<Course Title>

Multilevel IS-IS Networks

LY
N
O
SE
U
AL
N
R
TE
IN
Multilevel IS-IS Networks

LY
N
O
SE
U
AL

IS-IS Level 2 Operation

N

The IS-IS protocol advertises either a Level 1 LSP or a Level 2 LSP for each adjacency formed with a
neighbor. The type of LSP advertised depends on the level at which the adjacency is formed.
R

Also recall that an IS-IS Level 1 LSP can be flooded only within a specific area because a Level 1
adjacency cannot form across an area boundary. Level 2 LSPs include the routing information
TE

carried in Level 1 LSPs, which results in the L2 backbone knowing routes for all areas and levels.
In the example on the slide, routing information from all routers is present in all databases in the
network. The presence of a single L2 database shared by all routers occurs because all of the
adjacencies in the network are at Level 2, and Level 2 LSPs are flooded both within, and across, IS-IS
IN

area boundaries.

2 www.juniper.net
 Multilevel IS-IS Networks

LY
N
O
SE
U
AL

IS-IS Level 1 Operation

N

This slide details a single area Level 1 IS-IS network. In this example, all routers in the network share
a Level 1 database containing identical information. The presence of a common Level 1 database in
R

all routers occurs in this case because all adjacencies are Level 1 in nature, and all routers are
within the same IS-IS area (49.4444). Level 1 LSP flooding will reach all routers in the network due to
TE

the presence of a single area.

IN

www.juniper.net 3
Multilevel IS-IS Networks

LY
N
O
SE
U
AL

Multilevel IS-IS Operation

N

In this example, routing information for each router is present in all Level 2 databases in the network.
This routing information is present because Level 1 routing information is summarized at the L1/L2
R

boundary and flooded throughout the Level 2 backbone in Level 2 link-state protocol data units
(PDUs). The Level 1 routers within each Level 1 area have a single Level 1 database that contains
TE

routing information for that area only. The Level 1 routers use the attached bit in an advertised
Level 1 link-state PDU(LSP) to install a local default route. The Level 1 router forwards packets to the
metrically closest attached router when routing to destinations outside of their Level 1 area.
Level 1 routers are isolated from routing changes in other areas, and summarization of Level 1
IN

information prevents Level 2 routers from having to perform a full SPF calculation for topology
changes within a Level 1 area. This isolation and summarization of routing information improves the
scalability of a multilevel IS-IS network.

4 www.juniper.net
 Multilevel IS-IS Networks

LY
N
O
SE
U
AL

Multilevel IS-IS Operation Is Similar to OSPF NSSA

N

You can readily compare the operation of a multiarea IS-IS network to an OSPF not-so-stubby area
(NSSA) with the no-summaries and default-metric options configured. In a multiarea IS-IS
R

network, each Level 1 IS-IS router has complete routing knowledge of the routes local to its Level 1
area only. Level 1 routers reach other IS-IS destinations by using a 0.0.0.0/0 default route generated
TE

by the detection of L1/L2 attached routers. As with an OSPF NSSA, you can inject external routing
information into the Level 1 area. The Level 2 LSPs of the attached routers in the area advertise the
internal Level 1 routes to other IS-IS Level 2 areas.

L1/L2 Border Router Is a Natural Boundary

IN

Although a Level 2 LSP advertises all Level 1 internal routes, routing information for the Level 2
backbone is constrained by the L1/L2-attached router. Thus, Level 2 routes are not advertised into
the Level 1 area by default; hence the need for a default route in the Level 1 area. Level 1 routes
advertised as external routes into Level 1 are not advertised to any Level 2 routers by default; routing
policy is needed to effect the leaking of Level 1 externals into the L2 backbone. Note that the use of
wide-metrics-only alters the natural L1/L2 boundary in that routes are no longer
distinguishable as being internal or external. The use of wide metrics therefore results in the
automatic leaking of all Level 1 routes into Level 2, as they will all appear to be internal routes.
Continued on the next page.

www.juniper.net 5
Multilevel IS-IS Networks
L2 Routers Set the Attached Bit
To provide interarea reachability for Level 1 routers, an L1/L2 router with a Level 2 adjacency to a
router in another area sets its attached bit in its Level 1 LSPs. Level 1 routers install a 0.0.0.0/0
default route to the metrically closest attached router when they detect Level 1 LSPs with the
attached bit set. Note that while each possible metric type (default, delay, expense, and error) is
associated with its own attached bit, the Junos OS supports only the default metric type.
You can disable the generation of a default route by including the ignore-attached-bit
statement at the [edit protocols isis] configuration hierarchy.

LY
N
O
SE
U
AL
N
R
TE
IN

6 www.juniper.net
 Multilevel IS-IS Networks

LY
N
O
SE
U
AL

Ignoring the Attached Bit

N

In some corner situations you might want to prevent the installation of a default route based on the
presence of Level 1 LSPs with attached bits. The slide provides an example of one such application
R

in which a multilevel IS-IS network with Level 2 to Level 1 route leaking in place.
Because the leaking of Level 2 routing information into the Level 1 areas provides all routers with
TE

complete IS-IS routing information, a default route is no longer needed for routing to destinations
outside of a given Level 1 area. Because the goal of a multilevel IS-IS design is normally to reduce
database size for routers in Level 1 areas, you might ask yourself why someone would design a
multilevel IS-IS topology only to leak Level 2 route into Level 1.
IN

In this example, the network operator wants to leverage the built-in LSP flooding scope of a multilevel
IS-IS network to provide some level of isolation in the event that a malformed LSP is generated. For
example, if a malformed Level 1 LSP is generated in area 49.7777, this LSP will not be flooded into
the Level 2 backbone (the contents of Level 1 LSPs are repackaged into a Level 2 LSP for
submission to the Level 2 backbone by an attached router, but the Level 1 LSP itself is not flooded
into Level 2).
Another application for the ignore-attached-bit option relates to the fact that using the
metrically closest attached router might not always yield optimal interarea routing. In these cases it
might be desirable to use a locally defined static or generated route, in which case the IS-IS derived
default route might no longer be needed.

www.juniper.net 7
Multilevel IS-IS Networks

LY
N
O
SE
U
AL

IS-IS Interfaces Operate in L1/L2 Mode

N

The default operation of the IS-IS protocol within the Junos OS is to enable both Level 1 and Level 2
capabilities for all interfaces. This default behavior is designed to promote connectivity with all
R

neighbors. If an adjacency can be formed between two routers, it will. One consequence of this
default, however, is that you might form both an Level 1 and Level 2 relationship with a given
TE

neighbor, which results in two separate adjacencies and two separate LSP flooding topologies.
To disable the operation of a particular level on an interface, use the disable keyword as shown on
the slide. The so-0/0/0.0 interface only operates at Level 2, and the ge-0/1/0.0 interface only
operates at Level 1. As a shortcut, you can disable all Level 1 or Level 2 processing on the router
IN

which will result in all interfaces being Level 2, or Level 1, respectively. For example, the set
protocols isis level 1 disable statement will result in all interfaces operating at Level 2
only.
We recommend that you explicitly configure the lo0.0 interface within the IS-IS protocol, even when
the router's NET is assigned to another interface. Although its omission does not harm the
operational aspects of IS-IS (adjacencies still form), the IP address configured on the lo0 interface
will not be advertised in TLV 128 or TLV 135, making the loopback address unreachable. Note that in
most cases you must run the IS-IS protocol on the lo0 interface for proper operation because the
router’s NET is normally assigned to loopback interface for resiliency reasons.
Continued on the next page.

8 www.juniper.net
 Multilevel IS-IS Networks
IS-IS Interfaces Operate in L1/L2 Mode (contd.)
Because the loopback interface operates in passive mode, you do not need to disable a particular
level on that interface. By default, the IP address on the interface is advertised in both the Level 1
and Level 2 LSPs generated by the router. You can restrict the advertisement of the router’s
loopback address in a particular level by disabling that level in the lo0.0 statement in the isis
stanza.

LY
N
O
SE
U
AL
N
R
TE
IN

www.juniper.net 9
Multilevel IS-IS Networks

LY
N
O
SE
U
AL

Case Study: Route Leaking

N

As previously discussed, Level 2 routes are not advertised into Level 1 areas by default. In this
example, the network operator wants to advertise, or leak, Level 2 routes into Area 49.0001. This
R

action will require a routing policy on R3, the L1/L2 area border router (ABR), specifying that the
matching routes are Level 2 and will be advertised in Level1.
TE
IN

10 www.juniper.net
 Multilevel IS-IS Networks

LY
N
O
SE
U
AL

Policy Used to Advertise Routes

N

Because the L1/L2 border router naturally stops the transmission of Level 2 routes into a Level 1
area, it is the logical location to override that default. You can accomplish this goal with a Junos
R

routing policy.
You configure this policy within the [edit policy-options] configuration hierarchy, and then
TE

apply the policy to the IS-IS instance at the global IS-IS level, that is, [edit protocols isis].
In the example on the slide, the match criterion within the route-leak policy is all IS-IS routes
within the subnet 192.168.16.0/20 that are currently Level 2 routes and are eligible to be sent to
Level 1. Once these routes are found, the configured action is to accept these routes. The use of the
IN

from and to keywords allow granular control about the desired direction of route leaking.
Once the routing policy is applied to the IS-IS protocol using the export route-leak command,
the Level 2 routes are inserted into the Level 1 LSP of the L1/L2 border router and are advertised
into the Level 1 area.
Recall from a previous slide that the L1/L2 border router also blocks external Level 1 routes from
being advertised into Level 2. A similar policy is used to advertise Level 1 external routes into the
Level 2 backbone. This new policy simply reverses the Level 2 and Level 1 notations and makes use
of an appropriate route filter statement. Once you apply this policy using an export command, the
external routes are included in the Level 2 LSPs.
Continued on the next page.

www.juniper.net 11
Multilevel IS-IS Networks
Up/Down Bit Prevents Looping
Previous slides described the default action of an L1/L2 router with regards to the advertisement of
internal Level 1 routes within its Level 2 LSP. Conceptually, the policy referenced on the slide could
interact with this default action to create a routing loop.
For example, consider the case where both router R1 and router R2 are L1/L2 routers in IS-IS area
49.1111. If R1 has a policy to advertise Level 2 routes into Level 1, then R1 will include the Level 2
routes in its Level 1 LSP. As this LSP is flooded throughout area 49.1111 it eventually arrives at R2.
The default action for R2 is to take all information from its Level 1 database and advertise it into the
backbone using its Level 2 LSP. If R2 advertises the Level 2 routes back into Level 2, a routing loop
can form.
The potential for route leaking-induced routing loops is averted by a bit in the LSP known as the

LY
up/down (U/D) bit. The purpose of this bit is to inform the L1/L2 routers whether a configured policy
can advertise a route. Only routes marked with the up direction are eligible for advertisement from
Level 1 to Level 2. All internal Level 1 routes will have the up/down bit set in this manner. If the
up/down bit is set to down, the route has already been leaked from Level 2 into a Level 1 area and,
as such, the route cannot be sent back into the Level 2 backbone.

N
O
SE
U
AL
N
R
TE
IN

12 www.juniper.net
 Multilevel IS-IS Networks

LY
N
O
SE
U
AL

Summarize Routes at the L1/L2 Router

N

Routes that are naturally bound by the L1/L2 border router are eligible for route summarization.
These routes include external Level 1 routes and Level 2 routes from other IS-IS areas. In addition,
R

you can also summarize internal Level 1 routes that are normally advertised into Level 2
automatically.
TE

Create Aggregate Route and Advertise It with Policy

No concept of an area-range command exists in IS-IS. To summarize routes, you must create an
aggregate route on the L1/L2 border router within the [edit routing-options] hierarchy that
IN

encompasses the routes you want to summarize.

To advertise the aggregate route, you create a policy similar to the example shown on the slide. This
policy is applied as an export to the IS-IS instance at the global [edit protocols isis] level.
In this example, the goal is to advertise a 172.16.20.0/22 aggregate into the Level 2 backbone to
represent Level 1 external routing information in the Level 1 area.
When summarizing routes from one level into another, you might need to alter the default IS-IS
export policy to ensure that specific prefixes are not advertised along with the corresponding
aggregate. You can accomplish the altering of the export policy with a reject action associated
with a route filter that will match on the specific routes in question.

www.juniper.net 13
Multilevel IS-IS Networks

LY
N
O
SE
U
AL

Internal Level 1 Route Summarization

N

Internal Level 1 routes are automatically advertised in a Level 2 LSP into the Level 2 backbone. The
Junos OS provides a method for altering this default action with a routing policy. The example on the
R

slide shows that the Level 1 Area 49.0001 contains multiple internal routes within the 10.0.4.0/22
address space. These routes are currently advertised individually to R5, as shown in the following
TE

output:
user@R5# show route 10.0.4/22

inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)

IN

+ = Active Route, - = Last Active, * = Both

10.0.4.12/30 *[IS-IS/18] 00:28:50, metric 20

> to 10.0.2.2 via at-0/2/1.0
10.0.5.0/24 *[IS-IS/18] 00:28:50, metric 30
> to 10.0.2.2 via at-0/2/1.0
10.0.6.1/32 *[IS-IS/18] 00:28:50, metric 20
> to 10.0.2.2 via at-0/2/1.0
Administratively, we want to suppress these specific internal Level 1 routes while advertising a single
10.0.4.0/22 summary in their place. We accomplish this configuration by using a combination of a
routing policy and a local aggregate route defined on R3.

14 www.juniper.net
 Multilevel IS-IS Networks

LY
N
O
SE
U
AL

Level 1 Route Summarization Policy

N

The sample policy shown on the slide meets our administrative requirements of advertising only a
single summary route for the internal Level 1 routes. The first term in the policy matches and accepts
R

the locally defined summary route on R3 for advertisement to the Level 2 backbone. The second
policy term serves to override the default IS-IS export policy for routes matching the 10.0.4.0/22
TE

route filter. It specifies that these routes will not be advertised to R5 in the Level 2 LSP generated by
R3.
After applying the internal-L1-summary-route policy as an export policy in R3’s IS-IS
instance, we can confirm its success on R5:
IN

user@R5# show route 10.0.4/22

inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.0.4.0/22 *[IS-IS/165] 00:00:20, metric 20

> to 10.0.2.2 via at-0/2/1.0

www.juniper.net 15
Multilevel IS-IS Networks

LY
N
O
SE
U
AL

Apply Export Policy at Global Level of the IS-IS Instance

N

One or more export policies can be applied at the global level of an IS-IS instance, as shown on the
slide. Both the external-L1-summary-route and internal-L1-summary-route policies
R

will be used to control the routes advertised by the local router.

When wanted, you can apply multiple export policies to the same IS-IS instance. The same effect is
TE

normally possible through the use of a single policy containing multiple terms, but in some cases it
might be easier to reuse existing policies in such a manner. Note that normal policy processing will
proceed from left to right, and that policy processing will terminate once a given route meets with
either an accept or reject action.
IN

16 www.juniper.net