Optimize Simple IS-IS Deployments

In the Configure IS-IS Routing for IPv4 lab exercise, I told you to configure the routers as level-2 intermediate systems and promised a detailed explanation in a follow-up lab exercise. It’s time to open that can of worms.

To keep things simple, we’ll use a simple lab topology: three routers connected into a triangle.

Lab topology

Device Requirements

Use any device supported by the netlab IS-IS configuration module.

Starting the Lab

Assuming you already set up your lab infrastructure:

  • Change directory to basic/6-level-2
  • Execute netlab up
  • Log into lab devices with netlab connect

You’ll get a lab with IPv4 addresses and minimal IS-IS configurations on all devices.

Level-1 and Level-2 Routing in IS-IS

The link-state routing protocols (IS-IS and OSPF) were designed to run on devices that were two orders of magnitude1 slower than what we have today2 and had three orders of magnitude less memory3. The routing protocol designers were rightfully worried about scalability challenges and implemented features that would allow them to build large networks:

  • OSPF uses areas connected via a backbone area.
  • IS-IS uses areas (level-1 routing) connected via an overlay inter-area routing topology (level-2 routing).

Tip

In a follow-up lab exercise, we’ll discuss the details of multi-level routing. Today, we’ll focus on the implications of using level-1 and level-2 routing on the same devices.

The IS-IS multi-level routing rules are simple:

  • An area is a contiguous set of routers with NETs that differ only in system IDs (everything left of the system ID is the same).
  • Level-1 (intra-area) routers know the topology of their area but not what’s in other areas.
  • Level-2 (inter-area) routers know the inter-area topology but not the details of individual areas.
  • Level-1-2 routers are like OSPF Area Border Routers. They know the topology of their area4 and the inter-area topology. They also summarize intra-area reachability information (prefixes and costs) and advertise them into the inter-area topology (similar to what OSPF ABRs do).
  • Contrary to OSPF (where an interface belongs to a single area), IS-IS routers could establish level-1 and level-2 adjacencies over the same interface.
  • Level-1 routing and level-2 routing are entirely separate. While they use a shared adjacency5, they use different topology databases.

Every router in an IS-IS network can be a level-1 router, a level-2 router, or a level-1-2 router. Furthermore, you could limit the adjacencies a router forms over individual interfaces (we’ll leave this topic for another day).

Now for the sad part: the default router type in most implementations is a level-1-2 router. Let’s assume we have a reasonably small network6 and don’t use areas. Could the default setting hurt us?

Best Scenario: Duplicate Information

FRRouting is one of those implementations where running level-1 and level-2 routing in parallel causes only minor damage. As of August 2024, the FRRouting IS-IS implementation is incomplete and cannot distribute intra-area (level-1) information into inter-area (level-2) LSPs or vice versa7. Regardless, it’s worth exploring this behavior, as other devices might have similar defaults8.

If you start our lab with FRRouting nodes, you can observe level 3 adjacencies (that’s how FRRouting says “level-1-2”). The neighbor details confirm that the circuit type is L1L2 – we’re running level-1 and level-2 routing with IS-IS neighbors.

r1# show isis neighbor detail
Area Gandalf:
 r2
    Interface: eth1, Level: 3, State: Up, Expires in 28s
    Adjacency flaps: 2, Last: 25s ago
    Circuit type: L1L2, Speaks: IPv4
    SNPA: 2020.2020.2020
    Area Address(es):
      49.0001
    IPv4 Address(es):
      10.1.0.2

 r3
    Interface: eth2, Level: 3, State: Up, Expires in 27s
    Adjacency flaps: 2, Last: 25s ago
    Circuit type: L1L2, Speaks: IPv4
    SNPA: 2020.2020.2020
    Area Address(es):
      49.0001
    IPv4 Address(es):
      10.1.0.10

As expected, the routers have two IS-IS databases with duplicate information (the LSPs might have the exact same size):

r1# show isis data
Area Gandalf:
IS-IS Level-1 link-state database:
LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL
r1.00-00             *    112   0x00000002  0xcf99    1630    1/0/0
r2.00-00                  112   0x00000002  0x0662    1638    1/0/0
r3.00-00                  112   0x00000002  0x0e4d    1622    1/0/0
    3 LSPs

IS-IS Level-2 link-state database:
LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL
r1.00-00             *    112   0x00000002  0xc7a9    1642    0/0/0
r2.00-00                  112   0x00000002  0xfd72    1622    0/0/0
r3.00-00                  112   0x00000002  0x065d    1630    0/0/0
    3 LSPs

Inspecting a level-1 LSP and a corresponding level-2 LSP confirms the duplication of information:

r1# show isis database detail r2.00-00
Area Gandalf:
IS-IS Level-1 link-state database:
LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL
r2.00-00                  112   0x00000002  0x0662    1544    1/0/0
  Protocols Supported: IPv4
  Area Address: 49.0001
  Hostname: r2
  TE Router ID: 10.0.0.2
  Router Capability: 10.0.0.2 , D:0, S:0
  Extended Reachability: 0000.0000.0001.00 (Metric: 10)
  Extended Reachability: 0000.0000.0003.00 (Metric: 10)
  IPv4 Interface Address: 10.0.0.2
  Extended IP Reachability: 10.0.0.2/32 (Metric: 10)
  Extended IP Reachability: 10.1.0.0/30 (Metric: 10)
  Extended IP Reachability: 10.1.0.4/30 (Metric: 10)

IS-IS Level-2 link-state database:
LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL
r2.00-00                  112   0x00000002  0xfd72    1528    0/0/0
  Protocols Supported: IPv4
  Area Address: 49.0001
  Hostname: r2
  TE Router ID: 10.0.0.2
  Router Capability: 10.0.0.2 , D:0, S:0
  Extended Reachability: 0000.0000.0001.00 (Metric: 10)
  Extended Reachability: 0000.0000.0003.00 (Metric: 10)
  IPv4 Interface Address: 10.0.0.2
  Extended IP Reachability: 10.0.0.2/32 (Metric: 10)
  Extended IP Reachability: 10.1.0.0/30 (Metric: 10)
  Extended IP Reachability: 10.1.0.4/30 (Metric: 10)

End result: Even without information propagation between level-1 and level-2 routing, the routers consume twice as much memory for the IS-IS topology database. More importantly10, every change in the network triggers two SPF9 runs (one for level-1 topology, one for level-2 topology) with identical results (because every router advertises every prefix in level-1 and level-2 topologies). One of those results is thrown away; within an area, level-1 information takes precedence over level-2 information11.

Worst Case: Exploding Information

Most IS-IS implementations follow the rules from RFC 1195:

Level 2 routers include in their level 2 LSPs a complete list of [IP address, subnet mask, metric] specifying all IP addresses reachable in their area12.

Now, imagine you’re using an implementation that follows the RFC1195 rules in a single-area network where every router runs level-1 and level-2 routing. Every router advertises every reachable intra-area IP prefix in its level-2 LSP, resulting in humongous level-2 LSPs13.

All those level-2 prefixes would needlessly increase the overhead of level-2 SPFs (and the results of the level-2 SPF would be ignored anyway). Even worse, every change in the network topology that would change the cost of at least one prefix would result in changed level-2 LSPs that would be flooded across the whole network, triggering even more level-2 SPF runs.

Takeaway: In a single-area IS-IS network, never run level-1 and level-2 routing in parallel.

You can reproduce that behavior with most IS-IS implementations. Start the lab and explore the contents of a level-1 LSP and corresponding level-2 LSP. This is what you would get on Arista cEOS:

r1>show isis database r2.00-00 detail
Legend:
H - hostname conflict
U - node unreachable

IS-IS Instance: Gandalf VRF: default
  IS-IS Level 1 Link State Database
    LSPID                   Seq Num  Cksum  Life Length IS  Received LSPID        Flags
    r2.00-00                      3  60631  1044    118 L2  0000.0000.0002.00-00  <>
      Remaining lifetime received: 1199 s Modified to: 1200 s
      NLPID: 0xCC(IPv4)
      Hostname: r2
      Area addresses: 49.0001
      Interface address: 10.1.0.5
      Interface address: 10.1.0.2
      Interface address: 10.0.0.2
      IS Neighbor          : r1.00               Metric: 10
      IS Neighbor          : r3.00               Metric: 10
      Reachability         : 10.1.0.4/30 Metric: 10 Type: 1 Up
      Reachability         : 10.1.0.0/30 Metric: 10 Type: 1 Up
      Reachability         : 10.0.0.2/32 Metric: 10 Type: 1 Up
      Router Capabilities: Router Id: 10.0.0.2 Flags: []
        Area leader priority: 250 algorithm: 0
  IS-IS Level 2 Link State Database
    LSPID                   Seq Num  Cksum  Life Length IS  Received LSPID        Flags
    r2.00-00                      4  53131  1044    147 L2  0000.0000.0002.00-00  <>
      Remaining lifetime received: 1199 s Modified to: 1200 s
      NLPID: 0xCC(IPv4)
      Hostname: r2
      Area addresses: 49.0001
      Interface address: 10.1.0.5
      Interface address: 10.1.0.2
      Interface address: 10.0.0.2
      IS Neighbor          : r1.00               Metric: 10
      IS Neighbor          : r3.00               Metric: 10
      Reachability         : 10.0.0.1/32 Metric: 20 Type: 1 Up
      Reachability         : 10.1.0.8/30 Metric: 20 Type: 1 Up
      Reachability         : 10.0.0.3/32 Metric: 20 Type: 1 Up
      Reachability         : 10.1.0.4/30 Metric: 10 Type: 1 Up
      Reachability         : 10.1.0.0/30 Metric: 10 Type: 1 Up
      Reachability         : 10.0.0.2/32 Metric: 10 Type: 1 Up
      Router Capabilities: Router Id: 10.0.0.2 Flags: []
        Area leader priority: 250 algorithm: 0

Configure IS-IS Router Type

By now, you probably agree that running level-1 routing and level-2 routing in parallel14 does not make sense. Is it better to run just level-1 routing or just level-2 routing? I would go with level-2 routing; things will keep working even if you decide to split your network into smaller areas sometime in the future.

It’s time to get our hands dirty. After exploring the IS-IS database structures, configure all routers in your network to be level-2 routers with a router configuration command similar to is-type level-2.

Validation

Examine the IS-IS adjacencies on all links in your network. All IS-IS neighbors should have level-2 adjacency:

r1# sh isis neighbor
Area Gandalf:
  System Id           Interface   L  State        Holdtime SNPA
 r2                  eth1        2  Up            30       2020.2020.2020
 r3                  eth2        2  Up            29       2020.2020.2020

The IS-IS database should not have any level-1 information:

r1# show isis database
Area Gandalf:
IS-IS Level-2 link-state database:
LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL
r1.00-00             *    112   0x00000005  0xc1ac    1644    0/0/0
r2.00-00                  112   0x00000006  0xf576    1713    0/0/0
r3.00-00                  112   0x00000007  0xfb62    1701    0/0/0
    3 LSPs

Reference Information

Lab Wiring

Origin Device Origin Port Destination Device Destination Port
r1 eth1 r2 eth1
r2 eth2 r3 eth1
r1 eth2 r3 eth2

Lab Addressing

Node/Interface IPv4 Address IPv6 Address Description
r1 10.0.0.1/32 Loopback
eth1 10.1.0.1/30 r1 -> r2
eth2 10.1.0.9/30 r1 -> r3
r2 10.0.0.2/32 Loopback
eth1 10.1.0.2/30 r2 -> r1
eth2 10.1.0.5/30 r2 -> r3
r3 10.0.0.3/32 Loopback
eth1 10.1.0.6/30 r3 -> r2
eth2 10.1.0.10/30 r3 -> r1

  1. 100 times 

  2. The Cisco 2500 router had a 20 MHz CPU. Most general-purpose CPUs today use a clock frequency above 2 GHz (ignoring for the moment that they can also do much more in a single clock cycle). 

  3. The Cisco 2500 router had up to 16 MB of memory. Most modern routers have at least 8 GB of (much faster) RAM. 

  4. Contrary to OSPF, an IS-IS router can belong to a single area (ignoring the overlapping areas exception). 

  5. That shared adjacency is advertised as two adjacencies (extended reachability TLV), one in level-1 LSP and another in level-2 LSP. 

  6. ISPs were running networks with hundreds of routers in an IS-IS area in the 1990s. Most everyone agrees that (assuming you’re using a decent implementation) it’s OK to run a few hundred routers in a relatively stable IS-IS area (TLDR: It Depends™️) 

  7. You cannot use FRRouting as a level-1-2 router in a network that uses multi-level IS-IS routing. 

  8. Cisco Nexus OS does not distribute level-1 information into level-2 LSPs unless you configure distribute level-1 into level-2 within an IS-IS router address family. 

  9. Shortest-Path First; the algorithm used to find the lowest-cost paths in a weighted graph 

  10. In the world of cheap RAM 

  11. See section 3.2 of RFC 5302 for more details. 

  12. RFC 5302 provides a slightly stricter interpretation in section 3.3: a L1L2 router SHOULD only advertise in their L2 LSP those L1 routes that they use for forwarding themselves. They SHOULD NOT
    unconditionally advertise into L2 all prefixes from LSPs in the L1 database. 

  13. OSPF would do the same thing if you configured virtual backbone links across a single-area OSPF network 

  14. On all links in your network. In a network using multi-level IS-IS routing, you might have to run level-1 routing and level-2 routing on some core links (but you wouldn’t do that on each link).