Configuring Global IS-IS Parameters

This section describes the commands you can use to globally configure optional IS-IS parameters.

In the following command guidelines, many parameters are preset to a default value. Use the no version of those commands to restore default values.

Setting Authentication Passwords

You can configure simple authentication or HMAC MD5 authentication for either an area or a domain.





Configuring Authentication of CSNPs and PSNPs

You must enable and disable authentication of CSNP packets and PSNP packets separately from authentication of LSP packets.



Configuring Redistribution

You can specify how IS-IS redistributes routes received from other routing protocols, redistributes routes according to new policies, and controls redistribution of routes with access lists and route maps.

Optionally, when you issue the redistribute command and specify a route map, you can use the map to set a route tag for a route redistributed from another protocol to IS-IS. Make sure the route map you specify includes the set tag command that defines a tag value for the routes destined for IS-IS. For details about configuring and using route maps, see JunosE IP Services Configuration Guide.

To redistribute IPv6 routes, issue the redistribute command from within the IS-IS IPv6 address family.



clear ip isis redistribution
clear isis ipv6 redistribution



Redistributing Routes Between Levels

The two-level routing hierarchy of IS-IS can lead to suboptimal path selection in certain situations. Because a level 1 router by default has knowledge only of level 1 routes, traffic from a level 1 router to a router in another area passes through the nearest level 1-2 router as its next hop. Consider the topology shown in Figure 20.

Figure 20: Example of Level 1 and Level 2 Routing

Example of Level 1 and Level 2 Routing

In this example, Router 4 in Area 1 considers Router 2 to be its next hop for interarea traffic, and Router 5 considers Router 3 to be its next hop for interarea traffic. Traffic from Router 4 to Router 8 passes through Router 2, requiring a total of five hops to the destination: Routers 2, 1, 3, 9, and 8. Similarly, five hops are required for traffic from Router 5 to Router 7.

Neither of these paths is optimal. For example, it would be shorter for traffic from Router 4 to take the four-hop path: Routers 5, 3, 9, and 8.

You can configure IS-IS to redistribute routes between the routing levels; this is sometimes known as route leaking between levels. The redistribute isis ip command enables you to specify a route filter (an access list) and the direction of leakage, as shown in the following example:

host1(config)#access-list leakList permit ip any host1(config)#router isis 1 host1(config-router)#redistribute isis ip level-1 into level-2 distribute-list leakList host1(config-router)#redistribute isis ip level-2 into level-1 distribute-list leakList

When you issue the redistribute isis ip command and include the route-map keyword, you can use the map to set a route tag for a route redistributed from one IS-IS level to another. Make sure the route map you specify includes the set tag command that defines a tag value for the IS-IS routes to be redistributed. For details about configuring and using route maps, see JunosE IP Services Configuration Guide.

To redistribute IPv6 routes from one IS-IS level to another, use the redistribute isis command from within the IS-IS IPv6 address family.

redistribute isis

redistribute isis ip

Advertising IPv4 and IPv6 Prefixes of Passive Interfaces

Convergence is the process in which all routers in a network calculate the optimal routes for the network. Whenever there is any change in network topology, routing update messages flood the network to enable the routers to recalculate optimal routes, which increases network convergence time. You can configure IS-IS to advertise IPv4 and IPv6 prefixes that belong to only passive interfaces and exclude prefixes of connected networks from the LSP. This feature reduces network convergence time between two integrated IS-IS systems by allowing only connected passive interfaces to be advertised.

Enabling the advertisement of passive interfaces feature causes only connected passive IPv4 and IPv6 prefixes to be retained in the LSP database. All other entries are removed from the LSP database. However, redistributed routes are maintained without any modification. Disabling this feature restores all the entries in the LSP database, thus allowing all IP prefixes to be advertised.


Controlling Granularity of Routing Information

You can force the distribution of level 2 routing information to level 1 routers in other areas to improve the quality of the resulting routes, but at the cost of reduced scalability.


Configuring a Global Default Metric

You can use the metric command to specify a global default metric that applies to all active IS-IS interfaces. This command enables you to avoid configuring the desired metric on each active interface individually when you want all IS-IS interfaces to have the same metric, but a different value than the individual default of 10. The global default metric applies to both level 1 and level 2 interfaces unless you restrict it to one level.

If you have configured a nondefault metric on any IS-IS interface with the isis metric command, that value overrides the global default metric.

Reference bandwidth takes precedence over both individual and global default metrics. If you have configured a reference bandwidth, the metric command has no effect on interface metrics,

You can use the following commands to verify configuration of the global default metric:


Configuring Metric Type

Extensions to IS-IS traffic engineering enable the use of bigger metrics. You can specify whether your router accepts, generates, or accepts and generates only old-style metrics, only new-style metrics, or both.

metric-style narrow

metric-style transition

metric-style wide

Setting the Administrative Distance

You can indicate the dependability of a routing information source by configuring the administrative distance for learned routes.

distance ip

Configuring Default Routes

You can specify a default route within IS-IS routing domains. You can also suppress the installation of a default route to level 1-2 routers by level 1 routers.

Optionally, when you issue the default-information originate command and specify a route map, you can use the map to set a route tag for the default route. Make sure the route map you specify includes the set tag command, which defines a tag value for the default route within the IS-IS domain. For details about configuring and using route maps, see JunosE IP Services Configuration Guide.

default-information originate


Disregarding the Attach Bit in Level 1 LSPs

You can configure IS-IS to disregard the Attach Bit (ATT) in level 1 LSPs in a multiarea environment. In level 1 routing, the closest level 1-2 router is used to find default routes within IS-IS routing domains. The closest level 1-2 router is found by examining the attach bit in the level 1 LSP. Disregarding the attach bit prevents default routes from being installed.

The ability to disregard the attach bit has the following benefits:


Setting Router Type

You can specify whether the router behaves as an IS-IS station router, area router, or both.


Summarizing Routes

You can summarize routes redistributed into IS-IS or within IS-IS by creating aggregate addresses for the routes. Use the summary-address command for IP routes and the summary-prefix command for IPv6 routes.

Optionally, you can set a route tag for an IS-IS aggregate (summary) address by including the tag keyword and a numeric tag value in the command.



Avoiding Transient Black Holes

When you start or reload a transit router that is running both IS-IS and BGP, the router is temporarily unavailable to the routing domain. Other routers in that routing domain must select alternative paths to destinations that used the transit router. When the transit router becomes available again, the other routers soon select it again as the optimal path to those destinations.

The other routers select the transit router again before it has loaded the complete BGP routing table. Because the transit router does not yet have all the reachability information that is needed to reach some external destinations, traffic to destinations that were not learned by means of the IGP is dropped until the transit router has complete external reachability information again. This condition is known as a transient black hole.

You can use the overload bit to avoid these black holes. When the overload bit is set in the LSP header, other routers in the domain do not include the transit router in their SPF calculations and thus do not use that router for traffic forwarding.

When the transit router boots, it begins establishing adjacencies with its neighbors. As soon as it establishes an adjacency, it creates (or updates) its LSP, sets the overload bit in the LSP header, and transmits the LSP with the current neighbor information. By sending the updated LSP with the overload bit set immediately after forming the first adjacency, IS-IS reduces the convergence time across the network.

If IS-IS waits for all adjacencies to be up before it sends the updated LSP with the overload bit set, the other routers in the domain still have the transit router's old LSP and continue to forward transit traffic to the transit router until all adjacencies are formed. That traffic is lost.

Waiting for BGP Convergence

When BGP converges, the transit router again has the reachability information it needs to forward traffic to destinations that are not directly connected. Typically, you then want the transit router to clear the overload bit in its LSP and retransmit the LSP to inform the other routers in the domain that they can use it as a transit router.

BGP is assumed to have converged when all of the following conditions have been met:

Example Topology

Figure 21 shows a sample topology where source end system A is communicating with destination end system B through routers 1, 2, 3, and 4.

Figure 21: Transit Router Topology

Transit Router Topology

The transit routers, 2 and 3, learn the route to B from BGP. In a steady state environment, the BGP routing tables are synchronized on all the transit routers.

Suppose the traffic forwarding path is currently A –> 1 –> 2 –> 4 –> B. If transit router 2 goes down, the network converges to the alternative path, A –> 1 –> 3 –> 4 –> B. Because transit router 3 already had synchronized its BGP routing tables, traffic forwarding continues without delay.

When transit router 2 reloads, it establishes adjacencies with routers 1 and 4, and sends out its LSP advertising its neighbors. While router 2 begins to synchronize its BGP routes, the network reconverges to the original path of A –> 1 –> 2 –> 4 –> B. Traffic from A to B is forwarded to router 2. Typically, BGP has not converged by then, so router 2 does not have the BGP route that it needs to forward the traffic, and drops the packets, resulting in a black hole until the BGP convergence is complete.

You can avoid this black hole by configuring the overload bit for the transit router. In this circumstance, router 2 sends out its LSP with the overload bit set in its header as soon as it reloads, before it establishes all adjacencies. The bit set in the header indicates to all the routers in the domain that router 2 is overloaded and not to use it to carry transit traffic. The forwarding path continues to be the alternative path, A –> 1 –> 3 –> 4 –> B, even after router 2 reloads.

When BGP convergence is complete at router 2, router 2 sends out a new LSP with the overload bit cleared. The other routers then include router 2 in their SPF calculations and revert to the original path, of A –> 1 –> 2 –> 4 –> B.

Suppression for IS-IS Graceful Restart

When graceful restart is configured on the transit router, the black hole avoidance feature is suppressed.


You can configure the transit router to set the overload bit when it reloads and to then wait for a specified interval before it clears the bit and retransmits its LSP. More commonly, and to avoid the transient black holes, you configure the transit router to wait for BGP to converge, and specify an interval it waits after convergence before it clears the bit and retransmits its LSP.


Ignoring LSP Errors

You can configure the router to ignore rather than purge LSPs received with errors.


Logging Adjacency State Changes

You can configure the router to log messages that track when adjacencies change state between up and down.


Configuring LSP Parameters

You can specify the following parameters for LSPs:





Specifying the SPF Interval

You can configure how often the router performs the shortest-path-first (SPF) calculation. IS-IS runs SPF calculations in response to any change in its link-state database. Because SPF calculation is processor intensive, increasing the SPF interval reduces the processor load of the router, but can slow down the rate of convergence.

Topology changes in a network cause all routers involved in the change to regenerate their LSDB and flood new LSPs throughout the network. Therefore, a router that receives a new LSP is likely to receive more LSPs in the following seconds. An immediate response to a given change is going to miss the subsequent topology changes and spend CPU time. When many changes are taking place, a slower response to each change makes more sense.

IS-IS enables the router to respond quickly to an isolated network event, but to slow the response exponentially when many triggering events are taking place in rapid succession. SPF calculations are performed at exponentially increasing intervals until the maximum interval set by the spf-interval command is reached.

The first SPF calculation is performed immediately when the LDSB changes. If another calculation-triggering event occurs, the router waits 1 second before performing the SPF calculation. If another event occurs, the router waits 2 seconds before performing the SPF calculation. The interval between a triggering event and the corresponding SPF calculation continues to increase exponentially: 4 seconds, 8 seconds, 16 seconds, and so on. When the maximum configured interval is reached, the interval reverts back to immediate response mode for the next triggering event.

If no calculation-triggering network events have occurred by the end of any given back-off interval, the router reverts back to immediate response mode.


Defining the SPF Route Calculation Level

The IS-IS protocol uses the Dijkstra’s algorithm to compute IP node metrics when a change occurs within the IS-IS network. This calculation results in the IS-IS router containing a shortest-path tree (SPT) that maps the shortest path to each node in the IS-IS network.

By default, the router uses a partial route calculation (PRC) SPF to determine the next hop (when required). This partial computation occurs when the router receives link-state PDUs (LSPs) with only changes relating to IP prefixes (for example, the addition of a new IP prefix, change in attributes of an existing IP prefix, or the removal of an existing IP prefix).

Because changes in IP prefixes happen more frequently than other events, using the PRC SPF results in faster IS-IS convergence and saves router resources. However, you can also specify that the router always use full SPF, recalculating the entire SPT, when resolving any IS-IS state changes.


Setting CLNS Parameters

You can specify transmission rates for ES and IS hello packets, the period for which the router considers ES and IS hello packets to be valid, and name-to-network service access point mappings.

clns configuration-time

clns holding-time

clns host

Setting the Maximum Parallel Routes

You can configure how many parallel routes IS-IS supports to a destination.


Configuring a Virtual Multiaccess Network

You can specify that interfaces within a given mesh group act as a virtual multiaccess network.

isis mesh-group

Configuring Table Maps

You can use the table-map command to apply a specified route map as a policy filter on an IS-IS route before the route is installed in the routing table. The route map you apply must contain one or more set commands to modify route attributes.


Configuring Graceful Restart

To enable IS-IS graceful restart (also known as nonstop forwarding, or NSF) on the router, you must first issue the nsf ietf command (in Router Configuration mode). You can then configure one or more optional timing parameters for graceful restart on the router.

To enable IS-IS graceful restart and configure optional graceful restart parameters:

  1. Specify a previously configured IS-IS routing process to access Router Configuration mode. (For information about enabling IS-IS on the router, see Enabling IS-IS for IP Routing.)
    host1(config)#router isis engineering host1(config-router)#
  2. Enable the IS-IS graceful restart mechanism for the router.
    host1(config-router)#nsf ietf
  3. (Optional) Configure one or more of the following timing parameters for the restarting router:
    • Set the maximum time in seconds that the router waits before completing the restart process.
      host1(config-router)#nsf interface wait 30
    • Set the time interval in seconds between restart requests sent by the router.
      host1(config-router)#nsf t1 interval 60
    • Set the number of times that the router resends unacknowledged restart requests.
      host1(config-router)#nsf t1 retry-times 3
    • Set the maximum time in seconds that the router waits for the LSP database to synchronize. You must configure this parameter separately for each IS-IS level at which the router operates.
      host1(config-router)#nsf t2 level-1 70 host1(config-router)#nsf t2 level-2 50
    • Set the maximum time in seconds that the restarting router waits before setting the overload bit to indicate that the graceful restart operation has failed. You can use either of the following methods:
      • Set the wait time manually to the specified number of seconds.
        host1(config-router)#nsf t3 manual 80
      • Specify that router obtain the wait time from neighboring IS-IS routers to which it has active adjacencies.
        host1(config-router)#nsf t3 adjacency
  4. (Optional) Issue the show isis nsf command from Privileged Exec mode to verify the graceful restart configuration.
    host1(config-router)#exit host1(config)#exit host1#show isis nsf

    For more information about monitoring graceful restart, see show isis nsf command description in Monitoring IS-IS Parameters and the show clns neighbors command description in Displaying CLNS.

Note: For information about configuring hold timers for IS-IS graceful restart in scaled environments, see the Configuring Hold Timers for Successful Graceful Restart in Scaled Scenarios section in the JunosE BGP and MPLS Configuration Guide

nsf ietf

nsf interface wait

nsf t1

nsf t2

nsf t3

Summary Example

host1(config)#router isis floor12 host1(config-router)#net 47.0010.0000.0000.0000.0001.0001.1111.1111.1111.00 host1(config-router)#exit host1(config)#interface atm 0/1 host1(config-if)#ip router isis floor12 tag 24 host1(config-if)#isis mesh-group blocked host1(config-if)#exit host1(config)#interface atm 1/0 host1(config-if)#ip router isis floor12 host1(config-router)#distribute-domain-wide host1(config-router)#distance 100 ip host1(config-router)#default-information originate route-map 9 host1(config-router)#is-type level-1-2 host1(config-router)#summary-address level-1-2 tag 90 host1(config-router)#set-overload-bit on-startup wait-for-bgp 450 host1(config-router)#ignore-lsp-errors host1(config-router)#log-adjacency-changes host1(config-router)#lsp-mtu 1500 host1(config-router)#lsp-refresh-interval 1000 host1(config-router)#lsp-gen-interval level-2 30 host1(config-router)#max-lsp-lifetime 1500 host1(config-router)#spf-interval level-2 30 host1(config-router)#maximum-paths 16 host1(config-router)#redistribute static ip route-map 5 host1(config-router)#nsf ietf host1(config-router)#nsf t2 level-1 70 host1(config-router)#nsf t2 level-2 50 host1(config-router)#nsf t3 adjacency host1(config-router)#exit host1(config)#clns configuration-time 120 host1(config)#clns holding-time 600