router describes itself with an LSP.
• LSPs are sequenced to prevent duplication:
– LSPs assist with synchronization.
– Sequence numbers begin at 1.
– Sequence numbers are increased to indicate the newest LSP.
• LSPs in LSDB have a remaining lifetime:
– Allow synchronization, decreasing timer.
• Each set includes a TLV.

TLV Type Code Length Field Value Variable Length

Area address 1 Area ID length+1 Areas

Intermediate system neighbors 2 Neighbor count+1 IS neighbors

IP internal reachability 128 Number of connected prefixes Connected IP prefixes: 4-byte

metric, 4-byte prefix,
4-byte mask
 TLV Type Code Length Field Value Variable Length

IP external reachability 130 Number of redistributed Redistributed IP prefixes: 4-byte

prefixes metric, 4-byte prefix,
4- byte mask

In IS-IS, the characteristics of a router are defined by an LSP. The LSP of a router contains an LSP header
and TLV fields:
• An LSP header includes these elements:
– The PDU type and length
– The LSP ID
– The LSP sequence number, used to identify duplicate LSPs and to ensure that the latest LSP
information is stored in the topology table.
– The remaining lifetime for the LSP, which is used to age out LSPs
• Some examples of TLV fields include the following:
– Type Code 1 = area addresses
– Type Codes 2 and 6 = intermediate system neighbors
– Type Code 3 = end system neighbors
– Type Code 10 = authentication information
– Type Code 128 = IP internal reachability information
– Type Code 129 = protocols supported
– Type Code 130 = IP external reachability information
– Type Code 132 = IP interface addresses

Refer to ISO 10589 and RFC 1195 for more information on the TLVs.
LSPs are given sequence numbers that provide information to the receiving routers:
• Ensures that the latest LSPs are used in their route calculations.
• Avoids entering duplicate LSPs in the topology tables.

If a router reloads, the sequence number is set to 1. The router then receives its previous LSPs from its
neighbors. These LSPs have the last valid sequence number before the router reloaded. The router records
this number and reissues its own LSPs with the next higher sequence number.
Each LSP has a remaining lifetime that is used by the LSP aging process to ensure the removal of outdated
and invalid LSPs from the topology table after a suitable time. This process is known as the count-to-zero
operation; 1200 seconds is the default start value.
Each LSP includes specific information about networks and stations that are attached to a router. This
information is found in multiple TLV fields that follow the common header of the LSP. The TLV structure
is a flexible way to add data to the LSP, and an easy mechanism for adding new data fields that may be
required in the future.
IS-IS Adjacencies
IS-IS adjacencies are established based on the area address and router type.

For example, when a LAN has routers from two areas attached, the following processes apply:
• The routers from one area accept Level 1 IIH PDUs only from their own area and therefore establish
Level 1 adjacencies only with their own area Level 1 routers.
• The routers from a second area similarly accept Level 1 IIH PDUs only from their own area.
• The Level 2 routers (or the Level 2 process within any Level 1-2 router) accept only Level 2 IIH PDUs
and establish only Level 2 adjacencies.

On point-to-point links, the IIH PDUs are common to both levels but announce the level type and the area
address in the hellos as follows:
• Level 1 routers in the same area exchange IIH PDUs that specify Level 1 and establish a Level 1
adjacency.
• Level 2 routers exchange IIH PDUs that specify Level 2 and establish a Level 2 adjacency.
• Two Level 1-2 routers in the same area establish both Level 1 and Level 2 adjacencies and maintain
these with a common IIH PDU that specifies the Level 1 and Level 2 information.
• Two Level 1 routers that are physically connected, but that are not in the same area, can exchange IIHs,
but they do not establish adjacency because the area addresses do not match.
IS-IS Broadcast Mode
Broadcast networks are LAN interfaces or multipoint WAN interfaces. Separate IS-IS adjacencies are
established for Level 1 and Level 2. If two neighboring routers in the same area run both Level 1 and Level
2, they establish two adjacencies, one for each level. The router stores the Level 1 and Level 2 adjacencies
in separate Level 1 and Level 2 adjacency tables.
Broadcast mode:
• It is used for LAN and multipoint WAN interfaces.
• Adjacency is recognized through hellos; there are separate adjacencies for Level 1 and Level 2.
• DIS creates a pseudonode and represents a LAN.
• DIS for Level 1 and Level 2 may be different.
• DIS is elected, based on these criteria:
– Only routers with adjacencies are eligible.
– The highest interface has priority.
– The highest SNPA (MAC) breaks ties.
• There is no backup DIS.

On LANs, routers establish the two adjacencies with specific Layer 1 and Layer 2 IIH PDUs. Routers on a
LAN establish adjacencies with all other routers on the LAN.
IIH PDUs announce the area address. Separate IIH packets announce the Level 1 and Level 2 neighbors.
Adjacencies are formed and are based on the area address that is communicated in the incoming IIH and the
type of router (Level 1 or Level 2). Level 1 routers accept Level 1 IIH PDUs from their own area and
establish adjacencies with other routers in their own area. Level 2 routers accept only Level 2 IIH PDUs and
establish only Level 2 adjacencies.
Dijkstra’s algorithm requires a virtual router (a pseudonode), represented by the DIS, to build a directed
graph for broadcast media. The DIS is the router that creates the pseudonode and acts on behalf of the
pseudonode. Two major tasks that are performed by the DIS include creating and updating the pseudonode
LSP and flooding LSPs over the LAN. The criteria for DIS selection are as follows:
• The highest priority (the priority value is configurable).
• The highest subnetwork point of attachment (SNPA); on LANs, the SNPA is the MAC address. The
SNPA for a WAN interface is the virtual circuit identifier.

An example would be the data-link connection identifier (DLCI) on a Frame Relay connection. If the WAN
interface is using HDLC encapsulation, the SNPA is simply HDLC.
Cisco router interfaces have a default Level 1 and Level 2 priority of 64. You can configure the priority
from 0 to 127. The Level 1 DIS and the Level 2 DIS on a LAN may or may not be the same router because
an interface can have different Level 1 and Level 2 priorities.
A selected router is not guaranteed to remain the DIS. Any adjacent intermediate system with a higher
priority automatically takes over the DIS role. This behavior is called preemptive. Because the IS-IS LSDB
is synchronized frequently on a LAN, giving priority to another intermediate system over the DIS is not a
significant issue. IS-IS does not use a backup DIS, and routers on a LAN establish adjacencies with both the
DIS and all other routers.
Level 1 and Level 2 LSPs and IIHs:
• The two-level nature of IS-IS requires separate types of LSPs: Level 1 and Level 2 LSPs.
• DIS is a representative of a LAN:
– DIS sends pseudo-Level 1 and pseudo-Level 2 LSPs for a LAN.
– There is a separate DIS for Level 1 and Level 2.

Level 1 and Level 2 LSP—IS-IS uses a two-level area hierarchy. The link-state information for these two
levels is distributed separately, which results in Level 1 LSPs and Level 2 LSPs. Each intermediate system
originates its own LSPs (one for Level 1 and one for Level 2).
On a LAN, one router (the DIS) sends out LSP information on behalf of the LAN. The DIS represents a
pseudonode. The DIS sends out the separate Level 1 or Level 2 LSPs for the pseudonode. The Level 1 DIS
and the Level 2 DIS on a LAN may or may not be the same router because an interface can have different
Level 1 and Level 2 priorities.
LSPs on point-to-point links are sent as unicast, whereas on broadcast media (LANs) LSPs are sent as
multicast.
Level 1 and Level 2 IIH—IIHs are used to establish and maintain neighbor adjacency between
intermediate systems. The default hello interval is every 10 seconds; however, the hello interval timer is
adjustable.
On a LAN, separate Level 1 and Level 2 IIHs are sent periodically as multicasts to a multicast MAC
address. Level 1 announcements are sent to the AllL1IS multicast MAC address 0180.C200.0014, and Level
2 announcements are sent to the AllL2IS multicast MAC address 0180.C200.0015.
The default hello interval for the DIS is three times faster (that is, three times smaller) than the interval for
the other routers so that DIS failures can be quickly detected.
A neighbor is declared dead if hellos are not received within the hold time. The hold time is calculated as
the product of the hello multiplier and hello time. The default hello time is 10 seconds, and the default
multiplier is three; therefore, the default hold time is 30 seconds.
Unlike LAN interfaces with separate Level 1 and Level 2 IIHs, point-to-point links have a common point-
to-point IIH format that specifies whether the hello relates to Level 1 or Level 2 or both. Point-to-point
hellos are sent to the unicast address of the connected router.
1. 0What are the two IS-IS network topology types? (Choose two.)
a. nonbroadcast
b. broadcast
c. point-to-point
d. point-to-multipoint
e. NBMA
0IS-IS Link-State Database
Routers in an IS-IS network flood LSPs to all their neighbors. All valid LSPs received by a router are stored
in LSDB, and they describe the topology of an area. Routers use this LSDB to calculate the shortest-path
tree.
Each router floods its LSPs to adjacent neighbors, and the LSPs are passed along unchanged to other
adjacent routers until all the routers in the area have received them. All the Level 1 LSPs received by one
router in an area describe the topology of the area. When a router receives a new LSP, it floods this LSP to
its neighbors except the neighbor that sent the new LSP.
Single-level routers maintain a single LSDB and one SPF calculation takes place, while Level 1 and Level 2
routers maintain two LSDBs and two SPF calculations take place, which poses larger router resource
requirements. This is not very impactful on modern routers, which typically have plenty of RAM and CPU
resources for such calculations.
An IS-IS update process is responsible for flooding the LSPs throughout the IS-IS domain. An LSP is
typically flooded to all adjacent neighbors except the neighbor from which it was received. Level 1 LSPs
are flooded within their local areas. Level 2 LSPs are flooded throughout the backbone.

Each intermediate system originates its own LSP (one for Level 1 and one for Level 2). These LSPs are
identified by the system ID of the originator and an LSP fragment number starting at 0. If an LSP exceeds
the maximum transmission unit (MTU), it is fragmented into several LSPs, numbered 1, 2, 3, and so on.
IS-IS maintains the Level 1 and Level 2 LSPs in separate LSDBs.
When an intermediate system receives an LSP, it examines the checksum and discards any invalid LSPs,
flooding them with an expired lifetime age. If the LSP is valid and newer than what is currently in the
LSDB, it is retained, acknowledged, and given a lifetime of 1200 seconds.
The age is decremented every second until it reaches 0, at which point the LSP is considered to have
expired. When the LSP has expired, it is kept for an additional 60 seconds before it is flooded as an expired
LSP.
SNPs are used to acknowledge the receipt of LSPs and to maintain LSDB synchronization.

There are two types of sequence number PDUs (SNPs): CSNP and PSNP. The use of SNPs differs between
point-to-point and broadcast media. CSNPs and PSNPs share the same format; that is, each carries
summarized LSP information. The main difference is that CSNPs contain summaries of all LSPs in the
LSDB, while PSNPs contain only a subset of LSP entries.
Separate CSNPs and PSNPs are used for Level 1 and Level 2 adjacencies. Adjacent IS-IS routers exchange
CSNPs to compare their LSDB. In broadcast subnetworks, only the DIS transmits CSNPs. All adjacent
neighbors compare the LSP summaries received in the CSNP with the contents of their local LSDBs to
determine if their LSDBs are synchronized (in other words, if they have the same copies of LSPs as other
routers for the appropriate levels and area of routing).
CSNPs are periodically multicast (every 10 seconds) by the DIS on a LAN to ensure LSDB accuracy. If
there are too many LSPs to include in one CSNP, the LSPs are sent in ranges. The CSNP header indicates
the starting and ending LSP ID in the range. If all LSPs fit in the CSNP, the range is set to default values. In
the example, R1 compares this list of LSPs with its topology table and realizes that it is missing one LSP.
Therefore, it sends a PSNP to the DIS (R2) to request the missing LSP. The DIS reissues only that missing
LSP (LSP 77), and R1 acknowledges it with a PSNP.
Building an IP Routing Table:
IS-IS uses an OSI forwarding database (routing table) to select the best path to a destination. When the
databases are synchronized, routers use the LSDB to calculate the SPF tree to OSI destinations, the NETs.
The total of the link metrics along each path determines the shortest path to any given destination.
The IS-IS L1/L2 router synchronizes its LSDB with its IS-IS neighbor (Step 1 in the figure). Level 1 and
Level 2 routes have separate LSDBs; therefore, routers may run Dijkstra’s algorithm twice (Step 2 in the
figure), once for each level, and create separate SPF trees for each level. Routers insert the best paths in the
CLNS routing table; the OSI forwarding database (Step 3 in the figure).
Integrated IS-IS includes IP information in the LSPs, treating it as if it were end-system information, where
the ISs are considered as nodes and the IP information is advertised by the ISs as the leaves hanging off the
nodes in the shortest path tree. Therefore, updating IP reachability requires only a Partial Route Calculations
(PRC), and the entire shortest path tree in IS-IS does not need to be recomputed (Step 4 in the figure).
The PRC generates best-path choices for IP routes and offers the routes to the IP routing table, where they
are accepted, based on normal IP routing table rules (Step 5 in the figure). For example, if more than one
routing protocol is running, the router compares administrative distance. When the IP IS-IS routes are
entered in the routing table, they are shown as via Level 1 (i L1) or Level 2 (i L2), as appropriate.
Adjacent IS-IS routers use PSNPs to acknowledge the receipt of LSPs and to request transmission of
missing or newer LSPs. On point-to-point networks, CSNPs are sent only once when the link comes up to
synchronize the LSDBs. After that, LSPs are sent to describe topology changes, and they are acknowledged
with a PSNP. The example in the figure shows what happens on a point-to-point link when a link failure is
detected. The sequence is as follows:
• A link fails.
• R2 notices this failure and issues a new LSP, noting the change.
• R1 receives the LSP, stores it in its topology table, and sends a PSNP back to R2 to acknowledge
receipt of the LSP.

1. 0What are the two SNP types used in IS-IS LSDB synchronization? (Choose two.)
a. CSNP
b. PSNP
c. CDP
d. ACK
e. SNPA
0IS-IS Configuration for IPv4
A NET address identifies a device (an intermediate system or end system), and not an interface. This
difference is a critical one between a NET address and an IP address.

Even if you use Integrated IS-IS only for IP routing, each IS-IS router must have a NET address configured
because Integrated IS-IS depends on the support of CLNS routing. Routers still establish CLNS adjacencies
and use CLNS packets.
The OSI protocols (hello PDUs) are used to form the neighbor relationship between routers, and the SPF
calculations rely on a configured NET address to identify the routers.
A device identifies other devices within its own area, based on matching area addresses in their NET. It then
knows that it can communicate with these other devices within the same area without using a default route.
A default route is injected into the area by the Level 1-2 router. If the area addresses do not match, the
device knows that it must forward that interarea traffic to its nearest Level 1-2 router.
When you are using IS-IS to route IP traffic, IP subnets are treated as leaf objects that are associated with
IS-IS areas. When you are routing IP traffic, the router looks up the destination network in its routing table.
If the network belongs to a different area, that interarea traffic is normally forwarded to the nearest Level 1-
2 router.
The separation of IP reachability from the core IS-IS network architecture provides Integrated IS-IS better
scalability than, for example, OSPF:
• OSPF sends LSAs for individual IP subnets. If an IP subnet fails, the LSA floods through the network
and all routers must run a full SPF calculation, which is extremely CPU-intensive.
• Integrated IS-IS builds the SPF tree from CLNS information. If an IP subnet fails, the IS-IS LSP floods
through the network, which is the same with OSPF. However, if this is a leaf (stub) IP subnet (that is, if
the loss of the subnet does not affect the underlying CLNS architecture), the SPF tree is unaffected;
therefore, only a PRC occurs.
Four steps are required for the basic setup of IS-IS. Additional commands are available for fine-tuning the
configuration.
Integrated IS-IS configuration:

Before you configure Integrated IS-IS, you must map out the areas and plan the addressing. After that is
done, you need three commands to enable Integrated IS-IS on a router for IP routing.
• The router isis process-ID Cisco IOS XR global command and the router isis Cisco IOS and Cisco
IOS XE global configuration command enable IS-IS as an IP routing protocol. The Cisco IOS or IOS
XE command allows you optionally to assign a tag to the process. Just as multiple OSPF processes can
be present on the same router, multiple IS-IS processes are possible. The process name is significant
only to the local router. If it is omitted, the Cisco IOS and Cisco IOS XE Software assume a tag of 0. If
more than one IS-IS process is used, the network plan should indicate which interfaces would
participate in which IS-IS process. By default, Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software
make the router a Level 1-2 router.
• After the IS-IS process is enabled, the router must be identified for IS-IS by assigning a NET to the
router with the net Cisco IOS, Cisco IOS XE, and Cisco IOS XR router configuration command.
• The final step is to choose which interfaces will participate in IS-IS routing. As with other routing
protocols, the address-family ipv4 unicast Cisco IOS XR command starts IPv4 unicast IS-IS routing
on the appropriate interface, and the ip router isis Cisco IOS and Cisco IOS XE interface configuration
command enables IS-IS on the interfaces. Do not forget interfaces to stub IP networks, such as loopback
interfaces. If there is more than one IS-IS process, the IS-IS process to which the interface belongs must
be specified using the appropriate process name or ID.

You can then use additional commands to fine-tune the IS-IS processes.
Recall that all intra-area traffic in IS-IS must traverse the Level 2 backbone area. Thus, CLNS addresses
must be planned to execute a two-level hierarchy.
You must decide which routers will be backbone (Level 2) routers, which routers will be Level 1-2, and
which will be internal area (Level 1) routers. If some routers must do both Level 1 and Level 2 routing, you
should identify the specific interfaces that will participate in each type of routing.
Remember that the CLNS address of a router is called the NET, and it consists of three main parts:
• The prefix, which identifies the area of the router.
• The system ID, which uniquely identifies each device. The example in the figure shows how the system
ID can be obtained from the router loopback IP address.
• The NSAP selector NSEL that must be 0.

It is not enough to plan the IS-IS area addressing. To have a scalable network, you must also plan IP
addressing, and the IP addresses must be planned to allow for summarization of addresses.
Route summarization is the key idea that enables all the benefits of the hierarchical addressing design.
Route summarization minimizes routing update traffic and resource utilization.
Be particularly careful when you configure the IP addressing on the router, because troubleshooting IP
address misconfigurations with IS-IS is more difficult. The IS-IS neighbor relationships are established over
OSI CLNS, not over IP. Because of this approach, two ends of a CLNS adjacency can have IP addresses on
different subnets, with no impact to the operation of IS-IS.
The following output shows an IS-IS configuration example.
The IS-IS configuration slightly differs depending on the flavor of Cisco IOS Software that you are using.
The configuration structure is different as well as command syntax. On the left side of the figure, you can
see an example of Cisco IOS XR configuration where all IS-IS related configuration is completely
contained in the router isis 1 process section. In Cisco IOS XR Software, interfaces are included in the
process within the section and per address family. In Cisco IOS XE Software, the routing process is a
separate section, holding global IS-IS parameters, and IS-IS is enabled for each interface individually under
the respective interface configuration section. Even though the configurations might be different, as well as
the underlying operating system, the IS-IS interworking between different flavors of Cisco IOS platforms,
or router vendors, is rarely a problem because the implementations follow the same standards.

Route Summarization Configuration

Routing protocol scalability is a function of the appropriate use of route summarization.
Here are the benefits of summarization:
• Reduced routing table size
• Reduced LSP traffic and protection from flapping routes
• Reduced memory requirements
• Reduced CPU usage
Use these commands to configure and verify IS-IS route summarization.

Command Description

summary-prefix prefix/length The Cisco IOS XR command to create an aggregate addresses for the IS-IS
[level { 1 | 2 }] protocol. Use the summary-prefix command in IS-IS address family
configuration mode.

summary-address address mask The Cisco IOS XE command for creating aggregate networks and advertise
{level-1 | level-1-2 | level-2}[tag into a specific IS-IS level. Additionally sets the tagging and metric values.
tag-number] [metric metric-
value]

show route [ipv4 | ipv6] isis Cisco IOS XR command to display the IS-IS routing table. You can verify the
summarization by finding the summary route which will be pointing to Null0.

Command Description

show [ip | ipv6] route isis Cisco IOS XE command to display the IS-IS routing table.

show isis database This Cisco IOS XE, and Cisco IOS XR command displays the contents of the
IS-IS LSDB.

An intermediate system can be configured to aggregate a range of IP addresses into a summary address,
using the summary-address Cisco IOS and Cisco IOS XE router configuration command, or the
summary-prefix Cisco IOS XR router address family configuration command as shown in the figure.
This command can be used on any router in an IS-IS network. The router summarizes IP routes into Level
1, Level 2, or both.
IS-IS IPv4 Verification
To verify the IS-IS configuration and IP functionality of the Integrated IS-IS network, use the show
protocols ipv4 Cisco IOS XR command, or the show ip protocols Cisco IOS and Cisco IOS XE command.
These commands display the active IP routing protocols, the interfaces on which they are active, and the
networks for which they are routing.
Is Integrated IS-IS running? Display the parameters and current state of the active routing protocol
processes.

The example shows that interfaces GigabitEthernet 0/0/0/0, GigabitEthernet 0/0/0/1, and Loopback 0 are
taking part in Integrated IS-IS, that the metric is different for Level 1 and Level 2 interfaces, that the default
metric style is used, and that the default administrative distance of Integrated IS-IS is 115.
The figure shows an output from a Cisco IOS XR router; similar output from a Cisco IOS and Cisco IOS
XE router is displayed here:
PE2# show ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "isis"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: isis
Address Summarization:
10.2.10.0/255.255.255.0 into level-2
Maximum path: 4
Routing for Networks:
Loopback0
GigabitEthernet0/0/0
GigabitEthernet0/0/1
Routing Information Sources:
Gateway Distance Last Update
10.1.10.1 115 01:59:01
10.2.10.1 115 00:11:38
10.1.1.1 115 00:11:38
Distance: (default is 115)
Are there any IP routes? Display the current state of the routing table.

This sample outputs from the show route ipv4 isis Cisco IOS XR command, or from the show ip route isis
Cisco IOS and Cisco IOS XE command, show only the IS-IS routes. One route is from Level 1, as indicated
by the i L1 tag, and the others are from Level 2, as indicated by the i L2 tag. The route that the router
summarizes is indicated by the i su tag.
By default, Integrated IS-IS uses an administrative distance of 115. The metric that is shown for each route
is taken from the IS-IS cost to the destination.
1. 0Which Cisco IOS XR command is used to display the IS-IS-only part of the global routing table for
IPv4?
a. show route ipv4 isis
b. show ip route
c. show isis route
d. show route isis ipv4
0Basic IS-IS Troubleshooting
Getting your network to route packets per your design, using the IS-IS protocol that you just deployed in
your network, will require you to have basic connectivity and IS-IS adjacency troubleshooting skills. Here
you will learn some of the fundamental techniques to ensure that IS-IS is properly establishing adjacencies
and populating the routes in the routing table.
IS-IS adjacency-related problems are typically caused by either configuration errors or actual link issues.
Link failures can be identified by the show interface command output. Configuration errors can be more
difficult to spot, so you will have to invest more time to verify all aspects of the configuration on both ends
of the adjacency.
Some of the most frequent configuration errors or misconfigurations, apart from connectivity problems on
the links, that will prevent the IS-IS adjacency to form between neighbors and thus obstruct the routing in
your network, are as follows:
• MTU mismatch: If one IS-IS router receives an IS-IS hello packet with higher MTU than it can
support (on the interface), it discards the hello; hence, the adjacency does not come up. In best practice,
MTU must be the same on both ends.
• Circuit-type configuration: Defines what type of hellos (L1 or L2) are sent on a particular interface.
For example, if a router is configured to send only L1 hellos toward an exclusively L2 router, the
adjacency will not come up.
• Authentication: If configured, either for IS-IS hellos or PDUs, it must match on both ends.
• Capability TLV: There might be events due to capability mismatch that prevent the adjacency from
coming up. As a general recommendation, Capability TLV must match for successful adjacency
formation.
• Network Type mismatch: The hellos will be discarded by the opposing router, and adjacency will not
come up. The network type must match on both ends.

If you have problems that can not be solved by resolving the common cause issues, you can use the
following system debugging command to troubleshoot your IS-IS operation. If adjacencies are not coming
up properly, use the debug isis adjacencies detail Cisco IOS XR command, or the equivalent command for
IOS XE: debug isis adj-packets.
You can use the following show commands to verify the router configuration and to troubleshoot the
Integrated IS-IS network.

Use the show commands to verify IS-IS operation.

Command Description

show isis interface This Cisco IOS XR command displays the interfaces that are enabled for IS-
IS.

show isis neighbors This Cisco IOS XE and Cisco IOS XR command displays the IS-IS neighbors
that are recognized by the system.

show isis topology This Cisco IOS XE and Cisco IOS XR command displays the Level 1 and
Level 2 topology tables, which show the least-cost IS-IS paths to the
intermediate systems.

show isis database This Cisco IOS XE and Cisco IOS XR command displays the contents of the
 Command Description

IS-IS LSDB. To force IS-IS to refresh its LSDB and recalculate all routes, use
the clear isis command.

show isis database LSP_ID This Cisco IOS, Cisco IOS XE, and Cisco IOS XR command displays the
detail detailed contents of each IS-IS LSDB and advertised prefixes for specified
routing process.

Cisco IOS XR Commands

The following examples show outputs of Cisco IOS XR troubleshooting commands.
IS-IS interfaces:
RP/0/RP0/CPU0:PE1# show isis interface brief

IS-IS 1 Interfaces
Interface All Adjs Adj Topos Adv Topos CLNS MTU Prio
OK L1 L2 Run/Cfg Run/Cfg L1 L2
----------------- --- --------- --------- --------- ---- ---- --------
Lo0 Yes 0 0 2/2 2/2 Up 1500 - -
Gi0/0/0/1 Yes - 1* 2/2 2/2 Up 1497 - 64
Gi0/0/0/2 Yes - 1* 2/2 2/2 Up 1497 - 64
Gi0/0/0/3 Yes 1 0 2/2 2/2 Up 1497 64 64
Gi0/0/0/4 Yes 1 0 2/2 2/2 Up 1497 64 64

Neighbor table:
RP/0/RP0/CPU0:PE1# show isis neighbors

IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
CE1 Gi0/0/0/4 0050.5683.eca0 Up 9 L1 Capable
CE1 Gi0/0/0/3 0050.5683.b202 Up 7 L1 Capable
P1 Gi0/0/0/1 0050.5683.5089 Up 28 L2 Capable
P2 Gi0/0/0/2 0050.5683.9fd8 Up 26 L2 Capable

Total neighbor count: 4

Topology table:
RP/0/RP0/CPU0:PE1# show isis topology
Fri Jul 12 11:27:48.691 UTC

IS-IS 1 paths to IPv4 Unicast (Level-1) routers

System Id Metric Next-Hop Interface SNPA
PE1 --
CE1 10 CE1 Gi0/0/0/4 0050.5683.eca0
CE1 10 CE1 Gi0/0/0/3 0050.5683.b202
IS-IS 1 paths to IPv4 Unicast (Level-2) routers
System Id Metric Next-Hop Interface SNPA
P1 10 P1 Gi0/0/0/1 0050.5683.5089
P2 10 P2 Gi0/0/0/2 0050.5683.9fd8
PE1 --
 PE2 20 P2 Gi0/0/0/2 0050.5683.9fd8
PE2 20 P1 Gi0/0/0/1 0050.5683.5089
<... output omitted ...>

Database table:
RP/0/RP0/CPU0:PE1# show isis database

IS-IS 1 (Level-1) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE1.00-00 * 0x00000019 0x8992 725 /* 1/0/0
CE1.00-00 0x00000017 0x3620 936 /1199 0/0/0
<... output omitted ...>
Total Level-1 LSP count: 4 Local Level-1 LSP count: 1

IS-IS 1 (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
P1.00-00 0x0000000b 0x4443 969 /1200 0/0/0
P1.05-00 0x00000003 0xfba3 716 /1200 0/0/0
<... output omitted ...>

Cisco IOS XE Commands

Here is an example of the show isis neighbors command that was taken from a Cisco IOS XE router.
PE3# show isis neighbors

Tag 1:
System Id Type Interface IP Address State Holdtime Circuit Id
P1 L2 Gi1 192.168.113.11 UP 8 P1.05
P2 L2 Gi2 192.168.123.12 UP 24 PE3.02
CE3 L1 Gi3 192.168.103.31 UP 26 PE3.03
CE3 L1 Gi4 192.168.203.31 UP 24 PE3.04

Here is an example of the show isis topology command that was taken from a Cisco IOS XE router.
PE3# show isis topology

Tag 1:
IS-IS TID 0 paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
PE3 --
CE3 10 CE3 Gi4 0050.5683.2aed
CE3 Gi3 0050.5683.8460

IS-IS TID 0 paths to level-2 routers

System Id Metric Next-Hop Interface SNPA
P1 10 P1 Gi1 0050.5683.8ba7
P2 10 P2 Gi2 0050.5683.7c45
PE1 20 P1 Gi1 0050.5683.8ba7
P2 Gi2 0050.5683.7c45
PE2 20 P1 Gi1 0050.5683.8ba7
P2 Gi2 0050.5683.7c45
PE3 --

The following is an example of the show isis database command that was taken from a Cisco IOS XE
router.
 PE3# show isis database

Tag 1:
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE3.00-00 * 0x0000000A 0x4760 1066/* 1/0/0
PE3.03-00 * 0x00000007 0xA415 707/* 0/0/0
PE3.04-00 * 0x00000007 0x9D1B 900/* 0/0/0
CE3.00-00 0x00000008 0x55CD 528/1199 0/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
P1.00-00 0x0000000F 0x3C47 901/1200 0/0/0
P1.05-00 0x00000007 0xF3A7 868/1200 0/0/0
P1.07-00 0x00000007 0xCFCA 669/1200 0/0/0
P2.00-00 0x0000000E 0x8E8E 703/1200 0/0/0
P2.01-00 0x00000007 0x0E74 735/1200 0/0/0
P2.03-00 0x00000007 0xFF80 839/1200 0/0/0
PE1.00-00 0x00000020 0xB1FE 854/1200 0/0/0
PE1.01-00 0x00000008 0xCBD3 957/1200 0/0/0
PE1.03-00 0x00000008 0x3F4E 944/1200 0/0/0
PE2.00-00 0x0000000B 0x9966 541/1200 0/0/0
PE2.05-00 0x00000007 0x3357 818/1200 0/0/0
PE3.00-00 * 0x0000000A 0x8E0C 1190/* 0/0/0
PE3.02-00 * 0x00000007 0x4843 625/* 0/0/0

This example shows the show isis database LSP_ID detail command that was taken from a Cisco IOS XE
router.
PE3# show isis database CE3.00-00 detail

Tag 1:

IS-IS Level-1 LSP CE3.00-00

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
CE3.00-00 0x00000009 0x53CE 1185/1199 0/0/0
Area Address: 49.0003
NLPID: 0xCC 0x8E
Router ID: 10.3.10.1
Hostname: CE3
Metric: 10 IS PE3.03
Metric: 10 IS PE3.04
IP Address: 10.3.10.1
Metric: 10 IP 10.3.10.1 255.255.255.255
Metric: 10 IP 192.168.103.0 255.255.255.0
Metric: 10 IP 192.168.203.0 255.255.255.0
IPv6 Address: 2001:DB8:10:3:10::1
Metric: 10 IPv6 2001:DB8:10:3:10::1/128
Metric: 10 IPv6 2001:DB8:192:168:103::/80
Metric: 10 IPv6 2001:DB8:192:168:203::/80

In the outputs, you might have noticed that the default IS-IS metric for every link is 10. Metric 20 means
that the network is not directly connected but is directly connected to the neighboring router, assuming that
all metric are the default ones.
1. 0Which Cisco IOS XR command is used to verify that the IS-IS neighbors are up?
a. show isis interface
b. show ipv4 isis neighbors
c. show isis neighbors
d. show clns neighbors
0Discovery 1: Implement Integrated IS-IS Routing
Introduction
In this lab, you will configure integrated IS-IS routing by enabling IS-IS to run on Level 1 and Level 2 for
both protocol stacks, using the multitopology setup. You will work with Cisco IOS XR and Cisco IOS XE
devices to set up IS-IS across the lab network.

Topology

Visual Objective
Job Aid

Device Access
The following table lists all the device access information that you will require.

Note Cisco IOS XR devices do not require enable secret passwords.

Device Management IP Connection User- Password Enable Se-

Type name cret

CE1 172.21.116.11 Telnet cisco cisco cisco

CE2 172.21.116.21 Telnet cisco cisco cisco

CE3 172.21.116.31 Telnet cisco cisco cisco

PE1 172.21.116.10 Telnet cisco cisco —

PE2 172.21.116.20 Telnet cisco cisco —

PE3 172.21.116.30 Telnet cisco cisco cisco

P1 172.21.116.110 Telnet cisco cisco —

P2 172.21.116.120 Telnet cisco cisco —

IPv4 Addressing Reference

Use the following figure as a reference for IPv4 addressing in your lab.
IPv6 Addressing Reference
Use the following figure as a reference for IPv6 addressing in your lab.

Command List
The following table lists and describes all the commands that are used in this activity. The commands are
divided into two tables based on the Cisco IOS flavor and are listed in alphabetical order so that you can
easily locate the information that you need. Refer to this list if you need configuration command assistance
during the lab activity.

Cisco IOS XR Commands

Command Description

address-family { ipv4 | ipv6 } To enter address family configuration mode for configuring IS-IS
{ unicast | multicast } routing that uses standard IPv4 and IPv6 address prefixes, use the
address-family command in router configuration or interface
configuration mode.

circuit-type { level-1 | level-1-2 | To configure the type of adjacency used for the IS-IS protocol, use the
level-2-only } circuit-type command in interface configuration mode.

commit Commits the current configuration changes to the router running

configuration.

metric-style narrow [transition] To configure the IS-IS software to generate and accept old-style TLV
[ level { 1 | 2 } ] objects, use the metric-style narrow command in address family
configuration mode.

net network-entity-title Configures an IS-IS network entity title (NET) for the routing process.

ping [ IPv4 address | IPv6 address ] The ping tool uses two ICMP query messages, ICMP echo requests,
and ICMP echo replies to determine whether a remote host is active.
The ping command also measures the amount of time it takes to
 Command Description

receive the echo reply.

router isis instance-id To enable the IS-IS routing protocol and to specify an IS-IS instance,
use the router isis command in global configuration mode.

show ipv4 interface brief Displays the usability status of interfaces configured for IPv4.

show isis [ instance instance-id ] Displays the IS-IS LSP database.

database [ level { 1 | 2 } ] [update]
[summary] [detail] [verbose] [ * |
lsp-id ]

show isis [ instance instance-id ] To display information about IS-IS neighbors, use the show isis
neighbors [ type interface-path-id | neighbors command in EXEC mode.
summary ] [detail] [ systemid system-
id ]

show isis topology To display a list of connected IS-IS routers in all areas, use the show
isis topology command in EXEC mode.

show route ipv4 isis Displays contents of the IS-IS portion of the IPv4 routing table.

show route ipv6 isis Displays contents of the IS-IS portion of the IPv6 routing table.

single-topology To configure the link topology for IPv4 when IPv6 is configured, use
the single-topology command in address family configuration mode.

summary-prefix [prefix] tag [tag] To create aggregate addresses for the IS-IS protocol, use the
level { 1 | 2 } summary-prefix command in address family configuration mode.

traceroute [ IPv4 address | IPv6 Traceroute is used to discover the paths that packets take to a remote
address ] destination and to detect where routing breaks down on the path to the
destination.

Cisco IOS XE Commands

Command Description

end Exits the router configuration mode.

ip router isis [area-tag] Enables the specified IS-IS routing process for IPv4 on an interface.

ipv6 router isis [area-tag] Enables the specified IPv6 IS-IS routing process on an interface.

ipv6 unicast-routing To enable the forwarding of IPv6 unicast datagrams, use the ipv6
unicast-routing command in global configuration mode.
Command Description

isis circuit-type [level-1 | level-1-2 | Configures the IS-IS level type on a specific interface.
level-2-only ]

is-type [level-1 | level-1-2 | level-2- Configures the routing level for an instance of the IS-IS routing
only ] process.

metric-style [ narrow | [wide Globally changes the metric type for all IS-IS interfaces.
[transition ] [level-1 | level-2 | level-
1-2 ] ]]

net network-entity-title Configures an IS-IS NET for the routing process.

ping [ IPv4 address | IPv6 address ] The ping tool uses two ICMP query messages, ICMP echo requests,
and ICMP echo replies to determine whether a remote host is active.
The ping command also measures the amount of time it takes to
receive the echo reply.

router-id [interface] Sets the router identifier for the routing process.

router isis [area-tag] To enable the IS-IS routing protocol and to specify an IS-IS process,
use this command in global configuration mode.

show ip interface [ type number ] To display the usability status of interfaces configured for IP, use the
[brief] show ip interface command in privileged EXEC mode.

show ip route Displays contents of the IPv4 routing table, used in user EXEC or
privileged EXEC mode.

show ipv6 route Displays contents of the IPv6 routing table, used in user EXEC or
privileged EXEC mode.

show isis [process-tag] database Displays the IS-IS link-state database, used in user EXEC or privileged
[ level-1 | l1 ] [ level-2 | l2 ] [detail] EXEC mode.
[lspid]

show isis neighbors [detail] To display information about IS-IS neighbors, use this command in
privileged EXEC mode.

show isis [process-tag] [ ipv6 | * ] Displays a list of all connected routers in all areas.
topology [hostname] [ level-1 | level-
2 | l1 | l2 ]

traceroute [ IPv4 address | IPv6 Traceroute is used to discover the paths that packets take to a remote
address ] destination and to detect where routing breaks down on the path to the
destination.
 Task 1: Enable Integrated IS-IS on the Routers
Enable the IS-IS protocol on the routers in your pod network. You will configure routers CE1, PE1, P1, and
PE3, while other routers in your network will be preconfigured to run IS-IS. Once you complete the tasked
router configurations, the IS-IS protocol will fully converge.

To complete this task, use the following IS-IS parameters in your lab network:

Router IS-IS Area System ID+00 IS-IS Interfaces

CE1 49.0001 0100.0100.1111.00 Loopback0, GE1, GE2

CE2 49.0002 0100.0200.2222.00 Loopback0, GE1, GE2

CE3 49.0003 0100.0300.3333.00 Loopback0, GE1, GE2

PE1 49.0001 0100.0100.1001.00 Loopback0, GE0/0/0/1, GE0/0/0/2,

GE0/0/0/3, GE0/0/0/4

PE2 49.0002 0100.0200.1001.00 Loopback0, GE0/0/0/1, GE0/0/0/2,

GE0/0/0/3, GE0/0/0/4

PE3 49.0003 0100.0300.1001.00 Loopback0, GE1, GE2, GE3, GE4

P1 49.0000 0100.0000.1001.00 Loopback0, GE0/0/0/1, GE0/0/0/2,

GE0/0/0/3, GE0/0/0/5, GE0/0/0/6

P2 49.0000 0100.0000.2001.00 Loopback0, GE0/0/0/1, GE0/0/0/2,

GE0/0/0/3, GE0/0/0/5, GE0/0/0/6

Activity

Step 1 Connect to CE1. On the CE1 router, there should first be Gigabit Ethernet and Loopback interfaces up and
running with assigned IP addresses.

CE1# show ip interface brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 192.168.101.11 YES manual up up
GigabitEthernet2 192.168.201.11 YES manual up up
GigabitEthernet3 172.16.1.11 YES manual administratively down down
GigabitEthernet4 172.16.2.11 YES manual administratively down down
GigabitEthernet5 unassigned YES NVRAM administratively down down
GigabitEthernet6 172.21.116.11 YES NVRAM up up
Loopback0 10.1.10.1 YES manual up

Step 2 On CE1, enable IS-IS routing, configure the NET address, and enable Integrated IS-IS on the interfaces. Use
process number 1 for all routers in the lab. Configure the CE router to be a Level 1 IS-IS router only. Set the
metric style to wide.

CE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
 CE1(config)# router isis 1
CE1(config-router)# net 49.0001.0100.0100.1111.00
CE1(config-router)# is-type level-1
CE1(config-router)# router-id Loopback0
CE1(config-router)# metric-style wide
CE1(config-router)# exit
CE1(config)# interface Loopback0
CE1(config-if)# ip router isis 1
CE1(config-if)# interface GigabitEthernet1
CE1(config-if)# ip router isis 1
CE1(config-if)# interface GigabitEthernet2
CE1(config-if)# ip router isis 1
CE1(config-if)# end

Step 3 Connect to PE1. On the PE1 router, verify that Gigabit Ethernet interfaces toward P1, P2, CE1, and
Loopback0 are up and running with assigned IPv4 addresses.

RP/0/RP0/CPU0:PE1# show ipv4 interface brief

Mon Jun 10 13:43:15.637 UTC

Interface IP-Address Status Protocol Vrf-Name

Loopback0 10.1.1.1 Up Up default
MgmtEth0/RP0/CPU0/0 172.21.116.10 Up Up default
GigabitEthernet0/0/0/0 unassigned Shutdown Down default
GigabitEthernet0/0/0/1 192.168.111.1 Up Up default
GigabitEthernet0/0/0/2 192.168.121.1 Up Up default
GigabitEthernet0/0/0/3 192.168.101.1 Up Up default
GigabitEthernet0/0/0/4 192.168.201.1 Up Up default
GigabitEthernet0/0/0/5 unassigned Shutdown Down default
GigabitEthernet0/0/0/6 unassigned Shutdown Down default

Step 4 On PE1, enable IS-IS routing, configure the NET address, and enable Integrated IS-IS on the interfaces. Use
process number 1. Configure the PE1 router to form only Level 2 adjacencies with P1 and P2 and only Level
1 adjacencies with CE1.

RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# router isis 1
RP/0/RP0/CPU0:PE1(config-isis)# net 49.0001.0100.0100.1001.00
RP/0/RP0/CPU0:PE1(config-isis)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-isis-af)# metric-style wide
RP/0/RP0/CPU0:PE1(config-isis-af)# interface Loopback0
RP/0/RP0/CPU0:PE1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-isis-if-af)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:PE1(config-isis-if)# circuit-type level-2-only
RP/0/RP0/CPU0:PE1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-isis-if-af)# interface GigabitEthernet0/0/0/2
RP/0/RP0/CPU0:PE1(config-isis-if)# circuit-type level-2-only
RP/0/RP0/CPU0:PE1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-isis-if-af)# interface GigabitEthernet0/0/0/3
RP/0/RP0/CPU0:PE1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-isis-if-af)# interface GigabitEthernet0/0/0/4
RP/0/RP0/CPU0:PE1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-isis-if-af)# commit
RP/0/RP0/CPU0:PE1(config-isis-if-af)# end
Step 5 Connect to P1. On the P1 router, verify that Gigabit Ethernet interfaces toward PE1, PE2, PE03, P2, and
Loopback0 are up and running with assigned IPv4 addresses.

RP/0/RP0/CPU0:P1# show ipv4 interface brief

Mon Jun 10 14:43:11.260 UTC

Interface IP-Address Status Protocol Vrf-Name

Loopback0 10.11.11.11 Up Up default
MgmtEth0/RP0/CPU0/0 172.21.116.110 Up Up default
GigabitEthernet0/0/0/0 unassigned Shutdown Down default
GigabitEthernet0/0/0/1 192.168.111.11 Up Up default
GigabitEthernet0/0/0/2 192.168.112.11 Up Up default
GigabitEthernet0/0/0/3 192.168.113.11 Up Up default
GigabitEthernet0/0/0/4 unassigned Shutdown Down default
GigabitEthernet0/0/0/5 192.168.12.11 Up Up default
GigabitEthernet0/0/0/6 192.168.21.11 Up Up default

Step 6 On P1, enable IS-IS routing, configure the NET address, and enable Integrated IS-IS on the interfaces. Use
process number 1. Configure the P1 router to form only Level-2 adjacencies with PE1, PE2, and PE3.
Configure both Level 1 and 2 adjacencies between P1 and P2.

RP/0/RP0/CPU0:P1# configure
RP/0/RP0/CPU0:P1(config)# router isis 1
RP/0/RP0/CPU0:P1(config-isis)# net 49.0000.0100.0000.1001.00
RP/0/RP0/CPU0:P1(config-isis)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-af)# metric-style wide
RP/0/RP0/CPU0:P1(config-isis-af)# interface Loopback0
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:P1(config-isis-if)# circuit-type level-2-only
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# interface GigabitEthernet0/0/0/2
RP/0/RP0/CPU0:P1(config-isis-if)# circuit-type level-2-only
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# interface GigabitEthernet0/0/0/3
RP/0/RP0/CPU0:P1(config-isis-if)# circuit-type level-2-only
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# interface GigabitEthernet0/0/0/5
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# interface GigabitEthernet0/0/0/6
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# commit
RP/0/RP0/CPU0:P1(config-isis-if-af)# end

Step 7 After configuring IS-IS on PE devices running Cisco IOS XR Software, you will now do the same using
Cisco IOS XE Software on router PE3. Connect to PE3. On the PE3 router, verify that Gigabit Ethernet
interfaces toward P1, P2, CE3, and Loopback0 are up and running with assigned IPv4 addresses.

PE3# show ip interface brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 192.168.113.3 YES manual up up
GigabitEthernet2 192.168.123.3 YES manual up up
GigabitEthernet3 192.168.103.3 YES manual up up
GigabitEthernet4 192.168.203.3 YES manual up up
GigabitEthernet5 unassigned YES NVRAM administratively down down
 GigabitEthernet6 172.21.116.30 YES NVRAM up up
Loopback0 10.3.3.3 YES NVRAM up up

Step 8 On PE3, enable IS-IS routing, configure the NET address, and enable Integrated IS-IS on the interfaces. Use
process number 1. Configure the PE3 router to form only Level 2 adjacencies with P1 and P2 and only Level
1 adjacencies with CE3. Pay attention to the fact that in Cisco IOS XE Software, you must configure IS-IS
commands on the interface level as well.

PE3# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
PE3(config)# router isis 1
PE3(config-router)# net 49.0003.0100.0300.1001.00
PE3(config-router)# router-id Loopback0
PE3(config-router)# metric-style wide
PE3(config-router)# exit
PE3(config)# interface Loopback0
PE3(config-if)# ip router isis 1
PE3(config-if)# interface GigabitEthernet1
PE3(config-if)# ip router isis 1
PE3(config-if)# isis circuit-type level-2-only
PE3(config-if)# interface GigabitEthernet2
PE3(config-if)# ip router isis 1
PE3(config-if)# isis circuit-type level-2-only
PE3(config-if)# interface GigabitEthernet3
PE3(config-if)# ip router isis 1
PE3(config-if)# interface GigabitEthernet4
PE3(config-if)# ip router isis 1
PE3(config-if)# end

Step 9 On the CE1 router in your pod, verify the IS-IS neighbors, IS-IS topology, and IS-IS database. There should
be two Level 1 IS-IS adjacencies, one for each link toward the PE1 router. The IS-IS topology should show
the CE1 and PE1 routers. In the IS-IS database, there should be four LSPs. Outputs should be similar to the
following:

CE1# show isis neighbors

Tag 1:
System Id Type Interface IP Address State Holdtime Circuit Id
PE1 L1 Gi1 192.168.101.1 UP 25 CE1.01
PE1 L1 Gi2 192.168.201.1 UP 9 PE1.01

CE1# show isis topology

Tag 1:
IS-IS TID 0 paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
PE1 10 PE1 Gi1 0050.5683.25a6
PE1 Gi2 0050.5683.cf2e
CE1 --

CE1# show isis database

Tag 1:
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
 PE1.00-00 0x00000005 0x6055 978/1200 1/0/0
PE1.01-00 0x00000002 0x0380 1062/1200 0/0/0
CE1.00-00 * 0x00000008 0x7F55 839/* 0/0/0
CE1.01-00 * 0x00000002 0xA348 829/* 0/0/0

Note how the show isis database command shows the attached bit for PE1. It causes the
generation of the default route on CE1.

Step 10 On CE1, verify that there are IS-IS routes in the routing table. You should expect to have a default route in
the routing table because of CE1 being connected to a Level 2 router, which is connected to the core. Note
how the default route traffic is load-balanced across both links because the interface metric is the same. The
only other IS-IS route is that of the PE1 Loopback 0 interface.

CE1# show ip route isis

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 192.168.201.1 to network 0.0.0.0

i*L1 0.0.0.0/0 [115/10] via 192.168.201.1, 00:08:19, GigabitEthernet2

[115/10] via 192.168.101.1, 00:08:19, GigabitEthernet1
10.0.0.0/32 is subnetted, 2 subnets
i L1 10.1.1.1 [115/20] via 192.168.201.1, 00:08:19, GigabitEthernet2
[115/20] via 192.168.101.1, 00:08:19, GigabitEthernet1

Step 11 From CE1, test end-to-end connectivity. First, you will ping CE2 and CE3 loopbacks, and then you will
attempt a traceroute to the CE2 and CE3 loopbacks to see the path that the traffic is taking. From the
traceroute, try to figure out which core routers the traffic is routed through.

CE1# ping 10.2.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms

CE1# ping 10.3.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

CE1# traceroute 10.2.10.1

Type escape sequence to abort.
Tracing the route to 10.2.10.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.101.1 4 msec
192.168.201.1 2 msec
192.168.101.1 1 msec
2 192.168.121.12 17 msec 7 msec
 192.168.111.11 6 msec
3 192.168.112.2 17 msec 9 msec 17 msec
4 192.168.202.21 4 msec * 3 msec

CE1# traceroute 10.3.10.1

Type escape sequence to abort.
Tracing the route to 10.3.10.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.101.1 1 msec
192.168.201.1 6 msec
192.168.101.1 2 msec
2 192.168.111.11 4 msec
192.168.121.12 8 msec
192.168.111.11 5 msec
3 192.168.113.3 2 msec
192.168.123.3 1 msec 1 msec
4 192.168.203.31 2 msec * 3 msec

Step 12 From PE1, verify the IS-IS neighbors, IS-IS topology, IS-IS database, and IS-IS database for the CE1 router
in your pod. There should be two neighbors with Level 1 IS-IS adjacency and two neighbors with Level 2 IS-
IS adjacency. The IS-IS topology should show the CE1 and PE1 routers in the Level 1 topology and all other
P and PE routers in the Level 2 topology. The IS-IS database should have entries in the Level 1 and Level 2
topologies. Outputs should be similar to the following:

RP/0/RP0/CPU0:PE1# show isis neighbors

Tue Jun 11 09:31:35.408 UTC

IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
CE1 Gi0/0/0/4 0050.5683.eca0 Up 9 L1 Capable
CE1 Gi0/0/0/3 0050.5683.b202 Up 8 L1 Capable
P1 Gi0/0/0/1 0050.5683.5089 Up 25 L2 Capable
P2 Gi0/0/0/2 0050.5683.9fd8 Up 22 L2 Capable

Total neighbor count: 4

RP/0/RP0/CPU0:PE1# show isis topology

Tue Jun 11 09:32:37.748 UTC

IS-IS 1 paths to IPv4 Unicast (Level-1) routers

System Id Metric Next-Hop Interface SNPA
PE1 --
CE1 10 CE1 Gi0/0/0/3 0050.5683.ce43
CE1 10 CE1 Gi0/0/0/4 0050.5683.af2b

IS-IS 1 paths to IPv4 Unicast (Level-2) routers

System Id Metric Next-Hop Interface SNPA
P1 10 P1 Gi0/0/0/1 0050.5683.715e
P2 10 P2 Gi0/0/0/2 0050.5683.8aad
PE1 --
PE2 20 P1 Gi0/0/0/1 0050.5683.715e
PE2 20 P2 Gi0/0/0/2 0050.5683.8aad
PE3 20 P2 Gi0/0/0/2 0050.5683.8aad
PE3 20 P1 Gi0/0/0/1 0050.5683.715e
RP/0/RP0/CPU0:PE1# show isis database
Tue Jun 11 09:34:44.639 UTC

IS-IS 1 (Level-1) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE1.00-00 * 0x00000005 0x6055 597 /* 1/0/0
PE1.01-00 0x00000002 0x0380 681 /* 0/0/0
CE1.00-00 0x00000008 0x7f55 457 /1200 0/0/0
CE1.01-00 0x00000003 0xa149 1173 /1199 0/0/0

Total Level-1 LSP count: 4 Local Level-1 LSP count: 1

IS-IS 1 (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
P1.00-00 0x0000002c 0x957c 570 /1200 0/0/0
P1.03-00 0x0000000c 0xb1c9 946 /1200 0/0/0
P2.00-00 0x00000046 0xdb1e 571 /1200 0/0/0
P2.01-00 0x0000001e 0x6bee 485 /1200 0/0/0
P2.09-00 0x0000000d 0x4420 895 /1200 0/0/0
PE1.00-00 * 0x00002e1a 0x4f4d 457 /* 0/0/0
PE1.07-00 0x00000002 0x731c 865 /* 0/0/0
PE2.00-00 0x0000002b 0x627e 846 /1200 0/0/0
PE2.09-00 0x00000004 0x8deb 1062 /1200 0/0/0
PE2.0b-00 0x00000003 0x5038 744 /1200 0/0/0
PE3.00-00 0x00000036 0x676d 573 /1200 0/0/0
PE3.01-00 0x00000001 0x95fc 572 /1200 0/0/0
PE3.02-00 0x0000001d 0x87dd 572 /1200 0/0/0

Total Level-2 LSP count: 13 Local Level-2 LSP count: 1

RP/0/RP0/CPU0:PE1# show isis database CE1.00-00 detail

Tue Jun 11 09:47:22.306 UTC

IS-IS 1 (Level-1) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
CE1.00-00 0x00000008 0x7f55 406 /1200 0/0/0
Area Address: 49.0001
NLPID: 0xcc
Router ID: 10.1.10.1
Hostname: CE1
Metric: 10 IS-Extended CE1.01
Metric: 10 IS-Extended PE1.01
IP Address: 10.1.10.1
Metric: 10 IP-Extended 192.168.101.0/24
Metric: 10 IP-Extended 192.168.201.0/24
Metric: 10 IP-Extended 10.1.10.1/32

IS-IS 1 (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
The requested LSP CE1.00-00 was not found in the IS-IS 1 Level-2 LSP Database
Step 13 On PE1, inspect the IS-IS routes in the routing table. You should have the loopback interface IS-IS routes for
all other nodes of your lab topology in the routing table, except the one of PE1. This route will show as
directly connected, and as such, it will not be present in the following output. Other IS-IS routes are present
in the routing table for all the point-to-point links, which are a part of the IS-IS process on their respective
routers.

RP/0/RP0/CPU0:PE1# show route ipv4 isis

Tue Jun 11 09:40:18.111 UTC

i L1 10.1.10.1/32 [115/20] via 192.168.101.11, 17:24:38, GigabitEthernet0/0/0/3

[115/20] via 192.168.201.11, 17:24:38, GigabitEthernet0/0/0/4
i L2 10.2.2.2/32 [115/30] via 192.168.111.11, 16:54:02, GigabitEthernet0/0/0/1
[115/30] via 192.168.121.12, 16:54:02, GigabitEthernet0/0/0/2
i L2 10.2.10.1/32 [115/40] via 192.168.111.11, 16:54:02, GigabitEthernet0/0/0/1
[115/40] via 192.168.121.12, 16:54:02, GigabitEthernet0/0/0/2
i L2 10.3.3.3/32 [115/30] via 192.168.111.11, 17:06:16, GigabitEthernet0/0/0/1
[115/30] via 192.168.121.12, 17:06:16, GigabitEthernet0/0/0/2
i L2 10.3.10.1/32 [115/40] via 192.168.111.11, 17:06:16, GigabitEthernet0/0/0/1
[115/40] via 192.168.121.12, 17:06:16, GigabitEthernet0/0/0/2
i L2 10.11.11.11/32 [115/20] via 192.168.111.11, 17:09:17, GigabitEthernet0/0/0/1
i L2 10.12.12.12/32 [115/20] via 192.168.121.12, 17:24:38, GigabitEthernet0/0/0/2
i L2 192.168.12.0/24 [115/20] via 192.168.111.11, 17:09:17, GigabitEthernet0/0/0/1
[115/20] via 192.168.121.12, 17:09:17, GigabitEthernet0/0/0/2
i L2 192.168.21.0/24 [115/20] via 192.168.111.11, 17:09:17, GigabitEthernet0/0/0/1
[115/20] via 192.168.121.12, 17:09:17, GigabitEthernet0/0/0/2
i L2 192.168.102.0/24 [115/30] via 192.168.111.11, 16:54:02, GigabitEthernet0/0/0/1
[115/30] via 192.168.121.12, 16:54:02, GigabitEthernet0/0/0/2
i L2 192.168.103.0/24 [115/30] via 192.168.111.11, 17:06:16, GigabitEthernet0/0/0/1
[115/30] via 192.168.121.12, 17:06:16, GigabitEthernet0/0/0/2
i L2 192.168.112.0/24 [115/20] via 192.168.111.11, 17:09:17, GigabitEthernet0/0/0/1
i L2 192.168.113.0/24 [115/20] via 192.168.111.11, 17:09:17, GigabitEthernet0/0/0/1
i L2 192.168.122.0/24 [115/20] via 192.168.121.12, 17:24:38, GigabitEthernet0/0/0/2
i L2 192.168.123.0/24 [115/20] via 192.168.121.12, 17:24:38, GigabitEthernet0/0/0/2
i L2 192.168.202.0/24 [115/30] via 192.168.111.11, 16:54:02, GigabitEthernet0/0/0/1
[115/30] via 192.168.121.12, 16:54:02, GigabitEthernet0/0/0/2
i L2 192.168.203.0/24 [115/30] via 192.168.111.11, 17:06:16, GigabitEthernet0/0/0/1
[115/30] via 192.168.121.12, 17:06:16, GigabitEthernet0/0/0/2

Step 14 On P1, verify the IS-IS neighbors, IS-IS topology, and IS-IS database. Note how P1 has adjacencies with P2
on both Level 1 and Level 2, while it only has Level 2 adjacencies with the PE routers. The reason is that P
routers share the same area and PE routers belong to different areas than P1 and P2.

RP/0/RP0/CPU0:P1# show isis neighbors

Tue Jun 11 09:50:25.089 UTC

IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
P2 Gi0/0/0/6 0050.5683.d35a Up 8 L1L2 Capable
P2 Gi0/0/0/5 0050.5683.66d1 Up 29 L1L2 Capable
PE1 Gi0/0/0/1 0050.5683.c3af Up 8 L2 Capable
PE2 Gi0/0/0/2 0050.5683.dce6 Up 7 L2 Capable
PE3 Gi0/0/0/3 0050.5683.68f0 Up 7 L2 Capable

Total neighbor count: 5

 RP/0/RP0/CPU0:P1# show isis topology
Tue Jun 11 09:53:11.244 UTC

IS-IS 1 paths to IPv4 Unicast (Level-1) routers

System Id Metric Next-Hop Interface SNPA
P1 --
P2 10 P2 Gi0/0/0/5 0050.5683.66d1
P2 10 P2 Gi0/0/0/6 0050.5683.d35a

IS-IS 1 paths to IPv4 Unicast (Level-2) routers

System Id Metric Next-Hop Interface SNPA
P1 --
P2 10 P2 Gi0/0/0/5 0050.5683.66d1
P2 10 P2 Gi0/0/0/6 0050.5683.d35a
PE1 10 PE1 Gi0/0/0/1 0050.5683.c3af
PE2 10 PE2 Gi0/0/0/2 0050.5683.dce6
PE3 10 PE3 Gi0/0/0/3 0050.5683.68f0

RP/0/RP0/CPU0:P1# show isis database

Tue Jun 11 09:53:42.633 UTC

IS-IS 1 (Level-1) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
P1.00-00 * 0x00000006 0xa126 615 /* 1/0/0
P1.03-00 0x0000000c 0xb1c9 595 /* 0/0/0
P2.00-00 0x00000026 0x2a50 580 /1200 1/0/0
P2.09-00 0x0000000d 0x4420 679 /1200 0/0/0

Total Level-1 LSP count: 4 Local Level-1 LSP count: 1

IS-IS 1 (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
P1.00-00 * 0x0000002d 0x937d 1056 /* 0/0/0
P1.03-00 0x0000000c 0xb1c9 724 /* 0/0/0
P2.00-00 0x00000047 0xd91f 1132 /1200 0/0/0
P2.01-00 0x0000001f 0x69ef 985 /1200 0/0/0
P2.09-00 0x0000000d 0x4420 673 /1200 0/0/0
PE1.00-00 0x00002e1b 0x4d4e 1028 /1200 0/0/0
PE1.07-00 0x00000002 0x731c 643 /1200 0/0/0
PE2.00-00 0x0000002b 0x627e 624 /1200 0/0/0
PE2.09-00 0x00000004 0x8deb 840 /1200 0/0/0
PE2.0b-00 0x00000003 0x5038 522 /1200 0/0/0
PE3.00-00 0x00000036 0x676d 351 /1199 0/0/0
PE3.01-00 0x00000001 0x95fc 350 /1199 0/0/0
PE3.02-00 0x0000001e 0x85de 1095 /1199 0/0/0

Total Level-2 LSP count: 13 Local Level-2 LSP count: 1

Step 15 On P1, verify that all devices are reachable through IS-IS. First, check the routing table for IS-IS routes, and
then attempt to ping the devices of your choice in your lab topology. Note how the only Level 1 destination
is the Loopback 0 interface of P2. You should expect all other routes to be Level 2 routes.

RP/0/RP0/CPU0:P1# show route ipv4 isis

Tue Jun 11 09:54:07.679 UTC
 i L2 10.1.1.1/32 [115/20] via 192.168.111.1, 17:22:51, GigabitEthernet0/0/0/1
i L2 10.1.10.1/32 [115/30] via 192.168.111.1, 17:22:51, GigabitEthernet0/0/0/1
i L2 10.2.2.2/32 [115/20] via 192.168.112.2, 17:07:51, GigabitEthernet0/0/0/2
i L2 10.2.10.1/32 [115/30] via 192.168.112.2, 17:07:51, GigabitEthernet0/0/0/2
i L2 10.3.3.3/32 [115/20] via 192.168.113.3, 17:20:06, GigabitEthernet0/0/0/3
i L2 10.3.10.1/32 [115/30] via 192.168.113.3, 17:20:05, GigabitEthernet0/0/0/3
i L1 10.12.12.12/32 [115/20] via 192.168.12.12, 17:22:51, GigabitEthernet0/0/0/5
[115/20] via 192.168.21.12, 17:22:51, GigabitEthernet0/0/0/6
i L2 192.168.101.0/24 [115/20] via 192.168.111.1, 17:22:51, GigabitEthernet0/0/0/1
i L2 192.168.102.0/24 [115/20] via 192.168.112.2, 17:07:51, GigabitEthernet0/0/0/2
i L2 192.168.103.0/24 [115/20] via 192.168.113.3, 17:20:06, GigabitEthernet0/0/0/3
i L2 192.168.121.0/24 [115/20] via 192.168.111.1, 17:22:51, GigabitEthernet0/0/0/1
[115/20] via 192.168.12.12, 17:22:51, GigabitEthernet0/0/0/5
[115/20] via 192.168.21.12, 17:22:51, GigabitEthernet0/0/0/6
i L2 192.168.122.0/24 [115/20] via 192.168.112.2, 17:07:51, GigabitEthernet0/0/0/2
[115/20] via 192.168.12.12, 17:07:51, GigabitEthernet0/0/0/5
[115/20] via 192.168.21.12, 17:07:51, GigabitEthernet0/0/0/6
i L2 192.168.123.0/24 [115/20] via 192.168.113.3, 17:20:06, GigabitEthernet0/0/0/3
[115/20] via 192.168.12.12, 17:20:06, GigabitEthernet0/0/0/5
[115/20] via 192.168.21.12, 17:20:06, GigabitEthernet0/0/0/6
i L2 192.168.201.0/24 [115/20] via 192.168.111.1, 17:22:51, GigabitEthernet0/0/0/1
i L2 192.168.202.0/24 [115/20] via 192.168.112.2, 17:07:51, GigabitEthernet0/0/0/2
i L2 192.168.203.0/24 [115/20] via 192.168.113.3, 17:20:06, GigabitEthernet0/0/0/3

Task 2: Configure IS-IS Route Summarization

Configure IS-IS route summarization from an IS-IS Level 1 area into the Level 2 backbone.

Activity

Step 1 On the PE1 router on your pod, summarize the IS-IS route from Level 1 into Level 2. You will summarize
the route 10.1.10.1/32, which is received from CE1 as a Level 1 route, into 10.1.10.0/24 when advertised to
the backbone. Note the summary /24 mask. Use the tag 1234 for the summary route that you will create.

RP/0/RP0/CPU0:PE1# configure
Tue Jun 11 10:04:00.872 UTC
RP/0/RP0/CPU0:PE1(config)# router isis 1
RP/0/RP0/CPU0:PE1(config-isis)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-isis-af)# summary-prefix 10.1.10.0/24 tag 1234 level 2
RP/0/RP0/CPU0:PE1(config-isis-af)# commit
RP/0/RP0/CPU0:PE1(config-isis-af)# end

Step 2 On PE1, verify that the IS-IS summary route for 10.1.10.0/24 has been locally created and that it is pointing
to the Null0 interface. This mechanism ensures that, if more specific routes do not exist when the traffic
enters PE1, this specific traffic will be dropped at this point.

RP/0/RP0/CPU0:PE1# show route ipv4 isis

Tue Jun 11 10:18:24.047 UTC

i su 10.1.10.0/24 [115/20] via 0.0.0.0, 00:07:42, Null0

i L1 10.1.10.1/32 [115/20] via 192.168.101.11, 18:02:44, GigabitEthernet0/0/0/3
[115/20] via 192.168.201.11, 18:02:44, GigabitEthernet0/0/0/4
<... output omitted ...>
Step 3 On PE3, verify that the summary route for 10.1.10.0/24 is shown as a Level 2 route. Also note that the
specific 10.1.10.1/32 is now suppressed and is no longer installed in the routing table of PE3.

PE3# show ip route isis

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks

i L2 10.1.1.1/32 [115/30] via 192.168.123.12, 17:47:35, GigabitEthernet2
[115/30] via 192.168.113.11, 17:47:35, GigabitEthernet1
i L2 10.1.10.0/24 [115/40] via 192.168.123.12, 00:11:00, GigabitEthernet2
[115/40] via 192.168.113.11, 00:11:00, GigabitEthernet1
<... output omitted ...>

Step 4 On PE3, show the route details for the destination 10.1.10.1, and note how the routing is following the
summary route now. Traceroute the IP of Loopback 0 of CE1 router (10.1.10.1). Next, try to traceroute to
another IP address from the same /24 subnet, 10.1.10.2. Note how traffic to 10.1.10.2 is routed all the way to
PE1 and then dropped there after hitting the Null0 summary route on PE1.

PE3# show ip route 10.1.10.1

Routing entry for 10.1.10.0/24
Known via "isis", distance 115, metric 40
Tag 1234, type level-2
Redistributing via isis 1
Last update from 192.168.123.12 on GigabitEthernet2, 00:02:54 ago
Routing Descriptor Blocks:
192.168.123.12, from 10.1.1.1, 00:02:54 ago, via GigabitEthernet2
Route metric is 40, traffic share count is 1
Route tag 1234
* 192.168.113.11, from 10.1.1.1, 00:02:54 ago, via GigabitEthernet1
Route metric is 40, traffic share count is 1
Route tag 1234

PE3# traceroute 10.1.10.1

Type escape sequence to abort.
Tracing the route to 10.1.10.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.113.11 2 msec
192.168.123.12 2 msec
192.168.113.11 1 msec
2 192.168.121.1 12 msec
192.168.111.1 1 msec
192.168.121.1 1 msec
3 192.168.201.11 3 msec
192.168.101.11 1 msec *
PE3# traceroute 10.1.10.2
Type escape sequence to abort.
Tracing the route to 10.1.10.2
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.113.11 1 msec
192.168.123.12 1 msec
192.168.113.11 11 msec
2 192.168.121.1 !N
192.168.111.1 !N *
0Summary Challenge
1. 0Which two statements about the IS-IS protocol are correct? (Choose two.)
a. IS-IS is a hybrid distance-vector protocol.
b. An IS-IS interface can belong to multiple areas.
c. IS-IS is a link-state routing protocol.
d. IS-IS uses the CLNP protocol for system-to-system communication.
e. An IS-IS router can belong to multiple areas.
2. 0OSPF uses Area 0 as the backbone of the network. Which area number does IS-IS use as the
backbone?
a. It uses Area 0.
b. It uses any Level 1 area.
c. It uses any Level 2 area.
d. IS-IS does not operate with a dedicated backbone area.
3. 0Which type of PDU is used to establish and maintain IS-IS adjacencies?
a. PSNP
b. CSNP
c. LSP PDU
d. hello PDU
4. 0When an LSP expires, what is the amount of time it is kept in the LSDB before it is flooded as an
expired LSP?
a. 1200 seconds
b. 1 hour
c. 60 seconds
d. LSPs never expire.
5. 0Which two TLVs were added to IS-IS to support IPv6 routing? (Choose two.)
a. TLV 142
b. TLV 132
c. TLV 300
d. TLV 232
e. TLV 236
6. 0Which Cisco IOS XR command is used to start an IS-IS process on a Cisco router?
a. router is-is process-ID
b. router isis process-ID
c. isis router enable
d. ipv4 router isis process-ID
7. 0Which Cisco IOS XR IS-IS process command is used to enable IS-IS unicast routing for the IPv6
protocol on a Cisco router?
a. ipv6 router isis 1
b. ipv6 router is-is process-ID
c. address-family ipv6 unicast
d. ipv6 enable address-family unicast
8. 0Which two options will prevent the IS-IS adjacency from forming between neighbors and,
therefore, will obstruct the routing in your network? (Choose two.)
a. IS-IS network type mismatch
b. hello timers mismatch
c. protocol mismatch
d. link cost mismatch
e. MTU mismatch on the facing interfaces
0Answer Key
IS-IS Introduction
1. B, D, E

Integrated IS-IS Routing

1. A, B, C

IS-IS Operation
1. B, C

IS-IS Link-State Database

1. A, B

IS-IS Configuration for IPv4

1. A

Basic IS-IS Troubleshooting

1. C

Summary Challenge
1. C, D
2. D
3. D
4. C
5. D, E
6. B
7. C
8. A, E