Finally a group of engineers figured out it’s a good idea to make things less complex instead of heaping layers of complexity on top of already-complex kludges.
RFC 8196 specifies default values and extensions to IS-IS that make it a true plug-and-play routing protocol. I wonder when we’ll see it implemented now that everyone is obsessed with intent-based hype.
Did you rush to try OSPF Loop Free Alternate on a Cisco 7200 after reading my LFA blog post ... and disappointedly discovered that it only works on Cisco 7600? The reason is simple: while LFA does add feasible-successor-like behavior to OSPF, its primary mission is to improve RIB-to-FIB convergence time.
Assume we have a simple triangular network:
Now imagine the A-to-C link fails. How will OSPF react to the link failure as compared to EIGRP? Which one will converge faster? Try to answer the questions before pressing the Read more link ;)
For whatever reason I decided to start my Junos experience with a very simple IS-IS network – four core routers from my Building IPv6 Service Provider Core webinar. As Junosphere doesn’t support serial or POS interfaces, I migrated all links to Gigabit Ethernet and added a point-to-point GE link between PE-A and PE-B.
Many service providers choosing IS-IS as their IGP use it within a single area (or at least run all routers as L1L2 routers). Multi-level IS-IS design is a royal pain, more so in MPLS environments where every PE-router needs a distinct route for every BGP next hop (see also Disable L1 Default Route in IS-IS). Moreover, MPLS TE is reasonably simple only within a single level (L1 or L2).
I’m positive at least some service providers do something as stupid as I usually did – deploy IS-IS with default settings using a configuration similar to this one:
My Junos versus Cisco IOS: Explicit versus Implicit received a huge amount of helpful comments, some of them slightly philosophical, others highly practical – from using interfaces all combined with interface disable in routing protocol configuration, to using configuration groups (more about that fantastic concept in another post).
However, understanding what’s going on is not the same as being able to explain it in one sentence ... and Dan (@jonahsfo) Backman beautifully nailed that one.
My first Junosphere project was an IPv6 backbone; I wanted to create a simple single-area IS-IS/BGP-free backbone running LDP and MPLS, and using 6PE for IPv6 connectivity. Needless to say, even though I read the excellent Day One books (highly recommended: Exploring IPv6, Advanced IPv6 configuration and Deploying MPLS), I stumbled on almost every step.
A reader of my blog planning to migrate his network from a traditional BGP-everywhere design to a BGP-over-MPLS one wondered about potential unexpected consequences. The MTU implications of introducing MPLS in a running network are usually well understood (even though you could get some very interesting behavior); if you can, increase the MTU size by at least 16 bytes (4 labels) and check whether MTU includes L2 header. Another somewhat more mysterious beast is the interaction between IGP and LDP that can cause traffic disruptions after the physical connectivity has been reestablished.
The information in this article applies only to single-topology IS-IS setup. Multi-topology IS-IS works correctly.
It’s a shame but it looks like IPv6 and MPLS TE don’t work together in current IOS releases. The standards are there, but Cisco didn’t find the motivation to implement them yet. The situation is particularly grave if you happen to:
- run IS-IS as your routing protocol (many large Service Provider networks do);
- use IS-IS for both IPv4 and IPv6 (makes perfect sense) in single-topology mode (not the best idea);
- use MPLS TE for traffic engineering and/or fast reroute (not uncommon);
- use autoroute on MPLS TE tunnels (most people do);
- run IPv6 natively (without end-to-end MPLS LSP and 6PE).
In this scenario, IS-IS will install autoroute-enabled MPLS TE tunnels in the SPF tree (see autoroute basics for more details) but as IPv6 and MPLS TE tunnels don’t mix, the IPv6 destinations behind the MPLS TE tunnels will not be reachable at all.
The OSI protocol stack has a major advantage over the TCP/IP stack: it defines both the protocols and the APIs between the layers. CLNS (Connection-less network Service) is the API (the function calls that allow transport layers to exchange datagrams across the network) while CLNP (Connection-less network Protocol) is the layer-3 protocol that implements CLNS. In my diagram, CLNS would be a thin line above CLNP between L3 and L4 boxes.
IOS developers did not escape the confusion between CLNS and CLNP. The clns routing command does not make sense; you cannot route an API. The command should have been called clnp routing.
Clue started an interesting discussion on the NANOG mailing list. He’s inherited a network that extended its internal OSPF to its multihomed customers and wondered whether he should leave the network as it is, change OSPF to IS-IS or deploy BGP. Here are a few thoughts from my reply.
Please remember that we were discussing running global OSPF with the customer routers. Running OSPF in a VRF is a different story, as the customer cannot impact another customer’s routing (they can only burn your CPU cycles).
You might have noticed that your IOS release supports a ctunnel interface (hint: your image has to support CLNS) and wondered what it could do. Well, it’s a GRE tunnel between a pair of NSAPs, so you can transport IP traffic across your well-engineered CLNS network without ever exposing the core routers to the dangers of IP.
But wait, it gets better: starting with IOS releases 12.3(7)T and 12.2(33)SRA, you can transport IPv6 across the ctunnel interface. Unfortunately, they haven’t implemented MPLS over GRE over CLNS yet (the mpls ip command is present, but does not work).
It looks like there's at least one potentially very large-scale application that could use this feature.
A while ago I’ve received an interesting question from someone studying for the CCNP certification: “I know it’s not necessary to configure clns routing if I’m running IS-IS for IP only, but isn’t IS-IS running over CLNS?”
I’ve always “known” that IS-IS uses a separate layer-3 protocol, not CLNP (unlike IP routing protocols that always ride on top of IP), but I wanted to confirm it. I took a few traces, inspected them with Wireshark and tried to figure out what’s going on.
You might be confused by the mixture of CLNS and CLNP acronyms. From the OSI perspective, a protocol (CLNP) is providing a service (CLNS) to upper layers. When a router is configured with clns routing it forwards CLNP datagrams and does not provide a CLNS service to a transport protocol. The IOS configuration syntax is clearly misleading.
It turns out the whole OSI protocol suite uses the same layer-2 protocol ID (unlike IP protocol suite where IP and ARP use different layer-2 ethertypes) and the first byte (NLPID) in the layer-3 header to indicate the actual layer-3 protocol. I was not able to find any table of layer-3 OSI protocol types, so I had to experiment with Wireshark to figure out the values for CLNP, ES-IS and IS-IS (yes, these three are distinct L3 protocols).
You might have wondered why no link-state routing protocols support unequal-cost load balancing (UCLB). Petr Lapukhov provides part of the answer in his Understanding Unequal-Cost Load-Balancing article: EIGRP is one of those few protocols that can ensure a neighbor is not using the current router as its next-hop.
However, one has to wonder: with OSPF and IS-IS having the full network topology (or at least the intra-area part of it) in the SPF tree, how hard would it be to detect that sending a packet to someone that is not on the shortest path would not generate a forwarding loop? Is the lack of OSPF or IS-IS UCLB in Cisco IOS the result of lip service to the standards (at least the OSPF one is way too prescriptive) or a shoddy implementation? What are your thoughts?
The Shortest Path First (SPF) algorithm used by all (read: both) popular link-state routing protocols should be well-known to all network engineers, but the fact that the IP routing table gets populated by a distance-vector-like second phase of the algorithm is oft forgotten.
Check this short presentation in case you’d like to get a bit more in-depth explanation of the SPF algorithm.
The second phase of the link state route selection algorithm is called Partial SPF in OSPF and Partial Route Calculation (PRC) in IS-IS. Obviously it’s beneficial if the router can react to a change in the network topology by running PRC, not the full SPF, and there are significant differences in the way OSPF and IS-IS respond to various topology change events. The differences are not architectural; you could make OSPF behave as well as IS-IS. They just prove that the old wisdom is still true: very large IOS-based networks use IS-IS because it’s better implemented than OSPF.