Junos Day One: IS-IS for dummies

For whatever reason I decided to start my Junos experience with a very simple IS-IS network – four core routers from my Building IPv6 Service Provider Core webinar. As Junosphere doesn’t support serial or POS interfaces, I migrated all links to Gigabit Ethernet and added a point-to-point GE link between PE-A and PE-B.

I started with a very simple configuration: dual-stack (IPv4+IPv6) network with IS-IS running on core interfaces (and the loopback).

Junos can run a single instance of each routing protocol per routing instance. You can run multiple copies of IS-IS, but you have to use multiple routing instances. The routing instances are not exactly VRFs; you can merge routes from multiple routing instances with proper import and export policies.

The configuration guide told me to configure NET on the loopback interface:

root@PE-A> show configuration interfaces lo0.0
family inet {
    address 10.0.1.1/32;
}
family iso {
    address 49.0000.0000.cccc.0001.00;
}
family inet6 {
    address fec0::cccc:1/128;
    address ::ffff:10.0.1.1/128;
}

All other IS-IS-related configuration is done within the protocols isis configuration block – a major difference from Cisco IOS, where you configure interface-specific parameters within the interface configuration mode (here’s why the Junos approach makes sense).

Discovery #1: Junos expects you to configure all routing protocol-related parameters in the protocols part of the configuration.

Anyway, continuing to read the Routing Protocols Configuration Guide, I listed all core interfaces within the protocol isis block:

root@PE-A> show configuration protocols isis
topologies ipv6-unicast;
interface ge-0/0/1.0 {
interface ge-0/0/4.0;
interface lo0.0;

No good, there were no adjacencies, and IS-IS was supposedly running only on the loopback interface. Excuse me? I did configure it on three interfaces.

root@PE-A> show isis adjacency

root@PE-A> show isis interface
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
lo0.0                 0   0x1 Passive           Passive                 0/0

After spending some more time going through the Routing Protocols configuration guide I figured out the problem: you have to enable family iso on the interfaces on which you want IS-IS to run. Remember: without data-plane configuration (interfaces) control plane won’t work.

Discovery #2: List IS-IS interfaces in the protocol isis configuration block and enable family iso on each interface.

root@PE-A> show configuration interfaces ge-0/0/4.0
description "Link to P router";
family inet {
    address 10.0.7.9/30;
}
family iso;
family inet6;

root@PE-A> show configuration interfaces ge-0/0/1.0
family iso;
family inet6 {
    unnumbered-address lo0.0;
}

After adding the family iso into each interface configuration, IS-IS started to work and established both L1 and L2 adjacencies between all routers.

root@PE-A# run show isis adjacency
Interface             System         L State        Hold (secs) SNPA
ge-0/0/1.0            PE-B           1  Up                    8  56:68:28:2b:86:eb
ge-0/0/1.0            PE-B           2  Up                    6  56:68:28:2b:86:eb
ge-0/0/4.0            P              1  Up                    8  56:68:28:2b:87:5
ge-0/0/4.0            P              2  Up                    8  56:68:28:2b:87:5

However, a quick look into the IS-IS database revealed a well-known problem: L2 LSP contained all prefixes known to IS-IS:

root@PE-A> show isis database detail PE-A
IS-IS level 1 link-state database:

PE-A.00-00 Sequence: 0xb, Checksum: 0x6323, Lifetime: 1068 secs
   IPV4 Unicast IS neighbor: PE-B.00          Metric:       10
   IPV4 Unicast IS neighbor: P.03             Metric:       10
   IPV6 Unicast IS neighbor: PE-B.00          Metric:       10
   IPV6 Unicast IS neighbor: P.03             Metric:       10
   IP IPV4 Unicast prefix: 10.0.1.1/32        Metric:        0 Internal Up
   IP IPV4 Unicast prefix: 10.0.7.8/30        Metric:       10 Internal Up
   V6 IPV6 Unicast prefix: ::ffff:10.0.1.1/128 Metric:        0 Internal Up
   V6 IPV6 Unicast prefix: fec0::cccc:1/128   Metric:        0 Internal Up

IS-IS level 2 link-state database:

PE-A.00-00 Sequence: 0xd, Checksum: 0x7eb0, Lifetime: 1068 secs
   IPV4 Unicast IS neighbor: PE-B.00          Metric:       10
   IPV4 Unicast IS neighbor: P.03             Metric:       10
   IPV6 Unicast IS neighbor: PE-B.00          Metric:       10
   IPV6 Unicast IS neighbor: P.03             Metric:       10
   IP IPV4 Unicast prefix: 10.0.1.1/32        Metric:        0 Internal Up
   IP IPV4 Unicast prefix: 10.0.1.2/32        Metric:       20 Internal Up
   IP IPV4 Unicast prefix: 10.0.1.5/32        Metric:       20 Internal Up
   IP IPV4 Unicast prefix: 10.0.1.6/32        Metric:       10 Internal Up
   IP IPV4 Unicast prefix: 10.0.2.0/24        Metric:       20 Internal Up
   IP IPV4 Unicast prefix: 10.0.7.8/30        Metric:       10 Internal Up
   IP IPV4 Unicast prefix: 10.0.7.16/30       Metric:       20 Internal Up
   V6 IPV6 Unicast prefix: ::ffff:10.0.1.1/128 Metric:        0 Internal Up
   V6 IPV6 Unicast prefix: ::ffff:10.0.1.2/128 Metric:       20 Internal Up
   V6 IPV6 Unicast prefix: ::ffff:10.0.1.5/128 Metric:       20 Internal Up
   V6 IPV6 Unicast prefix: ::ffff:10.0.1.6/128 Metric:       10 Internal Up
   V6 IPV6 Unicast prefix: fec0::cccc:1/128   Metric:        0 Internal Up
   V6 IPV6 Unicast prefix: fec0::cccc:2/128   Metric:       20 Internal Up
   V6 IPV6 Unicast prefix: fec0::cccc:3/128   Metric:       10 Internal Up
   V6 IPV6 Unicast prefix: fec0::cccc:4/128   Metric:       20 Internal Up
   V6 IPV6 Unicast prefix: fec0:1:1:13::/64   Metric:       20 Internal Up

The fix for that behavior is very simple: disable L1 routing. Here’s where the Junos documentation gets confusion – it tells you to disable L1 hellos on each individual interface, whereas in reality you can disable L1 globally with set protocols isis level 1 disable. I checked every possible angle, including “Configuring IS-IS” section (which lists all IS-IS configuration parameters) and “Summary of IS-IS Configuration Statements” – the level 1 disable command should not work at the protocol isis level ... but it does (which is a good thing).

Disable L1 processing

root@PE-A# show protocols isis
topologies ipv6-unicast;
level 1 disable;
interface ge-0/0/1.0
interface ge-0/0/4.0;
interface lo0.0; 

Discovery #3: Disable L1 processing on individual IS-IS interfaces with set interface name level 1 disable configuration command. To disable it globally, use set level 1 disable command within [edit protocols isis].

Only L2 adjacencies were established after the configuration change ...

root@PE-A# run show isis adjacency
Interface             System         L State        Hold (secs) SNPA
ge-0/0/1.0            PE-B           2  Up                    6  56:68:28:2b:86:eb
ge-0/0/4.0            P              2  Up                    8  56:68:28:2b:87:5

... and L2 LSP contained only the local prefixes:

root@PE-A> show isis database PE-A detail
IS-IS level 1 link-state database:

PE-A.00-00 Sequence: 0xd, Checksum: 0x94ef, Lifetime: 632 secs
   IPV4 Unicast IS neighbor: PE-B.00          Metric:       10
   IPV4 Unicast IS neighbor: P.03             Metric:       10
   IPV6 Unicast IS neighbor: PE-B.00          Metric:       10
   IPV6 Unicast IS neighbor: P.03             Metric:       10
   IP IPV4 Unicast prefix: 10.0.1.1/32        Metric:        0 Internal Up
   IP IPV4 Unicast prefix: 10.0.7.8/30        Metric:       10 Internal Up
   V6 IPV6 Unicast prefix: ::ffff:10.0.1.1/128 Metric:        0 Internal Up
   V6 IPV6 Unicast prefix: fec0::cccc:1/128   Metric:        0 Internal Up

IS-IS level 2 link-state database:

PE-A.00-00 Sequence: 0x14, Checksum: 0x512c, Lifetime: 998 secs
   IPV4 Unicast IS neighbor: PE-B.00          Metric:       10
   IPV4 Unicast IS neighbor: P.03             Metric:       10
   IPV6 Unicast IS neighbor: PE-B.00          Metric:       10
   IPV6 Unicast IS neighbor: P.03             Metric:       10
   IP IPV4 Unicast prefix: 10.0.1.1/32        Metric:        0 Internal Up
   IP IPV4 Unicast prefix: 10.0.7.8/30        Metric:       10 Internal Up
   V6 IPV6 Unicast prefix: ::ffff:10.0.1.1/128 Metric:        0 Internal Up
   V6 IPV6 Unicast prefix: fec0::cccc:1/128   Metric:        0 Internal Up

Summary of major differences between Cisco IOS and Junos

  • You have to configure CLNS NET on the loopback interface, not within the IS-IS process;
  • You can configure a single IS-IS routing process per routing instance, but can run multiple IS-IS processes per box (using multiple routing instances);
  • You have to enable family iso on every interface on which you want to run IS-IS;
  • You have to enable IS-IS on individual interfaces within the protocol isis section, not within the interface configuration;
  • You can use set protocol isis interface all, which would enable IS-IS on all interfaces that have family iso enabled. After that, you can disable individual interfaces with set protocol isis interface name disable.

Disclosure

The only reason I learned the marginal bits & pieces I know about Junos is because Juniper kindly provided me with free access to Junosphere environment (thanks to @abnerg) ... but I was not compensated for my blog posts, or asked to write about Junos or Junosphere.

2 comments:

  1. looking forward to your commentary on RIB groups :-)..

    ReplyDelete
  2. Hi Ivan!

    Just a little note for the first bullet of your diffs summary in the end of your article: you're not restricted to use loopback iface for NET configuration. Technically you can use *any* iso-enabled iface for that. Of course, it does not have much sense from the consistency point of view. :)

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.