IS-IS Is Not Running over CLNP

Numerous sources on the Internet claim that IS-IS runs on top of OSI’s Connectionless Network Protocol (CLNP). This is not the case; although IS-IS and CLNP share the same layer-2 Service Access Point (SAP), OSI provides an additional field (Network Layer Protocol Identifier; NLPID) in the first byte of the layer-3 header.

Contrary to the IP world where the identification of layer-3 protocol is based on Ethertype or PPP protocol ID, the identification of a layer-3 OSI protocol is performed based on layer-2 Service Access Point (DSAP = 0xFE) and the first byte of the layer-3 header, which has the following values:

CLNP (Connectionless Network Protocol)
ES-IS: End system (host) to Intermediate System (router) protocol - used by CLNP hosts to announce themselves to the routers
IS-IS: Intermediate System to Intermediate System protocol – used by routers running IS-IS to advertise themselves, establish adjacency, and exchange routing information.

IS-IS is therefore a separate network-layer protocol and does not rely on CLNP for datagram transport while IP routing protocols encapsulate their packets into IP or UDP datagrams.

For more details regarding End-System Hellos and Intermediate System Hellos watch the Network Addressing part of How Networks Really Work webinar.

The relationship between various OSI protocols and their comparison with the IP protocol stack, where the layer-3 protocol demultiplexing relies exclusively on the values in the layer-2 header, is shown in the following diagram:


You might be confused by the mixture of CLNS and CLNP acronyms. From the OSI perspective, a protocol (CLNP) is providing a service (CLNS) to upper layers. When a router is configured with clns routing it forwards CLNP datagrams – the IOS configuration syntax is potentially misleading.


  1. Excellent article, the picture goes right to the point. Won’t you add another level for BGP and RIP? ..Thanks!
  2. Hi Ivan,

    You seem to have mistyped IS-IS NLPID value in the table. It should be 0x83 (like in the picture), not 0x82 (which is the same as ES-IS).

    Off-topic: I am not able to post comments from Firefox (3.0.11). I choose to comment as Name/URL, but the comment doesn't show up after pressing the Post Comment button.

    It works from Google's Chrome. I haven't tried from IE.
  3. @Gabriel:
    NLPID: You're absolutely correct. Fixed.

    Firefox: Congratulations, Google. You've managed to break Firefox code as well (IE has problems for months).
  4. Hi Ivan, I like your protocol stack diagram on the CT3 wiki. Appreciate your help to answer a few questions:
    1. What does it means with the "0xFE/0xFE" for LLC1? Should it be "0xFE" only instead?
    2. How do you capture the ES-IS packets? I means how do we setup an ES in a lab environment.
    3. Where is CLNS resides in the diagram?

    Appreciate that you can share out the pcap too. Thanks and have a nice day... :-)
  5. Hi Ivan, I found the answer for the first question, they are DSAP and SSAP. :)
Add comment