IS-IS is not running over CLNP

A while ago I’ve received an interesting question from someone studying for the CCNP certification: “I know it’s not necessary to configure clns routing if I’m running IS-IS for IP only, but isn’t IS-IS running over CLNS?”

I’ve always “known” that IS-IS uses a separate layer-3 protocol, not CLNP (unlike IP routing protocols that always ride on top of IP), but I wanted to confirm it. I took a few traces, inspected them with Wireshark and tried to figure out what’s going on.

You might be confused by the mixture of CLNS and CLNP acronyms. From the OSI perspective, a protocol (CLNP) is providing a service (CLNS) to upper layers. When a router is configured with clns routing it forwards CLNP datagrams and does not provide a CLNS service to a transport protocol. The IOS configuration syntax is clearly misleading.

It turns out the whole OSI protocol suite uses the same layer-2 protocol ID (unlike IP protocol suite where IP and ARP use different layer-2 ethertypes) and the first byte (NLPID) in the layer-3 header to indicate the actual layer-3 protocol. I was not able to find any table of layer-3 OSI protocol types, so I had to experiment with Wireshark to figure out the values for CLNP, ES-IS and IS-IS (yes, these three are distinct L3 protocols).

You can find all the details (including the comparison of OSI and IP protocol stacks) in the IS-IS in OSI protocol stack article in the CT3 wiki.

This article is part of You've asked for it series.


  1. Excellent article, the picture goes right to the point. Won’t you add another level for BGP and RIP? ..Thanks!

  2. Hi Ivan,

    You seem to have mistyped IS-IS NLPID value in the table. It should be 0x83 (like in the picture), not 0x82 (which is the same as ES-IS).

    Off-topic: I am not able to post comments from Firefox (3.0.11). I choose to comment as Name/URL, but the comment doesn't show up after pressing the Post Comment button.

    It works from Google's Chrome. I haven't tried from IE.

  3. @Gabriel:
    NLPID: You're absolutely correct. Fixed.

    Firefox: Congratulations, Google. You've managed to break Firefox code as well (IE has problems for months).

  4. Yap Chin Hoong15 March, 2010 09:40

    Hi Ivan, I like your protocol stack diagram on the CT3 wiki. Appreciate your help to answer a few questions:
    1. What does it means with the "0xFE/0xFE" for LLC1? Should it be "0xFE" only instead?
    2. How do you capture the ES-IS packets? I means how do we setup an ES in a lab environment.
    3. Where is CLNS resides in the diagram?

    Appreciate that you can share out the pcap too. Thanks and have a nice day... :-)

  5. Yap Chin Hoong15 March, 2010 09:57

    Hi Ivan, I found the answer for the first question, they are DSAP and SSAP. :)


You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.